qemu: upgrade 8.2.2 -> 8.2.3

This includes fix for: CVE-2024-26327, CVE-2024-26328 and CVE-2024-3447 General changelog for 8.2: https://wiki.qemu.org/ChangeLog/8.2 Droped 0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch, CVE-2024-3446 and CVE-2024-3567 since already contained the fix. (From OE-Core rev: 1a6d502c04fad0d190bb665e9d454b85c0853fcc) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Yogita Urade <yogita.urade@windriver.com> 2024-07-31 05:07:00 +0000
committer: Steve Sakoman <steve@sakoman.com> 2024-08-06 19:11:18 -0700
commit: aa02ad000da44a1516123a55af47bbc88b6583d7 (patch)
tree: 3abe3e6495eca2d66eef48a8c6ff36c5446fa793 /meta
parent: 9227b9c3261da7fb985e58f8aecca74a73c20561 (diff)
download: poky-aa02ad000da44a1516123a55af47bbc88b6583d7.tar.gz
10 files changed, 1 insertions, 331 deletions
diff --git a/meta/recipes-devtools/qemu/qemu-native_8.2.2.bb b/meta/recipes-devtools/qemu/qemu-native_8.2.3.bb
index a77953529b..a77953529b 100644
--- a/meta/recipes-devtools/qemu/qemu-native_8.2.2.bb
+++ b/meta/recipes-devtools/qemu/qemu-native_8.2.3.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.2.2.bb b/meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb
index 0634b34242..0634b34242 100644
--- a/meta/recipes-devtools/qemu/qemu-system-native_8.2.2.bb
+++ b/meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index e121ae70cc..41af9ca045 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -34,18 +34,12 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
           file://fixedmeson.patch \
           file://no-pip.patch \
           file://4a8579ad8629b57a43daa62e46cc7af6e1078116.patch \
-           file://0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch \
           file://0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch \
           file://0003-linux-user-Add-strace-for-shmat.patch \
           file://0004-linux-user-Rewrite-target_shmat.patch \
           file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \
           file://qemu-guest-agent.init \
           file://qemu-guest-agent.udev \
-           file://CVE-2024-3446-01.patch \
-           file://CVE-2024-3446-02.patch \
-           file://CVE-2024-3446-03.patch \
-           file://CVE-2024-3446-04.patch \
-           file://CVE-2024-3567.patch \
           "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
@@ -62,7 +56,7 @@ SRC_URI:append:class-native = " \
        file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \
        "
-SRC_URI[sha256sum] = "847346c1b82c1a54b2c38f6edbd85549edeb17430b7d4d3da12620e2962bc4f3"
+SRC_URI[sha256sum] = "dc747fb366809455317601c4876bd1f6829a32a23e83fb76e45ab12c2a569964"
 CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."
diff --git a/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch b/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch
deleted file mode 100644
index 2eaebe883c..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 4517e2046610722879761bcdb60edbb2b929c848 Mon Sep 17 00:00:00 2001
-From: Richard Henderson <richard.henderson@linaro.org>
-Date: Wed, 28 Feb 2024 10:25:14 -1000
-Subject: [PATCH 1/5] linux-user/x86_64: Handle the vsyscall page in
- open_self_maps_{2,4}
-This is the only case in which we expect to have no host memory backing
-for a guest memory page, because in general linux user processes cannot
-map any pages in the top half of the 64-bit address space.
-Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html]
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2170
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
- linux-user/syscall.c | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index a114f29a8..8307a8a61 100644
--- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -7922,6 +7922,10 @@ static void open_self_maps_4(const struct open_self_maps_data *d,
-         path = "[heap]";
-     } else if (start == info->vdso) {
-         path = "[vdso]";
-+#ifdef TARGET_X86_64
-+    } else if (start == TARGET_VSYSCALL_PAGE) {
-+        path = "[vsyscall]";
-+#endif
-     }
- 
-     /* Except null device (MAP_ANON), adjust offset for this fragment. */
-@@ -8010,6 +8014,18 @@ static int open_self_maps_2(void *opaque, target_ulong guest_start,
-     uintptr_t host_start = (uintptr_t)g2h_untagged(guest_start);
-     uintptr_t host_last = (uintptr_t)g2h_untagged(guest_end - 1);
- 
-+#ifdef TARGET_X86_64
-+    /*
-+     * Because of the extremely high position of the page within the guest
-+     * virtual address space, this is not backed by host memory at all.
