diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-05 23:00:14 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-09 09:09:49 +0000 |
commit | 0d298198e57753213391788a8a9204d99648636b (patch) | |
tree | 043c08668b5e30472f230bf41b7837382d3636ac /meta/recipes-devtools | |
parent | 10c69538c0cb8708c7eff9e8dc05ca7c669cb61c (diff) | |
download | poky-0d298198e57753213391788a8a9204d99648636b.tar.gz |
qemu: Upgrade 5.1.0->5.2.0
This involves some pretty major changes for qemu. In particular, they
switched to meson+ninja so we have to adapt to that.
Patch changes:
* CVE patches - dropped as backports
* cflags fix - upstream code changed significantly, need new patch if still issues
* mips TLB entries - dropped as merged upstream
* usb fix - dropped as merged upstream
* find_datadir - dropped as code no longer present that I could find
A patch was added to allow us to force the configure script into "cross" mode
without setting cross_prefix which has other effects we don't need/want.
Dependencies on meson/ninja were added.
Specifying the python interpreter causes the internal meson copy to be
built/used which is undesireable for us so don't do that. The correct
python is in PATH anyway.
Acked-by: Alistair Francis <alistair.francis@wdc.com>
(From OE-Core rev: 181c635567aafb9b4787d8d6d0bcd4a615ceae80)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
25 files changed, 126 insertions, 638 deletions
diff --git a/meta/recipes-devtools/qemu/qemu-native_5.1.0.bb b/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb index c8acff8e19..c8acff8e19 100644 --- a/meta/recipes-devtools/qemu/qemu-native_5.1.0.bb +++ b/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb | |||
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb index 222b55cbc6..222b55cbc6 100644 --- a/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb +++ b/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb | |||
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 4864d7e93c..23d0adb901 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc | |||
@@ -21,7 +21,6 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | |||
21 | file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \ | 21 | file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \ |
22 | file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ | 22 | file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ |
23 | file://0004-qemu-disable-Valgrind.patch \ | 23 | file://0004-qemu-disable-Valgrind.patch \ |
24 | file://0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \ | ||
25 | file://0006-chardev-connect-socket-to-a-spawned-command.patch \ | 24 | file://0006-chardev-connect-socket-to-a-spawned-command.patch \ |
26 | file://0007-apic-fixup-fallthrough-to-PIC.patch \ | 25 | file://0007-apic-fixup-fallthrough-to-PIC.patch \ |
27 | file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ | 26 | file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ |
@@ -29,18 +28,13 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | |||
29 | file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ | 28 | file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ |
30 | file://0001-Add-enable-disable-udev.patch \ | 29 | file://0001-Add-enable-disable-udev.patch \ |
31 | file://0001-qemu-Do-not-include-file-if-not-exists.patch \ | 30 | file://0001-qemu-Do-not-include-file-if-not-exists.patch \ |
32 | file://find_datadir.patch \ | ||
33 | file://usb-fix-setup_len-init.patch \ | ||
34 | file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \ | ||
35 | file://CVE-2020-24352.patch \ | ||
36 | file://CVE-2020-29129-CVE-2020-29130.patch \ | ||
37 | file://CVE-2020-25624.patch \ | ||
38 | file://CVE-2020-25723.patch \ | ||
39 | file://CVE-2020-28916.patch \ | ||
40 | " | 31 | " |
41 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" | 32 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" |
42 | 33 | ||
43 | SRC_URI[sha256sum] = "c9174eb5933d9eb5e61f541cd6d1184cd3118dfe4c5c4955bc1bdc4d390fa4e5" | 34 | SRC_URI[sha256sum] = "cb18d889b628fbe637672b0326789d9b0e3b8027e0445b936537c78549df17bc" |
35 | |||
36 | SRC_URI_append_class-target = " file://cross.patch" | ||
37 | SRC_URI_append_class-nativesdk = " file://cross.patch" | ||
44 | 38 | ||
45 | COMPATIBLE_HOST_mipsarchn32 = "null" | 39 | COMPATIBLE_HOST_mipsarchn32 = "null" |
46 | COMPATIBLE_HOST_mipsarchn64 = "null" | 40 | COMPATIBLE_HOST_mipsarchn64 = "null" |
@@ -85,13 +79,14 @@ EXTRA_OECONF = " \ | |||
85 | --sysconfdir=${sysconfdir} \ | 79 | --sysconfdir=${sysconfdir} \ |
86 | --libexecdir=${libexecdir} \ | 80 | --libexecdir=${libexecdir} \ |
87 | --localstatedir=${localstatedir} \ | 81 | --localstatedir=${localstatedir} \ |
88 | --with-confsuffix=/${BPN} \ | 82 | --with-suffix=${BPN} \ |
89 | --disable-strip \ | 83 | --disable-strip \ |
90 | --disable-werror \ | 84 | --disable-werror \ |
91 | --extra-cflags='${CFLAGS}' \ | 85 | --extra-cflags='${CFLAGS}' \ |
92 | --extra-ldflags='${LDFLAGS}' \ | 86 | --extra-ldflags='${LDFLAGS}' \ |
93 | --with-git=/bin/false \ | 87 | --with-git=/bin/false \ |
94 | --disable-git-update \ | 88 | --disable-git-update \ |
89 | --meson=meson \ | ||
95 | ${PACKAGECONFIG_CONFARGS} \ | 90 | ${PACKAGECONFIG_CONFARGS} \ |
96 | " | 91 | " |
97 | 92 | ||
@@ -99,7 +94,7 @@ export LIBTOOL="${HOST_SYS}-libtool" | |||
99 | 94 | ||
100 | B = "${WORKDIR}/build" | 95 | B = "${WORKDIR}/build" |
101 | 96 | ||
102 | EXTRA_OECONF_append = " --python=${HOSTTOOLS_DIR}/python3" | 97 | #EXTRA_OECONF_append = " --python=${HOSTTOOLS_DIR}/python3" |
103 | 98 | ||
104 | do_configure_prepend_class-native() { | 99 | do_configure_prepend_class-native() { |
105 | # Append build host pkg-config paths for native target since the host may provide sdl | 100 | # Append build host pkg-config paths for native target since the host may provide sdl |
diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch index 1304ee3bfd..c99adee8a9 100644 --- a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch +++ b/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch | |||
@@ -12,11 +12,11 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | |||
12 | configure | 4 ++++ | 12 | configure | 4 ++++ |
13 | 1 file changed, 4 insertions(+) | 13 | 1 file changed, 4 insertions(+) |
14 | 14 | ||
15 | Index: qemu-5.1.0/configure | 15 | Index: qemu-5.2.0/configure |
16 | =================================================================== | 16 | =================================================================== |
17 | --- qemu-5.1.0.orig/configure | 17 | --- qemu-5.2.0.orig/configure |
18 | +++ qemu-5.1.0/configure | 18 | +++ qemu-5.2.0/configure |
19 | @@ -1640,6 +1640,10 @@ for opt do | 19 | @@ -1525,6 +1525,10 @@ for opt do |
20 | ;; | 20 | ;; |
21 | --disable-libdaxctl) libdaxctl=no | 21 | --disable-libdaxctl) libdaxctl=no |
22 | ;; | 22 | ;; |
diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch index 46c9da08a5..8ce12bdb43 100644 --- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch +++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch | |||
@@ -20,11 +20,11 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | |||
20 | hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++- | 20 | hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++- |
21 | 1 file changed, 93 insertions(+), 1 deletion(-) | 21 | 1 file changed, 93 insertions(+), 1 deletion(-) |
22 | 22 | ||
23 | Index: qemu-5.1.0/hw/usb/dev-wacom.c | 23 | Index: qemu-5.2.0/hw/usb/dev-wacom.c |
