summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/qemu
diff options
context:
space:
mode:
authorAlexander Kanavin <alex.kanavin@gmail.com>2021-09-08 20:01:09 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-10-11 18:41:37 +0100
commitd87987fc1a4e7f31fb5740568e5edb9a8d123992 (patch)
tree0d31c92214a6db2b070e18c4592040a00ce7386d /meta/recipes-devtools/qemu
parent4a4d5f78a6962dda5f63e9891825c80a8a87bf66 (diff)
downloadpoky-d87987fc1a4e7f31fb5740568e5edb9a8d123992.tar.gz
qemu: update 6.0.0 -> 6.1.0
Recipe changes: qemu-plugin.h is installed by both qemu-native and qemu-system-native qmp.py module is now provided in a module directory (no other files from that directory are necessary to use it though) additional host-specific info is stripeed from ptest tests/tcg/*.mak Patches: drop all backports drop 0001-Add-enable-disable-udev.patch (change added upstream) drop 0001-linux-user-Tag-vsx-with-ieee128-fpbits.patch (issue fixed upstream) drop 0004-qemu-disable-Valgrind.patch (valgrind detection moved from configure to meson, and should be robust against host contamination) rebase 0010-configure-Add-pkg-config-handling-for-libgcrypt.patch (upstream moved libgcrypt handling from configure to meson, and using pkg-config is now a one-liner adjustment) rebase cross.patch (From OE-Core rev: b2710d25e3d8d79a35dbd4332ffc5cc8053d5eb8) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu')
-rw-r--r--meta/recipes-devtools/qemu/qemu-native_6.1.0.bb (renamed from meta/recipes-devtools/qemu/qemu-native_6.0.0.bb)0
-rw-r--r--meta/recipes-devtools/qemu/qemu-system-native_6.1.0.bb (renamed from meta/recipes-devtools/qemu/qemu-system-native_6.0.0.bb)3
-rw-r--r--meta/recipes-devtools/qemu/qemu.inc19
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch29
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-configure-fix-detection-of-gdbus-codegen.patch50
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-linux-user-Tag-vsx-with-ieee128-fpbits.patch35
-rw-r--r--meta/recipes-devtools/qemu/qemu/0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch43
-rw-r--r--meta/recipes-devtools/qemu/qemu/0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch41
-rw-r--r--meta/recipes-devtools/qemu/qemu/0003-vhost-user-gpu-fix-memory-leak-in-vg_resource_attach.patch48
-rw-r--r--meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch34
-rw-r--r--meta/recipes-devtools/qemu/qemu/0004-vhost-user-gpu-fix-memory-leak-while-calling-vg_reso.patch50
-rw-r--r--meta/recipes-devtools/qemu/qemu/0005-vhost-user-gpu-fix-memory-leak-in-virgl_cmd_resource.patch58
-rw-r--r--meta/recipes-devtools/qemu/qemu/0006-vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch49
-rw-r--r--meta/recipes-devtools/qemu/qemu/0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch49
-rw-r--r--meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch87
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch42
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch59
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch41
-rw-r--r--meta/recipes-devtools/qemu/qemu/cross.patch40
-rw-r--r--meta/recipes-devtools/qemu/qemu_6.1.0.bb (renamed from meta/recipes-devtools/qemu/qemu_6.0.0.bb)0
20 files changed, 47 insertions, 730 deletions
diff --git a/meta/recipes-devtools/qemu/qemu-native_6.0.0.bb b/meta/recipes-devtools/qemu/qemu-native_6.1.0.bb
index a94dc0b61e..a94dc0b61e 100644
--- a/meta/recipes-devtools/qemu/qemu-native_6.0.0.bb
+++ b/meta/recipes-devtools/qemu/qemu-native_6.1.0.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_6.0.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_6.1.0.bb
index f98c0b7722..b47ffd5262 100644
--- a/meta/recipes-devtools/qemu/qemu-system-native_6.0.0.bb
+++ b/meta/recipes-devtools/qemu/qemu-system-native_6.1.0.bb
@@ -25,7 +25,8 @@ do_install:append() {
25 rm -f ${D}${datadir}/qemu/trace-events-all 25 rm -f ${D}${datadir}/qemu/trace-events-all
26 rm -rf ${D}${datadir}/qemu/keymaps 26 rm -rf ${D}${datadir}/qemu/keymaps
27 rm -rf ${D}${datadir}/icons/ 27 rm -rf ${D}${datadir}/icons/
28 rm -rf ${D}${includedir}/qemu-plugin.h
28 29
29 # Install qmp.py to be used with testimage 30 # Install qmp.py to be used with testimage
30 install -D ${S}/python/qemu/qmp.py ${D}${PYTHON_SITEPACKAGES_DIR}/qmp.py 31 install -D ${S}/python/qemu/qmp/__init__.py ${D}${PYTHON_SITEPACKAGES_DIR}/qmp.py
31} 32}
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 4c94060222..54ffb85286 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -19,31 +19,17 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
19 file://run-ptest \ 19 file://run-ptest \
20 file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \ 20 file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \
21 file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ 21 file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