-+     * Therefore the loop below would fail.  This is the only instance
-+     * of not having host backing memory.
-+     */
-+    if (guest_start == TARGET_VSYSCALL_PAGE) {
-+        return open_self_maps_3(opaque, guest_start, guest_end, flags);
-+    }
-+#endif
-+
-     while (1) {
-         IntervalTreeNode *n =
-             interval_tree_iter_first(d->host_maps, host_start, host_start);
-- 
-2.34.1
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch
deleted file mode 100644
index 15dbca92cd..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-rom eb546a3f49f45e6870ec91d792cd09f8a662c16e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
-Date: Thu, 4 Apr 2024 20:56:11 +0200
-Subject: [PATCH] hw/virtio: Introduce virtio_bh_new_guarded() helper
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Introduce virtio_bh_new_guarded(), similar to qemu_bh_new_guarded()
-but using the transport memory guard, instead of the device one
-(there can only be one virtio device per virtio bus).
-Inspired-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Message-Id: <20240409105537.18308-2-philmd@linaro.org>
-(cherry picked from commit ec0504b989ca61e03636384d3602b7bf07ffe4da)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/eb546a3f49f45e6870ec91d792cd09f8a662c16e]
-CVE: CVE-2024-3446
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
- hw/virtio/virtio.c         | 10 ++++++++++
- include/hw/virtio/virtio.h |  7 +++++++
- 2 files changed, 17 insertions(+)
-diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
-index 3a160f86e..8590b8971 100644
--- a/hw/virtio/virtio.c
-+++ b/hw/virtio/virtio.c
-@@ -4095,3 +4095,13 @@ static void virtio_register_types(void)
- }
- 
- type_init(virtio_register_types)
-+
-+QEMUBH *virtio_bh_new_guarded_full(DeviceState *dev,
-+                                   QEMUBHFunc *cb, void *opaque,
-+                                   const char *name)
-+{
-+    DeviceState *transport = qdev_get_parent_bus(dev)->parent;
-+
-+    return qemu_bh_new_full(cb, opaque, name,
-+                            &transport->mem_reentrancy_guard);
-+}
-diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
-index c8f72850b..7d5ffdc14 100644
--- a/include/hw/virtio/virtio.h
-+++ b/include/hw/virtio/virtio.h
-@@ -22,6 +22,7 @@
- #include "standard-headers/linux/virtio_config.h"
- #include "standard-headers/linux/virtio_ring.h"
- #include "qom/object.h"
-+#include "block/aio.h"
- 
- /*
-  * A guest should never accept this. It implies negotiation is broken
-@@ -508,4 +509,10 @@ static inline bool virtio_device_disabled(VirtIODevice *vdev)
- bool virtio_legacy_allowed(VirtIODevice *vdev);
- bool virtio_legacy_check_disabled(VirtIODevice *vdev);
- 
-+QEMUBH *virtio_bh_new_guarded_full(DeviceState *dev,
-+                                   QEMUBHFunc *cb, void *opaque,
-+                                   const char *name);
-+#define virtio_bh_new_guarded(dev, cb, opaque) \
-+    virtio_bh_new_guarded_full((dev), (cb), (opaque), (stringify(cb)))
-+
- #endif
-- 
-2.25.1
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch
deleted file mode 100644
index 843ed43ba8..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 4f01537ced3e787bd985b8f8de5869b92657160a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
-Date: Thu, 4 Apr 2024 20:56:41 +0200
-Subject: [PATCH] hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
-so the bus and device use the same guard. Otherwise the
-DMA-reentrancy protection can be bypassed.