24 | =================================================================== | 24 | =================================================================== |
25 | --- qemu-5.1.0.orig/hw/usb/dev-wacom.c | 25 | --- qemu-5.2.0.orig/hw/usb/dev-wacom.c |
26 | +++ qemu-5.1.0/hw/usb/dev-wacom.c | 26 | +++ qemu-5.2.0/hw/usb/dev-wacom.c |
27 | @@ -74,6 +74,89 @@ static const USBDescStrings desc_strings | 27 | @@ -69,6 +69,89 @@ static const USBDescStrings desc_strings |
28 | [STR_SERIALNUMBER] = "1", | 28 | [STR_SERIALNUMBER] = "1", |
29 | }; | 29 | }; |
30 | 30 | ||
@@ -114,16 +114,16 @@ Index: qemu-5.1.0/hw/usb/dev-wacom.c | |||
114 | static const USBDescIface desc_iface_wacom = { | 114 | static const USBDescIface desc_iface_wacom = { |
115 | .bInterfaceNumber = 0, | 115 | .bInterfaceNumber = 0, |
116 | .bNumEndpoints = 1, | 116 | .bNumEndpoints = 1, |
117 | @@ -91,7 +174,7 @@ static const USBDescIface desc_iface_wac | 117 | @@ -86,7 +169,7 @@ static const USBDescIface desc_iface_wac |
118 | 0x00, /* u8 country_code */ | 118 | 0x00, /* u8 country_code */ |
119 | 0x01, /* u8 num_descriptors */ | 119 | 0x01, /* u8 num_descriptors */ |
120 | 0x22, /* u8 type: Report */ | 120 | USB_DT_REPORT, /* u8 type: Report */ |
121 | - 0x6e, 0, /* u16 len */ | 121 | - 0x6e, 0, /* u16 len */ |
122 | + sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ | 122 | + sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ |
123 | }, | 123 | }, |
124 | }, | 124 | }, |
125 | }, | 125 | }, |
126 | @@ -271,6 +354,15 @@ static void usb_wacom_handle_control(USB | 126 | @@ -266,6 +349,15 @@ static void usb_wacom_handle_control(USB |
127 | } | 127 | } |
128 | 128 | ||
129 | switch (request) { | 129 | switch (request) { |
diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch index d6c0f9ebe9..3fe9aa6eb5 100644 --- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch +++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch | |||
@@ -15,10 +15,10 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | |||
15 | linux-user/syscall.c | 2 ++ | 15 | linux-user/syscall.c | 2 ++ |
16 | 1 file changed, 2 insertions(+) | 16 | 1 file changed, 2 insertions(+) |
17 | 17 | ||
18 | Index: qemu-5.1.0/linux-user/syscall.c | 18 | Index: qemu-5.2.0/linux-user/syscall.c |
19 | =================================================================== | 19 | =================================================================== |
20 | --- qemu-5.1.0.orig/linux-user/syscall.c | 20 | --- qemu-5.2.0.orig/linux-user/syscall.c |
21 | +++ qemu-5.1.0/linux-user/syscall.c | 21 | +++ qemu-5.2.0/linux-user/syscall.c |
22 | @@ -109,7 +109,9 @@ | 22 | @@ -109,7 +109,9 @@ |
23 | #include <linux/blkpg.h> | 23 | #include <linux/blkpg.h> |
24 | #include <netpacket/packet.h> | 24 | #include <netpacket/packet.h> |
@@ -28,4 +28,4 @@ Index: qemu-5.1.0/linux-user/syscall.c | |||
28 | +#endif | 28 | +#endif |
29 | #include <linux/rtc.h> | 29 | #include <linux/rtc.h> |
30 | #include <sound/asound.h> | 30 | #include <sound/asound.h> |
31 | #ifdef HAVE_DRM_H | 31 | #ifdef CONFIG_BTRFS |
diff --git a/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch b/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch deleted file mode 100644 index 5227b7cbd2..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch +++ /dev/null | |||
@@ -1,59 +0,0 @@ | |||
1 | From 68fa519a6cb455005317bd61f95214b58b2f1e69 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org> | ||
3 | Date: Fri, 16 Oct 2020 15:20:37 +0200 | ||
4 | Subject: [PATCH] target/mips: Increase number of TLB entries on the 34Kf core | ||
5 | (16 -> 64) | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | Per "MIPS32 34K Processor Core Family Software User's Manual, | ||
11 | Revision 01.13" page 8 in "Joint TLB (JTLB)" section: | ||
12 | |||
13 | "The JTLB is a fully associative TLB cache containing 16, 32, | ||
14 | or 64-dual-entries mapping up to 128 virtual pages to their | ||
15 | corresponding physical addresses." | ||
16 | |||
17 | There is no particular reason to restrict the 34Kf core model to | ||
18 | 16 TLB entries, so raise its config to 64. | ||
19 | |||
20 | This is helpful for other projects, in particular the Yocto Project: | ||
21 | |||
22 | Yocto Project uses qemu-system-mips 34Kf cpu model, to run 32bit | ||
23 | MIPS CI loop. It was observed that in this case CI test execution | ||
24 | time was almost twice longer than 64bit MIPS variant that runs | ||
25 | under MIPS64R2-generic model. It was investigated and concluded | ||
26 | that the difference in number of TLBs 16 in 34Kf case vs 64 in | ||
27 | MIPS64R2-generic is responsible for most of CI real time execution | ||
28 | difference. Because with 16 TLBs linux user-land trashes TLB more | ||
29 | and it needs to execute more instructions in TLB refill handler | ||
30 | calls, as result it runs much longer. | ||
31 | |||
32 | (https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03428.html) | ||
33 | |||
34 | Buglink: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13992 | ||
35 | Reported-by: Victor Kamensky <kamensky@cisco.com> | ||
36 | Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> | ||
37 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
38 | Message-Id: <20201016133317.553068-1-f4bug@amsat.org> | ||
39 | |||
40 | Upstream-Status: Backport [https://github.com/qemu/qemu/commit/68fa519a6cb455005317bd61f95214b58b2f1e69] | ||
41 | Signed-off-by: Victor Kamensky <kamensky@cisco.com> | ||
42 | |||
43 | --- | ||
44 | target/mips/translate_init.c.inc | 2 +- | ||
45 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
46 | |||
47 | Index: qemu-5.1.0/target/mips/translate_init.inc.c | ||
48 | =================================================================== | ||
49 | --- qemu-5.1.0.orig/target/mips/translate_init.inc.c | ||
50 | +++ qemu-5.1.0/target/mips/translate_init.inc.c | ||
51 | @@ -254,7 +254,7 @@ const mips_def_t mips_defs[] = | ||
52 | .CP0_PRid = 0x00019500, | ||
53 | .CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) | | ||
54 | (MMU_TYPE_R4000 << CP0C0_MT), | ||
55 | - .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (15 << CP0C1_MMU) | | ||
56 | + .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (63 << CP0C1_MMU) | | ||
57 | (0 << CP0C1_IS) | (3 << CP0C1_IL) | (1 << CP0C1_IA) | | ||
58 | (0 << CP0C1_DS) | (3 << CP0C1_DL) | (1 << CP0C1_DA) | | ||
59 | (1 << CP0C1_CA), | ||
diff --git a/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch index f379948f14..3cb1dac9c3 100644 --- a/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch +++ b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch | |||
@@ -16,13 +16,13 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | |||
16 | tests/Makefile.include | 8 ++++++++ | 16 | tests/Makefile.include | 8 ++++++++ |
17 | 1 file changed, 8 insertions(+) | 17 | 1 file changed, 8 insertions(+) |
18 | 18 | ||
19 | Index: qemu-5.1.0/tests/Makefile.include | 19 | Index: qemu-5.2.0/tests/Makefile.include |
20 | =================================================================== | 20 | =================================================================== |
21 | --- qemu-5.1.0.orig/tests/Makefile.include | 21 | --- qemu-5.2.0.orig/tests/Makefile.include |
22 | +++ qemu-5.1.0/tests/Makefile.include | 22 | +++ qemu-5.2.0/tests/Makefile.include |
23 | @@ -982,4 +982,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) | 23 | @@ -155,4 +155,12 @@ clean: check-clean |
24 | -include $(wildcard tests/qtest/*.d) | 24 | |
25 | -include $(wildcard tests/qtest/libqos/*.d) | 25 | check-speed: bench-speed |
