4 files changed, 194 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/files/0001-Back-porting-security-fix-CVE-2014-5388.patch b/meta/recipes-devtools/qemu/files/0001-Back-porting-security-fix-CVE-2014-5388.patch
new file mode 100644
index 0000000000..ec541fa668
--- /dev/null
+++ b/meta/recipes-devtools/qemu/files/0001-Back-porting-security-fix-CVE-2014-5388.patch
@@ -0,0 +1,30 @@
+Prevent out-of-bounds array access on
+acpi_pcihp_pci_status.
+Upstream-Status: Backport
+Signed-off-by: Gonglei <arei.gonglei@huawei.com>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+v2:
+ - change commit message.
+ - add 'Reviewed-by'
+---
+ hw/acpi/pcihp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
+index fae663a..34dedf1 100644
+--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
+@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size)
+     uint32_t val = 0;
+     int bsel = s->hotplug_select;
+-    if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+    if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
+         return 0;
+     }
+--
+1.7.12.4
diff --git a/meta/recipes-devtools/qemu/files/Qemu-Arm-versatilepb-Add-memory-size-checking.patch b/meta/recipes-devtools/qemu/files/Qemu-Arm-versatilepb-Add-memory-size-checking.patch
new file mode 100644
index 0000000000..7f1c5a9058
--- /dev/null
+++ b/meta/recipes-devtools/qemu/files/Qemu-Arm-versatilepb-Add-memory-size-checking.patch
@@ -0,0 +1,40 @@
+From 896fa02c24347e6e9259812cfda187b1d6ca6199 Mon Sep 17 00:00:00 2001
+From: Jiang Lu <lu.jiang@windriver.com>
+Date: Wed, 13 Nov 2013 10:38:08 +0800
+Subject: [PATCH] Qemu:Arm:versatilepb: Add memory size checking
+The machine can not work with memory over 256M, so add a checking
+at startup. If the memory size exceed 256M, just stop emulation then
+throw out warning about memory limitation.
+Upstream-Status: Pending
+Signed-off-by: Jiang Lu <lu.jiang@windriver.com>
+Updated it on 2014-01-15 for rebasing
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ hw/arm/versatilepb.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
+index b48d84c..ad2cd5a 100644
+--- a/hw/arm/versatilepb.c
+++ b/hw/arm/versatilepb.c
+@@ -199,6 +199,12 @@ static void versatile_init(QEMUMachineInitArgs *args, int board_id)
+         fprintf(stderr, "Unable to find CPU definition\n");
+         exit(1);
+     }
+    if (ram_size > (256 << 20)) {
+        fprintf(stderr,
+                "qemu: Too much memory for this machine: %d MB, maximum 256 MB\n",
+                ((unsigned int)ram_size / (1 << 20)));
+        exit(1);
+    }
+     memory_region_init_ram(ram, NULL, "versatile.ram", machine->ram_size);
+     vmstate_register_ram_global(ram);
+     /* ??? RAM should repeat to fill physical memory space.  */
+-- 
+1.7.10.4
diff --git a/meta/recipes-devtools/qemu/files/exclude-some-arm-EABI-obsolete-syscalls.patch b/meta/recipes-devtools/qemu/files/exclude-some-arm-EABI-obsolete-syscalls.patch
new file mode 100644
index 0000000000..171bda7e95
--- /dev/null
+++ b/meta/recipes-devtools/qemu/files/exclude-some-arm-EABI-obsolete-syscalls.patch
@@ -0,0 +1,93 @@
+[PATCH] exclude some arm EABI obsolete syscalls
+Upstream-Status: Pending
+some syscalls are obsolete and no longer available for EABI, exclude them to
+fix the below error:
+        In file included from qemu-seccomp.c:16:0:
+        qemu-seccomp.c:28:7: error: '__NR_select' undeclared here (not in a function)
+              { SCMP_SYS(select), 252 },
+                ^
+        qemu-seccomp.c:36:7: error: '__NR_mmap' undeclared here (not in a function)
