diff options
Diffstat (limited to 'external/poky/meta/recipes-devtools/qemu/qemu')
10 files changed, 835 insertions, 63 deletions
diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch b/external/poky/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch new file mode 100644 index 00000000..767b200b --- /dev/null +++ b/external/poky/meta/recipes-devtools/qemu/qemu/0001-linux-user-assume-__NR_gettid-always-exists.patch @@ -0,0 +1,49 @@ +From 184943d827ce09375284e6fbb9fd5eeb9e369529 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> +Date: Wed, 20 Mar 2019 16:18:41 +0000 +Subject: [PATCH] linux-user: assume __NR_gettid always exists +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The gettid syscall was introduced in Linux 2.4.11. This is old enough +that we can assume it always exists and thus not bother with the +conditional backcompat logic. + +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> +Reviewed-by: Laurent Vivier <laurent@vivier.eu> +Message-Id: <20190320161842.13908-2-berrange@redhat.com> +Signed-off-by: Laurent Vivier <laurent@vivier.eu> + +Upstream-Status: Backport +dependancy patch for fix + +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +--- + + + linux-user/syscall.c | 8 -------- + 1 file changed, 8 deletions(-) + +Index: qemu-3.0.0/linux-user/syscall.c +=================================================================== +--- qemu-3.0.0.orig/linux-user/syscall.c ++++ qemu-3.0.0/linux-user/syscall.c +@@ -251,15 +251,7 @@ static type name (type1 arg1,type2 arg2, + #define TARGET_NR__llseek TARGET_NR_llseek + #endif + +-#ifdef __NR_gettid + _syscall0(int, gettid) +-#else +-/* This is a replacement for the host gettid() and must return a host +- errno. */ +-static int gettid(void) { +- return -ENOSYS; +-} +-#endif + + /* For the 64-bit guest on 32-bit host case we must emulate + * getdents using getdents64, because otherwise the host diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch b/external/poky/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch new file mode 100644 index 00000000..ab3b71d7 --- /dev/null +++ b/external/poky/meta/recipes-devtools/qemu/qemu/0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch @@ -0,0 +1,95 @@ +From 71ba74f67eaca21b0cc9d96f534ad3b9a7161400 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> +Date: Wed, 20 Mar 2019 16:18:42 +0000 +Subject: [PATCH] linux-user: rename gettid() to sys_gettid() to avoid clash + with glibc +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The glibc-2.29.9000-6.fc31.x86_64 package finally includes the gettid() +function as part of unistd.h when __USE_GNU is defined. This clashes +with linux-user code which unconditionally defines this function name +itself. + +/home/berrange/src/virt/qemu/linux-user/syscall.c:253:16: error: static declaration of ‘gettid’ follows non-static declaration + 253 | _syscall0(int, gettid) + | ^~~~~~ +/home/berrange/src/virt/qemu/linux-user/syscall.c:184:13: note: in definition of macro ‘_syscall0’ + 184 | static type name (void) \ + | ^~~~ +In file included from /usr/include/unistd.h:1170, + from /home/berrange/src/virt/qemu/include/qemu/osdep.h:107, + from /home/berrange/src/virt/qemu/linux-user/syscall.c:20: +/usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ was here + 34 | extern __pid_t gettid (void) __THROW; + | ^~~~~~ + CC aarch64-linux-user/linux-user/signal.o +make[1]: *** [/home/berrange/src/virt/qemu/rules.mak:69: linux-user/syscall.o] Error 1 +make[1]: *** Waiting for unfinished jobs.... +make: *** [Makefile:449: subdir-aarch64-linux-user] Error 2 + +While we could make our definition conditional and rely on glibc's impl, +this patch simply renames our definition to sys_gettid() which is a +common pattern in this file. + +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> +Reviewed-by: Richard Henderson <richard.henderson@linaro.org> +Reviewed-by: Laurent Vivier <laurent@vivier.eu> +Message-Id: <20190320161842.13908-3-berrange@redhat.com> +Signed-off-by: Laurent Vivier <laurent@vivier.eu> + +Upstream-status: Backport + +Fixes issue found on tumbleweed-ty-1 +Yocto bug: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13577 +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +--- + linux-user/syscall.