22 file://0004-qemu-disable-Valgrind.patch \
23 file://0006-chardev-connect-socket-to-a-spawned-command.patch \ 22 file://0006-chardev-connect-socket-to-a-spawned-command.patch \
24 file://0007-apic-fixup-fallthrough-to-PIC.patch \ 23 file://0007-apic-fixup-fallthrough-to-PIC.patch \
25 file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ 24 file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \
26 file://0001-Add-enable-disable-udev.patch \
27 file://0001-qemu-Do-not-include-file-if-not-exists.patch \ 25 file://0001-qemu-Do-not-include-file-if-not-exists.patch \
28 file://mmap2.patch \ 26 file://mmap2.patch \
29 file://determinism.patch \ 27 file://determinism.patch \
30 file://0001-tests-meson.build-use-relative-path-to-refer-to-file.patch \ 28 file://0001-tests-meson.build-use-relative-path-to-refer-to-file.patch \
31 file://0001-configure-fix-detection-of-gdbus-codegen.patch \
32 file://0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch \
33 file://0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch \
34 file://0003-vhost-user-gpu-fix-memory-leak-in-vg_resource_attach.patch \
35 file://0004-vhost-user-gpu-fix-memory-leak-while-calling-vg_reso.patch \
36 file://0005-vhost-user-gpu-fix-memory-leak-in-virgl_cmd_resource.patch \
37 file://0006-vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch \
38 file://0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch \
39 file://0001-linux-user-Tag-vsx-with-ieee128-fpbits.patch \
40 file://CVE-2021-3527-1.patch \
41 file://CVE-2021-3527-2.patch \
42 file://CVE-2021-3682.patch \
43 " 29 "
44UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" 30UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
45 31
46SRC_URI[sha256sum] = "87bc1a471ca24b97e7005711066007d443423d19aacda3d442558ae032fa30b9" 32SRC_URI[sha256sum] = "eebc089db3414bbeedf1e464beda0a7515aad30f73261abc246c9b27503a3c96"
47 33
48SRC_URI:append:class-target = " file://cross.patch" 34SRC_URI:append:class-target = " file://cross.patch"
49SRC_URI:append:class-nativesdk = " file://cross.patch" 35SRC_URI:append:class-nativesdk = " file://cross.patch"
@@ -80,6 +66,9 @@ do_install_ptest() {
80 66
81 # Strip the paths from the QEMU variable, we can use PATH 67 # Strip the paths from the QEMU variable, we can use PATH
82 sed -i -e "s#^QEMU=.*/qemu-#QEMU=qemu-#g" ${D}${PTEST_PATH}/tests/tcg/*.mak 68 sed -i -e "s#^QEMU=.*/qemu-#QEMU=qemu-#g" ${D}${PTEST_PATH}/tests/tcg/*.mak
69
70 # Strip compiler flags as they break reproducibility
71 sed -i -e "s,CROSS_CC_GUEST=.*,CROSS_CC_GUEST=," ${D}${PTEST_PATH}/tests/tcg/*.mak
83} 72}
84 73
85# QEMU_TARGETS is overridable variable 74# QEMU_TARGETS is overridable variable
diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch
deleted file mode 100644
index 4b37967e7a..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch
+++ /dev/null
@@ -1,29 +0,0 @@
1From b921e5204030845dc7c9d16d5f66d965e8d05367 Mon Sep 17 00:00:00 2001
2From: Jeremy Puhlman <jpuhlman@mvista.com>
3Date: Thu, 19 Mar 2020 11:54:26 -0700
4Subject: [PATCH] Add enable/disable libudev
5
6Upstream-Status: Pending
7Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
8
9[update patch context]
10Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
11---
12 configure | 4 ++++
13 1 file changed, 4 insertions(+)
14
15Index: qemu-6.0.0/configure
16===================================================================
17--- qemu-6.0.0.orig/configure
18+++ qemu-6.0.0/configure
19@@ -1565,6 +1565,10 @@ for opt do
20 ;;
21 --disable-gio) gio=no
22 ;;
23+ --enable-libudev) libudev="yes"
24+ ;;
25+ --disable-libudev) libudev="no"
26+ ;;
27 *)
28 echo "ERROR: unknown option $opt"
29 echo "Try '$0 --help' for more information"
diff --git a/meta/recipes-devtools/qemu/qemu/0001-configure-fix-detection-of-gdbus-codegen.patch b/meta/recipes-devtools/qemu/qemu/0001-configure-fix-detection-of-gdbus-codegen.patch
deleted file mode 100644
index 8bffc31293..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-configure-fix-detection-of-gdbus-codegen.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1From 464cfc64201b21386030b8f353fe9724a3413a85 Mon Sep 17 00:00:00 2001
2From: Paolo Bonzini <pbonzini@redhat.com>
3Date: Wed, 5 May 2021 10:15:34 -0400
4Subject: [PATCH] configure: fix detection of gdbus-codegen
5
6"pkg-config --variable=gdbus_codegen gio-2.0" returns "gdbus-codegen",
7and it does not pass test -x (which does not walk the path).
8
9Meson 0.58.0 notices that something is iffy, as the dbus_vmstate1
10assignment in tests/qtest/meson.build uses an empty string as the
11command, and fails very eloquently:
12
13../tests/qtest/meson.build:92:2: ERROR: No program name specified.
14
15Use the "has" function instead of test -x, and fix the generation
16of config-host.mak since meson.build expects that GDBUS_CODEGEN
17is absent, rather than empty, if the tool is unavailable.
