From d9a15a908f3fc807f0c5cd3473d28b6a16435127 Mon Sep 17 00:00:00 2001 From: "Jason M. Bills" Date: Thu, 9 Sep 2021 15:41:26 -0700 Subject: Update to internal 1.01-42 Signed-off-by: Jason M. Bills --- meta-openbmc-mods/conf/machine/include/intel.inc | 3 +- ...W-update-and-checkpoint-support-in-u-boot.patch | 2 +- ...e-Adjust-the-workings-of-fit_check_format.patch | 362 +++++ ...d-an-option-to-do-a-full-check-of-the-FIT.patch | 198 +++ ...01-image-Check-for-unit-addresses-in-FITs.patch | 106 ++ .../recipes-bsp/u-boot/u-boot-aspeed_%.bbappend | 16 +- ...check-threshold-10-seconds-after-power-on.patch | 62 + ...Temp-fix-use-weak_ptr-to-in-async-handler.patch | 209 +++ .../sensors/dbus-sensors_%.bbappend | 2 + .../recipes-connectivity/openssl/openssl_1.1.1i.bb | 211 --- .../recipes-connectivity/openssl/openssl_1.1.1k.bb | 211 +++ .../at-scale-debug/at-scale-debug_git.bb | 4 +- ...Fix-Dos-if-gzip-is-corrupt-CVE-2021-28831.patch | 48 + .../recipes-core/busybox/busybox_%.bbappend | 3 +- .../recipes-core/crashdump/crashdump_git.bb | 2 +- .../dhcp-check/dhcp-check/dhcp-check.service | 4 +- .../recipes-core/dropbear/dropbear_%.bbappend | 4 +- .../0001-Port-OpenSSH-CVE-2018-20685-fix.patch | 23 + .../glibc/cross-localedef-native_2.33.bb | 50 + .../recipes-core/glibc/glibc-collateral.inc | 12 + .../recipes-core/glibc/glibc-common.inc | 25 + .../meta-common/recipes-core/glibc/glibc-ld.inc | 20 + .../recipes-core/glibc/glibc-locale.inc | 103 ++ .../recipes-core/glibc/glibc-locale_2.33.bb | 1 + .../recipes-core/glibc/glibc-mtrace.inc | 16 + .../recipes-core/glibc/glibc-mtrace_2.33.bb | 1 + .../recipes-core/glibc/glibc-package.inc | 286 ++++ .../recipes-core/glibc/glibc-scripts.inc | 23 + .../recipes-core/glibc/glibc-scripts_2.33.bb | 1 + .../recipes-core/glibc/glibc-testsuite_2.33.bb | 63 + .../recipes-core/glibc/glibc-version.inc | 8 + .../meta-common/recipes-core/glibc/glibc.inc | 52 + ...def-Add-hardlink-resolver-from-util-linux.patch | 1130 +++++++++++++ ...emove-private-futex-optimization-BZ-27304.patch | 49 + ...ledef-fix-ups-hardlink-to-make-it-compile.patch | 238 +++ ...libc-Look-for-host-system-ld.so.cache-as-.patch | 65 + ...libc-Fix-buffer-overrun-with-a-relocated-.patch | 46 + ...libc-Raise-the-size-of-arrays-containing-.patch | 153 ++ ...ivesdk-glibc-Allow-64-bit-atomics-for-x86.patch | 39 + ...libc-Make-relocatable-install-for-locales.patch | 100 ++ ...500-e5500-e6500-603e-fsqrt-implementation.patch | 1581 +++++++++++++++++++ ...-Fix-undefined-reference-to-__sqrt_finite.patch | 205 +++ ...qrt-f-are-now-inline-functions-and-call-o.patch | 384 +++++ ...bug-1443-which-explains-what-the-patch-do.patch | 58 + ...n-libm-err-tab.pl-with-specific-dirs-in-S.patch | 33 + ...qrt-f-are-now-inline-functions-and-call-o.patch | 58 + ...-configure.ac-handle-correctly-libc_cv_ro.patch | 39 + ...thin-the-path-sets-wrong-config-variables.patch | 260 +++ ...-timezone-re-written-tzselect-as-posix-sh.patch | 42 + ...move-bash-dependency-for-nscd-init-script.patch | 72 + ...c-Cross-building-and-testing-instructions.patch | 616 ++++++++ ...019-eglibc-Help-bootstrap-cross-toolchain.patch | 97 ++ ...0020-eglibc-Resolve-__fpscr_values-on-SH4.patch | 53 + ...ward-port-cross-locale-generation-support.patch | 560 +++++++ ...0022-Define-DUMMY_LOCALE_T-if-not-defined.patch | 29 + ...dd-to-archive-uses-a-hard-coded-locale-pa.patch | 80 + ....c-Make-_dl_build_local_scope-breadth-fir.patch | 53 + ...tl-Emit-no-lines-in-bison-generated-files.patch | 31 + ...ent-maybe-uninitialized-errors-with-Os-BZ.patch | 53 + ...-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch | 29 + ...-Unify-the-header-between-arm-and-aarch64.patch | 75 + ...erpc-Do-not-ask-compiler-for-finding-arch.patch | 48 + ...incorrect-UCS4-inner-loop-bounds-BZ-26923.patch | 151 -- ...-full-ISA-support-for-x86-64-level-marker.patch | 116 ++ ...rrun-in-EUC-KR-conversion-module-BZ-24973.patch | 133 -- ...ing-Work-around-GCC-PR-98512-in-rawmemchr.patch | 58 + ...andle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch | 185 +++ .../glibc/glibc/0035-Fix-build-error.patch | 26 + ..._pthread_attr_copy-in-mq_notify-bug-27896.patch | 54 + ..._pthread_attr_copy-in-mq_notify-bug-27896.patch | 52 + .../recipes-core/glibc/glibc/CVE-2021-27645.patch | 51 + .../recipes-core/glibc/glibc/check-test-wrapper | 71 + .../recipes-core/glibc/glibc/etc/ld.so.conf | 1 + .../recipes-core/glibc/glibc/faccessat2-perm.patch | 31 + .../recipes-core/glibc/glibc/generate-supported.mk | 11 + .../recipes-core/glibc/glibc/makedbs.sh | 177 +++ .../recipes-core/glibc/glibc_%.bbappend | 5 - .../meta-common/recipes-core/glibc/glibc_2.33.bb | 126 ++ ...rray_list_del_idx-against-size_t-overflow.patch | 29 + ...0002-Prevent-division-by-zero-in-linkhash.patch | 34 + .../json-c/json-c/0003-Fix-integer-overflows.patch | 90 ++ .../recipes-devtools/json-c/json-c_%.bbappend | 6 + .../host-misc-comm-manager_git.bb | 2 +- .../0001-disable-PSU-cold-redundancy.patch | 73 + .../recipes-intel/smbios/smbios-mdrv2.bb | 2 +- ...Fix-array-index-bounds-check-in-dbAdjTree.patch | 35 + ...-fix-syscall-registers-retrieval-on-32-bi.patch | 62 + ...py_process-CLONE_PARENT-race-with-the-exi.patch | 55 + ...1-netfilter-add-and-use-nf_hook_slow_list.patch | 119 ++ ...lter-x_tables-Use-correct-memory-barriers.patch | 58 + ...l-ioctl-Fix-memory-leak-in-video_usercopy.patch | 78 + ...x-out-of-bounds-array-access-when-no-devi.patch | 40 + ...-Fix-incorrect-should_fail_futex-handling.patch | 47 + ...e-transient-ownerless-rtmutex-state-corre.patch | 82 + ...-enable-IRQs-unconditionally-in-put_pi_st.patch | 51 + ...e-the-correct-return-value-from-futex_loc.patch | 138 ++ ...x-Replace-pointless-printk-in-fixup_owner.patch | 44 + ...tex-Provide-and-use-pi_state_update_owner.patch | 117 ++ ...ove-unused-argument-from-rt_mutex_proxy_u.patch | 64 + ...Use-pi_state_update_owner-in-put_pi_state.patch | 42 + .../0009-futex-Simplify-fixup_pi_state_owner.patch | 138 ++ ...ex-Handle-faults-correctly-for-PI-futexes.patch | 164 ++ .../recipes-kernel/linux/linux-aspeed_%.bbappend | 57 + ...ing-channel-specific-privilege-to-network.patch | 41 +- ...eral-latent-issues-discovered-by-a-Klocwo.patch | 63 + .../network/phosphor-network_%.bbappend | 1 + ...at-certificate-is-loadable-in-SSL-context.patch | 53 + .../phosphor-certificate-manager_%.bbappend | 5 + .../0003-Klocwork-fix-fruDevice.patch | 41 + .../configuration/entity-manager_%.bbappend | 3 +- ...image-by-ID-and-inhibit-removal-of-bmc_ac.patch | 43 +- .../flash/phosphor-software-manager_%.bbappend | 1 + .../bmcweb/0042-Fix-nlohmann-json-dump-calls.patch | 451 ++++++ ...service-Fix-incorrect-pointer-dereference.patch | 40 + .../recipes-phosphor/interfaces/bmcweb_%.bbappend | 2 + .../0001-Add-dbus-method-SlotIpmbRequest.patch | 9 +- ...r-host-OS-not-retrying-when-BMC-times-out.patch | 61 + .../ipmi/phosphor-ipmi-kcs_%.bbappend | 4 +- ...2-crypt_algo-Null-check-on-Cipher-context.patch | 47 + .../ipmi/phosphor-ipmi-net_%.bbappend | 1 + ...eck-for-min-max-received-from-hwmon-files.patch | 95 ++ .../sensors/dbus-sensors_%.bbappend | 1 + .../webui/phosphor-webui_%.bbappend | 12 +- .../recipes-protocols/net-snmp/files/init | 66 + .../recipes-protocols/net-snmp/files/snmpd.conf | 422 +++++ .../net-snmp/files/snmptrapd.conf | 18 + ...rch_path.m4-keep-consistent-between-32bit.patch | 39 + .../0001-config_os_headers-Error-Fix.patch | 35 + .../0001-get_pid_from_inode-Include-limit.h.patch | 27 + ...tools.c-Don-t-check-for-return-from-EVP_M.patch | 34 + .../0002-configure-fix-a-cc-check-issue.patch | 28 + .../0004-configure-fix-incorrect-variable.patch | 28 + .../net-snmp/net-snmp/fix-libtool-finish.patch | 34 + ...nmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch | 43 + ...snmp-add-knob-whether-nlist.h-are-checked.patch | 36 + .../net-snmp/net-snmp-fix-for-disable-des.patch | 30 + ...p-testing-add-the-output-format-for-ptest.patch | 35 + .../net-snmp/reproducibility-have-printcap.patch | 30 + .../recipes-protocols/net-snmp/net-snmp/run-ptest | 5 + .../net-snmp/net-snmp/snmpd.service | 13 + .../net-snmp/net-snmp/snmptrapd.service | 13 + .../net-snmp/net-snmp/systemd-support.patch | 1652 ++++++++++++++++++++ .../recipes-protocols/net-snmp/net-snmp_5.9.bb | 275 ++++ .../recipes-support/curl/curl_7.74.0.bb | 81 - .../recipes-support/curl/curl_7.77.0.bb | 81 + .../recipes-support/gnutls/gnutls_%.bbappend | 7 +- .../files/0001-Prefetch-GCM-look-up-tables.patch | 90 ++ .../0001-libgcrypt-fix-m4-file-for-oe-core.patch | 149 ++ ...ok-up-tables-to-.data-section-and-unshare.patch | 332 ++++ ...ix-building-error-with-O2-in-sysroot-path.patch | 39 + ...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++ ...-slope.c-workaround-ICE-failure-on-mips-w.patch | 79 + ...ile.am-fix-undefined-reference-to-pthread.patch | 28 + .../libgcrypt/files/determinism.patch | 32 + .../recipes-support/libgcrypt/libgcrypt_1.8.8.bb | 58 + ...d-target-to-only-build-tests-not-run-them.patch | 45 + ...k-header-files-of-openssl-only-if-enable_.patch | 36 + .../nettle/nettle/dlopen-test.patch | 29 + .../recipes-support/nettle/nettle/run-ptest | 36 + .../recipes-support/nettle/nettle_3.7.2.bb | 58 + ...003-Improve-graceful-power-state-handling.patch | 97 ++ .../chassis/x86-power-control_%.bbappend | 1 + 162 files changed, 15919 insertions(+), 656 deletions(-) create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0001-image-Adjust-the-workings-of-fit_check_format.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27138/0001-image-Check-for-unit-addresses-in-FITs.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0019-ADCSensor-check-threshold-10-seconds-after-power-on.patch create mode 100644 meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0020-ExitAirTemp-fix-use-weak_ptr-to-in-async-handler.patch delete mode 100644 meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1i.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1k.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/0001-Decompress_gunzip-Fix-Dos-if-gzip-is-corrupt-CVE-2021-28831.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/dropbear/files/0001-Port-OpenSSH-CVE-2018-20685-fix.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/cross-localedef-native_2.33.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-collateral.inc create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-common.inc create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-ld.inc create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale.inc create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale_2.33.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace.inc create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace_2.33.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-package.inc create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts.inc create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts_2.33.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-testsuite_2.33.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-version.inc create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc.inc create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-localedef-Add-hardlink-resolver-from-util-linux.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0002-localedef-fix-ups-hardlink-to-make-it-compile.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0008-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0009-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0010-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0011-Quote-from-bug-1443-which-explains-what-the-patch-do.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0012-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0013-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0014-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0020-eglibc-Resolve-__fpscr_values-on-SH4.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0021-eglibc-Forward-port-cross-locale-generation-support.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0022-Define-DUMMY_LOCALE_T-if-not-defined.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0025-intl-Emit-no-lines-in-bison-generated-files.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0027-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0035-Fix-build-error.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/CVE-2021-27645.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/check-test-wrapper create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/etc/ld.so.conf create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/faccessat2-perm.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/generate-supported.mk create mode 100755 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/makedbs.sh delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend create mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0002-Prevent-division-by-zero-in-linkhash.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0003-Fix-integer-overflows.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c_%.bbappend create mode 100644 meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27815/0001-jfs-Fix-array-index-bounds-check-in-dbAdjTree.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-28588/0001-lib-syscall-fix-syscall-registers-retrieval-on-32-bi.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-35508/0001-fork-fix-copy_process-CLONE_PARENT-race-with-the-exi.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-20177/0001-netfilter-add-and-use-nf_hook_slow_list.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-30002/0001-media-v4l-ioctl-Fix-memory-leak-in-video_usercopy.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-31916/0001-dm-ioctl-fix-out-of-bounds-array-access-when-no-devi.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0001-futex-Fix-incorrect-should_fail_futex-handling.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0002-futex-Handle-transient-ownerless-rtmutex-state-corre.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0004-futex-Ensure-the-correct-return-value-from-futex_loc.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0005-futex-Replace-pointless-printk-in-fixup_owner.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0006-futex-Provide-and-use-pi_state_update_owner.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0007-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0008-futex-Use-pi_state_update_owner-in-put_pi_state.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0009-futex-Simplify-fixup_pi_state_owner.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0010-futex-Handle-faults-correctly-for-PI-futexes.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0010-Correct-several-latent-issues-discovered-by-a-Klocwo.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager/0001-Verify-that-certificate-is-loadable-in-SSL-context.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager_%.bbappend create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0003-Klocwork-fix-fruDevice.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0042-Fix-nlohmann-json-dump-calls.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0043-account_service-Fix-incorrect-pointer-dereference.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs/0001-Add-WA-for-host-OS-not-retrying-when-BMC-times-out.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0012-crypt_algo-Null-check-on-Cipher-context.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0003-Add-check-for-min-max-received-from-hwmon-files.patch create mode 100755 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/init create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmpd.conf create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmptrapd.conf create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch create mode 100755 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/run-ptest create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmpd.service create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmptrapd.service create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/systemd-support.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp_5.9.bb delete mode 100644 meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.74.0.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.77.0.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/determinism.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libgcrypt/libgcrypt_1.8.8.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/dlopen-test.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/run-ptest create mode 100644 meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.2.bb create mode 100644 meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0003-Improve-graceful-power-state-handling.patch diff --git a/meta-openbmc-mods/conf/machine/include/intel.inc b/meta-openbmc-mods/conf/machine/include/intel.inc index 166f458ec..7544de8fd 100644 --- a/meta-openbmc-mods/conf/machine/include/intel.inc +++ b/meta-openbmc-mods/conf/machine/include/intel.inc @@ -28,4 +28,5 @@ PREFERRED_PROVIDER_virtual/phosphor-led-manager-config-native ?= "intel-led-mana # add all the upstream intel override fixes OVERRIDES .= ":intel" DISTRO_FEATURES_remove = "ldap" -DISTRO_FEATURES_DEFAULT_remove = "ldap" \ No newline at end of file +DISTRO_FEATURES_DEFAULT_remove = "ldap" +GLIBCVERSION ?= "%" diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0032-PFR-FW-update-and-checkpoint-support-in-u-boot.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0032-PFR-FW-update-and-checkpoint-support-in-u-boot.patch index 79d7ec60d..838dfde9e 100644 --- a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0032-PFR-FW-update-and-checkpoint-support-in-u-boot.patch +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0032-PFR-FW-update-and-checkpoint-support-in-u-boot.patch @@ -133,7 +133,7 @@ index 99239938b5..89fe5fd4fd 100644 - switch (genimg_get_format(hdr)) { - case IMAGE_FORMAT_FIT: - printf(" FIT image found\n"); -- if (!fit_check_format(hdr)) { +- if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) { - printf("Bad FIT image format!\n"); - return -1; - } diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0001-image-Adjust-the-workings-of-fit_check_format.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0001-image-Adjust-the-workings-of-fit_check_format.patch new file mode 100644 index 000000000..deb40a938 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0001-image-Adjust-the-workings-of-fit_check_format.patch @@ -0,0 +1,362 @@ +From 8c6e79df48988760178787af39ecd01954569e81 Mon Sep 17 00:00:00 2001 +From: Simon Glass +Date: Mon, 15 Feb 2021 17:08:09 -0700 +Subject: [PATCH] image: Adjust the workings of fit_check_format() + +At present this function does not accept a size for the FIT. This means +that it must be read from the FIT itself, introducing potential security +risk. Update the function to include a size parameter, which can be +invalid, in which case fit_check_format() calculates it. + +For now no callers pass the size, but this can be updated later. + +Also adjust the return value to an error code so that all the different +types of problems can be distinguished by the user. + +Signed-off-by: Simon Glass +Reported-by: Bruce Monroe +Reported-by: Arie Haenel +Reported-by: Julien Lenoir +--- + board/aspeed/ast-g5/fw-update.c | 2 +- + cmd/bootm.c | 6 ++--- + cmd/disk.c | 2 +- + cmd/fdc.c | 2 +- + cmd/fpga.c | 2 +- + cmd/nand.c | 2 +- + cmd/source.c | 2 +- + cmd/ximg.c | 2 +- + common/image-fdt.c | 2 +- + common/image-fit.c | 44 ++++++++++++++++----------------- + common/update.c | 2 +- + drivers/misc/fsl_debug_server.c | 2 +- + drivers/net/fsl-mc/mc.c | 2 +- + include/image.h | 21 +++++++++++++++- + tools/fit_image.c | 2 +- + tools/mkimage.h | 2 ++ + 16 files changed, 59 insertions(+), 38 deletions(-) + +diff --git a/board/aspeed/ast-g5/fw-update.c b/board/aspeed/ast-g5/fw-update.c +index 99239938b5ee..50b46a2eff5a 100644 +--- a/board/aspeed/ast-g5/fw-update.c ++++ b/board/aspeed/ast-g5/fw-update.c +@@ -328,7 +328,7 @@ static int verify_image(void) + switch (genimg_get_format(hdr)) { + case IMAGE_FORMAT_FIT: + printf(" FIT image found\n"); +- if (!fit_check_format(hdr)) { ++ if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) { + printf("Bad FIT image format!\n"); + return -1; + } +diff --git a/cmd/bootm.c b/cmd/bootm.c +index 8da750ec5101..442ae0ba600e 100644 +--- a/cmd/bootm.c ++++ b/cmd/bootm.c +@@ -288,7 +288,7 @@ static int image_info(ulong addr) + case IMAGE_FORMAT_FIT: + puts(" FIT image found\n"); + +- if (!fit_check_format(hdr)) { ++ if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) { + puts("Bad FIT image format!