summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlistair Francis <Alistair.Francis@wdc.com>2018-12-13 22:06:05 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-12-15 11:48:07 +0000
commitd1c2b732e7d516741f785586db5047dc704ae7c9 (patch)
tree5fb68436487dba8303eaf58f70922ba6b3e6eb31
parentb115d25ec64e5251525cfe35bb1f7368acf12d85 (diff)
downloadpoky-d1c2b732e7d516741f785586db5047dc704ae7c9.tar.gz
qemu: Bump to version 3.1
Bump QEMU to the latest 3.1 and update the patches. (From OE-Core rev: eeb918fc9b67a5d252b9d5ad5f3674cc1a45aa7f) Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/conf/distro/include/tcmode-default.inc2
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch9
-rw-r--r--meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch5
-rw-r--r--meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch7
-rw-r--r--meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch5
-rw-r--r--meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch7
-rw-r--r--meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch5
-rw-r--r--meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch7
-rw-r--r--meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch31
-rw-r--r--meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch5
-rw-r--r--meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch7
-rw-r--r--meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch29
-rw-r--r--meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch5
-rw-r--r--meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch11
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch52
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-15746.patch64
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch52
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-17962.patch70
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2018-17963.patch51
-rw-r--r--meta/recipes-devtools/qemu/qemu_3.1.0.bb (renamed from meta/recipes-devtools/qemu/qemu_3.0.0.bb)8
20 files changed, 76 insertions, 356 deletions
diff --git a/meta/conf/distro/include/tcmode-default.inc b/meta/conf/distro/include/tcmode-default.inc
index f8da651c5b..a586c63d4b 100644
--- a/meta/conf/distro/include/tcmode-default.inc
+++ b/meta/conf/distro/include/tcmode-default.inc
@@ -28,7 +28,7 @@ BINUVERSION ?= "2.31%"
28GDBVERSION ?= "8.2%" 28GDBVERSION ?= "8.2%"
29GLIBCVERSION ?= "2.28%" 29GLIBCVERSION ?= "2.28%"
30LINUXLIBCVERSION ?= "4.18%" 30LINUXLIBCVERSION ?= "4.18%"
31QEMUVERSION ?= "3.0%" 31QEMUVERSION ?= "3.1%"
32GOVERSION ?= "1.11%" 32GOVERSION ?= "1.11%"
33 33
34PREFERRED_VERSION_gcc ?= "${GCCVERSION}" 34PREFERRED_VERSION_gcc ?= "${GCCVERSION}"
diff --git a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch b/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
index b8a9206fee..5b9a1f911c 100644
--- a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
+++ b/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
@@ -1,4 +1,4 @@
1From 18fb45c34a473c4ba247bb82bcea94b7c3ba493a Mon Sep 17 00:00:00 2001 1From c53ddb5acbee56db6423f369b9f9a9b62501b4af Mon Sep 17 00:00:00 2001
2From: Ross Burton <ross.burton@intel.com> 2From: Ross Burton <ross.burton@intel.com>
3Date: Wed, 18 Sep 2013 14:04:54 +0100 3Date: Wed, 18 Sep 2013 14:04:54 +0100
4Subject: [PATCH] sdl.c: allow user to disable pointer grabs 4Subject: [PATCH] sdl.c: allow user to disable pointer grabs
@@ -21,15 +21,16 @@ the current grabbing behaviour for everyone else.
21Upstream-Status: Pending 21Upstream-Status: Pending
22Signed-off-by: Ross Burton <ross.burton@intel.com> 22Signed-off-by: Ross Burton <ross.burton@intel.com>
23Signed-off-by: Eric Bénard <eric@eukrea.com> 23Signed-off-by: Eric Bénard <eric@eukrea.com>
24
24--- 25---
25 ui/sdl.c | 13 +++++++++++-- 26 ui/sdl.c | 13 +++++++++++--
26 1 file changed, 11 insertions(+), 2 deletions(-) 27 1 file changed, 11 insertions(+), 2 deletions(-)
27 28
28diff --git a/ui/sdl.c b/ui/sdl.c 29diff --git a/ui/sdl.c b/ui/sdl.c
29index a5fd503c25..ab8d1b1eb1 100644 30index 190b16f5..aa89471d 100644
30--- a/ui/sdl.c 31--- a/ui/sdl.c
31+++ b/ui/sdl.c 32+++ b/ui/sdl.c
32@@ -68,6 +68,11 @@ static int idle_counter; 33@@ -69,6 +69,11 @@ static int idle_counter;
33 static const guint16 *keycode_map; 34 static const guint16 *keycode_map;
34 static size_t keycode_maplen; 35 static size_t keycode_maplen;
35 36
@@ -41,7 +42,7 @@ index a5fd503c25..ab8d1b1eb1 100644
41 #define SDL_REFRESH_INTERVAL_BUSY 10 42 #define SDL_REFRESH_INTERVAL_BUSY 10
42 #define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \ 43 #define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \
43 / SDL_REFRESH_INTERVAL_BUSY + 1) 44 / SDL_REFRESH_INTERVAL_BUSY + 1)
44@@ -398,14 +403,16 @@ static void sdl_grab_start(void) 45@@ -399,14 +404,16 @@ static void sdl_grab_start(void)
45 } 46 }
46 } else 47 } else
47 sdl_hide_cursor(); 48 sdl_hide_cursor();
diff --git a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
index 90e4b800b5..4de2688838 100644
--- a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
+++ b/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
@@ -1,4 +1,4 @@
1From 41603f745caaecdc7c9d760fb7d2df01ccc60128 Mon Sep 17 00:00:00 2001 1From 7ac3c84f28866491c58cc0f52a25a706949c8ef3 Mon Sep 17 00:00:00 2001
2From: Richard Purdie <richard.purdie@linuxfoundation.org> 2From: Richard Purdie <richard.purdie@linuxfoundation.org>
3Date: Thu, 27 Nov 2014 14:04:29 +0000 3Date: Thu, 27 Nov 2014 14:04:29 +0000
4Subject: [PATCH] qemu: Add missing wacom HID descriptor 4Subject: [PATCH] qemu: Add missing wacom HID descriptor
@@ -13,12 +13,13 @@ Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
13 13
14Upstream-Status: Submitted 14Upstream-Status: Submitted
152014/11/27 152014/11/27
16
16--- 17---
17 hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++- 18 hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++-
