| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Backport patch from:
https://git.qemu.org/?p=qemu.git;a=patch;h=b946434f2659a182afc17e155be6791ebfb302eb
(From OE-Core rev: 8b4163c4e60f5e96790522e129f84102831feb8e)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 30b0784e2eef9c4d45296857b0792a4374020fab)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Li Wang <Li.Wang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An out-of-bounds read vulnerability was found in the SLiRP networking
implementation of the QEMU emulator. This flaw occurs in the
icmp6_send_echoreply() routine while replying to an ICMP echo request,
also known as ping. This flaw allows a malicious guest to leak the
contents of the host memory, resulting in possible information disclosure.
This flaw affects versions of libslirp before 4.3.1.
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-10756
https://bugzilla.redhat.com/show_bug.cgi?id=1835986
Upstream patches:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c7ede54cbd2e2b25385325600958ba0124e31cc0
(From OE-Core rev: b6d73f9f8c055928051dc57943baf5833568d04f)
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport CVE patch from the upstream:
https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
(From OE-Core rev: ffb65dd34fce4c75b9aa00dc0197bf83198a9980)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 684307688eb0c1a98be8885164ecc8f578a36cf8)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 5ada35d14598505448c16a52e8fe129e72f1ed0b)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fix CVE-2020-7211 for qemu slirp submodule
see :
https://www.openwall.com/lists/oss-security/2020/01/17/2
https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
(From OE-Core rev: 31362d739834377ac4ab880029c3e3dda0cd7698)
(From OE-Core rev: c68323151b9bafb5f52dda6a4bd11712feff2e83)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 5ea3d9d83ed695827634e3216664c13fcff6d48a)
(From OE-Core rev: b7b96bd938cf4167b4abeebb68d35ba74ce0d3c6)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: e69b89575e5ccec243658e09936908dd9e5d45ef)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: dac4545cdf0ab848086da96eac123d0c640cd8b2)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
see https://git.qemu.org/?p=qemu.git;a=commit;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc
(From OE-Core rev: 3e65ad67995874c363863280e40457acc3f479e9)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 82c4fb091199b737722a60d517b694860b6e6ba8)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 81b375ac7851088a671317468a8e2eed69d4a827)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backporting patch from
https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943
to solve CVE-2019-15890.
(From OE-Core rev: 2cccc685cc6359595ef3e943cd03290d8c8866f0)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When PACKAGECONFIG libgcrypt is enabled, we would get the following error.
ERROR: /usr/bin/libgcrypt-config should not be used, use an alternative such as pkg-config
In oe-core, libgcrypt has been turned to be configured with pkg-config instead
of libgcrypt-config, but qemu configure script does not contain pkg-config
related part for libgcrypt to handle it.
(From OE-Core rev: 37bec7c4ea3ebd17366fbd2ec719de401ec36275)
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 50a7dec95618080962e56fd347f505e691b7ad6f)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: ee31907d25bc89dcb6566368aae651920564980c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The build fails on qemu-native if we're using kernels after commit
0768e17073dc527ccd18ed5f96ce85f9985e9115. This adds an upstream
patch that fixes the issue.
(From OE-Core rev: ef3af3a43d137d1e09e3fe4dbe462197fe7af4bc)
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: a0236a8f682ab0e897cd99555b9225bae4fb04ab)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When we updated to QEMU 4.0 we saw a segfault when running tests on the
qemuarm machine. At the time we just reverted the offending patch from
QEMU. Now that the fix has been merged into upstream let's remove that
revert patch and replace it with the correct backport.
(From OE-Core rev: ce0cae5511ce4ba7b9dcc9c6676ec7ea10622cb7)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
Fix some missing or corrupted patch Upstream-Status values.
(From OE-Core rev: 07bc5a5367e0dec45253fd849e0157094152fd31)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit upgrade QEMU to the latest 4.0.0 release.
- The COPYING.LIB file has changed SHA to:
"Synchronize the LGPL 2.1 with the version from gnu.org"
- SDL 1.2 has been removed, along with the --with-sdlabi command line
arg
- The backported patches have been removed
- Al the other patches have been refreshed and the numbering has been
updated
(From OE-Core rev: fed2a0f37a76732cd3de1b127d6902fb16dd4e05)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 0135c0bf2a6cfd43c86d67ad0a0a2eaadc05cc47)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This change fixes a build problem introduced in the recent CVE patches.
(From OE-Core rev: a6882408f5c63d2434d5c1622406c2c212c9bec7)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE: CVE-2018-16872
CVE: CVE-2018-20124
CVE: CVE-2018-20125
CVE: CVE-2018-20126
CVE: CVE-2018-20191
CVE: CVE-2018-20216
Patches 0015-fix-CVE-2018-20124.patch and 0017-fix-CVE-2018-20126.patch
are rebased on current source code. Others are not modified.
