diff options
Diffstat (limited to 'poky/meta/recipes-devtools/qemu')
29 files changed, 220 insertions, 727 deletions
diff --git a/poky/meta/recipes-devtools/qemu/qemu-native.inc b/poky/meta/recipes-devtools/qemu/qemu-native.inc index aa5c9b9a7..54e49d8bc 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-native.inc +++ b/poky/meta/recipes-devtools/qemu/qemu-native.inc @@ -1,7 +1,7 @@ -inherit native - require qemu.inc +inherit native + EXTRA_OEMAKE_append = " LD='${LD}' AR='${AR}' OBJCOPY='${OBJCOPY}' LDFLAGS='${LDFLAGS}'" LDFLAGS_append = " -fuse-ld=bfd" diff --git a/poky/meta/recipes-devtools/qemu/qemu-native_5.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb index c8acff8e1..c8acff8e1 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-native_5.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb index 222b55cbc..222b55cbc 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-system-native_5.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 274c855d3..cb854914b 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -6,7 +6,7 @@ a variety of guest operating systems" HOMEPAGE = "http://qemu.org" LICENSE = "GPLv2 & LGPLv2.1" -RDEPENDS_${PN}-ptest = "bash make" +RDEPENDS_${PN}-ptest = "bash" require qemu-targets.inc inherit pkgconfig ptest @@ -18,27 +18,24 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://powerpc_rom.bin \ file://run-ptest \ file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \ - file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \ file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ file://0004-qemu-disable-Valgrind.patch \ - file://0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \ file://0006-chardev-connect-socket-to-a-spawned-command.patch \ file://0007-apic-fixup-fallthrough-to-PIC.patch \ - file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ - file://0009-Fix-webkitgtk-builds.patch \ file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ file://0001-Add-enable-disable-udev.patch \ file://0001-qemu-Do-not-include-file-if-not-exists.patch \ - file://find_datadir.patch \ - file://usb-fix-setup_len-init.patch \ - file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \ - file://CVE-2020-24352.patch \ - file://CVE-2020-29129-CVE-2020-29130.patch \ - file://CVE-2020-25624.patch \ + file://mingwfix.patch \ + file://mmap.patch \ + file://mmap2.patch \ + file://0001-tests-meson.build-use-relative-path-to-refer-to-file.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI[sha256sum] = "c9174eb5933d9eb5e61f541cd6d1184cd3118dfe4c5c4955bc1bdc4d390fa4e5" +SRC_URI[sha256sum] = "cb18d889b628fbe637672b0326789d9b0e3b8027e0445b936537c78549df17bc" + +SRC_URI_append_class-target = " file://cross.patch" +SRC_URI_append_class-nativesdk = " file://cross.patch" COMPATIBLE_HOST_mipsarchn32 = "null" COMPATIBLE_HOST_mipsarchn64 = "null" @@ -52,18 +49,11 @@ do_install_append() { if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi } -do_compile_ptest() { - make buildtest-TESTS -} - do_install_ptest() { cp -rL ${B}/tests ${D}${PTEST_PATH} - find ${D}${PTEST_PATH}/tests -type f -name "*.[Sshcod]" | xargs -i rm -rf {} + find ${D}${PTEST_PATH}/tests -type f -name "*.[Sshcodp]" | xargs -i rm -rf {} - cp ${S}/tests/Makefile.include ${D}${PTEST_PATH}/tests # Don't check the file genreated by configure - sed -i -e '/wildcard config-host.mak/d' \ - -e '$ {/endif/d}' ${D}${PTEST_PATH}/tests/Makefile.include sed -i -e 's,${HOSTTOOLS_DIR}/python3,${bindir}/python3,' \ ${D}/${PTEST_PATH}/tests/qemu-iotests/common.env sed -i -e "1s,#!/usr/bin/bash,#!${base_bindir}/bash," ${D}${PTEST_PATH}/tests/data/acpi/disassemle-aml.sh @@ -83,13 +73,14 @@ EXTRA_OECONF = " \ --sysconfdir=${sysconfdir} \ --libexecdir=${libexecdir} \ --localstatedir=${localstatedir} \ - --with-confsuffix=/${BPN} \ + --with-suffix=${BPN} \ --disable-strip \ --disable-werror \ --extra-cflags='${CFLAGS}' \ --extra-ldflags='${LDFLAGS}' \ --with-git=/bin/false \ --disable-git-update \ + --meson=meson \ ${PACKAGECONFIG_CONFARGS} \ " @@ -97,7 +88,7 @@ export LIBTOOL="${HOST_SYS}-libtool" B = "${WORKDIR}/build" -EXTRA_OECONF_append = " --python=${HOSTTOOLS_DIR}/python3" +#EXTRA_OECONF_append = " --python=${HOSTTOOLS_DIR}/python3" do_configure_prepend_class-native() { # Append build host pkg-config paths for native target since the host may provide sdl @@ -188,6 +179,7 @@ PACKAGECONFIG[rbd] = "--enable-rbd,--disable-rbd,ceph,ceph" PACKAGECONFIG[vhost] = "--enable-vhost-net,--disable-vhost-net,," PACKAGECONFIG[ust] = "--enable-trace-backend=ust,--enable-trace-backend=nop,lttng-ust," PACKAGECONFIG[pie] = "--enable-pie,--disable-pie,," +PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp" INSANE_SKIP_${PN} = "arch" diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch index 1304ee3bf..c99adee8a 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch @@ -12,11 +12,11 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> configure | 4 ++++ 1 file changed, 4 insertions(+) -Index: qemu-5.1.0/configure +Index: qemu-5.2.0/configure =================================================================== ---- qemu-5.1.0.orig/configure -+++ qemu-5.1.0/configure -@@ -1640,6 +1640,10 @@ for opt do +--- qemu-5.2.0.orig/configure ++++ qemu-5.2.0/configure +@@ -1525,6 +1525,10 @@ for opt do ;; --disable-libdaxctl) libdaxctl=no ;; diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch index 46c9da08a..8ce12bdb4 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch @@ -20,11 +20,11 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 93 insertions(+), 1 deletion(-) -Index: qemu-5.1.0/hw/usb/dev-wacom.c +Index: qemu-5.2.0/hw/usb/dev-wacom.c =================================================================== ---- qemu-5.1.0.orig/hw/usb/dev-wacom.c -+++ qemu-5.1.0/hw/usb/dev-wacom.c -@@ -74,6 +74,89 @@ static const USBDescStrings desc_strings +--- qemu-5.2.0.orig/hw/usb/dev-wacom.c ++++ qemu-5.2.0/hw/usb/dev-wacom.c +@@ -69,6 +69,89 @@ static const USBDescStrings desc_strings [STR_SERIALNUMBER] = "1", }; @@ -114,16 +114,16 @@ Index: qemu-5.1.0/hw/usb/dev-wacom.c static const USBDescIface desc_iface_wacom = { .bInterfaceNumber = 0, .bNumEndpoints = 1, -@@ -91,7 +174,7 @@ static const USBDescIface desc_iface_wac +@@ -86,7 +169,7 @@ static const USBDescIface desc_iface_wac 0x00, /* u8 country_code */ 0x01, /* u8 num_descriptors */ - 0x22, /* u8 type: Report */ + USB_DT_REPORT, /* u8 type: Report */ - 0x6e, 0, /* u16 len */ -+ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ ++ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ }, }, }, -@@ -271,6 +354,15 @@ static void usb_wacom_handle_control(USB +@@ -266,6 +349,15 @@ static void usb_wacom_handle_control(USB } switch (request) { diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch index d6c0f9ebe..3fe9aa6eb 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch @@ -15,10 +15,10 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> linux-user/syscall.c | 2 ++ 1 file changed, 2 insertions(+) -Index: qemu-5.1.0/linux-user/syscall.c +Index: qemu-5.2.0/linux-user/syscall.c =================================================================== ---- qemu-5.1.0.orig/linux-user/syscall.c -+++ qemu-5.1.0/linux-user/syscall.c +--- qemu-5.2.0.orig/linux-user/syscall.c ++++ qemu-5.2.0/linux-user/syscall.c @@ -109,7 +109,9 @@ #include <linux/blkpg.h> #include <netpacket/packet.h> @@ -28,4 +28,4 @@ Index: qemu-5.1.0/linux-user/syscall.c +#endif #include <linux/rtc.h> #include <sound/asound.h> - #ifdef HAVE_DRM_H + #ifdef CONFIG_BTRFS diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch deleted file mode 100644 index 5227b7cbd..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 68fa519a6cb455005317bd61f95214b58b2f1e69 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org> -Date: Fri, 16 Oct 2020 15:20:37 +0200 -Subject: [PATCH] target/mips: Increase number of TLB entries on the 34Kf core - (16 -> 64) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Per "MIPS32 34K Processor Core Family Software User's Manual, -Revision 01.13" page 8 in "Joint TLB (JTLB)" section: - - "The JTLB is a fully associative TLB cache containing 16, 32, - or 64-dual-entries mapping up to 128 virtual pages to their - corresponding physical addresses." - -There is no particular reason to restrict the 34Kf core model to -16 TLB entries, so raise its config to 64. - -This is helpful for other projects, in particular the Yocto Project: - - Yocto Project uses qemu-system-mips 34Kf cpu model, to run 32bit - MIPS CI loop. It was observed that in this case CI test execution - time was almost twice longer than 64bit MIPS variant that runs - under MIPS64R2-generic model. It was investigated and concluded - that the difference in number of TLBs 16 in 34Kf case vs 64 in - MIPS64R2-generic is responsible for most of CI real time execution - difference. Because with 16 TLBs linux user-land trashes TLB more - and it needs to execute more instructions in TLB refill handler - calls, as result it runs much longer. - -(https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03428.html) - -Buglink: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13992 -Reported-by: Victor Kamensky <kamensky@cisco.com> -Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -Reviewed-by: Richard Henderson <richard.henderson@linaro.org> -Message-Id: <20201016133317.553068-1-f4bug@amsat.org> - -Upstream-Status: Backport [https://github.com/qemu/qemu/commit/68fa519a6cb455005317bd61f95214b58b2f1e69] -Signed-off-by: Victor Kamensky <kamensky@cisco.com> - ---- - target/mips/translate_init.c.inc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: qemu-5.1.0/target/mips/translate_init.inc.c -=================================================================== ---- qemu-5.1.0.orig/target/mips/translate_init.inc.c -+++ qemu-5.1.0/target/mips/translate_init.inc.c -@@ -254,7 +254,7 @@ const mips_def_t mips_defs[] = - .CP0_PRid = 0x00019500, - .CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) | - (MMU_TYPE_R4000 << CP0C0_MT), -- .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (15 << CP0C1_MMU) | -+ .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (63 << CP0C1_MMU) | - (0 << CP0C1_IS) | (3 << CP0C1_IL) | (1 << CP0C1_IA) | - (0 << CP0C1_DS) | (3 << CP0C1_DL) | (1 << CP0C1_DA) | - (1 << CP0C1_CA), diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-tests-meson.build-use-relative-path-to-refer-to-file.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-tests-meson.build-use-relative-path-to-refer-to-file.patch new file mode 100644 index 000000000..5cb5757c3 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/0001-tests-meson.build-use-relative-path-to-refer-to-file.patch @@ -0,0 +1,34 @@ +From a4bdc0416134477e4eae386db04b1de7491163bb Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 14 Jan 2021 06:33:04 +0000 +Subject: [PATCH] tests/meson.build: use relative path to refer to files + +Fix error like: +Fatal error: can't create tests/ptimer-test.p/..._qemu-5.2.0_hw_core_ptimer.c.o: File name too long + +when build path is too long, use meson.source_root() will make this +filename too long. Fixed by using relative path to refer to files + +Upstream-Status: Submitted [send to qemu-devel] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + tests/meson.build | 2 +- + 1 files changed, 1 insertions(+), 1 deletion(-) + +diff --git a/tests/meson.build b/tests/meson.build +index afeb6be..54684b5 100644 +--- a/tests/meson.build ++++ b/tests/meson.build +@@ -113,7 +113,7 @@ tests = { + 'test-keyval': [testqapi], + 'test-logging': [], + 'test-uuid': [], +- 'ptimer-test': ['ptimer-test-stubs.c', meson.source_root() / 'hw/core/ptimer.c'], ++ 'ptimer-test': ['ptimer-test-stubs.c', '../hw/core/ptimer.c'], + 'test-qapi-util': [], + } + +-- +2.29.2 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/poky/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch deleted file mode 100644 index f379948f1..