18 1 file changed, 93 insertions(+), 1 deletion(-) 19 1 file changed, 93 insertions(+), 1 deletion(-)
19 20
20diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c 21diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c
21index bf70013059..2f6e129732 100644 22index ac0bc83b..6f9b22d4 100644
22--- a/hw/usb/dev-wacom.c 23--- a/hw/usb/dev-wacom.c
23+++ b/hw/usb/dev-wacom.c 24+++ b/hw/usb/dev-wacom.c
24@@ -72,6 +72,89 @@ static const USBDescStrings desc_strings = { 25@@ -72,6 +72,89 @@ static const USBDescStrings desc_strings = {
diff --git a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
index 0d43271c47..668fc4680c 100644
--- a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
+++ b/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
@@ -1,4 +1,4 @@
1From a9a669448ba6f1b295427e271d99f61736fc5189 Mon Sep 17 00:00:00 2001 1From aac8834bfd5b79e724f2593895847b50968a1223 Mon Sep 17 00:00:00 2001
2From: Juro Bystricky <juro.bystricky@intel.com> 2From: Juro Bystricky <juro.bystricky@intel.com>
3Date: Thu, 31 Aug 2017 11:06:56 -0700 3Date: Thu, 31 Aug 2017 11:06:56 -0700
4Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for 4Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
@@ -9,15 +9,16 @@ Upstream-Status: Pending
9Signed-off-by: Kai Kang <kai.kang@windriver.com> 9Signed-off-by: Kai Kang <kai.kang@windriver.com>
10 10
11Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> 11Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
12
12--- 13---
13 tests/Makefile.include | 8 ++++++++ 14 tests/Makefile.include | 8 ++++++++
14 1 file changed, 8 insertions(+) 15 1 file changed, 8 insertions(+)
15 16
16diff --git a/tests/Makefile.include b/tests/Makefile.include 17diff --git a/tests/Makefile.include b/tests/Makefile.include
17index 3b9a5e31a2..dfbcd728d7 100644 18index fb0b449c..afedabd4 100644
18--- a/tests/Makefile.include 19--- a/tests/Makefile.include
19+++ b/tests/Makefile.include 20+++ b/tests/Makefile.include
20@@ -972,4 +972,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) 21@@ -967,4 +967,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
21 -include $(wildcard tests/*.d) 22 -include $(wildcard tests/*.d)
22 -include $(wildcard tests/libqos/*.d) 23 -include $(wildcard tests/libqos/*.d)
23 24
diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
index 5152dcafe5..b4d4c587bd 100644
--- a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
+++ b/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -1,4 +1,4 @@
1From dd4404a334a545e9beafa1b1e41b3a8f35ef31a9 Mon Sep 17 00:00:00 2001 1From 3de7a5635093c31dcb960ce9dff27da629b85d4d Mon Sep 17 00:00:00 2001
2From: Jason Wessel <jason.wessel@windriver.com> 2From: Jason Wessel <jason.wessel@windriver.com>
3Date: Fri, 28 Mar 2014 17:42:43 +0800 3Date: Fri, 28 Mar 2014 17:42:43 +0800
4Subject: [PATCH] qemu: Add addition environment space to boot loader 4Subject: [PATCH] qemu: Add addition environment space to boot loader
@@ -13,12 +13,13 @@ to only 256 bytes. This patch expands the limit.
13 13
14Signed-off-by: Jason Wessel <jason.wessel@windriver.com> 14Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
15Signed-off-by: Roy Li <rongqing.li@windriver.com> 15Signed-off-by: Roy Li <rongqing.li@windriver.com>
16
16--- 17---
17 hw/mips/mips_malta.c | 2 +- 18 hw/mips/mips_malta.c | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-) 19 1 file changed, 1 insertion(+), 1 deletion(-)
19 20
20diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c 21diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
21index f6513a4fd5..d5efafb1e8 100644 22index c1cf0fe1..decffd2f 100644
22--- a/hw/mips/mips_malta.c 23--- a/hw/mips/mips_malta.c
23+++ b/hw/mips/mips_malta.c 24+++ b/hw/mips/mips_malta.c
24@@ -62,7 +62,7 @@ 25@@ -62,7 +62,7 @@
diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
index 70baf0fb09..f0cf8148e1 100644
--- a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
+++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
@@ -1,4 +1,4 @@
1From 4475b3d97371e588540333988a97d7df3ec2c65a Mon Sep 17 00:00:00 2001 1From 32e8a94b6ae664d9b5689e19d495e304c0f41954 Mon Sep 17 00:00:00 2001
2From: Ross Burton <ross.burton@intel.com> 2From: Ross Burton <ross.burton@intel.com>
3Date: Tue, 20 Oct 2015 22:19:08 +0100 3Date: Tue, 20 Oct 2015 22:19:08 +0100
4Subject: [PATCH] qemu: disable Valgrind 4Subject: [PATCH] qemu: disable Valgrind
@@ -7,15 +7,16 @@ There isn't an option to enable or disable valgrind support, so disable it to av
7 7
8Upstream-Status: Inappropriate 8Upstream-Status: Inappropriate
9Signed-off-by: Ross Burton <ross.burton@intel.com> 9Signed-off-by: Ross Burton <ross.burton@intel.com>
10
10--- 11---
11 configure | 9 --------- 12 configure | 9 ---------
12 1 file changed, 9 deletions(-) 13 1 file changed, 9 deletions(-)
13 14
14diff --git a/configure b/configure 15diff --git a/configure b/configure
15index 0a19b033bc..69e05fb6c0 100755 16index 0a3c6a72..069e0daa 100755
16--- a/configure 17--- a/configure
17+++ b/configure 18+++ b/configure
18@@ -4895,15 +4895,6 @@ fi 19@@ -5044,15 +5044,6 @@ fi
19 # check if we have valgrind/valgrind.h 20 # check if we have valgrind/valgrind.h
20 21
21 valgrind_h=no 22 valgrind_h=no
diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
index a9d798cef6..4b2f0137eb 100644
--- a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
+++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
@@ -1,4 +1,4 @@
1From c532bcdae8259b0f71723cda331ded4dbb0fa908 Mon Sep 17 00:00:00 2001 1From 02f80ee81681b6307a8032128a07686183662270 Mon Sep 17 00:00:00 2001
2From: Richard Purdie <richard.purdie@linuxfoundation.org> 2From: Richard Purdie <richard.purdie@linuxfoundation.org>
3Date: Wed, 9 Mar 2016 22:49:02 +0000 3Date: Wed, 9 Mar 2016 22:49:02 +0000
4Subject: [PATCH] qemu: Limit paths searched during user mode emulation 4Subject: [PATCH] qemu: Limit paths searched during user mode emulation
@@ -19,12 +19,13 @@ paths.