\n"); + return 1; + } +@@ -361,7 +361,7 @@ static int do_imls_nor(void) + #endif + #if defined(CONFIG_FIT) + case IMAGE_FORMAT_FIT: +- if (!fit_check_format(hdr)) ++ if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) + goto next_sector; + + printf("FIT Image at %08lX:\n", (ulong)hdr); +@@ -441,7 +441,7 @@ static int nand_imls_fitimage(struct mtd_info *mtd, int nand_dev, loff_t off, + return ret; + } + +- if (!fit_check_format(imgdata)) { ++ if (fit_check_format(imgdata, IMAGE_SIZE_INVAL)) { + free(imgdata); + return 0; + } +diff --git a/cmd/disk.c b/cmd/disk.c +index 92de3af8a5c0..3038aacf2215 100644 +--- a/cmd/disk.c ++++ b/cmd/disk.c +@@ -113,7 +113,7 @@ int common_diskboot(cmd_tbl_t *cmdtp, const char *intf, int argc, + /* This cannot be done earlier, + * we need complete FIT image in RAM first */ + if (genimg_get_format((void *) addr) == IMAGE_FORMAT_FIT) { +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + bootstage_error(BOOTSTAGE_ID_IDE_FIT_READ); + puts("** Bad FIT image format\n"); + return 1; +diff --git a/cmd/fdc.c b/cmd/fdc.c +index d2281abbda90..7395e61fcdae 100644 +--- a/cmd/fdc.c ++++ b/cmd/fdc.c +@@ -731,7 +731,7 @@ int do_fdcboot (cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) + #if defined(CONFIG_FIT) + /* This cannot be done earlier, we need complete FIT image in RAM first */ + if (genimg_get_format ((void *)addr) == IMAGE_FORMAT_FIT) { +- if (!fit_check_format (fit_hdr)) { ++ if (fit_check_format (fit_hdr, IMAGE_SIZE_INVAL)) { + puts ("** Bad FIT image format\n"); + return 1; + } +diff --git a/cmd/fpga.c b/cmd/fpga.c +index 8956eb1b654a..ecb26d77c1cc 100644 +--- a/cmd/fpga.c ++++ b/cmd/fpga.c +@@ -248,7 +248,7 @@ int do_fpga(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) + return 1; + } + +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + puts("Bad FIT image format\n"); + return 1; + } +diff --git a/cmd/nand.c b/cmd/nand.c +index ffdeea41a5a7..2b1c931bd937 100644 +--- a/cmd/nand.c ++++ b/cmd/nand.c +@@ -902,7 +902,7 @@ static int nand_load_image(cmd_tbl_t *cmdtp, struct mtd_info *mtd, + #if defined(CONFIG_FIT) + /* This cannot be done earlier, we need complete FIT image in RAM first */ + if (genimg_get_format ((void *)addr) == IMAGE_FORMAT_FIT) { +- if (!fit_check_format (fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + bootstage_error(BOOTSTAGE_ID_NAND_FIT_READ); + puts ("** Bad FIT image format\n"); + return 1; +diff --git a/cmd/source.c b/cmd/source.c +index db7ab7e5f409..300db33b73cd 100644 +--- a/cmd/source.c ++++ b/cmd/source.c +@@ -97,7 +97,7 @@ source (ulong addr, const char *fit_uname) + } + + fit_hdr = buf; +- if (!fit_check_format (fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + puts ("Bad FIT image format\n"); + return 1; + } +diff --git a/cmd/ximg.c b/cmd/ximg.c +index d033c15b629c..0e26e747f25d 100644 +--- a/cmd/ximg.c ++++ b/cmd/ximg.c +@@ -132,7 +132,7 @@ do_imgextract(cmd_tbl_t * cmdtp, int flag, int argc, char * const argv[]) + "at %08lx ...\n", uname, addr); + + fit_hdr = (const void *)addr; +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + puts("Bad FIT image format\n"); + return 1; + } +diff --git a/common/image-fdt.c b/common/image-fdt.c +index 6cac7dbb7f8b..9b372577dafc 100644 +--- a/common/image-fdt.c ++++ b/common/image-fdt.c +@@ -353,7 +353,7 @@ int boot_get_fdt(int flag, int argc, char * const argv[], uint8_t arch, + */ + #if CONFIG_IS_ENABLED(FIT) + /* check FDT blob vs FIT blob */ +- if (fit_check_format(buf)) { ++ if (!fit_check_format(buf, IMAGE_SIZE_INVAL)) { + ulong load, len; + + fdt_noffset = fit_image_load(images, +diff --git a/common/image-fit.c b/common/image-fit.c +index 322fde728b50..34bbc8645205 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -9,6 +9,8 @@ + * SPDX-License-Identifier: GPL-2.0+ + */ + ++#define LOG_CATEGORY LOGC_BOOT ++ + #ifdef USE_HOSTCC + #include "mkimage.h" + #include +@@ -1212,40 +1214,38 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) + return (comp == image_comp); + } + +-/** +- * fit_check_format - sanity check FIT image format +- * @fit: pointer to the FIT format image header +- * +- * fit_check_format() runs a basic sanity FIT image verification. +- * Routine checks for mandatory properties, nodes, etc. +- * +- * returns: +- * 1, on success +- * 0, on failure +- */ +-int fit_check_format(const void *fit) ++int fit_check_format(const void *fit, ulong size) + { ++ int ret; ++ ++ ret = fdt_check_header(fit); ++ if (ret) { ++ log_debug("Wrong FIT format: not a flattened device tree (err=%d)\n", ++ ret); ++ return -ENOEXEC; ++ } ++ + /* mandatory / node 'description' property */ +- if (fdt_getprop(fit, 0, FIT_DESC_PROP, NULL) == NULL) { +- debug("Wrong FIT format: no description\n"); +- return 0; ++ if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) { ++ log_debug("Wrong FIT format: no description\n"); ++ return -ENOMSG; + } + + if (IMAGE_ENABLE_TIMESTAMP) { + /* mandatory / node 'timestamp' property */ +- if (fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL) == NULL) { +- debug("Wrong FIT format: no timestamp\n"); +- return 0; ++ if (!fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL)) { ++ log_debug("Wrong FIT format: no timestamp\n"); ++ return -ENODATA; + } + } + + /* mandatory subimages parent '/images' node */ + if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) { +- debug("Wrong FIT format: no images parent node\n"); +- return 0; ++ log_debug("Wrong FIT format: no images parent node\n"); ++ return -ENOENT; + } + +- return 1; ++ return 0; + } + + +@@ -1585,7 +1585,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr, + printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr); + + bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT); +- if (!fit_check_format(fit)) { ++ if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { + printf("Bad FIT %s image format!\n", prop_name); + bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT); + return -ENOEXEC; +diff --git a/common/update.c b/common/update.c +index 1da80b70f2db..521772c3645b 100644 +--- a/common/update.c ++++ b/common/update.c +@@ -279,7 +279,7 @@ int update_tftp(ulong addr, char *interface, char *devstring) + got_update_file: + fit = (void *)addr; + +- if (!fit_check_format((void *)fit)) { ++ if (fit_check_format((void *)fit, IMAGE_SIZE_INVAL)) { + printf("Bad FIT format of the update file, aborting " + "auto-update\n"); + return 1; +diff --git a/drivers/misc/fsl_debug_server.c b/drivers/misc/fsl_debug_server.c +index 98d9fbe534c3..25713316a1f5 100644 +--- a/drivers/misc/fsl_debug_server.c ++++ b/drivers/misc/fsl_debug_server.c +@@ -63,7 +63,7 @@ int debug_server_parse_firmware_fit_image(const void **raw_image_addr, + goto out_error; + } + +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + printf("Debug Server FW: Bad FIT image format\n"); + goto out_error; + } +diff --git a/drivers/net/fsl-mc/mc.c b/drivers/net/fsl-mc/mc.c +index 1811b0fe1a3f..243563eac400 100644 +--- a/drivers/net/fsl-mc/mc.c ++++ b/drivers/net/fsl-mc/mc.c +@@ -124,7 +124,7 @@ int parse_mc_firmware_fit_image(u64 mc_fw_addr, + return -EINVAL; + } + +- if (!fit_check_format(fit_hdr)) { ++ if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) { + printf("fsl-mc: ERR: Bad firmware image (bad FIT header)\n"); + return -EINVAL; + } +diff --git a/include/image.h b/include/image.h +index 2c6ef4de259d..130dc03bfb3c 100644 +--- a/include/image.h ++++ b/include/image.h +@@ -384,6 +384,9 @@ extern bootm_headers_t images; + #define uimage_to_cpu(x) be32_to_cpu(x) + #define cpu_to_uimage(x) cpu_to_be32(x) + ++/* An invalid size, meaning that the image size is not known */ ++#define IMAGE_SIZE_INVAL (-1UL) ++ + /* + * Translation table for entries of a specific type; used by + * get_table_entry_id() and get_table_entry_name(). +@@ -907,7 +910,23 @@ int fit_image_check_os(const void *fit, int noffset, uint8_t os); + int fit_image_check_arch(const void *fit, int noffset, uint8_t arch); + int fit_image_check_type(const void *fit, int noffset, uint8_t type); + int fit_image_check_comp(const void *fit, int noffset, uint8_t comp); +-int fit_check_format(const void *fit); ++ ++/** ++ * fit_check_format() - Check that the FIT is valid ++ * ++ * This performs various checks on the FIT to make sure it is suitable for ++ * use, looking for mandatory properties, nodes, etc. ++ * ++ * If FIT_FULL_CHECK is enabled, it also runs it through libfdt to make ++ * sure that there are no strange tags or broken nodes in the FIT. ++ * ++ * @fit: pointer to the FIT format image header ++ * @return 0 if OK, -ENOEXEC if not an FDT file, -EINVAL if the full FDT check ++ * failed (e.g. due to bad structure), -ENOMSG if the description is ++ * missing, -ENODATA if the timestamp is missing, -ENOENT if the /images ++ * path is missing ++ */ ++int fit_check_format(const void *fit, ulong size); + + int fit_conf_find_compat(const void *fit, const void *fdt); + +diff --git a/tools/fit_image.c b/tools/fit_image.c +index 58aa8e27db3e..6960cc74d23f 100644 +--- a/tools/fit_image.c ++++ b/tools/fit_image.c +@@ -721,7 +721,7 @@ static int fit_extract_contents(void *ptr, struct image_tool_params *params) + /* Indent string is defined in header image.h */ + p = IMAGE_INDENT_STRING; + +- if (!fit_check_format(fit)) { ++ if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { + printf("Bad FIT image format\n"); + return -1; + } +diff --git a/tools/mkimage.h b/tools/mkimage.h +index 3f369b748ed1..3c6c680218a2 100644 +--- a/tools/mkimage.h ++++ b/tools/mkimage.h +@@ -30,6 +30,8 @@ + #define debug(fmt,args...) + #endif /* MKIMAGE_DEBUG */ + ++#define log_debug(fmt, args...) debug(fmt, ##args) ++ + static inline void *map_sysmem(ulong paddr, unsigned long len) + { + return (void *)(uintptr_t)paddr; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch new file mode 100644 index 000000000..d82767ee9 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch @@ -0,0 +1,198 @@ +From df6bfa8d2d429addea3dfd9d1bfb3933b4adb7e7 Mon Sep 17 00:00:00 2001 +From: Simon Glass +Date: Mon, 15 Feb 2021 17:08:10 -0700 +Subject: [PATCH] image: Add an option to do a full check of the FIT + +Some strange modifications of the FIT can introduce security risks. Add an +option to check it thoroughly, using libfdt's fdt_check_full() function. + +Enable this by default if signature verification is enabled. + +CVE-2021-27097 + +Signed-off-by: Simon Glass +Reported-by: Bruce Monroe +Reported-by: Arie Haenel +Reported-by: Julien Lenoir +--- + Kconfig | 19 +++++++++++++ + common/image-fit.c | 19 +++++++++++++ + include/libfdt.h | 1 + + lib/libfdt/fdt_ro.c | 65 +++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 104 insertions(+) + +diff --git a/Kconfig b/Kconfig +index d6439d01ca60..1c1267fee079 100644 +--- a/Kconfig ++++ b/Kconfig +@@ -222,11 +222,21 @@ config FIT_VERBOSE + bool "Display verbose messages on FIT boot" + depends on FIT + ++config FIT_FULL_CHECK ++ bool "Do a full check of the FIT before using it" ++ default y ++ help ++ Enable this do a full check of the FIT to make sure it is valid. This ++ helps to protect against carefully crafted FITs which take advantage ++ of bugs or omissions in the code. This includes a bad structure, ++ multiple root nodes and the like. ++ + config FIT_SIGNATURE + bool "Enable signature verification of FIT uImages" + depends on FIT + depends on DM + select RSA ++ select FIT_FULL_CHECK + help + This option enables signature verification of FIT uImages, + using a hash signed and verified using RSA. If +@@ -240,11 +250,20 @@ config FIT_SIGNATURE + format support in this case, enable it using + CONFIG_IMAGE_FORMAT_LEGACY. + ++config SPL_FIT_FULL_CHECK ++ bool "Do a full check of the FIT before using it" ++ help ++ Enable this do a full check of the FIT to make sure it is valid. This ++ helps to protect against carefully crafted FITs which take advantage ++ of bugs or omissions in the code. This includes a bad structure, ++ multiple root nodes and the like. ++ + config SPL_FIT_SIGNATURE + bool "Enable signature verification of FIT firmware within SPL" + depends on SPL_FIT + depends on SPL_DM + select SPL_RSA ++ select SPL_FIT_FULL_CHECK + + config FIT_BEST_MATCH + bool "Select the best match for the kernel device tree" +diff --git a/common/image-fit.c b/common/image-fit.c +index 34bbc8645205..78db32e89f6f 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -24,11 +24,14 @@ DECLARE_GLOBAL_DATA_PTR; + #endif /* !USE_HOSTCC*/ + + #include ++#include + #include + #include + #include + #include + ++#define log_debug(fmt, args...) debug(fmt, ##args) ++ + /*****************************************************************************/ + /* New uImage format routines */ + /*****************************************************************************/ +@@ -1239,6 +1242,22 @@ int fit_check_format(const void *fit, ulong size) + } + } + ++ if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) { ++ /* ++ * If we are not given the size, make do wtih calculating it. ++ * This is not as secure, so we should consider a flag to ++ * control this. ++ */ ++ if (size == IMAGE_SIZE_INVAL) ++ size = fdt_totalsize(fit); ++ ret = fdt_check_full(fit, size); ++ ++ if (ret) { ++ log_debug("FIT check error %d\n", ret); ++ return -EINVAL; ++ } ++ } ++ + /* mandatory subimages parent '/images' node */ + if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) { + log_debug("Wrong FIT format: no images parent node\n"); +diff --git a/include/libfdt.h b/include/libfdt.h +index 74b1d149c2dd..6a4b2f871205 100644 +--- a/include/libfdt.h ++++ b/include/libfdt.h +@@ -1980,4 +1980,5 @@ int fdt_next_region(const void *fdt, + int fdt_add_alias_regions(const void *fdt, struct fdt_region *region, int count, + int max_regions, struct fdt_region_state *info); + ++int fdt_check_full(const void *fdt, size_t bufsize); + #endif /* _LIBFDT_H */ +diff --git a/lib/libfdt/fdt_ro.c b/lib/libfdt/fdt_ro.c +index 12214c2dc2b5..5ae4b84d6e54 100644 +--- a/lib/libfdt/fdt_ro.c ++++ b/lib/libfdt/fdt_ro.c +@@ -625,3 +625,68 @@ int fdt_node_offset_by_compatible(const void *fdt, int startoffset, + + return offset; /* error from fdt_next_node() */ + } ++ ++#define INT_MAX ((int)(~0U>>1)) ++ ++int fdt_check_full(const void *fdt, size_t bufsize) ++{ ++ int err; ++ int num_memrsv; ++ int offset, nextoffset = 0; ++ uint32_t tag; ++ unsigned depth = 0; ++ const void *prop; ++ const char *propname; ++ ++ if (bufsize < FDT_V1_SIZE) ++ return -FDT_ERR_TRUNCATED; ++ err = fdt_check_header(fdt); ++ if (err != 0) ++ return err; ++ if (bufsize < fdt_totalsize(fdt)) ++ return -FDT_ERR_TRUNCATED; ++ ++ num_memrsv = fdt_num_mem_rsv(fdt); ++ if (num_memrsv < 0) ++ return num_memrsv; ++ ++ while (1) { ++ offset = nextoffset; ++ tag = fdt_next_tag(fdt, offset, &nextoffset); ++ ++ if (nextoffset < 0) ++ return nextoffset; ++ ++ switch (tag) { ++ case FDT_NOP: ++ break; ++ ++ case FDT_END: ++ if (depth != 0) ++ return -FDT_ERR_BADSTRUCTURE; ++ return 0; ++ ++ case FDT_BEGIN_NODE: ++ depth++; ++ if (depth > INT_MAX) ++ return -FDT_ERR_BADSTRUCTURE; ++ break; ++ ++ case FDT_END_NODE: ++ if (depth == 0) ++ return -FDT_ERR_BADSTRUCTURE; ++ depth--; ++ break; ++ ++ case FDT_PROP: ++ prop = fdt_getprop_by_offset(fdt, offset, &propname, ++ &err); ++ if (!prop) ++ return err; ++ break; ++ ++ default: ++ return -FDT_ERR_INTERNAL; ++ } ++ } ++} +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27138/0001-image-Check-for-unit-addresses-in-FITs.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27138/0001-image-Check-for-unit-addresses-in-FITs.patch new file mode 100644 index 000000000..33dbf15be --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27138/0001-image-Check-for-unit-addresses-in-FITs.patch @@ -0,0 +1,106 @@ +From dbfcf0735d5f4d27445176f72e6174edf064c118 Mon Sep 17 00:00:00 2001 +From: Simon Glass +Date: Mon, 15 Feb 2021 17:08:12 -0700 +Subject: [PATCH] image: Check for unit addresses in FITs + +Using unit addresses in a FIT is a security risk. Add a check for this +and disallow it. + +CVE-2021-27138 + +Signed-off-by: Simon Glass +Reported-by: Bruce Monroe +Reported-by: Arie Haenel +Reported-by: Julien Lenoir +--- + common/image-fit.c | 56 ++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 52 insertions(+), 4 deletions(-) + +diff --git a/common/image-fit.c b/common/image-fit.c +index 78db32e89f6f..6c495ffa4349 100644 +--- a/common/image-fit.c ++++ b/common/image-fit.c +@@ -1217,6 +1217,34 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp) + return (comp == image_comp); + } + ++/** ++ * fdt_check_no_at() - Check for nodes whose names contain '@' ++ * ++ * This checks the parent node and all subnodes recursively ++ * ++ * @fit: FIT to check ++ * @parent: Parent node to check ++ * @return 0 if OK, -EADDRNOTAVAIL is a node has a name containing '@' ++ */ ++static int fdt_check_no_at(const void *fit, int parent) ++{ ++ const char *name; ++ int node; ++ int ret; ++ ++ name = fdt_get_name(fit, parent, NULL); ++ if (!name || strchr(name, '@')) ++ return -EADDRNOTAVAIL; ++ ++ fdt_for_each_subnode(node, fit, parent) { ++ ret = fdt_check_no_at(fit, node); ++ if (ret) ++ return ret; ++ } ++ ++ return 0; ++} ++ + int fit_check_format(const void *fit, ulong size) + { + int ret; +@@ -1251,10 +1279,27 @@ int fit_check_format(const void *fit, ulong size) + if (size == IMAGE_SIZE_INVAL) + size = fdt_totalsize(fit); + ret = fdt_check_full(fit, size); ++ if (ret) ++ ret = -EINVAL; ++ ++ /* ++ * U-Boot stopped using unit addressed in 2017. Since libfdt ++ * can match nodes ignoring any unit address, signature ++ * verification can see the wrong node if one is inserted with ++ * the same name as a valid node but with a unit address ++ * attached. Protect against this by disallowing unit addresses. ++ */ ++ if (!ret && CONFIG_IS_ENABLED(FIT_SIGNATURE)) { ++ ret = fdt_check_no_at(fit, 0); + ++ if (ret) { ++ log_debug("FIT check error %d\n", ret); ++ return ret; ++ } ++ } + if (ret) { + log_debug("FIT check error %d\n", ret); +- return -EINVAL; ++ return ret; + } + } + +@@ -1604,10 +1649,13 @@ int fit_image_load(bootm_headers_t *images, ulong addr, + printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr); + + bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT); +- if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { +- printf("Bad FIT %s image format!\n", prop_name); ++ ret = fit_check_format(fit, IMAGE_SIZE_INVAL); ++ if (ret) { ++ printf("Bad FIT %s image format! (err=%d)\n", prop_name, ret); ++ if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && ret == -EADDRNOTAVAIL) ++ printf("Signature checking prevents use of unit addresses (@) in nodes\n"); + bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT); +- return -ENOEXEC; ++ return ret; + } + bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT_OK); + if (fit_uname) { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend index f5dd88f7a..53e91136e 100644 --- a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend +++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend @@ -1,6 +1,5 @@ COMPATIBLE_MACHINE = "intel-ast2500" FILESEXTRAPATHS_append_intel-ast2500:= "${THISDIR}/files:" -FILESEXTRAPATHS_append_intel-ast2500:= "${THISDIR}/files/CVE-2020-10648:" # the meta-phosphor layer adds this patch, which conflicts # with the intel layout for environment @@ -53,6 +52,7 @@ SRC_URI_append_intel-ast2500 = " \ file://0054-U-Boot-4-4-lib-uuid-Improve-randomness-of-uuid-values-on-RANDOM_UUID-y.patch \ " # CVE-2020-10648 vulnerability fix +FILESEXTRAPATHS_append_intel-ast2500:= "${THISDIR}/files/CVE-2020-10648:" SRC_URI_append_intel-ast2500 = " \ file://0001-image-Correct-comment-for-fit_conf_get_node.patch \ file://0002-image-Be-a-little-more-verbose-when-checking-signatu.patch \ @@ -62,6 +62,20 @@ SRC_URI_append_intel-ast2500 = " \ file://0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch \ file://0012-image-Use-constants-for-required-and-key-name-hint.patch \ " + +# CVE-2021-27097 vulnerability fix +FILESEXTRAPATHS_append_intel-ast2500:= "${THISDIR}/files/CVE-2021-27097:" +SRC_URI_append_intel-ast2500 = " \ + file://0001-image-Adjust-the-workings-of-fit_check_format.patch \ + file://0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch \ + " + +# CVE-2021-27138 vulnerability fix +FILESEXTRAPATHS_append_intel-ast2500:= "${THISDIR}/files/CVE-2021-27138:" +SRC_URI_append_intel-ast2500 = " \ + file://0001-image-Check-for-unit-addresses-in-FITs.patch \ + " + PFR_SRC_URI = " \ file://0022-u-boot-env-change-for-PFR-image.patch \ file://0032-PFR-FW-update-and-checkpoint-support-in-u-boot.patch \ diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0019-ADCSensor-check-threshold-10-seconds-after-power-on.patch b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0019-ADCSensor-check-threshold-10-seconds-after-power-on.patch new file mode 100644 index 000000000..c4e093083 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0019-ADCSensor-check-threshold-10-seconds-after-power-on.patch @@ -0,0 +1,62 @@ +From 13a5a77c408efd1e84b48de8a48ab5990d26fca9 Mon Sep 17 00:00:00 2001 +From: Zhikui Ren +Date: Tue, 9 Mar 2021 20:25:29 -0800 +Subject: [PATCH] ADCSensor: check threshold 10 seconds after power on + +For ADC Sensors, only check for threshold if the host power state file +has been written for more than 10 seconds. + +This is a workaround to ensure that the sensor value that is used to +compare against the threshold level is read after voltages settled and +full ADC sampling cycle has been passed. + +The false SEL logs cannot be reliably reproduced, so it is not +possible to confirm that the issue is fixed with this change. + +Tested: +Use debug print to verify check threshold is skipped during first 10 +seconds after power state transition. +SEL log is created when event is triggered after 10 seconds. + +Signed-off-by: Zhikui Ren +--- + src/ADCSensor.cpp | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/ADCSensor.cpp b/src/ADCSensor.cpp +index 4de2b1f..2017c0c 100644 +--- a/src/ADCSensor.cpp ++++ b/src/ADCSensor.cpp +@@ -246,6 +246,7 @@ void ADCSensor::handleResponse(const boost::system::error_code& err) + + const static std::filesystem::path tmpHostStateFileDir = "/tmp"; + const static constexpr std::string_view hostStateFile = "host-state"; ++constexpr auto powerSettleTime = std::chrono::seconds{10}; + + static bool isPowerCurrentlyOn() + { +@@ -256,6 +257,21 @@ static bool isPowerCurrentlyOn() + return false; + } + ++ // File time is used as host power state change time. ++ // Make sure we are in the current state longer than settling time. ++ // This is only needed for power on to ensure VRs are sampled in ++ // the steady state. ++ // But it is ok to apply check for power off also, ++ // so always check the timestamp to keep the logic simple. ++ std::filesystem::file_time_type hostStateUpdateTime = ++ std::filesystem::last_write_time( ++ std::filesystem::path(tmpHostStateFileDir / hostStateFile)); ++ if ((std::filesystem::file_time_type::clock::now() - hostStateUpdateTime) <= ++ powerSettleTime) ++ { ++ return false; ++ } ++ + std::string state; + std::getline(hostStateStream, state); + return state == "xyz.openbmc_project.State.Host.HostState.Running"; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0020-ExitAirTemp-fix-use-weak_ptr-to-in-async-handler.patch b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0020-ExitAirTemp-fix-use-weak_ptr-to-in-async-handler.patch new file mode 100644 index 000000000..c0f8c5c92 --- /dev/null +++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0020-ExitAirTemp-fix-use-weak_ptr-to-in-async-handler.patch @@ -0,0 +1,209 @@ +From efb007d288530ce6ec8a319488422fbccb521edd Mon Sep 17 00:00:00 2001 +From: Zhikui Ren +Date: Tue, 9 Mar 2021 20:45:35 -0800 +Subject: ExitAirTemp fix: use weak_ptr to in async handler + +Replace shared_ptr with weak_ptr in async handler's capture. +CFMSensor and ExitAirTempSensor are properly deleted before +new instances are created. + +Tested: +Run dc cycle test and no more memory leak or dbus connection timeout. + +Signed-off-by Zhikui Ren +--- + src/ExitAirTempSensor.cpp | 102 +++++++++++++++++++++++++++++--------- + 1 file changed, 79 insertions(+), 23 deletions(-) + +diff --git a/src/ExitAirTempSensor.cpp b/src/ExitAirTempSensor.cpp +index 4661aeb..1ee9301 100644 +--- a/src/ExitAirTempSensor.cpp ++++ b/src/ExitAirTempSensor.cpp +@@ -208,10 +208,16 @@ CFMSensor::CFMSensor(std::shared_ptr& conn, + void CFMSensor::setupMatches() + { + +- std::shared_ptr self = shared_from_this(); ++ std::weak_ptr weakRef = weak_from_this(); + setupSensorMatch( + matches, *dbusConnection, "fan_tach", +- [self](const double& value, sdbusplus::message::message& message) { ++ [weakRef](const double& value, sdbusplus::message::message& message) { ++ std::shared_ptr self = weakRef.lock(); ++ if (!self) ++ { ++ // we have been deleted ++ return; ++ } + self->tachReadings[message.get_path()] = value; + if (self->tachRanges.find(message.get_path()) == + self->tachRanges.end()) +@@ -226,8 +232,15 @@ void CFMSensor::setupMatches() + }); + + dbusConnection->async_method_call( +- [self](const boost::system::error_code ec, +- const std::variant cfmVariant) { ++ [weakRef](const boost::system::error_code ec, ++ const std::variant cfmVariant) { ++ std::shared_ptr self = weakRef.lock(); ++ if (!self) ++ { ++ // we have been deleted ++ return; ++ } ++ + uint64_t maxRpm = 100; + if (!ec) + { +@@ -252,7 +265,13 @@ void CFMSensor::setupMatches() + "freedesktop.DBus.Properties',path='" + + std::string(cfmSettingPath) + "',arg0='" + + std::string(cfmSettingIface) + "'", +- [self](sdbusplus::message::message& message) { ++ [weakRef](sdbusplus::message::message& message) { ++ std::shared_ptr self = weakRef.lock(); ++ if (!self) ++ { ++ // we have been deleted ++ return; ++ } + boost::container::flat_map> + values; + std::string objectName; +@@ -298,18 +317,24 @@ void CFMSensor::createMaxCFMIface(void) + void CFMSensor::addTachRanges(const std::string& serviceName, + const std::string& path) + { +- std::shared_ptr self = shared_from_this(); ++ std::weak_ptr weakRef = weak_from_this(); + dbusConnection->async_method_call( +- [self, path](const boost::system::error_code ec, +- const boost::container::flat_map& data) { ++ [weakRef, ++ path](const boost::system::error_code ec, ++ const boost::container::flat_map& ++ data) { + if (ec) + { + std::cerr << "Error getting properties from " << path << "\n"; + std::cerr << ec.message() << "\n"; + return; + } +- ++ std::shared_ptr self = weakRef.lock(); ++ if (!self) ++ { ++ // we have been deleted ++ return; ++ } + double max = loadVariant(data, "MaxValue"); + double min = loadVariant(data, "MinValue"); + self->tachRanges[path] = std::make_pair(min, max); +@@ -544,13 +569,19 @@ void ExitAirTempSensor::setupMatches(void) + constexpr const std::array matchTypes = { + "power", inletTemperatureSensor}; + +- std::shared_ptr self = shared_from_this(); ++ std::weak_ptr weakRef = weak_from_this(); + for (const std::string& type : matchTypes) + { + setupSensorMatch( + matches, *dbusConnection, type, +- [self, type](const double& value, +- sdbusplus::message::message& message) { ++ [weakRef, type](const double& value, ++ sdbusplus::message::message& message) { ++ std::shared_ptr self = weakRef.lock(); ++ if (!self) ++ { ++ // we have been deleted ++ return; ++ } + if (type == "power") + { + std::string path = message.get_path(); +@@ -579,8 +610,14 @@ void ExitAirTempSensor::setupMatches(void) + }); + } + dbusConnection->async_method_call( +- [self](boost::system::error_code ec, +- const std::variant& value) { ++ [weakRef](boost::system::error_code ec, ++ const std::variant& value) { ++ std::shared_ptr self = weakRef.lock(); ++ if (!self) ++ { ++ // we have been deleted ++ return; ++ } + if (ec) + { + // sensor not ready yet +@@ -593,7 +630,13 @@ void ExitAirTempSensor::setupMatches(void) + std::string("/xyz/openbmc_project/sensors/") + inletTemperatureSensor, + properties::interface, properties::get, sensorValueInterface, "Value"); + dbusConnection->async_method_call( +- [self](boost::system::error_code ec, const GetSubTreeType& subtree) { ++ [weakRef](boost::system::error_code ec, const GetSubTreeType& subtree) { ++ std::shared_ptr self = weakRef.lock(); ++ if (!self) ++ { ++ // we have been deleted ++ return; ++ } + if (ec) + { + std::cerr << "Error contacting mapper\n"; +@@ -614,8 +657,15 @@ void ExitAirTempSensor::setupMatches(void) + { + const std::string& path = item.first; + self->dbusConnection->async_method_call( +- [self, path](boost::system::error_code ec, +- const std::variant& value) { ++ [weakRef, path](boost::system::error_code ec, ++ const std::variant& value) { ++ std::shared_ptr self = ++ weakRef.lock(); ++ if (!self) ++ { ++ // we have been deleted ++ return; ++ } + if (ec) + { + std::cerr << "Error getting value from " << path +@@ -644,18 +694,24 @@ void ExitAirTempSensor::setupMatches(void) + void ExitAirTempSensor::addPowerRanges(const std::string& serviceName, + const std::string& path) + { +- std::shared_ptr self = shared_from_this(); ++ std::weak_ptr weakRef = weak_from_this(); + dbusConnection->async_method_call( +- [self, path](const boost::system::error_code ec, +- const boost::container::flat_map& data) { ++ [weakRef, ++ path](const boost::system::error_code ec, ++ const boost::container::flat_map& ++ data) { + if (ec) + { + std::cerr << "Error getting properties from " << path << "\n"; + std::cerr << ec.message() << "\n"; + return; + } +- ++ std::shared_ptr self = weakRef.lock(); ++ if (!self) ++ { ++ // we have been deleted ++ return; ++ } + double max = loadVariant(data, "MaxValue"); + double min = loadVariant(data, "MinValue"); + self->powerRanges[path] = std::make_pair(min, max); +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend index 8e2126d9d..c75d5bb97 100644 --- a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend +++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend @@ -18,4 +18,6 @@ SRC_URI += "file://0001-Only-allow-drive-sensors-on-bus-2-for-ast2500.patch \ file://0016-Fix-threshold-assertion-events-for-cpu-adc-sensors.patch \ file://0017-Add-more-boundary-checking-in-Texitair-calculation.patch \ file://0018-ADCSensor-use-tmp-power-state-file-for-threshold.patch \ + file://0019-ADCSensor-check-threshold-10-seconds-after-power-on.patch \ + file://0020-ExitAirTemp-fix-use-weak_ptr-to-in-async-handler.patch \ " diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1i.bb b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1i.bb deleted file mode 100644 index a9120d136..000000000 --- a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1i.bb +++ /dev/null @@ -1,211 +0,0 @@ -SUMMARY = "Secure Socket Layer" -DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." -HOMEPAGE = "http://www.openssl.org/" -BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" -SECTION = "libs/network" - -# "openssl" here actually means both OpenSSL and SSLeay licenses apply -# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" - -DEPENDS = "hostperl-runtime-native" - -SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ - file://run-ptest \ - file://0001-skip-test_symbol_presence.patch \ - file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ - file://afalg.patch \ - file://reproducible.patch \ - " - -SRC_URI_append_class-nativesdk = " \ - file://environment.d-openssl.sh \ - " - -SRC_URI[sha256sum] = "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242" - -inherit lib_package multilib_header multilib_script ptest -MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" - -PACKAGECONFIG ?= "" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" - -B = "${WORKDIR}/build" -do_configure[cleandirs] = "${B}" - -#| ./libcrypto.so: undefined reference to `getcontext' -#| ./libcrypto.so: undefined reference to `setcontext' -#| ./libcrypto.so: undefined reference to `makecontext' -EXTRA_OECONF_append_libc-musl = " no-async" -EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" - -# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions -# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) -EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" - -# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. -CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" -CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" - -do_configure () { - os=${HOST_OS} - case $os in - linux-gnueabi |\ - linux-gnuspe |\ - linux-musleabi |\ - linux-muslspe |\ - linux-musl ) - os=linux - ;; - *) - ;; - esac - target="$os-${HOST_ARCH}" - case $target in - linux-arm*) - target=linux-armv4 - ;; - linux-aarch64*) - target=linux-aarch64 - ;; - linux-i?86 | linux-viac3) - target=linux-x86 - ;; - linux-gnux32-x86_64 | linux-muslx32-x86_64 ) - target=linux-x32 - ;; - linux-gnu64-x86_64) - target=linux-x86_64 - ;; - linux-mips | linux-mipsel) - # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags - target="linux-mips32 ${TARGET_CC_ARCH}" - ;; - linux-gnun32-mips*) - target=linux-mips64 - ;; - linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) - target=linux64-mips64 - ;; - linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) - target=linux-generic32 - ;; - linux-powerpc) - target=linux-ppc - ;; - linux-powerpc64) - target=linux-ppc64 - ;; - linux-powerpc64le) - target=linux-ppc64le - ;; - linux-riscv32) - target=linux-generic32 - ;; - linux-riscv64) - target=linux-generic64 - ;; - linux-sparc | linux-supersparc) - target=linux-sparcv9 - ;; - esac - - useprefix=${prefix} - if [ "x$useprefix" = "x" ]; then - useprefix=/ - fi - # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the - # environment variables set by bitbake. Adjust the environment variables instead. - HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target - perl ${B}/configdata.pm --dump -} - -do_install () { - oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install - - oe_multilib_header openssl/opensslconf.h - - # Create SSL structure for packages such as ca-certificates which - # contain hard-coded paths to /etc/ssl. Debian does the same. - install -d ${D}${sysconfdir}/ssl - mv ${D}${libdir}/ssl-1.1/certs \ - ${D}${libdir}/ssl-1.1/private \ - ${D}${libdir}/ssl-1.1/openssl.cnf \ - ${D}${sysconfdir}/ssl/ - - # Although absolute symlinks would be OK for the target, they become - # invalid if native or nativesdk are relocated from sstate. - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private - ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf -} - -do_install_append_class-native () { - create_wrapper ${D}${bindir}/openssl \ - OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ - SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ - SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ - OPENSSL_ENGINES=${libdir}/engines-1.1 -} - -do_install_append_class-nativesdk () { - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh - sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh -} - -PTEST_BUILD_HOST_FILES += "configdata.pm" -PTEST_BUILD_HOST_PATTERN = "perl_version =" -do_install_ptest () { - # Prune the build tree - rm -f ${B}/fuzz/*.* ${B}/test/*.* - - cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} - cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} - - # For test_shlibload - ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ - ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ - - install -d ${D}${PTEST_PATH}/apps - ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps - install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps - install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps - - install -d ${D}${PTEST_PATH}/engines - install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines -} - -# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto -# package RRECOMMENDS on this package. This will enable the configuration -# file to be installed for both the openssl-bin package and the libcrypto -# package since the openssl-bin package depends on the libcrypto package. - -PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" - -FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" -FILES_libssl = "${libdir}/libssl${SOLIBS}" -FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" -FILES_${PN}-engines = "${libdir}/engines-1.1" -FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" -FILES_${PN} =+ "${libdir}/ssl-1.1/*" -FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" - -CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" - -RRECOMMENDS_libcrypto += "openssl-conf" -RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" - -BBCLASSEXTEND = "native nativesdk" - -CVE_PRODUCT = "openssl:openssl" - -# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 -# Apache in meta-webserver is already recent enough -CVE_CHECK_WHITELIST += "CVE-2019-0190" diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1k.bb b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1k.bb new file mode 100644 index 000000000..034cc610d --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1k.bb @@ -0,0 +1,211 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl" here actually means both OpenSSL and SSLeay licenses apply +# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped) +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8" + +DEPENDS = "hostperl-runtime-native" + +SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ + file://run-ptest \ + file://0001-skip-test_symbol_presence.patch \ + file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ + file://afalg.patch \ + file://reproducible.patch \ + " + +SRC_URI_append_class-nativesdk = " \ + file://environment.d-openssl.sh \ + " + +SRC_URI[sha256sum] = "892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5" + +inherit lib_package multilib_header multilib_script ptest +MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" + +PACKAGECONFIG ?= "" +PACKAGECONFIG_class-native = "" +PACKAGECONFIG_class-nativesdk = "" + +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" + +B = "${WORKDIR}/build" +do_configure[cleandirs] = "${B}" + +#| ./libcrypto.so: undefined reference to `getcontext' +#| ./libcrypto.so: undefined reference to `setcontext' +#| ./libcrypto.so: undefined reference to `makecontext' +EXTRA_OECONF_append_libc-musl = " no-async" +EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" + +# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions +# (native versions can be built with newer glibc, but then relocated onto a system with older glibc) +EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" +EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" + +# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. +CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" + +do_configure () { + os=${HOST_OS} + case $os in + linux-gnueabi |\ + linux-gnuspe |\ + linux-musleabi |\ + linux-muslspe |\ + linux-musl ) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm*) + target=linux-armv4 + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-i?86 | linux-viac3) + target=linux-x86 + ;; + linux-gnux32-x86_64 | linux-muslx32-x86_64 ) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-mips | linux-mipsel) + # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags + target="linux-mips32 ${TARGET_CC_ARCH}" + ;; + linux-gnun32-mips*) + target=linux-mips64 + ;; + linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) + target=linux64-mips64 + ;; + linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-powerpc64le) + target=linux-ppc64le + ;; + linux-riscv32) + target=linux-generic32 + ;; + linux-riscv64) + target=linux-generic64 + ;; + linux-sparc | linux-supersparc) + target=linux-sparcv9 + ;; + esac + + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the + # environment variables set by bitbake. Adjust the environment variables instead. + HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target + perl ${B}/configdata.pm --dump +} + +do_install () { + oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install + + oe_multilib_header openssl/opensslconf.h + + # Create SSL structure for packages such as ca-certificates which + # contain hard-coded paths to /etc/ssl. Debian does the same. + install -d ${D}${sysconfdir}/ssl + mv ${D}${libdir}/ssl-1.1/certs \ + ${D}${libdir}/ssl-1.1/private \ + ${D}${libdir}/ssl-1.1/openssl.cnf \ + ${D}${sysconfdir}/ssl/ + + # Although absolute symlinks would be OK for the target, they become + # invalid if native or nativesdk are relocated from sstate. + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private + ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf +} + +do_install_append_class-native () { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ + SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ + OPENSSL_ENGINES=${libdir}/engines-1.1 +} + +do_install_append_class-nativesdk () { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh + sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh +} + +PTEST_BUILD_HOST_FILES += "configdata.pm" +PTEST_BUILD_HOST_PATTERN = "perl_version =" +do_install_ptest () { + # Prune the build tree + rm -f ${B}/fuzz/*.* ${B}/test/*.* + + cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} + cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} + + # For test_shlibload + ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ + ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ + + install -d ${D}${PTEST_PATH}/apps + ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps + install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps + install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps + + install -d ${D}${PTEST_PATH}/engines + install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines +} + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the openssl-bin package and the libcrypto +# package since the openssl-bin package depends on the libcrypto package. + +PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" + +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl${SOLIBS}" +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +FILES_${PN}-engines = "${libdir}/engines-1.1" +FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" +FILES_${PN} =+ "${libdir}/ssl-1.1/*" +FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" + +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" + +RRECOMMENDS_libcrypto += "openssl-conf" +RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" + +BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "openssl:openssl" + +# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 +# Apache in meta-webserver is already recent enough +CVE_CHECK_WHITELIST += "CVE-2019-0190" diff --git a/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb b/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb index 6e3e0c4de..f35fee7ab 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb @@ -4,7 +4,7 @@ SUMMARY = "At Scale Debug Service" DESCRIPTION = "At Scale Debug Service exposes remote JTAG target debug capabilities" LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0d1c657b2ba1e8877940a8d1614ec560" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8929d33c051277ca2294fe0f5b062f38" inherit cmake @@ -13,7 +13,7 @@ DEPENDS = "sdbusplus openssl libpam libgpiod safec" do_configure[depends] += "virtual/kernel:do_shared_workdir" SRC_URI = "git://github.com/Intel-BMC/asd;protocol=git" -SRCREV = "1.4.3" +SRCREV = "1.4.6" inherit useradd diff --git a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/0001-Decompress_gunzip-Fix-Dos-if-gzip-is-corrupt-CVE-2021-28831.patch b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/0001-Decompress_gunzip-Fix-Dos-if-gzip-is-corrupt-CVE-2021-28831.patch new file mode 100644 index 000000000..b0f22dcab --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/0001-Decompress_gunzip-Fix-Dos-if-gzip-is-corrupt-CVE-2021-28831.patch @@ -0,0 +1,48 @@ +From f25d254dfd4243698c31a4f3153d4ac72aa9e9bd Mon Sep 17 00:00:00 2001 +From: Samuel Sapalski +Date: Wed, 3 Mar 2021 16:31:22 +0100 +Subject: decompress_gunzip: Fix DoS if gzip is corrupt + +On certain corrupt gzip files, huft_build will set the error bit on +the result pointer. If afterwards abort_unzip is called huft_free +might run into a segmentation fault or an invalid pointer to +free(p). + +In order to mitigate this, we check in huft_free if the error bit +is set and clear it before the linked list is freed. + +Signed-off-by: Samuel Sapalski +Signed-off-by: Peter Kaestle +Signed-off-by: Denys Vlasenko +--- + archival/libarchive/decompress_gunzip.