26 | 26 | ||
27 | +buildtest-TESTS: $(check-unit-y) | 27 | +buildtest-TESTS: $(check-unit-y) |
28 | + | 28 | + |
diff --git a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch index 33cef42217..fd54f96b03 100644 --- a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch +++ b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch | |||
@@ -18,11 +18,11 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com> | |||
18 | hw/mips/malta.c | 2 +- | 18 | hw/mips/malta.c | 2 +- |
19 | 1 file changed, 1 insertion(+), 1 deletion(-) | 19 | 1 file changed, 1 insertion(+), 1 deletion(-) |
20 | 20 | ||
21 | Index: qemu-5.1.0/hw/mips/malta.c | 21 | Index: qemu-5.2.0/hw/mips/malta.c |
22 | =================================================================== | 22 | =================================================================== |
23 | --- qemu-5.1.0.orig/hw/mips/malta.c | 23 | --- qemu-5.2.0.orig/hw/mips/malta.c |
24 | +++ qemu-5.1.0/hw/mips/malta.c | 24 | +++ qemu-5.2.0/hw/mips/malta.c |
25 | @@ -59,7 +59,7 @@ | 25 | @@ -62,7 +62,7 @@ |
26 | 26 | ||
27 | #define ENVP_ADDR 0x80002000l | 27 | #define ENVP_ADDR 0x80002000l |
28 | #define ENVP_NB_ENTRIES 16 | 28 | #define ENVP_NB_ENTRIES 16 |
diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch index 71f537f9b0..a0bd1c5ebc 100644 --- a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch +++ b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch | |||
@@ -12,11 +12,11 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> | |||
12 | configure | 9 --------- | 12 | configure | 9 --------- |
13 | 1 file changed, 9 deletions(-) | 13 | 1 file changed, 9 deletions(-) |
14 | 14 | ||
15 | Index: qemu-5.1.0/configure | 15 | Index: qemu-5.2.0/configure |
16 | =================================================================== | 16 | =================================================================== |
17 | --- qemu-5.1.0.orig/configure | 17 | --- qemu-5.2.0.orig/configure |
18 | +++ qemu-5.1.0/configure | 18 | +++ qemu-5.2.0/configure |
19 | @@ -5751,15 +5751,6 @@ fi | 19 | @@ -5001,15 +5001,6 @@ fi |
20 | # check if we have valgrind/valgrind.h | 20 | # check if we have valgrind/valgrind.h |
21 | 21 | ||
22 | valgrind_h=no | 22 | valgrind_h=no |
diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch deleted file mode 100644 index 02ebbee1a0..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch +++ /dev/null | |||
@@ -1,28 +0,0 @@ | |||
1 | From 230fe5804099bdca0c9e4cae7280c9fc513cb7f5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Stephen Arnold <sarnold@vctlabs.com> | ||
3 | Date: Sun, 12 Jun 2016 18:09:56 -0700 | ||
4 | Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | |||
8 | [update patch context] | ||
9 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | ||
10 | --- | ||
11 | configure | 4 ---- | ||
12 | 1 file changed, 4 deletions(-) | ||
13 | |||
14 | Index: qemu-5.1.0/configure | ||
15 | =================================================================== | ||
16 | --- qemu-5.1.0.orig/configure | ||
17 | +++ qemu-5.1.0/configure | ||
18 | @@ -6515,10 +6515,6 @@ write_c_skeleton | ||
19 | if test "$gcov" = "yes" ; then | ||
20 | QEMU_CFLAGS="-fprofile-arcs -ftest-coverage -g $QEMU_CFLAGS" | ||
21 | QEMU_LDFLAGS="-fprofile-arcs -ftest-coverage $QEMU_LDFLAGS" | ||
22 | -elif test "$fortify_source" = "yes" ; then | ||
23 | - CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" | ||
24 | -elif test "$debug" = "no"; then | ||
25 | - CFLAGS="-O2 $CFLAGS" | ||
26 | fi | ||
27 | |||
28 | if test "$have_asan" = "yes"; then | ||
diff --git a/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch index 98fd5e9133..201125c1f4 100644 --- a/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch +++ b/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch | |||
@@ -51,11 +51,11 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> | |||
51 | qapi/char.json | 5 +++ | 51 | qapi/char.json | 5 +++ |
52 | 3 files changed, 109 insertions(+) | 52 | 3 files changed, 109 insertions(+) |
53 | 53 | ||
54 | Index: qemu-5.1.0/chardev/char-socket.c | 54 | Index: qemu-5.2.0/chardev/char-socket.c |
55 | =================================================================== | 55 | =================================================================== |
56 | --- qemu-5.1.0.orig/chardev/char-socket.c | 56 | --- qemu-5.2.0.orig/chardev/char-socket.c |
57 | +++ qemu-5.1.0/chardev/char-socket.c | 57 | +++ qemu-5.2.0/chardev/char-socket.c |
58 | @@ -1292,6 +1292,67 @@ static bool qmp_chardev_validate_socket( | 58 | @@ -1308,6 +1308,67 @@ static bool qmp_chardev_validate_socket( |
59 | return true; | 59 | return true; |
60 | } | 60 | } |
61 | 61 | ||
@@ -123,7 +123,7 @@ Index: qemu-5.1.0/chardev/char-socket.c | |||
123 | 123 | ||
124 | static void qmp_chardev_open_socket(Chardev *chr, | 124 | static void qmp_chardev_open_socket(Chardev *chr, |
125 | ChardevBackend *backend, | 125 | ChardevBackend *backend, |
126 | @@ -1300,6 +1361,9 @@ static void qmp_chardev_open_socket(Char | 126 | @@ -1316,6 +1377,9 @@ static void qmp_chardev_open_socket(Char |
127 | { | 127 | { |
128 | SocketChardev *s = SOCKET_CHARDEV(chr); | 128 | SocketChardev *s = SOCKET_CHARDEV(chr); |
129 | ChardevSocket *sock = backend->u.socket.data; | 129 | ChardevSocket *sock = backend->u.socket.data; |
@@ -133,7 +133,7 @@ Index: qemu-5.1.0/chardev/char-socket.c | |||
133 | bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; | 133 | bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; |
134 | bool is_listen = sock->has_server ? sock->server : true; | 134 | bool is_listen = sock->has_server ? sock->server : true; |
135 | bool is_telnet = sock->has_telnet ? sock->telnet : false; | 135 | bool is_telnet = sock->has_telnet ? sock->telnet : false; |
136 | @@ -1365,6 +1429,14 @@ static void qmp_chardev_open_socket(Char | 136 | @@ -1381,6 +1445,14 @@ static void qmp_chardev_open_socket(Char |
137 | 137 | ||
138 | update_disconnected_filename(s); | 138 | update_disconnected_filename(s); |
139 | 139 | ||
@@ -148,15 +148,17 @@ Index: qemu-5.1.0/chardev/char-socket.c | |||
148 | if (s->is_listen) { | 148 | if (s->is_listen) { |
149 | if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270, | 149 | if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270, |
150 | is_waitconnect, errp) < 0) { | 150 | is_waitconnect, errp) < 0) { |
151 | @@ -1384,11 +1456,27 @@ static void qemu_chr_parse_socket(QemuOp | 151 | @@ -1400,6 +1472,9 @@ static void qemu_chr_parse_socket(QemuOp |
152 | const char *host = qemu_opt_get(opts, "host"); | 152 | const char *host = qemu_opt_get(opts, "host"); |
153 | const char *port = qemu_opt_get(opts, "port"); | 153 | const char *port = qemu_opt_get(opts, "port"); |
154 | const char *fd = qemu_opt_get(opts, "fd"); | 154 | const char *fd = qemu_opt_get(opts, "fd"); |
155 | +#ifndef _WIN32 | 155 | +#ifndef _WIN32 |
156 | + const char *cmd = qemu_opt_get(opts, "cmd"); | 156 | + const char *cmd = qemu_opt_get(opts, "cmd"); |
157 | +#endif | 157 | +#endif |
158 | #ifdef CONFIG_LINUX | ||
158 | bool tight = qemu_opt_get_bool(opts, "tight", true); | 159 | bool tight = qemu_opt_get_bool(opts, "tight", true); |
159 | bool abstract = qemu_opt_get_bool(opts, "abstract", false); | 160 | bool abstract = qemu_opt_get_bool(opts, "abstract", false); |
161 | @@ -1407,6 +1482,20 @@ static void qemu_chr_parse_socket(QemuOp | ||
160 | SocketAddressLegacy *addr; | 162 | SocketAddressLegacy *addr; |
161 | ChardevSocket *sock; | 163 | ChardevSocket *sock; |
162 | 164 | ||