19RP 19RP
202016/3/9 202016/3/9
21Upstream-Status: Pending 21Upstream-Status: Pending
22
22--- 23---
23 util/path.c | 44 ++++++++++++++++++++++---------------------- 24 util/path.c | 44 ++++++++++++++++++++++----------------------
24 1 file changed, 22 insertions(+), 22 deletions(-) 25 1 file changed, 22 insertions(+), 22 deletions(-)
25 26
26diff --git a/util/path.c b/util/path.c 27diff --git a/util/path.c b/util/path.c
27index 7f9fc272fb..a416cd4ac2 100644 28index 7f9fc272..a416cd4a 100644
28--- a/util/path.c 29--- a/util/path.c
29+++ b/util/path.c 30+++ b/util/path.c
30@@ -15,6 +15,7 @@ struct pathelem 31@@ -15,6 +15,7 @@ struct pathelem
diff --git a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
index 12456bb5c1..4163e51884 100644
--- a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
+++ b/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
@@ -1,18 +1,19 @@
1From 2d29d52b6f755758cfca6af0bcfd78091e16a7bc Mon Sep 17 00:00:00 2001 1From 74bce35b71f4733c13e96f96e25956ff943fae20 Mon Sep 17 00:00:00 2001
2From: Stephen Arnold <sarnold@vctlabs.com> 2From: Stephen Arnold <sarnold@vctlabs.com>
3Date: Sun, 12 Jun 2016 18:09:56 -0700 3Date: Sun, 12 Jun 2016 18:09:56 -0700
4Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment 4Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
5 5
6Upstream-Status: Pending 6Upstream-Status: Pending
7
7--- 8---
8 configure | 4 ---- 9 configure | 4 ----
9 1 file changed, 4 deletions(-) 10 1 file changed, 4 deletions(-)
10 11
11diff --git a/configure b/configure 12diff --git a/configure b/configure
12index 69e05fb6c0..12fc3d8bdc 100755 13index 069e0daa..5b97f3c1 100755
13--- a/configure 14--- a/configure
14+++ b/configure 15+++ b/configure
15@@ -5413,10 +5413,6 @@ write_c_skeleton 16@@ -5622,10 +5622,6 @@ write_c_skeleton
16 if test "$gcov" = "yes" ; then 17 if test "$gcov" = "yes" ; then
17 CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS" 18 CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
18 LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS" 19 LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
diff --git a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
index 2afe4e9376..e5a2d4abca 100644
--- a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
+++ b/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
@@ -1,4 +1,4 @@
1From 20a09bb18907e67565c54fc505a741cbbef53f7f Mon Sep 17 00:00:00 2001 1From 9c1e976290e87a83ab1bfe38eb7ff3521ff0d684 Mon Sep 17 00:00:00 2001
2From: Alistair Francis <alistair.francis@xilinx.com> 2From: Alistair Francis <alistair.francis@xilinx.com>
3Date: Thu, 21 Dec 2017 11:35:16 -0800 3Date: Thu, 21 Dec 2017 11:35:16 -0800
4Subject: [PATCH] chardev: connect socket to a spawned command 4Subject: [PATCH] chardev: connect socket to a spawned command
@@ -44,6 +44,7 @@ as simple as possible.
44Upstream-Status: Inappropriate [embedded specific] 44Upstream-Status: Inappropriate [embedded specific]
45 45
46Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> 46Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
47
47--- 48---
48 chardev/char-socket.c | 102 ++++++++++++++++++++++++++++++++++++++++++ 49 chardev/char-socket.c | 102 ++++++++++++++++++++++++++++++++++++++++++
49 chardev/char.c | 3 ++ 50 chardev/char.c | 3 ++
@@ -51,10 +52,10 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
51 3 files changed, 110 insertions(+) 52 3 files changed, 110 insertions(+)
52 53
53diff --git a/chardev/char-socket.c b/chardev/char-socket.c 54diff --git a/chardev/char-socket.c b/chardev/char-socket.c
54index 159e69c3b1..84778cf31a 100644 55index eaa8e8b6..959ed183 100644
55--- a/chardev/char-socket.c 56--- a/chardev/char-socket.c
56+++ b/chardev/char-socket.c 57+++ b/chardev/char-socket.c
57@@ -934,6 +934,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque) 58@@ -987,6 +987,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
58 return false; 59 return false;
59 } 60 }
60 61
@@ -123,7 +124,7 @@ index 159e69c3b1..84778cf31a 100644
123 static void qmp_chardev_open_socket(Chardev *chr, 124 static void qmp_chardev_open_socket(Chardev *chr,
124 ChardevBackend *backend, 125 ChardevBackend *backend,
125 bool *be_opened, 126 bool *be_opened,
126@@ -941,6 +1003,9 @@ static void qmp_chardev_open_socket(Chardev *chr, 127@@ -994,6 +1056,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
127 { 128 {
128 SocketChardev *s = SOCKET_CHARDEV(chr); 129 SocketChardev *s = SOCKET_CHARDEV(chr);
129 ChardevSocket *sock = backend->u.socket.data; 130 ChardevSocket *sock = backend->u.socket.data;
@@ -133,7 +134,7 @@ index 159e69c3b1..84778cf31a 100644
133 bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; 134 bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
134 bool is_listen = sock->has_server ? sock->server : true; 135 bool is_listen = sock->has_server ? sock->server : true;
135 bool is_telnet = sock->has_telnet ? sock->telnet : false; 136 bool is_telnet = sock->has_telnet ? sock->telnet : false;
136@@ -1008,6 +1073,14 @@ static void qmp_chardev_open_socket(Chardev *chr, 137@@ -1072,6 +1137,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
137 s->reconnect_time = reconnect; 138 s->reconnect_time = reconnect;
138 } 139 }
139 140
@@ -145,10 +146,10 @@ index 159e69c3b1..84778cf31a 100644
145+ *be_opened = true; 146+ *be_opened = true;
146+ } else 147+ } else
147+#endif 148+#endif
148 /* If reconnect_time is set, will do that in chr_machine_done. */ 149 if (s->reconnect_time) {
149 if (!s->reconnect_time) { 150 tcp_chr_connect_async(chr);