(From OE-Core rev: 489ece1aa90d8f76b4c1f009d837f82e38e11ba9)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 7a2645575092684eec4bf7d96185f9e89141f4fe)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
| In file included from /home/alexander/development/poky/build-virgl-gtk-64/tmp/work/x86_64-nativesdk-pokysdk-linux/nativesdk-qemu/3.1.0-r0/qemu-3.1.0/include/ui/egl-context.h:5,
| from /home/alexander/development/poky/build-virgl-gtk-64/tmp/work/x86_64-nativesdk-pokysdk-linux/nativesdk-qemu/3.1.0-r0/qemu-3.1.0/ui/egl-context.c:3:
| /home/alexander/development/poky/build-virgl-gtk-64/tmp/work/x86_64-nativesdk-pokysdk-linux/nativesdk-qemu/3.1.0-r0/qemu-3.1.0/include/ui/egl-helpers.h:46:55: error: unknown type name 'Window'; did you mean 'minor'?
| EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win);
| ^~~~~~
| minor
(From OE-Core rev: 01324f5e741a106cdb4b2989379f71b0b727a224)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Bump QEMU to the latest 3.1 and update the patches.
(From OE-Core rev: eeb918fc9b67a5d252b9d5ad5f3674cc1a45aa7f)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 5c2b164e1022c46f6bf541894429773c3dde7af2)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 1bbaf8d198b121a2a6f033350d1de3baa0a1163c)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 8c02e508dc861ee95a66f3f685d24518a699685b)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 4e37ca369205dccfaf730d6ac4d33c23fb995b5f)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: c03cef42e079e4ed3d1e4f401722778157158bd6)
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* drop patches which are now included upstream
* revert "linux-user: fix mmap/munmap/mprotect/mremap/shma" which is
causing
0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
to stop working and qemu-i386 hanging during gobject-introspection in
webkitgtk when building for qemux86 with musl
(From OE-Core rev: e9d6e09bb51a857ce248f45124548d338a350ba1)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: e8fb42f3a54e8b8d68ae216a48534fa745ea99f1)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
During Qemu guest migration, a destination process invokes ps2
post_load function. In that, if 'rptr' and 'count' values were
invalid, it could lead to OOB access or infinite loop issue.
Add check to avoid it.
(From OE-Core rev: 0d8f68fe43b4da1a0d356fe6bedb52b8f2a02081)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch chardev-connect-socket-to-a-spawned-command.patch calls
"socketpair". This function is missing in mingw, so the patch
needs to be modified accordingly (by conditional compilation using
_WIN32 macro where appropriate), otherwise we end up with a broken
mingw build.
While it is possible to simply remove the whole patch for mingw build
(via a .bbappend file in meta-mingw), it makes more sense to modify
the patch itself.
(From OE-Core rev: 2d955bb53a8ee36c0a648c23293139612f33f97b)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport fix from qemu mainline for intermediate qemuarm64 hang
issue. Root caused in OE environment, issue with aarch64 qemu
logic of executing instructions that reenabe interrupts. See patch
commit message for more details.
Upstream-Status: Backport
(From OE-Core rev: aa33945fc7cf7bfa859c4091bcfa2695c422849b)
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Due to patch fuzz it was applied again in a different place.
(From OE-Core rev: c1596c6a26bc099a5f27f8a7f9feb7d07bd30cd5)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: a5c1069d2c0570186792d61151e1865642afd73a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bump the QEMU version to the bug fix release of 2.11.1 and remove the
patches that are no longer required.
(From OE-Core rev: da7fa8a15dfafd07e5956b69996d99880596c333)
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to
be vulnerable to an unbounded memory allocation issue, as it did not throttle
the framebuffer updates sent to its client. If the client did not consume these
updates, VNC server allocates growing memory to hold onto this data. A malicious
remote VNC client could use this flaw to cause DoS to the server host.
Backport a series of patches from upstream to resolve this.
(From OE-Core rev: a93d8ed1bc97595492abfca92d606e20dbdfa617)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
glibc 2.27 has added memfd_create() but this conflicts with a copy in qemu, so
take a patch from upstream to fix building with glibc 2.27.
(From OE-Core rev: 207733bb875b1a6b932ecd04a34a0ee118511d1f)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use the latest QEMU release 2.11. Remove all patches that are no longer
required as they have been merged into the 2.11 releaese. One patch had
to be updated to apply to the 2.11 tree.
This also applies a linux user patch to avoid webkitgtk build hangs.