@@ -173,19 +175,19 @@ Index: qemu-5.1.0/chardev/char-socket.c | |||
173 | + } | 175 | + } |
174 | + } else | 176 | + } else |
175 | +#endif | 177 | +#endif |
178 | + | ||
176 | if ((!!path + !!fd + !!host) != 1) { | 179 | if ((!!path + !!fd + !!host) != 1) { |
177 | error_setg(errp, | 180 | error_setg(errp, |
178 | "Exactly one of 'path', 'fd' or 'host' required"); | 181 | "Exactly one of 'path', 'fd' or 'host' required"); |
179 | @@ -1431,12 +1519,24 @@ static void qemu_chr_parse_socket(QemuOp | 182 | @@ -1448,13 +1537,24 @@ static void qemu_chr_parse_socket(QemuOp |
183 | sock->tls_creds = g_strdup(qemu_opt_get(opts, "tls-creds")); | ||
180 | sock->has_tls_authz = qemu_opt_get(opts, "tls-authz"); | 184 | sock->has_tls_authz = qemu_opt_get(opts, "tls-authz"); |
181 | sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz")); | 185 | sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz")); |
182 | |||
183 | - addr = g_new0(SocketAddressLegacy, 1); | ||
184 | +#ifndef _WIN32 | 186 | +#ifndef _WIN32 |
185 | + sock->cmd = g_strdup(cmd); | 187 | + sock->cmd = g_strdup(cmd); |
186 | +#endif | 188 | +#endif |
187 | + | 189 | |
188 | + addr = g_new0(SocketAddressLegacy, 1); | 190 | addr = g_new0(SocketAddressLegacy, 1); |
189 | +#ifndef _WIN32 | 191 | +#ifndef _WIN32 |
190 | + if (path || cmd) { | 192 | + if (path || cmd) { |
191 | +#else | 193 | +#else |
@@ -199,14 +201,14 @@ Index: qemu-5.1.0/chardev/char-socket.c | |||
199 | +#else | 201 | +#else |
200 | q_unix->path = g_strdup(path); | 202 | q_unix->path = g_strdup(path); |
201 | +#endif | 203 | +#endif |
204 | #ifdef CONFIG_LINUX | ||
205 | q_unix->has_tight = true; | ||
202 | q_unix->tight = tight; | 206 | q_unix->tight = tight; |
203 | q_unix->abstract = abstract; | 207 | Index: qemu-5.2.0/chardev/char.c |
204 | } else if (host) { | ||
205 | Index: qemu-5.1.0/chardev/char.c | ||
206 | =================================================================== | 208 | =================================================================== |
207 | --- qemu-5.1.0.orig/chardev/char.c | 209 | --- qemu-5.2.0.orig/chardev/char.c |
208 | +++ qemu-5.1.0/chardev/char.c | 210 | +++ qemu-5.2.0/chardev/char.c |
209 | @@ -826,6 +826,9 @@ QemuOptsList qemu_chardev_opts = { | 211 | @@ -839,6 +839,9 @@ QemuOptsList qemu_chardev_opts = { |
210 | .name = "path", | 212 | .name = "path", |
211 | .type = QEMU_OPT_STRING, | 213 | .type = QEMU_OPT_STRING, |
212 | },{ | 214 | },{ |
@@ -216,10 +218,10 @@ Index: qemu-5.1.0/chardev/char.c | |||
216 | .name = "host", | 218 | .name = "host", |
217 | .type = QEMU_OPT_STRING, | 219 | .type = QEMU_OPT_STRING, |
218 | },{ | 220 | },{ |
219 | Index: qemu-5.1.0/qapi/char.json | 221 | Index: qemu-5.2.0/qapi/char.json |
220 | =================================================================== | 222 | =================================================================== |
221 | --- qemu-5.1.0.orig/qapi/char.json | 223 | --- qemu-5.2.0.orig/qapi/char.json |
222 | +++ qemu-5.1.0/qapi/char.json | 224 | +++ qemu-5.2.0/qapi/char.json |
223 | @@ -250,6 +250,10 @@ | 225 | @@ -250,6 +250,10 @@ |
224 | # | 226 | # |
225 | # @addr: socket address to listen on (server=true) | 227 | # @addr: socket address to listen on (server=true) |
diff --git a/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch index 034ac57821..294cf5129f 100644 --- a/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch +++ b/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch | |||
@@ -29,11 +29,11 @@ Signed-off-by: He Zhe <zhe.he@windriver.com> | |||
29 | hw/intc/apic.c | 2 +- | 29 | hw/intc/apic.c | 2 +- |
30 | 1 file changed, 1 insertion(+), 1 deletion(-) | 30 | 1 file changed, 1 insertion(+), 1 deletion(-) |
31 | 31 | ||
32 | Index: qemu-5.1.0/hw/intc/apic.c | 32 | Index: qemu-5.2.0/hw/intc/apic.c |
33 | =================================================================== | 33 | =================================================================== |
34 | --- qemu-5.1.0.orig/hw/intc/apic.c | 34 | --- qemu-5.2.0.orig/hw/intc/apic.c |
35 | +++ qemu-5.1.0/hw/intc/apic.c | 35 | +++ qemu-5.2.0/hw/intc/apic.c |
36 | @@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *de | 36 | @@ -605,7 +605,7 @@ int apic_accept_pic_intr(DeviceState *de |
37 | APICCommonState *s = APIC(dev); | 37 | APICCommonState *s = APIC(dev); |
38 | uint32_t lvt0; | 38 | uint32_t lvt0; |
39 | 39 | ||
diff --git a/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch index d20f04ee59..74621a08e8 100644 --- a/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch +++ b/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch | |||
@@ -18,10 +18,10 @@ Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> | |||
18 | linux-user/main.c | 2 +- | 18 | linux-user/main.c | 2 +- |
19 | 1 file changed, 1 insertion(+), 1 deletion(-) | 19 | 1 file changed, 1 insertion(+), 1 deletion(-) |
20 | 20 | ||
21 | Index: qemu-5.1.0/linux-user/main.c | 21 | Index: qemu-5.2.0/linux-user/main.c |
22 | =================================================================== | 22 | =================================================================== |
23 | --- qemu-5.1.0.orig/linux-user/main.c | 23 | --- qemu-5.2.0.orig/linux-user/main.c |
24 | +++ qemu-5.1.0/linux-user/main.c | 24 | +++ qemu-5.2.0/linux-user/main.c |
25 | @@ -92,7 +92,7 @@ static int last_log_mask; | 25 | @@ -92,7 +92,7 @@ static int last_log_mask; |
26 | (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) | 26 | (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) |
27 | /* There are a number of places where we assign reserved_va to a variable | 27 | /* There are a number of places where we assign reserved_va to a variable |
diff --git a/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch b/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch index f2a44986b7..2ddc09966c 100644 --- a/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch +++ b/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch | |||
@@ -28,10 +28,10 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | |||
28 | linux-user/syscall.c | 5 +---- | 28 | linux-user/syscall.c | 5 +---- |
29 | 4 files changed, 10 insertions(+), 23 deletions(-) | 29 | 4 files changed, 10 insertions(+), 23 deletions(-) |
30 | 30 | ||
31 | Index: qemu-5.1.0/include/exec/cpu-all.h | 31 | Index: qemu-5.2.0/include/exec/cpu-all.h |
32 | =================================================================== | 32 | =================================================================== |
33 | --- qemu-5.1.0.orig/include/exec/cpu-all.h | 33 | --- qemu-5.2.0.orig/include/exec/cpu-all.h |
34 | +++ qemu-5.1.0/include/exec/cpu-all.h | 34 | +++ qemu-5.2.0/include/exec/cpu-all.h |
35 | @@ -176,11 +176,8 @@ extern unsigned long reserved_va; | 35 | @@ -176,11 +176,8 @@ extern unsigned long reserved_va; |
36 | * avoid setting bits at the top of guest addresses that might need | 36 | * avoid setting bits at the top of guest addresses that might need |
37 | * to be used for tags. | 37 | * to be used for tags. |
@@ -46,10 +46,10 @@ Index: qemu-5.1.0/include/exec/cpu-all.h | |||
46 | #else | 46 | #else |
47 | 47 | ||
48 | #include "exec/hwaddr.h" | 48 | #include "exec/hwaddr.h" |
49 | Index: qemu-5.1.0/include/exec/cpu_ldst.h | 49 | Index: qemu-5.2.0/include/exec/cpu_ldst.h |
50 | =================================================================== | 50 | =================================================================== |
51 | --- qemu-5.1.0.orig/include/exec/cpu_ldst.h | 51 | --- qemu-5.2.0.orig/include/exec/cpu_ldst.h |