18
19Reported-by: Sebastian Mitterle <smitterl@redhat.com>
20Fixes: #178
21Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
22Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5ecfb76ccc056eb6127e44268e475827ae73b9e0]
23(not in 6.0.0, should be kept when upgrading)
24Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
25---
26 configure | 4 +++-
27 1 file changed, 3 insertions(+), 1 deletion(-)
28
29Index: qemu-6.0.0/configure
30===================================================================
31--- qemu-6.0.0.orig/configure
32+++ qemu-6.0.0/configure
33@@ -3366,7 +3366,7 @@ if ! test "$gio" = "no"; then
34 gio_cflags=$($pkg_config --cflags gio-2.0)
35 gio_libs=$($pkg_config --libs gio-2.0)
36 gdbus_codegen=$($pkg_config --variable=gdbus_codegen gio-2.0)
37- if [ ! -x "$gdbus_codegen" ]; then
38+ if ! has "$gdbus_codegen"; then
39 gdbus_codegen=
40 fi
41 # Check that the libraries actually work -- Ubuntu 18.04 ships
42@@ -5704,6 +5704,8 @@ if test "$gio" = "yes" ; then
43 echo "CONFIG_GIO=y" >> $config_host_mak
44 echo "GIO_CFLAGS=$gio_cflags" >> $config_host_mak
45 echo "GIO_LIBS=$gio_libs" >> $config_host_mak
46+fi
47+if test "$gdbus_codegen" != "" ; then
48 echo "GDBUS_CODEGEN=$gdbus_codegen" >> $config_host_mak
49 fi
50 echo "CONFIG_TLS_PRIORITY=\"$tls_priority\"" >> $config_host_mak
diff --git a/meta/recipes-devtools/qemu/qemu/0001-linux-user-Tag-vsx-with-ieee128-fpbits.patch b/meta/recipes-devtools/qemu/qemu/0001-linux-user-Tag-vsx-with-ieee128-fpbits.patch
deleted file mode 100644
index 11b6e3c678..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-linux-user-Tag-vsx-with-ieee128-fpbits.patch
+++ /dev/null
@@ -1,35 +0,0 @@
1From c5844a4cdee37268c9b65a65e6968ee129bb742d Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Mon, 14 Jun 2021 10:27:17 -0700
4Subject: [PATCH] linux-user: Tag vsx with ieee128 fpbits
5
6In OE we need this for ppc64le usermode to work since we generate 128bit
7long doubles and glibc 2.34 is now checking for this in hwcaps at
8runtime and failing to run the binary if machine does not support 128bit
9IEEE fp
10
11Fixes
12Fatal glibc error: CPU lacks float128 support (POWER 9 or later required)
13
14Upstream-Status: Pending
15Signed-off-by: Khem Raj <raj.khem@gmail.com>
16---
17 linux-user/elfload.c | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20diff --git a/linux-user/elfload.c b/linux-user/elfload.c
21index 17ab06f612..e7dd18fd40 100644
22--- a/linux-user/elfload.c
23+++ b/linux-user/elfload.c
24@@ -830,7 +830,7 @@ static uint32_t get_elf_hwcap2(void)
25 PPC2_ISA207S), QEMU_PPC_FEATURE2_ARCH_2_07 |
26 QEMU_PPC_FEATURE2_VEC_CRYPTO);
27 GET_FEATURE2(PPC2_ISA300, QEMU_PPC_FEATURE2_ARCH_3_00 |
28- QEMU_PPC_FEATURE2_DARN);
29+ QEMU_PPC_FEATURE2_DARN | QEMU_PPC_FEATURE2_HAS_IEEE128);
30
31 #undef GET_FEATURE
32 #undef GET_FEATURE2
33--
342.32.0
35
diff --git a/meta/recipes-devtools/qemu/qemu/0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch b/meta/recipes-devtools/qemu/qemu/0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch
deleted file mode 100644
index 981c237292..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-vhost-user-gpu-fix-memory-disclosure-in-virgl_cmd_ge.patch
+++ /dev/null
@@ -1,43 +0,0 @@
1CVE: CVE-2021-3545
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From 121841b25d72d13f8cad554363138c360f1250ea Mon Sep 17 00:00:00 2001
6From: Li Qiang <liq3ea@163.com>
7Date: Sat, 15 May 2021 20:03:56 -0700
8Subject: [PATCH 1/7] vhost-user-gpu: fix memory disclosure in
9 virgl_cmd_get_capset_info (CVE-2021-3545)
10MIME-Version: 1.0
11Content-Type: text/plain; charset=UTF-8
12Content-Transfer-Encoding: 8bit
13
14Otherwise some of the 'resp' will be leaked to guest.
15
16Fixes: CVE-2021-3545
17Reported-by: Li Qiang <liq3ea@163.com>
18virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak
19in getting capset info dispatch")
20
21Signed-off-by: Li Qiang <liq3ea@163.com>
22Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
23Message-Id: <20210516030403.107723-2-liq3ea@163.com>
24Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
25---
26 contrib/vhost-user-gpu/virgl.c | 1 +
27 1 file changed, 1 insertion(+)
28
29diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
30index 9e6660c7ab..6a332d601f 100644
31--- a/contrib/vhost-user-gpu/virgl.c
32+++ b/contrib/vhost-user-gpu/virgl.c
33@@ -128,6 +128,7 @@ virgl_cmd_get_capset_info(VuGpu *g,
34
35 VUGPU_FILL_CMD(info);
36
37+ memset(&resp, 0, sizeof(resp));
38 if (info.capset_index == 0) {
39 resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
40 virgl_renderer_get_cap_set(resp.capset_id,
41--
422.25.1
43
diff --git a/meta/recipes-devtools/qemu/qemu/0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch b/meta/recipes-devtools/qemu/qemu/0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch
deleted file mode 100644
index a9aee47e39..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0002-vhost-user-gpu-fix-resource-leak-in-vg_resource_crea.patch
+++ /dev/null
@@ -1,41 +0,0 @@
1CVE: CVE-2021-3544
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From 86dd8fac2acc366930a5dc08d3fb1b1e816f4e1e Mon Sep 17 00:00:00 2001
6From: Li Qiang <liq3ea@163.com>
7Date: Sat, 15 May 2021 20:03:57 -0700
8Subject: [PATCH 2/7] vhost-user-gpu: fix resource leak in
9 'vg_resource_create_2d' (CVE-2021-3544)
10MIME-Version: 1.0
11Content-Type: text/plain; charset=UTF-8
12Content-Transfer-Encoding: 8bit
13
14Call 'vugbm_buffer_destroy' in error path to avoid resource leak.