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c +index eb3b64930..e93cd5005 100644 +--- a/archival/libarchive/decompress_gunzip.c ++++ b/archival/libarchive/decompress_gunzip.c +@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = { + * each table. + * t: table to free + */ ++#define BAD_HUFT(p) ((uintptr_t)(p) & 1) ++#define ERR_RET ((huft_t*)(uintptr_t)1) + static void huft_free(huft_t *p) + { + huft_t *q; + ++ /* ++ * If 'p' has the error bit set we have to clear it, otherwise we might run ++ * into a segmentation fault or an invalid pointer to free(p) ++ */ ++ if (BAD_HUFT(p)) { ++ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET)); ++ } ++ + /* Go through linked list, freeing from the malloced (t[-1]) address. */ + while (p) { + q = (--p)->v.t; +-- +cgit v1.2.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend index c72975ccc..b2a5f393f 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend @@ -2,6 +2,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" SRC_URI += " \ file://disable.cfg \ file://enable.cfg \ - " + file://0001-Decompress_gunzip-Fix-Dos-if-gzip-is-corrupt-CVE-2021-28831.patch \ + " SRC_URI += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks','file://dev-only.cfg','',d)}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb b/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb index b603cdefe..adcdc6011 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb @@ -13,7 +13,7 @@ LICENSE = "Proprietary" LIC_FILES_CHKSUM = "file://LICENSE;md5=43c09494f6b77f344027eea0a1c22830" SRC_URI = "git://github.com/Intel-BMC/crashdump;protocol=git" -SRCREV = "wht-1.0.4" +SRCREV = "wht-1.0.6" S = "${WORKDIR}/git" diff --git a/meta-openbmc-mods/meta-common/recipes-core/dhcp-check/dhcp-check/dhcp-check.service b/meta-openbmc-mods/meta-common/recipes-core/dhcp-check/dhcp-check/dhcp-check.service index f32935a7f..de0236064 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/dhcp-check/dhcp-check/dhcp-check.service +++ b/meta-openbmc-mods/meta-common/recipes-core/dhcp-check/dhcp-check/dhcp-check.service @@ -3,8 +3,8 @@ Description=Check for DHCP address After=network.target [Service] -Type=oneshot -ExecStart=/usr/bin/dhcp-check.sh +Type=simple +ExecStart=/bin/sh -c '/usr/bin/dhcp-check.sh' [Install] WantedBy=multi-user.target diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend index cfa1d0711..686369d3f 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend @@ -1,6 +1,8 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/files:" -SRC_URI += "file://enable-ssh.sh" +SRC_URI += "file://0001-Port-OpenSSH-CVE-2018-20685-fix.patch \ + file://enable-ssh.sh \ + " add_manual_ssh_enable() { install -d ${D}/usr/share/misc diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/0001-Port-OpenSSH-CVE-2018-20685-fix.patch b/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/0001-Port-OpenSSH-CVE-2018-20685-fix.patch new file mode 100644 index 000000000..947c2fe22 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/0001-Port-OpenSSH-CVE-2018-20685-fix.patch @@ -0,0 +1,23 @@ +From 8f8a3dff705fad774a10864a2e3dbcfa9779ceff Mon Sep 17 00:00:00 2001 +From: Haelwenn Monnier +Date: Mon, 25 May 2020 14:54:29 +0200 +Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80) + +--- + scp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/scp.c b/scp.c +index 742ae00f..7b8e7d22 100644 +--- a/scp.c ++++ b/scp.c +@@ -935,7 +935,8 @@ sink(int argc, char **argv) + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); +- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ if (*cp == '\0' || strchr(cp, '/') != NULL || ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { + run_err("error: unexpected filename: %s", cp); + exit(1); + } diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/cross-localedef-native_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/cross-localedef-native_2.33.bb new file mode 100644 index 000000000..ec59c6ba1 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/cross-localedef-native_2.33.bb @@ -0,0 +1,50 @@ +SUMMARY = "Cross locale generation tool for glibc" +HOMEPAGE = "http://www.gnu.org/software/libc/libc.html" +SECTION = "libs" +LICENSE = "LGPL-2.1" + +LIC_FILES_CHKSUM = "file://LICENSES;md5=1541fd8f5e8f1579512bf05f533371ba \ + file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \ + file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" + +require glibc-version.inc + +# Tell autotools that we're working in the localedef directory +# +AUTOTOOLS_SCRIPT_PATH = "${S}/localedef" + +inherit autotools +inherit native + +FILESEXTRAPATHS =. "${FILE_DIRNAME}/${PN}:${FILE_DIRNAME}/glibc:" + +SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ + git://github.com/kraj/localedef;branch=master;name=localedef;destsuffix=git/localedef \ + \ + file://0001-localedef-Add-hardlink-resolver-from-util-linux.patch \ + file://0002-localedef-fix-ups-hardlink-to-make-it-compile.patch \ + \ + file://0016-timezone-re-written-tzselect-as-posix-sh.patch \ + file://0017-Remove-bash-dependency-for-nscd-init-script.patch \ + file://0018-eglibc-Cross-building-and-testing-instructions.patch \ + file://0019-eglibc-Help-bootstrap-cross-toolchain.patch \ + file://0020-eglibc-Resolve-__fpscr_values-on-SH4.patch \ + file://0021-eglibc-Forward-port-cross-locale-generation-support.patch \ + file://0022-Define-DUMMY_LOCALE_T-if-not-defined.patch \ + file://0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch \ +" +# Makes for a rather long rev (22 characters), but... +# +SRCREV_FORMAT = "glibc_localedef" + +S = "${WORKDIR}/git" + +EXTRA_OECONF = "--with-glibc=${S}" +CFLAGS += "-fgnu89-inline -std=gnu99 -DIS_IN\(x\)='0'" + +do_install() { + install -d ${D}${bindir} + install -m 0755 ${B}/localedef ${D}${bindir}/cross-localedef + install -m 0755 ${B}/cross-localedef-hardlink ${D}${bindir}/cross-localedef-hardlink +} diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-collateral.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-collateral.inc new file mode 100644 index 000000000..52880791a --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-collateral.inc @@ -0,0 +1,12 @@ +require glibc-common.inc + +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6 \ + file://${COMMON_LICENSE_DIR}/LGPL-2.1;md5=1a6d268fd218675ffea8be556788b780" + +deltask do_fetch +deltask do_unpack +deltask do_patch +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install[depends] += "virtual/${MLPREFIX}libc:do_stash_locale" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-common.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-common.inc new file mode 100644 index 000000000..41ff7e9a1 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-common.inc @@ -0,0 +1,25 @@ +SUMMARY = "GLIBC (GNU C Library)" +DESCRIPTION = "The GNU C Library is used as the system C library in most systems with the Linux kernel." +HOMEPAGE = "http://www.gnu.org/software/libc/libc.html" +SECTION = "libs" +LICENSE = "GPLv2 & LGPLv2.1" + +LIC_FILES_CHKSUM ?= "file://LICENSES;md5=1541fd8f5e8f1579512bf05f533371ba \ + file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \ + file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" + +CVE_PRODUCT = "glibc" + +INHIBIT_DEFAULT_DEPS = "1" + +ARM_INSTRUCTION_SET_armv4 = "arm" +ARM_INSTRUCTION_SET_armv5 = "arm" +ARM_INSTRUCTION_SET_armv6 = "arm" +# +# We will skip parsing glibc when target system C library selection is not glibc +# this helps in easing out parsing for non-glibc system libraries +# +COMPATIBLE_HOST_libc-musl_class-target = "null" + +PV = "2.33" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-ld.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-ld.inc new file mode 100644 index 000000000..041ffbb9c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-ld.inc @@ -0,0 +1,20 @@ +inherit linuxloader + +GLIBC_GETLOADER = "${@get_linuxloader(d)}" + +def glibc_dl_info(d): + infos = {'ldconfig':set(), 'lddrewrite':set()} + + loaders = all_multilib_tune_values(d, "GLIBC_GETLOADER").split() + for loader in loaders: + infos['ldconfig'].add('{"' + loader + '",' + "FLAG_ELF_LIBC6" + ' }') + infos['lddrewrite'].add(loader) + + infos['ldconfig'] = ','.join(sorted(infos['ldconfig'])) + infos['lddrewrite'] = ' '.join(sorted(infos['lddrewrite'])) + return infos + +EGLIBC_KNOWN_INTERPRETER_NAMES = "${@glibc_dl_info(d)['ldconfig']}" +RTLDLIST = "${@glibc_dl_info(d)['lddrewrite']}" +RTLDLIST_class-nativesdk = "${base_libdir}/${@bb.utils.contains('SDK_ARCH', 'x86_64', 'ld-linux-x86-64.so.2', 'ld-linux.so.2', d)}" +glibc_dl_info[vardepsexclude] = "OVERRIDES" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale.inc new file mode 100644 index 000000000..ef06389ff --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale.inc @@ -0,0 +1,103 @@ +require glibc-collateral.inc + +SUMMARY = "Locale data from glibc" + +BPN = "glibc" +LOCALEBASEPN = "${MLPREFIX}glibc" + +# glibc-collateral.inc inhibits all default deps, but do_package needs objcopy +# ERROR: objcopy failed with exit code 127 (cmd was 'i586-webos-linux-objcopy' --only-keep-debug 'glibc-locale/2.17-r0/package/usr/lib/gconv/IBM1166.so' 'glibc-locale/2.17-r0/package/usr/lib/gconv/.debug/IBM1166.so') +# ERROR: Function failed: split_and_strip_files +BINUTILSDEP = "virtual/${MLPREFIX}${TARGET_PREFIX}binutils:do_populate_sysroot" +BINUTILSDEP_class-nativesdk = "virtual/${TARGET_PREFIX}binutils-crosssdk:do_populate_sysroot" +do_package[depends] += "${BINUTILSDEP}" + +DEPENDS += "virtual/libc" + +# Binary locales are generated at build time if ENABLE_BINARY_LOCALE_GENERATION +# is set. The idea is to avoid running localedef on the target (at first boot) +# to decrease initial boot time and avoid localedef being killed by the OOM +# killer which used to effectively break i18n on machines with < 128MB RAM. + +# default to disabled +ENABLE_BINARY_LOCALE_GENERATION ?= "0" +ENABLE_BINARY_LOCALE_GENERATION_pn-nativesdk-glibc-locale = "1" + +#enable locale generation on these arches +# BINARY_LOCALE_ARCHES is a space separated list of regular expressions +BINARY_LOCALE_ARCHES ?= "arc arm.* aarch64 i[3-6]86 x86_64 powerpc mips mips64 riscv32 riscv64" + +# set "1" to use cross-localedef for locale generation +# set "0" for qemu emulation of native localedef for locale generation +LOCALE_GENERATION_WITH_CROSS-LOCALEDEF = "1" + +PROVIDES = "virtual/libc-locale" + +PACKAGES = "localedef ${PN}-dbg" + +PACKAGES_DYNAMIC = "^locale-base-.* \ + ^glibc-gconv-.* ^glibc-charmap-.* ^glibc-localedata-.* ^glibc-binary-localedata-.* \ + ^${MLPREFIX}glibc-gconv$" + +# Create a glibc-binaries package +ALLOW_EMPTY_${BPN}-binaries = "1" +PACKAGES += "${BPN}-binaries" +RRECOMMENDS_${BPN}-binaries = "${@" ".join([p for p in d.getVar('PACKAGES').split() if p.find("glibc-binary") != -1])}" + +# Create a glibc-charmaps package +ALLOW_EMPTY_${BPN}-charmaps = "1" +PACKAGES += "${BPN}-charmaps" +RRECOMMENDS_${BPN}-charmaps = "${@" ".join([p for p in d.getVar('PACKAGES').split() if p.find("glibc-charmap") != -1])}" + +# Create a glibc-gconvs package +ALLOW_EMPTY_${BPN}-gconvs = "1" +PACKAGES += "${BPN}-gconvs" +RRECOMMENDS_${BPN}-gconvs = "${@" ".join([p for p in d.getVar('PACKAGES').split() if p.find("glibc-gconv") != -1])}" + +# Create a glibc-localedatas package +ALLOW_EMPTY_${BPN}-localedatas = "1" +PACKAGES += "${BPN}-localedatas" +RRECOMMENDS_${BPN}-localedatas = "${@" ".join([p for p in d.getVar('PACKAGES').split() if p.find("glibc-localedata") != -1])}" + +DESCRIPTION_localedef = "glibc: compile locale definition files" + +# glibc-gconv is dynamically added into PACKAGES, thus +# FILES_glibc-gconv will not be automatically extended in multilib. +# Explicitly add ${MLPREFIX} for FILES_glibc-gconv. +FILES_${MLPREFIX}glibc-gconv = "${libdir}/gconv/*" +FILES_localedef = "${bindir}/localedef" + +LOCALETREESRC = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale" + +copy_locale_files() { + local dir=$1 mode=$2 + + [ -e "${LOCALETREESRC}$dir" ] || return 0 + + for d in . $(find "${LOCALETREESRC}$dir" -type d -printf '%P '); do + install -d ${D}$dir/$d + find "${LOCALETREESRC}$dir/$d" -maxdepth 1 -type f \ + -exec install -m $mode -t "${D}$dir/$d" {} \; + done +} + +do_install() { + copy_locale_files ${bindir} 0755 + copy_locale_files ${localedir} 0644 + if [ ${PACKAGE_NO_GCONV} -eq 0 ]; then + copy_locale_files ${libdir}/gconv 0755 + copy_locale_files ${datadir}/i18n 0644 + else + # Remove the libdir if it is empty when gconv is not copied + find ${D}${libdir} -type d -empty -delete + fi + copy_locale_files ${datadir}/locale 0644 + install -m 0644 ${LOCALETREESRC}/SUPPORTED ${WORKDIR}/SUPPORTED +} + +inherit libc-package + +BBCLASSEXTEND = "nativesdk" + +# Don't scan for CVEs as glibc will be scanned +CVE_PRODUCT = "" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale_2.33.bb new file mode 100644 index 000000000..f7702e035 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale_2.33.bb @@ -0,0 +1 @@ +require glibc-locale.inc diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace.inc new file mode 100644 index 000000000..ef9d60ec2 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace.inc @@ -0,0 +1,16 @@ +require glibc-collateral.inc + +SUMMARY = "mtrace utility provided by glibc" +DESCRIPTION = "mtrace utility provided by glibc" +RDEPENDS_${PN} = "perl" +RPROVIDES_${PN} = "libc-mtrace" + +SRC = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale/scripts" + +do_install() { + install -d -m 0755 ${D}${bindir} + install -m 0755 ${SRC}/mtrace ${D}${bindir}/ +} + +# Don't scan for CVEs as glibc will be scanned +CVE_PRODUCT = "" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace_2.33.bb new file mode 100644 index 000000000..0b69bad46 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace_2.33.bb @@ -0,0 +1 @@ +require glibc-mtrace.inc diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-package.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-package.inc new file mode 100644 index 000000000..8d0cc8047 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-package.inc @@ -0,0 +1,286 @@ +INHIBIT_SYSROOT_STRIP = "1" + +PACKAGES = "${PN}-dbg catchsegv sln nscd ldconfig ldd tzcode glibc-thread-db ${PN}-pic libcidn libmemusage libnss-db libsegfault ${PN}-pcprofile libsotruss ${PN} ${PN}-utils glibc-extra-nss ${PN}-dev ${PN}-staticdev ${PN}-doc" + +# The ld.so in this glibc supports the GNU_HASH +RPROVIDES_${PN} = "eglibc rtld(GNU_HASH)" +RPROVIDES_${PN}-utils = "eglibc-utils" +RPROVIDES_${PN}-mtrace = "eglibc-mtrace libc-mtrace" +RPROVIDES_${PN}-pic = "eglibc-pic" +RPROVIDES_${PN}-dev = "eglibc-dev libc6-dev virtual-libc-dev" +RPROVIDES_${PN}-staticdev = "eglibc-staticdev" +RPROVIDES_${PN}-doc = "eglibc-doc" +RPROVIDES_glibc-extra-nss = "eglibc-extra-nss" +RPROVIDES_glibc-thread-db = "eglibc-thread-db" +RPROVIDES_${PN}-pcprofile = "eglibc-pcprofile" +RPROVIDES_${PN}-dbg = "eglibc-dbg" +libc_baselibs = "${base_libdir}/libc.so.* ${base_libdir}/libc-*.so ${base_libdir}/libm*.so.* ${base_libdir}/libm-*.so ${base_libdir}/libmvec-*.so ${base_libdir}/ld*.so.* ${base_libdir}/ld-*.so ${base_libdir}/libpthread*.so.* ${base_libdir}/libpthread-*.so ${base_libdir}/libresolv*.so.* ${base_libdir}/libresolv-*.so ${base_libdir}/librt*.so.* ${base_libdir}/librt-*.so ${base_libdir}/libutil*.so.* ${base_libdir}/libutil-*.so ${base_libdir}/libnsl*.so.* ${base_libdir}/libnsl-*.so ${base_libdir}/libnss_files*.so.* ${base_libdir}/libnss_files-*.so ${base_libdir}/libnss_compat*.so.* ${base_libdir}/libnss_compat-*.so ${base_libdir}/libnss_dns*.so.* ${base_libdir}/libnss_dns-*.so ${base_libdir}/libdl*.so.* ${base_libdir}/libdl-*.so ${base_libdir}/libanl*.so.* ${base_libdir}/libanl-*.so ${base_libdir}/libBrokenLocale*.so.* ${base_libdir}/libBrokenLocale-*.so" +ARCH_DYNAMIC_LOADER = "" +# The aarch64 ABI says the dynamic linker -must- be +# /lib/ld-linux-aarch64{,_be}.so.1. With usrmerge, that may mean that +# we need to install it in /usr/lib. +ARCH_DYNAMIC_LOADER_aarch64 = "ld-linux-${TARGET_ARCH}.so.1" +libc_baselibs_append = " ${@oe.utils.conditional('ARCH_DYNAMIC_LOADER', '', '', '${root_prefix}/lib/${ARCH_DYNAMIC_LOADER}', d)}" +INSANE_SKIP_${PN}_append_aarch64 = " libdir" + +FILES_${PN} = "${libc_baselibs} ${libexecdir}/* ${sysconfdir}/ld.so.conf" +RRECOMMENDS_${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'ldconfig', '${MLPREFIX}ldconfig', '', d)}" +FILES_ldconfig = "${base_sbindir}/ldconfig" +FILES_ldd = "${bindir}/ldd" +FILES_libsegfault = "${base_libdir}/libSegFault*" +FILES_libcidn = "${base_libdir}/libcidn-*.so ${base_libdir}/libcidn.so.*" +FILES_libmemusage = "${base_libdir}/libmemusage.so" +FILES_libnss-db = "${base_libdir}/libnss_db.so.* ${base_libdir}/libnss_db-*.so ${localstatedir}/db/Makefile ${localstatedir}/db/makedbs.sh" +RDEPENDS_libnss-db = "${PN}-utils" +FILES_glibc-extra-nss = "${base_libdir}/libnss_*-*.so ${base_libdir}/libnss_*.so.*" +FILES_sln = "${base_sbindir}/sln" +FILES_${PN}-pic = "${libdir}/*_pic.a ${libdir}/*_pic.map ${libdir}/libc_pic/*.o" +FILES_libsotruss = "${libdir}/audit/sotruss-lib.so" +FILES_SOLIBSDEV = "${libdir}/lib*${SOLIBSDEV}" +FILES_${PN}-dev += "${libdir}/*_nonshared.a ${base_libdir}/*_nonshared.a ${base_libdir}/*.o ${datadir}/aclocal" +RDEPENDS_${PN}-dev = "linux-libc-headers-dev" +FILES_${PN}-staticdev += "${libdir}/*.a ${base_libdir}/*.a" +FILES_nscd = "${sbindir}/nscd* ${sysconfdir}/init.d/nscd ${systemd_unitdir}/system/nscd* ${sysconfdir}/tmpfiles.d/nscd.conf \ + ${sysconfdir}/nscd.conf ${sysconfdir}/default/volatiles/98_nscd ${localstatedir}/db/nscd" +FILES_${PN}-mtrace = "${bindir}/mtrace" +FILES_tzcode = "${bindir}/tzselect ${sbindir}/zic ${sbindir}/zdump" +FILES_${PN}-utils = "${bindir}/* ${sbindir}/*" +FILES_catchsegv = "${bindir}/catchsegv" +RDEPENDS_catchsegv = "libsegfault" +FILES_${PN}-pcprofile = "${base_libdir}/libpcprofile.so" +FILES_glibc-thread-db = "${base_libdir}/libthread_db.so.* ${base_libdir}/libthread_db-*.so" +RPROVIDES_${PN}-dev += "libc-dev" +RPROVIDES_${PN}-staticdev += "libc-staticdev" + +SUMMARY_sln = "The static ln" +DESCRIPTION_sln = "Similar to the 'ln' utility, but statically linked. sln is useful to make symbolic links to dynamic libraries if the dynamic linking system, for some reason, is not functional." +SUMMARY_nscd = "Name service cache daemon" +DESCRIPTION_nscd = "nscd, name service cache daemon, caches name service lookups for the passwd, group and hosts information. It can damatically improvide performance with remote, such as NIS or NIS+, name services." +SUMMARY_glibc-extra-nss = "hesiod, NIS and NIS+ nss libraries" +DESCRIPTION_glibc-extra-nss = "glibc: nis, nisplus and hesiod search services." +SUMMARY_ldd = "print shared library dependencies" +DESCRIPTION_ldd = "${bindir}/ldd prints shared library dependencies for each program or shared library specified on the command line." +SUMMARY_${PN}-utils = "Miscellaneous utilities provided by glibc" +DESCRIPTION_${PN}-utils = "Miscellaneous utilities including getconf, iconv, locale, gencat, ..." +DESCRIPTION_libsotruss = "Library to support sotruss which traces calls through PLTs" +DESCRIPTION_tzcode = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect" + +inherit multilib_header + +do_install() { + oe_runmake install_root=${D} install + install -Dm 0644 ${WORKDIR}/etc/ld.so.conf ${D}/${sysconfdir}/ld.so.conf + install -d ${D}${localedir} + make -f ${WORKDIR}/generate-supported.mk IN="${S}/localedata/SUPPORTED" OUT="${WORKDIR}/SUPPORTED" + # get rid of some broken files... + for i in ${GLIBC_BROKEN_LOCALES}; do + sed -i "/$i/d" ${WORKDIR}/SUPPORTED + done + rm -f ${D}${sysconfdir}/rpc + rm -rf ${D}${datadir}/zoneinfo + rm -rf ${D}${libexecdir}/getconf + + rm -f ${D}${sysconfdir}/localtime + + # remove empty glibc dir + if [ -d ${D}${libexecdir} ]; then + rmdir --ignore-fail-on-non-empty ${D}${libexecdir} + fi + + oe_multilib_header bits/syscall.h bits/long-double.h bits/floatn.h bits/endianness.h bits/struct_rwlock.h + + if [ -f ${D}${bindir}/mtrace ]; then + sed -i -e '1s,#!.*perl,#! ${USRBINPATH}/env perl,' -e '2s,exec.