52 | +++ qemu-5.1.0/include/exec/cpu_ldst.h | 52 | +++ qemu-5.2.0/include/exec/cpu_ldst.h |
53 | @@ -75,7 +75,10 @@ typedef uint64_t abi_ptr; | 53 | @@ -75,7 +75,10 @@ typedef uint64_t abi_ptr; |
54 | #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS | 54 | #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS |
55 | #define guest_addr_valid(x) (1) | 55 | #define guest_addr_valid(x) (1) |
@@ -62,20 +62,20 @@ Index: qemu-5.1.0/include/exec/cpu_ldst.h | |||
62 | #endif | 62 | #endif |
63 | #define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base) | 63 | #define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base) |
64 | 64 | ||
65 | Index: qemu-5.1.0/linux-user/mmap.c | 65 | Index: qemu-5.2.0/linux-user/mmap.c |
66 | =================================================================== | 66 | =================================================================== |
67 | --- qemu-5.1.0.orig/linux-user/mmap.c | 67 | --- qemu-5.2.0.orig/linux-user/mmap.c |
68 | +++ qemu-5.1.0/linux-user/mmap.c | 68 | +++ qemu-5.2.0/linux-user/mmap.c |
69 | @@ -71,7 +71,7 @@ int target_mprotect(abi_ulong start, abi | 69 | @@ -119,7 +119,7 @@ int target_mprotect(abi_ulong start, abi |
70 | return -TARGET_EINVAL; | 70 | } |
71 | len = TARGET_PAGE_ALIGN(len); | 71 | len = TARGET_PAGE_ALIGN(len); |
72 | end = start + len; | 72 | end = start + len; |
73 | - if (!guest_range_valid(start, len)) { | 73 | - if (!guest_range_valid(start, len)) { |
74 | + if (end < start) { | 74 | + if (end < start) { |
75 | return -TARGET_ENOMEM; | 75 | return -TARGET_ENOMEM; |
76 | } | 76 | } |
77 | prot &= PROT_READ | PROT_WRITE | PROT_EXEC; | 77 | if (len == 0) { |
78 | @@ -467,8 +467,8 @@ abi_long target_mmap(abi_ulong start, ab | 78 | @@ -527,8 +527,8 @@ abi_long target_mmap(abi_ulong start, ab |
79 | * It can fail only on 64-bit host with 32-bit target. | 79 | * It can fail only on 64-bit host with 32-bit target. |
80 | * On any other target/host host mmap() handles this error correctly. | 80 | * On any other target/host host mmap() handles this error correctly. |
81 | */ | 81 | */ |
@@ -86,7 +86,7 @@ Index: qemu-5.1.0/linux-user/mmap.c | |||
86 | goto fail; | 86 | goto fail; |
87 | } | 87 | } |
88 | 88 | ||
89 | @@ -604,10 +604,8 @@ int target_munmap(abi_ulong start, abi_u | 89 | @@ -664,10 +664,8 @@ int target_munmap(abi_ulong start, abi_u |
90 | if (start & ~TARGET_PAGE_MASK) | 90 | if (start & ~TARGET_PAGE_MASK) |
91 | return -TARGET_EINVAL; | 91 | return -TARGET_EINVAL; |
92 | len = TARGET_PAGE_ALIGN(len); | 92 | len = TARGET_PAGE_ALIGN(len); |
@@ -98,7 +98,7 @@ Index: qemu-5.1.0/linux-user/mmap.c | |||
98 | mmap_lock(); | 98 | mmap_lock(); |
99 | end = start + len; | 99 | end = start + len; |
100 | real_start = start & qemu_host_page_mask; | 100 | real_start = start & qemu_host_page_mask; |
101 | @@ -662,13 +660,6 @@ abi_long target_mremap(abi_ulong old_add | 101 | @@ -722,13 +720,6 @@ abi_long target_mremap(abi_ulong old_add |
102 | int prot; | 102 | int prot; |
103 | void *host_addr; | 103 | void *host_addr; |
104 | 104 | ||
@@ -112,11 +112,11 @@ Index: qemu-5.1.0/linux-user/mmap.c | |||
112 | mmap_lock(); | 112 | mmap_lock(); |
113 | 113 | ||
114 | if (flags & MREMAP_FIXED) { | 114 | if (flags & MREMAP_FIXED) { |
115 | Index: qemu-5.1.0/linux-user/syscall.c | 115 | Index: qemu-5.2.0/linux-user/syscall.c |
116 | =================================================================== | 116 | =================================================================== |
117 | --- qemu-5.1.0.orig/linux-user/syscall.c | 117 | --- qemu-5.2.0.orig/linux-user/syscall.c |
118 | +++ qemu-5.1.0/linux-user/syscall.c | 118 | +++ qemu-5.2.0/linux-user/syscall.c |
119 | @@ -4336,9 +4336,6 @@ static inline abi_ulong do_shmat(CPUArch | 119 | @@ -4590,9 +4590,6 @@ static inline abi_ulong do_shmat(CPUArch |
120 | return -TARGET_EINVAL; | 120 | return -TARGET_EINVAL; |
121 | } | 121 | } |
122 | } | 122 | } |
@@ -126,7 +126,7 @@ Index: qemu-5.1.0/linux-user/syscall.c | |||
126 | 126 | ||
127 | mmap_lock(); | 127 | mmap_lock(); |
128 | 128 | ||
129 | @@ -7376,7 +7373,7 @@ static int open_self_maps(void *cpu_env, | 129 | @@ -7790,7 +7787,7 @@ static int open_self_maps(void *cpu_env, |
130 | const char *path; | 130 | const char *path; |
131 | 131 | ||
132 | max = h2g_valid(max - 1) ? | 132 | max = h2g_valid(max - 1) ? |
diff --git a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch index d7e3fffdd0..c5d206b91b 100644 --- a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch +++ b/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch | |||
@@ -14,11 +14,11 @@ Signed-off-by: He Zhe <zhe.he@windriver.com> | |||
14 | configure | 48 ++++++++++++++++++++++++++++++++++++++++-------- | 14 | configure | 48 ++++++++++++++++++++++++++++++++++++++++-------- |
15 | 1 file changed, 40 insertions(+), 8 deletions(-) | 15 | 1 file changed, 40 insertions(+), 8 deletions(-) |
16 | 16 | ||
17 | Index: qemu-5.1.0/configure | 17 | Index: qemu-5.2.0/configure |
18 | =================================================================== | 18 | =================================================================== |
19 | --- qemu-5.1.0.orig/configure | 19 | --- qemu-5.2.0.orig/configure |
20 | +++ qemu-5.1.0/configure | 20 | +++ qemu-5.2.0/configure |
21 | @@ -3084,6 +3084,30 @@ has_libgcrypt() { | 21 | @@ -2956,6 +2956,30 @@ has_libgcrypt() { |
22 | return 0 | 22 | return 0 |
23 | } | 23 | } |
24 | 24 | ||
@@ -49,7 +49,7 @@ Index: qemu-5.1.0/configure | |||
49 | 49 | ||
50 | if test "$nettle" != "no"; then | 50 | if test "$nettle" != "no"; then |
51 | pass="no" | 51 | pass="no" |
52 | @@ -3124,7 +3148,14 @@ fi | 52 | @@ -2994,7 +3018,14 @@ fi |
53 | 53 | ||
54 | if test "$gcrypt" != "no"; then | 54 | if test "$gcrypt" != "no"; then |
55 | pass="no" | 55 | pass="no" |
@@ -65,7 +65,7 @@ Index: qemu-5.1.0/configure | |||
65 | gcrypt_cflags=$(libgcrypt-config --cflags) | 65 | gcrypt_cflags=$(libgcrypt-config --cflags) |
66 | gcrypt_libs=$(libgcrypt-config --libs) | 66 | gcrypt_libs=$(libgcrypt-config --libs) |
67 | # Debian has removed -lgpg-error from libgcrypt-config | 67 | # Debian has removed -lgpg-error from libgcrypt-config |
68 | @@ -3134,15 +3165,16 @@ if test "$gcrypt" != "no"; then | 68 | @@ -3004,12 +3035,12 @@ if test "$gcrypt" != "no"; then |
69 | then | 69 | then |
70 | gcrypt_libs="$gcrypt_libs -lgpg-error" | 70 | gcrypt_libs="$gcrypt_libs -lgpg-error" |
71 | fi | 71 | fi |
@@ -74,18 +74,11 @@ Index: qemu-5.1.0/configure | |||
74 | - # Link test to make sure the given libraries work (e.g for static). | 74 | - # Link test to make sure the given libraries work (e.g for static). |
75 | - write_c_skeleton | 75 | - write_c_skeleton |
76 | - if compile_prog "" "$gcrypt_libs" ; then | 76 | - if compile_prog "" "$gcrypt_libs" ; then |
77 | - LIBS="$gcrypt_libs $LIBS" | ||
78 | - QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags" | ||
79 | - pass="yes" | ||
80 | - fi | ||
81 | + # Link test to make sure the given libraries work (e.g for static). | 77 | + # Link test to make sure the given libraries work (e.g for static). |
82 | + write_c_skeleton | 78 | + write_c_skeleton |
83 | + if compile_prog "" "$gcrypt_libs" ; then | 79 | + if compile_prog "" "$gcrypt_libs" ; then |
84 | + LIBS="$gcrypt_libs $LIBS" | 80 | pass="yes" |
85 | + QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags" | 81 | - fi |
86 | + pass="yes" | ||
87 | fi | 82 | fi |
88 | + | ||
89 | if test "$pass" = "yes"; then | 83 | if test "$pass" = "yes"; then |
90 | gcrypt="yes" | 84 | gcrypt="yes" |