15
16Fixes: CVE-2021-3544
17Reported-by: Li Qiang <liq3ea@163.com>
18Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
19Signed-off-by: Li Qiang <liq3ea@163.com>
20Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
21Message-Id: <20210516030403.107723-3-liq3ea@163.com>
22Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
23---
24 contrib/vhost-user-gpu/vhost-user-gpu.c | 1 +
25 1 file changed, 1 insertion(+)
26
27diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c
28index f73f292c9f..b5e153d0d6 100644
29--- a/contrib/vhost-user-gpu/vhost-user-gpu.c
30+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c
31@@ -349,6 +349,7 @@ vg_resource_create_2d(VuGpu *g,
32 g_critical("%s: resource creation failed %d %d %d",
33 __func__, c2d.resource_id, c2d.width, c2d.height);
34 g_free(res);
35+ vugbm_buffer_destroy(&res->buffer);
36 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
37 return;
38 }
39--
402.25.1
41
diff --git a/meta/recipes-devtools/qemu/qemu/0003-vhost-user-gpu-fix-memory-leak-in-vg_resource_attach.patch b/meta/recipes-devtools/qemu/qemu/0003-vhost-user-gpu-fix-memory-leak-in-vg_resource_attach.patch
deleted file mode 100644
index 1718486405..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0003-vhost-user-gpu-fix-memory-leak-in-vg_resource_attach.patch
+++ /dev/null
@@ -1,48 +0,0 @@
1CVE: CVE-2021-3544
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From b9f79858a614d95f5de875d0ca31096eaab72c3b Mon Sep 17 00:00:00 2001
6From: Li Qiang <liq3ea@163.com>
7Date: Sat, 15 May 2021 20:03:58 -0700
8Subject: [PATCH 3/7] vhost-user-gpu: fix memory leak in
9 vg_resource_attach_backing (CVE-2021-3544)
10MIME-Version: 1.0
11Content-Type: text/plain; charset=UTF-8
12Content-Transfer-Encoding: 8bit
13
14Check whether the 'res' has already been attach_backing to avoid
15memory leak.
16
17Fixes: CVE-2021-3544
18Reported-by: Li Qiang <liq3ea@163.com>
19virtio-gpu fix: 204f01b309 ("virtio-gpu: fix memory leak
20in resource attach backing")
21
22Signed-off-by: Li Qiang <liq3ea@163.com>
23Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
24Message-Id: <20210516030403.107723-4-liq3ea@163.com>
25Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
26---
27 contrib/vhost-user-gpu/vhost-user-gpu.c | 5 +++++
28 1 file changed, 5 insertions(+)
29
30diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c
31index b5e153d0d6..0437e52b64 100644
32--- a/contrib/vhost-user-gpu/vhost-user-gpu.c
33+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c
34@@ -489,6 +489,11 @@ vg_resource_attach_backing(VuGpu *g,
35 return;
36 }
37
38+ if (res->iov) {
39+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
40+ return;
41+ }
42+
43 ret = vg_create_mapping_iov(g, &ab, cmd, &res->iov);
44 if (ret != 0) {
45 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
46--
472.25.1
48
diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
deleted file mode 100644
index 330bcaef0a..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
+++ /dev/null
@@ -1,34 +0,0 @@
1From 4127296bb1046cdf73994ba69dc913d8c02fd74f Mon Sep 17 00:00:00 2001
2From: Ross Burton <ross.burton@intel.com>
3Date: Tue, 20 Oct 2015 22:19:08 +0100
4Subject: [PATCH] qemu: disable Valgrind
5
6There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds.
7
8Upstream-Status: Inappropriate
9Signed-off-by: Ross Burton <ross.burton@intel.com>
10
11---
12 configure | 9 ---------
13 1 file changed, 9 deletions(-)
14
15Index: qemu-6.0.0/configure
16===================================================================
17--- qemu-6.0.0.orig/configure
18+++ qemu-6.0.0/configure
19@@ -4648,15 +4648,6 @@ fi
20 # check if we have valgrind/valgrind.h
21
22 valgrind_h=no
23-cat > $TMPC << EOF
24-#include <valgrind/valgrind.h>
25-int main(void) {
26- return 0;
27-}
28-EOF
29-if compile_prog "" "" ; then
30- valgrind_h=yes
31-fi
32
33 ########################################
34 # check if environ is declared
diff --git a/meta/recipes-devtools/qemu/qemu/0004-vhost-user-gpu-fix-memory-leak-while-calling-vg_reso.patch b/meta/recipes-devtools/qemu/qemu/0004-vhost-user-gpu-fix-memory-leak-while-calling-vg_reso.patch
deleted file mode 100644
index 9fc2fafe1d..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0004-vhost-user-gpu-fix-memory-leak-while-calling-vg_reso.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1CVE: CVE-2021-3544
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e Mon Sep 17 00:00:00 2001
6From: Li Qiang <liq3ea@163.com>
7Date: Sat, 15 May 2021 20:03:59 -0700
8Subject: [PATCH 4/7] vhost-user-gpu: fix memory leak while calling
9 'vg_resource_unref' (CVE-2021-3544)
10MIME-Version: 1.0
11Content-Type: text/plain; charset=UTF-8
12Content-Transfer-Encoding: 8bit
13
14If the guest trigger following sequences, the attach_backing will be leaked:
15
16 vg_resource_create_2d
17 vg_resource_attach_backing
18 vg_resource_unref
19
20This patch fix this by freeing 'res->iov' in vg_resource_destroy.
