| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
| |
Fix some missing or corrupted patch Upstream-Status values.
(From OE-Core rev: 07bc5a5367e0dec45253fd849e0157094152fd31)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit upgrade QEMU to the latest 4.0.0 release.
- The COPYING.LIB file has changed SHA to:
"Synchronize the LGPL 2.1 with the version from gnu.org"
- SDL 1.2 has been removed, along with the --with-sdlabi command line
arg
- The backported patches have been removed
- Al the other patches have been refreshed and the numbering has been
updated
(From OE-Core rev: fed2a0f37a76732cd3de1b127d6902fb16dd4e05)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* vte-native requires host compiler supporting c++17. Some distros we support
ship comilers not supporting c++17 currently.
* oe-self-test 'test_testimage_virgl_gtk' sets
PACKAGECONFIG_append_pn-qemu-system-native = " gtk+". With vte enabled by
'gtk+'-config, build fails on hosts with ancient compilers [1].
* Alexander Kanavin did some tests: Without vte in PACKAGECONFIG there is still
a working terminal available with reduced functionality [2].
* Users wanting 'full' terminal in system-qemu back should add
PACKAGECONFIG_append_pn-qemu-system-native = " vte"
in their local.conf.
The idea of this patch was coming from Ross Burton - thanks!
[1] http://lists.openembedded.org/pipermail/openembedded-core/2019-April/281637.html
[2] http://lists.openembedded.org/pipermail/openembedded-core/2019-April/281727.html
(From OE-Core rev: 78e160ac4b72bc3cfbdd89492c711a318585328b)
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In addition to toggling libsnappy support, this allows a qemu-native
build to explicitly disable snappy support. When building qemu-native,
the configure script will detect libsnappy on the build machine and
improperly enable snappy support. This can corrupt the sstate cache if
the cache is populated with a qemu-native build with snappy improperly
enabled, and the cached qemu-native gets used on another build machine
that does not have libsnappy.
(From OE-Core rev: ceda00d3f918834c2e20983f0231abedb778e65c)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 0135c0bf2a6cfd43c86d67ad0a0a2eaadc05cc47)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
This change fixes a build problem introduced in the recent CVE patches.
(From OE-Core rev: a6882408f5c63d2434d5c1622406c2c212c9bec7)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE: CVE-2018-16872
CVE: CVE-2018-20124
CVE: CVE-2018-20125
CVE: CVE-2018-20126
CVE: CVE-2018-20191
CVE: CVE-2018-20216
Patches 0015-fix-CVE-2018-20124.patch and 0017-fix-CVE-2018-20126.patch
are rebased on current source code. Others are not modified.
(From OE-Core rev: 489ece1aa90d8f76b4c1f009d837f82e38e11ba9)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
As they are not supported, and would lead to build failures.
(From OE-Core rev: ca3b44760b1a56269d9ba0ec814a2aad4b7640f7)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rationale is to streamline the overall build.
The system parts are only needed to run target images, and so can be
built towards the end of the build process. At the same time, the
system parts may need gtk+-native and mesa-native which add significantly
to the build time.
On the other hand, the usermode parts have almost no dependencies
and can be built quickly. They are needed at recipes build time to
run target binaries, and so are required quite early in the typical
build process.
(From OE-Core rev: 4a558a5f2db68538e0edad798ddf48eb9510a7d6)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 7a2645575092684eec4bf7d96185f9e89141f4fe)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GTK_THEME instructs gtk to use its built-in theme. Otherwise
gtk attempts to use the theme from the host, which may be from
a totally mismatching gtk version.
On the other hand FONTCONFIG_PATH tells it to use the host fonts,
as providing fonts in the native sysroot and instructing the components
to use them is a lot more tricky.
GDK_PIXBUF_MODULE_FILE is set, because otherwise qemu works but
fills stdout with error messages, which eventually fill the pipe
they go into. That pipe is read from only when qemu exits (to
collect any error messages) by runqemu script. The pipe fill-up
causes the qemu process to lock up.