91 | cat > $TMPC << EOF | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch deleted file mode 100644 index 861ff6c3b0..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch +++ /dev/null | |||
@@ -1,52 +0,0 @@ | |||
1 | From ca1f9cbfdce4d63b10d57de80fef89a89d92a540 Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Wed, 21 Oct 2020 16:08:18 +0530 | ||
4 | Subject: [PATCH 1/1] ati: check x y display parameter values | ||
5 | |||
6 | The source and destination x,y display parameters in ati_2d_blt() | ||
7 | may run off the vga limits if either of s->regs.[src|dst]_[xy] is | ||
8 | zero. Check the parameter values to avoid potential crash. | ||
9 | |||
10 | Reported-by: Gaoning Pan <pgn@zju.edu.cn> | ||
11 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
12 | Message-id: 20201021103818.1704030-1-ppandit@redhat.com | ||
13 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
14 | |||
15 | Upstream-Status: Backport [ https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ca1f9cbfdce4d63b10d57de80fef89a89d92a540;hp=2ddafce7f797082ad216657c830afd4546f16e37 ] | ||
16 | CVE: CVE-2020-24352 | ||
17 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
18 | --- | ||
19 | hw/display/ati_2d.c | 10 ++++++---- | ||
20 | 1 file changed, 6 insertions(+), 4 deletions(-) | ||
21 | |||
22 | diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c | ||
23 | index 23a8ae0..4dc10ea 100644 | ||
24 | --- a/hw/display/ati_2d.c | ||
25 | +++ b/hw/display/ati_2d.c | ||
26 | @@ -75,8 +75,9 @@ void ati_2d_blt(ATIVGAState *s) | ||
27 | dst_stride *= bpp; | ||
28 | } | ||
29 | uint8_t *end = s->vga.vram_ptr + s->vga.vram_size; | ||
30 | - if (dst_bits >= end || dst_bits + dst_x + (dst_y + s->regs.dst_height) * | ||
31 | - dst_stride >= end) { | ||
32 | + if (dst_x > 0x3fff || dst_y > 0x3fff || dst_bits >= end | ||
33 | + || dst_bits + dst_x | ||
34 | + + (dst_y + s->regs.dst_height) * dst_stride >= end) { | ||
35 | qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); | ||
36 | return; | ||
37 | } | ||
38 | @@ -107,8 +108,9 @@ void ati_2d_blt(ATIVGAState *s) | ||
39 | src_bits += s->regs.crtc_offset & 0x07ffffff; | ||
40 | src_stride *= bpp; | ||
41 | } | ||
42 | - if (src_bits >= end || src_bits + src_x + | ||
43 | - (src_y + s->regs.dst_height) * src_stride >= end) { | ||
44 | + if (src_x > 0x3fff || src_y > 0x3fff || src_bits >= end | ||
45 | + || src_bits + src_x | ||
46 | + + (src_y + s->regs.dst_height) * src_stride >= end) { | ||
47 | qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); | ||
48 | return; | ||
49 | } | ||
50 | -- | ||
51 | 1.8.3.1 | ||
52 | |||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch deleted file mode 100644 index 7631bab39f..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch +++ /dev/null | |||
@@ -1,101 +0,0 @@ | |||
1 | From 1328fe0c32d5474604105b8105310e944976b058 Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Tue, 15 Sep 2020 23:52:58 +0530 | ||
4 | Subject: [PATCH] hw: usb: hcd-ohci: check len and frame_number variables | ||
5 | |||
6 | While servicing the OHCI transfer descriptors(TD), OHCI host | ||
7 | controller derives variables 'start_addr', 'end_addr', 'len' | ||
8 | etc. from values supplied by the host controller driver. | ||
9 | Host controller driver may supply values such that using | ||
10 | above variables leads to out-of-bounds access issues. | ||
11 | Add checks to avoid them. | ||
12 | |||
13 | AddressSanitizer: stack-buffer-overflow on address 0x7ffd53af76a0 | ||
14 | READ of size 2 at 0x7ffd53af76a0 thread T0 | ||
15 | #0 ohci_service_iso_td ../hw/usb/hcd-ohci.c:734 | ||
16 | #1 ohci_service_ed_list ../hw/usb/hcd-ohci.c:1180 | ||
17 | #2 ohci_process_lists ../hw/usb/hcd-ohci.c:1214 | ||
18 | #3 ohci_frame_boundary ../hw/usb/hcd-ohci.c:1257 | ||
19 | #4 timerlist_run_timers ../util/qemu-timer.c:572 | ||
20 | #5 qemu_clock_run_timers ../util/qemu-timer.c:586 | ||
21 | #6 qemu_clock_run_all_timers ../util/qemu-timer.c:672 | ||
22 | #7 main_loop_wait ../util/main-loop.c:527 | ||
23 | #8 qemu_main_loop ../softmmu/vl.c:1676 | ||
24 | #9 main ../softmmu/main.c:50 | ||
25 | |||
26 | Reported-by: Gaoning Pan <pgn@zju.edu.cn> | ||
27 | Reported-by: Yongkang Jia <j_kangel@163.com> | ||
28 | Reported-by: Yi Ren <yunye.ry@alibaba-inc.com> | ||
29 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
30 | Message-id: 20200915182259.68522-2-ppandit@redhat.com | ||
31 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
32 | |||
33 | Upstream-Status: Backport | ||
34 | CVE: CVE-2020-25624 | ||
35 | [https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058] | ||
36 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
37 | --- | ||
38 | hw/usb/hcd-ohci.c | 24 ++++++++++++++++++++++-- | ||
39 | 1 file changed, 22 insertions(+), 2 deletions(-) | ||
40 | |||
41 | diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c | ||
42 | index 1e6e85e..9dc5910 100644 | ||
43 | --- a/hw/usb/hcd-ohci.c | ||
44 | +++ b/hw/usb/hcd-ohci.c | ||
45 | @@ -731,7 +731,11 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, | ||
46 | } | ||
47 | |||
48 | start_offset = iso_td.offset[relative_frame_number]; | ||
49 | - next_offset = iso_td.offset[relative_frame_number + 1]; | ||
50 | + if (relative_frame_number < frame_count) { | ||
51 | + next_offset = iso_td.offset[relative_frame_number + 1]; | ||
52 | + } else { | ||
53 | + next_offset = iso_td.be; | ||
54 | + } | ||
55 | |||
56 | if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) || | ||
57 | ((relative_frame_number < frame_count) && | ||
58 | @@ -764,7 +768,12 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, | ||
59 | } | ||
60 | } else { | ||
61 | /* Last packet in the ISO TD */ | ||
62 | - end_addr = iso_td.be; | ||
63 | + end_addr = next_offset; | ||
64 | + } | ||
65 | + | ||
66 | + if (start_addr > end_addr) { | ||
67 | + trace_usb_ohci_iso_td_bad_cc_overrun(start_addr, end_addr); | ||
68 | + return 1; | ||
69 | } | ||
70 | |||
71 | if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) { | ||
72 | @@ -773,6 +782,9 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, | ||
73 | } else { | ||
74 | len = end_addr - start_addr + 1; | ||
75 | } | ||
76 | + if (len > sizeof(ohci->usb_buf)) { | ||
77 | + len = sizeof(ohci->usb_buf); | ||
78 | + } | ||
79 | |||
80 | if (len && dir != OHCI_TD_DIR_IN) { | ||
81 | if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len, | ||
82 | @@ -975,8 +987,16 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) | ||
83 | if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) { | ||
84 | len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff); | ||
85 | } else { | ||
86 | + if (td.cbp > td.be) { | ||
87 | + trace_usb_ohci_iso_td_bad_cc_overrun(td.cbp, td.be); | ||
88 | + ohci_die(ohci); | ||
89 | + return 1; | ||
90 | + } | ||
91 | len = (td.be - td.cbp) + 1; | ||
92 | } | ||
93 | + if (len > sizeof(ohci->usb_buf)) { | ||
94 | + len = sizeof(ohci->usb_buf); | ||
95 | + } | ||
96 | |||
97 | pktlen = len; | ||
98 | if (len && dir != OHCI_TD_DIR_IN) { | ||
99 | -- | ||
100 | 2.17.1 | ||
101 | |||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch deleted file mode 100644 index 90b3a2f41c..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-25723.patch +++ /dev/null | |||
@@ -1,51 +0,0 @@ | |||
1 | From 2fdb42d840400d58f2e706ecca82c142b97bcbd6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Li Qiang <liq3ea@163.com> | ||
3 | Date: Wed, 12 Aug 2020 09:17:27 -0700 | ||
4 | Subject: [PATCH] hw: ehci: check return value of 'usb_packet_map' | ||