21
22Fixes: CVE-2021-3544
23Reported-by: Li Qiang <liq3ea@163.com>
24virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak
25in virgl_cmd_resource_unref")
26
27Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
28Signed-off-by: Li Qiang <liq3ea@163.com>
29Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
30Message-Id: <20210516030403.107723-5-liq3ea@163.com>
31Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
32---
33 contrib/vhost-user-gpu/vhost-user-gpu.c | 1 +
34 1 file changed, 1 insertion(+)
35
36diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c
37index 0437e52b64..770dfad529 100644
38--- a/contrib/vhost-user-gpu/vhost-user-gpu.c
39+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c
40@@ -400,6 +400,7 @@ vg_resource_destroy(VuGpu *g,
41 }
42
43 vugbm_buffer_destroy(&res->buffer);
44+ g_free(res->iov);
45 pixman_image_unref(res->image);
46 QTAILQ_REMOVE(&g->reslist, res, next);
47 g_free(res);
48--
492.25.1
50
diff --git a/meta/recipes-devtools/qemu/qemu/0005-vhost-user-gpu-fix-memory-leak-in-virgl_cmd_resource.patch b/meta/recipes-devtools/qemu/qemu/0005-vhost-user-gpu-fix-memory-leak-in-virgl_cmd_resource.patch
deleted file mode 100644
index e70f3c02c2..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0005-vhost-user-gpu-fix-memory-leak-in-virgl_cmd_resource.patch
+++ /dev/null
@@ -1,58 +0,0 @@
1CVE: CVE-2021-3544
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From f6091d86ba9ea05f4e111b9b42ee0005c37a6779 Mon Sep 17 00:00:00 2001
6From: Li Qiang <liq3ea@163.com>
7Date: Sat, 15 May 2021 20:04:00 -0700
8Subject: [PATCH 5/7] vhost-user-gpu: fix memory leak in
9 'virgl_cmd_resource_unref' (CVE-2021-3544)
10MIME-Version: 1.0
11Content-Type: text/plain; charset=UTF-8
12Content-Transfer-Encoding: 8bit
13
14The 'res->iov' will be leaked if the guest trigger following sequences:
15
16 virgl_cmd_create_resource_2d
17 virgl_resource_attach_backing
18 virgl_cmd_resource_unref
19
20This patch fixes this.
21
22Fixes: CVE-2021-3544
23Reported-by: Li Qiang <liq3ea@163.com>
24virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak
25in virgl_cmd_resource_unref"
26
27Signed-off-by: Li Qiang <liq3ea@163.com>
28Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
29Message-Id: <20210516030403.107723-6-liq3ea@163.com>
30Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
31---
32 contrib/vhost-user-gpu/virgl.c | 7 +++++++
33 1 file changed, 7 insertions(+)
34
35diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
36index 6a332d601f..c669d73a1d 100644
37--- a/contrib/vhost-user-gpu/virgl.c
38+++ b/contrib/vhost-user-gpu/virgl.c
39@@ -108,9 +108,16 @@ virgl_cmd_resource_unref(VuGpu *g,
40 struct virtio_gpu_ctrl_command *cmd)
41 {
42 struct virtio_gpu_resource_unref unref;
43+ struct iovec *res_iovs = NULL;
44+ int num_iovs = 0;
45
46 VUGPU_FILL_CMD(unref);
47
48+ virgl_renderer_resource_detach_iov(unref.resource_id,
49+ &res_iovs,
50+ &num_iovs);
51+ g_free(res_iovs);
52+
53 virgl_renderer_resource_unref(unref.resource_id);
54 }
55
56--
572.25.1
58
diff --git a/meta/recipes-devtools/qemu/qemu/0006-vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch b/meta/recipes-devtools/qemu/qemu/0006-vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch
deleted file mode 100644
index 5efb87ca33..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0006-vhost-user-gpu-fix-memory-leak-in-virgl_resource_att.patch
+++ /dev/null
@@ -1,49 +0,0 @@
1CVE: CVE-2021-3544
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From 63736af5a6571d9def93769431e0d7e38c6677bf Mon Sep 17 00:00:00 2001
6From: Li Qiang <liq3ea@163.com>
7Date: Sat, 15 May 2021 20:04:01 -0700
8Subject: [PATCH 6/7] vhost-user-gpu: fix memory leak in
9 'virgl_resource_attach_backing' (CVE-2021-3544)
10MIME-Version: 1.0
11Content-Type: text/plain; charset=UTF-8
12Content-Transfer-Encoding: 8bit
13
14If 'virgl_renderer_resource_attach_iov' failed, the 'res_iovs' will
15be leaked.
