From 69085ccb296b35b0b0ed67c871f0f60106c27a48 Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Thu, 2 May 2019 04:09:27 +0000 Subject: qemu: Upgrade from 3.1.0 to 4.0.0 This commit upgrade QEMU to the latest 4.0.0 release. - The COPYING.LIB file has changed SHA to: "Synchronize the LGPL 2.1 with the version from gnu.org" - SDL 1.2 has been removed, along with the --with-sdlabi command line arg - The backported patches have been removed - Al the other patches have been refreshed and the numbering has been updated (From OE-Core rev: fed2a0f37a76732cd3de1b127d6902fb16dd4e05) Signed-off-by: Alistair Francis Signed-off-by: Richard Purdie --- meta/recipes-devtools/qemu/qemu-native.inc | 4 +- meta/recipes-devtools/qemu/qemu-native_3.1.0.bb | 9 - meta/recipes-devtools/qemu/qemu-native_4.0.0.bb | 9 + .../qemu/qemu-system-native_3.1.0.bb | 23 - .../qemu/qemu-system-native_4.0.0.bb | 24 + meta/recipes-devtools/qemu/qemu.inc | 41 +- .../qemu/qemu/0001-Add-a-missing-X11-include.patch | 65 --- .../0001-egl-headless-add-egl_create_context.patch | 50 --- ...001-qemu-Add-missing-wacom-HID-descriptor.patch | 139 ++++++ ...sdl.c-allow-user-to-disable-pointer-grabs.patch | 72 --- ...age-ptest-which-runs-all-unit-test-cases-.patch | 33 ++ ...002-qemu-Add-missing-wacom-HID-descriptor.patch | 139 ------ ...age-ptest-which-runs-all-unit-test-cases-.patch | 33 -- ...dition-environment-space-to-boot-loader-q.patch | 33 ++ ...dition-environment-space-to-boot-loader-q.patch | 33 -- .../qemu/qemu/0004-qemu-disable-Valgrind.patch | 34 ++ ...paths-searched-during-user-mode-emulation.patch | 146 ++++++ .../qemu/qemu/0005-qemu-disable-Valgrind.patch | 34 -- ...paths-searched-during-user-mode-emulation.patch | 146 ------ ...-set-ld.bfd-fix-cflags-and-set-some-envir.patch | 26 ++ ...ardev-connect-socket-to-a-spawned-command.patch | 239 ++++++++++ ...-set-ld.bfd-fix-cflags-and-set-some-envir.patch | 26 -- .../qemu/0008-apic-fixup-fallthrough-to-PIC.patch | 44 ++ ...ardev-connect-socket-to-a-spawned-command.patch | 240 ---------- .../qemu/0009-apic-fixup-fallthrough-to-PIC.patch | 44 -- ...-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch | 33 ++ ...x-user-fix-mmap-munmap-mprotect-mremap-sh.patch | 142 ++++++ ...-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch | 33 -- ...x-user-fix-mmap-munmap-mprotect-mremap-sh.patch | 142 ------ ...11-fix-libcap-header-issue-on-some-distro.patch | 86 ++++ ...error-messages-when-qemi_cpu_kick_thread-.patch | 74 ++++ ...12-fix-libcap-header-issue-on-some-distro.patch | 86 ---- ...et-arm-Use-vector-operations-for-saturati.patch | 493 +++++++++++++++++++++ ...error-messages-when-qemi_cpu_kick_thread-.patch | 74 ---- .../qemu/qemu/0014-fix-CVE-2018-16872.patch | 85 ---- .../qemu/qemu/0015-fix-CVE-2018-20124.patch | 60 --- .../qemu/qemu/0016-fix-CVE-2018-20125.patch | 54 --- .../qemu/qemu/0017-fix-CVE-2018-20126.patch | 113 ----- .../qemu/qemu/0018-fix-CVE-2018-20191.patch | 47 -- .../qemu/qemu/0019-fix-CVE-2018-20216.patch | 85 ---- .../recipes-devtools/qemu/qemu/CVE-2019-3812.patch | 39 -- meta/recipes-devtools/qemu/qemu_3.1.0.bb | 22 - meta/recipes-devtools/qemu/qemu_4.0.0.bb | 20 + 43 files changed, 1594 insertions(+), 1780 deletions(-) delete mode 100644 meta/recipes-devtools/qemu/qemu-native_3.1.0.bb create mode 100644 meta/recipes-devtools/qemu/qemu-native_4.0.0.bb delete mode 100644 meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb create mode 100644 meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch create mode 100644 meta/recipes-devtools/qemu/qemu/0013-Revert-target-arm-Use-vector-operations-for-saturati.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch delete mode 100644 meta/recipes-devtools/qemu/qemu_3.1.0.bb create mode 100644 meta/recipes-devtools/qemu/qemu_4.0.0.bb (limited to 'meta/recipes-devtools') diff --git a/meta/recipes-devtools/qemu/qemu-native.inc b/meta/recipes-devtools/qemu/qemu-native.inc index 4373ad9e63..34ab8e6401 100644 --- a/meta/recipes-devtools/qemu/qemu-native.inc +++ b/meta/recipes-devtools/qemu/qemu-native.inc @@ -3,8 +3,8 @@ inherit native require qemu.inc SRC_URI_append = " \ - file://0012-fix-libcap-header-issue-on-some-distro.patch \ - file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \ + file://0011-fix-libcap-header-issue-on-some-distro.patch \ + file://0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \ " EXTRA_OECONF_append = " --python=python2.7" diff --git a/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb deleted file mode 100644 index c8acff8e19..0000000000 --- a/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb +++ /dev/null @@ -1,9 +0,0 @@ -BPN = "qemu" - -DEPENDS = "glib-2.0-native zlib-native" - -require qemu-native.inc - -EXTRA_OECONF_append = " --target-list=${@get_qemu_usermode_target_list(d)} --disable-tools --disable-blobs --disable-guest-agent" - -PACKAGECONFIG ??= "" diff --git a/meta/recipes-devtools/qemu/qemu-native_4.0.0.bb b/meta/recipes-devtools/qemu/qemu-native_4.0.0.bb new file mode 100644 index 0000000000..c8acff8e19 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu-native_4.0.0.bb @@ -0,0 +1,9 @@ +BPN = "qemu" + +DEPENDS = "glib-2.0-native zlib-native" + +require qemu-native.inc + +EXTRA_OECONF_append = " --target-list=${@get_qemu_usermode_target_list(d)} --disable-tools --disable-blobs --disable-guest-agent" + +PACKAGECONFIG ??= "" diff --git a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb deleted file mode 100644 index 5bf528bec1..0000000000 --- a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb +++ /dev/null @@ -1,23 +0,0 @@ -BPN = "qemu" - -require qemu-native.inc - -# As some of the files installed by qemu-native and qemu-system-native -# are the same, we depend on qemu-native to get the full installation set -# and avoid file clashes -DEPENDS = "glib-2.0-native zlib-native pixman-native qemu-native" - -EXTRA_OECONF_append = " --target-list=${@get_qemu_system_target_list(d)}" - -PACKAGECONFIG ??= "fdt alsa kvm" - -# Handle distros such as CentOS 5 32-bit that do not have kvm support -PACKAGECONFIG_remove = "${@'kvm' if not os.path.exists('/usr/include/linux/kvm.h') else ''}" - -do_install_append() { - install -Dm 0755 ${WORKDIR}/powerpc_rom.bin ${D}${datadir}/qemu - - # The following is also installed by qemu-native - rm -f ${D}${datadir}/qemu/trace-events-all - rm -rf ${D}${datadir}/qemu/keymaps -} diff --git a/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb new file mode 100644 index 0000000000..820883df65 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb @@ -0,0 +1,24 @@ +BPN = "qemu" + +require qemu-native.inc + +# As some of the files installed by qemu-native and qemu-system-native +# are the same, we depend on qemu-native to get the full installation set +# and avoid file clashes +DEPENDS = "glib-2.0-native zlib-native pixman-native qemu-native" + +EXTRA_OECONF_append = " --target-list=${@get_qemu_system_target_list(d)}" + +PACKAGECONFIG ??= "fdt alsa kvm" + +# Handle distros such as CentOS 5 32-bit that do not have kvm support +PACKAGECONFIG_remove = "${@'kvm' if not os.path.exists('/usr/include/linux/kvm.h') else ''}" + +do_install_append() { + install -Dm 0755 ${WORKDIR}/powerpc_rom.bin ${D}${datadir}/qemu + + # The following is also installed by qemu-native + rm -f ${D}${datadir}/qemu/trace-events-all + rm -rf ${D}${datadir}/qemu/keymaps + rm -rf ${D}${datadir}/icons/ +} diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 3ec141452d..f7b41412ad 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -5,36 +5,27 @@ LICENSE = "GPLv2 & LGPLv2.1" RDEPENDS_${PN}-ptest = "bash make" LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \ - file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913" + file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f" SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://powerpc_rom.bin \ - file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \ - file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \ - file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \ file://run-ptest \ - file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ - file://0005-qemu-disable-Valgrind.patch \ - file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \ - file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \ - file://0008-chardev-connect-socket-to-a-spawned-command.patch \ - file://0009-apic-fixup-fallthrough-to-PIC.patch \ - file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ - file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \ - file://0001-Add-a-missing-X11-include.patch \ - file://0001-egl-headless-add-egl_create_context.patch \ - file://0014-fix-CVE-2018-16872.patch \ - file://0015-fix-CVE-2018-20124.patch \ - file://0016-fix-CVE-2018-20125.patch \ - file://0017-fix-CVE-2018-20126.patch \ - file://0018-fix-CVE-2018-20191.patch \ - file://0019-fix-CVE-2018-20216.patch \ - file://CVE-2019-3812.patch \ + file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \ + file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \ + file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ + file://0004-qemu-disable-Valgrind.patch \ + file://0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch \ + file://0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \ + file://0007-chardev-connect-socket-to-a-spawned-command.patch \ + file://0008-apic-fixup-fallthrough-to-PIC.patch \ + file://0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ + file://0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \ + file://0013-Revert-target-arm-Use-vector-operations-for-saturati.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" -SRC_URI[md5sum] = "fb687ce0b02d3bf4327e36d3b99427a8" -SRC_URI[sha256sum] = "6a0508df079a0a33c2487ca936a56c12122f105b8a96a44374704bef6c69abfc" +SRC_URI[md5sum] = "0afeca336fd57ae3d3086ec07f59d708" +SRC_URI[sha256sum] = "13a93dfe75b86734326f8d5b475fde82ec692d5b5a338b4262aeeb6b0fa4e469" COMPATIBLE_HOST_mipsarchn32 = "null" COMPATIBLE_HOST_mipsarchn64 = "null" @@ -133,7 +124,7 @@ make_qemu_wrapper() { PACKAGECONFIG_remove_darwin = "kvm virglrenderer glx gtk+" PACKAGECONFIG_remove_mingw32 = "kvm virglrenderer glx gtk+" -PACKAGECONFIG[sdl] = "--enable-sdl --with-sdlabi=2.0,--disable-sdl,libsdl2" +PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2" PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr,--disable-virtfs,libcap attr," PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio," PACKAGECONFIG[xfs] = "--enable-xfsctl,--disable-xfsctl,xfsprogs," @@ -169,3 +160,5 @@ PACKAGECONFIG[usb-redir] = "--enable-usb-redir,--disable-usb-redir,usbredir" PACKAGECONFIG[snappy] = "--enable-snappy,--disable-snappy,snappy" INSANE_SKIP_${PN} = "arch" + +FILES_${PN} += "${datadir}/icons" diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch deleted file mode 100644 index 192936e1e7..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch +++ /dev/null @@ -1,65 +0,0 @@ -From eb1a215a4f86dde4493c3e22ad9f6d698850915e Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin -Date: Thu, 20 Dec 2018 18:06:29 +0100 -Subject: [PATCH] egl-helpers.h: do not depend on X11 Window type, use - EGLNativeWindowType - -It was assumed that mesa provides the necessary X11 includes, -but it is not always the case, as it can be configured without x11 support. - -Upstream-Status: Submitted [http://lists.nongnu.org/archive/html/qemu-devel/2019-01/msg03706.html] -Signed-off-by: Alexander Kanavin - ---- - include/ui/egl-helpers.h | 2 +- - ui/egl-helpers.c | 4 ++-- - ui/gtk-egl.c | 2 +- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/include/ui/egl-helpers.h b/include/ui/egl-helpers.h -index 9db7293b..3fc656a7 100644 ---- a/include/ui/egl-helpers.h -+++ b/include/ui/egl-helpers.h -@@ -43,7 +43,7 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf); - - #endif - --EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win); -+EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win); - - int qemu_egl_init_dpy_x11(EGLNativeDisplayType dpy, DisplayGLMode mode); - int qemu_egl_init_dpy_mesa(EGLNativeDisplayType dpy, DisplayGLMode mode); -diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c -index 4f475142..5e115b3f 100644 ---- a/ui/egl-helpers.c -+++ b/ui/egl-helpers.c -@@ -273,14 +273,14 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf) - - /* ---------------------------------------------------------------------- */ - --EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win) -+EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win) - { - EGLSurface esurface; - EGLBoolean b; - - esurface = eglCreateWindowSurface(qemu_egl_display, - qemu_egl_config, -- (EGLNativeWindowType)win, NULL); -+ win, NULL); - if (esurface == EGL_NO_SURFACE) { - error_report("egl: eglCreateWindowSurface failed"); - return NULL; -diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c -index 5420c236..1f941162 100644 ---- a/ui/gtk-egl.c -+++ b/ui/gtk-egl.c -@@ -54,7 +54,7 @@ void gd_egl_init(VirtualConsole *vc) - } - - vc->gfx.ectx = qemu_egl_init_ctx(); -- vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, x11_window); -+ vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, (EGLNativeWindowType)x11_window); - - assert(vc->gfx.esurface); - } diff --git a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch b/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch deleted file mode 100644 index d9326c017a..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 952e5d584f5aabe41298c278065fe628f3f7aa7a Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Thu, 29 Nov 2018 13:35:02 +0100 -Subject: [PATCH] egl-headless: add egl_create_context - -We must set the correct context (via eglMakeCurrent) before -calling qemu_egl_create_context, so we need a thin wrapper and can't -hook qemu_egl_create_context directly as ->dpy_gl_ctx_create callback. - -Reported-by: Frederik Carlier -Signed-off-by: Gerd Hoffmann -Message-id: 20181129123502.30129-1-kraxel@redhat.com - -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=952e5d584f5aabe41298c278065fe628f3f7aa7a] -Signed-off-by: Alexander Kanavin ---- - ui/egl-headless.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/ui/egl-headless.c b/ui/egl-headless.c -index 4cf3bbc0e4..519e7bad32 100644 ---- a/ui/egl-headless.c -+++ b/ui/egl-headless.c -@@ -38,6 +38,14 @@ static void egl_gfx_switch(DisplayChangeListener *dcl, - edpy->ds = new_surface; - } - -+static QEMUGLContext egl_create_context(DisplayChangeListener *dcl, -+ QEMUGLParams *params) -+{ -+ eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE, -+ qemu_egl_rn_ctx); -+ return qemu_egl_create_context(dcl, params); -+} -+ - static void egl_scanout_disable(DisplayChangeListener *dcl) - { - egl_dpy *edpy = container_of(dcl, egl_dpy, dcl); -@@ -150,7 +158,7 @@ static const DisplayChangeListenerOps egl_ops = { - .dpy_gfx_update = egl_gfx_update, - .dpy_gfx_switch = egl_gfx_switch, - -- .dpy_gl_ctx_create = qemu_egl_create_context, -+ .dpy_gl_ctx_create = egl_create_context, - .dpy_gl_ctx_destroy = qemu_egl_destroy_context, - .dpy_gl_ctx_make_current = qemu_egl_make_context_current, - .dpy_gl_ctx_get_current = qemu_egl_get_current_context, --- -2.17.