(From OE-Core rev: d5b8a65861adba298a9dc2c4e9a7a7da5490073a)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
| In file included from /home/alexander/development/poky/build-virgl-gtk-64/tmp/work/x86_64-nativesdk-pokysdk-linux/nativesdk-qemu/3.1.0-r0/qemu-3.1.0/include/ui/egl-context.h:5,
| from /home/alexander/development/poky/build-virgl-gtk-64/tmp/work/x86_64-nativesdk-pokysdk-linux/nativesdk-qemu/3.1.0-r0/qemu-3.1.0/ui/egl-context.c:3:
| /home/alexander/development/poky/build-virgl-gtk-64/tmp/work/x86_64-nativesdk-pokysdk-linux/nativesdk-qemu/3.1.0-r0/qemu-3.1.0/include/ui/egl-helpers.h:46:55: error: unknown type name 'Window'; did you mean 'minor'?
| EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win);
| ^~~~~~
| minor
(From OE-Core rev: 01324f5e741a106cdb4b2989379f71b0b727a224)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
xgettext/msgmerge is used during do_install() when gtk is enabled:
https://github.com/qemu/qemu/blob/master/Makefile#L743
(From OE-Core rev: 2ae8cae7b047f7ffc2a3820f5388a382f261ae3a)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream dropped support for GTK2 (in v3.1.0) and this flag was dropped.
Relevant upstream commit ID: 89d85cde75143325205e332dd97bf1bb8402d7c1
(From OE-Core rev: 90f5cf92c88d17ee976498a7f2b1d3514acb118b)
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
When building nativesdk- package, MACHINE_FEATURES do not apply as they are
specified only for target machines, not ones hosting the sdk.
(From OE-Core rev: 3ae634853a034a322593d318502ea2ee799556f7)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running qemu for userspace code on unsupported target binaries might
be bad idea because qemu could say running in endless loop instead
of crashing due to illegal instruction or unsupported binary format.
While this is qemu bug we should avoid hitting it by explicitly exiting
from the wrapper when qemu backfill considered for machine.
Behaviour was observed in do_rootfs stage when building on IBM Power 8
host for PowerPC e7400 target.
(From OE-Core rev: a0ebc77ee0b461fc30e704f7dd9e9c2061ef4193)
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Bump QEMU to the latest 3.1 and update the patches.
(From OE-Core rev: eeb918fc9b67a5d252b9d5ad5f3674cc1a45aa7f)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: b5a69bfa8bf0481658bee10cc8ed186166457eee)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 5c2b164e1022c46f6bf541894429773c3dde7af2)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1bbaf8d198b121a2a6f033350d1de3baa0a1163c)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The lm32 architecture does not support linux-user within QEMU as it is
not a Linux supported target.
(From OE-Core rev: 2f6c85da5202cdd0d2da2ce53e0a62b09a711b16)
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 8c02e508dc861ee95a66f3f685d24518a699685b)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: dff0e6de970bb4c858c22874ea19328c670a4ad6)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 4e37ca369205dccfaf730d6ac4d33c23fb995b5f)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 188f4d258587a8bed9c91922ed8d141dbea4232d)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: c03cef42e079e4ed3d1e4f401722778157158bd6)
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously a warning was printed regardless of context and nature
of the failure, and because it was only a warning, it was mostly ignored.
Now, the following is considered when a failure happens:
1) whether we are installing packages into a target image, or populating
a SDK with host or target packages.
2) whether the failure was due to qemu not supporting the target machine.
Accordingly, warnings, notes, and failures are printed, and postponing
to first boot happens if possible.
(From OE-Core rev: a335e78672b1e1ae3ea6427f6a805218e513bb52)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously only one global variant of the script was created,
which caused numerous issues:
1) multilib was not properly supported due to multilib variants each
needing their own version of the qemu binary and library paths to be set
2) nativesdk was not properly supported for the same reason
This patch also moves setting LD_LIBRARY_PATH directly into the
recipe, as passing it down from other recipes did not work when
said recipes were allarch, and adjusts calls to qemuwrapper from
postinst-intercepts, so that its correct variant is selected.
Also, the various qemu fallbacks in qemuwrapper script are all removed,
as they are no longer necessary.