+              { SCMP_SYS(mmap), 247 },
+                ^
+        qemu-seccomp.c:57:7: error: '__NR_getrlimit' undeclared here (not in a function)
+              { SCMP_SYS(getrlimit), 245 },
+                ^
+        qemu-seccomp.c:96:7: error: '__NR_time' undeclared here (not in a function)
+              { SCMP_SYS(time), 245 },
+                ^
+        qemu-seccomp.c:185:7: error: '__NR_alarm' undeclared here (not in a function)
+              { SCMP_SYS(alarm), 241 },
+please refer source files:
+        arch/arm/include/uapi/asm/unistd.h
+or kernel header:
+        /usr/include/asm/unistd.h
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+---
+ qemu-seccomp.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+diff --git a/qemu-seccomp.c b/qemu-seccomp.c
+index caa926e..5a78502 100644
+--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
+@@ -25,15 +25,21 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
+     { SCMP_SYS(timer_settime), 255 },
+     { SCMP_SYS(timer_gettime), 254 },
+     { SCMP_SYS(futex), 253 },
+#if !defined(__ARM_EABI__)
+     { SCMP_SYS(select), 252 },
+    { SCMP_SYS(time), 245 },
+    { SCMP_SYS(alarm), 241 },
+    { SCMP_SYS(getrlimit), 245 },
+    { SCMP_SYS(mmap), 247 },
+    { SCMP_SYS(socketcall), 250 },
+    { SCMP_SYS(ipc), 245 },
+#endif
+     { SCMP_SYS(recvfrom), 251 },
+     { SCMP_SYS(sendto), 250 },
+-    { SCMP_SYS(socketcall), 250 },
+     { SCMP_SYS(read), 249 },
+     { SCMP_SYS(io_submit), 249 },
+     { SCMP_SYS(brk), 248 },
+     { SCMP_SYS(clone), 247 },
+-    { SCMP_SYS(mmap), 247 },
+     { SCMP_SYS(mprotect), 246 },
+     { SCMP_SYS(execve), 245 },
+     { SCMP_SYS(open), 245 },
+@@ -48,13 +54,11 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
+     { SCMP_SYS(bind), 245 },
+     { SCMP_SYS(listen), 245 },
+     { SCMP_SYS(semget), 245 },
+-    { SCMP_SYS(ipc), 245 },
+     { SCMP_SYS(gettimeofday), 245 },
+     { SCMP_SYS(readlink), 245 },
+     { SCMP_SYS(access), 245 },
+     { SCMP_SYS(prctl), 245 },
+     { SCMP_SYS(signalfd), 245 },
+-    { SCMP_SYS(getrlimit), 245 },
+     { SCMP_SYS(set_tid_address), 245 },
+     { SCMP_SYS(statfs), 245 },
+     { SCMP_SYS(unlink), 245 },
+@@ -93,7 +97,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
+     { SCMP_SYS(times), 245 },
+     { SCMP_SYS(exit), 245 },
+     { SCMP_SYS(clock_gettime), 245 },
+-    { SCMP_SYS(time), 245 },
+     { SCMP_SYS(restart_syscall), 245 },
+     { SCMP_SYS(pwrite64), 245 },
+     { SCMP_SYS(nanosleep), 245 },
+@@ -182,7 +185,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
+     { SCMP_SYS(lstat64), 241 },
+     { SCMP_SYS(sendfile64), 241 },
+     { SCMP_SYS(ugetrlimit), 241 },
+-    { SCMP_SYS(alarm), 241 },
+     { SCMP_SYS(rt_sigsuspend), 241 },
+     { SCMP_SYS(rt_sigqueueinfo), 241 },
+     { SCMP_SYS(rt_tgsigqueueinfo), 241 },
+-- 
+1.9.1
diff --git a/meta/recipes-devtools/qemu/files/qemu-enlarge-env-entry-size.patch b/meta/recipes-devtools/qemu/files/qemu-enlarge-env-entry-size.patch
new file mode 100644
index 0000000000..c7425ab8d4
--- /dev/null
+++ b/meta/recipes-devtools/qemu/files/qemu-enlarge-env-entry-size.patch
@@ -0,0 +1,31 @@
+qemu: Add addition environment space to boot loader qemu-system-mips 
+Upstream-Status: Inappropriate - OE uses deep paths
+If you create a project with very long directory names like 128 characters
+deep and use NFS, the kernel arguments will be truncated. The kernel will
+accept longer strings such as 1024 bytes, but the qemu boot loader defaulted
+to only 256 bytes. This patch expands the limit.