-Fixes: CVE-2024-3446
-Cc: qemu-stable@nongnu.org
-Suggested-by: Alexander Bulekov <alxndr@bu.edu>
-Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Message-Id: <20240409105537.18308-5-philmd@linaro.org>
-(cherry picked from commit f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/4f01537ced3e787bd985b8f8de5869b92657160a]
-CVE: CVE-2024-3446
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
- hw/virtio/virtio-crypto.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
-index 0e2cc8d5a..4aaced74b 100644
--- a/hw/virtio/virtio-crypto.c
-+++ b/hw/virtio/virtio-crypto.c
-@@ -1080,8 +1080,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp)
-         vcrypto->vqs[i].dataq =
-                  virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh);
-         vcrypto->vqs[i].dataq_bh =
-                 qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i],
-                                     &dev->mem_reentrancy_guard);
-+                 virtio_bh_new_guarded(dev, virtio_crypto_dataq_bh,
-+                                       &vcrypto->vqs[i]);
-         vcrypto->vqs[i].vcrypto = vcrypto;
-     }
- 
-- 
-2.25.1
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch
deleted file mode 100644
index a24652dea3..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From fbeb0a160cbcc067c0e1f0d380cea4a31de213e3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
-Date: Thu, 4 Apr 2024 20:56:35 +0200
-Subject: [PATCH] hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
-so the bus and device use the same guard. Otherwise the
-DMA-reentrancy protection can be bypassed.
-Fixes: CVE-2024-3446
-Cc: qemu-stable@nongnu.org
-Suggested-by: Alexander Bulekov <alxndr@bu.edu>
-Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Message-Id: <20240409105537.18308-4-philmd@linaro.org>
-(cherry picked from commit b4295bff25f7b50de1d9cc94a9c6effd40056bca)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/fbeb0a160cbcc067c0e1f0d380cea4a31de213e3]
-CVE: CVE-2024-3446
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
- hw/char/virtio-serial-bus.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
-index dd619f073..1221fb7f1 100644
--- a/hw/char/virtio-serial-bus.c
-+++ b/hw/char/virtio-serial-bus.c
-@@ -985,8 +985,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
-         return;
-     }
- 
-    port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port,
-                                   &dev->mem_reentrancy_guard);
-+    port->bh = virtio_bh_new_guarded(dev, flush_queued_data_bh, port);
-     port->elem = NULL;
- }
- 
-- 
-2.25.1
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch
deleted file mode 100644
index 7f0293242d..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 1b2a52712b249e14d246cd9c7db126088e6e64db Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
-Date: Thu, 4 Apr 2024 20:56:27 +0200
-Subject: [PATCH] hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-qemu-system-i386: warning: Blocked re-entrant IO on MemoryRegion: virtio-pci-common-virtio-gpu at addr: 0x6
-Fixes: CVE-2024-3446
-Cc: qemu-stable@nongnu.org
-Reported-by: Alexander Bulekov <alxndr@bu.edu>
-Reported-by: Yongkang Jia <kangel@zju.edu.cn>
-Reported-by: Xiao Lei <nop.leixiao@gmail.com>
-Reported-by: Yiming Tao <taoym@zju.edu.cn>
-Buglink: https://bugs.launchpad.net/qemu/+bug/1888606
-Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Message-Id: <20240409105537.18308-3-philmd@linaro.org>
-(cherry picked from commit ba28e0ff4d95b56dc334aac2730ab3651ffc3132)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/1b2a52712b249e14d246cd9c7db126088e6e64db]
-CVE: CVE-2024-3446
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
- hw/display/virtio-gpu.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
-index b016d3bac..a7b16ba07 100644
--- a/hw/display/virtio-gpu.c
-+++ b/hw/display/virtio-gpu.c
-@@ -1463,10 +1463,8 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp)
- 
-     g->ctrl_vq = virtio_get_queue(vdev, 0);
-     g->cursor_vq = virtio_get_queue(vdev, 1);
-    g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g,
-                                     &qdev->mem_reentrancy_guard);
-    g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g,
-                                       &qdev->mem_reentrancy_guard);
-+    g->ctrl_bh = virtio_bh_new_guarded(qdev, virtio_gpu_ctrl_bh, g);
-+    g->cursor_bh = virtio_bh_new_guarded(qdev, virtio_gpu_cursor_bh, g);
-     g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g);
-     qemu_cond_init(&g->reset_cond);
-     QTAILQ_INIT(&g->reslist);
-- 
-2.25.1
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch
deleted file mode 100644
index f14178f881..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 1cfe45956e03070f894e91b304e233b4d5b99719 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
-Date: Tue, 9 Apr 2024 19:54:05 +0200
-Subject: [PATCH] hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-If a fragmented packet size is too short, do not try to
-calculate its checksum.