(From OE-Core rev: d10fd6ae3fe46290c6e3a5250878966d9f12ca3f)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
qemu doesn't use autotools, so don't inherit it and just call 'make install'
directly.
No need to alter makefiles anymore, as they appear to respect CFLAGS now.
Remove a chmod of beginend_funcs.sh (a file we patched in, and removed,
many years ago).
(From OE-Core rev: b52a9d108d72ebdf93f2dc51aa6f26ccc890d451)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
* sdl1 since qemu-2.12.0 depends on x11 in DISTRO_FEATURES, switch to sdl2
(From OE-Core rev: b90aaf0ca1bd82cca2f13164407881c53f15739c)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* drop "fdt sdl" listed twice in PACKAGECONFIG
* keep all 3 disabled by default
* spice, usbredir recipes will eventually be in meta-networking layer
(you can use jansa/spice branch from meta-openembedded-contrib repository)
* virglrenderer recipe will eventually be in oe-core layer
(you can use jansa/qemu branch from openembedded-core-contrib repository)
(From OE-Core rev: ebb6ef1dbc7e03a4b7030b3056bd0fa59fdd047b)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* drop patches which are now included upstream
* revert "linux-user: fix mmap/munmap/mprotect/mremap/shma" which is
causing
0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
to stop working and qemu-i386 hanging during gobject-introspection in
webkitgtk when building for qemux86 with musl
(From OE-Core rev: e9d6e09bb51a857ce248f45124548d338a350ba1)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: e8fb42f3a54e8b8d68ae216a48534fa745ea99f1)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During Qemu guest migration, a destination process invokes ps2
post_load function. In that, if 'rptr' and 'count' values were
invalid, it could lead to OOB access or infinite loop issue.
Add check to avoid it.
(From OE-Core rev: 0d8f68fe43b4da1a0d356fe6bedb52b8f2a02081)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch chardev-connect-socket-to-a-spawned-command.patch calls
"socketpair". This function is missing in mingw, so the patch
needs to be modified accordingly (by conditional compilation using
_WIN32 macro where appropriate), otherwise we end up with a broken
mingw build.
While it is possible to simply remove the whole patch for mingw build
(via a .bbappend file in meta-mingw), it makes more sense to modify
the patch itself.
(From OE-Core rev: 2d955bb53a8ee36c0a648c23293139612f33f97b)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It can be installed to some non standard path in which
case build will be broken.
As python2.7 is specified in HOSTTOOLS we can rely
that it is present in the PATH, so no need to hardcode
it to /usr/bin.
(From OE-Core rev: a200d22b26aded093289cb9150b3f05f76578c83)
Signed-off-by: Ruslan Ruslichenko <rruslich@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 590c2f13325c3f8906850c6e3b71f2fac8ed6336)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport fix from qemu mainline for intermediate qemuarm64 hang
issue. Root caused in OE environment, issue with aarch64 qemu
logic of executing instructions that reenabe interrupts. See patch
commit message for more details.
Upstream-Status: Backport
(From OE-Core rev: aa33945fc7cf7bfa859c4091bcfa2695c422849b)
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Due to patch fuzz it was applied again in a different place.
(From OE-Core rev: c1596c6a26bc099a5f27f8a7f9feb7d07bd30cd5)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: a5c1069d2c0570186792d61151e1865642afd73a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Bump the QEMU version to the bug fix release of 2.11.1 and remove the
patches that are no longer required.
(From OE-Core rev: da7fa8a15dfafd07e5956b69996d99880596c333)
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
[YOCTO #12545]
(From OE-Core rev: 6e5dbb53a7cbd05baf07de62b1abc88dccfd4cb9)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to
be vulnerable to an unbounded memory allocation issue, as it did not throttle
the framebuffer updates sent to its client. If the client did not consume these
updates, VNC server allocates growing memory to hold onto this data. A malicious
remote VNC client could use this flaw to cause DoS to the server host.
Backport a series of patches from upstream to resolve this.