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch new file mode 100644 index 0000000000..5373915ff0 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch @@ -0,0 +1,139 @@ +From 1cb804cf0e47116202011f3386b4739af668224a Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Thu, 27 Nov 2014 14:04:29 +0000 +Subject: [PATCH] qemu: Add missing wacom HID descriptor + +The USB wacom device is missing a HID descriptor which causes it +to fail to operate with recent kernels (e.g. 3.17). + +This patch adds a HID desriptor to the device, based upon one from +real wcom device. + +Signed-off-by: Richard Purdie + +Upstream-Status: Submitted +2014/11/27 + +--- + hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 93 insertions(+), 1 deletion(-) + +diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c +index ac0bc83b..6f9b22d4 100644 +--- a/hw/usb/dev-wacom.c ++++ b/hw/usb/dev-wacom.c +@@ -72,6 +72,89 @@ static const USBDescStrings desc_strings = { + [STR_SERIALNUMBER] = "1", + }; + ++static const uint8_t qemu_tablet_hid_report_descriptor[] = { ++ 0x05, 0x01, /* Usage Page (Generic Desktop) */ ++ 0x09, 0x02, /* Usage (Mouse) */ ++ 0xa1, 0x01, /* Collection (Application) */ ++ 0x85, 0x01, /* Report ID (1) */ ++ 0x09, 0x01, /* Usage (Pointer) */ ++ 0xa1, 0x00, /* Collection (Physical) */ ++ 0x05, 0x09, /* Usage Page (Button) */ ++ 0x19, 0x01, /* Usage Minimum (1) */ ++ 0x29, 0x05, /* Usage Maximum (5) */ ++ 0x15, 0x00, /* Logical Minimum (0) */ ++ 0x25, 0x01, /* Logical Maximum (1) */ ++ 0x95, 0x05, /* Report Count (5) */ ++ 0x75, 0x01, /* Report Size (1) */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0x95, 0x01, /* Report Count (1) */ ++ 0x75, 0x03, /* Report Size (3) */ ++ 0x81, 0x01, /* Input (Constant) */ ++ 0x05, 0x01, /* Usage Page (Generic Desktop) */ ++ 0x09, 0x30, /* Usage (X) */ ++ 0x09, 0x31, /* Usage (Y) */ ++ 0x15, 0x81, /* Logical Minimum (-127) */ ++ 0x25, 0x7f, /* Logical Maximum (127) */ ++ 0x75, 0x08, /* Report Size (8) */ ++ 0x95, 0x02, /* Report Count (2) */ ++ 0x81, 0x06, /* Input (Data, Variable, Relative) */ ++ 0xc0, /* End Collection */ ++ 0xc0, /* End Collection */ ++ 0x05, 0x0d, /* Usage Page (Digitizer) */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0xa1, 0x01, /* Collection (Application) */ ++ 0x85, 0x02, /* Report ID (2) */ ++ 0xa1, 0x00, /* Collection (Physical) */ ++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0x15, 0x00, /* Logical Minimum (0) */ ++ 0x26, 0xff, 0x00, /* Logical Maximum (255) */ ++ 0x75, 0x08, /* Report Size (8) */ ++ 0x95, 0x08, /* Report Count (8) */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0xc0, /* End Collection */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0x85, 0x02, /* Report ID (2) */ ++ 0x95, 0x01, /* Report Count (1) */ ++ 0xb1, 0x02, /* FEATURE (2) */ ++ 0xc0, /* End Collection */ ++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0xa1, 0x01, /* Collection (Application) */ ++ 0x85, 0x02, /* Report ID (2) */ ++ 0x05, 0x0d, /* Usage Page (Digitizer) */ ++ 0x09, 0x22, /* Usage (Finger) */ ++ 0xa1, 0x00, /* Collection (Physical) */ ++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0x15, 0x00, /* Logical Minimum (0) */ ++ 0x26, 0xff, 0x00, /* Logical Maximum */ ++ 0x75, 0x08, /* Report Size (8) */ ++ 0x95, 0x02, /* Report Count (2) */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0x05, 0x01, /* Usage Page (Generic Desktop) */ ++ 0x09, 0x30, /* Usage (X) */ ++ 0x35, 0x00, /* Physical Minimum */ ++ 0x46, 0xe0, 0x2e, /* Physical Maximum */ ++ 0x26, 0xe0, 0x01, /* Logical Maximum */ ++ 0x75, 0x10, /* Report Size (16) */ ++ 0x95, 0x01, /* Report Count (1) */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0x09, 0x31, /* Usage (Y) */ ++ 0x46, 0x40, 0x1f, /* Physical Maximum */ ++ 0x26, 0x40, 0x01, /* Logical Maximum */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0x26, 0xff, 0x00, /* Logical Maximum */ ++ 0x75, 0x08, /* Report Size (8) */ ++ 0x95, 0x0d, /* Report Count (13) */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0xc0, /* End Collection */ ++ 0xc0, /* End Collection */ ++}; ++ ++ + static const USBDescIface desc_iface_wacom = { + .bInterfaceNumber = 0, + .bNumEndpoints = 1, +@@ -89,7 +172,7 @@ static const USBDescIface desc_iface_wacom = { + 0x00, /* u8 country_code */ + 0x01, /* u8 num_descriptors */ + 0x22, /* u8 type: Report */ +- 0x6e, 0, /* u16 len */ ++ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ + }, + }, + }, +@@ -269,6 +352,15 @@ static void usb_wacom_handle_control(USBDevice *dev, USBPacket *p, + } + + switch (request) { ++ case InterfaceRequest | USB_REQ_GET_DESCRIPTOR: ++ switch (value >> 8) { ++ case 0x22: ++ memcpy(data, qemu_tablet_hid_report_descriptor, ++ sizeof(qemu_tablet_hid_report_descriptor)); ++ p->actual_length = sizeof(qemu_tablet_hid_report_descriptor); ++ break; ++ } ++ break; + case WACOM_SET_REPORT: + if (s->mouse_grabbed) { + qemu_remove_mouse_event_handler(s->eh_entry); diff --git a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch b/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch deleted file mode 100644 index 5b9a1f911c..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch +++ /dev/null @@ -1,72 +0,0 @@ -From c53ddb5acbee56db6423f369b9f9a9b62501b4af Mon Sep 17 00:00:00 2001 -From: Ross Burton -Date: Wed, 18 Sep 2013 14:04:54 +0100 -Subject: [PATCH] sdl.c: allow user to disable pointer grabs -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When the pointer enters the Qemu window it calls SDL_WM_GrabInput, which calls -XGrabPointer in a busyloop until it returns GrabSuccess. However if there's already -a pointer grab (screen is locked, a menu is open) then qemu will hang until the -grab can be taken. In the specific case of a headless X server on an autobuilder, once -the screensaver has kicked in any qemu instance that appears underneath the -pointer will hang. - -I'm not entirely sure why pointer grabs are required (the documentation -explicitly says it doesn't do grabs when using a tablet, which we are) so wrap -them in a conditional that can be set by the autobuilder environment, preserving -the current grabbing behaviour for everyone else. - -Upstream-Status: Pending -Signed-off-by: Ross Burton -Signed-off-by: Eric Bénard - ---- - ui/sdl.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/ui/sdl.c b/ui/sdl.c -index 190b16f5..aa89471d 100644 ---- a/ui/sdl.c -+++ b/ui/sdl.c -@@ -69,6 +69,11 @@ static int idle_counter; - static const guint16 *keycode_map; - static size_t keycode_maplen; - -+#ifndef True -+#define True 1 -+#endif -+static doing_grabs = True; -+ - #define SDL_REFRESH_INTERVAL_BUSY 10 - #define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \ - / SDL_REFRESH_INTERVAL_BUSY + 1) -@@ -399,14 +404,16 @@ static void sdl_grab_start(void) - } - } else - sdl_hide_cursor(); -- SDL_WM_GrabInput(SDL_GRAB_ON); -+ if (doing_grabs) -+ SDL_WM_GrabInput(SDL_GRAB_ON); - gui_grab = 1; - sdl_update_caption(); - } - - static void sdl_grab_end(void) - { -- SDL_WM_GrabInput(SDL_GRAB_OFF); -+ if (doing_grabs) -+ SDL_WM_GrabInput(SDL_GRAB_OFF); - gui_grab = 0; - sdl_show_cursor(); - sdl_update_caption(); -@@ -945,6 +952,8 @@ static void sdl1_display_init(DisplayState *ds, DisplayOptions *o) - * This requires SDL >= 1.2.14. */ - setenv("SDL_DISABLE_LOCK_KEYS", "1", 1); - -+ doing_grabs = (getenv("QEMU_DONT_GRAB") == NULL); -+ - flags = SDL_INIT_VIDEO | SDL_INIT_NOPARACHUTE; - if (SDL_Init (flags)) { - fprintf(stderr, "Could not initialize SDL(%s) - exiting\n", diff --git a/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch new file mode 100644 index 0000000000..7b7c5d71a0 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch @@ -0,0 +1,33 @@ +From 281116b31981b0b9e174bda8abe00f4eaa33c2ae Mon Sep 17 00:00:00 2001 +From: Juro Bystricky +Date: Thu, 31 Aug 2017 11:06:56 -0700 +Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for + qemu. + +Upstream-Status: Pending + +Signed-off-by: Kai Kang + +Signed-off-by: Juro Bystricky + +--- + tests/Makefile.include | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/tests/Makefile.include b/tests/Makefile.include +index 36fc73fe..01fecd4d 100644 +--- a/tests/Makefile.include ++++ b/tests/Makefile.include +@@ -1184,4 +1184,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) + -include $(wildcard tests/*.d) + -include $(wildcard tests/libqos/*.d) + ++buildtest-TESTS: $(check-unit-y) ++ ++runtest-TESTS: ++ for f in $(check-unit-y); do \ ++ nf=$$(echo $$f | sed 's/tests\//\.\//g'); \ ++ $$nf; \ ++ done ++ + endif diff --git a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch deleted file mode 100644 index 4de2688838..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 7ac3c84f28866491c58cc0f52a25a706949c8ef3 Mon Sep 17 00:00:00 2001 -From: Richard Purdie -Date: Thu, 27 Nov 2014 14:04:29 +0000 -Subject: [PATCH] qemu: Add missing wacom HID descriptor - -The USB wacom device is missing a HID descriptor which causes it -to fail to operate with recent kernels (e.g. 3.17). - -This patch adds a HID desriptor to the device, based upon one from -real wcom device. - -Signed-off-by: Richard Purdie - -Upstream-Status: Submitted -2014/11/27 - ---- - hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 93 insertions(+), 1 deletion(-) - -diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c -index ac0bc83b..6f9b22d4 100644 ---- a/hw/usb/dev-wacom.c -+++ b/hw/usb/dev-wacom.c -@@ -72,6 +72,89 @@ static const USBDescStrings desc_strings = { - [STR_SERIALNUMBER] = "1", - }; - -+static const uint8_t qemu_tablet_hid_report_descriptor[] = { -+ 0x05, 0x01, /* Usage Page (Generic Desktop) */ -+ 0x09, 0x02, /* Usage (Mouse) */ -+ 0xa1, 0x01, /* Collection (Application) */ -+ 0x85, 0x01, /* Report ID (1) */ -+ 0x09, 0x01, /* Usage (Pointer) */ -+ 0xa1, 0x00, /* Collection (Physical) */ -+ 0x05, 0x09, /* Usage Page (Button) */ -+ 0x19, 0x01, /* Usage Minimum (1) */ -+ 0x29, 0x05, /* Usage Maximum (5) */ -+ 0x15, 0x00, /* Logical Minimum (0) */ -+ 0x25, 0x01, /* Logical Maximum (1) */ -+ 0x95, 0x05, /* Report Count (5) */ -+ 0x75, 0x01, /* Report Size (1) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x95, 0x01, /* Report Count (1) */ -+ 0x75, 0x03, /* Report Size (3) */ -+ 0x81, 0x01, /* Input (Constant) */ -+ 0x05, 0x01, /* Usage Page (Generic Desktop) */ -+ 0x09, 0x30, /* Usage (X) */ -+ 0x09, 0x31, /* Usage (Y) */ -+ 0x15, 0x81, /* Logical Minimum (-127) */ -+ 0x25, 0x7f, /* Logical Maximum (127) */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x02, /* Report Count (2) */ -+ 0x81, 0x06, /* Input (Data, Variable, Relative) */ -+ 0xc0, /* End Collection */ -+ 0xc0, /* End Collection */ -+ 0x05, 0x0d, /* Usage Page (Digitizer) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0xa1, 0x01, /* Collection (Application) */ -+ 0x85, 0x02, /* Report ID (2) */ -+ 0xa1, 0x00, /* Collection (Physical) */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x15, 0x00, /* Logical Minimum (0) */ -+ 0x26, 0xff, 0x00, /* Logical Maximum (255) */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x08, /* Report Count (8) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0xc0, /* End Collection */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x85, 0x02, /* Report ID (2) */ -+ 0x95, 0x01, /* Report Count (1) */ -+ 0xb1, 0x02, /* FEATURE (2) */ -+ 0xc0, /* End Collection */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0xa1, 0x01, /* Collection (Application) */ -+ 0x85, 0x02, /* Report ID (2) */ -+ 0x05, 0x0d, /* Usage Page (Digitizer) */ -+ 0x09, 0x22, /* Usage (Finger) */ -+ 0xa1, 0x00, /* Collection (Physical) */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x15, 0x00, /* Logical Minimum (0) */ -+ 0x26, 0xff, 0x00, /* Logical Maximum */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x02, /* Report Count (2) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x05, 0x01, /* Usage Page (Generic Desktop) */ -+ 0x09, 0x30, /* Usage (X) */ -+ 0x35, 0x00, /* Physical Minimum */ -+ 0x46, 0xe0, 0x2e, /* Physical Maximum */ -+ 0x26, 0xe0, 0x01, /* Logical Maximum */ -+ 0x75, 0x10, /* Report Size (16) */ -+ 0x95, 0x01, /* Report Count (1) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x09, 0x31, /* Usage (Y) */ -+ 0x46, 0x40, 0x1f, /* Physical Maximum */ -+ 0x26, 0x40, 0x01, /* Logical Maximum */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x26, 0xff, 0x00, /* Logical Maximum */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x0d, /* Report Count (13) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0xc0, /* End Collection */ -+ 0xc0, /* End Collection */ -+}; -+ -+ - static const USBDescIface desc_iface_wacom = { - .bInterfaceNumber = 0, - .bNumEndpoints = 1, -@@ -89,7 +172,7 @@ static const USBDescIface desc_iface_wacom = { - 0x00, /* u8 country_code */ - 0x01, /* u8 num_descriptors */ - 0x22, /* u8 type: Report */ -- 0x6e, 0, /* u16 len */ -+ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ - }, - }, - }, -@@ -269,6 +352,15 @@ static void usb_wacom_handle_control(USBDevice *dev, USBPacket *p, - } - - switch (request) { -+ case InterfaceRequest | USB_REQ_GET_DESCRIPTOR: -+ switch (value >> 8) { -+ case 0x22: -+ memcpy(data, qemu_tablet_hid_report_descriptor, -+ sizeof(qemu_tablet_hid_report_descriptor)); -+ p->actual_length = sizeof(qemu_tablet_hid_report_descriptor); -+ break; -+ } -+ break; - case WACOM_SET_REPORT: - if (s->mouse_grabbed) { - qemu_remove_mouse_event_handler(s->eh_entry); diff --git a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch deleted file mode 100644 index 668fc4680c..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch +++ /dev/null @@ -1,33 +0,0 @@ -From aac8834bfd5b79e724f2593895847b50968a1223 Mon Sep 17 00:00:00 2001 -From: Juro Bystricky -Date: Thu, 31 Aug 2017 11:06:56 -0700 -Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for - qemu. - -Upstream-Status: Pending - -Signed-off-by: Kai Kang - -Signed-off-by: Juro Bystricky - ---- - tests/Makefile.include | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/tests/Makefile.include b/tests/Makefile.include -index fb0b449c..afedabd4 100644 ---- a/tests/Makefile.include -+++ b/tests/Makefile.include -@@ -967,4 +967,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) - -include $(wildcard tests/*.d) - -include $(wildcard tests/libqos/*.d) - -+buildtest-TESTS: $(check-unit-y) -+ -+runtest-TESTS: -+ for f in $(check-unit-y); do \ -+ nf=$$(echo $$f | sed 's/tests\//\.