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ hw/mips/mips_malta.c    |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
+index 9d521cc..17c0391 100644
+--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
+@@ -53,7 +53,7 @@
+ 
+ #define ENVP_ADDR              0x80002000l
+ #define ENVP_NB_ENTRIES                16
+-#define ENVP_ENTRY_SIZE                256
+#define ENVP_ENTRY_SIZE                1024
+ 
+ /* Hardware addresses */
+ #define FLASH_ADDRESS 0x1e000000ULL
+-- 
+1.7.10.4

diff --git a/meta/recipes-devtools/qemu/files/0001-Back-porting-security-fix-CVE-2014-5388.patch b/meta/recipes-devtools/qemu/files/0001-Back-porting-security-fix-CVE-2014-5388.patch new file mode 100644 index 0000000000..ec541fa668 --- /dev/null +++ b/meta/recipes-devtools/qemu/files/0001-Back-porting-security-fix-CVE-2014-5388.patch
@@ -0,0 +1,30 @@
	1	Prevent out-of-bounds array access on
	2	acpi_pcihp_pci_status.
	3
	4	Upstream-Status: Backport
	5
	6	Signed-off-by: Gonglei <arei.gonglei@huawei.com>
	7	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	8	---
	9	v2:
	10	- change commit message.
	11	- add 'Reviewed-by'
	12	---
	13	hw/acpi/pcihp.c \| 2 +-
	14	1 file changed, 1 insertion(+), 1 deletion(-)
	15
	16	diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
	17	index fae663a..34dedf1 100644
	18	--- a/hw/acpi/pcihp.c
	19	+++ b/hw/acpi/pcihp.c
	20	@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size)
	21	uint32_t val = 0;
	22	int bsel = s->hotplug_select;
	23
	24	- if (bsel < 0 \|\| bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
	25	+ if (bsel < 0 \|\| bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
	26	return 0;
	27	}
	28
	29	--
	30	1.7.12.4


diff --git a/meta/recipes-devtools/qemu/files/Qemu-Arm-versatilepb-Add-memory-size-checking.patch b/meta/recipes-devtools/qemu/files/Qemu-Arm-versatilepb-Add-memory-size-checking.patch new file mode 100644 index 0000000000..7f1c5a9058 --- /dev/null +++ b/meta/recipes-devtools/qemu/files/Qemu-Arm-versatilepb-Add-memory-size-checking.patch
@@ -0,0 +1,40 @@
	1	From 896fa02c24347e6e9259812cfda187b1d6ca6199 Mon Sep 17 00:00:00 2001
	2	From: Jiang Lu <lu.jiang@windriver.com>
	3	Date: Wed, 13 Nov 2013 10:38:08 +0800
	4	Subject: [PATCH] Qemu:Arm:versatilepb: Add memory size checking
	5
	6	The machine can not work with memory over 256M, so add a checking
	7	at startup. If the memory size exceed 256M, just stop emulation then
	8	throw out warning about memory limitation.