*perl,exec ${USRBINPATH}/env perl,' ${D}${bindir}/mtrace + fi + # Info dir listing isn't interesting at this point so remove it if it exists. + if [ -e "${D}${infodir}/dir" ]; then + rm -f ${D}${infodir}/dir + fi + + install -d ${D}${sysconfdir}/init.d + install -d ${D}${localstatedir}/db/nscd + install -m 0755 ${S}/nscd/nscd.init ${D}${sysconfdir}/init.d/nscd + install -m 0755 ${S}/nscd/nscd.conf ${D}${sysconfdir}/nscd.conf + install -m 0755 ${WORKDIR}/makedbs.sh ${D}${localstatedir}/db + sed -i "s%daemon%start-stop-daemon --start --exec%g" ${D}${sysconfdir}/init.d/nscd + sed -i "s|\(enable-cache\t\+netgroup\t\+\)yes|\1no|" ${D}${sysconfdir}/nscd.conf + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${S}/nscd/nscd.service ${D}${systemd_unitdir}/system/ + + # The dynamic loader will have been installed into + # ${base_libdir}. However, if that isn't going to end up being + # available in the ABI-mandated location, then a symlink must + # be created. + + if [ -n "${ARCH_DYNAMIC_LOADER}" -a ! -e "${D}${root_prefix}/lib/${ARCH_DYNAMIC_LOADER}" ]; then + install -d ${D}${root_prefix}/lib + ln -s ${@oe.path.relative('${root_prefix}/lib', '${base_libdir}')}/${ARCH_DYNAMIC_LOADER} \ + ${D}${root_prefix}/lib/${ARCH_DYNAMIC_LOADER} + fi +} + +def get_libc_fpu_setting(bb, d): + if d.getVar('TARGET_FPU') in [ 'soft', 'ppc-efd' ]: + return "--without-fp" + return "" + +do_install_append_class-target() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /run/nscd 755 root root -" \ + > ${D}${sysconfdir}/tmpfiles.d/nscd.conf + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/default/volatiles + echo "d root root 0755 /var/run/nscd none" \ + > ${D}${sysconfdir}/default/volatiles/98_nscd + fi + +} +do_install_append_aarch64 () { + do_install_armmultilib +} + +do_install_append_arm () { + do_install_armmultilib +} + +do_install_append_armeb () { + do_install_armmultilib +} + +do_install_armmultilib () { + oe_multilib_header bits/endian.h bits/fcntl.h bits/fenv.h bits/fp-fast.h bits/hwcap.h bits/ipc.h bits/link.h + oe_multilib_header bits/local_lim.h bits/mman.h bits/msq.h bits/pthreadtypes.h bits/pthreadtypes-arch.h bits/sem.h bits/semaphore.h bits/setjmp.h + oe_multilib_header bits/shm.h bits/sigstack.h bits/stat.h bits/statfs.h bits/typesizes.h + oe_multilib_header bits/procfs-id.h bits/procfs.h bits/shmlba.h + oe_multilib_header bits/struct_stat.h + + oe_multilib_header fpu_control.h gnu/lib-names.h gnu/stubs.h ieee754.h + + oe_multilib_header sys/elf.h sys/procfs.h sys/ptrace.h sys/ucontext.h sys/user.h +} + + +LOCALESTASH = "${WORKDIR}/stashed-locale" +bashscripts = "mtrace sotruss xtrace" + +do_stash_locale () { + dest=${LOCALESTASH} + install -d $dest${base_libdir} $dest${bindir} $dest${libdir} $dest${datadir} + # Hide away the locale data from the deployment + if [ -e ${D}${bindir}/localedef ]; then + cp -a ${D}${bindir}/localedef $dest${bindir} + fi + if [ -e ${D}${libdir}/gconv ]; then + cp -a ${D}${libdir}/gconv $dest${libdir} + fi + if [ -e ${D}${datadir}/i18n ]; then + cp -a ${D}${datadir}/i18n $dest${datadir} + fi + + # Make a copy of all the libraries into the locale stash + cp -fpPR ${D}${libdir}/* $dest${libdir} + if [ "${base_libdir}" != "${libdir}" ]; then + cp -fpPR ${D}${base_libdir}/* $dest${base_libdir} + fi + if [ -e ${D}${exec_prefix}/lib ]; then + if [ ${exec_prefix}/lib != ${base_libdir} ] && [ ${exec_prefix}/lib != ${libdir} ]; then + cp -fpPR ${D}${exec_prefix}/lib $dest${exec_prefix} + fi + fi + + cp -fpPR ${D}${datadir}/* $dest${datadir} + cp -fpPR ${WORKDIR}/SUPPORTED $dest + + target=$dest/scripts + mkdir -p $target + for i in ${bashscripts}; do + if [ -f ${D}${bindir}/$i ]; then + cp ${D}${bindir}/$i $target/ + fi + done +} + +addtask do_stash_locale after do_install before do_populate_sysroot do_package +do_stash_locale[dirs] = "${B}" +do_stash_locale[cleandirs] = "${LOCALESTASH}" +SSTATETASKS += "do_stash_locale" +do_stash_locale[sstate-inputdirs] = "${LOCALESTASH}" +do_stash_locale[sstate-outputdirs] = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale" +do_stash_locale[sstate-fixmedir] = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale" + +python do_stash_locale_setscene () { + sstate_setscene(d) +} +addtask do_stash_locale_setscene + +PACKAGE_PREPROCESS_FUNCS += "stash_locale_package_cleanup" +SYSROOT_PREPROCESS_FUNCS += "stash_locale_sysroot_cleanup" +stash_locale_cleanup () { + cleanupdir=$1 + # Remove all files which do_stash_locale() copies + for i in ${bashscripts}; do + rm -f $cleanupdir${bindir}/$i + done + rm -f $cleanupdir${bindir}/localedef + rm -rf $cleanupdir${datadir}/i18n + rm -rf $cleanupdir${libdir}/gconv + rm -rf $cleanupdir${localedir} + rm -rf $cleanupdir${datadir}/locale + rmdir --ignore-fail-on-non-empty $cleanupdir${datadir} + + if [ "${libdir}" != "${exec_prefix}/lib" ] && [ "${root_prefix}/lib" != "${exec_prefix}/lib" ]; then + if [ -d "$cleanupdir${exec_prefix}/lib" ]; then + if [ -z "${ARCH_DYNAMIC_LOADER}" -o \ + ! -e "$cleanupdir${exec_prefix}/lib/${ARCH_DYNAMIC_LOADER}" ]; then + # error out if directory isn't empty + # this dir should only contain locale dir + # which has been deleted in the previous step + rmdir $cleanupdir${exec_prefix}/lib + fi + fi + fi +} + +stash_locale_sysroot_cleanup() { + stash_locale_cleanup ${SYSROOT_DESTDIR} +} +stash_locale_package_cleanup() { + stash_locale_cleanup ${PKGD} +} + +python populate_packages_prepend () { + if d.getVar('DEBIAN_NAMES'): + pkgs = d.getVar('PACKAGES').split() + bpn = d.getVar('BPN') + prefix = d.getVar('MLPREFIX') or "" + # Set the base package... + d.setVar('PKG_' + prefix + bpn, prefix + 'libc6') + libcprefix = prefix + bpn + '-' + for p in pkgs: + # And all the subpackages. + if p.startswith(libcprefix): + renamed = p.replace(bpn, 'libc6', 1) + d.setVar('PKG_' + p, renamed) + # For backward compatibility with old -dbg package + d.appendVar('RPROVIDES_' + libcprefix + 'dbg', ' ' + prefix + 'libc-dbg') + d.appendVar('RCONFLICTS_' + libcprefix + 'dbg', ' ' + prefix + 'libc-dbg') + d.appendVar('RREPLACES_' + libcprefix + 'dbg', ' ' + prefix + 'libc-dbg') +} + +pkg_postinst_nscd () { + if [ -z "$D" ]; then + if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/nscd.conf + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi + fi +} +CONFFILES_nscd="${sysconfdir}/nscd.conf" + +SYSTEMD_PACKAGES = "nscd" +SYSTEMD_SERVICE_nscd = "nscd.service" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts.inc new file mode 100644 index 000000000..14a14e451 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts.inc @@ -0,0 +1,23 @@ +require glibc-collateral.inc + +SUMMARY = "utility scripts provided by glibc" +DESCRIPTION = "utility scripts provided by glibc" +RDEPENDS_${PN} = "bash glibc-mtrace" + +SRC = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale/scripts" + +bashscripts = "sotruss xtrace" + +do_install() { + install -d -m 0755 ${D}${bindir} + for i in ${bashscripts}; do + install -m 0755 ${SRC}/$i ${D}${bindir}/ + done +} + +# sotruss script requires sotruss-lib.so (given by libsotruss package), +# to produce trace of the library calls. +RDEPENDS_${PN} += "libsotruss" + +# Don't scan for CVEs as glibc will be scanned +CVE_PRODUCT = "" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts_2.33.bb new file mode 100644 index 000000000..5a89bd802 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts_2.33.bb @@ -0,0 +1 @@ +require glibc-scripts.inc diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-testsuite_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-testsuite_2.33.bb new file mode 100644 index 000000000..d887aeff7 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-testsuite_2.33.bb @@ -0,0 +1,63 @@ +require glibc_${PV}.bb + +EXCLUDE_FROM_WORLD = "1" + +# handle PN differences +FILESEXTRAPATHS_prepend := "${THISDIR}/glibc:" + +# strip provides +PROVIDES = "" +# setup depends +INHIBIT_DEFAULT_DEPS = "" + +python () { + libc = d.getVar("PREFERRED_PROVIDER_virtual/libc") + libclocale = d.getVar("PREFERRED_PROVIDER_virtual/libc-locale") + if libc != "glibc" or libclocale != "glibc-locale": + raise bb.parse.SkipRecipe("glibc-testsuite requires that virtual/libc is glibc") +} + +DEPENDS += "glibc-locale libgcc gcc-runtime" + +# remove the initial depends +DEPENDS_remove = "libgcc-initial" + +inherit qemu + +SRC_URI += "file://check-test-wrapper" + +DEPENDS += "${@'qemu-native' if d.getVar('TOOLCHAIN_TEST_TARGET') == 'user' else ''}" + +TOOLCHAIN_TEST_TARGET ??= "user" +TOOLCHAIN_TEST_HOST ??= "localhost" +TOOLCHAIN_TEST_HOST_USER ??= "root" +TOOLCHAIN_TEST_HOST_PORT ??= "2222" + +do_check[dirs] += "${B}" +do_check[nostamp] = "1" +do_check () { + chmod 0755 ${WORKDIR}/check-test-wrapper + + # clean out previous test results + oe_runmake tests-clean + # makefiles don't clean entirely (and also sometimes fails due to too many args) + find ${B} -type f -name "*.out" -delete + find ${B} -type f -name "*.test-result" -delete + find ${B}/catgets -name "*.cat" -delete + find ${B}/conform -name "symlist-*" -delete + [ ! -e ${B}/timezone/testdata ] || rm -rf ${B}/timezone/testdata + + oe_runmake -i \ + QEMU_SYSROOT="${RECIPE_SYSROOT}" \ + QEMU_OPTIONS="${@qemu_target_binary(d)} ${QEMU_OPTIONS}" \ + SSH_HOST="${TOOLCHAIN_TEST_HOST}" \ + SSH_HOST_USER="${TOOLCHAIN_TEST_HOST_USER}" \ + SSH_HOST_PORT="${TOOLCHAIN_TEST_HOST_PORT}" \ + test-wrapper="${WORKDIR}/check-test-wrapper ${TOOLCHAIN_TEST_TARGET}" \ + check +} +addtask do_check after do_compile + +inherit nopackages +deltask do_stash_locale +deltask do_install diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-version.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-version.inc new file mode 100644 index 000000000..3a9517317 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-version.inc @@ -0,0 +1,8 @@ +SRCBRANCH ?= "release/2.33/master" +PV = "2.33" +SRCREV_glibc ?= "9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3" +SRCREV_localedef ?= "bd644c9e6f3e20c5504da1488448173c69c56c28" + +GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" + +UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+(\.(?!90)\d+)*)" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc.inc new file mode 100644 index 000000000..7d1430637 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc.inc @@ -0,0 +1,52 @@ +require glibc-common.inc +require glibc-ld.inc + +DEPENDS = "virtual/${TARGET_PREFIX}gcc libgcc-initial linux-libc-headers" + +PROVIDES = "virtual/libc" +PROVIDES += "virtual/libintl virtual/libiconv" +inherit autotools texinfo systemd + +LEAD_SONAME = "libc.so" + +# msgfmt could come from gettext-native but we don't depend on that and +# disable for reproducibility +CACHED_CONFIGUREVARS += " \ + ac_cv_path_BASH_SHELL=${base_bindir}/bash \ + ac_cv_prog_MSGFMT= \ + libc_cv_slibdir=${base_libdir} \ + libc_cv_rootsbindir=${base_sbindir} \ + libc_cv_localedir=${localedir} \ + libc_cv_ssp_strong=no \ + libc_cv_ssp_all=no \ + libc_cv_ssp=no \ + libc_cv_include_x86_isa_level=no \ +" + +# ifunc doesn't appear to work on mips, casuses libbfd assertion failures +CACHED_CONFIGUREVARS_append_mipsarch = " libc_cv_ld_gnu_indirect_function=no" + +GLIBC_EXTRA_OECONF ?= "" +GLIBC_EXTRA_OECONF_class-nativesdk = "" + +# glibc uses PARALLELMFLAGS variable to pass parallel build info so transfer +# PARALLEL_MAKE into PARALLELMFLAGS and empty out PARALLEL_MAKE +EGLIBCPARALLELISM := "PARALLELMFLAGS="${PARALLEL_MAKE}"" +EXTRA_OEMAKE[vardepsexclude] += "EGLIBCPARALLELISM" +EXTRA_OEMAKE += "${EGLIBCPARALLELISM}" +PARALLEL_MAKE = "" + +# glibc make-syscalls.sh has a number of issues with /bin/dash and +# it's output which make calls via the SHELL also has issues, so +# ensure make uses /bin/bash +EXTRA_OEMAKE += "SHELL=/bin/bash" + +do_configure_prepend() { + sed -e "s#@BASH@#/bin/sh#" -i ${S}/elf/ldd.bash.in +} + +# Enable backtrace from abort() +do_configure_append_arm () { + echo "CFLAGS-abort.c = -fasynchronous-unwind-tables" >> ${B}/configparms + echo "CFLAGS-raise.c = -fasynchronous-unwind-tables" >> ${B}/configparms +} diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-localedef-Add-hardlink-resolver-from-util-linux.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-localedef-Add-hardlink-resolver-from-util-linux.patch new file mode 100644 index 000000000..f96da83a9 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-localedef-Add-hardlink-resolver-from-util-linux.patch @@ -0,0 +1,1130 @@ +From d1f1671034a222417f9a829dcaa4f0c3d4f8954d Mon Sep 17 00:00:00 2001 +From: Jason Wessel +Date: Sat, 7 Dec 2019 09:59:22 -0800 +Subject: [PATCH] localedef: Add hardlink resolver from util-linux + +The hard link resolver that is built into localedef cannot be run in +parallel. It will search sibling directories (which are be processed +in parallel) and perform a creation of a .tmp file and remove the +original and move the .tmp file in. The problem is that if a probe +occurs a hard link can be requested to the file that is being removed. +This will lead to a stray copy or potentially, on a loaded system +cause race condition which pseudo cannot deal with, where it is left +with a hard link request to a file that no longer exists. In this +situation psuedo will inherit the permissions of what ever the target +inode had to offer. + +In short, there are two problems: + +1) You will be left with stray copies when using the hard link +resolution that is built in while running in parallel with +localedef. + +2) When running under pseudo the possibility exists for uid/gid +leakage when the source file is removed before the hard link can +be completed. + +The solution is to call localedef with --no-hard-links and separately +process the hardlinks at a later point. To do this requires the +inclusion of the hardlink utility found in modern versions of +util-linux. Most host systems do not have this, so it will be +included with the cross-localedef binary. + +[YOCTO #11299] +[YOCTO #12434] + +Upstream-Status: Pending + +Signed-off-by: Jason Wessel +Signed-off-by: Khem Raj +--- + locale/programs/c.h | 407 ++++++++++++++++ + locale/programs/cross-localedef-hardlink.c | 528 +++++++++++++++++++++ + locale/programs/xalloc.h | 129 +++++ + 3 files changed, 1064 insertions(+) + create mode 100644 locale/programs/c.h + create mode 100644 locale/programs/cross-localedef-hardlink.c + create mode 100644 locale/programs/xalloc.h + +diff --git a/locale/programs/c.h b/locale/programs/c.h +new file mode 100644 +index 0000000000..d0a402e90e +--- /dev/null ++++ b/locale/programs/c.h +@@ -0,0 +1,407 @@ ++/* ++ * Fundamental C definitions. ++ */ ++ ++#ifndef UTIL_LINUX_C_H ++#define UTIL_LINUX_C_H ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++ ++#ifdef HAVE_ERR_H ++# include ++#endif ++ ++#ifdef HAVE_SYS_SYSMACROS_H ++# include /* for major, minor */ ++#endif ++ ++#ifndef LOGIN_NAME_MAX ++# define LOGIN_NAME_MAX 256 ++#endif ++ ++#ifndef NAME_MAX ++# define NAME_MAX PATH_MAX ++#endif ++ ++/* ++ * __GNUC_PREREQ is deprecated in favour of __has_attribute() and ++ * __has_feature(). The __has macros are supported by clang and gcc>=5. ++ */ ++#ifndef __GNUC_PREREQ ++# if defined __GNUC__ && defined __GNUC_MINOR__ ++# define __GNUC_PREREQ(maj, min) \ ++ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) ++# else ++# define __GNUC_PREREQ(maj, min) 0 ++# endif ++#endif ++ ++#ifdef __GNUC__ ++ ++/* &a[0] degrades to a pointer: a different type from an array */ ++# define __must_be_array(a) \ ++ UL_BUILD_BUG_ON_ZERO(__builtin_types_compatible_p(__typeof__(a), __typeof__(&a[0]))) ++ ++# define ignore_result(x) __extension__ ({ \ ++ __typeof__(x) __dummy __attribute__((__unused__)) = (x); (void) __dummy; \ ++}) ++ ++#else /* !__GNUC__ */ ++# define __must_be_array(a) 0 ++# define __attribute__(_arg_) ++# define ignore_result(x) ((void) (x)) ++#endif /* !__GNUC__ */ ++ ++/* ++ * It evaluates to 1 if the attribute/feature is supported by the current ++ * compilation targed. Fallback for old compilers. ++ */ ++#ifndef __has_attribute ++ #define __has_attribute(x) 0 ++#endif ++ ++#ifndef __has_feature ++ #define __has_feature(x) 0 ++#endif ++ ++/* ++ * Function attributes ++ */ ++#ifndef __ul_alloc_size ++# if (__has_attribute(alloc_size) && __has_attribute(warn_unused_result)) || __GNUC_PREREQ (4, 3) ++# define __ul_alloc_size(s) __attribute__((alloc_size(s), warn_unused_result)) ++# else ++# define __ul_alloc_size(s) ++# endif ++#endif ++ ++#ifndef __ul_calloc_size ++# if (__has_attribute(alloc_size) && __has_attribute(warn_unused_result)) || __GNUC_PREREQ (4, 3) ++# define __ul_calloc_size(n, s) __attribute__((alloc_size(n, s), warn_unused_result)) ++# else ++# define __ul_calloc_size(n, s) ++# endif ++#endif ++ ++#if __has_attribute(returns_nonnull) || __GNUC_PREREQ (4, 9) ++# define __ul_returns_nonnull __attribute__((returns_nonnull)) ++#else ++# define __ul_returns_nonnull ++#endif ++ ++/* ++ * Force a compilation error if condition is true, but also produce a ++ * result (of value 0 and type size_t), so the expression can be used ++ * e.g. in a structure initializer (or wherever else comma expressions ++ * aren't permitted). ++ */ ++#define UL_BUILD_BUG_ON_ZERO(e) __extension__ (sizeof(struct { int:-!!(e); })) ++#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); })) ++ ++#ifndef ARRAY_SIZE ++# define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) ++#endif ++ ++#ifndef PATH_MAX ++# define PATH_MAX 4096 ++#endif ++ ++#ifndef TRUE ++# define TRUE 1 ++#endif ++ ++#ifndef FALSE ++# define FALSE 0 ++#endif ++ ++#ifndef min ++# define min(x, y) __extension__ ({ \ ++ __typeof__(x) _min1 = (x); \ ++ __typeof__(y) _min2 = (y); \ ++ (void) (&_min1 == &_min2); \ ++ _min1 < _min2 ? _min1 : _min2; }) ++#endif ++ ++#ifndef max ++# define max(x, y) __extension__ ({ \ ++ __typeof__(x) _max1 = (x); \ ++ __typeof__(y) _max2 = (y); \ ++ (void) (&_max1 == &_max2); \ ++ _max1 > _max2 ? _max1 : _max2; }) ++#endif ++ ++#ifndef cmp_numbers ++# define cmp_numbers(x, y) __extension__ ({ \ ++ __typeof__(x) _a = (x); \ ++ __typeof__(y) _b = (y); \ ++ (void) (&_a == &_b); \ ++ _a == _b ? 0 : _a > _b ? 1 : -1; }) ++#endif ++ ++#ifndef offsetof ++#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) ++#endif ++ ++/* ++ * container_of - cast a member of a structure out to the containing structure ++ * @ptr: the pointer to the member. ++ * @type: the type of the container struct this is embedded in. ++ * @member: the name of the member within the struct. ++ */ ++#ifndef container_of ++#define container_of(ptr, type, member) __extension__ ({ \ ++ const __typeof__( ((type *)0)->member ) *__mptr = (ptr); \ ++ (type *)( (char *)__mptr - offsetof(type,member) );}) ++#endif ++ ++#ifndef HAVE_PROGRAM_INVOCATION_SHORT_NAME ++# ifdef HAVE___PROGNAME ++extern char *__progname; ++# define program_invocation_short_name __progname ++# else ++# ifdef HAVE_GETEXECNAME ++# define program_invocation_short_name \ ++ prog_inv_sh_nm_from_file(getexecname(), 0) ++# else ++# define program_invocation_short_name \ ++ prog_inv_sh_nm_from_file(__FILE__, 1) ++# endif ++static char prog_inv_sh_nm_buf[256]; ++static inline char * ++prog_inv_sh_nm_from_file(char *f, char stripext) ++{ ++ char *t; ++ ++ if ((t = strrchr(f, '/')) != NULL) ++ t++; ++ else ++ t = f; ++ ++ strncpy(prog_inv_sh_nm_buf, t, sizeof(prog_inv_sh_nm_buf) - 1); ++ prog_inv_sh_nm_buf[sizeof(prog_inv_sh_nm_buf) - 1] = '\0'; ++ ++ if (stripext && (t = strrchr(prog_inv_sh_nm_buf, '.')) != NULL) ++ *t = '\0'; ++ ++ return prog_inv_sh_nm_buf; ++} ++# endif ++#endif ++ ++ ++#ifndef HAVE_ERR_H ++static inline void ++errmsg(char doexit, int excode, char adderr, const char *fmt, ...) ++{ ++ fprintf(stderr, "%s: ", program_invocation_short_name); ++ if (fmt != NULL) { ++ va_list argp; ++ va_start(argp, fmt); ++ vfprintf(stderr, fmt, argp); ++ va_end(argp); ++ if (adderr) ++ fprintf(stderr, ": "); ++ } ++ if (adderr) ++ fprintf(stderr, "%m"); ++ fprintf(stderr, "\n"); ++ if (doexit) ++ exit(excode); ++} ++ ++#ifndef HAVE_ERR ++# define err(E, FMT...) errmsg(1, E, 1, FMT) ++#endif ++ ++#ifndef HAVE_ERRX ++# define errx(E, FMT...) errmsg(1, E, 0, FMT) ++#endif ++ ++#ifndef HAVE_WARN ++# define warn(FMT...) errmsg(0, 0, 1, FMT) ++#endif ++ ++#ifndef HAVE_WARNX ++# define warnx(FMT...) errmsg(0, 0, 0, FMT) ++#endif ++#endif /* !HAVE_ERR_H */ ++ ++ ++/* Don't use inline function to avoid '#include "nls.h"' in c.h ++ */ ++#define errtryhelp(eval) __extension__ ({ \ ++ fprintf(stderr, _("Try '%s --help' for more information.\n"), \ ++ program_invocation_short_name); \ ++ exit(eval); \ ++}) ++ ++/* After failed execvp() */ ++#define EX_EXEC_FAILED 126 /* Program located, but not usable. */ ++#define EX_EXEC_ENOENT 127 /* Could not find program to exec. */ ++#define errexec(name) err(errno == ENOENT ? EX_EXEC_ENOENT : EX_EXEC_FAILED, \ ++ _("failed to execute %s"), name) ++ ++ ++static inline __attribute__((const)) int is_power_of_2(unsigned long num) ++{ ++ return (num != 0 && ((num & (num - 1)) == 0)); ++} ++ ++#ifndef HAVE_LOFF_T ++typedef int64_t loff_t; ++#endif ++ ++#if !defined(HAVE_DIRFD) && (!defined(HAVE_DECL_DIRFD) || HAVE_DECL_DIRFD == 0) && defined(HAVE_DIR_DD_FD) ++#include ++#include ++static inline int dirfd(DIR *d) ++{ ++ return d->dd_fd; ++} ++#endif ++ ++/* ++ * Fallback defines for old versions of glibc ++ */ ++#include ++ ++#ifdef O_CLOEXEC ++#define UL_CLOEXECSTR "e" ++#else ++#define UL_CLOEXECSTR "" ++#endif ++ ++#ifndef O_CLOEXEC ++#define O_CLOEXEC 0 ++#endif ++ ++#ifdef __FreeBSD_kernel__ ++#ifndef F_DUPFD_CLOEXEC ++#define F_DUPFD_CLOEXEC 17 /* Like F_DUPFD, but FD_CLOEXEC is set */ ++#endif ++#endif ++ ++ ++#ifndef AI_ADDRCONFIG ++#define AI_ADDRCONFIG 0x0020 ++#endif ++ ++#ifndef IUTF8 ++#define IUTF8 0040000 ++#endif ++ ++/* ++ * MAXHOSTNAMELEN replacement ++ */ ++static inline size_t get_hostname_max(void) ++{ ++ long len = sysconf(_SC_HOST_NAME_MAX); ++ ++ if (0 < len) ++ return len; ++ ++#ifdef MAXHOSTNAMELEN ++ return MAXHOSTNAMELEN; ++#elif HOST_NAME_MAX ++ return HOST_NAME_MAX; ++#endif ++ return 64; ++} ++ ++ ++/* ++ * Constant strings for usage() functions. For more info see ++ * Documentation/{howto-usage-function.txt,boilerplate.c} ++ */ ++#define USAGE_HEADER ("\nUsage:\n") ++#define USAGE_OPTIONS ("\nOptions:\n") ++#define USAGE_FUNCTIONS ("\nFunctions:\n") ++#define USAGE_COMMANDS ("\nCommands:\n") ++#define USAGE_COLUMNS ("\nAvailable output columns:\n") ++#define USAGE_SEPARATOR "\n" ++ ++#define USAGE_OPTSTR_HELP ("display this help") ++#define USAGE_OPTSTR_VERSION ("display version") ++ ++#define USAGE_HELP_OPTIONS(marg_dsc) \ ++ "%-" #marg_dsc "s%s\n" \ ++ "%-" #marg_dsc "s%s\n" \ ++ , " -h, --help", USAGE_OPTSTR_HELP \ ++ , " -V, --version", USAGE_OPTSTR_VERSION ++ ++#define USAGE_MAN_TAIL(_man) ("\nFor more details see %s.