150 if (s->is_listen) { 151 } else {
151@@ -1065,9 +1138,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, 152@@ -1131,9 +1204,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
152 const char *port = qemu_opt_get(opts, "port"); 153 const char *port = qemu_opt_get(opts, "port");
153 const char *fd = qemu_opt_get(opts, "fd"); 154 const char *fd = qemu_opt_get(opts, "fd");
154 const char *tls_creds = qemu_opt_get(opts, "tls-creds"); 155 const char *tls_creds = qemu_opt_get(opts, "tls-creds");
@@ -175,7 +176,7 @@ index 159e69c3b1..84778cf31a 100644
175 if ((!!path + !!fd + !!host) != 1) { 176 if ((!!path + !!fd + !!host) != 1) {
176 error_setg(errp, 177 error_setg(errp,
177 "Exactly one of 'path', 'fd' or 'host' required"); 178 "Exactly one of 'path', 'fd' or 'host' required");
178@@ -1112,12 +1202,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, 179@@ -1180,12 +1270,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
179 sock->reconnect = reconnect; 180 sock->reconnect = reconnect;
180 sock->tls_creds = g_strdup(tls_creds); 181 sock->tls_creds = g_strdup(tls_creds);
181 182
@@ -201,10 +202,10 @@ index 159e69c3b1..84778cf31a 100644
201 addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET; 202 addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
202 addr->u.inet.data = g_new(InetSocketAddress, 1); 203 addr->u.inet.data = g_new(InetSocketAddress, 1);
203diff --git a/chardev/char.c b/chardev/char.c 204diff --git a/chardev/char.c b/chardev/char.c
204index 76d866e6fe..9747d51d7c 100644 205index 152dde53..62d5b578 100644
205--- a/chardev/char.c 206--- a/chardev/char.c
206+++ b/chardev/char.c 207+++ b/chardev/char.c
207@@ -792,6 +792,9 @@ QemuOptsList qemu_chardev_opts = { 208@@ -818,6 +818,9 @@ QemuOptsList qemu_chardev_opts = {
208 },{ 209 },{
209 .name = "path", 210 .name = "path",
210 .type = QEMU_OPT_STRING, 211 .type = QEMU_OPT_STRING,
@@ -215,10 +216,10 @@ index 76d866e6fe..9747d51d7c 100644
215 .name = "host", 216 .name = "host",
216 .type = QEMU_OPT_STRING, 217 .type = QEMU_OPT_STRING,
217diff --git a/qapi/char.json b/qapi/char.json 218diff --git a/qapi/char.json b/qapi/char.json
218index ae19dcd1ed..6de0f29bcd 100644 219index 79bac598..97bd161a 100644
219--- a/qapi/char.json 220--- a/qapi/char.json
220+++ b/qapi/char.json 221+++ b/qapi/char.json
221@@ -241,6 +241,10 @@ 222@@ -242,6 +242,10 @@
222 # 223 #
223 # @addr: socket address to listen on (server=true) 224 # @addr: socket address to listen on (server=true)
224 # or connect to (server=false) 225 # or connect to (server=false)
@@ -229,7 +230,7 @@ index ae19dcd1ed..6de0f29bcd 100644
229 # @tls-creds: the ID of the TLS credentials object (since 2.6) 230 # @tls-creds: the ID of the TLS credentials object (since 2.6)
230 # @server: create server socket (default: true) 231 # @server: create server socket (default: true)
231 # @wait: wait for incoming connection on server 232 # @wait: wait for incoming connection on server
232@@ -258,6 +262,7 @@ 233@@ -261,6 +265,7 @@
233 # Since: 1.4 234 # Since: 1.4
234 ## 235 ##
235 { 'struct': 'ChardevSocket', 'data': { 'addr' : 'SocketAddressLegacy', 236 { 'struct': 'ChardevSocket', 'data': { 'addr' : 'SocketAddressLegacy',
diff --git a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
index 5969d93870..1d3a2b5b21 100644
--- a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
+++ b/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
@@ -1,4 +1,4 @@
1From 5046c21efdbc7413cddd5c5dbd9e1d53258d3e8c Mon Sep 17 00:00:00 2001 1From 4829da131996548dc86775b8b97a29c436f3d130 Mon Sep 17 00:00:00 2001
2From: Mark Asselstine <mark.asselstine@windriver.com> 2From: Mark Asselstine <mark.asselstine@windriver.com>
3Date: Tue, 26 Feb 2013 11:43:28 -0500 3Date: Tue, 26 Feb 2013 11:43:28 -0500
4Subject: [PATCH] apic: fixup fallthrough to PIC 4Subject: [PATCH] apic: fixup fallthrough to PIC
@@ -24,12 +24,13 @@ serviced, is -1.
24Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> 24Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
25Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html] 25Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html]
26Signed-off-by: He Zhe <zhe.he@windriver.com> 26Signed-off-by: He Zhe <zhe.he@windriver.com>
27
27--- 28---
28 hw/intc/apic.c | 2 +- 29 hw/intc/apic.c | 2 +-
29 1 file changed, 1 insertion(+), 1 deletion(-) 30 1 file changed, 1 insertion(+), 1 deletion(-)
30 31
31diff --git a/hw/intc/apic.c b/hw/intc/apic.c 32diff --git a/hw/intc/apic.c b/hw/intc/apic.c
32index 6fda52b86c..cd7291962d 100644 33index 97ffdd82..ef23430e 100644
33--- a/hw/intc/apic.c 34--- a/hw/intc/apic.c
34+++ b/hw/intc/apic.c 35+++ b/hw/intc/apic.c
35@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *dev) 36@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *dev)
diff --git a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
index e110f63345..c0d7914be0 100644
--- a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
+++ b/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
@@ -1,4 +1,4 @@
1From 3cd92c7a885e4997ef6843313298c1d748d6ca39 Mon Sep 17 00:00:00 2001 1From bce25c9cda73569963615ffd31ed949cbe3a3781 Mon Sep 17 00:00:00 2001
2From: Alistair Francis <alistair.francis@xilinx.com> 2From: Alistair Francis <alistair.francis@xilinx.com>
3Date: Wed, 17 Jan 2018 10:51:49 -0800 3Date: Wed, 17 Jan 2018 10:51:49 -0800
4Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target 4Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
@@ -13,15 +13,16 @@ to what it was before the problematic commit.
