From 5c021b4550f77ddc7d32664a08e46ba69d16c2c7 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Wed, 10 May 2017 14:17:33 +0200
Subject: qemu: Upgrade to 2.6.0

(From OE-Core rev: 6c18103e43fd593724f4317a1453a72b0feb6989)

This patch is backported from upstream morty branch:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=morty&id=ff35bfa2420f30cb79995fb4808175b447967c07

Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
---
 .../recipes-devtools/qemu/qemu/CVE-2016-2858.patch | 183 ---------------------
 1 file changed, 183 deletions(-)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch

(limited to 'meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch')

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch
deleted file mode 100644
index d5395e6152..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2016-2858.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-From 60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 Mon Sep 17 00:00:00 2001
-From: Ladi Prosek <lprosek@redhat.com>
-Date: Thu, 3 Mar 2016 09:37:18 +0100
-Subject: [PATCH] rng: add request queue support to rng-random
-
-Requests are now created in the RngBackend parent class and the
-code path is shared by both rng-egd and rng-random.
-
-This commit fixes the rng-random implementation which processed
-only one request at a time and simply discarded all but the most
-recent one. In the guest this manifested as delayed completion
-of reads from virtio-rng, i.e. a read was completed only after
-another read was issued.
-
-By switching rng-random to use the same request queue as rng-egd,
-the unsafe stack-based allocation of the entropy buffer is
-eliminated and replaced with g_malloc.
-
-Signed-off-by: Ladi Prosek <lprosek@redhat.com>
-Reviewed-by: Amit Shah <amit.shah@redhat.com>
-Message-Id: <1456994238-9585-5-git-send-email-lprosek@redhat.com>
-Signed-off-by: Amit Shah <amit.shah@redhat.com>
-
-Upstream-Status: Backport
-CVE: CVE-2016-2858
-
-http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- backends/rng-egd.c    | 16 ++--------------
- backends/rng-random.c | 43 +++++++++++++++++++------------------------
- backends/rng.c        | 13 ++++++++++++-
- include/sysemu/rng.h  |  3 +--
- 4 files changed, 34 insertions(+), 41 deletions(-)
-
-Index: qemu-2.5.0/backends/rng-egd.c
-===================================================================
---- qemu-2.5.0.orig/backends/rng-egd.c
-+++ qemu-2.5.0/backends/rng-egd.c
-@@ -26,20 +26,10 @@ typedef struct RngEgd
-     char *chr_name;
- } RngEgd;
- 
--static void rng_egd_request_entropy(RngBackend *b, size_t size,
--                                    EntropyReceiveFunc *receive_entropy,
--                                    void *opaque)
-+static void rng_egd_request_entropy(RngBackend *b, RngRequest *req)
- {
-     RngEgd *s = RNG_EGD(b);
--    RngRequest *req;
--
--    req = g_malloc(sizeof(*req));
--
--    req->offset = 0;
--    req->size = size;
--    req->receive_entropy = receive_entropy;
--    req->opaque = opaque;
--    req->data = g_malloc(req->size);
-+    size_t size = req->size;
- 
-     while (size > 0) {
-         uint8_t header[2];
-@@ -53,8 +43,6 @@ static void rng_egd_request_entropy(RngB
- 
-         size -= len;
-     }
--
--    s->parent.requests = g_slist_append(s->parent.requests, req);
- }
- 
- static int rng_egd_chr_can_read(void *opaque)
-Index: qemu-2.5.0/backends/rng-random.c
-===================================================================
---- qemu-2.5.0.orig/backends/rng-random.c
-+++ qemu-2.5.0/backends/rng-random.c
-@@ -21,10 +21,6 @@ struct RndRandom
- 
-     int fd;
-     char *filename;
--
--    EntropyReceiveFunc *receive_func;
--    void *opaque;
--    size_t size;
- };
- 
- /**
-@@ -37,36 +33,35 @@ struct RndRandom
- static void entropy_available(void *opaque)
- {
-     RndRandom *s = RNG_RANDOM(opaque);
--    uint8_t buffer[s->size];
--    ssize_t len;
- 
--    len = read(s->fd, buffer, s->size);
--    if (len < 0 && errno == EAGAIN) {
--        return;
--    }
--    g_assert(len != -1);
-+    while (s->parent.requests != NULL) {
-+        RngRequest *req = s->parent.requests->data;
-+        ssize_t len;
-+
-+        len = read(s->fd, req->data, req->size);
-+        if (len < 0 && errno == EAGAIN) {
-+            return;
-+        }
-+        g_assert(len != -1);
-+
-+        req->receive_entropy(req->opaque, req->data, len);
- 
--    s->receive_func(s->opaque, buffer, len);
--    s->receive_func = NULL;
-+        rng_backend_finalize_request(&s->parent, req);
-+    }
- 
-+    /* We've drained all requests, the fd handler can be reset. */
-     qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
- }
- 
--static void rng_random_request_entropy(RngBackend *b, size_t size,
--                                        EntropyReceiveFunc *receive_entropy,
--                                        void *opaque)
-+static void rng_random_request_entropy(RngBackend *b, RngRequest *req)
- {
-     RndRandom *s = RNG_RANDOM(b);
- 
--    if (s->receive_func) {
--        s->receive_func(s->opaque, NULL, 0);
-+    if (s->parent.requests == NULL) {
-+        /* If there are no pending requests yet, we need to
-+         * install our fd handler. */
-+        qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
-     }
--
--    s->receive_func = receive_entropy;
--    s->opaque = opaque;
--    s->size = size;
--
--    qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
- }
- 
- static void rng_random_opened(RngBackend *b, Error **errp)
-Index: qemu-2.5.0/backends/rng.c
-===================================================================
---- qemu-2.5.0.orig/backends/rng.c
-+++ qemu-2.5.0/backends/rng.c
-@@ -19,9 +19,20 @@ void rng_backend_request_entropy(RngBack
-                                  void *opaque)
- {
-     RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
-+    RngRequest *req;
- 
-     if (k->request_entropy) {
--        k->request_entropy(s, size, receive_entropy, opaque);
-+        req = g_malloc(sizeof(*req));
-+
-+        req->offset = 0;
-+        req->size = size;
-+        req->receive_entropy = receive_entropy;
-+        req->opaque = opaque;
-+        req->data = g_malloc(req->size);
-+
-+        k->request_entropy(s, req);
-+
-+        s->requests = g_slist_append(s->requests, req);
-     }
- }
- 
-Index: qemu-2.5.0/include/sysemu/rng.h
-===================================================================
---- qemu-2.5.0.orig/include/sysemu/rng.h
-+++ qemu-2.5.0/include/sysemu/rng.h
-@@ -46,8 +46,7 @@ struct RngBackendClass
- {
-     ObjectClass parent_class;
- 
--    void (*request_entropy)(RngBackend *s, size_t size,
--                            EntropyReceiveFunc *receive_entropy, void *opaque);
-+    void (*request_entropy)(RngBackend *s, RngRequest *req);
- 
-     void (*opened)(RngBackend *s, Error **errp);
- };
-- 
cgit v1.2.3-54-g00ecf