	9
	10	Upstream-Status: Pending
	11
	12	Signed-off-by: Jiang Lu <lu.jiang@windriver.com>
	13
	14	Updated it on 2014-01-15 for rebasing
	15
	16	Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
	17	---
	18	hw/arm/versatilepb.c \| 6 ++++++
	19	1 file changed, 6 insertions(+)
	20
	21	diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
	22	index b48d84c..ad2cd5a 100644
	23	--- a/hw/arm/versatilepb.c
	24	+++ b/hw/arm/versatilepb.c
	25	@@ -199,6 +199,12 @@ static void versatile_init(QEMUMachineInitArgs *args, int board_id)
	26	fprintf(stderr, "Unable to find CPU definition\n");
	27	exit(1);
	28	}
	29	+ if (ram_size > (256 << 20)) {
	30	+ fprintf(stderr,
	31	+ "qemu: Too much memory for this machine: %d MB, maximum 256 MB\n",
	32	+ ((unsigned int)ram_size / (1 << 20)));
	33	+ exit(1);
	34	+ }
	35	memory_region_init_ram(ram, NULL, "versatile.ram", machine->ram_size);
	36	vmstate_register_ram_global(ram);
	37	/* ??? RAM should repeat to fill physical memory space. */
	38	--
	39	1.7.10.4
	40


diff --git a/meta/recipes-devtools/qemu/files/exclude-some-arm-EABI-obsolete-syscalls.patch b/meta/recipes-devtools/qemu/files/exclude-some-arm-EABI-obsolete-syscalls.patch new file mode 100644 index 0000000000..171bda7e95 --- /dev/null +++ b/meta/recipes-devtools/qemu/files/exclude-some-arm-EABI-obsolete-syscalls.patch
@@ -0,0 +1,93 @@
	1	[PATCH] exclude some arm EABI obsolete syscalls
	2
	3	Upstream-Status: Pending
	4
	5	some syscalls are obsolete and no longer available for EABI, exclude them to
	6	fix the below error:
	7	In file included from qemu-seccomp.c:16:0:
	8	qemu-seccomp.c:28:7: error: '__NR_select' undeclared here (not in a function)
	9	{ SCMP_SYS(select), 252 },
	10	^
	11	qemu-seccomp.c:36:7: error: '__NR_mmap' undeclared here (not in a function)
	12	{ SCMP_SYS(mmap), 247 },
	13	^
	14	qemu-seccomp.c:57:7: error: '__NR_getrlimit' undeclared here (not in a function)
	15	{ SCMP_SYS(getrlimit), 245 },
	16	^
	17	qemu-seccomp.c:96:7: error: '__NR_time' undeclared here (not in a function)
	18	{ SCMP_SYS(time), 245 },
	19	^
	20	qemu-seccomp.c:185:7: error: '__NR_alarm' undeclared here (not in a function)
	21	{ SCMP_SYS(alarm), 241 },
	22
	23	please refer source files:
	24	arch/arm/include/uapi/asm/unistd.h
	25	or kernel header:
	26	/usr/include/asm/unistd.h
	27
	28	Signed-off-by: Roy.Li <rongqing.li@windriver.com>
	29	---
	30	qemu-seccomp.c \| 14 ++++++++------
	31	1 file changed, 8 insertions(+), 6 deletions(-)
	32
	33	diff --git a/qemu-seccomp.c b/qemu-seccomp.c
	34	index caa926e..5a78502 100644
	35	--- a/qemu-seccomp.c
	36	+++ b/qemu-seccomp.c
	37	@@ -25,15 +25,21 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
	38	{ SCMP_SYS(timer_settime), 255 },
	39	{ SCMP_SYS(timer_gettime), 254 },
	40	{ SCMP_SYS(futex), 253 },
	41	+#if !defined(__ARM_EABI__)
	42	{ SCMP_SYS(select), 252 },
	43	+ { SCMP_SYS(time), 245 },
	44	+ { SCMP_SYS(alarm), 241 },
	45	+ { SCMP_SYS(getrlimit), 245 },