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +Index: qemu-3.0.0/linux-user/syscall.c +=================================================================== +--- qemu-3.0.0.orig/linux-user/syscall.c ++++ qemu-3.0.0/linux-user/syscall.c +@@ -251,7 +251,8 @@ static type name (type1 arg1,type2 arg2, + #define TARGET_NR__llseek TARGET_NR_llseek + #endif + +-_syscall0(int, gettid) ++#define __NR_sys_gettid __NR_gettid ++_syscall0(int, sys_gettid) + + /* For the 64-bit guest on 32-bit host case we must emulate + * getdents using getdents64, because otherwise the host +@@ -6483,7 +6484,7 @@ static void *clone_func(void *arg) + cpu = ENV_GET_CPU(env); + thread_cpu = cpu; + ts = (TaskState *)cpu->opaque; +- info->tid = gettid(); ++ info->tid = sys_gettid(); + task_settid(ts); + if (info->child_tidptr) + put_user_u32(info->tid, info->child_tidptr); +@@ -6628,9 +6629,9 @@ static int do_fork(CPUArchState *env, un + mapping. We can't repeat the spinlock hack used above because + the child process gets its own copy of the lock. */ + if (flags & CLONE_CHILD_SETTID) +- put_user_u32(gettid(), child_tidptr); ++ put_user_u32(sys_gettid(), child_tidptr); + if (flags & CLONE_PARENT_SETTID) +- put_user_u32(gettid(), parent_tidptr); ++ put_user_u32(sys_gettid(), parent_tidptr); + ts = (TaskState *)cpu->opaque; + if (flags & CLONE_SETTLS) + cpu_set_tls (env, newtls); +@@ -11876,7 +11877,7 @@ abi_long do_syscall(void *cpu_env, int n + break; + #endif + case TARGET_NR_gettid: +- ret = get_errno(gettid()); ++ ret = get_errno(sys_gettid()); + break; + #ifdef TARGET_NR_readahead + case TARGET_NR_readahead: diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/external/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch index 8a9141ac..03ec2c90 100644 --- a/external/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch +++ b/external/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch @@ -18,11 +18,11 @@ Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> 2 files changed, 29 insertions(+) create mode 100644 custom_debug.h -diff --git a/cpus.c b/cpus.c -index 38eba8bff3..b84a60a4f3 100644 ---- a/cpus.c -+++ b/cpus.c -@@ -1690,6 +1690,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg) +Index: qemu-3.0.0/cpus.c +=================================================================== +--- qemu-3.0.0.orig/cpus.c ++++ qemu-3.0.0/cpus.c +@@ -1693,6 +1693,8 @@ static void *qemu_tcg_cpu_thread_fn(void return NULL; } @@ -31,7 +31,7 @@ index 38eba8bff3..b84a60a4f3 100644 static void qemu_cpu_kick_thread(CPUState *cpu) { #ifndef _WIN32 -@@ -1702,6 +1704,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu) +@@ -1705,6 +1707,9 @@ static void qemu_cpu_kick_thread(CPUStat err = pthread_kill(cpu->thread->thread, SIG_IPI); if (err) { fprintf(stderr, "qemu:%s: %s", __func__, strerror(err)); @@ -41,11 +41,10 @@ index 38eba8bff3..b84a60a4f3 100644 exit(1); } #else /* _WIN32 */ -diff --git a/custom_debug.h b/custom_debug.h -new file mode 100644 -index 0000000000..f029e45547 +Index: qemu-3.0.0/custom_debug.h +=================================================================== --- /dev/null -+++ b/custom_debug.h ++++ qemu-3.0.0/custom_debug.h @@ -0,0 +1,24 @@ +#include <execinfo.h> +#include <stdio.h> diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch b/external/poky/meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch new file mode 100644 index 00000000..31a7c948 --- /dev/null +++ b/external/poky/meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch @@ -0,0 +1,336 @@ +From 8104018ba4c66e568d2583a3a0ee940851ee7471 Mon Sep 17 00:00:00 2001 +From: Daniel P. Berrangé <berrange@redhat.com> +Date: Tue, 23 Jul 2019 17:50:00 +0200 +Subject: [PATCH] linux-user: fix to handle variably sized SIOCGSTAMP with new + kernels +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The SIOCGSTAMP symbol was previously defined in the +asm-generic/sockios.h header file. QEMU