5 | |||
6 | If 'usb_packet_map' fails, we should stop to process the usb | ||
7 | request. | ||
8 | |||
9 | Signed-off-by: Li Qiang <liq3ea@163.com> | ||
10 | Message-Id: <20200812161727.29412-1-liq3ea@163.com> | ||
11 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | CVE: CVE-2020-25723 | ||
15 | [https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6] | ||
16 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
17 | --- | ||
18 | hw/usb/hcd-ehci.c | 10 ++++++++-- | ||
19 | 1 file changed, 8 insertions(+), 2 deletions(-) | ||
20 | |||
21 | diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c | ||
22 | index 1495e8f..1fbb02a 100644 | ||
23 | --- a/hw/usb/hcd-ehci.c | ||
24 | +++ b/hw/usb/hcd-ehci.c | ||
25 | @@ -1373,7 +1373,10 @@ static int ehci_execute(EHCIPacket *p, const char *action) | ||
26 | spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0); | ||
27 | usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd, | ||
28 | (p->qtd.token & QTD_TOKEN_IOC) != 0); | ||
29 | - usb_packet_map(&p->packet, &p->sgl); | ||
30 | + if (usb_packet_map(&p->packet, &p->sgl)) { | ||
31 | + qemu_sglist_destroy(&p->sgl); | ||
32 | + return -1; | ||
33 | + } | ||
34 | p->async = EHCI_ASYNC_INITIALIZED; | ||
35 | } | ||
36 | |||
37 | @@ -1452,7 +1455,10 @@ static int ehci_process_itd(EHCIState *ehci, | ||
38 | if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) { | ||
39 | usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false, | ||
40 | (itd->transact[i] & ITD_XACT_IOC) != 0); | ||
41 | - usb_packet_map(&ehci->ipacket, &ehci->isgl); | ||
42 | + if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) { | ||
43 | + qemu_sglist_destroy(&ehci->isgl); | ||
44 | + return -1; | ||
45 | + } | ||
46 | usb_handle_packet(dev, &ehci->ipacket); | ||
47 | usb_packet_unmap(&ehci->ipacket, &ehci->isgl); | ||
48 | } else { | ||
49 | -- | ||
50 | 2.17.1 | ||
51 | |||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch deleted file mode 100644 index 5212196837..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-28916.patch +++ /dev/null | |||
@@ -1,49 +0,0 @@ | |||
1 | From c2cb511634012344e3d0fe49a037a33b12d8a98a Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Wed, 11 Nov 2020 18:36:36 +0530 | ||
4 | Subject: [PATCH] hw/net/e1000e: advance desc_offset in case of null | ||
5 | descriptor | ||
6 | |||
7 | While receiving packets via e1000e_write_packet_to_guest() routine, | ||
8 | 'desc_offset' is advanced only when RX descriptor is processed. And | ||
9 | RX descriptor is not processed if it has NULL buffer address. | ||
10 | This may lead to an infinite loop condition. Increament 'desc_offset' | ||
11 | to process next descriptor in the ring to avoid infinite loop. | ||
12 | |||
13 | Reported-by: Cheol-woo Myung <330cjfdn@gmail.com> | ||
14 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
15 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | CVE: CVE-2020-28916 | ||
19 | [https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a] | ||
20 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
21 | --- | ||
22 | hw/net/e1000e_core.c | 8 ++++---- | ||
23 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
24 | |||
25 | diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c | ||
26 | index bcd186c..d3e3cdc 100644 | ||
27 | --- a/hw/net/e1000e_core.c | ||
28 | +++ b/hw/net/e1000e_core.c | ||
29 | @@ -1596,13 +1596,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt, | ||
30 | (const char *) &fcs_pad, e1000x_fcs_len(core->mac)); | ||
31 | } | ||
32 | } | ||
33 | - desc_offset += desc_size; | ||
34 | - if (desc_offset >= total_size) { | ||
35 | - is_last = true; | ||
36 | - } | ||
37 | } else { /* as per intel docs; skip descriptors with null buf addr */ | ||
38 | trace_e1000e_rx_null_descriptor(); | ||
39 | } | ||
40 | + desc_offset += desc_size; | ||
41 | + if (desc_offset >= total_size) { | ||
42 | + is_last = true; | ||
43 | + } | ||
44 | |||
45 | e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL, | ||
46 | rss_info, do_ps ? ps_hdr_len : 0, &bastate.written); | ||
47 | -- | ||
48 | 2.17.1 | ||
49 | |||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch deleted file mode 100644 index e5829f6dad..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | From 2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Thu, 26 Nov 2020 19:27:06 +0530 | ||
4 | Subject: [PATCH] slirp: check pkt_len before reading protocol header | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=utf8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input' | ||
10 | routines, ensure that pkt_len is large enough to accommodate the | ||
11 | respective protocol headers, lest it should do an OOB access. | ||
12 | Add check to avoid it. | ||
13 | |||
14 | CVE-2020-29129 CVE-2020-29130 | ||
15 | QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets | ||
16 | -> https://www.openwall.com/lists/oss-security/2020/11/27/1 | ||
17 | |||
18 | Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com> | ||
19 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
20 | Message-Id: <20201126135706.273950-1-ppandit@redhat.com> | ||
21 | Reviewed-by: Marc-Andrà Lureau <marcandre.lureau@redhat.com> | ||
22 | |||
23 | Upstream-Status: Backport | ||
24 | CVE: CVE-2020-29129 CVE-2020-29130 | ||
25 | [https://git.qemu.org/?p=libslirp.git;a=commit;h=2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f] | ||
26 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
27 | --- | ||
28 | slirp/src/ncsi.c | 4 ++++ | ||
29 | slirp/src/slirp.c | 4 ++++ | ||
30 | 2 files changed, 8 insertions(+) | ||
31 | |||
32 | diff --git a/slirp/src/ncsi.c b/slirp/src/ncsi.c | ||
33 | index 3c1dfef..75dcc08 100644 | ||
34 | --- a/slirp/src/ncsi.c | ||
35 | +++ b/slirp/src/ncsi.c | ||
36 | @@ -148,6 +148,10 @@ void ncsi_input(Slirp *slirp, const uint8_t *pkt, int pkt_len) | ||
37 | uint32_t checksum; | ||
38 | uint32_t *pchecksum; | ||
39 | |||
40 | + if (pkt_len < ETH_HLEN + sizeof(struct ncsi_pkt_hdr)) { | ||
41 | + return; /* packet too short */ | ||
42 | + } | ||
43 | + | ||
44 | memset(ncsi_reply, 0, sizeof(ncsi_reply)); | ||
45 | |||
46 | memset(reh->h_dest, 0xff, ETH_ALEN); | ||
47 | diff --git a/slirp/src/slirp.c b/slirp/src/slirp.c | ||
48 | index dba7c98..9be58e2 100644 | ||
49 | --- a/slirp/src/slirp.c | ||
50 | +++ b/slirp/src/slirp.c | ||
51 | @@ -756,6 +756,10 @@ static void arp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len) | ||
52 | return; | ||
53 | } | ||
54 | |||
55 | + if (pkt_len < ETH_HLEN + sizeof(struct slirp_arphdr)) { | ||
56 | + return; /* packet too short */ | ||
57 | + } | ||
58 | + | ||
59 | ar_op = ntohs(ah->ar_op); | ||
60 | switch (ar_op) { | ||
61 | case ARPOP_REQUEST: | ||
62 | -- | ||
63 | 2.17.1 | ||
64 | |||
diff --git a/meta/recipes-devtools/qemu/qemu/cross.patch b/meta/recipes-devtools/qemu/qemu/cross.patch new file mode 100644 index 0000000000..438c1ad086 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/cross.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | We need to be able to trigger configure's cross code but we don't want | ||
2 | to set cross_prefix as it does other things we don't want. Patch things | ||
3 | so we can do what we need in the target config case. | ||
4 | |||
5 | Upstream-Status: Inappropriate [may be rewritten in a way upstream may accept?] | ||
6 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
7 | |||
8 | |||
9 | Index: qemu-5.2.0/configure | ||
10 | =================================================================== | ||
