qemu: uprev v4.2.0 -> v5.0.0

Major update after v4.2. Changes: - os_find_datadir() was changed after the v4.2 release causing v5.0 to not find the bios and not boot the image. Fix is sent to upstream qemu. See: qemu/find_datadir.patch - v5.0 binary had host contamination for dynamically linked libraries, "--extra-ldflags='${LDFLAGS}'" in EXTRA_OECONF resolved the issue - bluetooth code was removed: qemu.git$ git show 1d4ffe8dc7 hence removed PACKAGECONFIG[bluez] - -show-cursor qemu option is now deprecated, updated scripts/runqemu to use updated option instead - added PACKAGECONFIG definitions - added qemu-ptest to conf/distro/include/ptest-packagelists.inc - increased support for ARM architecture, cpu and board - removed patches merged upstream and refreshed existing ones Testing: Build core-image-minimal against the machines in openembedded-core/meta/conf/machine and succesfully booted with qemu v5.0 Ran qemu-ptest on x86-64 and arm64 with identical results: PASS: 1166 SKIP: 0 FAIL: 0 (From OE-Core rev: ee9ec9e344541c1ccd9b9b8e3b8c1e00d008ad85) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Sakib Sajal <sakib.sajal@windriver.com> 2020-06-19 14:12:59 -0400
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-06-23 12:31:03 +0100
commit: a3102471e4e789d77040f5ed0da1b8e438328b5f (patch)
tree: 083c7ac42e426047f32ba8de41d0a9b24615593f /meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch
parent: f5bbb3ba2d65ba7911b7ede5fb32b54b5b904a07 (diff)
download: poky-a3102471e4e789d77040f5ed0da1b8e438328b5f.tar.gz
1 files changed, 0 insertions, 64 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch
deleted file mode 100644
index aa7bc82329..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 693fd2acdf14dd86c0bf852610f1c2cca80a74dc Mon Sep 17 00:00:00 2001
-From: Felipe Franciosi <felipe@nutanix.com>
-Date: Thu, 23 Jan 2020 12:44:59 +0000
-Subject: [PATCH] iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711)
-When querying an iSCSI server for the provisioning status of blocks (via
-GET LBA STATUS), Qemu only validates that the response descriptor zero's
-LBA matches the one requested. Given the SCSI spec allows servers to
-respond with the status of blocks beyond the end of the LUN, Qemu may
-have its heap corrupted by clearing/setting too many bits at the end of
-its allocmap for the LUN.
-A malicious guest in control of the iSCSI server could carefully program
-Qemu's heap (by selectively setting the bitmap) and then smash it.
-This limits the number of bits that iscsi_co_block_status() will try to
-update in the allocmap so it can't overflow the bitmap.
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=patch;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc]
-CVE: CVE-2020-1711
-Fixes: CVE-2020-1711
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
-Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com>
-Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
---
- block/iscsi.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/block/iscsi.c b/block/iscsi.c
-index 2aea7e3..cbd5729 100644
--- a/block/iscsi.c
-+++ b/block/iscsi.c
-@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
-     struct scsi_get_lba_status *lbas = NULL;
-     struct scsi_lba_status_descriptor *lbasd = NULL;
-     struct IscsiTask iTask;
-    uint64_t lba;
-+    uint64_t lba, max_bytes;
-     int ret;
- 
-     iscsi_co_init_iscsitask(iscsilun, &iTask);
-@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
-     }
- 
-     lba = offset / iscsilun->block_size;
-+    max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size;
- 
-     qemu_mutex_lock(&iscsilun->mutex);
- retry:
-@@ -764,7 +765,7 @@ retry:
-         goto out_unlock;
-     }
- 
-    *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size;
-+    *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes);
- 
-     if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED ||
-         lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) {
-- 
-1.8.3.1
author	Sakib Sajal <sakib.sajal@windriver.com>	2020-06-19 14:12:59 -0400
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-06-23 12:31:03 +0100
commit	a3102471e4e789d77040f5ed0da1b8e438328b5f (patch)
tree	083c7ac42e426047f32ba8de41d0a9b24615593f /meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch
parent	f5bbb3ba2d65ba7911b7ede5fb32b54b5b904a07 (diff)
download	poky-a3102471e4e789d77040f5ed0da1b8e438328b5f.tar.gz

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch deleted file mode 100644 index aa7bc82329..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch +++ /dev/null
@@ -1,64 +0,0 @@
1	From 693fd2acdf14dd86c0bf852610f1c2cca80a74dc Mon Sep 17 00:00:00 2001
2	From: Felipe Franciosi <felipe@nutanix.com>
3	Date: Thu, 23 Jan 2020 12:44:59 +0000
4	Subject: [PATCH] iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711)
5
6	When querying an iSCSI server for the provisioning status of blocks (via
7	GET LBA STATUS), Qemu only validates that the response descriptor zero's
8	LBA matches the one requested. Given the SCSI spec allows servers to
9	respond with the status of blocks beyond the end of the LUN, Qemu may
10	have its heap corrupted by clearing/setting too many bits at the end of
11	its allocmap for the LUN.
12
13	A malicious guest in control of the iSCSI server could carefully program
14	Qemu's heap (by selectively setting the bitmap) and then smash it.
15
16	This limits the number of bits that iscsi_co_block_status() will try to
17	update in the allocmap so it can't overflow the bitmap.
18
19	Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=patch;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc]
20	CVE: CVE-2020-1711
21
22	Fixes: CVE-2020-1711
23	Cc: qemu-stable@nongnu.org
24	Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
25	Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com>
26	Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
27	Signed-off-by: Kevin Wolf <kwolf@redhat.com>
28	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
29	---
30	block/iscsi.c \| 5 +++--
31	1 file changed, 3 insertions(+), 2 deletions(-)
32
33	diff --git a/block/iscsi.c b/block/iscsi.c
34	index 2aea7e3..cbd5729 100644
35	--- a/block/iscsi.c
36	+++ b/block/iscsi.c
37	@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
38	struct scsi_get_lba_status *lbas = NULL;
39	struct scsi_lba_status_descriptor *lbasd = NULL;
40	struct IscsiTask iTask;
41	- uint64_t lba;
42	+ uint64_t lba, max_bytes;
43	int ret;
44
45	iscsi_co_init_iscsitask(iscsilun, &iTask);
46	@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
47	}
48
49	lba = offset / iscsilun->block_size;
50	+ max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size;
51
52	qemu_mutex_lock(&iscsilun->mutex);
53	retry:
54	@@ -764,7 +765,7 @@ retry:
55	goto out_unlock;
56	}
57
58	- pnum = (int64_t) lbasd->num_blocks iscsilun->block_size;
59	+ pnum = MIN((int64_t) lbasd->num_blocks iscsilun->block_size, max_bytes);
60
61	if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED \|\|
62	lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) {
63	--
64	1.8.3.1