16
17Fixes: CVE-2021-3544
18Reported-by: Li Qiang <liq3ea@163.com>
19virtio-gpu fix: 33243031da ("virtio-gpu-3d: fix memory leak
20in resource attach backing")
21
22Signed-off-by: Li Qiang <liq3ea@163.com>
23Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
24Message-Id: <20210516030403.107723-7-liq3ea@163.com>
25Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
26---
27 contrib/vhost-user-gpu/virgl.c | 5 ++++-
28 1 file changed, 4 insertions(+), 1 deletion(-)
29
30diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
31index c669d73a1d..a16a311d80 100644
32--- a/contrib/vhost-user-gpu/virgl.c
33+++ b/contrib/vhost-user-gpu/virgl.c
34@@ -287,8 +287,11 @@ virgl_resource_attach_backing(VuGpu *g,
35 return;
36 }
37
38- virgl_renderer_resource_attach_iov(att_rb.resource_id,
39+ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
40 res_iovs, att_rb.nr_entries);
41+ if (ret != 0) {
42+ g_free(res_iovs);
43+ }
44 }
45
46 static void
47--
482.25.1
49
diff --git a/meta/recipes-devtools/qemu/qemu/0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch b/meta/recipes-devtools/qemu/qemu/0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch
deleted file mode 100644
index 33e6a66193..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0007-vhost-user-gpu-fix-OOB-write-in-virgl_cmd_get_capset.patch
+++ /dev/null
@@ -1,49 +0,0 @@
1CVE: CVE-2021-3546
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From 9f22893adcb02580aee5968f32baa2cd109b3ec2 Mon Sep 17 00:00:00 2001
6From: Li Qiang <liq3ea@163.com>
7Date: Sat, 15 May 2021 20:04:02 -0700
8Subject: [PATCH 7/7] vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset'
9 (CVE-2021-3546)
10MIME-Version: 1.0
11Content-Type: text/plain; charset=UTF-8
12Content-Transfer-Encoding: 8bit
13
14If 'virgl_cmd_get_capset' set 'max_size' to 0,
15the 'virgl_renderer_fill_caps' will write the data after the 'resp'.
16This patch avoid this by checking the returned 'max_size'.
17
18virtio-gpu fix: abd7f08b23 ("display: virtio-gpu-3d: check
19virgl capabilities max_size")
20
21Fixes: CVE-2021-3546
22Reported-by: Li Qiang <liq3ea@163.com>
23Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
24Signed-off-by: Li Qiang <liq3ea@163.com>
25Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
26Message-Id: <20210516030403.107723-8-liq3ea@163.com>
27Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
28---
29 contrib/vhost-user-gpu/virgl.c | 4 ++++
30 1 file changed, 4 insertions(+)
31
32diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
33index a16a311d80..7172104b19 100644
34--- a/contrib/vhost-user-gpu/virgl.c
35+++ b/contrib/vhost-user-gpu/virgl.c
36@@ -177,6 +177,10 @@ virgl_cmd_get_capset(VuGpu *g,
37
38 virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
39 &max_size);
40+ if (!max_size) {
41+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
42+ return;
43+ }
44 resp = g_malloc0(sizeof(*resp) + max_size);
45
46 resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
47--
482.25.1
49
diff --git a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
index cc6a5fe754..4298964dfa 100644
--- a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
+++ b/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
@@ -1,4 +1,4 @@
1From c207607cdf3996ad9783c3bffbcd3d65e74c0158 Mon Sep 17 00:00:00 2001 1From b51e6dd833172954c718bd600d846540eeb07220 Mon Sep 17 00:00:00 2001
2From: He Zhe <zhe.he@windriver.com> 2From: He Zhe <zhe.he@windriver.com>
3Date: Wed, 28 Aug 2019 19:56:28 +0800 3Date: Wed, 28 Aug 2019 19:56:28 +0800
4Subject: [PATCH] configure: Add pkg-config handling for libgcrypt 4Subject: [PATCH] configure: Add pkg-config handling for libgcrypt
@@ -11,74 +11,19 @@ Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-0
11Signed-off-by: He Zhe <zhe.he@windriver.com> 11Signed-off-by: He Zhe <zhe.he@windriver.com>
12 12
13--- 13---
14 configure | 48 ++++++++++++++++++++++++++++++++++++++++-------- 14 meson.build | 2 +-
15 1 file changed, 40 insertions(+), 8 deletions(-) 15 1 file changed, 1 insertion(+), 1 deletion(-)
16 16
17Index: qemu-6.0.0/configure 17diff --git a/meson.build b/meson.build
18=================================================================== 18index b3e7ec0e9..4cbe715b7 100644
19--- qemu-6.0.0.orig/configure 19--- a/meson.build
20+++ qemu-6.0.0/configure 20+++ b/meson.build
21@@ -2847,6 +2847,30 @@ has_libgcrypt() { 21@@ -874,7 +874,7 @@ endif
22 return 0 22 if not gnutls_crypto.found()
23 } 23 if (not get_option('gcrypt').auto() or have_system) and not get_option('nettle').enabled()
24 24 gcrypt = dependency('libgcrypt', version: '>=1.8',
25+has_libgcrypt_pkgconfig() { 25- method: 'config-tool',
26+ if ! has $pkg_config ; then 26+ method: 'pkg-config',
27+ return 1 27 required: get_option('gcrypt'),
28+ fi 28 kwargs: static_kwargs)
29+ 29 # Debian has removed -lgpg-error from libgcrypt-config
30+ if ! $pkg_config --list-all | grep libgcrypt > /dev/null 2>&1 ; then
31+ return 1
32+ fi
33+
34+ if test -n "$cross_prefix" ; then
35+ host=$($pkg_config --variable=host libgcrypt)
36+ if test "${host%-gnu}-" != "${cross_prefix%-gnu}" ; then
37+ print_error "host($host) does not match cross_prefix($cross_prefix)"
38+ return 1
39+ fi
40+ fi
41+
42+ if ! $pkg_config --atleast-version=1.5.0 libgcrypt ; then
43+ print_error "libgcrypt version is $($pkg_config --modversion libgcrypt)"
44+ return 1
45+ fi
46+
47+ return 0
48+}
49
50 if test "$nettle" != "no"; then
51 pass="no"
52@@ -2885,7 +2909,14 @@ fi
53
54 if test "$gcrypt" != "no"; then
55 pass="no"
56- if has_libgcrypt; then
57+ if has_libgcrypt_pkgconfig; then
58+ gcrypt_cflags=$($pkg_config --cflags libgcrypt)
59+ if test "$static" = "yes" ; then
60+ gcrypt_libs=$($pkg_config --libs --static libgcrypt)
61+ else
62+ gcrypt_libs=$($pkg_config --libs libgcrypt)
63+ fi
64+ elif has_libgcrypt; then
65 gcrypt_cflags=$(libgcrypt-config --cflags)
66 gcrypt_libs=$(libgcrypt-config --libs)
67 # Debian has removed -lgpg-error from libgcrypt-config
68@@ -2895,12 +2926,12 @@ if test "$gcrypt" != "no"; then
69 then
70 gcrypt_libs="$gcrypt_libs -lgpg-error"
71 fi
72+ fi
73
74- # Link test to make sure the given libraries work (e.g for static).