-Fixes: CVE-2024-3567
-Cc: qemu-stable@nongnu.org
-Reported-by: Zheyu Ma <zheyuma97@gmail.com>
-Fixes: f199b13bc1 ("igb: Implement Tx SCTP CSO")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2273
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
-Acked-by: Jason Wang <jasowang@redhat.com>
-Message-Id: <20240410070459.49112-1-philmd@linaro.org>
-(cherry picked from commit 83ddb3dbba2ee0f1767442ae6ee665058aeb1093)
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719]
-CVE: CVE-2024-3567
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
- hw/net/net_tx_pkt.c | 4 ++++
- 1 file changed, 4 insertions(+)
-diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
-index 2e5f58b3c..d40d508a1 100644
--- a/hw/net/net_tx_pkt.c
-+++ b/hw/net/net_tx_pkt.c
-@@ -141,6 +141,10 @@ bool net_tx_pkt_update_sctp_checksum(struct NetTxPkt *pkt)
-     uint32_t csum = 0;
-     struct iovec *pl_start_frag = pkt->vec + NET_TX_PKT_PL_START_FRAG;
- 
-+    if (iov_size(pl_start_frag, pkt->payload_frags) < 8 + sizeof(csum)) {
-+        return false;
-+    }
-+
-     if (iov_from_buf(pl_start_frag, pkt->payload_frags, 8, &csum, sizeof(csum)) < sizeof(csum)) {
-         return false;
-     }
-- 
-2.25.1
diff --git a/meta/recipes-devtools/qemu/qemu_8.2.2.bb b/meta/recipes-devtools/qemu/qemu_8.2.3.bb
index dc1352232e..dc1352232e 100644
--- a/meta/recipes-devtools/qemu/qemu_8.2.2.bb
+++ b/meta/recipes-devtools/qemu/qemu_8.2.3.bb
author	Yogita Urade <yogita.urade@windriver.com>	2024-07-31 05:07:00 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-08-06 19:11:18 -0700
commit	aa02ad000da44a1516123a55af47bbc88b6583d7 (patch)
tree	3abe3e6495eca2d66eef48a8c6ff36c5446fa793 /meta
parent	9227b9c3261da7fb985e58f8aecca74a73c20561 (diff)
download	poky-aa02ad000da44a1516123a55af47bbc88b6583d7.tar.gz

diff --git a/meta/recipes-devtools/qemu/qemu-native_8.2.2.bb b/meta/recipes-devtools/qemu/qemu-native_8.2.3.bb index a77953529b..a77953529b 100644 --- a/meta/recipes-devtools/qemu/qemu-native_8.2.2.bb +++ b/meta/recipes-devtools/qemu/qemu-native_8.2.3.bb


diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.2.2.bb b/meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb index 0634b34242..0634b34242 100644 --- a/meta/recipes-devtools/qemu/qemu-system-native_8.2.2.bb +++ b/meta/recipes-devtools/qemu/qemu-system-native_8.2.3.bb


diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index e121ae70cc..41af9ca045 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -34,18 +34,12 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
34	file://fixedmeson.patch \	34	file://fixedmeson.patch \
35	file://no-pip.patch \	35	file://no-pip.patch \
36	file://4a8579ad8629b57a43daa62e46cc7af6e1078116.patch \	36	file://4a8579ad8629b57a43daa62e46cc7af6e1078116.patch \
37	file://0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch \
38	file://0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch \	37	file://0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch \
39	file://0003-linux-user-Add-strace-for-shmat.patch \	38	file://0003-linux-user-Add-strace-for-shmat.patch \
40	file://0004-linux-user-Rewrite-target_shmat.patch \	39	file://0004-linux-user-Rewrite-target_shmat.patch \
41	file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \	40	file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \
42	file://qemu-guest-agent.init \	41	file://qemu-guest-agent.init \
43	file://qemu-guest-agent.udev \	42	file://qemu-guest-agent.udev \
44	file://CVE-2024-3446-01.patch \
45	file://CVE-2024-3446-02.patch \
46	file://CVE-2024-3446-03.patch \
47	file://CVE-2024-3446-04.patch \
48	file://CVE-2024-3567.patch \
49	"	43	"
50	UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"	44	UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
51		45
@@ -62,7 +56,7 @@ SRC_URI:append:class-native = " \
62	file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \	56	file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \
63	"	57	"
64		58
65	SRC_URI[sha256sum] = "847346c1b82c1a54b2c38f6edbd85549edeb17430b7d4d3da12620e2962bc4f3"	59	SRC_URI[sha256sum] = "dc747fb366809455317601c4876bd1f6829a32a23e83fb76e45ab12c2a569964"