13 13
14Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html 14Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html
15Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> 15Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
16
16--- 17---
17 linux-user/main.c | 2 +- 18 linux-user/main.c | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-) 19 1 file changed, 1 insertion(+), 1 deletion(-)
19 20
20diff --git a/linux-user/main.c b/linux-user/main.c 21diff --git a/linux-user/main.c b/linux-user/main.c
21index 8907a84114..ea42c43610 100644 22index 923cbb75..fe0b9ff4 100644
22--- a/linux-user/main.c 23--- a/linux-user/main.c
23+++ b/linux-user/main.c 24+++ b/linux-user/main.c
24@@ -79,7 +79,7 @@ do { \ 25@@ -69,7 +69,7 @@ int have_guest_base;
25 (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) 26 (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
26 /* There are a number of places where we assign reserved_va to a variable 27 /* There are a number of places where we assign reserved_va to a variable
27 of type abi_ulong and expect it to fit. Avoid the last page. */ 28 of type abi_ulong and expect it to fit. Avoid the last page. */
diff --git a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch b/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
index 41626eb87c..066ea7865a 100644
--- a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
+++ b/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
@@ -1,4 +1,4 @@
1From 3ed26be2091436296933ed2146f7269c791c7bfe Mon Sep 17 00:00:00 2001 1From 496231774f8bc17ecfaf543a6603e3cad3f3f74e Mon Sep 17 00:00:00 2001
2From: Martin Jansa <martin.jansa@lge.com> 2From: Martin Jansa <martin.jansa@lge.com>
3Date: Fri, 1 Jun 2018 08:41:07 +0000 3Date: Fri, 1 Jun 2018 08:41:07 +0000
4Subject: [PATCH] Revert "linux-user: fix mmap/munmap/mprotect/mremap/shmat" 4Subject: [PATCH] Revert "linux-user: fix mmap/munmap/mprotect/mremap/shmat"
@@ -14,6 +14,7 @@ http://lists.openembedded.org/pipermail/openembedded-core/2018-June/151382.html
14This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583. 14This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583.
15 15
16Upstream-Status: Pending 16Upstream-Status: Pending
17
17--- 18---
18 include/exec/cpu-all.h | 6 +----- 19 include/exec/cpu-all.h | 6 +-----
19 include/exec/cpu_ldst.h | 16 +++++++++------- 20 include/exec/cpu_ldst.h | 16 +++++++++-------
@@ -22,10 +23,10 @@ Upstream-Status: Pending
22 4 files changed, 15 insertions(+), 29 deletions(-) 23 4 files changed, 15 insertions(+), 29 deletions(-)
23 24
24diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h 25diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
25index f4fa94e966..0b141683f0 100644 26index 117d2fbb..90558c14 100644
26--- a/include/exec/cpu-all.h 27--- a/include/exec/cpu-all.h
27+++ b/include/exec/cpu-all.h 28+++ b/include/exec/cpu-all.h
28@@ -159,12 +159,8 @@ extern unsigned long guest_base; 29@@ -163,12 +163,8 @@ extern unsigned long guest_base;
29 extern int have_guest_base; 30 extern int have_guest_base;
30 extern unsigned long reserved_va; 31 extern unsigned long reserved_va;
31 32
@@ -40,12 +41,12 @@ index f4fa94e966..0b141683f0 100644
40 41
41 #include "exec/hwaddr.h" 42 #include "exec/hwaddr.h"
42diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h 43diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
43index 5de8c8a5af..191f2e962a 100644 44index 95906849..ed17b3f6 100644
44--- a/include/exec/cpu_ldst.h 45--- a/include/exec/cpu_ldst.h
45+++ b/include/exec/cpu_ldst.h 46+++ b/include/exec/cpu_ldst.h
46@@ -51,13 +51,15 @@ 47@@ -62,13 +62,15 @@ typedef uint64_t abi_ptr;
47 /* All direct uses of g2h and h2g need to go away for usermode softmmu. */ 48 /* All direct uses of g2h and h2g need to go away for usermode softmmu. */
48 #define g2h(x) ((void *)((unsigned long)(target_ulong)(x) + guest_base)) 49 #define g2h(x) ((void *)((unsigned long)(abi_ptr)(x) + guest_base))
49 50
50-#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX) 51-#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)
51-#define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base) 52-#define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base)
@@ -67,10 +68,10 @@ index 5de8c8a5af..191f2e962a 100644
67 #define h2g_nocheck(x) ({ \ 68 #define h2g_nocheck(x) ({ \
68 unsigned long __ret = (unsigned long)(x) - guest_base; \ 69 unsigned long __ret = (unsigned long)(x) - guest_base; \
69diff --git a/linux-user/mmap.c b/linux-user/mmap.c 70diff --git a/linux-user/mmap.c b/linux-user/mmap.c
70index 9168a2051c..de85669aab 100644 71index 41e0983c..d0ee1c53 100644
71--- a/linux-user/mmap.c 72--- a/linux-user/mmap.c
72+++ b/linux-user/mmap.c 73+++ b/linux-user/mmap.c
73@@ -80,7 +80,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot) 74@@ -79,7 +79,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
74 return -TARGET_EINVAL; 75 return -TARGET_EINVAL;
75 len = TARGET_PAGE_ALIGN(len); 76 len = TARGET_PAGE_ALIGN(len);
76 end = start + len; 77 end = start + len;
@@ -79,7 +80,7 @@ index 9168a2051c..de85669aab 100644
79 return -TARGET_ENOMEM; 80 return -TARGET_ENOMEM;
80 } 81 }
81 prot &= PROT_READ | PROT_WRITE | PROT_EXEC; 82 prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
82@@ -482,8 +482,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, 83@@ -490,8 +490,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
83 * It can fail only on 64-bit host with 32-bit target. 84 * It can fail only on 64-bit host with 32-bit target.
84 * On any other target/host host mmap() handles this error correctly. 85 * On any other target/host host mmap() handles this error correctly.