(From OE-Core rev: d6d0d99569e0d8b62a61e27d389e7939af45bab9)
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Virtio Vring implementation in QEMU allows local OS guest users to
cause a denial of service (divide-by-zero error and QEMU process crash)
by unsetting vring alignment while updating Virtio rings.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-17381
Upstream patch:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=758ead31c7e17bf17a9ef2e0ca1c3e86ab296b43
(From OE-Core rev: 92a0513837182e2e9aa6c7d4958e495f4b5b4c47)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch chardev-connect-socket-to-a-spawned-command.patch calls
"socketpair". This function is missing in mingw, so the patch
needs to be modified accordingly, otherwise we end up with a broken
mingw build.
While it is possible to simply remove the patch on a recipe level for
mingw platform, it makes more sense to modify the patch itself.
(From OE-Core rev: fd978a5ddf6938404f2043c9f9ede47dcdb47180)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream finally accepted and merged a different approach for
connecting QEMU to swtpm: instead of a custom cuse-tpm device, a
normal chardev connects to swtpm, and that chardev then is used by the
TPM device. For now we have to backport those patches, but the next
major QEMU update will have them.
However, the chardev-connect-socket-to-a-spawned-command.patch is
something that OE will have to carry permanently. It simplifies
starting and stopping swtpm when invoking QEMU through runqemu without
having to teach that script about the additional process. Upstream
rejected the patch because they want to keep the complexity of
starting additional processes out of QEMU.
A recent enough swtpm is needed. The one currently used by
meta-security fails to communicate properly with QEMU, leading to this
failure:
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Failed to send CMD_SET_DATAFD: Input/output error
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Could not cleanly shutdown the TPM: Invalid argument
With a recent enough swtpm, one can create a TPM device like this:
- bitbake swtpm-native
- create a TPM instance and initialize it with:
$ mkdir -p my-machine/myvtpm0
$ tmp*/work/*/swtpm-wrappers-native/*/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
Starting vTPM manufacturing as root:root @ Wed 06 Dec 2017 10:03:14 AM CET
TPM is listening on TCP port 34613.
Successfully created EK.
Successfully authored TPM state.
Ending vTPM manufacturing @ Wed 06 Dec 2017 10:03:14 AM CET
- runqemu "qemuparams=-chardev 'socket,id=chrtpm0,cmd=exec
swtpm_oe.sh socket --terminate --ctrl type=unixio,,clientfd=0
--tpmstate dir=... --log level=10,,file=.../swtpm.log --tpm2'
-tpmdev emulator,id=tpm0,chardev=chrtpm0 -device
tpm-tis,tpmdev=tpm0" ...
Beware that the double commas are intentional. They are needed to
embed commas in the "cmd" value.
swtpm_oe.sh is from swtpm-wrappers-native. In the example it is
invoked without the full path for the sake of brevity. In practice,
one has to use the full
path (tmp*/work/*/swtpm-wrappers-native/*/swtpm_oe.sh).
With the TPM2-preview version of swtpm, the same works for TPM2 by
adding the --tpm2 parameter when invoking swtpm_setup_oe.sh and
swtpm_oe.sh.
(From OE-Core rev: 82f37aa4c5152f104897fff04f09ad55c20c2a3f)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
qemuppc boots are occasionally hanging on the autobuilder. This adds a
patch which fixes the issue in local testing. Its being discussed with
upstream qemu.
(From OE-Core rev: 87719e35db08b21cd43ab3ebd72f4567ca0fdc65)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
All CVE patches removed because these are already integrated in 2.10.1.
(From OE-Core rev: ad3e2e2fde557aba0a53bc91d1746518c34b4bd8)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix CVE-2017-13672, CVE-2017-13673, CVE-2017-13711, CVE-2017-14167
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13672
https://nvd.nist.gov/vuln/detail/CVE-2017-13673
https://nvd.nist.gov/vuln/detail/CVE-2017-13711
https://nvd.nist.gov/vuln/detail/CVE-2017-14167
Patches from:
CVE-2017-13672:
https://git.qemu.org/?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681
CVE-2017-13673:
https://git.qemu.org/?p=qemu.git;a=commit;h=e65294157d4b69393b3f819c99f4f647452b48e3
CVE-2017-13711:
https://git.qemu.org/?p=qemu.git;a=commit;h=1201d308519f1e915866d7583d5136d03cc1d384
CVE-2017-14167:
https://git.qemu.org/?p=qemu.git;a=commit;h=ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb
(From OE-Core rev: acc5036a6b74a76d719e6f7224a398f47df4a041)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the following patches since they are unused after qemu update to
2.10:
0001-replace-struct-ucontext-with-ucontext_t-type.patch
CVE-2016-9908.patch
CVE-2016-9912.patch
configure-fix-Darwin-target-detection.patch
(From OE-Core rev: d303f61e28b0ecc2352739a07680bfdeb3544080)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