\//g'); \ -+ $$nf; \ -+ done -+ - endif diff --git a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch new file mode 100644 index 0000000000..9a18ca18e4 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch @@ -0,0 +1,33 @@ +From bf04acef9ec31ddcc18ddbb4ac5b7b1e7368bf7d Mon Sep 17 00:00:00 2001 +From: Jason Wessel +Date: Fri, 28 Mar 2014 17:42:43 +0800 +Subject: [PATCH] qemu: Add addition environment space to boot loader + qemu-system-mips + +Upstream-Status: Inappropriate - OE uses deep paths + +If you create a project with very long directory names like 128 characters +deep and use NFS, the kernel arguments will be truncated. The kernel will +accept longer strings such as 1024 bytes, but the qemu boot loader defaulted +to only 256 bytes. This patch expands the limit. + +Signed-off-by: Jason Wessel +Signed-off-by: Roy Li + +--- + hw/mips/mips_malta.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c +index 439665ab..285c78ef 100644 +--- a/hw/mips/mips_malta.c ++++ b/hw/mips/mips_malta.c +@@ -60,7 +60,7 @@ + + #define ENVP_ADDR 0x80002000l + #define ENVP_NB_ENTRIES 16 +-#define ENVP_ENTRY_SIZE 256 ++#define ENVP_ENTRY_SIZE 1024 + + /* Hardware addresses */ + #define FLASH_ADDRESS 0x1e000000ULL diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch deleted file mode 100644 index b4d4c587bd..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 3de7a5635093c31dcb960ce9dff27da629b85d4d Mon Sep 17 00:00:00 2001 -From: Jason Wessel -Date: Fri, 28 Mar 2014 17:42:43 +0800 -Subject: [PATCH] qemu: Add addition environment space to boot loader - qemu-system-mips - -Upstream-Status: Inappropriate - OE uses deep paths - -If you create a project with very long directory names like 128 characters -deep and use NFS, the kernel arguments will be truncated. The kernel will -accept longer strings such as 1024 bytes, but the qemu boot loader defaulted -to only 256 bytes. This patch expands the limit. - -Signed-off-by: Jason Wessel -Signed-off-by: Roy Li - ---- - hw/mips/mips_malta.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c -index c1cf0fe1..decffd2f 100644 ---- a/hw/mips/mips_malta.c -+++ b/hw/mips/mips_malta.c -@@ -62,7 +62,7 @@ - - #define ENVP_ADDR 0x80002000l - #define ENVP_NB_ENTRIES 16 --#define ENVP_ENTRY_SIZE 256 -+#define ENVP_ENTRY_SIZE 1024 - - /* Hardware addresses */ - #define FLASH_ADDRESS 0x1e000000ULL diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch new file mode 100644 index 0000000000..9e326081f2 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch @@ -0,0 +1,34 @@ +From e40f797548bc3ff06c71b6cbe042a46406894d18 Mon Sep 17 00:00:00 2001 +From: Ross Burton +Date: Tue, 20 Oct 2015 22:19:08 +0100 +Subject: [PATCH] qemu: disable Valgrind + +There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton + +--- + configure | 9 --------- + 1 file changed, 9 deletions(-) + +diff --git a/configure b/configure +index 1c563a70..eaf9bb5e 100755 +--- a/configure ++++ b/configure +@@ -5311,15 +5311,6 @@ fi + # check if we have valgrind/valgrind.h + + valgrind_h=no +-cat > $TMPC << EOF +-#include +-int main(void) { +- return 0; +-} +-EOF +-if compile_prog "" "" ; then +- valgrind_h=yes +-fi + + ######################################## + # check if environ is declared diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch new file mode 100644 index 0000000000..819720a3f2 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch @@ -0,0 +1,146 @@ +From 547c3710a1493d2fd6bb56b819cf162db433756a Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Wed, 9 Mar 2016 22:49:02 +0000 +Subject: [PATCH] qemu: Limit paths searched during user mode emulation + +By default qemu builds a complete list of directories within the user +emulation sysroot (-L option). The OE sysroot directory is large and +this is confusing, for example it indexes all pkgdata. In particular this +confuses strace of qemu binaries with tons of irrelevant paths. + +This patch stops the code indexing up front and instead only indexes +things if/as/when it needs to. This drastically reduces the files it +reads and reduces memory usage and cleans up strace. + +It would also avoid the infinite directory traversal bug in [YOCTO #6996] +although the code could still be vulnerable if it parsed those specific +paths. + +RP +2016/3/9 +Upstream-Status: Pending + +--- + util/path.c | 44 ++++++++++++++++++++++---------------------- + 1 file changed, 22 insertions(+), 22 deletions(-) + +diff --git a/util/path.c b/util/path.c +index 7f9fc272..a416cd4a 100644 +--- a/util/path.c ++++ b/util/path.c +@@ -15,6 +15,7 @@ struct pathelem + char *name; + /* Full path name, eg. /usr/gnemul/x86-linux/lib. */ + char *pathname; ++ int populated_entries; + struct pathelem *parent; + /* Children */ + unsigned int num_entries; +@@ -45,6 +46,7 @@ static struct pathelem *new_entry(const char *root, + new->name = g_strdup(name); + new->pathname = g_strdup_printf("%s/%s", root, name); + new->num_entries = 0; ++ new->populated_entries = 0; + return new; + } + +@@ -53,15 +55,16 @@ static struct pathelem *new_entry(const char *root, + /* Not all systems provide this feature */ + #if defined(DT_DIR) && defined(DT_UNKNOWN) && defined(DT_LNK) + # define dirent_type(dirent) ((dirent)->d_type) +-# define is_dir_maybe(type) \ +- ((type) == DT_DIR || (type) == DT_UNKNOWN || (type) == DT_LNK) ++# define is_not_dir(type) \ ++ ((type) != DT_DIR && (type) != DT_UNKNOWN && (type) != DT_LNK) + #else + # define dirent_type(dirent) (1) +-# define is_dir_maybe(type) (type) ++# define is_not_dir(type) (0) + #endif + + static struct pathelem *add_dir_maybe(struct pathelem *path) + { ++ unsigned int i; + DIR *dir; + + if ((dir = opendir(path->pathname)) != NULL) { +@@ -74,6 +77,11 @@ static struct pathelem *add_dir_maybe(struct pathelem *path) + } + closedir(dir); + } ++ ++ for (i = 0; i < path->num_entries; i++) ++ (path->entries[i])->parent = path; ++ ++ path->populated_entries = 1; + return path; + } + +@@ -89,26 +97,16 @@ static struct pathelem *add_entry(struct pathelem *root, const char *name, + e = &root->entries[root->num_entries-1]; + + *e = new_entry(root->pathname, root, name); +- if (is_dir_maybe(type)) { +- *e = add_dir_maybe(*e); ++ if (is_not_dir(type)) { ++ (*e)->populated_entries = 1; + } + + return root; + } + +-/* This needs to be done after tree is stabilized (ie. no more reallocs!). */ +-static void set_parents(struct pathelem *child, struct pathelem *parent) +-{ +- unsigned int i; +- +- child->parent = parent; +- for (i = 0; i < child->num_entries; i++) +- set_parents(child->entries[i], child); +-} +- + /* FIXME: Doesn't handle DIR/.. where DIR is not in emulated dir. */ + static const char * +-follow_path(const struct pathelem *cursor, const char *name) ++follow_path(struct pathelem *cursor, struct pathelem **source, const char *name) + { + unsigned int i, namelen; + +@@ -119,14 +117,18 @@ follow_path(const struct pathelem *cursor, const char *name) + return cursor->pathname; + + if (strneq(name, namelen, "..")) +- return follow_path(cursor->parent, name + namelen); ++ return follow_path(cursor->parent, &cursor->parent, name + namelen); + + if (strneq(name, namelen, ".")) +- return follow_path(cursor, name + namelen); ++ return follow_path(cursor, source, name + namelen); ++ ++ if (!cursor->populated_entries) ++ *source = add_dir_maybe(cursor); ++ cursor = *source; + + for (i = 0; i < cursor->num_entries; i++) + if (strneq(name, namelen, cursor->entries[i]->name)) +- return follow_path(cursor->entries[i], name + namelen); ++ return follow_path(cursor->entries[i], &cursor->entries[i], name + namelen); + + /* Not found */ + return NULL; +@@ -160,8 +162,6 @@ void init_paths(const char *prefix) + g_free(base->name); + g_free(base); + base = NULL; +- } else { +- set_parents(base, base); + } + } + +@@ -173,5 +173,5 @@ const char *path(const char *name) + if (!base || !name || name[0] != '/') + return name; + +- return follow_path(base, name) ?: name; ++ return follow_path(base, &base, name) ?: name; + } diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch deleted file mode 100644 index f0cf8148e1..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 32e8a94b6ae664d9b5689e19d495e304c0f41954 Mon Sep 17 00:00:00 2001 -From: Ross Burton -Date: Tue, 20 Oct 2015 22:19:08 +0100 -Subject: [PATCH] qemu: disable Valgrind - -There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds. - -Upstream-Status: Inappropriate -Signed-off-by: Ross Burton - ---- - configure | 9 --------- - 1 file changed, 9 deletions(-) - -diff --git a/configure b/configure -index 0a3c6a72..069e0daa 100755 ---- a/configure -+++ b/configure -@@ -5044,15 +5044,6 @@ fi - # check if we have valgrind/valgrind.h - - valgrind_h=no --cat > $TMPC << EOF --#include --int main(void) { -- return 0; --} --EOF --if compile_prog "" "" ; then -- valgrind_h=yes --fi - - ######################################## - # check if environ is declared diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch deleted file mode 100644 index 4b2f0137eb..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 02f80ee81681b6307a8032128a07686183662270 Mon Sep 17 00:00:00 2001 -From: Richard Purdie -Date: Wed, 9 Mar 2016 22:49:02 +0000 -Subject: [PATCH] qemu: Limit paths searched during user mode emulation - -By default qemu builds a complete list of directories within the user -emulation sysroot (-L option). The OE sysroot directory is large and -this is confusing, for example it indexes all pkgdata. In particular this -confuses strace of qemu binaries with tons of irrelevant paths. - -This patch stops the code indexing up front and instead only indexes -things if/as/when it needs to. This drastically reduces the files it -reads and reduces memory usage and cleans up strace. - -It would also avoid the infinite directory traversal bug in [YOCTO #6996] -although the code could still be vulnerable if it parsed those specific -paths. - -RP -2016/3/9 -Upstream-Status: Pending - ---- - util/path.c | 44 ++++++++++++++++++++++---------------------- - 1 file changed, 22 insertions(+), 22 deletions(-) - -diff --git a/util/path.c b/util/path.c -index 7f9fc272..a416cd4a 100644 ---- a/util/path.c -+++ b/util/path.c -@@ -15,6 +15,7 @@ struct pathelem - char *name; - /* Full path name, eg. /usr/gnemul/x86-linux/lib. */ - char *pathname; -+ int populated_entries; - struct pathelem *parent; - /* Children */ - unsigned int num_entries; -@@ -45,6 +46,7 @@ static struct pathelem *new_entry(const char *root, - new->name = g_strdup(name); - new->pathname = g_strdup_printf("%s/%s", root, name); - new->num_entries = 0; -+ new->populated_entries = 0; - return new; - } - -@@ -53,15 +55,16 @@ static struct pathelem *new_entry(const char *root, - /* Not all systems provide this feature */ - #if defined(DT_DIR) && defined(DT_UNKNOWN) && defined(DT_LNK) - # define dirent_type(dirent) ((dirent)->d_type) --# define is_dir_maybe(type) \ -- ((type) == DT_DIR || (type) == DT_UNKNOWN || (type) == DT_LNK) -+# define is_not_dir(type) \ -+ ((type) != DT_DIR && (type) != DT_UNKNOWN && (type) != DT_LNK) - #else - # define dirent_type(dirent) (1) --# define is_dir_maybe(type) (type) -+# define is_not_dir(type) (0) - #endif - - static struct pathelem *add_dir_maybe(struct pathelem *path) - { -+ unsigned int i; - DIR *dir; - - if ((dir = opendir(path->pathname)) != NULL) { -@@ -74,6 +77,11 @@ static struct pathelem *add_dir_maybe(struct pathelem *path) - } - closedir(dir); - } -+ -+ for (i = 0; i < path->num_entries; i++) -+ (path->entries[i])->parent = path; -+ -+ path->populated_entries = 1; - return path; - } - -@@ -89,26 +97,16 @@ static struct pathelem *add_entry(struct pathelem *root, const char *name, - e = &root->entries[root->num_entries-1]; - - *e = new_entry(root->pathname, root, name); -- if (is_dir_maybe(type)) { -- *e = add_dir_maybe(*e); -+ if (is_not_dir(type)) { -+ (*e)->populated_entries = 1; - } - - return root; - } - --/* This needs to be done after tree is stabilized (ie. no more reallocs!). */ --static void set_parents(struct pathelem *child, struct pathelem *parent) --{ -- unsigned int i; -- -- child->parent = parent; -- for (i = 0; i < child->num_entries; i++) -- set_parents(child->entries[i], child); --} -- - /* FIXME: Doesn't handle DIR/.. where DIR is not in emulated dir. */ - static const char * --follow_path(const struct pathelem *cursor, const char *name) -+follow_path(struct pathelem *cursor, struct pathelem **source, const char *name) - { - unsigned int i, namelen; - -@@ -119,14 +117,18 @@ follow_path(const struct pathelem *cursor, const char *name) - return cursor->pathname; - - if (strneq(name, namelen, "..")) -- return follow_path(cursor->parent, name + namelen); -+ return follow_path(cursor->parent, &cursor->parent, name + namelen); - - if (strneq(name, namelen, ".")) -- return follow_path(cursor, name + namelen); -+ return follow_path(cursor, source, name + namelen); -+ -+ if (!cursor->populated_entries) -+ *source = add_dir_maybe(cursor); -+ cursor = *source; - - for (i = 0; i < cursor->num_entries; i++) - if (strneq(name, namelen, cursor->entries[i]->name)) -- return follow_path(cursor->entries[i], name + namelen); -+ return follow_path(cursor->entries[i], &cursor->entries[i], name + namelen); - - /* Not found */ - return NULL; -@@ -160,8 +162,6 @@ void init_paths(const char *prefix) - g_free(base->name); - g_free(base); - base = NULL; -- } else { -- set_parents(base, base); - } - } - -@@ -173,5 +173,5 @@ const char *path(const char *name) - if (!base || !name || name[0] != '/') - return name; - -- return follow_path(base, name) ?: name; -+ return follow_path(base, &base, name) ?: name; - } diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch new file mode 100644 index 0000000000..b62a588c66 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch @@ -0,0 +1,26 @@ +From 107fd860529a3c1319d54c3c225758457b0d9394 Mon Sep 17 00:00:00 2001 +From: Stephen Arnold +Date: Sun, 12 Jun 2016 18:09:56 -0700 +Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment + +Upstream-Status: Pending + +--- + configure | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/configure b/configure +index eaf9bb5e..de2933d1 100755 +--- a/configure ++++ b/configure +@@ -5928,10 +5928,6 @@ write_c_skeleton + if test "$gcov" = "yes" ; then + CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS" + LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS" +-elif test "$fortify_source" = "yes" ; then +- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" +-elif test "$debug" = "no"; then +- CFLAGS="-O2 $CFLAGS" + fi + + if test "$have_asan" = "yes"; then diff --git a/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch new file mode 100644 index 0000000000..f3f3dc3f5e --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch @@ -0,0 +1,239 @@ +From 136e159482a1bc8676cbe6e767055d0c3fb20065 Mon Sep 17 00:00:00 2001 +From: Alistair Francis +Date: Thu, 21 Dec 2017 11:35:16 -0800 +Subject: [PATCH] chardev: connect socket to a spawned command + +The command is started in a shell (sh -c) with stdin connect to QEMU +via a Unix domain stream socket. QEMU then exchanges data via its own +end of the socket, just like it normally does. + +"-chardev socket" supports some ways of connecting via protocols like +telnet, but that is only a subset of the functionality supported by +tools socat. To use socat instead, for example to connect via a socks +proxy, use: + + -chardev 'socket,id=socat,cmd=exec socat FD:0 SOCKS4A:socks-proxy.localdomain:example.com:9999,,socksuser=nobody' \ + -device usb-serial,chardev=socat + +Beware that commas in the command must be escaped as double commas. + +Or interactively in the console: + (qemu) chardev-add socket,id=cat,cmd=cat + (qemu) device_add usb-serial,chardev=cat + ^ac + # cat >/dev/ttyUSB0 + hello + hello + +Another usage is starting swtpm from inside QEMU. swtpm will +automatically shut down once it looses the connection to the parent +QEMU, so there is no risk of lingering processes: + + -chardev 'socket,id=chrtpm0,cmd=exec swtpm socket --terminate --ctrl type=unixio,,clientfd=0 --tpmstate dir=... --log file=swtpm.log' \ + -tpmdev emulator,id=tpm0,chardev=chrtpm0 \ + -device tpm-tis,tpmdev=tpm0 + +The patch was discussed upstream, but QEMU developers believe that the +code calling QEMU should be responsible for managing additional +processes. In OE-core, that would imply enhancing runqemu and +oeqa. This patch is a simpler solution. + +Because it is not going upstream, the patch was written so that it is +as simple as possible. