summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2016-03-09 22:49:02 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-03-10 23:13:54 +0000
commit3331992a27f48f590efb1188f6507378b6e1d352 (patch)
tree86b2ff20ec0f4668d561cc7b2f63c46e80118059 /meta
parentb578a06564599969891b7ba1274d6b3bb363b27c (diff)
downloadpoky-3331992a27f48f590efb1188f6507378b6e1d352.tar.gz
qemu: Limit paths searched during user mode emulation
By default qemu builds a complete list of directories within the user emulation sysroot (-L option). The OE sysroot directory is large and this is confusing, for example it indexes all pkgdata. In particular this confuses strace of qemu binaries with tons of irrelevant paths. This patch stops the code indexing up front and instead only indexes things if/as/when it needs to. This drastically reduces the files it reads and reduces memory usage and cleans up strace. It would also avoid the infinite directory traversal bug in [YOCTO #6996] although the code could still be vulnerable if it parsed those specific paths. (From OE-Core rev: 9ac5017b3328a18561c2912edfda2d7d97c675f2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-devtools/qemu/qemu/pathlimit.patch137
-rw-r--r--meta/recipes-devtools/qemu/qemu_2.5.0.bb1
2 files changed, 138 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/pathlimit.patch b/meta/recipes-devtools/qemu/qemu/pathlimit.patch
new file mode 100644
index 0000000000..57ab981c61
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/pathlimit.patch
@@ -0,0 +1,137 @@
1By default qemu builds a complete list of directories within the user
2emulation sysroot (-L option). The OE sysroot directory is large and
3this is confusing, for example it indexes all pkgdata. In particular this
4confuses strace of qemu binaries with tons of irrelevant paths.
5
6This patch stops the code indexing up front and instead only indexes
7things if/as/when it needs to. This drastically reduces the files it
8reads and reduces memory usage and cleans up strace.
9
10It would also avoid the infinite directory traversal bug in [YOCTO #6996]
11although the code could still be vulnerable if it parsed those specific
12paths.
13
14RP
152016/3/9
16Upstream-Status: Pending
17
18Index: qemu-2.5.0/util/path.c
19===================================================================
20--- qemu-2.5.0.orig/util/path.c
21+++ qemu-2.5.0/util/path.c
22@@ -19,6 +19,7 @@ struct pathelem
23 char *name;
24 /* Full path name, eg. /usr/gnemul/x86-linux/lib. */
25 char *pathname;
26+ int populated_entries;
27 struct pathelem *parent;
28 /* Children */
29 unsigned int num_entries;
30@@ -49,6 +50,7 @@ static struct pathelem *new_entry(const
31 new->name = g_strdup(name);
32 new->pathname = g_strdup_printf("%s/%s", root, name);
33 new->num_entries = 0;
34+ new->populated_entries = 0;
35 return new;
36 }
37
38@@ -57,15 +59,16 @@ static struct pathelem *new_entry(const
39 /* Not all systems provide this feature */
40 #if defined(DT_DIR) && defined(DT_UNKNOWN) && defined(DT_LNK)
41 # define dirent_type(dirent) ((dirent)->d_type)
42-# define is_dir_maybe(type) \
43- ((type) == DT_DIR || (type) == DT_UNKNOWN || (type) == DT_LNK)
44+# define is_not_dir(type) \
45+ ((type) != DT_DIR && (type) != DT_UNKNOWN && (type) != DT_LNK)
46 #else
47 # define dirent_type(dirent) (1)
48-# define is_dir_maybe(type) (type)
49+# define is_not_dir(type) (0)
50 #endif
51
52 static struct pathelem *add_dir_maybe(struct pathelem *path)
53 {
54+ unsigned int i;
55 DIR *dir;
56
57 if ((dir = opendir(path->pathname)) != NULL) {
58@@ -78,6 +81,11 @@ static struct pathelem *add_dir_maybe(st
59 }
60 closedir(dir);
61 }
62+
63+ for (i = 0; i < path->num_entries; i++)
64+ (path->entries[i])->parent = path;
65+
66+ path->populated_entries = 1;
67 return path;
68 }
69
70@@ -93,26 +101,16 @@ static struct pathelem *add_entry(struct
71 e = &root->entries[root->num_entries-1];
72
73 *e = new_entry(root->pathname, root, name);
74- if (is_dir_maybe(type)) {
75- *e = add_dir_maybe(*e);
76+ if (is_not_dir(type)) {
77+ (*e)->populated_entries = 1;
78 }
79
80 return root;
81 }
82
83-/* This needs to be done after tree is stabilized (ie. no more reallocs!). */
84-static void set_parents(struct pathelem *child, struct pathelem *parent)
85-{
86- unsigned int i;
87-
88- child->parent = parent;
89- for (i = 0; i < child->num_entries; i++)
90- set_parents(child->entries[i], child);
91-}
92-
93 /* FIXME: Doesn't handle DIR/.. where DIR is not in emulated dir. */
94 static const char *
95-follow_path(const struct pathelem *cursor, const char *name)
96+follow_path(struct pathelem *cursor, struct pathelem **source, const char *name)
97 {
98 unsigned int i, namelen;
99
100@@ -123,14 +121,18 @@ follow_path(const struct pathelem *curso
101 return cursor->pathname;
102
103 if (strneq(name, namelen, ".."))
104- return follow_path(cursor->parent, name + namelen);
105+ return follow_path(cursor->parent, &cursor->parent, name + namelen);
106
107 if (strneq(name, namelen, "."))
108- return follow_path(cursor, name + namelen);
109+ return follow_path(cursor, source, name + namelen);
110+
111+ if (!cursor->populated_entries)
112+ *source = add_dir_maybe(cursor);
113+ cursor = *source;
114
115 for (i = 0; i < cursor->num_entries; i++)
116 if (strneq(name, namelen, cursor->entries[i]->name))
117- return follow_path(cursor->entries[i], name + namelen);
118+ return follow_path(cursor->entries[i], &cursor->entries[i], name + namelen);
119
120 /* Not found */
121 return NULL;
122@@ -164,8 +166,6 @@ void init_paths(const char *prefix)
123 g_free(base->name);
124 g_free(base);
125 base = NULL;
126- } else {
127- set_parents(base, base);
128 }
129 }
130
131@@ -177,5 +177,5 @@ const char *path(const char *name)
132 if (!base || !name || name[0] != '/')
133 return name;
134
135- return follow_path(base, name) ?: name;
136+ return follow_path(base, &base, name) ?: name;
137 }
diff --git a/meta/recipes-devtools/qemu/qemu_2.5.0.bb b/meta/recipes-devtools/qemu/qemu_2.5.0.bb
index 4398a18b02..e9d9a8dce7 100644
--- a/meta/recipes-devtools/qemu/qemu_2.5.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.5.0.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
10 file://CVE-2016-1568.patch \ 10 file://CVE-2016-1568.patch \
11 file://CVE-2016-2197.patch \ 11 file://CVE-2016-2197.patch \
12 file://CVE-2016-2198.patch \ 12 file://CVE-2016-2198.patch \
13 file://pathlimit.patch \
13 " 14 "
14SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2" 15SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
15SRC_URI[md5sum] = "f469f2330bbe76e3e39db10e9ac4f8db" 16SRC_URI[md5sum] = "f469f2330bbe76e3e39db10e9ac4f8db"