	46	+ { SCMP_SYS(mmap), 247 },
	47	+ { SCMP_SYS(socketcall), 250 },
	48	+ { SCMP_SYS(ipc), 245 },
	49	+#endif
	50	{ SCMP_SYS(recvfrom), 251 },
	51	{ SCMP_SYS(sendto), 250 },
	52	- { SCMP_SYS(socketcall), 250 },
	53	{ SCMP_SYS(read), 249 },
	54	{ SCMP_SYS(io_submit), 249 },
	55	{ SCMP_SYS(brk), 248 },
	56	{ SCMP_SYS(clone), 247 },
	57	- { SCMP_SYS(mmap), 247 },
	58	{ SCMP_SYS(mprotect), 246 },
	59	{ SCMP_SYS(execve), 245 },
	60	{ SCMP_SYS(open), 245 },
	61	@@ -48,13 +54,11 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
	62	{ SCMP_SYS(bind), 245 },
	63	{ SCMP_SYS(listen), 245 },
	64	{ SCMP_SYS(semget), 245 },
	65	- { SCMP_SYS(ipc), 245 },
	66	{ SCMP_SYS(gettimeofday), 245 },
	67	{ SCMP_SYS(readlink), 245 },
	68	{ SCMP_SYS(access), 245 },
	69	{ SCMP_SYS(prctl), 245 },
	70	{ SCMP_SYS(signalfd), 245 },
	71	- { SCMP_SYS(getrlimit), 245 },
	72	{ SCMP_SYS(set_tid_address), 245 },
	73	{ SCMP_SYS(statfs), 245 },
	74	{ SCMP_SYS(unlink), 245 },
	75	@@ -93,7 +97,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
	76	{ SCMP_SYS(times), 245 },
	77	{ SCMP_SYS(exit), 245 },
	78	{ SCMP_SYS(clock_gettime), 245 },
	79	- { SCMP_SYS(time), 245 },
	80	{ SCMP_SYS(restart_syscall), 245 },
	81	{ SCMP_SYS(pwrite64), 245 },
	82	{ SCMP_SYS(nanosleep), 245 },
	83	@@ -182,7 +185,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
	84	{ SCMP_SYS(lstat64), 241 },
	85	{ SCMP_SYS(sendfile64), 241 },
	86	{ SCMP_SYS(ugetrlimit), 241 },
	87	- { SCMP_SYS(alarm), 241 },
	88	{ SCMP_SYS(rt_sigsuspend), 241 },
	89	{ SCMP_SYS(rt_sigqueueinfo), 241 },
	90	{ SCMP_SYS(rt_tgsigqueueinfo), 241 },
	91	--
	92	1.9.1
	93


diff --git a/meta/recipes-devtools/qemu/files/qemu-enlarge-env-entry-size.patch b/meta/recipes-devtools/qemu/files/qemu-enlarge-env-entry-size.patch new file mode 100644 index 0000000000..c7425ab8d4 --- /dev/null +++ b/meta/recipes-devtools/qemu/files/qemu-enlarge-env-entry-size.patch
@@ -0,0 +1,31 @@
	1	qemu: Add addition environment space to boot loader qemu-system-mips
	2
	3	Upstream-Status: Inappropriate - OE uses deep paths
	4
	5	If you create a project with very long directory names like 128 characters
	6	deep and use NFS, the kernel arguments will be truncated. The kernel will
	7	accept longer strings such as 1024 bytes, but the qemu boot loader defaulted
	8	to only 256 bytes. This patch expands the limit.
	9
	10	Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
	11	Signed-off-by: Roy Li <rongqing.li@windriver.com>
	12	---
	13	hw/mips/mips_malta.c \| 2 +-
	14	1 files changed, 1 insertions(+), 1 deletions(-)
	15
	16	diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
	17	index 9d521cc..17c0391 100644
	18	--- a/hw/mips/mips_malta.c
	19	+++ b/hw/mips/mips_malta.c
	20	@@ -53,7 +53,7 @@
	21
	22	#define ENVP_ADDR 0x80002000l
	23	#define ENVP_NB_ENTRIES 16
	24	-#define ENVP_ENTRY_SIZE 256
	25	+#define ENVP_ENTRY_SIZE 1024
	26
	27	/* Hardware addresses */
	28	#define FLASH_ADDRESS 0x1e000000ULL
	29	--
	30	1.7.10.4
	31