diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-08-13 14:44:42 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-08-17 08:45:35 +0100 |
commit | 7e25a6b4d52a16e812dfd444d65283d2c75d2d77 (patch) | |
tree | 1f61c98c9d24ed35b685af62bcdb1d83a36b80f9 /meta/recipes-devtools/qemu/qemu/CVE-2020-13659.patch | |
parent | 1bff01bda9741ad3a9b9e1937d73859636575c7c (diff) | |
download | poky-7e25a6b4d52a16e812dfd444d65283d2c75d2d77.tar.gz |
qemu: Upgrade 5.0.0 -> 5.1.0
* Drop backported CVE fixes
* Drop cpu backtrace patch from 2015 for debugging an issue which we no longer see
(patch throws rejects, files have moved)
* Update mips patch to account for file renames
* Update chardev patch to match upstream code changes
* Update webkitgtk patch, qemumips build works ok but qemux86 musl webkitgtk still
fails. Need to figure out the correct fix and upstream it for this, current
revert patch is not maintainable.
Release notes for 5.1.0 mention slight qemumips performance improvements
which would be valuable to us. My tests show no improvement in qemumips
testimage execution time for core-image-sato-sdk.
Fix a ptest issue for a file looking for /usr/bin/bash when we have
/bin/bash.
(From OE-Core rev: 686b770af67fdd2251f4ddab5b0eefc8fb0870ef)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2020-13659.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2020-13659.patch | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13659.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-13659.patch deleted file mode 100644 index 4d12ae8f16..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-13659.patch +++ /dev/null | |||
@@ -1,58 +0,0 @@ | |||
1 | From 77f55eac6c433e23e82a1b88b2d74f385c4c7d82 Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Tue, 26 May 2020 16:47:43 +0530 | ||
4 | Subject: [PATCH] exec: set map length to zero when returning NULL | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | When mapping physical memory into host's virtual address space, | ||
10 | 'address_space_map' may return NULL if BounceBuffer is in_use. | ||
11 | Set and return '*plen = 0' to avoid later NULL pointer dereference. | ||
12 | |||
13 | Reported-by: Alexander Bulekov <alxndr@bu.edu> | ||
14 | Fixes: https://bugs.launchpad.net/qemu/+bug/1878259 | ||
15 | Suggested-by: Paolo Bonzini <pbonzini@redhat.com> | ||
16 | Suggested-by: Peter Maydell <peter.maydell@linaro.org> | ||
17 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
18 | Message-Id: <20200526111743.428367-1-ppandit@redhat.com> | ||
19 | Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> | ||
20 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | ||
21 | |||
22 | Upstream-Status: Backport [77f55eac6c433e23e82a1b88b2d74f385c4c7d82] | ||
23 | CVE: CVE-2020-13659 | ||
24 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | ||
25 | --- | ||
26 | exec.c | 1 + | ||
27 | include/exec/memory.h | 3 ++- | ||
28 | 2 files changed, 3 insertions(+), 1 deletion(-) | ||
29 | |||
30 | diff --git a/exec.c b/exec.c | ||
31 | index 9cbde85d8c..778263f1c6 100644 | ||
32 | --- a/exec.c | ||
33 | +++ b/exec.c | ||
34 | @@ -3540,6 +3540,7 @@ void *address_space_map(AddressSpace *as, | ||
35 | |||
36 | if (!memory_access_is_direct(mr, is_write)) { | ||
37 | if (atomic_xchg(&bounce.in_use, true)) { | ||
38 | + *plen = 0; | ||
39 | return NULL; | ||
40 | } | ||
41 | /* Avoid unbounded allocations */ | ||
42 | diff --git a/include/exec/memory.h b/include/exec/memory.h | ||
43 | index bd7fdd6081..af8ca7824e 100644 | ||
44 | --- a/include/exec/memory.h | ||
45 | +++ b/include/exec/memory.h | ||
46 | @@ -2314,7 +2314,8 @@ bool address_space_access_valid(AddressSpace *as, hwaddr addr, hwaddr len, | ||
47 | /* address_space_map: map a physical memory region into a host virtual address | ||
48 | * | ||
49 | * May map a subset of the requested range, given by and returned in @plen. | ||
50 | - * May return %NULL if resources needed to perform the mapping are exhausted. | ||
51 | + * May return %NULL and set *@plen to zero(0), if resources needed to perform | ||
52 | + * the mapping are exhausted. | ||
53 | * Use only for reads OR writes - not for read-modify-write operations. | ||
54 | * Use cpu_register_map_client() to know when retrying the map operation is | ||
55 | * likely to succeed. | ||
56 | -- | ||
57 | 2.20.1 | ||
58 | |||