85 */ 86 */
@@ -90,7 +91,7 @@ index 9168a2051c..de85669aab 100644
90 goto fail; 91 goto fail;
91 } 92 }
92 93
93@@ -623,10 +623,8 @@ int target_munmap(abi_ulong start, abi_ulong len) 94@@ -631,10 +631,8 @@ int target_munmap(abi_ulong start, abi_ulong len)
94 if (start & ~TARGET_PAGE_MASK) 95 if (start & ~TARGET_PAGE_MASK)
95 return -TARGET_EINVAL; 96 return -TARGET_EINVAL;
96 len = TARGET_PAGE_ALIGN(len); 97 len = TARGET_PAGE_ALIGN(len);
@@ -102,7 +103,7 @@ index 9168a2051c..de85669aab 100644
102 mmap_lock(); 103 mmap_lock();
103 end = start + len; 104 end = start + len;
104 real_start = start & qemu_host_page_mask; 105 real_start = start & qemu_host_page_mask;
105@@ -681,13 +679,6 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, 106@@ -689,13 +687,6 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
106 int prot; 107 int prot;
107 void *host_addr; 108 void *host_addr;
108 109
@@ -117,10 +118,10 @@ index 9168a2051c..de85669aab 100644
117 118
118 if (flags & MREMAP_FIXED) { 119 if (flags & MREMAP_FIXED) {
119diff --git a/linux-user/syscall.c b/linux-user/syscall.c 120diff --git a/linux-user/syscall.c b/linux-user/syscall.c
120index 643b8833de..271f215147 100644 121index 280137da..efdd0006 100644
121--- a/linux-user/syscall.c 122--- a/linux-user/syscall.c
122+++ b/linux-user/syscall.c 123+++ b/linux-user/syscall.c
123@@ -4919,9 +4919,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env, 124@@ -3818,9 +3818,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
124 return -TARGET_EINVAL; 125 return -TARGET_EINVAL;
125 } 126 }
126 } 127 }
@@ -130,7 +131,7 @@ index 643b8833de..271f215147 100644
130 131
131 mmap_lock(); 132 mmap_lock();
132 133
133@@ -7497,7 +7494,7 @@ static int open_self_maps(void *cpu_env, int fd) 134@@ -6582,7 +6579,7 @@ static int open_self_maps(void *cpu_env, int fd)
134 } 135 }
135 if (h2g_valid(min)) { 136 if (h2g_valid(min)) {
136 int flags = page_get_flags(h2g(min)); 137 int flags = page_get_flags(h2g(min));
diff --git a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch b/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
index aa24f7294e..690d2717f1 100644
--- a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
+++ b/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
@@ -1,4 +1,4 @@
1From bb9e48e331eee06d7bac1dce809c70191d1a3b4d Mon Sep 17 00:00:00 2001 1From 091a16100a7e1e9e6493663392c5ba2884b99723 Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com> 2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Tue, 12 Mar 2013 09:54:06 +0800 3Date: Tue, 12 Mar 2013 09:54:06 +0800
4Subject: [PATCH] fix libcap header issue on some distro 4Subject: [PATCH] fix libcap header issue on some distro
@@ -54,12 +54,13 @@ http://patchwork.linuxtv.org/patch/12748/
54 54
55Upstream-Status: Pending 55Upstream-Status: Pending
56Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> 56Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
57
57--- 58---
58 fsdev/virtfs-proxy-helper.c | 7 +++++-- 59 fsdev/virtfs-proxy-helper.c | 7 +++++--
59 1 file changed, 5 insertions(+), 2 deletions(-) 60 1 file changed, 5 insertions(+), 2 deletions(-)
60 61
61diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c 62diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
62index 6f132c5ff1..8329950c26 100644 63index 6f132c5f..8329950c 100644
63--- a/fsdev/virtfs-proxy-helper.c 64--- a/fsdev/virtfs-proxy-helper.c
64+++ b/fsdev/virtfs-proxy-helper.c 65+++ b/fsdev/virtfs-proxy-helper.c
65@@ -13,7 +13,6 @@ 66@@ -13,7 +13,6 @@
diff --git a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
index 8a9141acde..2232cb80e2 100644
--- a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
+++ b/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
@@ -1,4 +1,4 @@
1From edc8dba74c7a4a2121d76c982be0074183bf080a Mon Sep 17 00:00:00 2001 1From 3eeeaa45dd12c9f3942cfc8647a08c93fffe19ea Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com> 2From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
3Date: Wed, 12 Aug 2015 15:11:30 -0500 3Date: Wed, 12 Aug 2015 15:11:30 -0500
4Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails. 4Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
@@ -12,6 +12,7 @@ current cpu information.
12 12
13Upstream-Status: Inappropriate 13Upstream-Status: Inappropriate
14Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> 14Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
15
15--- 16---
16 cpus.c | 5 +++++ 17 cpus.c | 5 +++++
17 custom_debug.h | 24 ++++++++++++++++++++++++ 18 custom_debug.h | 24 ++++++++++++++++++++++++
@@ -19,10 +20,10 @@ Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
19 create mode 100644 custom_debug.h 20 create mode 100644 custom_debug.h
20 21
21diff --git a/cpus.c b/cpus.c 22diff --git a/cpus.c b/cpus.c
22index 38eba8bff3..b84a60a4f3 100644 23index 0ddeeefc..4f3a5624 100644
23--- a/cpus.c 24--- a/cpus.c
24+++ b/cpus.c 25+++ b/cpus.c
25@@ -1690,6 +1690,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg) 26@@ -1768,6 +1768,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
26 return NULL; 27 return NULL;
27 } 28 }
28 29
@@ -31,7 +32,7 @@ index 38eba8bff3..b84a60a4f3 100644
31 static void qemu_cpu_kick_thread(CPUState *cpu) 32 static void qemu_cpu_kick_thread(CPUState *cpu)
32 { 33 {
33 #ifndef _WIN32 34 #ifndef _WIN32
34@@ -1702,6 +1704,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu) 35@@ -1780,6 +1782,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
35 err = pthread_kill(cpu->thread->thread, SIG_IPI); 36 err = pthread_kill(cpu->thread->thread, SIG_IPI);
36 if (err) { 37 if (err) {
37 fprintf(stderr, "qemu:%s: %s", __func__, strerror(err)); 38 fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
@@ -43,7 +44,7 @@ index 38eba8bff3..b84a60a4f3 100644
43 #else /* _WIN32 */ 44 #else /* _WIN32 */
44diff --git a/custom_debug.h b/custom_debug.h 45diff --git a/custom_debug.h b/custom_debug.h
45new file mode 100644 46new file mode 100644
46index 0000000000..f029e45547 47index 00000000..f029e455
47--- /dev/null 48--- /dev/null
48+++ b/custom_debug.h 49+++ b/custom_debug.h
49@@ -0,0 +1,24 @@ 50@@ -0,0 +1,24 @@
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch
deleted file mode 100644
index 7e1e442a41..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From fdc89e90fac40c5ca2686733df17b6423fb8d8fb Mon Sep 17 00:00:00 2001
2From: Jason Wang <jasowang@redhat.com>
3Date: Wed, 30 May 2018 13:08:15 +0800
4Subject: [PATCH] ne2000: fix possible out of bound access in ne2000_receive
5
6In ne2000_receive(), we try to assign size_ to size which converts
7from size_t to integer. This will cause troubles when size_ is greater
8INT_MAX, this will lead a negative value in size and it can then pass
9the check of size < MIN_BUF_SIZE which may lead out of bound access of
10for both buf and buf1.