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Patrick Ohly + +--- + chardev/char-socket.c | 101 ++++++++++++++++++++++++++++++++++++++++++ + chardev/char.c | 3 ++ + qapi/char.json | 5 +++ + 3 files changed, 109 insertions(+) + +diff --git a/chardev/char-socket.c b/chardev/char-socket.c +index 3916505d..a8e9dce8 100644 +--- a/chardev/char-socket.c ++++ b/chardev/char-socket.c +@@ -1273,6 +1273,67 @@ static bool qmp_chardev_validate_socket(ChardevSocket *sock, + return true; + } + ++#ifndef _WIN32 ++static void chardev_open_socket_cmd(Chardev *chr, ++ const char *cmd, ++ Error **errp) ++{ ++ int fds[2] = { -1, -1 }; ++ QIOChannelSocket *sioc = NULL; ++ pid_t pid = -1; ++ const char *argv[] = { "/bin/sh", "-c", cmd, NULL }; ++ ++ /* ++ * We need a Unix domain socket for commands like swtpm and a single ++ * connection, therefore we cannot use qio_channel_command_new_spawn() ++ * without patching it first. Duplicating the functionality is easier. ++ */ ++ if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds)) { ++ error_setg_errno(errp, errno, "Error creating socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC)"); ++ goto error; ++ } ++ ++ pid = qemu_fork(errp); ++ if (pid < 0) { ++ goto error; ++ } ++ ++ if (!pid) { ++ /* child */ ++ dup2(fds[1], STDIN_FILENO); ++ execv(argv[0], (char * const *)argv); ++ _exit(1); ++ } ++ ++ /* ++ * Hand over our end of the socket pair to the qio channel. ++ * ++ * We don't reap the child because it is expected to keep ++ * running. We also don't support the "reconnect" option for the ++ * same reason. ++ */ ++ sioc = qio_channel_socket_new_fd(fds[0], errp); ++ if (!sioc) { ++ goto error; ++ } ++ fds[0] = -1; ++ ++ g_free(chr->filename); ++ chr->filename = g_strdup_printf("cmd:%s", cmd); ++ tcp_chr_new_client(chr, sioc); ++ ++ error: ++ if (fds[0] >= 0) { ++ close(fds[0]); ++ } ++ if (fds[1] >= 0) { ++ close(fds[1]); ++ } ++ if (sioc) { ++ object_unref(OBJECT(sioc)); ++ } ++} ++#endif + + static void qmp_chardev_open_socket(Chardev *chr, + ChardevBackend *backend, +@@ -1281,6 +1342,9 @@ static void qmp_chardev_open_socket(Chardev *chr, + { + SocketChardev *s = SOCKET_CHARDEV(chr); + ChardevSocket *sock = backend->u.socket.data; ++#ifndef _WIN32 ++ const char *cmd = sock->cmd; ++#endif + bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; + bool is_listen = sock->has_server ? sock->server : true; + bool is_telnet = sock->has_telnet ? sock->telnet : false; +@@ -1346,6 +1410,14 @@ static void qmp_chardev_open_socket(Chardev *chr, + + update_disconnected_filename(s); + ++#ifndef _WIN32 ++ if (cmd) { ++ chardev_open_socket_cmd(chr, cmd, errp); ++ ++ /* everything ready (or failed permanently) before we return */ ++ *be_opened = true; ++ } else ++#endif + if (s->is_listen) { + if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270, + is_waitconnect, errp) < 0) { +@@ -1365,9 +1437,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, + const char *host = qemu_opt_get(opts, "host"); + const char *port = qemu_opt_get(opts, "port"); + const char *fd = qemu_opt_get(opts, "fd"); ++#ifndef _WIN32 ++ const char *cmd = qemu_opt_get(opts, "cmd"); ++#endif + SocketAddressLegacy *addr; + ChardevSocket *sock; + ++#ifndef _WIN32 ++ if (cmd) { ++ /* ++ * Here we have to ensure that no options are set which are incompatible with ++ * spawning a command, otherwise unmodified code that doesn't know about ++ * command spawning (like socket_reconnect_timeout()) might get called. ++ */ ++ if (path || sock->server || sock->has_telnet || sock->has_tn3270 || sock->reconnect || host || port || sock->tls_creds) { ++ error_setg(errp, "chardev: socket: cmd does not support any additional options"); ++ return; ++ } ++ } else ++#endif ++ + if ((!!path + !!fd + !!host) != 1) { + error_setg(errp, + "Exactly one of 'path', 'fd' or 'host' required"); +@@ -1410,12 +1499,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, + sock->has_tls_authz = qemu_opt_get(opts, "tls-authz"); + sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz")); + ++#ifndef _WIN32 ++ sock->cmd = g_strdup(cmd); ++#endif ++ + addr = g_new0(SocketAddressLegacy, 1); ++#ifndef _WIN32 ++ if (path || cmd) { ++#else + if (path) { ++#endif + UnixSocketAddress *q_unix; + addr->type = SOCKET_ADDRESS_LEGACY_KIND_UNIX; + q_unix = addr->u.q_unix.data = g_new0(UnixSocketAddress, 1); ++#ifndef _WIN32 ++ q_unix->path = cmd ? g_strdup_printf("cmd:%s", cmd) : g_strdup(path); ++#else + q_unix->path = g_strdup(path); ++#endif + } else if (host) { + addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET; + addr->u.inet.data = g_new(InetSocketAddress, 1); +diff --git a/chardev/char.c b/chardev/char.c +index 514cd6b0..36a40d67 100644 +--- a/chardev/char.c ++++ b/chardev/char.c +@@ -835,6 +835,9 @@ QemuOptsList qemu_chardev_opts = { + },{ + .name = "path", + .type = QEMU_OPT_STRING, ++ },{ ++ .name = "cmd", ++ .type = QEMU_OPT_STRING, + },{ + .name = "host", + .type = QEMU_OPT_STRING, +diff --git a/qapi/char.json b/qapi/char.json +index a6e81ac7..517962c6 100644 +--- a/qapi/char.json ++++ b/qapi/char.json +@@ -247,6 +247,10 @@ + # + # @addr: socket address to listen on (server=true) + # or connect to (server=false) ++# @cmd: command to run via "sh -c" with stdin as one end of ++# a AF_UNIX SOCK_DSTREAM socket pair. The other end ++# is used by the chardev. Either an addr or a cmd can ++# be specified, but not both. + # @tls-creds: the ID of the TLS credentials object (since 2.6) + # @tls-authz: the ID of the QAuthZ authorization object against which + # the client's x509 distinguished name will be validated. This +@@ -272,6 +276,7 @@ + ## + { 'struct': 'ChardevSocket', + 'data': { 'addr': 'SocketAddressLegacy', ++ '*cmd': 'str', + '*tls-creds': 'str', + '*tls-authz' : 'str', + '*server': 'bool', diff --git a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch deleted file mode 100644 index 4163e51884..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 74bce35b71f4733c13e96f96e25956ff943fae20 Mon Sep 17 00:00:00 2001 -From: Stephen Arnold -Date: Sun, 12 Jun 2016 18:09:56 -0700 -Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment - -Upstream-Status: Pending - ---- - configure | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/configure b/configure -index 069e0daa..5b97f3c1 100755 ---- a/configure -+++ b/configure -@@ -5622,10 +5622,6 @@ write_c_skeleton - if test "$gcov" = "yes" ; then - CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS" - LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS" --elif test "$fortify_source" = "yes" ; then -- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" --elif test "$debug" = "no"; then -- CFLAGS="-O2 $CFLAGS" - fi - - if test "$have_asan" = "yes"; then diff --git a/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch new file mode 100644 index 0000000000..13037f33f3 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch @@ -0,0 +1,44 @@ +From 1b3f264e2ba18caf658fae27293c426c8366c6a3 Mon Sep 17 00:00:00 2001 +From: Mark Asselstine +Date: Tue, 26 Feb 2013 11:43:28 -0500 +Subject: [PATCH] apic: fixup fallthrough to PIC + +Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC +interrupts through the local APIC if the local APIC config says so.] +missed a check to ensure the local APIC is enabled. Since if the local +APIC is disabled it doesn't matter what the local APIC config says. + +If this check isn't done and the guest has disabled the local APIC the +guest will receive a general protection fault, similar to what is seen +here: + +https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02304.html + +The GPF is caused by an attempt to service interrupt 0xffffffff. This +comes about since cpu_get_pic_interrupt() calls apic_accept_pic_intr() +(with the local APIC disabled apic_get_interrupt() returns -1). +apic_accept_pic_intr() returns 0 and thus the interrupt number which +is returned from cpu_get_pic_interrupt(), and which is attempted to be +serviced, is -1. + +Signed-off-by: Mark Asselstine +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html] +Signed-off-by: He Zhe + +--- + hw/intc/apic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/intc/apic.c b/hw/intc/apic.c +index 6ea619c3..f892811e 100644 +--- a/hw/intc/apic.c ++++ b/hw/intc/apic.c +@@ -604,7 +604,7 @@ int apic_accept_pic_intr(DeviceState *dev) + APICCommonState *s = APIC(dev); + uint32_t lvt0; + +- if (!s) ++ if (!s || !(s->spurious_vec & APIC_SV_ENABLE)) + return -1; + + lvt0 = s->lvt[APIC_LVT_LINT0]; diff --git a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch deleted file mode 100644 index e5a2d4abca..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch +++ /dev/null @@ -1,240 +0,0 @@ -From 9c1e976290e87a83ab1bfe38eb7ff3521ff0d684 Mon Sep 17 00:00:00 2001 -From: Alistair Francis -Date: Thu, 21 Dec 2017 11:35:16 -0800 -Subject: [PATCH] chardev: connect socket to a spawned command - -The command is started in a shell (sh -c) with stdin connect to QEMU -via a Unix domain stream socket. QEMU then exchanges data via its own -end of the socket, just like it normally does. - -"-chardev socket" supports some ways of connecting via protocols like -telnet, but that is only a subset of the functionality supported by -tools socat. To use socat instead, for example to connect via a socks -proxy, use: - - -chardev 'socket,id=socat,cmd=exec socat FD:0 SOCKS4A:socks-proxy.localdomain:example.com:9999,,socksuser=nobody' \ - -device usb-serial,chardev=socat - -Beware that commas in the command must be escaped as double commas. - -Or interactively in the console: - (qemu) chardev-add socket,id=cat,cmd=cat - (qemu) device_add usb-serial,chardev=cat - ^ac - # cat >/dev/ttyUSB0 - hello - hello - -Another usage is starting swtpm from inside QEMU. swtpm will -automatically shut down once it looses the connection to the parent -QEMU, so there is no risk of lingering processes: - - -chardev 'socket,id=chrtpm0,cmd=exec swtpm socket --terminate --ctrl type=unixio,,clientfd=0 --tpmstate dir=... --log file=swtpm.log' \ - -tpmdev emulator,id=tpm0,chardev=chrtpm0 \ - -device tpm-tis,tpmdev=tpm0 - -The patch was discussed upstream, but QEMU developers believe that the -code calling QEMU should be responsible for managing additional -processes. In OE-core, that would imply enhancing runqemu and -oeqa. This patch is a simpler solution. - -Because it is not going upstream, the patch was written so that it is -as simple as possible. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Patrick Ohly - ---- - chardev/char-socket.c | 102 ++++++++++++++++++++++++++++++++++++++++++ - chardev/char.c | 3 ++ - qapi/char.json | 5 +++ - 3 files changed, 110 insertions(+) - -diff --git a/chardev/char-socket.c b/chardev/char-socket.c -index eaa8e8b6..959ed183 100644 ---- a/chardev/char-socket.c -+++ b/chardev/char-socket.c -@@ -987,6 +987,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque) - return false; - } - -+#ifndef _WIN32 -+static void chardev_open_socket_cmd(Chardev *chr, -+ const char *cmd, -+ Error **errp) -+{ -+ int fds[2] = { -1, -1 }; -+ QIOChannelSocket *sioc = NULL; -+ pid_t pid = -1; -+ const char *argv[] = { "/bin/sh", "-c", cmd, NULL }; -+ -+ /* -+ * We need a Unix domain socket for commands like swtpm and a single -+ * connection, therefore we cannot use qio_channel_command_new_spawn() -+ * without patching it first. Duplicating the functionality is easier. -+ */ -+ if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds)) { -+ error_setg_errno(errp, errno, "Error creating socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC)"); -+ goto error; -+ } -+ -+ pid = qemu_fork(errp); -+ if (pid < 0) { -+ goto error; -+ } -+ -+ if (!pid) { -+ /* child */ -+ dup2(fds[1], STDIN_FILENO); -+ execv(argv[0], (char * const *)argv); -+ _exit(1); -+ } -+ -+ /* -+ * Hand over our end of the socket pair to the qio channel. -+ * -+ * We don't reap the child because it is expected to keep -+ * running. We also don't support the "reconnect" option for the -+ * same reason. -+ */ -+ sioc = qio_channel_socket_new_fd(fds[0], errp); -+ if (!sioc) { -+ goto error; -+ } -+ fds[0] = -1; -+ -+ g_free(chr->filename); -+ chr->filename = g_strdup_printf("cmd:%s", cmd); -+ tcp_chr_new_client(chr, sioc); -+ -+ error: -+ if (fds[0] >= 0) { -+ close(fds[0]); -+ } -+ if (fds[1] >= 0) { -+ close(fds[1]); -+ } -+ if (sioc) { -+ object_unref(OBJECT(sioc)); -+ } -+} -+#endif -+ - static void qmp_chardev_open_socket(Chardev *chr, - ChardevBackend *backend, - bool *be_opened, -@@ -994,6 +1056,9 @@ static void qmp_chardev_open_socket(Chardev *chr, - { - SocketChardev *s = SOCKET_CHARDEV(chr); - ChardevSocket *sock = backend->u.socket.data; -+#ifndef _WIN32 -+ const char *cmd = sock->cmd; -+#endif - bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; - bool is_listen = sock->has_server ? sock->server : true; - bool is_telnet = sock->has_telnet ? sock->telnet : false; -@@ -1072,6 +1137,14 @@ static void qmp_chardev_open_socket(Chardev *chr, - s->reconnect_time = reconnect; - } - -+#ifndef _WIN32 -+ if (cmd) { -+ chardev_open_socket_cmd(chr, cmd, errp); -+ -+ /* everything ready (or failed permanently) before we return */ -+ *be_opened = true; -+ } else -+#endif - if (s->reconnect_time) { - tcp_chr_connect_async(chr); - } else { -@@ -1131,9 +1204,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, - const char *port = qemu_opt_get(opts, "port"); - const char *fd = qemu_opt_get(opts, "fd"); - const char *tls_creds = qemu_opt_get(opts, "tls-creds"); -+#ifndef _WIN32 -+ const char *cmd = qemu_opt_get(opts, "cmd"); -+#endif - SocketAddressLegacy *addr; - ChardevSocket *sock; - -+#ifndef _WIN32 -+ if (cmd) { -+ /* -+ * Here we have to ensure that no options are set which are incompatible with -+ * spawning a command, otherwise unmodified code that doesn't know about -+ * command spawning (like socket_reconnect_timeout()) might get called. -+ */ -+ if (path || is_listen || is_telnet || is_tn3270 || reconnect || host || port || tls_creds) { -+ error_setg(errp, "chardev: socket: cmd does not support any additional options"); -+ return; -+ } -+ } else -+#endif -+ - if ((!!path + !!fd + !!host) != 1) { - error_setg(errp, - "Exactly one of 'path', 'fd' or 'host' required"); -@@ -1180,12 +1270,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, - sock->reconnect = reconnect; - sock->tls_creds = g_strdup(tls_creds); - -+#ifndef _WIN32 -+ sock->cmd = g_strdup(cmd); -+#endif -+ - addr = g_new0(SocketAddressLegacy, 1); -+#ifndef _WIN32 -+ if (path || cmd) { -+#else - if (path) { -+#endif - UnixSocketAddress *q_unix; - addr->type = SOCKET_ADDRESS_LEGACY_KIND_UNIX; - q_unix = addr->u.q_unix.data = g_new0(UnixSocketAddress, 1); -+#ifndef _WIN32 -+ q_unix->path = cmd ? g_strdup_printf("cmd:%s", cmd) : g_strdup(path); -+#else - q_unix->path = g_strdup(path); -+#endif - } else if (host) { - addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET; - addr->u.inet.data = g_new(InetSocketAddress, 1); -diff --git a/chardev/char.c b/chardev/char.c -index 152dde53..62d5b578 100644 ---- a/chardev/char.c -+++ b/chardev/char.c -@@ -818,6 +818,9 @@ QemuOptsList qemu_chardev_opts = { - },{ - .name = "path", - .type = QEMU_OPT_STRING, -+ },{ -+ .name = "cmd", -+ .type = QEMU_OPT_STRING, - },{ - .name = "host", - .type = QEMU_OPT_STRING, -diff --git a/qapi/char.json b/qapi/char.json -index 79bac598..97bd161a 100644 ---- a/qapi/char.json -+++ b/qapi/char.json -@@ -242,6 +242,10 @@ - # - # @addr: socket address to listen on (server=true) - # or connect to (server=false) -+# @cmd: command to run via "sh -c" with stdin as one end of -+# a AF_UNIX SOCK_DSTREAM socket pair. The other end -+# is used by the chardev. Either an addr or a cmd can -+# be specified, but not both. - # @tls-creds: the ID of the TLS credentials object (since 2.6) - # @server: create server socket (default: true) - # @wait: wait for incoming connection on server -@@ -261,6 +265,7 @@ - # Since: 1.4 - ## - { 'struct': 'ChardevSocket', 'data': { 'addr' : 'SocketAddressLegacy', -+ '*cmd' : 'str', - '*tls-creds' : 'str', - '*server' : 'bool', - '*wait' : 'bool', diff --git a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch deleted file mode 100644 index 1d3a2b5b21..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 4829da131996548dc86775b8b97a29c436f3d130 Mon Sep 17 00:00:00 2001 -From: Mark Asselstine -Date: Tue, 26 Feb 2013 11:43:28 -0500 -Subject: [PATCH] apic: fixup fallthrough to PIC - -Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC -interrupts through the local APIC if the local APIC config says so.] -missed a check to ensure the local APIC is enabled. Since if the local -APIC is disabled it doesn't matter what the local APIC config says. - -If this check isn't done and the guest has disabled the local APIC the -guest will receive a general protection fault, similar to what is seen -here: - -https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02304.html - -The GPF is caused by an attempt to service interrupt 0xffffffff. This -comes about since cpu_get_pic_interrupt() calls apic_accept_pic_intr() -(with the local APIC disabled apic_get_interrupt() returns -1). -apic_accept_pic_intr() returns 0 and thus the interrupt number which -is returned from cpu_get_pic_interrupt(), and which is attempted to be -serviced, is -1. - -Signed-off-by: Mark Asselstine -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html] -Signed-off-by: He Zhe - ---- - hw/intc/apic.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/intc/apic.c b/hw/intc/apic.c -index 97ffdd82..ef23430e 100644 ---- a/hw/intc/apic.c -+++ b/hw/intc/apic.c -@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *dev) - APICCommonState *s = APIC(dev); - uint32_t lvt0; - -- if (!s) -+ if (!s || !(s->spurious_vec & APIC_SV_ENABLE)) - return -1; - - lvt0 = s->lvt[APIC_LVT_LINT0]; diff --git a/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch new file mode 100644 index 0000000000..c572ff94d0 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch @@ -0,0 +1,33 @@ +From a33ae91504ea4d254b5ace64a84791d3c96c9773 Mon Sep 17 00:00:00 2001 +From: Alistair Francis +Date: Wed, 17 Jan 2018 10:51:49 -0800 +Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target + +Since commit "linux-user: Tidy and enforce reserved_va initialization" +(18e80c55bb6ec17c05ec0ba717ec83933c2bfc07) the Yocto webkitgtk build +hangs when cross compiling for 32-bit x86 on a 64-bit x86 machine using +musl. + +To fix the issue reduce the MAX_RESERVED_VA macro to be a closer match +to what it was before the problematic commit. + +Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html +Signed-off-by: Alistair Francis + +--- + linux-user/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/linux-user/main.c b/linux-user/main.c +index a0aba9cb..34c54924 100644 +--- a/linux-user/main.c ++++ b/linux-user/main.c +@@ -69,7 +69,7 @@ int have_guest_base; + (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) + /* There are a number of places where we assign reserved_va to a variable + of type abi_ulong and expect it to fit. Avoid the last page. */ +-# define MAX_RESERVED_VA (0xfffffffful & TARGET_PAGE_MASK) ++# define MAX_RESERVED_VA (0x7ffffffful & TARGET_PAGE_MASK) + # else + # define MAX_RESERVED_VA (1ul << TARGET_VIRT_ADDR_SPACE_BITS) + # endif diff --git a/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch b/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch new file mode 100644 index 0000000000..3418eb7c65 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch @@ -0,0 +1,142 @@ +From 2a66bd95c856de6950fbd802c5b99075207c1d76 Mon Sep 17 00:00:00 2001 +From: Martin Jansa +Date: Fri, 1 Jun 2018 08:41:07 +0000 +Subject: [PATCH] Revert "linux-user: fix mmap/munmap/mprotect/mremap/shmat" + +Causes qemu-i386 to hang during gobject-introspection in webkitgtk build +when musl is used on qemux86 - the same issue as +0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch +was fixing in 2.11.0 release, but with this patch the fix no longer worked +as discussed here: +http://lists.openembedded.org/pipermail/openembedded-core/2018-May/150302.html +http://lists.openembedded.org/pipermail/openembedded-core/2018-June/151382.html + +This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583. + +Upstream-Status: Pending + +--- + include/exec/cpu-all.h | 6 +----- + include/exec/cpu_ldst.h | 16 +++++++++------- + linux-user/mmap.c | 17 ++++------------- + linux-user/syscall.c | 5 +---- + 4 files changed, 15 insertions(+), 29 deletions(-) + +diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h +index b16c9ec5..612db6a0 100644 +--- a/include/exec/cpu-all.h ++++ b/include/exec/cpu-all.h +@@ -163,12 +163,8 @@ extern unsigned long guest_base; + extern int have_guest_base; + extern unsigned long reserved_va; + +-#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS +-#define GUEST_ADDR_MAX (~0ul) +-#else +-#define GUEST_ADDR_MAX (reserved_va ? reserved_va - 1 : \ ++#define GUEST_ADDR_MAX (reserved_va ? reserved_va : \ + (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1) +-#endif + #else + + #include "exec/hwaddr.h" +diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h +index d78041d7..845639f7 100644 +--- a/include/exec/cpu_ldst.h ++++ b/include/exec/cpu_ldst.h +@@ -62,13 +62,15 @@ typedef uint64_t abi_ptr; + /* All direct uses of g2h and h2g need to go away for usermode softmmu. */ + #define g2h(x) ((void *)((unsigned long)(abi_ptr)(x) + guest_base)) + +-#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX) +-#define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base) +- +-static inline int guest_range_valid(unsigned long start, unsigned long len) +-{ +- return len - 1 <= GUEST_ADDR_MAX && start <= GUEST_ADDR_MAX - len + 1; +-} ++#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS ++#define h2g_valid(x) 1 ++#else ++#define h2g_valid(x) ({ \ ++ unsigned long __guest = (unsigned long)(x) - guest_base; \ ++ (__guest < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \ ++ (!reserved_va || (__guest < reserved_va)); \ ++}) ++#endif + + #define h2g_nocheck(x) ({ \ + unsigned long __ret = (unsigned long)(x) - guest_base; \ +diff --git a/linux-user/mmap.c b/linux-user/mmap.c +index e0249efe..cfe34b35 100644 +--- a/linux-user/mmap.c ++++ b/linux-user/mmap.c +@@ -79,7 +79,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot) + return -TARGET_EINVAL; + len = TARGET_PAGE_ALIGN(len); + end = start + len; +- if (!guest_range_valid(start, len)) { ++ if (end < start) { + return -TARGET_ENOMEM; + } + prot &= PROT_READ | PROT_WRITE | PROT_EXEC; +@@ -490,8 +490,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, + * It can fail only on 64-bit host with 32-bit target. + * On any other target/host host mmap() handles this error correctly. + */ +- if (!guest_range_valid(start, len)) { +- errno = ENOMEM; ++ if ((unsigned long)start + len - 1 > (abi_ulong) -1) { ++ errno = EINVAL; + goto fail; + } + +@@ -631,10 +631,8 @@ int target_munmap(abi_ulong start, abi_ulong len) + if (start & ~TARGET_PAGE_MASK) + return -TARGET_EINVAL; + len = TARGET_PAGE_ALIGN(len); +- if (len == 0 || !guest_range_valid(start, len)) { ++ if (len == 0) + return -TARGET_EINVAL; +- } +- + mmap_lock(); + end = start + len; + real_start = start & qemu_host_page_mask; +@@ -689,13 +687,6 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, + int prot; + void *host_addr; + +- if (!guest_range_valid(old_addr, old_size) || +- ((flags & MREMAP_FIXED) && +- !guest_range_valid(new_addr, new_size))) { +- errno = ENOMEM; +- return -1; +- } +- + mmap_lock(); + + if (flags & MREMAP_FIXED) { +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index 96cd4bf8..e6754772 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -3860,9 +3860,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env, + return -TARGET_EINVAL; + } + } +- if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) { +- return -TARGET_EINVAL; +- } + + mmap_lock(); + +@@ -6633,7 +6630,7 @@ static int open_self_maps(void *cpu_env, int fd) + } + if (h2g_valid(min)) { + int flags = page_get_flags(h2g(min)); +- max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX) + 1; ++ max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX); + if (page_check_range(h2g(min), max - min, flags) == -1) { + continue; + } diff --git a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch deleted file mode 100644 index c0d7914be0..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch +++ /dev/null @@ -1,33 +0,0 @@ -From bce25c9cda73569963615ffd31ed949cbe3a3781 Mon Sep 17 00:00:00 2001 -From: Alistair Francis -Date: Wed, 17 Jan 2018 10:51:49 -0800 -Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target - -Since commit "linux-user: Tidy and enforce reserved_va initialization" -(18e80c55bb6ec17c05ec0ba717ec83933c2bfc07) the Yocto webkitgtk build -hangs when cross compiling for 32-bit x86 on a 64-bit x86 machine using -musl. - -To fix the issue reduce the MAX_RESERVED_VA macro to be a closer match -to what it was before the problematic commit. - -Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html -Signed-off-by: Alistair Francis - ---- - linux-user/main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/linux-user/main.c b/linux-user/main.c -index 923cbb75..fe0b9ff4 100644 ---- a/linux-user/main.c -+++ b/linux-user/main.c -@@ -69,7 +69,7 @@ int have_guest_base; - (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) - /* There are a number of places where we assign reserved_va to a variable - of type abi_ulong and expect it to fit. Avoid the last page. */ --# define MAX_RESERVED_VA (0xfffffffful & TARGET_PAGE_MASK) -+# define MAX_RESERVED_VA (0x7ffffffful & TARGET_PAGE_MASK) - # else - # define MAX_RESERVED_VA (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - # endif diff --git a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch b/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch deleted file mode 100644 index 066ea7865a..