qemu: Upgrade to 2.6.0

(From OE-Core rev: 6c18103e43fd593724f4317a1453a72b0feb6989) This patch is backported from upstream morty branch: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=morty&id=ff35bfa2420f30cb79995fb4808175b447967c07 Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2017-05-10 14:17:33 +0200
committer: Adrian Dudau <adrian.dudau@enea.com> 2017-05-11 15:28:51 +0200
commit: 5c021b4550f77ddc7d32664a08e46ba69d16c2c7 (patch)
tree: 3b8d3d3250841cc839f041f26186b6325f780f5d /meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch
parent: 71d585a8deafbeea66a517313d9ae10862484d22 (diff)
download: poky-5c021b4550f77ddc7d32664a08e46ba69d16c2c7.tar.gz
1 files changed, 0 insertions, 183 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch
deleted file mode 100644
index d5395e6152..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-From 60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 Mon Sep 17 00:00:00 2001
-From: Ladi Prosek <lprosek@redhat.com>
-Date: Thu, 3 Mar 2016 09:37:18 +0100
-Subject: [PATCH] rng: add request queue support to rng-random
-Requests are now created in the RngBackend parent class and the
-code path is shared by both rng-egd and rng-random.
-This commit fixes the rng-random implementation which processed
-only one request at a time and simply discarded all but the most
-recent one. In the guest this manifested as delayed completion
-of reads from virtio-rng, i.e. a read was completed only after
-another read was issued.
-By switching rng-random to use the same request queue as rng-egd,
-the unsafe stack-based allocation of the entropy buffer is
-eliminated and replaced with g_malloc.
-Signed-off-by: Ladi Prosek <lprosek@redhat.com>
-Reviewed-by: Amit Shah <amit.shah@redhat.com>
-Message-Id: <1456994238-9585-5-git-send-email-lprosek@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
-Upstream-Status: Backport
-CVE: CVE-2016-2858
-http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475
-Signed-off-by: Armin Kuster <akuster@mvista.com>
---
- backends/rng-egd.c    | 16 ++--------------
- backends/rng-random.c | 43 +++++++++++++++++++------------------------
- backends/rng.c        | 13 ++++++++++++-
- include/sysemu/rng.h  |  3 +--
- 4 files changed, 34 insertions(+), 41 deletions(-)
-Index: qemu-2.5.0/backends/rng-egd.c
-===================================================================
--- qemu-2.5.0.orig/backends/rng-egd.c
-+++ qemu-2.5.0/backends/rng-egd.c
-@@ -26,20 +26,10 @@ typedef struct RngEgd
-     char *chr_name;
- } RngEgd;
- 
-static void rng_egd_request_entropy(RngBackend *b, size_t size,
-                                    EntropyReceiveFunc *receive_entropy,
-                                    void *opaque)
-+static void rng_egd_request_entropy(RngBackend *b, RngRequest *req)
- {
-     RngEgd *s = RNG_EGD(b);
-    RngRequest *req;
-
-    req = g_malloc(sizeof(*req));
-
-    req->offset = 0;
-    req->size = size;
-    req->receive_entropy = receive_entropy;
-    req->opaque = opaque;
-    req->data = g_malloc(req->size);
-+    size_t size = req->size;
- 
-     while (size > 0) {
-         uint8_t header[2];
-@@ -53,8 +43,6 @@ static void rng_egd_request_entropy(RngB
- 
-         size -= len;
-     }
-
-    s->parent.requests = g_slist_append(s->parent.requests, req);
- }
- 
- static int rng_egd_chr_can_read(void *opaque)
-Index: qemu-2.5.0/backends/rng-random.c
-===================================================================
--- qemu-2.5.0.orig/backends/rng-random.c
-+++ qemu-2.5.0/backends/rng-random.c
-@@ -21,10 +21,6 @@ struct RndRandom
- 
-     int fd;
-     char *filename;
-
-    EntropyReceiveFunc *receive_func;
-    void *opaque;
-    size_t size;
- };
- 
- /**
-@@ -37,36 +33,35 @@ struct RndRandom
- static void entropy_available(void *opaque)
- {
-     RndRandom *s = RNG_RANDOM(opaque);
-    uint8_t buffer[s->size];
-    ssize_t len;
- 
-    len = read(s->fd, buffer, s->size);
-    if (len < 0 && errno == EAGAIN) {
-        return;
-    }
-    g_assert(len != -1);
-+    while (s->parent.requests != NULL) {
-+        RngRequest *req = s->parent.requests->data;