11
12Fixing by converting the type of size to size_t.
13
14CC: qemu-stable@nongnu.org
15Reported-by: Daniel Shapira <daniel@twistlock.com>
16Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
17Signed-off-by: Jason Wang <jasowang@redhat.com>
18
19Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff
20;h=fdc89e90fac40c5ca2686733df17b6423fb8d8fb#patch1]
21
22CVE: CVE-2018-10839
23
24Signed-off-by: Changqing Li <changqing.li@windriver.com>
25---
26 hw/net/ne2000.c | 4 ++--
27 1 file changed, 2 insertions(+), 2 deletions(-)
28
29diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
30index 07d79e3..869518e 100644
31--- a/hw/net/ne2000.c
32+++ b/hw/net/ne2000.c
33@@ -174,7 +174,7 @@ static int ne2000_buffer_full(NE2000State *s)
34 ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
35 {
36 NE2000State *s = qemu_get_nic_opaque(nc);
37- int size = size_;
38+ size_t size = size_;
39 uint8_t *p;
40 unsigned int total_len, next, avail, len, index, mcast_idx;
41 uint8_t buf1[60];
42@@ -182,7 +182,7 @@ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
43 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
44
45 #if defined(DEBUG_NE2000)
46- printf("NE2000: received len=%d\n", size);
47+ printf("NE2000: received len=%zu\n", size);
48 #endif
49
50 if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
51--
521.8.3.1
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-15746.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-15746.patch
deleted file mode 100644
index 2f61ea0051..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2018-15746.patch
+++ /dev/null
@@ -1,64 +0,0 @@
1From 9acf4c64dd4560bd268006d7356c7455fab7e5b1 Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Thu, 6 Sep 2018 14:52:12 +0800
4Subject: [PATCH] seccomp: set the seccomp filter to all threads
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9When using "-seccomp on", the seccomp policy is only applied to the
10main thread, the vcpu worker thread and other worker threads created
11after seccomp policy is applied; the seccomp policy is not applied to
12e.g. the RCU thread because it is created before the seccomp policy is
13applied and SECCOMP_FILTER_FLAG_TSYNC isn't used.
14
15This can be verified with
16for task in /proc/`pidof qemu`/task/*; do cat $task/status | grep Secc ; done
17Seccomp: 2
18Seccomp: 0
19Seccomp: 0
20Seccomp: 2
21Seccomp: 2
22Seccomp: 2
23
24Starting with libseccomp 2.2.0 and kernel >= 3.17, we can use
25seccomp_attr_set(ctx, > SCMP_FLTATR_CTL_TSYNC, 1) to update the policy
26on all threads.
27
28libseccomp requirement was bumped to 2.2.0 in previous patch.
29libseccomp should fail to set the filter if it can't honour
30SCMP_FLTATR_CTL_TSYNC (untested), and thus -sandbox will now fail on
31kernel < 3.17.
32
33Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
34Acked-by: Eduardo Otubo <otubo@redhat.com>
35
36Upstream-Status: Backport[https://github.com/qemu/qemu/commit/
3770dfabeaa79ba4d7a3b699abe1a047c8012db114#diff-18106d3b47a2d249f9d41e772b7db22d]
38
39CVE: CVE-2018-15746
40
41Signed-off-by: Changqing Li <changqing.li@windriver.com>
42---
43 qemu-seccomp.c | 5 +++++
44 1 file changed, 5 insertions(+)
45
46diff --git a/qemu-seccomp.c b/qemu-seccomp.c
47index 9cd8eb9..ba5500a 100644
48--- a/qemu-seccomp.c
49+++ b/qemu-seccomp.c
50@@ -120,6 +120,11 @@ static int seccomp_start(uint32_t seccomp_opts)
51 goto seccomp_return;
52 }
53
54+ rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
55+ if (rc != 0) {
56+ goto seccomp_return;
57+ }
58+
59 for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
60 if (!(seccomp_opts & blacklist[i].set)) {
61 continue;
62--
632.7.4
64
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch
deleted file mode 100644
index af40ff275a..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch
+++ /dev/null
@@ -1,52 +0,0 @@
1From 06e88ca78d056ea4de885e3a1496805179dc47bc Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Mon, 15 Oct 2018 16:33:04 +0800
4Subject: [PATCH] ne2000: fix possible out of bound access in ne2000_receive
5
6In ne2000_receive(), we try to assign size_ to size which converts
7from size_t to integer. This will cause troubles when size_ is greater
8INT_MAX, this will lead a negative value in size and it can then pass
9the check of size < MIN_BUF_SIZE which may lead out of bound access of
10for both buf and buf1.
11
12Fixing by converting the type of size to size_t.
13
14CC: address@hidden
15Reported-by: Daniel Shapira <address@hidden>
16Reviewed-by: Michael S. Tsirkin <address@hidden>
17Signed-off-by: Jason Wang <address@hidden>
18
19Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html]
20
21CVE: CVE-2018-17958
22
23Signed-off-by: Changqing Li <changqing.li@windriver.com>
24---
25 hw/net/ne2000.c | 4 ++--
26 1 file changed, 2 insertions(+), 2 deletions(-)
27
28diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
29index 07d79e3..869518e 100644
30--- a/hw/net/ne2000.c
31+++ b/hw/net/ne2000.c
32@@ -174,7 +174,7 @@ static int ne2000_buffer_full(NE2000State *s)
33 ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
34 {
35 NE2000State *s = qemu_get_nic_opaque(nc);
36- int size = size_;
37+ size_t size = size_;
38 uint8_t *p;
39 unsigned int total_len, next, avail, len, index, mcast_idx;
40 uint8_t buf1[60];
41@@ -182,7 +182,7 @@ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
42 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
43
44 #if defined(DEBUG_NE2000)
45- printf("NE2000: received len=%d\n", size);
46+ printf("NE2000: received len=%zu\n", size);
47 #endif
48
49 if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
50--
512.7.4
52
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-17962.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-17962.patch
deleted file mode 100644
index 88bfd811ea..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2018-17962.patch
+++ /dev/null
@@ -1,70 +0,0 @@
1From 20abe443ad9464b18ac494f71f7d53f19ee3748f Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Mon, 15 Oct 2018 16:38:08 +0800
4Subject: [PATCH] rtl8139: fix possible out of bound access
5
6In rtl8139_do_receive(), we try to assign size_ to size which converts
7from size_t to integer. This will cause troubles when size_ is greater
8INT_MAX, this will lead a negative value in size and it can then pass
9the check of size < MIN_BUF_SIZE which may lead out of bound access of
10for both buf and buf1.