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5da6cef7761157a003e7ebde74fb3cf90ab396d9 Mon Sep 17 00:00:00 2001 -From: Juro Bystricky <juro.bystricky@intel.com> -Date: Thu, 31 Aug 2017 11:06:56 -0700 -Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for - qemu. - -Upstream-Status: Pending - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> - -[update patch context] -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - tests/Makefile.include | 8 ++++++++ - 1 file changed, 8 insertions(+) - -Index: qemu-5.1.0/tests/Makefile.include -=================================================================== ---- qemu-5.1.0.orig/tests/Makefile.include -+++ qemu-5.1.0/tests/Makefile.include -@@ -982,4 +982,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) - -include $(wildcard tests/qtest/*.d) - -include $(wildcard tests/qtest/libqos/*.d) - -+buildtest-TESTS: $(check-unit-y) -+ -+runtest-TESTS: -+ for f in $(check-unit-y); do \ -+ nf=$$(echo $$f | sed 's/tests\//\.\//g'); \ -+ $$nf; \ -+ done -+ - endif diff --git a/poky/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/poky/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch index 33cef4221..fd54f96b0 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch @@ -18,11 +18,11 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com> hw/mips/malta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: qemu-5.1.0/hw/mips/malta.c +Index: qemu-5.2.0/hw/mips/malta.c =================================================================== ---- qemu-5.1.0.orig/hw/mips/malta.c -+++ qemu-5.1.0/hw/mips/malta.c -@@ -59,7 +59,7 @@ +--- qemu-5.2.0.orig/hw/mips/malta.c ++++ qemu-5.2.0/hw/mips/malta.c +@@ -62,7 +62,7 @@ #define ENVP_ADDR 0x80002000l #define ENVP_NB_ENTRIES 16 diff --git a/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch index 71f537f9b..a0bd1c5eb 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch @@ -12,11 +12,11 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> configure | 9 --------- 1 file changed, 9 deletions(-) -Index: qemu-5.1.0/configure +Index: qemu-5.2.0/configure =================================================================== ---- qemu-5.1.0.orig/configure -+++ qemu-5.1.0/configure -@@ -5751,15 +5751,6 @@ fi +--- qemu-5.2.0.orig/configure ++++ qemu-5.2.0/configure +@@ -5001,15 +5001,6 @@ fi # check if we have valgrind/valgrind.h valgrind_h=no diff --git a/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch deleted file mode 100644 index 02ebbee1a..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 230fe5804099bdca0c9e4cae7280c9fc513cb7f5 Mon Sep 17 00:00:00 2001 -From: Stephen Arnold <sarnold@vctlabs.com> -Date: Sun, 12 Jun 2016 18:09:56 -0700 -Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment - -Upstream-Status: Pending - -[update patch context] -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - configure | 4 ---- - 1 file changed, 4 deletions(-) - -Index: qemu-5.1.0/configure -=================================================================== ---- qemu-5.1.0.orig/configure -+++ qemu-5.1.0/configure -@@ -6515,10 +6515,6 @@ write_c_skeleton - if test "$gcov" = "yes" ; then - QEMU_CFLAGS="-fprofile-arcs -ftest-coverage -g $QEMU_CFLAGS" - QEMU_LDFLAGS="-fprofile-arcs -ftest-coverage $QEMU_LDFLAGS" --elif test "$fortify_source" = "yes" ; then -- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" --elif test "$debug" = "no"; then -- CFLAGS="-O2 $CFLAGS" - fi - - if test "$have_asan" = "yes"; then diff --git a/poky/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch b/poky/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch index 98fd5e913..201125c1f 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch @@ -51,11 +51,11 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> qapi/char.json | 5 +++ 3 files changed, 109 insertions(+) -Index: qemu-5.1.0/chardev/char-socket.c +Index: qemu-5.2.0/chardev/char-socket.c =================================================================== ---- qemu-5.1.0.orig/chardev/char-socket.c -+++ qemu-5.1.0/chardev/char-socket.c -@@ -1292,6 +1292,67 @@ static bool qmp_chardev_validate_socket( +--- qemu-5.2.0.orig/chardev/char-socket.c ++++ qemu-5.2.0/chardev/char-socket.c +@@ -1308,6 +1308,67 @@ static bool qmp_chardev_validate_socket( return true; } @@ -123,7 +123,7 @@ Index: qemu-5.1.0/chardev/char-socket.c static void qmp_chardev_open_socket(Chardev *chr, ChardevBackend *backend, -@@ -1300,6 +1361,9 @@ static void qmp_chardev_open_socket(Char +@@ -1316,6 +1377,9 @@ static void qmp_chardev_open_socket(Char { SocketChardev *s = SOCKET_CHARDEV(chr); ChardevSocket *sock = backend->u.socket.data; @@ -133,7 +133,7 @@ Index: qemu-5.1.0/chardev/char-socket.c bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; bool is_listen = sock->has_server ? sock->server : true; bool is_telnet = sock->has_telnet ? sock->telnet : false; -@@ -1365,6 +1429,14 @@ static void qmp_chardev_open_socket(Char +@@ -1381,6 +1445,14 @@ static void qmp_chardev_open_socket(Char update_disconnected_filename(s); @@ -148,15 +148,17 @@ Index: qemu-5.1.0/chardev/char-socket.c if (s->is_listen) { if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270, is_waitconnect, errp) < 0) { -@@ -1384,11 +1456,27 @@ static void qemu_chr_parse_socket(QemuOp +@@ -1400,6 +1472,9 @@ static void qemu_chr_parse_socket(QemuOp const char *host = qemu_opt_get(opts, "host"); const char *port = qemu_opt_get(opts, "port"); const char *fd = qemu_opt_get(opts, "fd"); +#ifndef _WIN32 + const char *cmd = qemu_opt_get(opts, "cmd"); +#endif + #ifdef CONFIG_LINUX bool tight = qemu_opt_get_bool(opts, "tight", true); bool abstract = qemu_opt_get_bool(opts, "abstract", false); +@@ -1407,6 +1482,20 @@ static void qemu_chr_parse_socket(QemuOp SocketAddressLegacy *addr; ChardevSocket *sock; @@ -173,19 +175,19 @@ Index: qemu-5.1.0/chardev/char-socket.c + } + } else +#endif ++ if ((!!path + !!fd + !!host) != 1) { error_setg(errp, "Exactly one of 'path', 'fd' or 'host' required"); -@@ -1431,12 +1519,24 @@ static void qemu_chr_parse_socket(QemuOp +@@ -1448,13 +1537,24 @@ static void qemu_chr_parse_socket(QemuOp + sock->tls_creds = g_strdup(qemu_opt_get(opts, "tls-creds")); sock->has_tls_authz = qemu_opt_get(opts, "tls-authz"); sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz")); - -- addr = g_new0(SocketAddressLegacy, 1); +#ifndef _WIN32 + sock->cmd = g_strdup(cmd); +#endif -+ -+ addr = g_new0(SocketAddressLegacy, 1); + + addr = g_new0(SocketAddressLegacy, 1); +#ifndef _WIN32 + if (path || cmd) { +#else @@ -199,14 +201,14 @@ Index: qemu-5.1.0/chardev/char-socket.c +#else q_unix->path = g_strdup(path); +#endif + #ifdef CONFIG_LINUX + q_unix->has_tight = true; q_unix->tight = tight; - q_unix->abstract = abstract; - } else if (host) { -Index: qemu-5.1.0/chardev/char.c +Index: qemu-5.2.0/chardev/char.c =================================================================== ---- qemu-5.1.0.orig/chardev/char.c -+++ qemu-5.1.0/chardev/char.c -@@ -826,6 +826,9 @@ QemuOptsList qemu_chardev_opts = { +--- qemu-5.2.0.orig/chardev/char.c ++++ qemu-5.2.0/chardev/char.c +@@ -839,6 +839,9 @@ QemuOptsList qemu_chardev_opts = { .name = "path", .type = QEMU_OPT_STRING, },{ @@ -216,10 +218,10 @@ Index: qemu-5.1.0/chardev/char.c .name = "host", .type = QEMU_OPT_STRING, },{ -Index: qemu-5.1.0/qapi/char.json +Index: qemu-5.2.0/qapi/char.json =================================================================== ---- qemu-5.1.0.orig/qapi/char.json -+++ qemu-5.1.0/qapi/char.json +--- qemu-5.2.0.orig/qapi/char.json ++++ qemu-5.2.0/qapi/char.json @@ -250,6 +250,10 @@ # # @addr: socket address to listen on (server=true) diff --git a/poky/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch b/poky/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch index 034ac5782..294cf5129 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch @@ -29,11 +29,11 @@ Signed-off-by: He Zhe <zhe.he@windriver.com> hw/intc/apic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: qemu-5.1.0/hw/intc/apic.c +Index: qemu-5.2.0/hw/intc/apic.c =================================================================== ---- qemu-5.1.0.orig/hw/intc/apic.c -+++ qemu-5.1.0/hw/intc/apic.c -@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *de +--- qemu-5.2.0.orig/hw/intc/apic.c ++++ qemu-5.2.0/hw/intc/apic.c +@@ -605,7 +605,7 @@ int apic_accept_pic_intr(DeviceState *de APICCommonState *s = APIC(dev); uint32_t lvt0; diff --git a/poky/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/poky/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch deleted file mode 100644 index d20f04ee5..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch +++ /dev/null @@ -1,33 +0,0 @@ -From cf8c9aac5243f506a1a3e8e284414f311cde04f5 Mon Sep 17 00:00:00 2001 -From: Alistair Francis <alistair.francis@xilinx.com> -Date: Wed, 17 Jan 2018 10:51:49 -0800 -Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target - -Since commit "linux-user: Tidy and enforce reserved_va initialization" -(18e80c55bb6ec17c05ec0ba717ec83933c2bfc07) the Yocto webkitgtk build -hangs when cross compiling for 32-bit x86 on a 64-bit x86 machine using -musl. - -To fix the issue reduce the MAX_RESERVED_VA macro to be a closer match -to what it was before the problematic commit. - -Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html -Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> - ---- - linux-user/main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: qemu-5.1.0/linux-user/main.c -=================================================================== ---- qemu-5.1.0.orig/linux-user/main.c -+++ qemu-5.1.0/linux-user/main.c -@@ -92,7 +92,7 @@ static int last_log_mask; - (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) - /* There are a number of places where we assign reserved_va to a variable - of type abi_ulong and expect it to fit. Avoid the last page. */ --# define MAX_RESERVED_VA(CPU) (0xfffffffful & TARGET_PAGE_MASK) -+# define MAX_RESERVED_VA(CPU) (0x7ffffffful & TARGET_PAGE_MASK) - # else - # define MAX_RESERVED_VA(CPU) (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - # endif diff --git a/poky/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch b/poky/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch deleted file mode 100644 index f2a44986b..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 815c97ba0de02da9dace3fcfcbdf9b20e029f0d7 Mon Sep 17 00:00:00 2001 -From: Martin Jansa <martin.jansa@lge.com> -Date: Fri, 1 Jun 2018 08:41:07 +0000 -Subject: [PATCH] Fix webkitgtk builds - -This is a partial revert of "linux-user: fix mmap/munmap/mprotect/mremap/shmat". - -This patch fixes qemu-i386 hangs during gobject-introspection in webkitgtk build -when musl is used on qemux86. This is the same issue that -0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch was -fixing in the 2.11 release. - -This patch also fixes a build failure when building webkitgtk for -qemumips. A QEMU assert is seen while building webkitgtk: -page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed. - -This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583. - -Upstream-Status: Pending -Signed-off-by: Alistair Francis <alistair.francis@wdc.com> - -[update patch context] -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - include/exec/cpu-all.h | 6 +----- - include/exec/cpu_ldst.h | 5 ++++- - linux-user/mmap.c | 17 ++++------------- - linux-user/syscall.c | 5 +---- - 4 files changed, 10 insertions(+), 23 deletions(-) - -Index: qemu-5.1.0/include/exec/cpu-all.h -=================================================================== ---- qemu-5.1.0.orig/include/exec/cpu-all.h -+++ qemu-5.1.0/include/exec/cpu-all.h -@@ -176,11 +176,8 @@ extern unsigned long reserved_va; - * avoid setting bits at the top of guest addresses that might need - * to be used for tags. - */ --#define GUEST_ADDR_MAX_ \ -- ((MIN_CONST(TARGET_VIRT_ADDR_SPACE_BITS, TARGET_ABI_BITS) <= 32) ? \ -- UINT32_MAX : ~0ul) --#define GUEST_ADDR_MAX (reserved_va ? reserved_va - 1 : GUEST_ADDR_MAX_) -- -+#define GUEST_ADDR_MAX (reserved_va ? reserved_va : \ -+ (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1) - #else - - #include "exec/hwaddr.h" -Index: qemu-5.1.0/include/exec/cpu_ldst.h -=================================================================== ---- qemu-5.1.0.orig/include/exec/cpu_ldst.h -+++ qemu-5.1.0/include/exec/cpu_ldst.h -@@ -75,7 +75,10 @@ typedef uint64_t abi_ptr; - #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS - #define guest_addr_valid(x) (1) - #else --#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX) -+#define guest_addr_valid(x) ({ \ -+ ((x) < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \ -+ (!reserved_va || ((x) < reserved_va)); \ -+}) - #endif - #define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base) - -Index: qemu-5.1.0/linux-user/mmap.c -=================================================================== ---- qemu-5.1.0.orig/linux-user/mmap.c -+++ qemu-5.1.0/linux-user/mmap.c -@@ -71,7 +71,7 @@ int target_mprotect(abi_ulong start, abi - return -TARGET_EINVAL; - len = TARGET_PAGE_ALIGN(len); - end = start + len; -- if (!guest_range_valid(start, len)) { -+ if (end < start) { - return -TARGET_ENOMEM; - } - prot &= PROT_READ | PROT_WRITE | PROT_EXEC; -@@ -467,8 +467,8 @@ abi_long target_mmap(abi_ulong start, ab - * It can fail only on 64-bit host with 32-bit target. - * On any other target/host host mmap() handles this error correctly. - */ -- if (end < start || !guest_range_valid(start, len)) { -- errno = ENOMEM; -+ if (end < start || ((unsigned long)start + len - 1 > (abi_ulong) -1)) { -+ errno = EINVAL; - goto fail; - } - -@@ -604,10 +604,8 @@ int target_munmap(abi_ulong start, abi_u - if (start & ~TARGET_PAGE_MASK) - return -TARGET_EINVAL; - len = TARGET_PAGE_ALIGN(len); -- if (len == 0 || !guest_range_valid(start, len)) { -+ if (len == 0) - return -TARGET_EINVAL; -- } -- - mmap_lock(); - end = start + len; - real_start = start & qemu_host_page_mask; -@@ -662,13 +660,6 @@ abi_long target_mremap(abi_ulong old_add - int prot; - void *host_addr; - -- if (!guest_range_valid(old_addr, old_size) || -- ((flags & MREMAP_FIXED) && -- !guest_range_valid(new_addr, new_size))) { -- errno = ENOMEM; -- return -1; -- } -- - mmap_lock(); - - if (flags & MREMAP_FIXED) { -Index: qemu-5.1.0/linux-user/syscall.c -=================================================================== ---- qemu-5.1.0.orig/linux-user/syscall.c -+++ qemu-5.1.0/linux-user/syscall.c -@@ -4336,9 +4336,6 @@ static inline abi_ulong do_shmat(CPUArch - return -TARGET_EINVAL; - } - } -- if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) { -- return -TARGET_EINVAL; -- } - - mmap_lock(); - -@@ -7376,7 +7373,7 @@ static int open_self_maps(void *cpu_env, - const char *path; - - max = h2g_valid(max - 1) ? -- max : (uintptr_t) g2h(GUEST_ADDR_MAX) + 1; -+ max : (uintptr_t) g2h(GUEST_ADDR_MAX); - - if (page_check_range(h2g(min), max - min, flags) == -1) { - continue; diff --git a/poky/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch b/poky/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch index d7e3fffdd..c5d206b91 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch +++ b/poky/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch @@ -14,11 +14,11 @@ Signed-off-by: He Zhe <zhe.he@windriver.com> configure | 48 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 8 deletions(-) -Index: qemu-5.1.0/configure +Index: qemu-5.2.0/configure =================================================================== ---- qemu-5.1.0.orig/configure -+++ qemu-5.1.0/configure -@@ -3084,6 +3084,30 @@ has_libgcrypt() { +--- qemu-5.2.0.orig/configure ++++ qemu-5.2.0/configure +@@ -2956,6 +2956,30 @@ has_libgcrypt() { return 0 } @@ -49,7 +49,7 @@ Index: qemu-5.1.0/configure if test "$nettle" != "no"; then pass="no" -@@ -3124,7 +3148,14 @@ fi +@@ -2994,7 +3018,14 @@ fi if test "$gcrypt" != "no"; then pass="no" @@ -65,7 +65,7 @@ Index: qemu-5.1.0/configure gcrypt_cflags=$(libgcrypt-config --cflags) gcrypt_libs=$(libgcrypt-config --libs) # Debian has removed -lgpg-error from libgcrypt-config -@@ -3134,15 +3165,16 @@ if test "$gcrypt" != "no"; then +@@ -3004,12 +3035,12 @@ if test "$gcrypt" != "no"; then then gcrypt_libs="$gcrypt_libs -lgpg-error" fi @@ -74,18 +74,11 @@ Index: qemu-5.1.0/configure - # Link test to make sure the given libraries work (e.g for static). - write_c_skeleton - if compile_prog "" "$gcrypt_libs" ; then -- LIBS="$gcrypt_libs $LIBS" -- QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags" -- pass="yes" -- fi + # Link test to make sure the given libraries work (e.g for static). + write_c_skeleton + if compile_prog "" "$gcrypt_libs" ; then -+ LIBS="$gcrypt_libs $LIBS" -+ QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags" -+ pass="yes" + pass="yes" +- fi fi -+ if test "$pass" = "yes"; then gcrypt="yes" - cat > $TMPC << EOF diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch deleted file mode 100644 index 861ff6c3b..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch +++ /dev/null @@ -1,52 +0,0 @@ -From ca1f9cbfdce4d63b10d57de80fef89a89d92a540 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Wed, 21 Oct 2020 16:08:18 +0530 -Subject: [PATCH 1/1] ati: check x y display parameter values - -The source and destination x,y display parameters in ati_2d_blt() -may run off the vga limits if either of s->regs.[src|dst]_[xy] is -zero. Check the parameter values to avoid potential crash. - -Reported-by: Gaoning Pan <pgn@zju.edu.cn> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Message-id: 20201021103818.1704030-1-ppandit@redhat.com -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> - -Upstream-Status: Backport [ https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ca1f9cbfdce4d63b10d57de80fef89a89d92a540;hp=2ddafce7f797082ad216657c830afd4546f16e37 ] -CVE: CVE-2020-24352 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> ---- - hw/display/ati_2d.