75- write_c_skeleton
76- if compile_prog "" "$gcrypt_libs" ; then
77+ # Link test to make sure the given libraries work (e.g for static).
78+ write_c_skeleton
79+ if compile_prog "" "$gcrypt_libs" ; then
80 pass="yes"
81- fi
82 fi
83 if test "$pass" = "yes"; then
84 gcrypt="yes"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch
deleted file mode 100644
index 77a5385692..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch
+++ /dev/null
@@ -1,42 +0,0 @@
1From 05a40b172e4d691371534828078be47e7fff524c Mon Sep 17 00:00:00 2001
2From: Gerd Hoffmann <kraxel@redhat.com>
3Date: Mon, 3 May 2021 15:29:15 +0200
4Subject: [PATCH] usb: limit combined packets to 1 MiB (CVE-2021-3527)
5
6usb-host and usb-redirect try to batch bulk transfers by combining many
7small usb packets into a single, large transfer request, to reduce the
8overhead and improve performance.
9
10This patch adds a size limit of 1 MiB for those combined packets to
11restrict the host resources the guest can bind that way.
12
13Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
14Message-Id: <20210503132915.2335822-6-kraxel@redhat.com>
15
16Upstream-Status: Backport
17https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c
18CVE: CVE-2021-3527
19Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
20
21---
22 hw/usb/combined-packet.c | 4 +++-
23 1 file changed, 3 insertions(+), 1 deletion(-)
24
25diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c
26index 5d57e883dc..e56802f89a 100644
27--- a/hw/usb/combined-packet.c
28+++ b/hw/usb/combined-packet.c
29@@ -171,7 +171,9 @@ void usb_ep_combine_input_packets(USBEndpoint *ep)
30 if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok ||
31 next == NULL ||
32 /* Work around for Linux usbfs bulk splitting + migration */
33- (totalsize == (16 * KiB - 36) && p->int_req)) {
34+ (totalsize == (16 * KiB - 36) && p->int_req) ||
35+ /* Next package may grow combined package over 1MiB */
36+ totalsize > 1 * MiB - ep->max_packet_size) {
37 usb_device_handle_data(ep->dev, first);
38 assert(first->status == USB_RET_ASYNC);
39 if (first->combined) {
40--
41GitLab
42
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch
deleted file mode 100644
index 6371aced12..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch
+++ /dev/null
@@ -1,59 +0,0 @@
1From 7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 Mon Sep 17 00:00:00 2001
2From: Gerd Hoffmann <kraxel@redhat.com>
3Date: Mon, 3 May 2021 15:29:12 +0200
4Subject: [PATCH] usb/redir: avoid dynamic stack allocation (CVE-2021-3527)
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Use autofree heap allocation instead.
10
11Fixes: 4f4321c11ff ("usb: use iovecs in USBPacket")
12Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
13Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
14Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
15Message-Id: <20210503132915.2335822-3-kraxel@redhat.com>
16
17Upstream-Status: Backport
18https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
19CVE: CVE-2021-3527
20Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
21
22---
23 hw/usb/redirect.c | 6 +++---
24 1 file changed, 3 insertions(+), 3 deletions(-)
25
26diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
27index 17f06f3417..6a75b0dc4a 100644
28--- a/hw/usb/redirect.c
29+++ b/hw/usb/redirect.c
30@@ -620,7 +620,7 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p,
31 .endpoint = ep,
32 .length = p->iov.size
33 };
34- uint8_t buf[p->iov.size];
35+ g_autofree uint8_t *buf = g_malloc(p->iov.size);
36 /* No id, we look at the ep when receiving a status back */
37 usb_packet_copy(p, buf, p->iov.size);
38 usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet,
39@@ -818,7 +818,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p,
40 usbredirparser_send_bulk_packet(dev->parser, p->id,
41 &bulk_packet, NULL, 0);
42 } else {
43- uint8_t buf[size];
44+ g_autofree uint8_t *buf = g_malloc(size);
45 usb_packet_copy(p, buf, size);
46 usbredir_log_data(dev, "bulk data out:", buf, size);
47 usbredirparser_send_bulk_packet(dev->parser, p->id,
48@@ -923,7 +923,7 @@ static void usbredir_handle_interrupt_out_data(USBRedirDevice *dev,
49 USBPacket *p, uint8_t ep)
50 {
51 struct usb_redir_interrupt_packet_header interrupt_packet;
52- uint8_t buf[p->iov.size];
53+ g_autofree uint8_t *buf = g_malloc(p->iov.size);
54
55 DPRINTF("interrupt-out ep %02X len %zd id %"PRIu64"\n", ep,
56 p->iov.size, p->id);
57--
58GitLab
59
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch
deleted file mode 100644
index 50a49233d3..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3682.patch
+++ /dev/null
@@ -1,41 +0,0 @@
1From 5e796671e6b8d5de4b0b423dce1b3eba144a92c9 Mon Sep 17 00:00:00 2001
2From: Gerd Hoffmann <kraxel@redhat.com>
3Date: Thu, 22 Jul 2021 09:27:56 +0200
4Subject: [PATCH] usbredir: fix free call
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9data might point into the middle of a larger buffer, there is a separate
10free_on_destroy pointer passed into bufp_alloc() to handle that. It is
11only used in the normal workflow though, not when dropping packets due
12to the queue being full. Fix that.