-+        ssize_t len;
-+
-+        len = read(s->fd, req->data, req->size);
-+        if (len < 0 && errno == EAGAIN) {
-+            return;
-+        }
-+        g_assert(len != -1);
-+
-+        req->receive_entropy(req->opaque, req->data, len);
- 
-    s->receive_func(s->opaque, buffer, len);
-    s->receive_func = NULL;
-+        rng_backend_finalize_request(&s->parent, req);
-+    }
- 
-+    /* We've drained all requests, the fd handler can be reset. */
-     qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
- }
- 
-static void rng_random_request_entropy(RngBackend *b, size_t size,
-                                        EntropyReceiveFunc *receive_entropy,
-                                        void *opaque)
-+static void rng_random_request_entropy(RngBackend *b, RngRequest *req)
- {
-     RndRandom *s = RNG_RANDOM(b);
- 
-    if (s->receive_func) {
-        s->receive_func(s->opaque, NULL, 0);
-+    if (s->parent.requests == NULL) {
-+        /* If there are no pending requests yet, we need to
-+         * install our fd handler. */
-+        qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
-     }
-
-    s->receive_func = receive_entropy;
-    s->opaque = opaque;
-    s->size = size;
-
-    qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
- }
- 
- static void rng_random_opened(RngBackend *b, Error **errp)
-Index: qemu-2.5.0/backends/rng.c
-===================================================================
--- qemu-2.5.0.orig/backends/rng.c
-+++ qemu-2.5.0/backends/rng.c
-@@ -19,9 +19,20 @@ void rng_backend_request_entropy(RngBack
-                                  void *opaque)
- {
-     RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
-+    RngRequest *req;
- 
-     if (k->request_entropy) {
-        k->request_entropy(s, size, receive_entropy, opaque);
-+        req = g_malloc(sizeof(*req));
-+
-+        req->offset = 0;
-+        req->size = size;
-+        req->receive_entropy = receive_entropy;
-+        req->opaque = opaque;
-+        req->data = g_malloc(req->size);
-+
-+        k->request_entropy(s, req);
-+
-+        s->requests = g_slist_append(s->requests, req);
-     }
- }
- 
-Index: qemu-2.5.0/include/sysemu/rng.h
-===================================================================
--- qemu-2.5.0.orig/include/sysemu/rng.h
-+++ qemu-2.5.0/include/sysemu/rng.h
-@@ -46,8 +46,7 @@ struct RngBackendClass
- {
-     ObjectClass parent_class;
- 
-    void (*request_entropy)(RngBackend *s, size_t size,
-                            EntropyReceiveFunc *receive_entropy, void *opaque);
-+    void (*request_entropy)(RngBackend *s, RngRequest *req);
- 
-     void (*opened)(RngBackend *s, Error **errp);
- };
author	Sona Sarmadi <sona.sarmadi@enea.com>	2017-05-10 14:17:33 +0200
committer	Adrian Dudau <adrian.dudau@enea.com>	2017-05-11 15:28:51 +0200
commit	5c021b4550f77ddc7d32664a08e46ba69d16c2c7 (patch)
tree	3b8d3d3250841cc839f041f26186b6325f780f5d /meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch
parent	71d585a8deafbeea66a517313d9ae10862484d22 (diff)
download	poky-5c021b4550f77ddc7d32664a08e46ba69d16c2c7.tar.gz

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch deleted file mode 100644 index d5395e6152..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch +++ /dev/null
@@ -1,183 +0,0 @@
1	From 60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 Mon Sep 17 00:00:00 2001
2	From: Ladi Prosek <lprosek@redhat.com>
3	Date: Thu, 3 Mar 2016 09:37:18 +0100
4	Subject: [PATCH] rng: add request queue support to rng-random
5
6	Requests are now created in the RngBackend parent class and the
7	code path is shared by both rng-egd and rng-random.
8
9	This commit fixes the rng-random implementation which processed
10	only one request at a time and simply discarded all but the most
11	recent one. In the guest this manifested as delayed completion
12	of reads from virtio-rng, i.e. a read was completed only after
13	another read was issued.
14
15	By switching rng-random to use the same request queue as rng-egd,
16	the unsafe stack-based allocation of the entropy buffer is
17	eliminated and replaced with g_malloc.