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 496231774f8bc17ecfaf543a6603e3cad3f3f74e Mon Sep 17 00:00:00 2001 -From: Martin Jansa -Date: Fri, 1 Jun 2018 08:41:07 +0000 -Subject: [PATCH] Revert "linux-user: fix mmap/munmap/mprotect/mremap/shmat" - -Causes qemu-i386 to hang during gobject-introspection in webkitgtk build -when musl is used on qemux86 - the same issue as -0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch -was fixing in 2.11.0 release, but with this patch the fix no longer worked -as discussed here: -http://lists.openembedded.org/pipermail/openembedded-core/2018-May/150302.html -http://lists.openembedded.org/pipermail/openembedded-core/2018-June/151382.html - -This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583. - -Upstream-Status: Pending - ---- - include/exec/cpu-all.h | 6 +----- - include/exec/cpu_ldst.h | 16 +++++++++------- - linux-user/mmap.c | 17 ++++------------- - linux-user/syscall.c | 5 +---- - 4 files changed, 15 insertions(+), 29 deletions(-) - -diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h -index 117d2fbb..90558c14 100644 ---- a/include/exec/cpu-all.h -+++ b/include/exec/cpu-all.h -@@ -163,12 +163,8 @@ extern unsigned long guest_base; - extern int have_guest_base; - extern unsigned long reserved_va; - --#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS --#define GUEST_ADDR_MAX (~0ul) --#else --#define GUEST_ADDR_MAX (reserved_va ? reserved_va - 1 : \ -+#define GUEST_ADDR_MAX (reserved_va ? reserved_va : \ - (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1) --#endif - #else - - #include "exec/hwaddr.h" -diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h -index 95906849..ed17b3f6 100644 ---- a/include/exec/cpu_ldst.h -+++ b/include/exec/cpu_ldst.h -@@ -62,13 +62,15 @@ typedef uint64_t abi_ptr; - /* All direct uses of g2h and h2g need to go away for usermode softmmu. */ - #define g2h(x) ((void *)((unsigned long)(abi_ptr)(x) + guest_base)) - --#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX) --#define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base) -- --static inline int guest_range_valid(unsigned long start, unsigned long len) --{ -- return len - 1 <= GUEST_ADDR_MAX && start <= GUEST_ADDR_MAX - len + 1; --} -+#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS -+#define h2g_valid(x) 1 -+#else -+#define h2g_valid(x) ({ \ -+ unsigned long __guest = (unsigned long)(x) - guest_base; \ -+ (__guest < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \ -+ (!reserved_va || (__guest < reserved_va)); \ -+}) -+#endif - - #define h2g_nocheck(x) ({ \ - unsigned long __ret = (unsigned long)(x) - guest_base; \ -diff --git a/linux-user/mmap.c b/linux-user/mmap.c -index 41e0983c..d0ee1c53 100644 ---- a/linux-user/mmap.c -+++ b/linux-user/mmap.c -@@ -79,7 +79,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot) - return -TARGET_EINVAL; - len = TARGET_PAGE_ALIGN(len); - end = start + len; -- if (!guest_range_valid(start, len)) { -+ if (end < start) { - return -TARGET_ENOMEM; - } - prot &= PROT_READ | PROT_WRITE | PROT_EXEC; -@@ -490,8 +490,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, - * It can fail only on 64-bit host with 32-bit target. - * On any other target/host host mmap() handles this error correctly. - */ -- if (!guest_range_valid(start, len)) { -- errno = ENOMEM; -+ if ((unsigned long)start + len - 1 > (abi_ulong) -1) { -+ errno = EINVAL; - goto fail; - } - -@@ -631,10 +631,8 @@ int target_munmap(abi_ulong start, abi_ulong len) - if (start & ~TARGET_PAGE_MASK) - return -TARGET_EINVAL; - len = TARGET_PAGE_ALIGN(len); -- if (len == 0 || !guest_range_valid(start, len)) { -+ if (len == 0) - return -TARGET_EINVAL; -- } -- - mmap_lock(); - end = start + len; - real_start = start & qemu_host_page_mask; -@@ -689,13 +687,6 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, - int prot; - void *host_addr; - -- if (!guest_range_valid(old_addr, old_size) || -- ((flags & MREMAP_FIXED) && -- !guest_range_valid(new_addr, new_size))) { -- errno = ENOMEM; -- return -1; -- } -- - mmap_lock(); - - if (flags & MREMAP_FIXED) { -diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 280137da..efdd0006 100644 ---- a/linux-user/syscall.c -+++ b/linux-user/syscall.c -@@ -3818,9 +3818,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env, - return -TARGET_EINVAL; - } - } -- if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) { -- return -TARGET_EINVAL; -- } - - mmap_lock(); - -@@ -6582,7 +6579,7 @@ static int open_self_maps(void *cpu_env, int fd) - } - if (h2g_valid(min)) { - int flags = page_get_flags(h2g(min)); -- max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX) + 1; -+ max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX); - if (page_check_range(h2g(min), max - min, flags) == -1) { - continue; - } diff --git a/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch b/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch new file mode 100644 index 0000000000..3a7d7bbd33 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch @@ -0,0 +1,86 @@ +From 9125afb733d8c96416bb83c5adad39bb8d0803a1 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia +Date: Tue, 12 Mar 2013 09:54:06 +0800 +Subject: [PATCH] fix libcap header issue on some distro + +1, When build qemu-native on SLED 11.2, there is an error: +... +| In file included from /usr/include/bits/sigcontext.h:28, +| from /usr/include/signal.h:339, +| from /buildarea2/tmp/work/i686-linux/qemu-native/1.4.0-r0/ +qemu-1.4.0/include/qemu-common.h:42, +| from fsdev/virtfs-proxy-helper.c:23: +| /usr/include/asm/sigcontext.h:28: error: expected specifier- +qualifier-list before '__u64' +| /usr/include/asm/sigcontext.h:191: error: expected specifier- +qualifier-list before '__u64' +... + +2, The virtfs-proxy-helper.c includes and +qemu-common.h in sequence. The header include map is: +(`-->' presents `include') +... +"virtfs-proxy-helper.c" --> +... +"virtfs-proxy-helper.c" --> "qemu-common.h" --> --> + --> --> --> + --> --> +... + +3, The bug is found on SLED 11.2 x86. In libcap header file +/usr/include/sys/capability.h, it does evil stuff like this: +... + 25 /* + 26 * Make sure we can be included from userland by preventing + 27 * capability.h from including other kernel headers + 28 */ + 29 #define _LINUX_TYPES_H + 30 #define _LINUX_FS_H + 31 #define __LINUX_COMPILER_H + 32 #define __user + 33 + 34 typedef unsigned int __u32; + 35 typedef __u32 __le32; +... +This completely prevents including /usr/include/linux/types.h. +The above ` --> ' is prevented, +and '__u64' is defined in . + +4, Modify virtfs-proxy-helper.c to include +last to workaround the issue. + +http://www.linuxtv.org/pipermail/vdr/2009-August/021194.html +http://patchwork.linuxtv.org/patch/12748/ + +Upstream-Status: Pending +Signed-off-by: Hongxu Jia + +--- + fsdev/virtfs-proxy-helper.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c +index 6f132c5f..8329950c 100644 +--- a/fsdev/virtfs-proxy-helper.c ++++ b/fsdev/virtfs-proxy-helper.c +@@ -13,7 +13,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -27,7 +26,11 @@ + #include "9p-iov-marshal.h" + #include "hw/9pfs/9p-proxy.h" + #include "fsdev/9p-iov-marshal.h" +- ++/* ++ * Include this one last due to some versions of it being buggy: ++ * http://www.linuxtv.org/pipermail/vdr/2009-August/021194.html ++ */ ++#include + #define PROGNAME "virtfs-proxy-helper" + + #ifndef XFS_SUPER_MAGIC diff --git a/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch new file mode 100644 index 0000000000..04664195d1 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch @@ -0,0 +1,74 @@ +From 0a53e906510cce1f32bc04a11e81ea40f834dac4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= +Date: Wed, 12 Aug 2015 15:11:30 -0500 +Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add custom_debug.h with function for print backtrace information. +When pthread_kill fails in qemu_cpu_kick_thread display backtrace and +current cpu information. + +Upstream-Status: Inappropriate +Signed-off-by: Aníbal Limón + +--- + cpus.c | 5 +++++ + custom_debug.h | 24 ++++++++++++++++++++++++ + 2 files changed, 29 insertions(+) + create mode 100644 custom_debug.h + +diff --git a/cpus.c b/cpus.c +index e83f72b4..e6e2576e 100644 +--- a/cpus.c ++++ b/cpus.c +@@ -1769,6 +1769,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg) + return NULL; + } + ++#include "custom_debug.h" ++ + static void qemu_cpu_kick_thread(CPUState *cpu) + { + #ifndef _WIN32 +@@ -1781,6 +1783,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu) + err = pthread_kill(cpu->thread->thread, SIG_IPI); + if (err && err != ESRCH) { + fprintf(stderr, "qemu:%s: %s", __func__, strerror(err)); ++ fprintf(stderr, "CPU #%d:\n", cpu->cpu_index); ++ cpu_dump_state(cpu, stderr, fprintf, 0); ++ backtrace_print(); + exit(1); + } + #else /* _WIN32 */ +diff --git a/custom_debug.h b/custom_debug.h +new file mode 100644 +index 00000000..f029e455 +--- /dev/null ++++ b/custom_debug.h +@@ -0,0 +1,24 @@ ++#include ++#include ++#define BACKTRACE_MAX 128 ++static void backtrace_print(void) ++{ ++ int nfuncs = 0; ++ void *buf[BACKTRACE_MAX]; ++ char **symbols; ++ int i; ++ ++ nfuncs = backtrace(buf, BACKTRACE_MAX); ++ ++ symbols = backtrace_symbols(buf, nfuncs); ++ if (symbols == NULL) { ++ fprintf(stderr, "backtrace_print failed to get symbols"); ++ return; ++ } ++ ++ fprintf(stderr, "Backtrace ...\n"); ++ for (i = 0; i < nfuncs; i++) ++ fprintf(stderr, "%s\n", symbols[i]); ++ ++ free(symbols); ++} diff --git a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch b/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch deleted file mode 100644 index 9cbe838811..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch +++ /dev/null @@ -1,86 +0,0 @@ -From d3e0b8dac7c2eb20d7fcff747bc98b981f4398ef Mon Sep 17 00:00:00 2001 -From: Hongxu Jia -Date: Tue, 12 Mar 2013 09:54:06 +0800 -Subject: [PATCH] fix libcap header issue on some distro - -1, When build qemu-native on SLED 11.2, there is an error: -... -| In file included from /usr/include/bits/sigcontext.h:28, -| from /usr/include/signal.h:339, -| from /buildarea2/tmp/work/i686-linux/qemu-native/1.4.0-r0/ -qemu-1.4.0/include/qemu-common.h:42, -| from fsdev/virtfs-proxy-helper.c:23: -| /usr/include/asm/sigcontext.h:28: error: expected specifier- -qualifier-list before '__u64' -| /usr/include/asm/sigcontext.h:191: error: expected specifier- -qualifier-list before '__u64' -... - -2, The virtfs-proxy-helper.c includes and -qemu-common.h in sequence. The header include map is: -(`-->' presents `include') -... -"virtfs-proxy-helper.c" --> -... -"virtfs-proxy-helper.c" --> "qemu-common.h" --> --> - --> --> --> - --> --> -... - -3, The bug is found on SLED 11.2 x86. In libcap header file -/usr/include/sys/capability.h, it does evil stuff like this: -... - 25 /* - 26 * Make sure we can be included from userland by preventing - 27 * capability.h from including other kernel headers - 28 */ - 29 #define _LINUX_TYPES_H - 30 #define _LINUX_FS_H - 31 #define __LINUX_COMPILER_H - 32 #define __user - 33 - 34 typedef unsigned int __u32; - 35 typedef __u32 __le32; -... -This completely prevents including /usr/include/linux/types.h. -The above ` --> ' is prevented, -and '__u64' is defined in . - -4, Modify virtfs-proxy-helper.c to include -last to workaround the issue. - -http://www.linuxtv.org/pipermail/vdr/2009-August/021194.html -http://patchwork.linuxtv.org/patch/12748/ - -Upstream-Status: Pending -Signed-off-by: Hongxu Jia - ---- - fsdev/virtfs-proxy-helper.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c -index 6f132c5f..8329950c 100644 ---- a/fsdev/virtfs-proxy-helper.c -+++ b/fsdev/virtfs-proxy-helper.c -@@ -13,7 +13,6 @@ - #include - #include - #include --#include - #include - #include - #include -@@ -27,7 +26,11 @@ - #include "9p-iov-marshal.h" - #include "hw/9pfs/9p-proxy.h" - #include "fsdev/9p-iov-marshal.h" -- -+/* -+ * Include this one last due to some versions of it being buggy: -+ * http://www.linuxtv.org/pipermail/vdr/2009-August/021194.html -+ */ -+#include - #define PROGNAME "virtfs-proxy-helper" - - #ifndef XFS_SUPER_MAGIC diff --git a/meta/recipes-devtools/qemu/qemu/0013-Revert-target-arm-Use-vector-operations-for-saturati.patch b/meta/recipes-devtools/qemu/qemu/0013-Revert-target-arm-Use-vector-operations-for-saturati.patch new file mode 100644 index 0000000000..c38b547e2c --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0013-Revert-target-arm-Use-vector-operations-for-saturati.patch @@ -0,0 +1,493 @@ +From b46cdcdeb762c1f0eef68dc4a7d90f8176152e07 Mon Sep 17 00:00:00 2001 +From: Alistair Francis +Date: Wed, 1 May 2019 19:51:27 -0700 +Subject: [PATCH] Revert "target/arm: Use vector operations for saturation" + +This reverts commit 89e68b575e138d0af1435f11a8ffcd8779c237bd. + +This fixes QEMU aborts when running the qemuarm machine. + +Signed-off-by: Alistair Francis +Upstream-status: Pending +--- + target/arm/helper.h | 33 ------- + target/arm/translate-a64.c | 36 ++++---- + target/arm/translate.c | 172 ++++++------------------------------- + target/arm/translate.h | 4 - + target/arm/vec_helper.c | 130 ---------------------------- + 5 files changed, 44 insertions(+), 331 deletions(-) + +diff --git a/target/arm/helper.h b/target/arm/helper.h +index 50cb036378..b2669f140f 100644 +--- a/target/arm/helper.h ++++ b/target/arm/helper.h +@@ -646,39 +646,6 @@ DEF_HELPER_FLAGS_6(gvec_fmla_idx_s, TCG_CALL_NO_RWG, + DEF_HELPER_FLAGS_6(gvec_fmla_idx_d, TCG_CALL_NO_RWG, + void, ptr, ptr, ptr, ptr, ptr, i32) + +-DEF_HELPER_FLAGS_5(gvec_uqadd_b, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_uqadd_h, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_uqadd_s, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_uqadd_d, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_sqadd_b, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_sqadd_h, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_sqadd_s, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_sqadd_d, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_uqsub_b, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_uqsub_h, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_uqsub_s, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_uqsub_d, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_sqsub_b, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_sqsub_h, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_sqsub_s, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +-DEF_HELPER_FLAGS_5(gvec_sqsub_d, TCG_CALL_NO_RWG, +- void, ptr, ptr, ptr, ptr, i32) +- + DEF_HELPER_FLAGS_5(gvec_fmlal_a32, TCG_CALL_NO_RWG, + void, ptr, ptr, ptr, ptr, i32) + DEF_HELPER_FLAGS_5(gvec_fmlal_a64, TCG_CALL_NO_RWG, +diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c +index 9dcc5ff3a3..428211f92f 100644 +--- a/target/arm/translate-a64.c ++++ b/target/arm/translate-a64.c +@@ -11230,22 +11230,6 @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn) + } + + switch (opcode) { +- case 0x01: /* SQADD, UQADD */ +- tcg_gen_gvec_4(vec_full_reg_offset(s, rd), +- offsetof(CPUARMState, vfp.qc), +- vec_full_reg_offset(s, rn), +- vec_full_reg_offset(s, rm), +- is_q ? 16 : 8, vec_full_reg_size(s), +- (u ? uqadd_op : sqadd_op) + size); +- return; +- case 0x05: /* SQSUB, UQSUB */ +- tcg_gen_gvec_4(vec_full_reg_offset(s, rd), +- offsetof(CPUARMState, vfp.qc), +- vec_full_reg_offset(s, rn), +- vec_full_reg_offset(s, rm), +- is_q ? 