66		60
67	CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."	61	CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."
68		62


diff --git a/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch b/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch deleted file mode 100644 index 2eaebe883c..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch +++ /dev/null
@@ -1,56 +0,0 @@
1	From 4517e2046610722879761bcdb60edbb2b929c848 Mon Sep 17 00:00:00 2001
2	From: Richard Henderson <richard.henderson@linaro.org>
3	Date: Wed, 28 Feb 2024 10:25:14 -1000
4	Subject: [PATCH 1/5] linux-user/x86_64: Handle the vsyscall page in
5	open_self_maps_{2,4}
6
7	This is the only case in which we expect to have no host memory backing
8	for a guest memory page, because in general linux user processes cannot
9	map any pages in the top half of the 64-bit address space.
10
11	Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html]
12
13	Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2170
14	Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
15	Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
16	---
17	linux-user/syscall.c \| 16 ++++++++++++++++
18	1 file changed, 16 insertions(+)
19
20	diff --git a/linux-user/syscall.c b/linux-user/syscall.c
21	index a114f29a8..8307a8a61 100644
22	--- a/linux-user/syscall.c
23	+++ b/linux-user/syscall.c
24	@@ -7922,6 +7922,10 @@ static void open_self_maps_4(const struct open_self_maps_data *d,
25	path = "[heap]";
26	} else if (start == info->vdso) {
27	path = "[vdso]";
28	+#ifdef TARGET_X86_64
29	+ } else if (start == TARGET_VSYSCALL_PAGE) {
30	+ path = "[vsyscall]";
31	+#endif
32	}
33
34	/* Except null device (MAP_ANON), adjust offset for this fragment. */
35	@@ -8010,6 +8014,18 @@ static int open_self_maps_2(void *opaque, target_ulong guest_start,
36	uintptr_t host_start = (uintptr_t)g2h_untagged(guest_start);
37	uintptr_t host_last = (uintptr_t)g2h_untagged(guest_end - 1);
38
39	+#ifdef TARGET_X86_64
40	+ /*
41	+ * Because of the extremely high position of the page within the guest
42	+ * virtual address space, this is not backed by host memory at all.
43	+ * Therefore the loop below would fail. This is the only instance
44	+ * of not having host backing memory.
45	+ */
46	+ if (guest_start == TARGET_VSYSCALL_PAGE) {
47	+ return open_self_maps_3(opaque, guest_start, guest_end, flags);
48	+ }
49	+#endif
50	+
51	while (1) {
52	IntervalTreeNode *n =
53	interval_tree_iter_first(d->host_maps, host_start, host_start);
54	--
55	2.34.1
56


diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch deleted file mode 100644 index 15dbca92cd..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-01.patch +++ /dev/null
@@ -1,73 +0,0 @@
1	rom eb546a3f49f45e6870ec91d792cd09f8a662c16e Mon Sep 17 00:00:00 2001
2	From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
3	Date: Thu, 4 Apr 2024 20:56:11 +0200
4	Subject: [PATCH] hw/virtio: Introduce virtio_bh_new_guarded() helper
5	MIME-Version: 1.0
6	Content-Type: text/plain; charset=UTF-8
7	Content-Transfer-Encoding: 8bit
8
9	Introduce virtio_bh_new_guarded(), similar to qemu_bh_new_guarded()
10	but using the transport memory guard, instead of the device one
11	(there can only be one virtio device per virtio bus).