sees that header +indirectly via sys/socket.h + +In linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115 +the asm-generic/sockios.h header no longer defines SIOCGSTAMP. +Instead it provides only SIOCGSTAMP_OLD, which only uses a +32-bit time_t on 32-bit architectures. + +The linux/sockios.h header then defines SIOCGSTAMP using +either SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. If +SIOCGSTAMP_NEW is used, then the tv_sec field is 64-bit even +on 32-bit architectures + +To cope with this we must now convert the old and new type from +the target to the host one. + +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> +Signed-off-by: Laurent Vivier <laurent@vivier.eu> +Reviewed-by: Arnd Bergmann <arnd@arndb.de> +Message-Id: <20190718130641.15294-1-laurent@vivier.eu> +Signed-off-by: Laurent Vivier <laurent@vivier.eu> +Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> +--- +Uptream-status: Backport (upstream commit: 6d5d5dde9adb5acb32e6b8e3dfbf47fff0f308d2) + + linux-user/ioctls.h | 21 +++++- + linux-user/syscall.c | 140 +++++++++++++++++++++++++++++-------- + linux-user/syscall_defs.h | 30 +++++++- + linux-user/syscall_types.h | 6 -- + 4 files changed, 159 insertions(+), 38 deletions(-) + +Index: qemu-3.0.0/linux-user/ioctls.h +=================================================================== +--- qemu-3.0.0.orig/linux-user/ioctls.h ++++ qemu-3.0.0/linux-user/ioctls.h +@@ -173,8 +173,25 @@ + IOCTL(SIOCGRARP, IOC_R, MK_PTR(MK_STRUCT(STRUCT_arpreq))) + IOCTL(SIOCGIWNAME, IOC_W | IOC_R, MK_PTR(MK_STRUCT(STRUCT_char_ifreq))) + IOCTL(SIOCGPGRP, IOC_R, MK_PTR(TYPE_INT)) /* pid_t */ +- IOCTL(SIOCGSTAMP, IOC_R, MK_PTR(MK_STRUCT(STRUCT_timeval))) +- IOCTL(SIOCGSTAMPNS, IOC_R, MK_PTR(MK_STRUCT(STRUCT_timespec))) ++ ++ /* ++ * We can't use IOCTL_SPECIAL() because it will set ++ * host_cmd to XXX_OLD and XXX_NEW and these macros ++ * are not defined with kernel prior to 5.2. ++ * We must set host_cmd to the same value as in target_cmd ++ * otherwise the consistency check in syscall_init() ++ * will trigger an error. ++ * host_cmd is ignored by the do_ioctl_XXX() helpers. ++ * FIXME: create a macro to define this kind of entry ++ */ ++ { TARGET_SIOCGSTAMP_OLD, TARGET_SIOCGSTAMP_OLD, ++ "SIOCGSTAMP_OLD", IOC_R, do_ioctl_SIOCGSTAMP }, ++ { TARGET_SIOCGSTAMPNS_OLD, TARGET_SIOCGSTAMPNS_OLD, ++ "SIOCGSTAMPNS_OLD", IOC_R, do_ioctl_SIOCGSTAMPNS }, ++ { TARGET_SIOCGSTAMP_NEW, TARGET_SIOCGSTAMP_NEW, ++ "SIOCGSTAMP_NEW", IOC_R, do_ioctl_SIOCGSTAMP }, ++ { TARGET_SIOCGSTAMPNS_NEW, TARGET_SIOCGSTAMPNS_NEW, ++ "SIOCGSTAMPNS_NEW", IOC_R, do_ioctl_SIOCGSTAMPNS }, + + IOCTL(RNDGETENTCNT, IOC_R, MK_PTR(TYPE_INT)) + IOCTL(RNDADDTOENTCNT, IOC_W, MK_PTR(TYPE_INT)) +Index: qemu-3.0.0/linux-user/syscall.c +=================================================================== +--- qemu-3.0.0.orig/linux-user/syscall.c ++++ qemu-3.0.0/linux-user/syscall.c +@@ -37,6 +37,7 @@ + #include <sched.h> + #include <sys/timex.h> + #include <sys/socket.h> ++#include <linux/sockios.h> + #include <sys/un.h> + #include <sys/uio.h> + #include <poll.h> +@@ -1391,8 +1392,9 @@ static inline abi_long copy_from_user_ti + { + struct target_timeval *target_tv; + +- if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1)) ++ if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1)) { + return -TARGET_EFAULT; ++ } + + __get_user(tv->tv_sec, &target_tv->tv_sec); + __get_user(tv->tv_usec, &target_tv->tv_usec); +@@ -1407,8 +1409,26 @@ static inline abi_long copy_to_user_time + { + struct target_timeval *target_tv; + +- if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) ++ if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) { ++ return -TARGET_EFAULT; ++ } ++ ++ __put_user(tv->tv_sec, &target_tv->tv_sec); ++ __put_user(tv->tv_usec, &target_tv->tv_usec); ++ ++ unlock_user_struct(target_tv, target_tv_addr, 1); ++ ++ return 0; ++} ++ ++static inline abi_long copy_to_user_timeval64(abi_ulong target_tv_addr, ++ const struct timeval *tv) ++{ ++ struct target__kernel_sock_timeval *target_tv; ++ ++ if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) { + return -TARGET_EFAULT; ++ } + + __put_user(tv->tv_sec, &target_tv->tv_sec); + __put_user(tv->tv_usec, &target_tv->tv_usec); +@@ -1418,6 +1438,48 @@ static inline abi_long copy_to_user_time + return 0; + } + ++static inline abi_long target_to_host_timespec(struct timespec *host_ts, ++ abi_ulong target_addr) ++{ ++ struct target_timespec *target_ts; ++ ++ if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) { ++ return -TARGET_EFAULT; ++ } ++ __get_user(host_ts->tv_sec, &target_ts->tv_sec); ++ __get_user(host_ts->tv_nsec, &target_ts->tv_nsec); ++ unlock_user_struct(target_ts, target_addr, 0); ++ return 0; ++} ++ ++static inline abi_long host_to_target_timespec(abi_ulong target_addr, ++ struct timespec *host_ts) ++{ ++ struct target_timespec *target_ts; ++ ++ if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) { ++ return -TARGET_EFAULT; ++ } ++ __put_user(host_ts->tv_sec, &target_ts->tv_sec); ++ __put_user(host_ts->tv_nsec, &target_ts->tv_nsec); ++ unlock_user_struct(target_ts, target_addr, 1); ++ return 0; ++} ++ ++static inline abi_long host_to_target_timespec64(abi_ulong target_addr, ++ struct timespec *host_ts) ++{ ++ struct target__kernel_timespec *target_ts; ++ ++ if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) { ++ return -TARGET_EFAULT; ++ } ++ __put_user(host_ts->tv_sec, &target_ts->tv_sec); ++ __put_user(host_ts->tv_nsec, &target_ts->tv_nsec); ++ unlock_user_struct(target_ts, target_addr, 1); ++ return 0; ++} ++ + static inline abi_long copy_from_user_timezone(struct timezone *tz, + abi_ulong target_tz_addr) + { +@@ -5733,6 +5795,54 @@ static abi_long do_ioctl_kdsigaccept(con + return get_errno(safe_ioctl(fd, ie->host_cmd, sig)); + } + ++static abi_long do_ioctl_SIOCGSTAMP(const IOCTLEntry *ie, uint8_t *buf_temp, ++ int fd, int cmd, abi_long arg) ++{ ++ struct timeval tv; ++ abi_long ret; ++ ++ ret = get_errno(safe_ioctl(fd, SIOCGSTAMP, &tv)); ++ if (is_error(ret)) { ++ return ret; ++ } ++ ++ if (cmd == (int)TARGET_SIOCGSTAMP_OLD) { ++ if (copy_to_user_timeval(arg, &tv)) { ++ return -TARGET_EFAULT; ++ } ++ } else { ++ if (copy_to_user_timeval64(arg, &tv)) { ++ return -TARGET_EFAULT; ++ } ++ } ++ ++ return ret; ++} ++ ++static abi_long do_ioctl_SIOCGSTAMPNS(const IOCTLEntry *ie, uint8_t *buf_temp, ++ int fd, int cmd, abi_long arg) ++{ ++ struct timespec ts; ++ abi_long ret; ++ ++ ret = get_errno(safe_ioctl(fd, SIOCGSTAMPNS, &ts)); ++ if (is_error(ret)) { ++ return ret; ++ } ++ ++ if (cmd == (int)TARGET_SIOCGSTAMPNS_OLD) { ++ if (host_to_target_timespec(arg, &ts)) { ++ return -TARGET_EFAULT; ++ } ++ } else{ ++ if (host_to_target_timespec64(arg, &ts)) { ++ return -TARGET_EFAULT; ++ } ++ } ++ ++ return ret; ++} ++ + #ifdef TIOCGPTPEER + static abi_long do_ioctl_tiocgptpeer(const IOCTLEntry *ie, uint8_t *buf_temp, + int fd, int cmd, abi_long arg) +@@ -7106,32 +7216,6 @@ static inline abi_long target_ftruncate6 + } + #endif + +-static inline abi_long target_to_host_timespec(struct timespec *host_ts, +- abi_ulong target_addr) +-{ +- struct target_timespec *target_ts; +- +- if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) +- return -TARGET_EFAULT; +- __get_user(host_ts->tv_sec, &target_ts->tv_sec); +- __get_user(host_ts->tv_nsec, &target_ts->tv_nsec); +- unlock_user_struct(target_ts, target_addr, 0); +- return 0; +-} +- +-static inline abi_long host_to_target_timespec(abi_ulong target_addr, +- struct timespec *host_ts) +-{ +- struct target_timespec *target_ts; +- +- if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) +- return -TARGET_EFAULT; +- __put_user(host_ts->tv_sec, &target_ts->tv_sec); +- __put_user(host_ts->tv_nsec, &target_ts->tv_nsec); +- unlock_user_struct(target_ts, target_addr, 1); +- return 0; +-} +- + static inline abi_long target_to_host_itimerspec(struct itimerspec *host_itspec, + abi_ulong target_addr) + { +Index: qemu-3.0.0/linux-user/syscall_defs.h +=================================================================== +--- qemu-3.0.0.orig/linux-user/syscall_defs.h ++++ qemu-3.0.0/linux-user/syscall_defs.h +@@ -203,16 +203,34 @@ struct target_ip_mreq_source { + uint32_t imr_sourceaddr; + }; + ++#if defined(TARGET_SPARC64) && !defined(TARGET_ABI32) ++struct target_timeval { ++ abi_long tv_sec; ++ abi_int tv_usec; ++}; ++#define target__kernel_sock_timeval target_timeval ++#else + struct target_timeval { + abi_long tv_sec; + abi_long tv_usec; + }; + ++struct target__kernel_sock_timeval { ++ abi_llong tv_sec; ++ abi_llong tv_usec; ++}; ++#endif ++ + struct target_timespec { + abi_long tv_sec; + abi_long tv_nsec; + }; + ++struct target__kernel_timespec { ++ abi_llong tv_sec; ++ abi_llong tv_nsec; ++}; ++ + struct target_timezone { + abi_int tz_minuteswest; + abi_int tz_dsttime; +@@ -738,8 +756,16 @@ struct target_pollfd { + #define TARGET_SIOCATMARK 0x8905 + #define TARGET_SIOCGPGRP 0x8904 + #endif +-#define TARGET_SIOCGSTAMP 0x8906 /* Get stamp (timeval) */ +-#define TARGET_SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */ ++#if defined(TARGET_SH4) ++#define TARGET_SIOCGSTAMP_OLD TARGET_IOR('s', 100, struct target_timeval) ++#define TARGET_SIOCGSTAMPNS_OLD TARGET_IOR('s', 101, struct target_timespec) ++#else ++#define TARGET_SIOCGSTAMP_OLD 0x8906 ++#define TARGET_SIOCGSTAMPNS_OLD 0x8907 ++#endif ++ ++#define TARGET_SIOCGSTAMP_NEW TARGET_IOR(0x89, 0x06, abi_llong[2]) ++#define TARGET_SIOCGSTAMPNS_NEW TARGET_IOR(0x89, 0x07, abi_llong[2]) + + /* Networking ioctls */ + #define TARGET_SIOCADDRT 0x890B /* add routing table entry */ +Index: qemu-3.0.0/linux-user/syscall_types.h +=================================================================== +--- qemu-3.0.0.orig/linux-user/syscall_types.h ++++ qemu-3.0.0/linux-user/syscall_types.h +@@ -14,12 +14,6 @@ STRUCT(serial_icounter_struct, + STRUCT(sockaddr, + TYPE_SHORT, MK_ARRAY(TYPE_CHAR, 14)) + +-STRUCT(timeval, +- MK_ARRAY(TYPE_LONG, 2)) +- +-STRUCT(timespec, +- MK_ARRAY(TYPE_LONG, 2)) +- + STRUCT(rtentry, + TYPE_ULONG, MK_STRUCT(STRUCT_sockaddr), MK_STRUCT(STRUCT_sockaddr), MK_STRUCT(STRUCT_sockaddr), + TYPE_SHORT, TYPE_SHORT, TYPE_ULONG, TYPE_PTRVOID, TYPE_SHORT, TYPE_PTRVOID, diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch index 7e1e442a..81607c95 100644 --- a/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch +++ b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch @@ -19,7 +19,7 @@ Signed-off-by: Jason Wang <jasowang@redhat.com> Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff ;h=fdc89e90fac40c5ca2686733df17b6423fb8d8fb#patch1] -CVE: CVE-2018-10839 +CVE: CVE-2018-10839 CVE-2018-17958 Signed-off-by: Changqing Li <changqing.li@windriver.com> --- diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch deleted file mode 100644 index af40ff27..00000000 --- a/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 06e88ca78d056ea4de885e3a1496805179dc47bc Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Mon, 15 Oct 2018 16:33:04 +0800 -Subject: [PATCH] ne2000: fix possible out of bound access in ne2000_receive - -In ne2000_receive(), we try to assign size_ to size which converts -from size_t to integer. This will cause troubles when size_ is greater -INT_MAX, this will lead a negative value in size and it can then pass -the check of size < MIN_BUF_SIZE which may lead out of bound access of -for both buf and buf1. - -Fixing by converting the type of size to size_t. - -CC: address@hidden -Reported-by: Daniel Shapira <address@hidden> -Reviewed-by: Michael S. Tsirkin <address@hidden> -Signed-off-by: Jason Wang <address@hidden> - -Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html] - -CVE: CVE-2018-17958 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - hw/net/ne2000.