\n"), _man ++ ++#define UTIL_LINUX_VERSION ("%s from %s\n"), program_invocation_short_name, PACKAGE_STRING ++ ++#define print_version(eval) __extension__ ({ \ ++ printf(UTIL_LINUX_VERSION); \ ++ exit(eval); \ ++}) ++ ++/* ++ * scanf modifiers for "strings allocation" ++ */ ++#ifdef HAVE_SCANF_MS_MODIFIER ++#define UL_SCNsA "%ms" ++#elif defined(HAVE_SCANF_AS_MODIFIER) ++#define UL_SCNsA "%as" ++#endif ++ ++/* ++ * seek stuff ++ */ ++#ifndef SEEK_DATA ++# define SEEK_DATA 3 ++#endif ++#ifndef SEEK_HOLE ++# define SEEK_HOLE 4 ++#endif ++ ++ ++/* ++ * Macros to convert #define'itions to strings, for example ++ * #define XYXXY 42 ++ * printf ("%s=%s\n", stringify(XYXXY), stringify_value(XYXXY)); ++ */ ++#define stringify_value(s) stringify(s) ++#define stringify(s) #s ++ ++/* ++ * UL_ASAN_BLACKLIST is a macro to tell AddressSanitizer (a compile-time ++ * instrumentation shipped with Clang and GCC) to not instrument the ++ * annotated function. Furthermore, it will prevent the compiler from ++ * inlining the function because inlining currently breaks the blacklisting ++ * mechanism of AddressSanitizer. ++ */ ++#if __has_feature(address_sanitizer) && __has_attribute(no_sanitize_memory) && __has_attribute(no_sanitize_address) ++# define UL_ASAN_BLACKLIST __attribute__((noinline)) __attribute__((no_sanitize_memory)) __attribute__((no_sanitize_address)) ++#else ++# define UL_ASAN_BLACKLIST /* nothing */ ++#endif ++ ++/* ++ * Note that sysconf(_SC_GETPW_R_SIZE_MAX) returns *initial* suggested size for ++ * pwd buffer and in some cases it is not large enough. See POSIX and ++ * getpwnam_r man page for more details. ++ */ ++#define UL_GETPW_BUFSIZ (16 * 1024) ++ ++/* ++ * Darwin or other BSDs may only have MAP_ANON. To get it on Darwin we must ++ * define _DARWIN_C_SOURCE before including sys/mman.h. We do this in config.h. ++ */ ++#if !defined MAP_ANONYMOUS && defined MAP_ANON ++# define MAP_ANONYMOUS (MAP_ANON) ++#endif ++ ++#endif /* UTIL_LINUX_C_H */ +diff --git a/locale/programs/cross-localedef-hardlink.c b/locale/programs/cross-localedef-hardlink.c +new file mode 100644 +index 0000000000..63615896b0 +--- /dev/null ++++ b/locale/programs/cross-localedef-hardlink.c +@@ -0,0 +1,528 @@ ++/* ++ * hardlink - consolidate duplicate files via hardlinks ++ * ++ * Copyright (C) 2018 Red Hat, Inc. All rights reserved. ++ * Written by Jakub Jelinek ++ * ++ * Copyright (C) 2019 Karel Zak ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it would be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#ifdef HAVE_PCRE ++# define PCRE2_CODE_UNIT_WIDTH 8 ++# include ++#endif ++ ++#include "c.h" ++#include "xalloc.h" ++#include "nls.h" ++#include "closestream.h" ++ ++#define NHASH (1<<17) /* Must be a power of 2! */ ++#define NBUF 64 ++ ++struct hardlink_file; ++ ++struct hardlink_hash { ++ struct hardlink_hash *next; ++ struct hardlink_file *chain; ++ off_t size; ++ time_t mtime; ++}; ++ ++struct hardlink_dir { ++ struct hardlink_dir *next; ++ char name[]; ++}; ++ ++struct hardlink_file { ++ struct hardlink_file *next; ++ ino_t ino; ++ dev_t dev; ++ unsigned int cksum; ++ char name[]; ++}; ++ ++struct hardlink_dynstr { ++ char *buf; ++ size_t alloc; ++}; ++ ++struct hardlink_ctl { ++ struct hardlink_dir *dirs; ++ struct hardlink_hash *hps[NHASH]; ++ char iobuf1[BUFSIZ]; ++ char iobuf2[BUFSIZ]; ++ /* summary counters */ ++ unsigned long long ndirs; ++ unsigned long long nobjects; ++ unsigned long long nregfiles; ++ unsigned long long ncomp; ++ unsigned long long nlinks; ++ unsigned long long nsaved; ++ /* current device */ ++ dev_t dev; ++ /* flags */ ++ unsigned int verbose; ++ unsigned int ++ no_link:1, ++ content_only:1, ++ force:1; ++}; ++/* ctl is in global scope due use in atexit() */ ++struct hardlink_ctl global_ctl; ++ ++__attribute__ ((always_inline)) ++static inline unsigned int hash(off_t size, time_t mtime) ++{ ++ return (size ^ mtime) & (NHASH - 1); ++} ++ ++__attribute__ ((always_inline)) ++static inline int stcmp(struct stat *st1, struct stat *st2, int content_scope) ++{ ++ if (content_scope) ++ return st1->st_size != st2->st_size; ++ ++ return st1->st_mode != st2->st_mode ++ || st1->st_uid != st2->st_uid ++ || st1->st_gid != st2->st_gid ++ || st1->st_size != st2->st_size ++ || st1->st_mtime != st2->st_mtime; ++} ++ ++static void print_summary(void) ++{ ++ struct hardlink_ctl const *const ctl = &global_ctl; ++ ++ if (!ctl->verbose) ++ return; ++ ++ if (ctl->verbose > 1 && ctl->nlinks) ++ fputc('\n', stdout); ++ ++ printf(_("Directories: %9lld\n"), ctl->ndirs); ++ printf(_("Objects: %9lld\n"), ctl->nobjects); ++ printf(_("Regular files: %9lld\n"), ctl->nregfiles); ++ printf(_("Comparisons: %9lld\n"), ctl->ncomp); ++ printf( "%s%9lld\n", (ctl->no_link ? ++ _("Would link: ") : ++ _("Linked: ")), ctl->nlinks); ++ printf( "%s %9lld\n", (ctl->no_link ? ++ _("Would save: ") : ++ _("Saved: ")), ctl->nsaved); ++} ++ ++static void __attribute__((__noreturn__)) usage(void) ++{ ++ fputs(USAGE_HEADER, stdout); ++ printf(_(" %s [options] directory...\n"), program_invocation_short_name); ++ ++ fputs(USAGE_SEPARATOR, stdout); ++ puts(_("Consolidate duplicate files using hardlinks.")); ++ ++ fputs(USAGE_OPTIONS, stdout); ++ puts(_(" -c, --content compare only contents, ignore permission, etc.")); ++ puts(_(" -n, --dry-run don't actually link anything")); ++ puts(_(" -v, --verbose print summary after hardlinking")); ++ puts(_(" -vv print every hardlinked file and summary")); ++ puts(_(" -f, --force force hardlinking across filesystems")); ++ puts(_(" -x, --exclude exclude files matching pattern")); ++ ++ fputs(USAGE_SEPARATOR, stdout); ++ printf(USAGE_HELP_OPTIONS(16)); /* char offset to align option descriptions */ ++ printf(USAGE_MAN_TAIL("hardlink(1)")); ++ exit(EXIT_SUCCESS); ++} ++ ++__attribute__ ((always_inline)) ++static inline size_t add2(size_t a, size_t b) ++{ ++ size_t sum = a + b; ++ ++ if (sum < a) ++ errx(EXIT_FAILURE, _("integer overflow")); ++ return sum; ++} ++ ++__attribute__ ((always_inline)) ++static inline size_t add3(size_t a, size_t b, size_t c) ++{ ++ return add2(add2(a, b), c); ++} ++ ++static void growstr(struct hardlink_dynstr *str, size_t newlen) ++{ ++ if (newlen < str->alloc) ++ return; ++ str->buf = xrealloc(str->buf, str->alloc = add2(newlen, 1)); ++} ++ ++static void process_path(struct hardlink_ctl *ctl, const char *name) ++{ ++ struct stat st, st2, st3; ++ const size_t namelen = strlen(name); ++ ++ ctl->nobjects++; ++ if (lstat(name, &st)) ++ return; ++ ++ if (st.st_dev != ctl->dev && !ctl->force) { ++ if (ctl->dev) ++ errx(EXIT_FAILURE, ++ _("%s is on different filesystem than the rest " ++ "(use -f option to override)."), name); ++ ctl->dev = st.st_dev; ++ } ++ if (S_ISDIR(st.st_mode)) { ++ struct hardlink_dir *dp = xmalloc(add3(sizeof(*dp), namelen, 1)); ++ memcpy(dp->name, name, namelen + 1); ++ dp->next = ctl->dirs; ++ ctl->dirs = dp; ++ ++ } else if (S_ISREG(st.st_mode)) { ++ int fd, i; ++ struct hardlink_file *fp, *fp2; ++ struct hardlink_hash *hp; ++ const char *n1, *n2; ++ unsigned int buf[NBUF]; ++ int cksumsize = sizeof(buf); ++ unsigned int cksum; ++ time_t mtime = ctl->content_only ? 0 : st.st_mtime; ++ unsigned int hsh = hash(st.st_size, mtime); ++ off_t fsize; ++ ++ ctl->nregfiles++; ++ if (ctl->verbose > 1) ++ printf("%s\n", name); ++ ++ fd = open(name, O_RDONLY); ++ if (fd < 0) ++ return; ++ ++ if ((size_t)st.st_size < sizeof(buf)) { ++ cksumsize = st.st_size; ++ memset(((char *)buf) + cksumsize, 0, ++ (sizeof(buf) - cksumsize) % sizeof(buf[0])); ++ } ++ if (read(fd, buf, cksumsize) != cksumsize) { ++ close(fd); ++ return; ++ } ++ cksumsize = (cksumsize + sizeof(buf[0]) - 1) / sizeof(buf[0]); ++ for (i = 0, cksum = 0; i < cksumsize; i++) { ++ if (cksum + buf[i] < cksum) ++ cksum += buf[i] + 1; ++ else ++ cksum += buf[i]; ++ } ++ for (hp = ctl->hps[hsh]; hp; hp = hp->next) { ++ if (hp->size == st.st_size && hp->mtime == mtime) ++ break; ++ } ++ if (!hp) { ++ hp = xmalloc(sizeof(*hp)); ++ hp->size = st.st_size; ++ hp->mtime = mtime; ++ hp->chain = NULL; ++ hp->next = ctl->hps[hsh]; ++ ctl->hps[hsh] = hp; ++ } ++ for (fp = hp->chain; fp; fp = fp->next) { ++ if (fp->cksum == cksum) ++ break; ++ } ++ for (fp2 = fp; fp2 && fp2->cksum == cksum; fp2 = fp2->next) { ++ if (fp2->ino == st.st_ino && fp2->dev == st.st_dev) { ++ close(fd); ++ return; ++ } ++ } ++ for (fp2 = fp; fp2 && fp2->cksum == cksum; fp2 = fp2->next) { ++ ++ if (!lstat(fp2->name, &st2) && S_ISREG(st2.st_mode) && ++ !stcmp(&st, &st2, ctl->content_only) && ++ st2.st_ino != st.st_ino && ++ st2.st_dev == st.st_dev) { ++ ++ int fd2 = open(fp2->name, O_RDONLY); ++ if (fd2 < 0) ++ continue; ++ ++ if (fstat(fd2, &st2) || !S_ISREG(st2.st_mode) ++ || st2.st_size == 0) { ++ close(fd2); ++ continue; ++ } ++ ctl->ncomp++; ++ lseek(fd, 0, SEEK_SET); ++ ++ for (fsize = st.st_size; fsize > 0; ++ fsize -= (off_t)sizeof(ctl->iobuf1)) { ++ ssize_t xsz; ++ ssize_t rsize = fsize > (ssize_t) sizeof(ctl->iobuf1) ? ++ (ssize_t) sizeof(ctl->iobuf1) : fsize; ++ ++ if ((xsz = read(fd, ctl->iobuf1, rsize)) != rsize) ++ warn(_("cannot read %s"), name); ++ else if ((xsz = read(fd2, ctl->iobuf2, rsize)) != rsize) ++ warn(_("cannot read %s"), fp2->name); ++ ++ if (xsz != rsize) { ++ close(fd); ++ close(fd2); ++ return; ++ } ++ if (memcmp(ctl->iobuf1, ctl->iobuf2, rsize)) ++ break; ++ } ++ close(fd2); ++ if (fsize > 0) ++ continue; ++ if (lstat(name, &st3)) { ++ warn(_("cannot stat %s"), name); ++ close(fd); ++ return; ++ } ++ st3.st_atime = st.st_atime; ++ if (stcmp(&st, &st3, 0)) { ++ warnx(_("file %s changed underneath us"), name); ++ close(fd); ++ return; ++ } ++ n1 = fp2->name; ++ n2 = name; ++ ++ if (!ctl->no_link) { ++ const char *suffix = ++ ".$$$___cleanit___$$$"; ++ const size_t suffixlen = strlen(suffix); ++ size_t n2len = strlen(n2); ++ struct hardlink_dynstr nam2 = { NULL, 0 }; ++ ++ growstr(&nam2, add2(n2len, suffixlen)); ++ memcpy(nam2.buf, n2, n2len); ++ memcpy(&nam2.buf[n2len], suffix, ++ suffixlen + 1); ++ /* First create a temporary link to n1 under a new name */ ++ if (link(n1, nam2.buf)) { ++ warn(_("failed to hardlink %s to %s (create temporary link as %s failed)"), ++ n1, n2, nam2.buf); ++ free(nam2.buf); ++ continue; ++ } ++ /* Then rename into place over the existing n2 */ ++ if (rename(nam2.buf, n2)) { ++ warn(_("failed to hardlink %s to %s (rename temporary link to %s failed)"), ++ n1, n2, n2); ++ /* Something went wrong, try to remove the now redundant temporary link */ ++ if (unlink(nam2.buf)) ++ warn(_("failed to remove temporary link %s"), nam2.buf); ++ free(nam2.buf); ++ continue; ++ } ++ free(nam2.buf); ++ } ++ ctl->nlinks++; ++ if (st3.st_nlink > 1) { ++ /* We actually did not save anything this time, since the link second argument ++ had some other links as well. */ ++ if (ctl->verbose > 1) ++ printf(_(" %s %s to %s\n"), ++ (ctl->no_link ? _("Would link") : _("Linked")), ++ n1, n2); ++ } else { ++ ctl->nsaved += ((st.st_size + 4095) / 4096) * 4096; ++ if (ctl->verbose > 1) ++ printf(_(" %s %s to %s, %s %jd\n"), ++ (ctl->no_link ? _("Would link") : _("Linked")), ++ n1, n2, ++ (ctl->no_link ? _("would save") : _("saved")), ++ (intmax_t)st.st_size); ++ } ++ close(fd); ++ return; ++ } ++ } ++ fp2 = xmalloc(add3(sizeof(*fp2), namelen, 1)); ++ close(fd); ++ fp2->ino = st.st_ino; ++ fp2->dev = st.st_dev; ++ fp2->cksum = cksum; ++ memcpy(fp2->name, name, namelen + 1); ++ ++ if (fp) { ++ fp2->next = fp->next; ++ fp->next = fp2; ++ } else { ++ fp2->next = hp->chain; ++ hp->chain = fp2; ++ } ++ return; ++ } ++} ++ ++int main(int argc, char **argv) ++{ ++ int ch; ++ int i; ++#ifdef HAVE_PCRE ++ int errornumber; ++ PCRE2_SIZE erroroffset; ++ pcre2_code *re = NULL; ++ PCRE2_SPTR exclude_pattern = NULL; ++ pcre2_match_data *match_data = NULL; ++#endif ++ struct hardlink_dynstr nam1 = { NULL, 0 }; ++ struct hardlink_ctl *ctl = &global_ctl; ++ ++ static const struct option longopts[] = { ++ { "content", no_argument, NULL, 'c' }, ++ { "dry-run", no_argument, NULL, 'n' }, ++ { "exclude", required_argument, NULL, 'x' }, ++ { "force", no_argument, NULL, 'f' }, ++ { "help", no_argument, NULL, 'h' }, ++ { "verbose", no_argument, NULL, 'v' }, ++ { "version", no_argument, NULL, 'V' }, ++ { NULL, 0, NULL, 0 }, ++ }; ++ ++ setlocale(LC_ALL, ""); ++ bindtextdomain(PACKAGE, LOCALEDIR); ++ textdomain(PACKAGE); ++ close_stdout_atexit(); ++ ++ while ((ch = getopt_long(argc, argv, "cnvfx:Vh", longopts, NULL)) != -1) { ++ switch (ch) { ++ case 'n': ++ ctl->no_link = 1; ++ break; ++ case 'v': ++ ctl->verbose++; ++ break; ++ case 'c': ++ ctl->content_only = 1; ++ break; ++ case 'f': ++ ctl->force = 1; ++ break; ++ case 'x': ++#ifdef HAVE_PCRE ++ exclude_pattern = (PCRE2_SPTR) optarg; ++#else ++ errx(EXIT_FAILURE, ++ _("option --exclude not supported (built without pcre2)")); ++#endif ++ break; ++ case 'V': ++ print_version(EXIT_SUCCESS); ++ case 'h': ++ usage(); ++ default: ++ errtryhelp(EXIT_FAILURE); ++ } ++ } ++ ++ if (optind == argc) { ++ warnx(_("no directory specified")); ++ errtryhelp(EXIT_FAILURE); ++ } ++ ++#ifdef HAVE_PCRE ++ if (exclude_pattern) { ++ re = pcre2_compile(exclude_pattern, /* the pattern */ ++ PCRE2_ZERO_TERMINATED, /* indicates pattern is zero-terminate */ ++ 0, /* default options */ ++ &errornumber, &erroroffset, NULL); /* use default compile context */ ++ if (!re) { ++ PCRE2_UCHAR buffer[256]; ++ pcre2_get_error_message(errornumber, buffer, ++ sizeof(buffer)); ++ errx(EXIT_FAILURE, _("pattern error at offset %d: %s"), ++ (int)erroroffset, buffer); ++ } ++ match_data = pcre2_match_data_create_from_pattern(re, NULL); ++ } ++#endif ++ atexit(print_summary); ++ ++ for (i = optind; i < argc; i++) ++ process_path(ctl, argv[i]); ++ ++ while (ctl->dirs) { ++ DIR *dh; ++ struct dirent *di; ++ struct hardlink_dir *dp = ctl->dirs; ++ size_t nam1baselen = strlen(dp->name); ++ ++ ctl->dirs = dp->next; ++ growstr(&nam1, add2(nam1baselen, 1)); ++ memcpy(nam1.buf, dp->name, nam1baselen); ++ free(dp); ++ nam1.buf[nam1baselen++] = '/'; ++ nam1.buf[nam1baselen] = 0; ++ dh = opendir(nam1.buf); ++ ++ if (dh == NULL) ++ continue; ++ ctl->ndirs++; ++ ++ while ((di = readdir(dh)) != NULL) { ++ if (!di->d_name[0]) ++ continue; ++ if (di->d_name[0] == '.') { ++ if (!di->d_name[1] || !strcmp(di->d_name, "..")) ++ continue; ++ } ++#ifdef HAVE_PCRE ++ if (re && pcre2_match(re, /* compiled regex */ ++ (PCRE2_SPTR) di->d_name, strlen(di->d_name), 0, /* start at offset 0 */ ++ 0, /* default options */ ++ match_data, /* block for storing the result */ ++ NULL) /* use default match context */ ++ >=0) { ++ if (ctl->verbose) { ++ nam1.buf[nam1baselen] = 0; ++ printf(_("Skipping %s%s\n"), nam1.buf, di->d_name); ++ } ++ continue; ++ } ++#endif ++ { ++ size_t subdirlen; ++ growstr(&nam1, ++ add2(nam1baselen, subdirlen = ++ strlen(di->d_name))); ++ memcpy(&nam1.buf[nam1baselen], di->d_name, ++ add2(subdirlen, 1)); ++ } ++ process_path(ctl, nam1.buf); ++ } ++ closedir(dh); ++ } ++ ++ return 0; ++} +diff --git a/locale/programs/xalloc.h b/locale/programs/xalloc.h +new file mode 100644 +index 0000000000..0129a85e2e +--- /dev/null ++++ b/locale/programs/xalloc.h +@@ -0,0 +1,129 @@ ++/* ++ * Copyright (C) 2010 Davidlohr Bueso ++ * ++ * This file may be redistributed under the terms of the ++ * GNU Lesser General Public License. ++ * ++ * General memory allocation wrappers for malloc, realloc, calloc and strdup ++ */ ++ ++#ifndef UTIL_LINUX_XALLOC_H ++#define UTIL_LINUX_XALLOC_H ++ ++#include ++#include ++ ++#include "c.h" ++ ++#ifndef XALLOC_EXIT_CODE ++# define XALLOC_EXIT_CODE EXIT_FAILURE ++#endif ++ ++static inline void __attribute__((__noreturn__)) ++__err_oom(const char *file, unsigned int line) ++{ ++ err(XALLOC_EXIT_CODE, "%s: %u: cannot allocate memory", file, line); ++} ++ ++#define err_oom() __err_oom(__FILE__, __LINE__) ++ ++static inline __ul_alloc_size(1) __ul_returns_nonnull ++void *xmalloc(const size_t size) ++{ ++ void *ret = malloc(size); ++ ++ if (!ret && size) ++ err(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", size); ++ return ret; ++} ++ ++static inline __ul_alloc_size(2) __ul_returns_nonnull ++void *xrealloc(void *ptr, const size_t size) ++{ ++ void *ret = realloc(ptr, size); ++ ++ if (!ret && size) ++ err(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", size); ++ return ret; ++} ++ ++static inline __ul_calloc_size(1, 2) __ul_returns_nonnull ++void *xcalloc(const size_t nelems, const size_t size) ++{ ++ void *ret = calloc(nelems, size); ++ ++ if (!ret && size && nelems) ++ err(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", size); ++ return ret; ++} ++ ++static inline char __attribute__((warn_unused_result)) __ul_returns_nonnull ++*xstrdup(const char *str) ++{ ++ char *ret; ++ ++ if (!str) ++ return NULL; ++ ++ ret = strdup(str); ++ ++ if (!ret) ++ err(XALLOC_EXIT_CODE, "cannot duplicate string"); ++ return ret; ++} ++ ++static inline char * __attribute__((warn_unused_result)) __ul_returns_nonnull ++xstrndup(const char *str, size_t size) ++{ ++ char *ret; ++ ++ if (!str) ++ return NULL; ++ ++ ret = strndup(str, size); ++ ++ if (!ret) ++ err(XALLOC_EXIT_CODE, "cannot duplicate string"); ++ return ret; ++} ++ ++ ++static inline int __attribute__ ((__format__(printf, 2, 3))) ++ xasprintf(char **strp, const char *fmt, ...) ++{ ++ int ret; ++ va_list args; ++ va_start(args, fmt); ++ ret = vasprintf(&(*strp), fmt, args); ++ va_end(args); ++ if (ret < 0) ++ err(XALLOC_EXIT_CODE, "cannot allocate string"); ++ return ret; ++} ++ ++static inline int __attribute__ ((__format__(printf, 2, 0))) ++xvasprintf(char **strp, const char *fmt, va_list ap) ++{ ++ int ret = vasprintf(&(*strp), fmt, ap); ++ if (ret < 0) ++ err(XALLOC_EXIT_CODE, "cannot allocate string"); ++ return ret; ++} ++ ++ ++static inline char * __attribute__((warn_unused_result)) xgethostname(void) ++{ ++ char *name; ++ size_t sz = get_hostname_max() + 1; ++ ++ name = xmalloc(sizeof(char) * sz); ++ ++ if (gethostname(name, sz) != 0) { ++ free(name); ++ return NULL; ++ } ++ name[sz - 1] = '\0'; ++ return name; ++} ++ ++#endif diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch new file mode 100644 index 000000000..39fde5b78 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch @@ -0,0 +1,49 @@ +From c4ad832276f4dadfa40904109b26a521468f66bc Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Thu, 4 Feb 2021 15:00:20 +0100 +Subject: [PATCH] nptl: Remove private futex optimization [BZ #27304] + +It is effectively used, unexcept for pthread_cond_destroy, where we do +not want it; see bug 27304. The internal locks do not support a +process-shared mode. + +This fixes commit dc6cfdc934db9997c33728082d63552b9eee4563 ("nptl: +Move pthread_cond_destroy implementation into libc"). + +Reviewed-by: Adhemerval Zanella + +Upstream-Status: Backport [https://sourceware.org/bugzilla/show_bug.cgi?id=27304] +Signed-off-by: Yanfei Xu +--- + sysdeps/nptl/lowlevellock-futex.h | 14 +------------- + 1 file changed, 1 insertion(+), 13 deletions(-) + +diff --git a/sysdeps/nptl/lowlevellock-futex.h b/sysdeps/nptl/lowlevellock-futex.h +index ecb729da6b..ca96397a4a 100644 +--- a/sysdeps/nptl/lowlevellock-futex.h ++++ b/sysdeps/nptl/lowlevellock-futex.h +@@ -50,20 +50,8 @@ + #define LLL_SHARED FUTEX_PRIVATE_FLAG + + #ifndef __ASSEMBLER__ +- +-# if IS_IN (libc) || IS_IN (rtld) +-/* In libc.so or ld.so all futexes are private. */ +-# define __lll_private_flag(fl, private) \ +- ({ \ +- /* Prevent warnings in callers of this macro. */ \ +- int __lll_private_flag_priv __attribute__ ((unused)); \ +- __lll_private_flag_priv = (private); \ +- ((fl) | FUTEX_PRIVATE_FLAG); \ +- }) +-# else +-# define __lll_private_flag(fl, private) \ ++# define __lll_private_flag(fl, private) \ + (((fl) | FUTEX_PRIVATE_FLAG) ^ (private)) +-# endif + + # define lll_futex_syscall(nargs, futexp, op, ...) \ + ({ \ +-- +2.27.0 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0002-localedef-fix-ups-hardlink-to-make-it-compile.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0002-localedef-fix-ups-hardlink-to-make-it-compile.patch new file mode 100644 index 000000000..3dc4582f4 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0002-localedef-fix-ups-hardlink-to-make-it-compile.patch @@ -0,0 +1,238 @@ +From 14d256e2db009f8bac9a265e8393d7ed25050df9 Mon Sep 17 00:00:00 2001 +From: Jason Wessel +Date: Sat, 7 Dec 2019 10:01:37 -0800 +Subject: [PATCH] localedef: fix-ups hardlink to make it compile + +Upstream-Status: Pending +Signed-off-by: Jason Wessel +Signed-off-by: Khem Raj +--- + locale/programs/c.h | 2 +- + locale/programs/cross-localedef-hardlink.c | 79 +++++++++++----------- + 2 files changed, 39 insertions(+), 42 deletions(-) + +diff --git a/locale/programs/c.h b/locale/programs/c.h +index d0a402e90e..1804d31c73 100644 +--- a/locale/programs/c.h ++++ b/locale/programs/c.h +@@ -240,7 +240,7 @@ errmsg(char doexit, int excode, char adderr, const char *fmt, ...) + /* Don't use inline function to avoid '#include "nls.h"' in c.h + */ + #define errtryhelp(eval) __extension__ ({ \ +- fprintf(stderr, _("Try '%s --help' for more information.\n"), \ ++ fprintf(stderr, ("Try '%s --help' for more information.\n"), \ + program_invocation_short_name); \ + exit(eval); \ + }) +diff --git a/locale/programs/cross-localedef-hardlink.c b/locale/programs/cross-localedef-hardlink.c +index 63615896b0..726e6dd948 100644 +--- a/locale/programs/cross-localedef-hardlink.c ++++ b/locale/programs/cross-localedef-hardlink.c +@@ -20,6 +20,8 @@ + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ ++ ++#undef HAVE_PCRE + #include + #include + #include +@@ -38,8 +40,8 @@ + + #include "c.h" + #include "xalloc.h" +-#include "nls.h" +-#include "closestream.h" ++//#include "nls.h" ++//#include "closestream.h" + + #define NHASH (1<<17) /* Must be a power of 2! */ + #define NBUF 64 +@@ -124,33 +126,33 @@ static void print_summary(void) + if (ctl->verbose > 1 && ctl->nlinks) + fputc('\n', stdout); + +- printf(_("Directories: %9lld\n"), ctl->ndirs); +- printf(_("Objects: %9lld\n"), ctl->nobjects); +- printf(_("Regular files: %9lld\n"), ctl->nregfiles); +- printf(_("Comparisons: %9lld\n"), ctl->ncomp); ++ printf(("Directories: %9lld\n"), ctl->ndirs); ++ printf(("Objects: %9lld\n"), ctl->nobjects); ++ printf(("Regular files: %9lld\n"), ctl->nregfiles); ++ printf(("Comparisons: %9lld\n"), ctl->ncomp); + printf( "%s%9lld\n", (ctl->no_link ? +- _("Would link: ") : +- _("Linked: ")), ctl->nlinks); ++ ("Would link: ") : ++ ("Linked: ")), ctl->nlinks); + printf( "%s %9lld\n", (ctl->no_link ? +- _("Would save: ") : +- _("Saved: ")), ctl->nsaved); ++ ("Would save: ") : ++ ("Saved: ")), ctl->nsaved); + } + + static void __attribute__((__noreturn__)) usage(void) + { + fputs(USAGE_HEADER, stdout); +- printf(_(" %s [options] directory...