11 | --- qemu-5.2.0.orig/configure | ||
12 | +++ qemu-5.2.0/configure | ||
13 | @@ -6973,7 +6973,6 @@ if has $sdl2_config; then | ||
14 | fi | ||
15 | echo "strip = [$(meson_quote $strip)]" >> $cross | ||
16 | echo "windres = [$(meson_quote $windres)]" >> $cross | ||
17 | -if test -n "$cross_prefix"; then | ||
18 | cross_arg="--cross-file config-meson.cross" | ||
19 | echo "[host_machine]" >> $cross | ||
20 | if test "$mingw32" = "yes" ; then | ||
21 | @@ -6999,9 +6998,6 @@ if test -n "$cross_prefix"; then | ||
22 | else | ||
23 | echo "endian = 'little'" >> $cross | ||
24 | fi | ||
25 | -else | ||
26 | - cross_arg="--native-file config-meson.cross" | ||
27 | -fi | ||
28 | mv $cross config-meson.cross | ||
29 | |||
30 | rm -rf meson-private meson-info meson-logs | ||
diff --git a/meta/recipes-devtools/qemu/qemu/find_datadir.patch b/meta/recipes-devtools/qemu/qemu/find_datadir.patch deleted file mode 100644 index 9a4c11267a..0000000000 --- a/meta/recipes-devtools/qemu/qemu/find_datadir.patch +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | qemu: search for datadir as in version 4.2 | ||
2 | |||
3 | os_find_datadir() was changed after the 4.2 release. We need to check for | ||
4 | ../share/qemu relative to the executable because that is where the runqemu | ||
5 | configuration assumes it will be. | ||
6 | |||
7 | Upstream-Status: Submitted [qemu-devel@nongnu.org] | ||
8 | |||
9 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
10 | |||
11 | |||
12 | Index: qemu-5.1.0/os-posix.c | ||
13 | =================================================================== | ||
14 | --- qemu-5.1.0.orig/os-posix.c | ||
15 | +++ qemu-5.1.0/os-posix.c | ||
16 | @@ -82,8 +82,9 @@ void os_setup_signal_handling(void) | ||
17 | |||
18 | /* | ||
19 | * Find a likely location for support files using the location of the binary. | ||
20 | + * Typically, this would be "$bindir/../share/qemu". | ||
21 | * When running from the build tree this will be "$bindir/../pc-bios". | ||
22 | - * Otherwise, this is CONFIG_QEMU_DATADIR. | ||
23 | + * Otherwise, this is CONFIG_QEMU_DATADIR as constructed by configure. | ||
24 | * | ||
25 | * The caller must use g_free() to free the returned data when it is | ||
26 | * no longer required. | ||
27 | @@ -96,6 +97,12 @@ char *os_find_datadir(void) | ||
28 | exec_dir = qemu_get_exec_dir(); | ||
29 | g_return_val_if_fail(exec_dir != NULL, NULL); | ||
30 | |||
31 | + dir = g_build_filename(exec_dir, "..", "share", "qemu", NULL); | ||
32 | + if (g_file_test(dir, G_FILE_TEST_IS_DIR)) { | ||
33 | + return g_steal_pointer(&dir); | ||
34 | + } | ||
35 | + g_free(dir); /* no autofree this time */ | ||
36 | + | ||
37 | dir = g_build_filename(exec_dir, "..", "pc-bios", NULL); | ||
38 | if (g_file_test(dir, G_FILE_TEST_IS_DIR)) { | ||
39 | return g_steal_pointer(&dir); | ||
diff --git a/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch b/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch deleted file mode 100644 index 92801da46f..0000000000 --- a/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch +++ /dev/null | |||
@@ -1,89 +0,0 @@ | |||
1 | CVE: CVE-2020-14364 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
4 | |||
5 | From b946434f2659a182afc17e155be6791ebfb302eb Mon Sep 17 00:00:00 2001 | ||
6 | From: Gerd Hoffmann <kraxel@redhat.com> | ||
7 | Date: Tue, 25 Aug 2020 07:36:36 +0200 | ||
8 | Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364) | ||
9 | |||
10 | Store calculated setup_len in a local variable, verify it, and only | ||
11 | write it to the struct (USBDevice->setup_len) in case it passed the | ||
12 | sanity checks. | ||
13 | |||
14 | This prevents other code (do_token_{in,out} functions specifically) | ||
15 | from working with invalid USBDevice->setup_len values and overrunning | ||
16 | the USBDevice->setup_buf[] buffer. | ||
17 | |||
18 | Fixes: CVE-2020-14364 | ||
19 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
20 | Tested-by: Gonglei <arei.gonglei@huawei.com> | ||
21 | Reviewed-by: Li Qiang <liq3ea@gmail.com> | ||
22 | Message-id: 20200825053636.29648-1-kraxel@redhat.com | ||
23 | --- | ||
24 | hw/usb/core.c | 16 ++++++++++------ | ||
25 | 1 file changed, 10 insertions(+), 6 deletions(-) | ||
26 | |||
27 | diff --git a/hw/usb/core.c b/hw/usb/core.c | ||
28 | index 5abd128b6bc..5234dcc73fe 100644 | ||
29 | --- a/hw/usb/core.c | ||
30 | +++ b/hw/usb/core.c | ||
31 | @@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream) | ||
32 | static void do_token_setup(USBDevice *s, USBPacket *p) | ||
33 | { | ||
34 | int request, value, index; | ||
35 | + unsigned int setup_len; | ||
36 | |||
37 | if (p->iov.size != 8) { | ||
38 | p->status = USB_RET_STALL; | ||
39 | @@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p) | ||
40 | usb_packet_copy(p, s->setup_buf, p->iov.size); | ||
41 | s->setup_index = 0; | ||
42 | p->actual_length = 0; | ||
43 | - s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; | ||
44 | - if (s->setup_len > sizeof(s->data_buf)) { | ||
45 | + setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; | ||
46 | + if (setup_len > sizeof(s->data_buf)) { | ||
47 | fprintf(stderr, | ||
48 | "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", | ||
49 | - s->setup_len, sizeof(s->data_buf)); | ||
50 | + setup_len, sizeof(s->data_buf)); | ||
51 | p->status = USB_RET_STALL; | ||
52 | return; | ||
53 | } | ||
54 | + s->setup_len = setup_len; | ||
55 | |||
56 | request = (s->setup_buf[0] << 8) | s->setup_buf[1]; | ||
57 | value = (s->setup_buf[3] << 8) | s->setup_buf[2]; | ||
58 | @@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p) | ||
59 | static void do_parameter(USBDevice *s, USBPacket *p) | ||
60 | { | ||
61 | int i, request, value, index; | ||
62 | + unsigned int setup_len; | ||
63 | |||
64 | for (i = 0; i < 8; i++) { | ||
65 | s->setup_buf[i] = p->parameter >> (i*8); | ||
66 | } | ||
67 | |||
68 | s->setup_state = SETUP_STATE_PARAM; | ||
69 | - s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; | ||
70 | s->setup_index = 0; | ||
71 | |||
72 | request = (s->setup_buf[0] << 8) | s->setup_buf[1]; | ||
73 | value = (s->setup_buf[3] << 8) | s->setup_buf[2]; | ||
74 | index = (s->setup_buf[5] << 8) | s->setup_buf[4]; | ||
75 | |||
76 | - if (s->setup_len > sizeof(s->data_buf)) { | ||
77 | + setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; | ||
78 | + if (setup_len > sizeof(s->data_buf)) { | ||
79 | fprintf(stderr, | ||
80 | "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", | ||
81 | - s->setup_len, sizeof(s->data_buf)); | ||
82 | + setup_len, sizeof(s->data_buf)); | ||
83 | p->status = USB_RET_STALL; | ||
84 | return; | ||
85 | } | ||
86 | + s->setup_len = setup_len; | ||
87 | |||
88 | if (p->pid == USB_TOKEN_OUT) { | ||
89 | usb_packet_copy(p, s->data_buf, s->setup_len); | ||
diff --git a/meta/recipes-devtools/qemu/qemu_5.1.0.bb b/meta/recipes-devtools/qemu/qemu_5.2.0.bb index 599ff82fc1..7afa66e396 100644 --- a/meta/recipes-devtools/qemu/qemu_5.1.0.bb +++ b/meta/recipes-devtools/qemu/qemu_5.2.0.bb | |||
@@ -6,7 +6,7 @@ require qemu.inc | |||
6 | # void (*_function)(sigval_t); | 6 | # void (*_function)(sigval_t); |
7 | COMPATIBLE_HOST_libc-musl = 'null' | 7 | COMPATIBLE_HOST_libc-musl = 'null' |
8 | 8 | ||
9 | DEPENDS = "glib-2.0 zlib pixman bison-native" | 9 | DEPENDS = "glib-2.0 zlib pixman bison-native ninja-native meson-native" |
10 | 10 | ||
11 | RDEPENDS_${PN}_class-target += "bash" | 11 | RDEPENDS_${PN}_class-target += "bash" |
12 | 12 | ||