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c -index 07d79e3..869518e 100644 ---- a/hw/net/ne2000.c -+++ b/hw/net/ne2000.c -@@ -174,7 +174,7 @@ static int ne2000_buffer_full(NE2000State *s) - ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_) - { - NE2000State *s = qemu_get_nic_opaque(nc); -- int size = size_; -+ size_t size = size_; - uint8_t *p; - unsigned int total_len, next, avail, len, index, mcast_idx; - uint8_t buf1[60]; -@@ -182,7 +182,7 @@ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_) - { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; - - #if defined(DEBUG_NE2000) -- printf("NE2000: received len=%d\n", size); -+ printf("NE2000: received len=%zu\n", size); - #endif - - if (s->cmd & E8390_STOP || ne2000_buffer_full(s)) --- -2.7.4 - diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-18954.patch b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-18954.patch new file mode 100644 index 00000000..9fe13645 --- /dev/null +++ b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-18954.patch @@ -0,0 +1,50 @@ +From 3c9fd43da473a324f6cc7a0d3db58f651a2d262c Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Fri, 26 Oct 2018 18:03:58 +0530 +Subject: [PATCH] ppc/pnv: check size before data buffer access +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +While performing PowerNV memory r/w operations, the access length +'sz' could exceed the data[4] buffer size. Add check to avoid OOB +access. + +Reported-by: Moguofang <moguofang@huawei.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Reviewed-by: Cédric Le Goater <clg@kaod.org> +Signed-off-by: David Gibson <david@gibson.dropbear.id.au> + +CVE: CVE-2018-18954 +Upstream-Status: Backport +[https://git.qemu.org/?p=qemu.git;a=commit;h=d07945e78eb6b593cd17a4640c1fc9eb35e3245d] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + hw/ppc/pnv_lpc.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/hw/ppc/pnv_lpc.c b/hw/ppc/pnv_lpc.c +index d7721320a2..172a915cfc 100644 +--- a/hw/ppc/pnv_lpc.c ++++ b/hw/ppc/pnv_lpc.c +@@ -155,9 +155,15 @@ static void pnv_lpc_do_eccb(PnvLpcController *lpc, uint64_t cmd) + /* XXX Check for magic bits at the top, addr size etc... */ + unsigned int sz = (cmd & ECCB_CTL_SZ_MASK) >> ECCB_CTL_SZ_LSH; + uint32_t opb_addr = cmd & ECCB_CTL_ADDR_MASK; +- uint8_t data[4]; ++ uint8_t data[8]; + bool success; + ++ if (sz > sizeof(data)) { ++ qemu_log_mask(LOG_GUEST_ERROR, ++ "ECCB: invalid operation at @0x%08x size %d\n", opb_addr, sz); ++ return; ++ } ++ + if (cmd & ECCB_CTL_READ) { + success = opb_read(lpc, opb_addr, data, sz); + if (success) { +-- +2.22.0.vfs.1.1.57.gbaf16c8 + diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch new file mode 100644 index 00000000..0e11ad28 --- /dev/null +++ b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch @@ -0,0 +1,39 @@ +From b664d9d003d1a98642dcfb8e6fceef6dbf3d52d8 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Tue, 8 Jan 2019 11:23:01 +0100 +Subject: [PATCH] i2c-ddc: fix oob read +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Suggested-by: Michael Hanselmann <public@hansmi.ch> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Reviewed-by: Michael Hanselmann <public@hansmi.ch> +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> +Message-id: 20190108102301.1957-1-kraxel@redhat.com + +CVE: CVE-2019-3812 +Upstream-Status: Backport +[https://git.qemu.org/?p=qemu.git;a=commit;h=b05b267840515730dbf6753495d5b7bd8b04ad1c] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + hw/i2c/i2c-ddc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c +index bec0c91e2d..89e659288e 100644 +--- a/hw/i2c/i2c-ddc.c ++++ b/hw/i2c/i2c-ddc.c +@@ -247,7 +247,7 @@ static int i2c_ddc_rx(I2CSlave *i2c) + I2CDDCState *s = I2CDDC(i2c); + + int value; +- value = s->edid_blob[s->reg]; ++ value = s->edid_blob[s->reg % sizeof(s->edid_blob)]; + s->reg++; + return value; + } +-- +2.22.0.vfs.1.1.57.gbaf16c8 + diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-6778.patch b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-6778.patch new file mode 100644 index 00000000..5b145960 --- /dev/null +++ b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-6778.patch @@ -0,0 +1,41 @@ +From b6c0fa3b435375918714e107b22de2ef13a41c26 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Sun, 13 Jan 2019 23:29:48 +0530 +Subject: [PATCH] slirp: check data length while emulating ident function + +While emulating identification protocol, tcp_emu() does not check +available space in the 'sc_rcv->sb_data' buffer. It could lead to +heap buffer overflow issue. Add check to avoid it. + +Reported-by: Kira <864786842@qq.