16 : 8, vec_full_reg_size(s), +- (u ? uqsub_op : sqsub_op) + size); +- return; + case 0x0c: /* SMAX, UMAX */ + if (u) { + gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umax, size); +@@ -11341,6 +11325,16 @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn) + genfn = fns[size][u]; + break; + } ++ case 0x1: /* SQADD, UQADD */ ++ { ++ static NeonGenTwoOpEnvFn * const fns[3][2] = { ++ { gen_helper_neon_qadd_s8, gen_helper_neon_qadd_u8 }, ++ { gen_helper_neon_qadd_s16, gen_helper_neon_qadd_u16 }, ++ { gen_helper_neon_qadd_s32, gen_helper_neon_qadd_u32 }, ++ }; ++ genenvfn = fns[size][u]; ++ break; ++ } + case 0x2: /* SRHADD, URHADD */ + { + static NeonGenTwoOpFn * const fns[3][2] = { +@@ -11361,6 +11355,16 @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn) + genfn = fns[size][u]; + break; + } ++ case 0x5: /* SQSUB, UQSUB */ ++ { ++ static NeonGenTwoOpEnvFn * const fns[3][2] = { ++ { gen_helper_neon_qsub_s8, gen_helper_neon_qsub_u8 }, ++ { gen_helper_neon_qsub_s16, gen_helper_neon_qsub_u16 }, ++ { gen_helper_neon_qsub_s32, gen_helper_neon_qsub_u32 }, ++ }; ++ genenvfn = fns[size][u]; ++ break; ++ } + case 0x8: /* SSHL, USHL */ + { + static NeonGenTwoOpFn * const fns[3][2] = { +diff --git a/target/arm/translate.c b/target/arm/translate.c +index 10bc53f91c..cf675cef3f 100644 +--- a/target/arm/translate.c ++++ b/target/arm/translate.c +@@ -6242,142 +6242,6 @@ const GVecGen3 cmtst_op[4] = { + .vece = MO_64 }, + }; + +-static void gen_uqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat, +- TCGv_vec a, TCGv_vec b) +-{ +- TCGv_vec x = tcg_temp_new_vec_matching(t); +- tcg_gen_add_vec(vece, x, a, b); +- tcg_gen_usadd_vec(vece, t, a, b); +- tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t); +- tcg_gen_or_vec(vece, sat, sat, x); +- tcg_temp_free_vec(x); +-} +- +-const GVecGen4 uqadd_op[4] = { +- { .fniv = gen_uqadd_vec, +- .fno = gen_helper_gvec_uqadd_b, +- .opc = INDEX_op_usadd_vec, +- .write_aofs = true, +- .vece = MO_8 }, +- { .fniv = gen_uqadd_vec, +- .fno = gen_helper_gvec_uqadd_h, +- .opc = INDEX_op_usadd_vec, +- .write_aofs = true, +- .vece = MO_16 }, +- { .fniv = gen_uqadd_vec, +- .fno = gen_helper_gvec_uqadd_s, +- .opc = INDEX_op_usadd_vec, +- .write_aofs = true, +- .vece = MO_32 }, +- { .fniv = gen_uqadd_vec, +- .fno = gen_helper_gvec_uqadd_d, +- .opc = INDEX_op_usadd_vec, +- .write_aofs = true, +- .vece = MO_64 }, +-}; +- +-static void gen_sqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat, +- TCGv_vec a, TCGv_vec b) +-{ +- TCGv_vec x = tcg_temp_new_vec_matching(t); +- tcg_gen_add_vec(vece, x, a, b); +- tcg_gen_ssadd_vec(vece, t, a, b); +- tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t); +- tcg_gen_or_vec(vece, sat, sat, x); +- tcg_temp_free_vec(x); +-} +- +-const GVecGen4 sqadd_op[4] = { +- { .fniv = gen_sqadd_vec, +- .fno = gen_helper_gvec_sqadd_b, +- .opc = INDEX_op_ssadd_vec, +- .write_aofs = true, +- .vece = MO_8 }, +- { .fniv = gen_sqadd_vec, +- .fno = gen_helper_gvec_sqadd_h, +- .opc = INDEX_op_ssadd_vec, +- .write_aofs = true, +- .vece = MO_16 }, +- { .fniv = gen_sqadd_vec, +- .fno = gen_helper_gvec_sqadd_s, +- .opc = INDEX_op_ssadd_vec, +- .write_aofs = true, +- .vece = MO_32 }, +- { .fniv = gen_sqadd_vec, +- .fno = gen_helper_gvec_sqadd_d, +- .opc = INDEX_op_ssadd_vec, +- .write_aofs = true, +- .vece = MO_64 }, +-}; +- +-static void gen_uqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat, +- TCGv_vec a, TCGv_vec b) +-{ +- TCGv_vec x = tcg_temp_new_vec_matching(t); +- tcg_gen_sub_vec(vece, x, a, b); +- tcg_gen_ussub_vec(vece, t, a, b); +- tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t); +- tcg_gen_or_vec(vece, sat, sat, x); +- tcg_temp_free_vec(x); +-} +- +-const GVecGen4 uqsub_op[4] = { +- { .fniv = gen_uqsub_vec, +- .fno = gen_helper_gvec_uqsub_b, +- .opc = INDEX_op_ussub_vec, +- .write_aofs = true, +- .vece = MO_8 }, +- { .fniv = gen_uqsub_vec, +- .fno = gen_helper_gvec_uqsub_h, +- .opc = INDEX_op_ussub_vec, +- .write_aofs = true, +- .vece = MO_16 }, +- { .fniv = gen_uqsub_vec, +- .fno = gen_helper_gvec_uqsub_s, +- .opc = INDEX_op_ussub_vec, +- .write_aofs = true, +- .vece = MO_32 }, +- { .fniv = gen_uqsub_vec, +- .fno = gen_helper_gvec_uqsub_d, +- .opc = INDEX_op_ussub_vec, +- .write_aofs = true, +- .vece = MO_64 }, +-}; +- +-static void gen_sqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat, +- TCGv_vec a, TCGv_vec b) +-{ +- TCGv_vec x = tcg_temp_new_vec_matching(t); +- tcg_gen_sub_vec(vece, x, a, b); +- tcg_gen_sssub_vec(vece, t, a, b); +- tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t); +- tcg_gen_or_vec(vece, sat, sat, x); +- tcg_temp_free_vec(x); +-} +- +-const GVecGen4 sqsub_op[4] = { +- { .fniv = gen_sqsub_vec, +- .fno = gen_helper_gvec_sqsub_b, +- .opc = INDEX_op_sssub_vec, +- .write_aofs = true, +- .vece = MO_8 }, +- { .fniv = gen_sqsub_vec, +- .fno = gen_helper_gvec_sqsub_h, +- .opc = INDEX_op_sssub_vec, +- .write_aofs = true, +- .vece = MO_16 }, +- { .fniv = gen_sqsub_vec, +- .fno = gen_helper_gvec_sqsub_s, +- .opc = INDEX_op_sssub_vec, +- .write_aofs = true, +- .vece = MO_32 }, +- { .fniv = gen_sqsub_vec, +- .fno = gen_helper_gvec_sqsub_d, +- .opc = INDEX_op_sssub_vec, +- .write_aofs = true, +- .vece = MO_64 }, +-}; +- + /* Translate a NEON data processing instruction. Return nonzero if the + instruction is invalid. + We process data in a mixture of 32-bit and 64-bit chunks. +@@ -6561,18 +6425,6 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn) + } + return 0; + +- case NEON_3R_VQADD: +- tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc), +- rn_ofs, rm_ofs, vec_size, vec_size, +- (u ? uqadd_op : sqadd_op) + size); +- break; +- +- case NEON_3R_VQSUB: +- tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc), +- rn_ofs, rm_ofs, vec_size, vec_size, +- (u ? uqsub_op : sqsub_op) + size); +- break; +- + case NEON_3R_VMUL: /* VMUL */ + if (u) { + /* Polynomial case allows only P8 and is handled below. */ +@@ -6637,6 +6489,24 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn) + neon_load_reg64(cpu_V0, rn + pass); + neon_load_reg64(cpu_V1, rm + pass); + switch (op) { ++ case NEON_3R_VQADD: ++ if (u) { ++ gen_helper_neon_qadd_u64(cpu_V0, cpu_env, ++ cpu_V0, cpu_V1); ++ } else { ++ gen_helper_neon_qadd_s64(cpu_V0, cpu_env, ++ cpu_V0, cpu_V1); ++ } ++ break; ++ case NEON_3R_VQSUB: ++ if (u) { ++ gen_helper_neon_qsub_u64(cpu_V0, cpu_env, ++ cpu_V0, cpu_V1); ++ } else { ++ gen_helper_neon_qsub_s64(cpu_V0, cpu_env, ++ cpu_V0, cpu_V1); ++ } ++ break; + case NEON_3R_VSHL: + if (u) { + gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0); +@@ -6752,12 +6622,18 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn) + case NEON_3R_VHADD: + GEN_NEON_INTEGER_OP(hadd); + break; ++ case NEON_3R_VQADD: ++ GEN_NEON_INTEGER_OP_ENV(qadd); ++ break; + case NEON_3R_VRHADD: + GEN_NEON_INTEGER_OP(rhadd); + break; + case NEON_3R_VHSUB: + GEN_NEON_INTEGER_OP(hsub); + break; ++ case NEON_3R_VQSUB: ++ GEN_NEON_INTEGER_OP_ENV(qsub); ++ break; + case NEON_3R_VSHL: + GEN_NEON_INTEGER_OP(shl); + break; +diff --git a/target/arm/translate.h b/target/arm/translate.h +index c2348def0d..07055c9449 100644 +--- a/target/arm/translate.h ++++ b/target/arm/translate.h +@@ -248,10 +248,6 @@ extern const GVecGen2i ssra_op[4]; + extern const GVecGen2i usra_op[4]; + extern const GVecGen2i sri_op[4]; + extern const GVecGen2i sli_op[4]; +-extern const GVecGen4 uqadd_op[4]; +-extern const GVecGen4 sqadd_op[4]; +-extern const GVecGen4 uqsub_op[4]; +-extern const GVecGen4 sqsub_op[4]; + void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b); + + /* +diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c +index dedef62403..be3271659f 100644 +--- a/target/arm/vec_helper.c ++++ b/target/arm/vec_helper.c +@@ -769,136 +769,6 @@ DO_FMLA_IDX(gvec_fmla_idx_d, float64, ) + + #undef DO_FMLA_IDX + +-#define DO_SAT(NAME, WTYPE, TYPEN, TYPEM, OP, MIN, MAX) \ +-void HELPER(NAME)(void *vd, void *vq, void *vn, void *vm, uint32_t desc) \ +-{ \ +- intptr_t i, oprsz = simd_oprsz(desc); \ +- TYPEN *d = vd, *n = vn; TYPEM *m = vm; \ +- bool q = false; \ +- for (i = 0; i < oprsz / sizeof(TYPEN); i++) { \ +- WTYPE dd = (WTYPE)n[i] OP m[i]; \ +- if (dd < MIN) { \ +- dd = MIN; \ +- q = true; \ +- } else if (dd > MAX) { \ +- dd = MAX; \ +- q = true; \ +- } \ +- d[i] = dd; \ +- } \ +- if (q) { \ +- uint32_t *qc = vq; \ +- qc[0] = 1; \ +- } \ +- clear_tail(d, oprsz, simd_maxsz(desc)); \ +-} +- +-DO_SAT(gvec_uqadd_b, int, uint8_t, uint8_t, +, 0, UINT8_MAX) +-DO_SAT(gvec_uqadd_h, int, uint16_t, uint16_t, +, 0, UINT16_MAX) +-DO_SAT(gvec_uqadd_s, int64_t, uint32_t, uint32_t, +, 0, UINT32_MAX) +- +-DO_SAT(gvec_sqadd_b, int, int8_t, int8_t, +, INT8_MIN, INT8_MAX) +-DO_SAT(gvec_sqadd_h, int, int16_t, int16_t, +, INT16_MIN, INT16_MAX) +-DO_SAT(gvec_sqadd_s, int64_t, int32_t, int32_t, +, INT32_MIN, INT32_MAX) +- +-DO_SAT(gvec_uqsub_b, int, uint8_t, uint8_t, -, 0, UINT8_MAX) +-DO_SAT(gvec_uqsub_h, int, uint16_t, uint16_t, -, 0, UINT16_MAX) +-DO_SAT(gvec_uqsub_s, int64_t, uint32_t, uint32_t, -, 0, UINT32_MAX) +- +-DO_SAT(gvec_sqsub_b, int, int8_t, int8_t, -, INT8_MIN, INT8_MAX) +-DO_SAT(gvec_sqsub_h, int, int16_t, int16_t, -, INT16_MIN, INT16_MAX) +-DO_SAT(gvec_sqsub_s, int64_t, int32_t, int32_t, -, INT32_MIN, INT32_MAX) +- +-#undef DO_SAT +- +-void HELPER(gvec_uqadd_d)(void *vd, void *vq, void *vn, +- void *vm, uint32_t desc) +-{ +- intptr_t i, oprsz = simd_oprsz(desc); +- uint64_t *d = vd, *n = vn, *m = vm; +- bool q = false; +- +- for (i = 0; i < oprsz / 8; i++) { +- uint64_t nn = n[i], mm = m[i], dd = nn + mm; +- if (dd < nn) { +- dd = UINT64_MAX; +- q = true; +- } +- d[i] = dd; +- } +- if (q) { +- uint32_t *qc = vq; +- qc[0] = 1; +- } +- clear_tail(d, oprsz, simd_maxsz(desc)); +-} +- +-void HELPER(gvec_uqsub_d)(void *vd, void *vq, void *vn, +- void *vm, uint32_t desc) +-{ +- intptr_t i, oprsz = simd_oprsz(desc); +- uint64_t *d = vd, *n = vn, *m = vm; +- bool q = false; +- +- for (i = 0; i < oprsz / 8; i++) { +- uint64_t nn = n[i], mm = m[i], dd = nn - mm; +- if (nn < mm) { +- dd = 0; +- q = true; +- } +- d[i] = dd; +- } +- if (q) { +- uint32_t *qc = vq; +- qc[0] = 1; +- } +- clear_tail(d, oprsz, simd_maxsz(desc)); +-} +- +-void HELPER(gvec_sqadd_d)(void *vd, void *vq, void *vn, +- void *vm, uint32_t desc) +-{ +- intptr_t i, oprsz = simd_oprsz(desc); +- int64_t *d = vd, *n = vn, *m = vm; +- bool q = false; +- +- for (i = 0; i < oprsz / 8; i++) { +- int64_t nn = n[i], mm = m[i], dd = nn + mm; +- if (((dd ^ nn) & ~(nn ^ mm)) & INT64_MIN) { +- dd = (nn >> 63) ^ ~INT64_MIN; +- q = true; +- } +- d[i] = dd; +- } +- if (q) { +- uint32_t *qc = vq; +- qc[0] = 1; +- } +- clear_tail(d, oprsz, simd_maxsz(desc)); +-} +- +-void HELPER(gvec_sqsub_d)(void *vd, void *vq, void *vn, +- void *vm, uint32_t desc) +-{ +- intptr_t i, oprsz = simd_oprsz(desc); +- int64_t *d = vd, *n = vn, *m = vm; +- bool q = false; +- +- for (i = 0; i < oprsz / 8; i++) { +- int64_t nn = n[i], mm = m[i], dd = nn - mm; +- if (((dd ^ nn) & (nn ^ mm)) & INT64_MIN) { +- dd = (nn >> 63) ^ ~INT64_MIN; +- q = true; +- } +- d[i] = dd; +- } +- if (q) { +- uint32_t *qc = vq; +- qc[0] = 1; +- } +- clear_tail(d, oprsz, simd_maxsz(desc)); +-} +- + /* + * Convert float16 to float32, raising no exceptions and + * preserving exceptional values, including SNaN. +-- +2.21.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch deleted file mode 100644 index 27e508c5a3..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 861c522df7791d7e93743d5641f3ef2a5a3c4632 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= -Date: Wed, 12 Aug 2015 15:11:30 -0500 -Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Add custom_debug.h with function for print backtrace information. -When pthread_kill fails in qemu_cpu_kick_thread display backtrace and -current cpu information. - -Upstream-Status: Inappropriate -Signed-off-by: Aníbal Limón - ---- - cpus.c | 5 +++++ - custom_debug.h | 24 ++++++++++++++++++++++++ - 2 files changed, 29 insertions(+) - create mode 100644 custom_debug.h - -diff --git a/cpus.c b/cpus.c -index 0ddeeefc..4f3a5624 100644 ---- a/cpus.c -+++ b/cpus.c -@@ -1768,6 +1768,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg) - return NULL; - } - -+#include "custom_debug.h" -+ - static void qemu_cpu_kick_thread(CPUState *cpu) - { - #ifndef _WIN32 -@@ -1780,6 +1782,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu) - err = pthread_kill(cpu->thread->thread, SIG_IPI); - if (err) { - fprintf(stderr, "qemu:%s: %s", __func__, strerror(err)); -+ fprintf(stderr, "CPU #%d:\n", cpu->cpu_index); -+ cpu_dump_state(cpu, stderr, fprintf, 0); -+ backtrace_print(); - exit(1); - } - #else /* _WIN32 */ -diff --git a/custom_debug.h b/custom_debug.h -new file mode 100644 -index 00000000..f029e455 ---- /dev/null -+++ b/custom_debug.h -@@ -0,0 +1,24 @@ -+#include -+#include -+#define BACKTRACE_MAX 128 -+static void backtrace_print(void) -+{ -+ int nfuncs = 0; -+ void *buf[BACKTRACE_MAX]; -+ char **symbols; -+ int i; -+ -+ nfuncs = backtrace(buf, BACKTRACE_MAX); -+ -+ symbols = backtrace_symbols(buf, nfuncs); -+ if (symbols == NULL) { -+ fprintf(stderr, "backtrace_print failed to get symbols"); -+ return; -+ } -+ -+ fprintf(stderr, "Backtrace ...\n"); -+ for (i = 0; i < nfuncs; i++) -+ fprintf(stderr, "%s\n", symbols[i]); -+ -+ free(symbols); -+} diff --git a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch b/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch deleted file mode 100644 index 412aa16046..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch +++ /dev/null @@ -1,85 +0,0 @@ -CVE: CVE-2018-16872 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35] - -Signed-off-by: Kai Kang - -From bab9df35ce73d1c8e19a37e2737717ea1c984dc1 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Thu, 13 Dec 2018 13:25:11 +0100 -Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC. - -Open files and directories with O_NOFOLLOW to avoid symlinks attacks. -While being at it also add O_CLOEXEC. - -usb-mtp only handles regular files and directories and ignores -everything else, so users should not see a difference. - -Because qemu ignores symlinks, carrying out a successful symlink attack -requires swapping an existing file or directory below rootdir for a -symlink and winning the race against the inotify notification to qemu. - -Fixes: CVE-2018-16872 -Cc: Prasad J Pandit -Cc: Bandan Das -Reported-by: Michael Hanselmann -Signed-off-by: Gerd Hoffmann -Reviewed-by: Michael Hanselmann -Message-id: 20181213122511.13853-1-kraxel@redhat.com ---- - hw/usb/dev-mtp.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c -index 100b7171f4..36c43b8c20 100644 ---- a/hw/usb/dev-mtp.c -+++ b/hw/usb/dev-mtp.c -@@ -653,13 +653,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o) - { - struct dirent *entry; - DIR *dir; -+ int fd; - - if (o->have_children) { - return; - } - o->have_children = true; - -- dir = opendir(o->path); -+ fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); -+ if (fd < 0) { -+ return; -+ } -+ dir = fdopendir(fd); - if (!dir) { - return; - } -@@ -1007,7 +1012,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c, - - trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path); - -- d->fd = open(o->path, O_RDONLY); -+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW); - if (d->fd == -1) { - usb_mtp_data_free(d); - return NULL; -@@ -1031,7 +1036,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c, - c->argv[1], c->argv[2]); - - d = usb_mtp_data_alloc(c); -- d->fd = open(o->path, O_RDONLY); -+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW); - if (d->fd == -1) { - usb_mtp_data_free(d); - return NULL; -@@ -1658,7 +1663,7 @@ static void usb_mtp_write_data(MTPState *s) - 0, 0, 0, 0); - goto done; - } -- d->fd = open(path, O_CREAT | O_WRONLY, mask); -+ d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask); - if (d->fd == -1) { - usb_mtp_queue_result(s, RES_STORE_FULL, d->trans, - 0, 0, 0, 0); --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch b/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch deleted file mode 100644 index 985b819409..