\n"), program_invocation_short_name); ++ printf((" %s [options] directory...\n"), program_invocation_short_name); + + fputs(USAGE_SEPARATOR, stdout); +- puts(_("Consolidate duplicate files using hardlinks.")); ++ puts(("Consolidate duplicate files using hardlinks.")); + + fputs(USAGE_OPTIONS, stdout); +- puts(_(" -c, --content compare only contents, ignore permission, etc.")); +- puts(_(" -n, --dry-run don't actually link anything")); +- puts(_(" -v, --verbose print summary after hardlinking")); +- puts(_(" -vv print every hardlinked file and summary")); +- puts(_(" -f, --force force hardlinking across filesystems")); +- puts(_(" -x, --exclude exclude files matching pattern")); ++ puts((" -c, --content compare only contents, ignore permission, etc.")); ++ puts((" -n, --dry-run don't actually link anything")); ++ puts((" -v, --verbose print summary after hardlinking")); ++ puts((" -vv print every hardlinked file and summary")); ++ puts((" -f, --force force hardlinking across filesystems")); ++ puts((" -x, --exclude exclude files matching pattern")); + + fputs(USAGE_SEPARATOR, stdout); + printf(USAGE_HELP_OPTIONS(16)); /* char offset to align option descriptions */ +@@ -164,7 +166,7 @@ static inline size_t add2(size_t a, size_t b) + size_t sum = a + b; + + if (sum < a) +- errx(EXIT_FAILURE, _("integer overflow")); ++ errx(EXIT_FAILURE, ("integer overflow")); + return sum; + } + +@@ -193,7 +195,7 @@ static void process_path(struct hardlink_ctl *ctl, const char *name) + if (st.st_dev != ctl->dev && !ctl->force) { + if (ctl->dev) + errx(EXIT_FAILURE, +- _("%s is on different filesystem than the rest " ++ ("%s is on different filesystem than the rest " + "(use -f option to override)."), name); + ctl->dev = st.st_dev; + } +@@ -287,9 +289,9 @@ static void process_path(struct hardlink_ctl *ctl, const char *name) + (ssize_t) sizeof(ctl->iobuf1) : fsize; + + if ((xsz = read(fd, ctl->iobuf1, rsize)) != rsize) +- warn(_("cannot read %s"), name); ++ warn(("cannot read %s"), name); + else if ((xsz = read(fd2, ctl->iobuf2, rsize)) != rsize) +- warn(_("cannot read %s"), fp2->name); ++ warn(("cannot read %s"), fp2->name); + + if (xsz != rsize) { + close(fd); +@@ -303,13 +305,13 @@ static void process_path(struct hardlink_ctl *ctl, const char *name) + if (fsize > 0) + continue; + if (lstat(name, &st3)) { +- warn(_("cannot stat %s"), name); ++ warn(("cannot stat %s"), name); + close(fd); + return; + } + st3.st_atime = st.st_atime; + if (stcmp(&st, &st3, 0)) { +- warnx(_("file %s changed underneath us"), name); ++ warnx(("file %s changed underneath us"), name); + close(fd); + return; + } +@@ -329,18 +331,18 @@ static void process_path(struct hardlink_ctl *ctl, const char *name) + suffixlen + 1); + /* First create a temporary link to n1 under a new name */ + if (link(n1, nam2.buf)) { +- warn(_("failed to hardlink %s to %s (create temporary link as %s failed)"), ++ warn(("failed to hardlink %s to %s (create temporary link as %s failed)"), + n1, n2, nam2.buf); + free(nam2.buf); + continue; + } + /* Then rename into place over the existing n2 */ + if (rename(nam2.buf, n2)) { +- warn(_("failed to hardlink %s to %s (rename temporary link to %s failed)"), ++ warn(("failed to hardlink %s to %s (rename temporary link to %s failed)"), + n1, n2, n2); + /* Something went wrong, try to remove the now redundant temporary link */ + if (unlink(nam2.buf)) +- warn(_("failed to remove temporary link %s"), nam2.buf); ++ warn(("failed to remove temporary link %s"), nam2.buf); + free(nam2.buf); + continue; + } +@@ -351,16 +353,16 @@ static void process_path(struct hardlink_ctl *ctl, const char *name) + /* We actually did not save anything this time, since the link second argument + had some other links as well. */ + if (ctl->verbose > 1) +- printf(_(" %s %s to %s\n"), +- (ctl->no_link ? _("Would link") : _("Linked")), ++ printf((" %s %s to %s\n"), ++ (ctl->no_link ? ("Would link") : ("Linked")), + n1, n2); + } else { + ctl->nsaved += ((st.st_size + 4095) / 4096) * 4096; + if (ctl->verbose > 1) +- printf(_(" %s %s to %s, %s %jd\n"), +- (ctl->no_link ? _("Would link") : _("Linked")), ++ printf((" %s %s to %s, %s %jd\n"), ++ (ctl->no_link ? ("Would link") : ("Linked")), + n1, n2, +- (ctl->no_link ? _("would save") : _("saved")), ++ (ctl->no_link ? ("would save") : ("saved")), + (intmax_t)st.st_size); + } + close(fd); +@@ -410,11 +412,6 @@ int main(int argc, char **argv) + { NULL, 0, NULL, 0 }, + }; + +- setlocale(LC_ALL, ""); +- bindtextdomain(PACKAGE, LOCALEDIR); +- textdomain(PACKAGE); +- close_stdout_atexit(); +- + while ((ch = getopt_long(argc, argv, "cnvfx:Vh", longopts, NULL)) != -1) { + switch (ch) { + case 'n': +@@ -434,7 +431,7 @@ int main(int argc, char **argv) + exclude_pattern = (PCRE2_SPTR) optarg; + #else + errx(EXIT_FAILURE, +- _("option --exclude not supported (built without pcre2)")); ++ ("option --exclude not supported (built without pcre2)")); + #endif + break; + case 'V': +@@ -447,7 +444,7 @@ int main(int argc, char **argv) + } + + if (optind == argc) { +- warnx(_("no directory specified")); ++ warnx(("no directory specified")); + errtryhelp(EXIT_FAILURE); + } + +@@ -461,7 +458,7 @@ int main(int argc, char **argv) + PCRE2_UCHAR buffer[256]; + pcre2_get_error_message(errornumber, buffer, + sizeof(buffer)); +- errx(EXIT_FAILURE, _("pattern error at offset %d: %s"), ++ errx(EXIT_FAILURE, ("pattern error at offset %d: %s"), + (int)erroroffset, buffer); + } + match_data = pcre2_match_data_create_from_pattern(re, NULL); +@@ -506,7 +503,7 @@ int main(int argc, char **argv) + >=0) { + if (ctl->verbose) { + nam1.buf[nam1baselen] = 0; +- printf(_("Skipping %s%s\n"), nam1.buf, di->d_name); ++ printf(("Skipping %s%s\n"), nam1.buf, di->d_name); + } + continue; + } diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch new file mode 100644 index 000000000..c4718a106 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch @@ -0,0 +1,65 @@ +From 32a4b8ae046fe4bb1b19f61378d079d44deaede7 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 01:48:24 +0000 +Subject: [PATCH] nativesdk-glibc: Look for host system ld.so.cache as well + +Upstream-Status: Inappropriate [embedded specific] + +The default lib search path order is: + + 1) LD_LIBRARY_PATH + 2) RPATH from the binary + 3) ld.so.cache + 4) default search paths embedded in the linker + +For nativesdk binaries which are being used alongside binaries on a host system, we +need the search paths to firstly search the shipped nativesdk libs but then also +cover the host system. For example we want the host system's libGL and this may be +in a non-standard location like /usr/lib/mesa. The only place the location is know +about is in the ld.so.cache of the host system. + +Since nativesdk has a simple structure and doesn't need to use a cache itself, we +repurpose the cache for use as a last resort in finding host system binaries. This +means we need to switch the order of 3 and 4 above to make this work effectively. + +RP 14/10/2010 + +Signed-off-by: Khem Raj +--- + elf/dl-load.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/elf/dl-load.c b/elf/dl-load.c +index 9e2089cfaa..ad01674027 100644 +--- a/elf/dl-load.c ++++ b/elf/dl-load.c +@@ -2175,6 +2175,14 @@ _dl_map_object (struct link_map *loader, const char *name, + } + } + ++ /* try the default path. */ ++ if (fd == -1 ++ && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL ++ || __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1)) ++ && __rtld_search_dirs.dirs != (void *) -1) ++ fd = open_path (name, namelen, mode & __RTLD_SECURE, &__rtld_search_dirs, ++ &realname, &fb, l, LA_SER_DEFAULT, &found_other_class); ++ /* Finally try ld.so.cache */ + #ifdef USE_LDCONFIG + if (fd == -1 + && (__glibc_likely ((mode & __RTLD_SECURE) == 0) +@@ -2233,14 +2241,6 @@ _dl_map_object (struct link_map *loader, const char *name, + } + #endif + +- /* Finally, try the default path. */ +- if (fd == -1 +- && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL +- || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB))) +- && __rtld_search_dirs.dirs != (void *) -1) +- fd = open_path (name, namelen, mode, &__rtld_search_dirs, +- &realname, &fb, l, LA_SER_DEFAULT, &found_other_class); +- + /* Add another newline when we are tracing the library loading. */ + if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) + _dl_debug_printf ("\n"); diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch new file mode 100644 index 000000000..a8e625d24 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch @@ -0,0 +1,46 @@ +From aa8393bff257e4badfd208b88473ead175c69362 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 01:50:00 +0000 +Subject: [PATCH] nativesdk-glibc: Fix buffer overrun with a relocated SDK + +When ld-linux-*.so.2 is relocated to a path that is longer than the +original fixed location, the dynamic loader will crash in open_path +because it implicitly assumes that max_dirnamelen is a fixed size that +never changes. + +The allocated buffer will not be large enough to contain the directory +path string which is larger than the fixed location provided at build +time. + +Upstream-Status: Inappropriate [OE SDK specific] + +Signed-off-by: Jason Wessel +Signed-off-by: Khem Raj +--- + elf/dl-load.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/elf/dl-load.c b/elf/dl-load.c +index ad01674027..f455207e79 100644 +--- a/elf/dl-load.c ++++ b/elf/dl-load.c +@@ -1871,7 +1871,19 @@ open_path (const char *name, size_t namelen, int mode, + given on the command line when rtld is run directly. */ + return -1; + ++ do ++ { ++ struct r_search_path_elem *this_dir = *dirs; ++ if (this_dir->dirnamelen > max_dirnamelen) ++ { ++ max_dirnamelen = this_dir->dirnamelen; ++ } ++ } ++ while (*++dirs != NULL); ++ + buf = alloca (max_dirnamelen + max_capstrlen + namelen); ++ ++ dirs = sps->dirs; + do + { + struct r_search_path_elem *this_dir = *dirs; diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch new file mode 100644 index 000000000..197caae92 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch @@ -0,0 +1,153 @@ +From 3ea08e491a8494ff03e598b5e0fc2d8131e75da9 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 01:51:38 +0000 +Subject: [PATCH] nativesdk-glibc: Raise the size of arrays containing dl paths + +This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings +and lengths as well as ld.so.cache path in the dynamic loader to specific +sections in memory. The sections that contain paths have been allocated a 4096 +byte section, which is the maximum path length in linux. This will allow the +relocating script to parse the ELF binary, detect the section and easily replace +the strings in a certain path. + +Upstream-Status: Inappropriate [SDK specific] + +Signed-off-by: Laurentiu Palcu +Signed-off-by: Khem Raj +--- + elf/dl-cache.c | 4 ++++ + elf/dl-load.c | 4 ++-- + elf/dl-usage.c | 6 ++++-- + elf/interp.c | 2 +- + elf/ldconfig.c | 3 +++ + elf/rtld.c | 1 + + iconv/gconv_conf.c | 2 +- + sysdeps/generic/dl-cache.h | 4 ---- + 8 files changed, 16 insertions(+), 10 deletions(-) + +diff --git a/elf/dl-cache.c b/elf/dl-cache.c +index 32f3bef5ea..71f3a82dc0 100644 +--- a/elf/dl-cache.c ++++ b/elf/dl-cache.c +@@ -359,6 +359,10 @@ search_cache (const char *string_table, uint32_t string_table_size, + return best; + } + ++const char LD_SO_CACHE[4096] __attribute__ ((section (".ldsocache"))) = ++ SYSCONFDIR "/ld.so.cache"; ++ ++ + int + _dl_cache_libcmp (const char *p1, const char *p2) + { +diff --git a/elf/dl-load.c b/elf/dl-load.c +index f455207e79..a144e24fcf 100644 +--- a/elf/dl-load.c ++++ b/elf/dl-load.c +@@ -115,8 +115,8 @@ enum { ncapstr = 1, max_capstrlen = 0 }; + gen-trusted-dirs.awk. */ + #include "trusted-dirs.h" + +-static const char system_dirs[] = SYSTEM_DIRS; +-static const size_t system_dirs_len[] = ++static const char system_dirs[4096] __attribute__ ((section (".sysdirs"))) = SYSTEM_DIRS; ++volatile static const size_t system_dirs_len[] __attribute__ ((section (".sysdirslen"))) = + { + SYSTEM_DIRS_LEN + }; +diff --git a/elf/dl-usage.c b/elf/dl-usage.c +index 6e26818bd7..f09e8b93e5 100644 +--- a/elf/dl-usage.c ++++ b/elf/dl-usage.c +@@ -25,6 +25,8 @@ + #include + #include + ++extern const char LD_SO_CACHE[4096] __attribute__ ((section (".ldsocache"))); ++ + void + _dl_usage (const char *argv0, const char *wrong_option) + { +@@ -244,7 +246,7 @@ setting environment variables (which would be inherited by subprocesses).\n\ + --list list all dependencies and how they are resolved\n\ + --verify verify that given object really is a dynamically linked\n\ + object we can handle\n\ +- --inhibit-cache Do not use " LD_SO_CACHE "\n\ ++ --inhibit-cache Do not use %s\n\ + --library-path PATH use given PATH instead of content of the environment\n\ + variable LD_LIBRARY_PATH\n\ + --glibc-hwcaps-prepend LIST\n\ +@@ -266,7 +268,7 @@ setting environment variables (which would be inherited by subprocesses).\n\ + \n\ + This program interpreter self-identifies as: " RTLD "\n\ + ", +- argv0); ++ argv0, LD_SO_CACHE); + print_search_path_for_help (state); + print_hwcaps_subdirectories (state); + print_legacy_hwcap_directories (); +diff --git a/elf/interp.c b/elf/interp.c +index 91966702ca..dc86c20e83 100644 +--- a/elf/interp.c ++++ b/elf/interp.c +@@ -18,5 +18,5 @@ + + #include + +-const char __invoke_dynamic_linker__[] __attribute__ ((section (".interp"))) ++const char __invoke_dynamic_linker__[4096] __attribute__ ((section (".interp"))) + = RUNTIME_LINKER; +diff --git a/elf/ldconfig.c b/elf/ldconfig.c +index 28ed637a29..5d38a60c5d 100644 +--- a/elf/ldconfig.c ++++ b/elf/ldconfig.c +@@ -176,6 +176,9 @@ static struct argp argp = + options, parse_opt, NULL, doc, NULL, more_help, NULL + }; + ++ ++extern const char LD_SO_CACHE[4096] __attribute__ ((section (".ldsocache"))); ++ + /* Check if string corresponds to an important hardware capability or + a platform. */ + static int +diff --git a/elf/rtld.c b/elf/rtld.c +index 596b6ac3d9..1ccd33f668 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -185,6 +185,7 @@ dso_name_valid_for_suid (const char *p) + } + return *p != '\0'; + } ++extern const char LD_SO_CACHE[4096] __attribute__ ((section (".ldsocache"))); + + static void + audit_list_init (struct audit_list *list) +diff --git a/iconv/gconv_conf.c b/iconv/gconv_conf.c +index 682f949834..7eed87bc9d 100644 +--- a/iconv/gconv_conf.c ++++ b/iconv/gconv_conf.c +@@ -36,7 +36,7 @@ + + + /* This is the default path where we look for module lists. */ +-static const char default_gconv_path[] = GCONV_PATH; ++static char default_gconv_path[4096] __attribute__ ((section (".gccrelocprefix"))) = GCONV_PATH; + + /* Type to represent search path. */ + struct path_elem +diff --git a/sysdeps/generic/dl-cache.h b/sysdeps/generic/dl-cache.h +index 964d50a486..94bf68ca9d 100644 +--- a/sysdeps/generic/dl-cache.h ++++ b/sysdeps/generic/dl-cache.h +@@ -34,10 +34,6 @@ + ((flags) == 1 || (flags) == _DL_CACHE_DEFAULT_ID) + #endif + +-#ifndef LD_SO_CACHE +-# define LD_SO_CACHE SYSCONFDIR "/ld.so.cache" +-#endif +- + #ifndef add_system_dir + # define add_system_dir(dir) add_dir (dir) + #endif diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch new file mode 100644 index 000000000..172ade8d9 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch @@ -0,0 +1,39 @@ +From 19e3e45eb1838ee80af13c3d27fcff446773211e Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Thu, 31 Dec 2015 14:35:35 -0800 +Subject: [PATCH] nativesdk-glibc: Allow 64 bit atomics for x86 + +The fix consist of allowing 64bit atomic ops for x86. +This should be safe for i586 and newer CPUs. +It also makes the synchronization more efficient. + +Upstream-Status: Inappropriate [OE-Specific] + +Signed-off-by: Juro Bystricky +Signed-off-by: Richard Purdie +Signed-off-by: Khem Raj +--- + sysdeps/x86/atomic-machine.h | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/sysdeps/x86/atomic-machine.h b/sysdeps/x86/atomic-machine.h +index 695222e4fa..9d39bfdbd5 100644 +--- a/sysdeps/x86/atomic-machine.h ++++ b/sysdeps/x86/atomic-machine.h +@@ -52,15 +52,14 @@ typedef uintmax_t uatomic_max_t; + #define LOCK_PREFIX "lock;" + + #define USE_ATOMIC_COMPILER_BUILTINS 1 ++# define __HAVE_64B_ATOMICS 1 + + #ifdef __x86_64__ +-# define __HAVE_64B_ATOMICS 1 + # define SP_REG "rsp" + # define SEG_REG "fs" + # define BR_CONSTRAINT "q" + # define IBR_CONSTRAINT "iq" + #else +-# define __HAVE_64B_ATOMICS 0 + # define SP_REG "esp" + # define SEG_REG "gs" + # define BR_CONSTRAINT "r" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch new file mode 100644 index 000000000..14697567c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch @@ -0,0 +1,100 @@ +From 732d4f4954fe60718870048d0583a20a7a8a8540 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 3 Aug 2018 09:55:12 -0700 +Subject: [PATCH] nativesdk-glibc: Make relocatable install for locales + +The glibc locale path is hard-coded to the install prefix, but in SDKs we need +to be able to relocate the binaries. Expand the strings to 4K and put them in a +magic segment that we can relocate at install time. + +Upstream-Status: Inappropriate (OE-specific) + +Signed-off-by: Ross Burton +Signed-off-by: Khem Raj +--- + locale/findlocale.c | 4 ++-- + locale/loadarchive.c | 2 +- + locale/localeinfo.h | 2 +- + locale/programs/locale.c | 7 ++++--- + 4 files changed, 8 insertions(+), 7 deletions(-) + +diff --git a/locale/findlocale.c b/locale/findlocale.c +index ab09122b0c..f42cc75780 100644 +--- a/locale/findlocale.c ++++ b/locale/findlocale.c +@@ -56,7 +56,7 @@ struct __locale_data *const _nl_C[] attribute_hidden = + which are somehow addressed. */ + struct loaded_l10nfile *_nl_locale_file_list[__LC_LAST]; + +-const char _nl_default_locale_path[] attribute_hidden = COMPLOCALEDIR; ++char _nl_default_locale_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR; + + /* Checks if the name is actually present, that is, not NULL and not + empty. */ +@@ -166,7 +166,7 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len, + + /* Nothing in the archive. Set the default path to search below. */ + locale_path = _nl_default_locale_path; +- locale_path_len = sizeof _nl_default_locale_path; ++ locale_path_len = strlen(locale_path) + 1; + } + else + /* We really have to load some data. First see whether the name is +diff --git a/locale/loadarchive.c b/locale/loadarchive.c +index 4177fc8972..40247b1e68 100644 +--- a/locale/loadarchive.c ++++ b/locale/loadarchive.c +@@ -42,7 +42,7 @@ + + + /* Name of the locale archive file. */ +-static const char archfname[] = COMPLOCALEDIR "/locale-archive"; ++static const char archfname[4096] __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR "/locale-archive"; + + /* Size of initial mapping window, optimal if large enough to + cover the header plus the initial locale. */ +diff --git a/locale/localeinfo.h b/locale/localeinfo.h +index b3d4da0185..22f9dc1140 100644 +--- a/locale/localeinfo.h ++++ b/locale/localeinfo.h +@@ -331,7 +331,7 @@ _nl_lookup_word (locale_t l, int category, int item) + } + + /* Default search path if no LOCPATH environment variable. */ +-extern const char _nl_default_locale_path[] attribute_hidden; ++extern char _nl_default_locale_path[4096] attribute_hidden; + + /* Load the locale data for CATEGORY from the file specified by *NAME. + If *NAME is "", use environment variables as specified by POSIX, and +diff --git a/locale/programs/locale.c b/locale/programs/locale.c +index 575b208e82..5ec630c3a4 100644 +--- a/locale/programs/locale.c ++++ b/locale/programs/locale.c +@@ -632,6 +632,7 @@ nameentcmp (const void *a, const void *b) + ((const struct nameent *) b)->name); + } + ++static char _write_archive_locales_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = ARCHIVE_NAME; + + static int + write_archive_locales (void **all_datap, char *linebuf) +@@ -645,7 +646,7 @@ write_archive_locales (void **all_datap, char *linebuf) + int fd, ret = 0; + uint32_t cnt; + +- fd = open64 (ARCHIVE_NAME, O_RDONLY); ++ fd = open64 (_write_archive_locales_path, O_RDONLY); + if (fd < 0) + return 0; + +@@ -700,8 +701,8 @@ write_archive_locales (void **all_datap, char *linebuf) + if (cnt) + putchar_unlocked ('\n'); + +- printf ("locale: %-15.15s archive: " ARCHIVE_NAME "\n%s\n", +- names[cnt].name, linebuf); ++ printf ("locale: %-15.15s archive: %s\n%s\n", ++ names[cnt].name, _write_archive_locales_path, linebuf); + + locrec = (struct locrecent *) (addr + names[cnt].locrec_offset); + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0008-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0008-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch new file mode 100644 index 000000000..2162bf38c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0008-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch @@ -0,0 +1,1581 @@ +From 3d58330390a7d4f4ed32f4a9c25628af3e0dd5c1 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:01:50 +0000 +Subject: [PATCH] fsl e500/e5500/e6500/603e fsqrt implementation + +Upstream-Status: Pending +Signed-off-by: Edmar Wienskoski +Signed-off-by: Khem Raj +--- + sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c | 134 ++++++++++++++++++ + sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c | 101 +++++++++++++ + sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c | 134 ++++++++++++++++++ + .../powerpc/powerpc32/e500mc/fpu/e_sqrtf.c | 101 +++++++++++++ + sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c | 134 ++++++++++++++++++ + sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c | 101 +++++++++++++ + sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c | 134 ++++++++++++++++++ + sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c | 101 +++++++++++++ + sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c | 134 ++++++++++++++++++ + sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c | 101 +++++++++++++ + sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c | 134 ++++++++++++++++++ + sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c | 101 +++++++++++++ + .../linux/powerpc/powerpc32/603e/fpu/Implies | 1 + + .../powerpc/powerpc32/e300c3/fpu/Implies | 2 + + .../powerpc/powerpc32/e500mc/fpu/Implies | 1 + + .../linux/powerpc/powerpc32/e5500/fpu/Implies | 1 + + .../linux/powerpc/powerpc32/e6500/fpu/Implies | 1 + + .../linux/powerpc/powerpc64/e5500/fpu/Implies | 1 + + .../linux/powerpc/powerpc64/e6500/fpu/Implies | 1 + + 19 files changed, 1418 insertions(+) + create mode 100644 sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c + create mode 100644 sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c + create mode 100644 sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c + create mode 100644 sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c + create mode 100644 sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c + create mode 100644 sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c + create mode 100644 sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c + create mode 100644 sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c + create mode 100644 sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c + create mode 100644 sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c + create mode 100644 sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c + create mode 100644 sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c + create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/603e/fpu/Implies + create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/e300c3/fpu/Implies + create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/e500mc/fpu/Implies + create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/e5500/fpu/Implies + create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/e6500/fpu/Implies + create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc64/e5500/fpu/Implies + create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc64/e6500/fpu/Implies + +diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c +new file mode 100644 +index 0000000000..71e516d1c8 +--- /dev/null ++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c +@@ -0,0 +1,134 @@ ++/* Double-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float two108 = 3.245185536584267269e+32; ++static const float twom54 = 5.551115123125782702e-17; ++static const float half = 0.