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c -index 23a8ae0..4dc10ea 100644 ---- a/hw/display/ati_2d.c -+++ b/hw/display/ati_2d.c -@@ -75,8 +75,9 @@ void ati_2d_blt(ATIVGAState *s) - dst_stride *= bpp; - } - uint8_t *end = s->vga.vram_ptr + s->vga.vram_size; -- if (dst_bits >= end || dst_bits + dst_x + (dst_y + s->regs.dst_height) * -- dst_stride >= end) { -+ if (dst_x > 0x3fff || dst_y > 0x3fff || dst_bits >= end -+ || dst_bits + dst_x -+ + (dst_y + s->regs.dst_height) * dst_stride >= end) { - qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); - return; - } -@@ -107,8 +108,9 @@ void ati_2d_blt(ATIVGAState *s) - src_bits += s->regs.crtc_offset & 0x07ffffff; - src_stride *= bpp; - } -- if (src_bits >= end || src_bits + src_x + -- (src_y + s->regs.dst_height) * src_stride >= end) { -+ if (src_x > 0x3fff || src_y > 0x3fff || src_bits >= end -+ || src_bits + src_x -+ + (src_y + s->regs.dst_height) * src_stride >= end) { - qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); - return; - } --- -1.8.3.1 - diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch deleted file mode 100644 index 7631bab39..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-25624.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 1328fe0c32d5474604105b8105310e944976b058 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Tue, 15 Sep 2020 23:52:58 +0530 -Subject: [PATCH] hw: usb: hcd-ohci: check len and frame_number variables - -While servicing the OHCI transfer descriptors(TD), OHCI host -controller derives variables 'start_addr', 'end_addr', 'len' -etc. from values supplied by the host controller driver. -Host controller driver may supply values such that using -above variables leads to out-of-bounds access issues. -Add checks to avoid them. - -AddressSanitizer: stack-buffer-overflow on address 0x7ffd53af76a0 - READ of size 2 at 0x7ffd53af76a0 thread T0 - #0 ohci_service_iso_td ../hw/usb/hcd-ohci.c:734 - #1 ohci_service_ed_list ../hw/usb/hcd-ohci.c:1180 - #2 ohci_process_lists ../hw/usb/hcd-ohci.c:1214 - #3 ohci_frame_boundary ../hw/usb/hcd-ohci.c:1257 - #4 timerlist_run_timers ../util/qemu-timer.c:572 - #5 qemu_clock_run_timers ../util/qemu-timer.c:586 - #6 qemu_clock_run_all_timers ../util/qemu-timer.c:672 - #7 main_loop_wait ../util/main-loop.c:527 - #8 qemu_main_loop ../softmmu/vl.c:1676 - #9 main ../softmmu/main.c:50 - -Reported-by: Gaoning Pan <pgn@zju.edu.cn> -Reported-by: Yongkang Jia <j_kangel@163.com> -Reported-by: Yi Ren <yunye.ry@alibaba-inc.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Message-id: 20200915182259.68522-2-ppandit@redhat.com -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> - -Upstream-Status: Backport -CVE: CVE-2020-25624 -[https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058] -Signed-off-by: Li Wang <li.wang@windriver.com> ---- - hw/usb/hcd-ohci.c | 24 ++++++++++++++++++++++-- - 1 file changed, 22 insertions(+), 2 deletions(-) - -diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c -index 1e6e85e..9dc5910 100644 ---- a/hw/usb/hcd-ohci.c -+++ b/hw/usb/hcd-ohci.c -@@ -731,7 +731,11 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, - } - - start_offset = iso_td.offset[relative_frame_number]; -- next_offset = iso_td.offset[relative_frame_number + 1]; -+ if (relative_frame_number < frame_count) { -+ next_offset = iso_td.offset[relative_frame_number + 1]; -+ } else { -+ next_offset = iso_td.be; -+ } - - if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) || - ((relative_frame_number < frame_count) && -@@ -764,7 +768,12 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, - } - } else { - /* Last packet in the ISO TD */ -- end_addr = iso_td.be; -+ end_addr = next_offset; -+ } -+ -+ if (start_addr > end_addr) { -+ trace_usb_ohci_iso_td_bad_cc_overrun(start_addr, end_addr); -+ return 1; - } - - if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) { -@@ -773,6 +782,9 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, - } else { - len = end_addr - start_addr + 1; - } -+ if (len > sizeof(ohci->usb_buf)) { -+ len = sizeof(ohci->usb_buf); -+ } - - if (len && dir != OHCI_TD_DIR_IN) { - if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len, -@@ -975,8 +987,16 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) - if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) { - len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff); - } else { -+ if (td.cbp > td.be) { -+ trace_usb_ohci_iso_td_bad_cc_overrun(td.cbp, td.be); -+ ohci_die(ohci); -+ return 1; -+ } - len = (td.be - td.cbp) + 1; - } -+ if (len > sizeof(ohci->usb_buf)) { -+ len = sizeof(ohci->usb_buf); -+ } - - pktlen = len; - if (len && dir != OHCI_TD_DIR_IN) { --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch deleted file mode 100644 index e5829f6da..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Thu, 26 Nov 2020 19:27:06 +0530 -Subject: [PATCH] slirp: check pkt_len before reading protocol header -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input' -routines, ensure that pkt_len is large enough to accommodate the -respective protocol headers, lest it should do an OOB access. -Add check to avoid it. - -CVE-2020-29129 CVE-2020-29130 - QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets - -> https://www.openwall.com/lists/oss-security/2020/11/27/1 - -Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Message-Id: <20201126135706.273950-1-ppandit@redhat.com> -Reviewed-by: Marc-Andrà Lureau <marcandre.lureau@redhat.com> - -Upstream-Status: Backport -CVE: CVE-2020-29129 CVE-2020-29130 -[https://git.qemu.org/?p=libslirp.git;a=commit;h=2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f] -Signed-off-by: Li Wang <li.wang@windriver.com> ---- - slirp/src/ncsi.c | 4 ++++ - slirp/src/slirp.c | 4 ++++ - 2 files changed, 8 insertions(+) - -diff --git a/slirp/src/ncsi.c b/slirp/src/ncsi.c -index 3c1dfef..75dcc08 100644 ---- a/slirp/src/ncsi.c -+++ b/slirp/src/ncsi.c -@@ -148,6 +148,10 @@ void ncsi_input(Slirp *slirp, const uint8_t *pkt, int pkt_len) - uint32_t checksum; - uint32_t *pchecksum; - -+ if (pkt_len < ETH_HLEN + sizeof(struct ncsi_pkt_hdr)) { -+ return; /* packet too short */ -+ } -+ - memset(ncsi_reply, 0, sizeof(ncsi_reply)); - - memset(reh->h_dest, 0xff, ETH_ALEN); -diff --git a/slirp/src/slirp.c b/slirp/src/slirp.c -index dba7c98..9be58e2 100644 ---- a/slirp/src/slirp.c -+++ b/slirp/src/slirp.c -@@ -756,6 +756,10 @@ static void arp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len) - return; - } - -+ if (pkt_len < ETH_HLEN + sizeof(struct slirp_arphdr)) { -+ return; /* packet too short */ -+ } -+ - ar_op = ntohs(ah->ar_op); - switch (ar_op) { - case ARPOP_REQUEST: --- -2.17.1 - diff --git a/poky/meta/recipes-devtools/qemu/qemu/cross.patch b/poky/meta/recipes-devtools/qemu/qemu/cross.patch new file mode 100644 index 000000000..438c1ad08 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/cross.patch @@ -0,0 +1,30 @@ +We need to be able to trigger configure's cross code but we don't want +to set cross_prefix as it does other things we don't want. Patch things +so we can do what we need in the target config case. + +Upstream-Status: Inappropriate [may be rewritten in a way upstream may accept?] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + + +Index: qemu-5.2.0/configure +=================================================================== +--- qemu-5.2.0.orig/configure ++++ qemu-5.2.0/configure +@@ -6973,7 +6973,6 @@ if has $sdl2_config; then + fi + echo "strip = [$(meson_quote $strip)]" >> $cross + echo "windres = [$(meson_quote $windres)]" >> $cross +-if test -n "$cross_prefix"; then + cross_arg="--cross-file config-meson.cross" + echo "[host_machine]" >> $cross + if test "$mingw32" = "yes" ; then +@@ -6999,9 +6998,6 @@ if test -n "$cross_prefix"; then + else + echo "endian = 'little'" >> $cross + fi +-else +- cross_arg="--native-file config-meson.cross" +-fi + mv $cross config-meson.cross + + rm -rf meson-private meson-info meson-logs diff --git a/poky/meta/recipes-devtools/qemu/qemu/find_datadir.patch b/poky/meta/recipes-devtools/qemu/qemu/find_datadir.patch deleted file mode 100644 index 9a4c11267..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/find_datadir.patch +++ /dev/null @@ -1,39 +0,0 @@ -qemu: search for datadir as in version 4.2 - -os_find_datadir() was changed after the 4.2 release. We need to check for -../share/qemu relative to the executable because that is where the runqemu -configuration assumes it will be. - -Upstream-Status: Submitted [qemu-devel@nongnu.org] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - - -Index: qemu-5.1.0/os-posix.c -=================================================================== ---- qemu-5.1.0.orig/os-posix.c -+++ qemu-5.1.0/os-posix.c -@@ -82,8 +82,9 @@ void os_setup_signal_handling(void) - - /* - * Find a likely location for support files using the location of the binary. -+ * Typically, this would be "$bindir/../share/qemu". - * When running from the build tree this will be "$bindir/../pc-bios". -- * Otherwise, this is CONFIG_QEMU_DATADIR. -+ * Otherwise, this is CONFIG_QEMU_DATADIR as constructed by configure. - * - * The caller must use g_free() to free the returned data when it is - * no longer required. -@@ -96,6 +97,12 @@ char *os_find_datadir(void) - exec_dir = qemu_get_exec_dir(); - g_return_val_if_fail(exec_dir != NULL, NULL); - -+ dir = g_build_filename(exec_dir, "..", "share", "qemu", NULL); -+ if (g_file_test(dir, G_FILE_TEST_IS_DIR)) { -+ return g_steal_pointer(&dir); -+ } -+ g_free(dir); /* no autofree this time */ -+ - dir = g_build_filename(exec_dir, "..", "pc-bios", NULL); - if (g_file_test(dir, G_FILE_TEST_IS_DIR)) { - return g_steal_pointer(&dir); diff --git a/poky/meta/recipes-devtools/qemu/qemu/mingwfix.patch b/poky/meta/recipes-devtools/qemu/qemu/mingwfix.patch new file mode 100644 index 000000000..8d76cef63 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/mingwfix.patch @@ -0,0 +1,21 @@ +OE assumes that mingw files are in a unix like file layout. The +'flattening' done by configure in qemu for mingw32 breaks things +for us. We are discussing with upstream but for now, hack this to +disable it and use the unix like layout everywhere. + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg01073.html] + +Index: qemu-5.2.0/configure +=================================================================== +--- qemu-5.2.0.orig/configure ++++ qemu-5.2.0/configure +@@ -1541,7 +1541,7 @@ libdir="${libdir:-$prefix/lib}" + libexecdir="${libexecdir:-$prefix/libexec}" + includedir="${includedir:-$prefix/include}" + +-if test "$mingw32" = "yes" ; then ++if test "$mingw32" = "dontwantthis" ; then + mandir="$prefix" + datadir="$prefix" + docdir="$prefix" diff --git a/poky/meta/recipes-devtools/qemu/qemu/mmap.patch b/poky/meta/recipes-devtools/qemu/qemu/mmap.patch new file mode 100644 index 000000000..0f7d2ce04 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/mmap.patch @@ -0,0 +1,29 @@ +If mremap() is called without the MREMAP_MAYMOVE flag with a start address +just before the end of memory (reserved_va) where new_size would exceed +GUEST_ADD_MAX, the assert(end - 1 <= GUEST_ADDR_MAX) in page_set_flags() +would trigger. + +Add an extra guard to the guest_range_valid() checks to prevent this and +avoid asserting binaries when reserved_va is set. + +This meant a test case now gives the same behaviour regardless of whether +reserved_va is set or not. + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org + +Index: qemu-5.2.0/linux-user/mmap.c +=================================================================== +--- qemu-5.2.0.orig/linux-user/mmap.c ++++ qemu-5.2.0/linux-user/mmap.c +@@ -727,7 +727,9 @@ abi_long target_mremap(abi_ulong old_add + + if (!guest_range_valid(old_addr, old_size) || + ((flags & MREMAP_FIXED) && +- !guest_range_valid(new_addr, new_size))) { ++ !guest_range_valid(new_addr, new_size)) || ++ ((flags & MREMAP_MAYMOVE) == 0 && ++ !guest_range_valid(old_addr, new_size))) { + errno = ENOMEM; + return -1; + } diff --git a/poky/meta/recipes-devtools/qemu/qemu/mmap2.patch b/poky/meta/recipes-devtools/qemu/qemu/mmap2.patch new file mode 100644 index 000000000..9d4056593 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/mmap2.patch @@ -0,0 +1,26 @@ +When using qemu-i386 to build qemux86 webkitgtk on musl, it sits in an +infinite loop of mremap calls of ever decreasing/increasing addresses. + +I suspect something in the musl memory allocation code loops indefinitely +if it only sees ENOMEM and only exits when it hits EFAULT. + +According to the docs, trying to mremap outside the address space +can/should return EFAULT and changing this allows the build to succeed. +Whether this should be fixed in qemu and/or musl, not sure. + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org + +Index: qemu-5.2.0/linux-user/mmap.c +=================================================================== +--- qemu-5.2.0.orig/linux-user/mmap.c ++++ qemu-5.2.0/linux-user/mmap.c +@@ -727,7 +727,7 @@ abi_long target_mremap(abi_ulong old_add + !guest_range_valid(new_addr, new_size)) || + ((flags & MREMAP_MAYMOVE) == 0 && + !guest_range_valid(old_addr, new_size))) { +- errno = ENOMEM; ++ errno = EFAULT; + return -1; + } + diff --git a/poky/meta/recipes-devtools/qemu/qemu/run-ptest b/poky/meta/recipes-devtools/qemu/qemu/run-ptest index b25a792d4..f9a4e8fb2 100644 --- a/poky/meta/recipes-devtools/qemu/qemu/run-ptest +++ b/poky/meta/recipes-devtools/qemu/qemu/run-ptest @@ -7,4 +7,7 @@ ptestdir=$(dirname "$(readlink -f "$0")") export SRC_PATH=$ptestdir cd $ptestdir/tests -make -f Makefile.include -k runtest-TESTS | sed '/^ok /s/ok /PASS: /g' +tests=$(find . -name "test-*" ! -name "*.p") +for f in $tests; do + $f | sed '/^ok/ s/ok/PASS:/g' +done diff --git a/poky/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch b/poky/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch deleted file mode 100644 index 92801da46..000000000 --- a/poky/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch +++ /dev/null @@ -1,89 +0,0 @@ -CVE: CVE-2020-14364 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From b946434f2659a182afc17e155be6791ebfb302eb Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <kraxel@redhat.com> -Date: Tue, 25 Aug 2020 07:36:36 +0200 -Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364) - -Store calculated setup_len in a local variable, verify it, and only -write it to the struct (USBDevice->setup_len) in case it passed the -sanity checks. - -This prevents other code (do_token_{in,out} functions specifically) -from working with invalid USBDevice->setup_len values and overrunning -the USBDevice->setup_buf[] buffer. - -Fixes: CVE-2020-14364 -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> -Tested-by: Gonglei <arei.gonglei@huawei.com> -Reviewed-by: Li Qiang <liq3ea@gmail.com> -Message-id: 20200825053636.29648-1-kraxel@redhat.com ---- - hw/usb/core.c | 16 ++++++++++------ - 1 file changed, 10 insertions(+), 6 deletions(-) - -diff --git a/hw/usb/core.c b/hw/usb/core.c -index 5abd128b6bc..5234dcc73fe 100644 ---- a/hw/usb/core.c -+++ b/hw/usb/core.c -@@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream) - static void do_token_setup(USBDevice *s, USBPacket *p) - { - int request, value, index; -+ unsigned int setup_len; - - if (p->iov.size != 8) { - p->status = USB_RET_STALL; -@@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p) - usb_packet_copy(p, s->setup_buf, p->iov.size); - s->setup_index = 0; - p->actual_length = 0; -- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; -- if (s->setup_len > sizeof(s->data_buf)) { -+ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; -+ if (setup_len > sizeof(s->data_buf)) { - fprintf(stderr, - "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", -- s->setup_len, sizeof(s->data_buf)); -+ setup_len, sizeof(s->data_buf)); - p->status = USB_RET_STALL; - return; - } -+ s->setup_len = setup_len; - - request = (s->setup_buf[0] << 8) | s->setup_buf[1]; - value = (s->setup_buf[3] << 8) | s->setup_buf[2]; -@@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p) - static void do_parameter(USBDevice *s, USBPacket *p) - { - int i, request, value, index; -+ unsigned int setup_len; - - for (i = 0; i < 8; i++) { - s->setup_buf[i] = p->parameter >> (i*8); - } - - s->setup_state = SETUP_STATE_PARAM; -- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; - s->setup_index = 0; - - request = (s->setup_buf[0] << 8) | s->setup_buf[1]; - value = (s->setup_buf[3] << 8) | s->setup_buf[2]; - index = (s->setup_buf[5] << 8) | s->setup_buf[4]; - -- if (s->setup_len > sizeof(s->data_buf)) { -+ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; -+ if (setup_len > sizeof(s->data_buf)) { - fprintf(stderr, - "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", -- s->setup_len, sizeof(s->data_buf)); -+ setup_len, sizeof(s->data_buf)); - p->status = USB_RET_STALL; - return; - } -+ s->setup_len = setup_len; - - if (p->pid == USB_TOKEN_OUT) { - usb_packet_copy(p, s->data_buf, s->setup_len); diff --git a/poky/meta/recipes-devtools/qemu/qemu_5.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu_5.2.0.bb index 599ff82fc..7afa66e39 100644 --- a/poky/meta/recipes-devtools/qemu/qemu_5.1.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu_5.2.0.bb @@ -6,7 +6,7 @@ require qemu.inc # void (*_function)(sigval_t); COMPATIBLE_HOST_libc-musl = 'null' -DEPENDS = "glib-2.0 zlib pixman bison-native" +DEPENDS = "glib-2.0 zlib pixman bison-native ninja-native meson-native" RDEPENDS_${PN}_class-target += "bash" |