12
13	Inspired-by: Gerd Hoffmann <kraxel@redhat.com>
14	Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
15	Acked-by: Michael S. Tsirkin <mst@redhat.com>
16	Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
17	Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
18	Message-Id: <20240409105537.18308-2-philmd@linaro.org>
19	(cherry picked from commit ec0504b989ca61e03636384d3602b7bf07ffe4da)
20	Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
21
22	Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/eb546a3f49f45e6870ec91d792cd09f8a662c16e]
23	CVE: CVE-2024-3446
24	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
25	---
26	hw/virtio/virtio.c \| 10 ++++++++++
27	include/hw/virtio/virtio.h \| 7 +++++++
28	2 files changed, 17 insertions(+)
29
30	diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
31	index 3a160f86e..8590b8971 100644
32	--- a/hw/virtio/virtio.c
33	+++ b/hw/virtio/virtio.c
34	@@ -4095,3 +4095,13 @@ static void virtio_register_types(void)
35	}
36
37	type_init(virtio_register_types)
38	+
39	+QEMUBH virtio_bh_new_guarded_full(DeviceState dev,
40	+ QEMUBHFunc cb, void opaque,
41	+ const char *name)
42	+{
43	+ DeviceState *transport = qdev_get_parent_bus(dev)->parent;
44	+
45	+ return qemu_bh_new_full(cb, opaque, name,
46	+ &transport->mem_reentrancy_guard);
47	+}
48	diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
49	index c8f72850b..7d5ffdc14 100644
50	--- a/include/hw/virtio/virtio.h
51	+++ b/include/hw/virtio/virtio.h
52	@@ -22,6 +22,7 @@
53	#include "standard-headers/linux/virtio_config.h"
54	#include "standard-headers/linux/virtio_ring.h"
55	#include "qom/object.h"
56	+#include "block/aio.h"
57
58	/*
59	* A guest should never accept this. It implies negotiation is broken
60	@@ -508,4 +509,10 @@ static inline bool virtio_device_disabled(VirtIODevice *vdev)
61	bool virtio_legacy_allowed(VirtIODevice *vdev);
62	bool virtio_legacy_check_disabled(VirtIODevice *vdev);
63
64	+QEMUBH virtio_bh_new_guarded_full(DeviceState dev,
65	+ QEMUBHFunc cb, void opaque,
66	+ const char *name);
67	+#define virtio_bh_new_guarded(dev, cb, opaque) \
68	+ virtio_bh_new_guarded_full((dev), (cb), (opaque), (stringify(cb)))
69	+
70	#endif
71	--
72	2.25.1
73


diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch deleted file mode 100644 index 843ed43ba8..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-02.patch +++ /dev/null