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> + +CVE: CVE-2019-6778 +Upstream-Status: Backport +[https://git.qemu.org/?p=qemu.git;a=commit;h=a7104eda7dab99d0cdbd3595c211864cba415905] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + slirp/tcp_subr.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c +index 8d0f94b75f..7277aadfdf 100644 +--- a/slirp/tcp_subr.c ++++ b/slirp/tcp_subr.c +@@ -640,6 +640,11 @@ tcp_emu(struct socket *so, struct mbuf *m) + socklen_t addrlen = sizeof(struct sockaddr_in); + struct sbuf *so_rcv = &so->so_rcv; + ++ if (m->m_len > so_rcv->sb_datalen ++ - (so_rcv->sb_wptr - so_rcv->sb_data)) { ++ return 1; ++ } ++ + memcpy(so_rcv->sb_wptr, m->m_data, m->m_len); + so_rcv->sb_wptr += m->m_len; + so_rcv->sb_rptr += m->m_len; +-- +2.22.0.vfs.1.1.57.gbaf16c8 + diff --git a/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch new file mode 100644 index 00000000..db3201c5 --- /dev/null +++ b/external/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch @@ -0,0 +1,215 @@ +From 13e153f01b4f2a3e199202b34a247d83c176f21a Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Mon, 18 Feb 2019 23:43:49 +0530 +Subject: [PATCH] ppc: add host-serial and host-model machine attributes + (CVE-2019-8934) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On ppc hosts, hypervisor shares following system attributes + + - /proc/device-tree/system-id + - /proc/device-tree/model + +with a guest. This could lead to information leakage and misuse.[*] +Add machine attributes to control such system information exposure +to a guest. + +[*] https://wiki.openstack.org/wiki/OSSN/OSSN-0028 + +Reported-by: Daniel P. Berrangé <berrange@redhat.com> +Fix-suggested-by: Daniel P. Berrangé <berrange@redhat.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-Id: <20190218181349.23885-1-ppandit@redhat.com> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> +Reviewed-by: Greg Kurz <groug@kaod.org> +Signed-off-by: David Gibson <david@gibson.dropbear.id.au> + +CVE: CVE-2019-8934 +Upstream-Status: Backport +[https://github.com/qemu/qemu/commit/27461d69a0f108dea756419251acc3ea65198f1b] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + hw/ppc/spapr.c | 128 ++++++++++++++++++++++++++++++++++++++--- + include/hw/ppc/spapr.h | 2 + + 2 files changed, 123 insertions(+), 7 deletions(-) + +diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c +index 421b2dd09b..069d678ee0 100644 +--- a/hw/ppc/spapr.c ++++ b/hw/ppc/spapr.c +@@ -1266,13 +1266,30 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr, + * Add info to guest to indentify which host is it being run on + * and what is the uuid of the guest + */ +- if (kvmppc_get_host_model(&buf)) { +- _FDT(fdt_setprop_string(fdt, 0, "host-model", buf)); +- g_free(buf); ++ if (spapr->host_model && !g_str_equal(spapr->host_model, "none")) { ++ if (g_str_equal(spapr->host_model, "passthrough")) { ++ /* -M host-model=passthrough */ ++ if (kvmppc_get_host_model(&buf)) { ++ _FDT(fdt_setprop_string(fdt, 0, "host-model", buf)); ++ g_free(buf); ++ } ++ } else { ++ /* -M host-model=<user-string> */ ++ _FDT(fdt_setprop_string(fdt, 0, "host-model", spapr->host_model)); ++ } + } +- if (kvmppc_get_host_serial(&buf)) { +- _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf)); +- g_free(buf); ++ ++ if (spapr->host_serial && !g_str_equal(spapr->host_serial, "none")) { ++ if (g_str_equal(spapr->host_serial, "passthrough")) { ++ /* -M host-serial=passthrough */ ++ if (kvmppc_get_host_serial(&buf)) { ++ _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf)); ++ g_free(buf); ++ } ++ } else { ++ /* -M host-serial=<user-string> */ ++ _FDT(fdt_setprop_string(fdt, 0, "host-serial", spapr->host_serial)); ++ } + } + + buf = qemu_uuid_unparse_strdup(&qemu_uuid); +@@ -3027,6 +3044,73 @@ static void spapr_set_vsmt(Object *obj, Visitor *v, const char *name, + visit_type_uint32(v, name, (uint32_t *)opaque, errp); + } + ++static char *spapr_get_ic_mode(Object *obj, Error **errp) ++{ ++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); ++ ++ if (spapr->irq == &spapr_irq_xics_legacy) { ++ return g_strdup("legacy"); ++ } else if (spapr->irq == &spapr_irq_xics) { ++ return g_strdup("xics"); ++ } else if (spapr->irq == &spapr_irq_xive) { ++ return g_strdup("xive"); ++ } else if (spapr->irq == &spapr_irq_dual) { ++ return g_strdup("dual"); ++ } ++ g_assert_not_reached(); ++} ++ ++static void spapr_set_ic_mode(Object *obj, const char *value, Error **errp) ++{ ++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); ++ ++ if (SPAPR_MACHINE_GET_CLASS(spapr)->legacy_irq_allocation) { ++ error_setg(errp, "This machine only uses the legacy XICS backend, don't pass ic-mode"); ++ return; ++ } ++ ++ /* The legacy IRQ backend can not be set */ ++ if (strcmp(value, "xics") == 0) { ++ spapr->irq = &spapr_irq_xics; ++ } else if (strcmp(value, "xive") == 0) { ++ spapr->irq = &spapr_irq_xive; ++ } else if (strcmp(value, "dual") == 0) { ++ spapr->irq = &spapr_irq_dual; ++ } else { ++ error_setg(errp, "Bad value for \"ic-mode\" property"); ++ } ++} ++ ++static char *spapr_get_host_model(Object *obj, Error **errp) ++{ ++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); ++ ++ return g_strdup(spapr->host_model); ++} ++ ++static void spapr_set_host_model(Object *obj, const char *value, Error **errp) ++{ ++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); ++ ++ g_free(spapr->host_model); ++ spapr->host_model = g_strdup(value); ++} ++ ++static char *spapr_get_host_serial(Object *obj, Error **errp) ++{ ++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); ++ ++ return g_strdup(spapr->host_serial); ++} ++ ++static void spapr_set_host_serial(Object *obj, const char *value, Error **errp) ++{ ++ sPAPRMachineState *spapr = SPAPR_MACHINE(obj); ++ ++ g_free(spapr->host_serial); ++ spapr->host_serial = g_strdup(value); ++} ++ + static void spapr_instance_init(Object *obj) + { + sPAPRMachineState *spapr = SPAPR_MACHINE(obj); +@@ -3063,6 +3147,25 @@ static void spapr_instance_init(Object *obj) + " the host's SMT mode", &error_abort); + object_property_add_bool(obj, "vfio-no-msix-emulation", + spapr_get_msix_emulation, NULL, NULL); ++ ++ /* The machine class defines the default interrupt controller mode */ ++ spapr->irq = smc->irq; ++ object_property_add_str(obj, "ic-mode", spapr_get_ic_mode, ++ spapr_set_ic_mode, NULL); ++ object_property_set_description(obj, "ic-mode", ++ "Specifies the interrupt controller mode (xics, xive, dual)", ++ NULL); ++ ++ object_property_add_str(obj, "host-model", ++ spapr_get_host_model, spapr_set_host_model, ++ &error_abort); ++ object_property_set_description(obj, "host-model", ++ "Set host's model-id to use - none|passthrough|string", &error_abort); ++ object_property_add_str(obj, "host-serial", ++ spapr_get_host_serial, spapr_set_host_serial, ++ &error_abort); ++ object_property_set_description(obj, "host-serial", ++ "Set host's system-id to use - none|passthrough|string", &error_abort); + } + + static void spapr_machine_finalizefn(Object *obj) +@@ -4067,7 +4170,18 @@ static void spapr_machine_3_0_instance_options(MachineState *machine) + + static void spapr_machine_3_0_class_options(MachineClass *mc) + { +- /* Defaults for the latest behaviour inherited from the base class */ ++ sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc); ++ static GlobalProperty compat[] = { ++ { TYPE_SPAPR_MACHINE, "host-model", "passthrough" }, ++ { TYPE_SPAPR_MACHINE, "host-serial", "passthrough" }, ++ }; ++ ++ spapr_machine_4_0_class_options(mc); ++ compat_props_add(mc->compat_props, hw_compat_3_1, hw_compat_3_1_len); ++ compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat)); ++ ++ mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0"); ++ smc->update_dt_enabled = false; + } + + DEFINE_SPAPR_MACHINE(3_0, "3.0", true); +diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h +index 7e5de1a6fd..4c69a55374 100644 +--- a/include/hw/ppc/spapr.h ++++ b/include/hw/ppc/spapr.h +@@ -165,6 +165,8 @@ struct sPAPRMachineState { + + /*< public >*/ + char *kvm_type; ++ char *host_model; ++ char *host_serial; + + const char *icp_type; + +-- +2.22.0.vfs.1.1.57.gbaf16c8 + |