(From OE-Core rev: a93d8ed1bc97595492abfca92d606e20dbdfa617)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
glibc 2.27 has added memfd_create() but this conflicts with a copy in qemu, so
take a patch from upstream to fix building with glibc 2.27.
(From OE-Core rev: 207733bb875b1a6b932ecd04a34a0ee118511d1f)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The packaging has been altered slightly so ensure the dependencies are all still
valid.
(From OE-Core rev: 3328211afdef8ffb00dd4dff1143959d5412b075)
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the latest QEMU release 2.11. Remove all patches that are no longer
required as they have been merged into the 2.11 releaese. One patch had
to be updated to apply to the 2.11 tree.
This also applies a linux user patch to avoid webkitgtk build hangs.
(From OE-Core rev: d6d0d99569e0d8b62a61e27d389e7939af45bab9)
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Virtio Vring implementation in QEMU allows local OS guest users to
cause a denial of service (divide-by-zero error and QEMU process crash)
by unsetting vring alignment while updating Virtio rings.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-17381
Upstream patch:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=758ead31c7e17bf17a9ef2e0ca1c3e86ab296b43
(From OE-Core rev: 92a0513837182e2e9aa6c7d4958e495f4b5b4c47)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch chardev-connect-socket-to-a-spawned-command.patch calls
"socketpair". This function is missing in mingw, so the patch
needs to be modified accordingly, otherwise we end up with a broken
mingw build.
While it is possible to simply remove the patch on a recipe level for
mingw platform, it makes more sense to modify the patch itself.
(From OE-Core rev: fd978a5ddf6938404f2043c9f9ede47dcdb47180)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream finally accepted and merged a different approach for
connecting QEMU to swtpm: instead of a custom cuse-tpm device, a
normal chardev connects to swtpm, and that chardev then is used by the
TPM device. For now we have to backport those patches, but the next
major QEMU update will have them.
However, the chardev-connect-socket-to-a-spawned-command.patch is
something that OE will have to carry permanently. It simplifies
starting and stopping swtpm when invoking QEMU through runqemu without
having to teach that script about the additional process. Upstream
rejected the patch because they want to keep the complexity of
starting additional processes out of QEMU.
A recent enough swtpm is needed. The one currently used by
meta-security fails to communicate properly with QEMU, leading to this
failure:
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Failed to send CMD_SET_DATAFD: Input/output error
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Could not cleanly shutdown the TPM: Invalid argument
With a recent enough swtpm, one can create a TPM device like this:
- bitbake swtpm-native
- create a TPM instance and initialize it with:
$ mkdir -p my-machine/myvtpm0
$ tmp*/work/*/swtpm-wrappers-native/*/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
Starting vTPM manufacturing as root:root @ Wed 06 Dec 2017 10:03:14 AM CET
TPM is listening on TCP port 34613.
Successfully created EK.
Successfully authored TPM state.
Ending vTPM manufacturing @ Wed 06 Dec 2017 10:03:14 AM CET
- runqemu "qemuparams=-chardev 'socket,id=chrtpm0,cmd=exec
swtpm_oe.sh socket --terminate --ctrl type=unixio,,clientfd=0
--tpmstate dir=... --log level=10,,file=.../swtpm.log --tpm2'
-tpmdev emulator,id=tpm0,chardev=chrtpm0 -device
tpm-tis,tpmdev=tpm0" ...
Beware that the double commas are intentional. They are needed to
embed commas in the "cmd" value.
swtpm_oe.sh is from swtpm-wrappers-native. In the example it is
invoked without the full path for the sake of brevity. In practice,
one has to use the full
path (tmp*/work/*/swtpm-wrappers-native/*/swtpm_oe.sh).
With the TPM2-preview version of swtpm, the same works for TPM2 by
adding the --tpm2 parameter when invoking swtpm_setup_oe.sh and
swtpm_oe.sh.
(From OE-Core rev: 82f37aa4c5152f104897fff04f09ad55c20c2a3f)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
It always fail to check the file generated by configure
when running ptest on the target since it's cross-compiling,
so remove the check from the Makefile for ptest.
(From OE-Core rev: 839f5ed91a8061506b1f71661ec4006783146672)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|