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch +++ /dev/null @@ -1,60 +0,0 @@ -CVE: CVE-2018-20124 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373] - -Backport patch to fix CVE-2018-20124. Update context and stay with current -function comp_handler() which has been replaced with complete_work() in latest -git repo. - -Signed-off-by: Kai Kang - -From 0e68373cc2b3a063ce067bc0cc3edaf370752890 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Thu, 13 Dec 2018 01:00:34 +0530 -Subject: [PATCH] rdma: check num_sge does not exceed MAX_SGE - -rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set -to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element -with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue. -Add check to avoid it. - -Reported-by: Saar Amar -Signed-off-by: Prasad J Pandit -Reviewed-by: Yuval Shaia -Signed-off-by: Marcel Apfelbaum ---- - hw/rdma/rdma_backend.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c -index d7a4bbd9..7f8028f8 100644 ---- a/hw/rdma/rdma_backend.c -+++ b/hw/rdma/rdma_backend.c -@@ -311,9 +311,9 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev, - } - - pr_dbg("num_sge=%d\n", num_sge); -- if (!num_sge) { -- pr_dbg("num_sge=0\n"); -- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx); -+ if (!num_sge || num_sge > MAX_SGE) { -+ pr_dbg("invalid num_sge=%d\n", num_sge); -+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx); - return; - } - -@@ -390,9 +390,9 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev, - } - - pr_dbg("num_sge=%d\n", num_sge); -- if (!num_sge) { -- pr_dbg("num_sge=0\n"); -- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx); -+ if (!num_sge || num_sge > MAX_SGE) { -+ pr_dbg("invalid num_sge=%d\n", num_sge); -+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx); - return; - } - --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch b/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch deleted file mode 100644 index 56559c8388..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch +++ /dev/null @@ -1,54 +0,0 @@ -CVE: CVE-2018-20125 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce] - -Signed-off-by: Kai Kang - -From 2c858ce5da8ae6689c75182b73bc455a291cad41 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Thu, 13 Dec 2018 01:00:36 +0530 -Subject: [PATCH] pvrdma: check number of pages when creating rings - -When creating CQ/QP rings, an object can have up to -PVRDMA_MAX_FAST_REG_PAGES 8 pages. Check 'npages' parameter -to avoid excessive memory allocation or a null dereference. - -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Reviewed-by: Yuval Shaia -Signed-off-by: Marcel Apfelbaum ---- - hw/rdma/vmw/pvrdma_cmd.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c -index 3b94545761..f236ac4795 100644 ---- a/hw/rdma/vmw/pvrdma_cmd.c -+++ b/hw/rdma/vmw/pvrdma_cmd.c -@@ -259,6 +259,11 @@ static int create_cq_ring(PCIDevice *pci_dev , PvrdmaRing **ring, - int rc = -EINVAL; - char ring_name[MAX_RING_NAME_SZ]; - -+ if (!nchunks || nchunks > PVRDMA_MAX_FAST_REG_PAGES) { -+ pr_dbg("invalid nchunks: %d\n", nchunks); -+ return rc; -+ } -+ - pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma); - dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE); - if (!dir) { -@@ -372,6 +377,12 @@ static int create_qp_rings(PCIDevice *pci_dev, uint64_t pdir_dma, - char ring_name[MAX_RING_NAME_SZ]; - uint32_t wqe_sz; - -+ if (!spages || spages > PVRDMA_MAX_FAST_REG_PAGES -+ || !rpages || rpages > PVRDMA_MAX_FAST_REG_PAGES) { -+ pr_dbg("invalid pages: %d, %d\n", spages, rpages); -+ return rc; -+ } -+ - pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma); - dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE); - if (!dir) { --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch b/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch deleted file mode 100644 index 8329f2cfd0..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch +++ /dev/null @@ -1,113 +0,0 @@ -CVE: CVE-2018-20126 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c] - -Backport and rebase patch to fix CVE-2018-20126. - -Signed-off-by: Kai Kang - -From 509f57c98e7536905bb4902363d0cba66ce7e089 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Thu, 13 Dec 2018 01:00:37 +0530 -Subject: [PATCH] pvrdma: release ring object in case of an error - -create_cq and create_qp routines allocate ring object, but it's -not released in case of an error, leading to memory leakage. - -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Reviewed-by: Yuval Shaia -Signed-off-by: Marcel Apfelbaum ---- - hw/rdma/vmw/pvrdma_cmd.c | 41 ++++++++++++++++++++++++++++++----------- - 1 file changed, 30 insertions(+), 11 deletions(-) - -diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c -index 4faeb21..9b6796f 100644 ---- a/hw/rdma/vmw/pvrdma_cmd.c -+++ b/hw/rdma/vmw/pvrdma_cmd.c -@@ -310,6 +310,14 @@ out: - return rc; - } - -+static void destroy_cq_ring(PvrdmaRing *ring) -+{ -+ pvrdma_ring_free(ring); -+ /* ring_state was in slot 1, not 0 so need to jump back */ -+ rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE); -+ g_free(ring); -+} -+ - static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, - union pvrdma_cmd_resp *rsp) - { -@@ -333,6 +341,10 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, - - resp->hdr.err = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev, - cmd->cqe, &resp->cq_handle, ring); -+ if (resp->hdr.err) { -+ destroy_cq_ring(ring); -+ } -+ - resp->cqe = cmd->cqe; - - out: -@@ -356,10 +368,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, - } - - ring = (PvrdmaRing *)cq->opaque; -- pvrdma_ring_free(ring); -- /* ring_state was in slot 1, not 0 so need to jump back */ -- rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE); -- g_free(ring); -+ destroy_cq_ring(ring); - - rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle); - -@@ -451,6 +460,17 @@ out: - return rc; - } - -+static void destroy_qp_rings(PvrdmaRing *ring) -+{ -+ pr_dbg("sring=%p\n", &ring[0]); -+ pvrdma_ring_free(&ring[0]); -+ pr_dbg("rring=%p\n", &ring[1]); -+ pvrdma_ring_free(&ring[1]); -+ -+ rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE); -+ g_free(ring); -+} -+ - static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, - union pvrdma_cmd_resp *rsp) - { -@@ -482,6 +502,11 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, - cmd->max_recv_wr, cmd->max_recv_sge, - cmd->recv_cq_handle, rings, &resp->qpn); - -+ if (resp->hdr.err) { -+ destroy_qp_rings(rings); -+ return resp->hdr.err; -+ } -+ - resp->max_send_wr = cmd->max_send_wr; - resp->max_recv_wr = cmd->max_recv_wr; - resp->max_send_sge = cmd->max_send_sge; -@@ -555,13 +580,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, - rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle); - - ring = (PvrdmaRing *)qp->opaque; -- pr_dbg("sring=%p\n", &ring[0]); -- pvrdma_ring_free(&ring[0]); -- pr_dbg("rring=%p\n", &ring[1]); -- pvrdma_ring_free(&ring[1]); -- -- rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE); -- g_free(ring); -+ destroy_qp_rings(ring); - - return 0; - } --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch b/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch deleted file mode 100644 index 8f8ff0567a..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch +++ /dev/null @@ -1,47 +0,0 @@ -CVE: CVE-2018-20191 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2aa8645] - -Signed-off-by: Kai Kang - -From 2aa86456fb938a11f2b7bd57c8643c213218681c Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Thu, 13 Dec 2018 01:00:35 +0530 -Subject: [PATCH] pvrdma: add uar_read routine - -Define skeleton 'uar_read' routine. Avoid NULL dereference. - -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Reviewed-by: Marcel Apfelbaum -Signed-off-by: Marcel Apfelbaum ---- - hw/rdma/vmw/pvrdma_main.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c -index 64de16fb52..838ad8a949 100644 ---- a/hw/rdma/vmw/pvrdma_main.c -+++ b/hw/rdma/vmw/pvrdma_main.c -@@ -448,6 +448,11 @@ static const MemoryRegionOps regs_ops = { - }, - }; - -+static uint64_t uar_read(void *opaque, hwaddr addr, unsigned size) -+{ -+ return 0xffffffff; -+} -+ - static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size) - { - PVRDMADev *dev = opaque; -@@ -489,6 +494,7 @@ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size) - } - - static const MemoryRegionOps uar_ops = { -+ .read = uar_read, - .write = uar_write, - .endianness = DEVICE_LITTLE_ENDIAN, - .impl = { --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch b/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch deleted file mode 100644 index c02bad3bb9..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch +++ /dev/null @@ -1,85 +0,0 @@ -CVE: CVE-2018-20216 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38] - -Signed-off-by: Kai Kang - -From f1e2e38ee0136b7710a2caa347049818afd57a1b Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Thu, 13 Dec 2018 01:00:39 +0530 -Subject: [PATCH] pvrdma: check return value from pvrdma_idx_ring_has_ routines - -pvrdma_idx_ring_has_[data/space] routines also return invalid -index PVRDMA_INVALID_IDX[=-1], if ring has no data/space. Check -return value from these routines to avoid plausible infinite loops. - -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Reviewed-by: Yuval Shaia -Signed-off-by: Marcel Apfelbaum ---- - hw/rdma/vmw/pvrdma_dev_ring.c | 29 +++++++++++------------------ - 1 file changed, 11 insertions(+), 18 deletions(-) - -diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c -index 01247fc041..e8e5b502f6 100644 ---- a/hw/rdma/vmw/pvrdma_dev_ring.c -+++ b/hw/rdma/vmw/pvrdma_dev_ring.c -@@ -73,23 +73,16 @@ out: - - void *pvrdma_ring_next_elem_read(PvrdmaRing *ring) - { -+ int e; - unsigned int idx = 0, offset; - -- /* -- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail, -- ring->ring_state->cons_head); -- */ -- -- if (!pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx)) { -+ e = pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx); -+ if (e <= 0) { - pr_dbg("No more data in ring\n"); - return NULL; - } - - offset = idx * ring->elem_sz; -- /* -- pr_dbg("idx=%d\n", idx); -- pr_dbg("offset=%d\n", offset); -- */ - return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE); - } - -@@ -105,20 +98,20 @@ void pvrdma_ring_read_inc(PvrdmaRing *ring) - - void *pvrdma_ring_next_elem_write(PvrdmaRing *ring) - { -- unsigned int idx, offset, tail; -+ int idx; -+ unsigned int offset, tail; - -- /* -- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail, -- ring->ring_state->cons_head); -- */ -- -- if (!pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail)) { -+ idx = pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail); -+ if (idx <= 0) { - pr_dbg("CQ is full\n"); - return NULL; - } - - idx = pvrdma_idx(&ring->ring_state->prod_tail, ring->max_elems); -- /* TODO: tail == idx */ -+ if (idx < 0 || tail != idx) { -+ pr_dbg("invalid idx\n"); -+ return NULL; -+ } - - offset = idx * ring->elem_sz; - return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE); --- -2.20.1 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch deleted file mode 100644 index 7de5882b3e..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch +++ /dev/null @@ -1,39 +0,0 @@ -QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an -out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() -function. A local attacker with permission to execute i2c commands could exploit -this to read stack memory of the qemu process on the host. - -CVE: CVE-2019-3812 -Upstream-Status: Backport -Signed-off-by: Ross Burton - -From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 8 Jan 2019 11:23:01 +0100 -Subject: [PATCH] i2c-ddc: fix oob read -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Suggested-by: Michael Hanselmann -Signed-off-by: Gerd Hoffmann -Reviewed-by: Michael Hanselmann -Reviewed-by: Philippe Mathieu-Daudé -Message-id: 20190108102301.1957-1-kraxel@redhat.com ---- - hw/i2c/i2c-ddc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c -index be34fe072cf..0a0367ff38f 100644 ---- a/hw/i2c/i2c-ddc.c -+++ b/hw/i2c/i2c-ddc.c -@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c) - I2CDDCState *s = I2CDDC(i2c); - - int value; -- value = s->edid_blob[s->reg]; -+ value = s->edid_blob[s->reg % sizeof(s->edid_blob)]; - s->reg++; - return value; - } diff --git a/meta/recipes-devtools/qemu/qemu_3.1.0.bb b/meta/recipes-devtools/qemu/qemu_3.1.0.bb deleted file mode 100644 index 04d8bee99f..0000000000 --- a/meta/recipes-devtools/qemu/qemu_3.1.0.bb +++ /dev/null @@ -1,22 +0,0 @@ -BBCLASSEXTEND = "nativesdk" - -require qemu.inc - -DEPENDS = "glib-2.0 zlib pixman" - -RDEPENDS_${PN}_class-target += "bash" - -EXTRA_OECONF_append_class-target = " --target-list=${@get_qemu_target_list(d)}" -EXTRA_OECONF_append_class-nativesdk = " --target-list=${@get_qemu_target_list(d)}" - -do_install_append_class-nativesdk() { - ${@bb.utils.contains('PACKAGECONFIG', 'gtk+', 'make_qemu_wrapper', '', d)} -} - -PACKAGECONFIG ??= " \ - fdt sdl kvm \ - ${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \ -" -PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm" - - diff --git a/meta/recipes-devtools/qemu/qemu_4.0.0.bb b/meta/recipes-devtools/qemu/qemu_4.0.0.bb new file mode 100644 index 0000000000..247e0311ed --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu_4.0.0.bb @@ -0,0 +1,20 @@ +BBCLASSEXTEND = "nativesdk" + +require qemu.inc + +DEPENDS = "glib-2.0 zlib pixman" + +RDEPENDS_${PN}_class-target += "bash" + +EXTRA_OECONF_append_class-target = " --target-list=${@get_qemu_target_list(d)}" +EXTRA_OECONF_append_class-nativesdk = " --target-list=${@get_qemu_target_list(d)}" + +do_install_append_class-nativesdk() { + ${@bb.utils.contains('PACKAGECONFIG', 'gtk+', 'make_qemu_wrapper', '', d)} +} + +PACKAGECONFIG ??= " \ + fdt sdl kvm \ + ${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \ +" +PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm" -- cgit v1.2.3-54-g00ecf