11
12Fixing by converting the type of size to size_t.
13
14CC: address@hidden
15Reported-by: Daniel Shapira <address@hidden>
16Reviewed-by: Michael S. Tsirkin <address@hidden>
17Signed-off-by: Jason Wang <address@hidden>
18
19Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html]
20
21CVE: CVE-2018-17962
22
23Signed-off-by: Changqing Li <changqing.li@windriver.com>
24---
25 hw/net/rtl8139.c | 8 ++++----
26 1 file changed, 4 insertions(+), 4 deletions(-)
27
28diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
29index 46daa16..2342a09 100644
30--- a/hw/net/rtl8139.c
31+++ b/hw/net/rtl8139.c
32@@ -817,7 +817,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
33 RTL8139State *s = qemu_get_nic_opaque(nc);
34 PCIDevice *d = PCI_DEVICE(s);
35 /* size is the length of the buffer passed to the driver */
36- int size = size_;
37+ size_t size = size_;
38 const uint8_t *dot1q_buf = NULL;
39
40 uint32_t packet_header = 0;
41@@ -826,7 +826,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
42 static const uint8_t broadcast_macaddr[6] =
43 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
44
45- DPRINTF(">>> received len=%d\n", size);
46+ DPRINTF(">>> received len=%zu\n", size);
47
48 /* test if board clock is stopped */
49 if (!s->clock_enabled)
50@@ -1035,7 +1035,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
51
52 if (size+4 > rx_space)
53 {
54- DPRINTF("C+ Rx mode : descriptor %d size %d received %d + 4\n",
55+ DPRINTF("C+ Rx mode : descriptor %d size %d received %zu + 4\n",
56 descriptor, rx_space, size);
57
58 s->IntrStatus |= RxOverflow;
59@@ -1148,7 +1148,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
60 if (avail != 0 && RX_ALIGN(size + 8) >= avail)
61 {
62 DPRINTF("rx overflow: rx buffer length %d head 0x%04x "
63- "read 0x%04x === available 0x%04x need 0x%04x\n",
64+ "read 0x%04x === available 0x%04x need 0x%04zx\n",
65 s->RxBufferSize, s->RxBufAddr, s->RxBufPtr, avail, size + 8);
66
67 s->IntrStatus |= RxOverflow;
68--
692.7.4
70
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2018-17963.patch b/meta/recipes-devtools/qemu/qemu/CVE-2018-17963.patch
deleted file mode 100644
index 054cdc8674..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2018-17963.patch
+++ /dev/null
@@ -1,51 +0,0 @@
1From e5ff72a8005dd1d9c0f63f8a9cc4298df5bb7551 Mon Sep 17 00:00:00 2001
2From: Changqing Li <changqing.li@windriver.com>
3Date: Mon, 15 Oct 2018 16:39:46 +0800
4Subject: [PATCH] pcnet: fix possible buffer overflow
5
6In pcnet_receive(), we try to assign size_ to size which converts from
7size_t to integer. This will cause troubles when size_ is greater
8INT_MAX, this will lead a negative value in size and it can then pass
9the check of size < MIN_BUF_SIZE which may lead out of bound access
10for both buf and buf1.
11
12Fixing by converting the type of size to size_t.
13
14CC: address@hidden
15Reported-by: Daniel Shapira <address@hidden>
16Reviewed-by: Michael S. Tsirkin <address@hidden>
17Signed-off-by: Jason Wang <address@hidden>
18
19Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html]
20
21CVE: CVE-2018-17963
22
23Signed-off-by: Changqing Li <changqing.li@windriver.com>
24---
25 hw/net/pcnet.c | 4 ++--
26 1 file changed, 2 insertions(+), 2 deletions(-)
27
28diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
29index 0c44554..d9ba04b 100644
30--- a/hw/net/pcnet.c
31+++ b/hw/net/pcnet.c
32@@ -988,14 +988,14 @@ ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
33 uint8_t buf1[60];
34 int remaining;
35 int crc_err = 0;
36- int size = size_;
37+ size_t size = size_;
38
39 if (CSR_DRX(s) || CSR_STOP(s) || CSR_SPND(s) || !size ||
40 (CSR_LOOP(s) && !s->looptest)) {
41 return -1;
42 }
43 #ifdef PCNET_DEBUG
44- printf("pcnet_receive size=%d\n", size);
45+ printf("pcnet_receive size=%zu\n", size);
46 #endif
47
48 /* if too small buffer, then expand it */
49--
502.7.4
51
diff --git a/meta/recipes-devtools/qemu/qemu_3.0.0.bb b/meta/recipes-devtools/qemu/qemu_3.1.0.bb
index 776548b05a..67cebcc830 100644
--- a/meta/recipes-devtools/qemu/qemu_3.0.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_3.1.0.bb
@@ -21,10 +21,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
21 file://0009-apic-fixup-fallthrough-to-PIC.patch \ 21 file://0009-apic-fixup-fallthrough-to-PIC.patch \
22 file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ 22 file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
23 file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \ 23 file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
24 file://CVE-2018-15746.patch \
25 file://CVE-2018-17958.patch \
26 file://CVE-2018-17962.patch \
27 file://CVE-2018-17963.patch \
28 " 24 "
29UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" 25UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
30 26
@@ -33,8 +29,8 @@ SRC_URI_append_class-native = " \
33 file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \ 29 file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
34 " 30 "
35 31
36SRC_URI[md5sum] = "6a5c8df583406ea24ef25b239c3243e0" 32SRC_URI[md5sum] = "fb687ce0b02d3bf4327e36d3b99427a8"
37SRC_URI[sha256sum] = "8d7af64fe8bd5ea5c3bdf17131a8b858491bcce1ee3839425a6d91fb821b5713" 33SRC_URI[sha256sum] = "6a0508df079a0a33c2487ca936a56c12122f105b8a96a44374704bef6c69abfc"
38 34
39COMPATIBLE_HOST_mipsarchn32 = "null" 35COMPATIBLE_HOST_mipsarchn32 = "null"
40COMPATIBLE_HOST_mipsarchn64 = "null" 36COMPATIBLE_HOST_mipsarchn64 = "null"