@@ -1,48 +0,0 @@
1	From 4f01537ced3e787bd985b8f8de5869b92657160a Mon Sep 17 00:00:00 2001
2	From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
3	Date: Thu, 4 Apr 2024 20:56:41 +0200
4	Subject: [PATCH] hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
5	MIME-Version: 1.0
6	Content-Type: text/plain; charset=UTF-8
7	Content-Transfer-Encoding: 8bit
8
9	Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
10	so the bus and device use the same guard. Otherwise the
11	DMA-reentrancy protection can be bypassed.
12
13	Fixes: CVE-2024-3446
14	Cc: qemu-stable@nongnu.org
15	Suggested-by: Alexander Bulekov <alxndr@bu.edu>
16	Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
17	Acked-by: Michael S. Tsirkin <mst@redhat.com>
18	Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
19	Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
20	Message-Id: <20240409105537.18308-5-philmd@linaro.org>
21	(cherry picked from commit f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc)
22	Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
23
24	Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/4f01537ced3e787bd985b8f8de5869b92657160a]
25	CVE: CVE-2024-3446
26	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
27	---
28	hw/virtio/virtio-crypto.c \| 4 ++--
29	1 file changed, 2 insertions(+), 2 deletions(-)
30
31	diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
32	index 0e2cc8d5a..4aaced74b 100644
33	--- a/hw/virtio/virtio-crypto.c
34	+++ b/hw/virtio/virtio-crypto.c
35	@@ -1080,8 +1080,8 @@ static void virtio_crypto_device_realize(DeviceState dev, Error *errp)
36	vcrypto->vqs[i].dataq =
37	virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh);
38	vcrypto->vqs[i].dataq_bh =
39	- qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i],
40	- &dev->mem_reentrancy_guard);
41	+ virtio_bh_new_guarded(dev, virtio_crypto_dataq_bh,
42	+ &vcrypto->vqs[i]);
43	vcrypto->vqs[i].vcrypto = vcrypto;
44	}
45
46	--
47	2.25.1
48


diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch deleted file mode 100644 index a24652dea3..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-03.patch +++ /dev/null
@@ -1,47 +0,0 @@
1	From fbeb0a160cbcc067c0e1f0d380cea4a31de213e3 Mon Sep 17 00:00:00 2001
2	From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
3	Date: Thu, 4 Apr 2024 20:56:35 +0200
4	Subject: [PATCH] hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
5	MIME-Version: 1.0
6	Content-Type: text/plain; charset=UTF-8
7	Content-Transfer-Encoding: 8bit
8
9	Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
10	so the bus and device use the same guard. Otherwise the
11	DMA-reentrancy protection can be bypassed.
12
13	Fixes: CVE-2024-3446
14	Cc: qemu-stable@nongnu.org
15	Suggested-by: Alexander Bulekov <alxndr@bu.edu>
16	Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
17	Acked-by: Michael S. Tsirkin <mst@redhat.com>
18	Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
19	Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
20	Message-Id: <20240409105537.18308-4-philmd@linaro.org>
21	(cherry picked from commit b4295bff25f7b50de1d9cc94a9c6effd40056bca)
22	Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
23
24	Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/fbeb0a160cbcc067c0e1f0d380cea4a31de213e3]
25	CVE: CVE-2024-3446
26	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
27	---
28	hw/char/virtio-serial-bus.c \| 3 +--
29	1 file changed, 1 insertion(+), 2 deletions(-)
30
31	diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
32	index dd619f073..1221fb7f1 100644
33	--- a/hw/char/virtio-serial-bus.c
34	+++ b/hw/char/virtio-serial-bus.c
35	@@ -985,8 +985,7 @@ static void virtser_port_device_realize(DeviceState dev, Error *errp)
36	return;
37	}
38
39	- port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port,
40	- &dev->mem_reentrancy_guard);
41	+ port->bh = virtio_bh_new_guarded(dev, flush_queued_data_bh, port);
42	port->elem = NULL;
43	}
44
45	--
46	2.25.1
47


diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch deleted file mode 100644 index 7f0293242d..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-3446-04.patch +++ /dev/null
@@ -1,52 +0,0 @@
1	From 1b2a52712b249e14d246cd9c7db126088e6e64db Mon Sep 17 00:00:00 2001
2	From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
3	Date: Thu, 4 Apr 2024 20:56:27 +0200