13
14Resolves: https://gitlab.com/qemu-project/qemu/-/issues/491
15Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
16Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
17Message-Id: <20210722072756.647673-1-kraxel@redhat.com>
18
19CVE: CVE-2021-3682
20Upstream-Status: Backport [5e796671e6b8d5de4b0b423dce1b3eba144a92c9]
21Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
22---
23 hw/usb/redirect.c | 2 +-
24 1 file changed, 1 insertion(+), 1 deletion(-)
25
26diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
27index 4ec9326e05..1ec909a63a 100644
28--- a/hw/usb/redirect.c
29+++ b/hw/usb/redirect.c
30@@ -476,7 +476,7 @@ static int bufp_alloc(USBRedirDevice *dev, uint8_t *data, uint16_t len,
31 if (dev->endpoint[EP2I(ep)].bufpq_dropping_packets) {
32 if (dev->endpoint[EP2I(ep)].bufpq_size >
33 dev->endpoint[EP2I(ep)].bufpq_target_size) {
34- free(data);
35+ free(free_on_destroy);
36 return -1;
37 }
38 dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;
39--
402.25.1
41
diff --git a/meta/recipes-devtools/qemu/qemu/cross.patch b/meta/recipes-devtools/qemu/qemu/cross.patch
index a0fc39e5e2..bdb77ec7d0 100644
--- a/meta/recipes-devtools/qemu/qemu/cross.patch
+++ b/meta/recipes-devtools/qemu/qemu/cross.patch
@@ -1,30 +1,40 @@
1From f51ece86f84c877f255746cba22a6745f37d2b7f Mon Sep 17 00:00:00 2001
2From: Richard Purdie <richard.purdie@linuxfoundation.org>
3Date: Tue, 5 Jan 2021 23:00:14 +0000
4Subject: [PATCH] qemu: Upgrade 5.1.0->5.2.0
5
1We need to be able to trigger configure's cross code but we don't want 6We need to be able to trigger configure's cross code but we don't want
2to set cross_prefix as it does other things we don't want. Patch things 7to set cross_prefix as it does other things we don't want. Patch things
3so we can do what we need in the target config case. 8so we can do what we need in the target config case.
4 9
5Upstream-Status: Inappropriate [may be rewritten in a way upstream may accept?] 10Upstream-Status: Inappropriate [may be rewritten in a way upstream may accept?]
6Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 11Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
12---
13 configure | 4 ----
14 1 file changed, 4 deletions(-)
7 15
8 16diff --git a/configure b/configure
9Index: qemu-6.0.0/configure 17index 9a79a004d..563b7827f 100755
10=================================================================== 18--- a/configure
11--- qemu-6.0.0.orig/configure 19+++ b/configure
12+++ qemu-6.0.0/configure 20@@ -5128,7 +5128,6 @@ if test "$skip_meson" = no; then
13@@ -6371,7 +6371,6 @@ if has $sdl2_config; then 21 fi
14 fi 22 echo "strip = [$(meson_quote $strip)]" >> $cross
15 echo "strip = [$(meson_quote $strip)]" >> $cross 23 echo "windres = [$(meson_quote $windres)]" >> $cross
16 echo "windres = [$(meson_quote $windres)]" >> $cross 24- if test "$cross_compile" = "yes"; then
17-if test "$cross_compile" = "yes"; then
18 cross_arg="--cross-file config-meson.cross" 25 cross_arg="--cross-file config-meson.cross"
19 echo "[host_machine]" >> $cross 26 echo "[host_machine]" >> $cross
20 if test "$mingw32" = "yes" ; then 27 if test "$mingw32" = "yes" ; then
21@@ -6403,9 +6402,6 @@ if test "$cross_compile" = "yes"; then 28@@ -5160,9 +5159,6 @@ if test "$skip_meson" = no; then
22 else 29 else
23 echo "endian = 'little'" >> $cross 30 echo "endian = 'little'" >> $cross
24 fi 31 fi
25-else 32- else
26- cross_arg="--native-file config-meson.cross" 33- cross_arg="--native-file config-meson.cross"
27-fi 34- fi
28 mv $cross config-meson.cross 35 mv $cross config-meson.cross
29 36
30 rm -rf meson-private meson-info meson-logs 37 rm -rf meson-private meson-info meson-logs
38--
392.17.1
40
diff --git a/meta/recipes-devtools/qemu/qemu_6.0.0.bb b/meta/recipes-devtools/qemu/qemu_6.1.0.bb
index f8a816b12b..f8a816b12b 100644
--- a/meta/recipes-devtools/qemu/qemu_6.0.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_6.1.0.bb