18
19	Signed-off-by: Ladi Prosek <lprosek@redhat.com>
20	Reviewed-by: Amit Shah <amit.shah@redhat.com>
21	Message-Id: <1456994238-9585-5-git-send-email-lprosek@redhat.com>
22	Signed-off-by: Amit Shah <amit.shah@redhat.com>
23
24	Upstream-Status: Backport
25	CVE: CVE-2016-2858
26
27	http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475
28	Signed-off-by: Armin Kuster <akuster@mvista.com>
29
30	---
31	backends/rng-egd.c \| 16 ++--------------
32	backends/rng-random.c \| 43 +++++++++++++++++++------------------------
33	backends/rng.c \| 13 ++++++++++++-
34	include/sysemu/rng.h \| 3 +--
35	4 files changed, 34 insertions(+), 41 deletions(-)
36
37	Index: qemu-2.5.0/backends/rng-egd.c
38	===================================================================
39	--- qemu-2.5.0.orig/backends/rng-egd.c
40	+++ qemu-2.5.0/backends/rng-egd.c
41	@@ -26,20 +26,10 @@ typedef struct RngEgd
42	char *chr_name;
43	} RngEgd;
44
45	-static void rng_egd_request_entropy(RngBackend *b, size_t size,
46	- EntropyReceiveFunc *receive_entropy,
47	- void *opaque)
48	+static void rng_egd_request_entropy(RngBackend b, RngRequest req)
49	{
50	RngEgd *s = RNG_EGD(b);
51	- RngRequest *req;
52	-
53	- req = g_malloc(sizeof(*req));
54	-
55	- req->offset = 0;
56	- req->size = size;
57	- req->receive_entropy = receive_entropy;
58	- req->opaque = opaque;
59	- req->data = g_malloc(req->size);
60	+ size_t size = req->size;
61
62	while (size > 0) {
63	uint8_t header[2];
64	@@ -53,8 +43,6 @@ static void rng_egd_request_entropy(RngB
65
66	size -= len;
67	}
68	-
69	- s->parent.requests = g_slist_append(s->parent.requests, req);
70	}
71
72	static int rng_egd_chr_can_read(void *opaque)
73	Index: qemu-2.5.0/backends/rng-random.c
74	===================================================================
75	--- qemu-2.5.0.orig/backends/rng-random.c
76	+++ qemu-2.5.0/backends/rng-random.c
77	@@ -21,10 +21,6 @@ struct RndRandom
78
79	int fd;
80	char *filename;
81	-
82	- EntropyReceiveFunc *receive_func;
83	- void *opaque;
84	- size_t size;
85	};
86
87	/**
88	@@ -37,36 +33,35 @@ struct RndRandom
89	static void entropy_available(void *opaque)
90	{
91	RndRandom *s = RNG_RANDOM(opaque);
92	- uint8_t buffer[s->size];
93	- ssize_t len;
94
95	- len = read(s->fd, buffer, s->size);
96	- if (len < 0 && errno == EAGAIN) {
97	- return;
98	- }
99	- g_assert(len != -1);
100	+ while (s->parent.requests != NULL) {
101	+ RngRequest *req = s->parent.requests->data;
102	+ ssize_t len;
103	+
104	+ len = read(s->fd, req->data, req->size);
105	+ if (len < 0 && errno == EAGAIN) {
106	+ return;
107	+ }
108	+ g_assert(len != -1);
109	+
110	+ req->receive_entropy(req->opaque, req->data, len);
111
112	- s->receive_func(s->opaque, buffer, len);
113	- s->receive_func = NULL;
114	+ rng_backend_finalize_request(&s->parent, req);
115	+ }
116
117	+ /* We've drained all requests, the fd handler can be reset. */
118	qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
119	}
120
121	-static void rng_random_request_entropy(RngBackend *b, size_t size,
122	- EntropyReceiveFunc *receive_entropy,
123	- void *opaque)
124	+static void rng_random_request_entropy(RngBackend b, RngRequest req)
125	{
126	RndRandom *s = RNG_RANDOM(b);
127
128	- if (s->receive_func) {
129	- s->receive_func(s->opaque, NULL, 0);
130	+ if (s->parent.requests == NULL) {
131	+ /* If there are no pending requests yet, we need to
132	+ * install our fd handler. */
133	+ qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
134	}
135	-
136	- s->receive_func = receive_entropy;
137	- s->opaque = opaque;
138	- s->size = size;
139	-
140	- qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
141	}
142
143	static void rng_random_opened(RngBackend b, Error *errp)
144	Index: qemu-2.5.0/backends/rng.c
145	===================================================================
146	--- qemu-2.5.0.orig/backends/rng.c
147	+++ qemu-2.5.0/backends/rng.c
148	@@ -19,9 +19,20 @@ void rng_backend_request_entropy(RngBack
149	void *opaque)
150	{
151	RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
152	+ RngRequest *req;
153
154	if (k->request_entropy) {
155	- k->request_entropy(s, size, receive_entropy, opaque);
156	+ req = g_malloc(sizeof(*req));
157	+
158	+ req->offset = 0;
159	+ req->size = size;
160	+ req->receive_entropy = receive_entropy;
161	+ req->opaque = opaque;
162	+ req->data = g_malloc(req->size);
163	+
164	+ k->request_entropy(s, req);
165	+
166	+ s->requests = g_slist_append(s->requests, req);
167	}
168	}
169
170	Index: qemu-2.5.0/include/sysemu/rng.h
171	===================================================================
172	--- qemu-2.5.0.orig/include/sysemu/rng.h
173	+++ qemu-2.5.0/include/sysemu/rng.h
174	@@ -46,8 +46,7 @@ struct RngBackendClass
175	{
176	ObjectClass parent_class;
177
178	- void (request_entropy)(RngBackend s, size_t size,
179	- EntropyReceiveFunc receive_entropy, void opaque);
180	+ void (request_entropy)(RngBackend s, RngRequest *req);
181
182	void (opened)(RngBackend s, Error **errp);
183	};