4	Subject: [PATCH] hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
5	MIME-Version: 1.0
6	Content-Type: text/plain; charset=UTF-8
7	Content-Transfer-Encoding: 8bit
8
9	qemu-system-i386: warning: Blocked re-entrant IO on MemoryRegion: virtio-pci-common-virtio-gpu at addr: 0x6
10
11	Fixes: CVE-2024-3446
12	Cc: qemu-stable@nongnu.org
13	Reported-by: Alexander Bulekov <alxndr@bu.edu>
14	Reported-by: Yongkang Jia <kangel@zju.edu.cn>
15	Reported-by: Xiao Lei <nop.leixiao@gmail.com>
16	Reported-by: Yiming Tao <taoym@zju.edu.cn>
17	Buglink: https://bugs.launchpad.net/qemu/+bug/1888606
18	Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
19	Acked-by: Michael S. Tsirkin <mst@redhat.com>
20	Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
21	Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
22	Message-Id: <20240409105537.18308-3-philmd@linaro.org>
23	(cherry picked from commit ba28e0ff4d95b56dc334aac2730ab3651ffc3132)
24	Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
25
26	Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/1b2a52712b249e14d246cd9c7db126088e6e64db]
27	CVE: CVE-2024-3446
28	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
29	---
30	hw/display/virtio-gpu.c \| 6 ++----
31	1 file changed, 2 insertions(+), 4 deletions(-)
32
33	diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
34	index b016d3bac..a7b16ba07 100644
35	--- a/hw/display/virtio-gpu.c
36	+++ b/hw/display/virtio-gpu.c
37	@@ -1463,10 +1463,8 @@ void virtio_gpu_device_realize(DeviceState qdev, Error *errp)
38
39	g->ctrl_vq = virtio_get_queue(vdev, 0);
40	g->cursor_vq = virtio_get_queue(vdev, 1);
41	- g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g,
42	- &qdev->mem_reentrancy_guard);
43	- g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g,
44	- &qdev->mem_reentrancy_guard);
45	+ g->ctrl_bh = virtio_bh_new_guarded(qdev, virtio_gpu_ctrl_bh, g);
46	+ g->cursor_bh = virtio_bh_new_guarded(qdev, virtio_gpu_cursor_bh, g);
47	g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g);
48	qemu_cond_init(&g->reset_cond);
49	QTAILQ_INIT(&g->reslist);
50	--
51	2.25.1
52


diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch deleted file mode 100644 index f14178f881..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2024-3567.patch +++ /dev/null
@@ -1,48 +0,0 @@
1	From 1cfe45956e03070f894e91b304e233b4d5b99719 Mon Sep 17 00:00:00 2001
2	From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
3	Date: Tue, 9 Apr 2024 19:54:05 +0200
4	Subject: [PATCH] hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
5	MIME-Version: 1.0
6	Content-Type: text/plain; charset=UTF-8
7	Content-Transfer-Encoding: 8bit
8
9	If a fragmented packet size is too short, do not try to
10	calculate its checksum.
11
12	Fixes: CVE-2024-3567
13	Cc: qemu-stable@nongnu.org
14	Reported-by: Zheyu Ma <zheyuma97@gmail.com>
15	Fixes: f199b13bc1 ("igb: Implement Tx SCTP CSO")
16	Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2273
17	Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
18	Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
19	Acked-by: Jason Wang <jasowang@redhat.com>
20	Message-Id: <20240410070459.49112-1-philmd@linaro.org>
21	(cherry picked from commit 83ddb3dbba2ee0f1767442ae6ee665058aeb1093)
22	Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
23
24	Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719]
25	CVE: CVE-2024-3567
26	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
27	---
28	hw/net/net_tx_pkt.c \| 4 ++++
29	1 file changed, 4 insertions(+)
30
31	diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
32	index 2e5f58b3c..d40d508a1 100644
33	--- a/hw/net/net_tx_pkt.c
34	+++ b/hw/net/net_tx_pkt.c
35	@@ -141,6 +141,10 @@ bool net_tx_pkt_update_sctp_checksum(struct NetTxPkt *pkt)
36	uint32_t csum = 0;
37	struct iovec *pl_start_frag = pkt->vec + NET_TX_PKT_PL_START_FRAG;
38
39	+ if (iov_size(pl_start_frag, pkt->payload_frags) < 8 + sizeof(csum)) {
40	+ return false;
41	+ }
42	+
43	if (iov_from_buf(pl_start_frag, pkt->payload_frags, 8, &csum, sizeof(csum)) < sizeof(csum)) {
44	return false;
45	}
46	--
47	2.25.1
48


diff --git a/meta/recipes-devtools/qemu/qemu_8.2.2.bb b/meta/recipes-devtools/qemu/qemu_8.2.3.bb index dc1352232e..dc1352232e 100644 --- a/meta/recipes-devtools/qemu/qemu_8.2.2.bb +++ b/meta/recipes-devtools/qemu/qemu_8.2.3.bb