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the actual square root and half of its reciprocal ++ simultaneously. */ ++ ++#ifdef __STDC__ ++double ++__ieee754_sqrt (double b) ++#else ++double ++__ieee754_sqrt (b) ++ double b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++ double y, g, h, d, r; ++ ieee_double_shape_type u; ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ u.value = b; ++ ++ relax_fenv_state (); ++ ++ __asm__ ("frsqrte %[estimate], %[x]\n" ++ : [estimate] "=f" (y) : [x] "f" (b)); ++ ++ /* Following Muller et al, page 168, equation 5.20. ++ ++ h goes to 1/(2*sqrt(b)) ++ g goes to sqrt(b). ++ ++ We need three iterations to get within 1ulp. */ ++ ++ /* Indicate that these can be performed prior to the branch. GCC ++ insists on sinking them below the branch, however; it seems like ++ they'd be better before the branch so that we can cover any latency ++ from storing the argument and loading its high word. Oh well. */ ++ ++ g = b * y; ++ h = 0.5 * y; ++ ++ /* Handle small numbers by scaling. */ ++ if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) ++ return __ieee754_sqrt (b * two108) * twom54; ++ ++#define FMADD(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmadd %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ /* g is now +/- 1ulp, or exactly equal to, the square root of b. */ ++ ++ /* Final refinement. */ ++ d = FNMSUB (g, g, b); ++ ++ fesetenv_register (fe); ++ return FMADD (d, h, g); ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_wash (b); ++} +diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c +new file mode 100644 +index 0000000000..26fa067abf +--- /dev/null ++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c +@@ -0,0 +1,101 @@ ++/* Single-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float threehalf = 1.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the reciprocal square root and use that to compute the actual ++ square root. */ ++ ++#ifdef __STDC__ ++float ++__ieee754_sqrtf (float b) ++#else ++float ++__ieee754_sqrtf (b) ++ float b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++#define FMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ double y, x; ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ relax_fenv_state (); ++ ++ /* Compute y = 1.5 * b - b. Uses fewer constants than y = 0.5 * b. */ ++ y = FMSUB (threehalf, b, b); ++ ++ /* Initial estimate. */ ++ __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b)); ++ ++ /* Iterate. x_{n+1} = x_n * (1.5 - y * (x_n * x_n)). */ ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ ++ /* All done. */ ++ fesetenv_register (fe); ++ return x * b; ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_washf (b); ++} +diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c +new file mode 100644 +index 0000000000..71e516d1c8 +--- /dev/null ++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c +@@ -0,0 +1,134 @@ ++/* Double-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float two108 = 3.245185536584267269e+32; ++static const float twom54 = 5.551115123125782702e-17; ++static const float half = 0.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the actual square root and half of its reciprocal ++ simultaneously. */ ++ ++#ifdef __STDC__ ++double ++__ieee754_sqrt (double b) ++#else ++double ++__ieee754_sqrt (b) ++ double b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++ double y, g, h, d, r; ++ ieee_double_shape_type u; ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ u.value = b; ++ ++ relax_fenv_state (); ++ ++ __asm__ ("frsqrte %[estimate], %[x]\n" ++ : [estimate] "=f" (y) : [x] "f" (b)); ++ ++ /* Following Muller et al, page 168, equation 5.20. ++ ++ h goes to 1/(2*sqrt(b)) ++ g goes to sqrt(b). ++ ++ We need three iterations to get within 1ulp. */ ++ ++ /* Indicate that these can be performed prior to the branch. GCC ++ insists on sinking them below the branch, however; it seems like ++ they'd be better before the branch so that we can cover any latency ++ from storing the argument and loading its high word. Oh well. */ ++ ++ g = b * y; ++ h = 0.5 * y; ++ ++ /* Handle small numbers by scaling. */ ++ if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) ++ return __ieee754_sqrt (b * two108) * twom54; ++ ++#define FMADD(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmadd %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ /* g is now +/- 1ulp, or exactly equal to, the square root of b. */ ++ ++ /* Final refinement. */ ++ d = FNMSUB (g, g, b); ++ ++ fesetenv_register (fe); ++ return FMADD (d, h, g); ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_wash (b); ++} +diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c +new file mode 100644 +index 0000000000..26fa067abf +--- /dev/null ++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c +@@ -0,0 +1,101 @@ ++/* Single-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float threehalf = 1.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the reciprocal square root and use that to compute the actual ++ square root. */ ++ ++#ifdef __STDC__ ++float ++__ieee754_sqrtf (float b) ++#else ++float ++__ieee754_sqrtf (b) ++ float b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++#define FMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ double y, x; ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ relax_fenv_state (); ++ ++ /* Compute y = 1.5 * b - b. Uses fewer constants than y = 0.5 * b. */ ++ y = FMSUB (threehalf, b, b); ++ ++ /* Initial estimate. */ ++ __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b)); ++ ++ /* Iterate. x_{n+1} = x_n * (1.5 - y * (x_n * x_n)). */ ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ ++ /* All done. */ ++ fesetenv_register (fe); ++ return x * b; ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_washf (b); ++} +diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c +new file mode 100644 +index 0000000000..71e516d1c8 +--- /dev/null ++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c +@@ -0,0 +1,134 @@ ++/* Double-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float two108 = 3.245185536584267269e+32; ++static const float twom54 = 5.551115123125782702e-17; ++static const float half = 0.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the actual square root and half of its reciprocal ++ simultaneously. */ ++ ++#ifdef __STDC__ ++double ++__ieee754_sqrt (double b) ++#else ++double ++__ieee754_sqrt (b) ++ double b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++ double y, g, h, d, r; ++ ieee_double_shape_type u; ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ u.value = b; ++ ++ relax_fenv_state (); ++ ++ __asm__ ("frsqrte %[estimate], %[x]\n" ++ : [estimate] "=f" (y) : [x] "f" (b)); ++ ++ /* Following Muller et al, page 168, equation 5.20. ++ ++ h goes to 1/(2*sqrt(b)) ++ g goes to sqrt(b). ++ ++ We need three iterations to get within 1ulp. */ ++ ++ /* Indicate that these can be performed prior to the branch. GCC ++ insists on sinking them below the branch, however; it seems like ++ they'd be better before the branch so that we can cover any latency ++ from storing the argument and loading its high word. Oh well. */ ++ ++ g = b * y; ++ h = 0.5 * y; ++ ++ /* Handle small numbers by scaling. */ ++ if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) ++ return __ieee754_sqrt (b * two108) * twom54; ++ ++#define FMADD(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmadd %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ /* g is now +/- 1ulp, or exactly equal to, the square root of b. */ ++ ++ /* Final refinement. */ ++ d = FNMSUB (g, g, b); ++ ++ fesetenv_register (fe); ++ return FMADD (d, h, g); ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_wash (b); ++} +diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c +new file mode 100644 +index 0000000000..26fa067abf +--- /dev/null ++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c +@@ -0,0 +1,101 @@ ++/* Single-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float threehalf = 1.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the reciprocal square root and use that to compute the actual ++ square root. */ ++ ++#ifdef __STDC__ ++float ++__ieee754_sqrtf (float b) ++#else ++float ++__ieee754_sqrtf (b) ++ float b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++#define FMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ double y, x; ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ relax_fenv_state (); ++ ++ /* Compute y = 1.5 * b - b. Uses fewer constants than y = 0.5 * b. */ ++ y = FMSUB (threehalf, b, b); ++ ++ /* Initial estimate. */ ++ __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b)); ++ ++ /* Iterate. x_{n+1} = x_n * (1.5 - y * (x_n * x_n)). */ ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ ++ /* All done. */ ++ fesetenv_register (fe); ++ return x * b; ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_washf (b); ++} +diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c +new file mode 100644 +index 0000000000..71e516d1c8 +--- /dev/null ++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c +@@ -0,0 +1,134 @@ ++/* Double-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float two108 = 3.245185536584267269e+32; ++static const float twom54 = 5.551115123125782702e-17; ++static const float half = 0.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the actual square root and half of its reciprocal ++ simultaneously. */ ++ ++#ifdef __STDC__ ++double ++__ieee754_sqrt (double b) ++#else ++double ++__ieee754_sqrt (b) ++ double b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++ double y, g, h, d, r; ++ ieee_double_shape_type u; ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ u.value = b; ++ ++ relax_fenv_state (); ++ ++ __asm__ ("frsqrte %[estimate], %[x]\n" ++ : [estimate] "=f" (y) : [x] "f" (b)); ++ ++ /* Following Muller et al, page 168, equation 5.20. ++ ++ h goes to 1/(2*sqrt(b)) ++ g goes to sqrt(b). ++ ++ We need three iterations to get within 1ulp. */ ++ ++ /* Indicate that these can be performed prior to the branch. GCC ++ insists on sinking them below the branch, however; it seems like ++ they'd be better before the branch so that we can cover any latency ++ from storing the argument and loading its high word. Oh well. */ ++ ++ g = b * y; ++ h = 0.5 * y; ++ ++ /* Handle small numbers by scaling. */ ++ if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) ++ return __ieee754_sqrt (b * two108) * twom54; ++ ++#define FMADD(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmadd %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ /* g is now +/- 1ulp, or exactly equal to, the square root of b. */ ++ ++ /* Final refinement. */ ++ d = FNMSUB (g, g, b); ++ ++ fesetenv_register (fe); ++ return FMADD (d, h, g); ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_wash (b); ++} +diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c +new file mode 100644 +index 0000000000..26fa067abf +--- /dev/null ++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c +@@ -0,0 +1,101 @@ ++/* Single-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float threehalf = 1.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the reciprocal square root and use that to compute the actual ++ square root. */ ++ ++#ifdef __STDC__ ++float ++__ieee754_sqrtf (float b) ++#else ++float ++__ieee754_sqrtf (b) ++ float b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++#define FMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ double y, x; ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ relax_fenv_state (); ++ ++ /* Compute y = 1.5 * b - b. Uses fewer constants than y = 0.5 * b. */ ++ y = FMSUB (threehalf, b, b); ++ ++ /* Initial estimate. */ ++ __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b)); ++ ++ /* Iterate. x_{n+1} = x_n * (1.5 - y * (x_n * x_n)). */ ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ ++ /* All done. */ ++ fesetenv_register (fe); ++ return x * b; ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_washf (b); ++} +diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c +new file mode 100644 +index 0000000000..71e516d1c8 +--- /dev/null ++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c +@@ -0,0 +1,134 @@ ++/* Double-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float two108 = 3.245185536584267269e+32; ++static const float twom54 = 5.551115123125782702e-17; ++static const float half = 0.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the actual square root and half of its reciprocal ++ simultaneously. */ ++ ++#ifdef __STDC__ ++double ++__ieee754_sqrt (double b) ++#else ++double ++__ieee754_sqrt (b) ++ double b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++ double y, g, h, d, r; ++ ieee_double_shape_type u; ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ u.value = b; ++ ++ relax_fenv_state (); ++ ++ __asm__ ("frsqrte %[estimate], %[x]\n" ++ : [estimate] "=f" (y) : [x] "f" (b)); ++ ++ /* Following Muller et al, page 168, equation 5.20. ++ ++ h goes to 1/(2*sqrt(b)) ++ g goes to sqrt(b). ++ ++ We need three iterations to get within 1ulp. */ ++ ++ /* Indicate that these can be performed prior to the branch. GCC ++ insists on sinking them below the branch, however; it seems like ++ they'd be better before the branch so that we can cover any latency ++ from storing the argument and loading its high word. Oh well. */ ++ ++ g = b * y; ++ h = 0.5 * y; ++ ++ /* Handle small numbers by scaling. */ ++ if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) ++ return __ieee754_sqrt (b * two108) * twom54; ++ ++#define FMADD(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmadd %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ /* g is now +/- 1ulp, or exactly equal to, the square root of b. */ ++ ++ /* Final refinement. */ ++ d = FNMSUB (g, g, b); ++ ++ fesetenv_register (fe); ++ return FMADD (d, h, g); ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_wash (b); ++} +diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c +new file mode 100644 +index 0000000000..26fa067abf +--- /dev/null ++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c +@@ -0,0 +1,101 @@ ++/* Single-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float threehalf = 1.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the reciprocal square root and use that to compute the actual ++ square root. */ ++ ++#ifdef __STDC__ ++float ++__ieee754_sqrtf (float b) ++#else ++float ++__ieee754_sqrtf (b) ++ float b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++#define FMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ double y, x; ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ relax_fenv_state (); ++ ++ /* Compute y = 1.5 * b - b. Uses fewer constants than y = 0.5 * b. */ ++ y = FMSUB (threehalf, b, b); ++ ++ /* Initial estimate. */ ++ __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b)); ++ ++ /* Iterate. x_{n+1} = x_n * (1.5 - y * (x_n * x_n)). */ ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ ++ /* All done. */ ++ fesetenv_register (fe); ++ return x * b; ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_washf (b); ++} +diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c +new file mode 100644 +index 0000000000..71e516d1c8 +--- /dev/null ++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c +@@ -0,0 +1,134 @@ ++/* Double-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float two108 = 3.245185536584267269e+32; ++static const float twom54 = 5.551115123125782702e-17; ++static const float half = 0.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the actual square root and half of its reciprocal ++ simultaneously. */ ++ ++#ifdef __STDC__ ++double ++__ieee754_sqrt (double b) ++#else ++double ++__ieee754_sqrt (b) ++ double b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++ double y, g, h, d, r; ++ ieee_double_shape_type u; ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ u.value = b; ++ ++ relax_fenv_state (); ++ ++ __asm__ ("frsqrte %[estimate], %[x]\n" ++ : [estimate] "=f" (y) : [x] "f" (b)); ++ ++ /* Following Muller et al, page 168, equation 5.20. ++ ++ h goes to 1/(2*sqrt(b)) ++ g goes to sqrt(b). ++ ++ We need three iterations to get within 1ulp. */ ++ ++ /* Indicate that these can be performed prior to the branch. GCC ++ insists on sinking them below the branch, however; it seems like ++ they'd be better before the branch so that we can cover any latency ++ from storing the argument and loading its high word. Oh well. */ ++ ++ g = b * y; ++ h = 0.5 * y; ++ ++ /* Handle small numbers by scaling. */ ++ if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) ++ return __ieee754_sqrt (b * two108) * twom54; ++ ++#define FMADD(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmadd %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ r = FNMSUB (g, h, half); ++ g = FMADD (g, r, g); ++ h = FMADD (h, r, h); ++ ++ /* g is now +/- 1ulp, or exactly equal to, the square root of b. */ ++ ++ /* Final refinement. */ ++ d = FNMSUB (g, g, b); ++ ++ fesetenv_register (fe); ++ return FMADD (d, h, g); ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_wash (b); ++} +diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c +new file mode 100644 +index 0000000000..26fa067abf +--- /dev/null ++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c +@@ -0,0 +1,101 @@ ++/* Single-precision floating point square root. ++ Copyright (C) 2010 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 }; ++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 }; ++static const float threehalf = 1.5; ++ ++/* The method is based on the descriptions in: ++ ++ _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5; ++ _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9 ++ ++ We find the reciprocal square root and use that to compute the actual ++ square root. */ ++ ++#ifdef __STDC__ ++float ++__ieee754_sqrtf (float b) ++#else ++float ++__ieee754_sqrtf (b) ++ float b; ++#endif ++{ ++ if (__builtin_expect (b > 0, 1)) ++ { ++#define FMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++#define FNMSUB(a_, c_, b_) \ ++ ({ double __r; \ ++ __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n" \ ++ : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \ ++ __r;}) ++ ++ if (__builtin_expect (b != a_inf.value, 1)) ++ { ++ double y, x; ++ fenv_t fe; ++ ++ fe = fegetenv_register (); ++ ++ relax_fenv_state (); ++ ++ /* Compute y = 1.5 * b - b. Uses fewer constants than y = 0.5 * b. */ ++ y = FMSUB (threehalf, b, b); ++ ++ /* Initial estimate. */ ++ __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b)); ++ ++ /* Iterate. x_{n+1} = x_n * (1.5 - y * (x_n * x_n)). */ ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ x = x * FNMSUB (y, x * x, threehalf); ++ ++ /* All done. */ ++ fesetenv_register (fe); ++ return x * b; ++ } ++ } ++ else if (b < 0) ++ { ++ /* For some reason, some PowerPC32 processors don't implement ++ FE_INVALID_SQRT. */ ++#ifdef FE_INVALID_SQRT ++ feraiseexcept (FE_INVALID_SQRT); ++ ++ fenv_union_t u = { .fenv = fegetenv_register () }; ++ if ((u.l & FE_INVALID) == 0) ++#endif ++ feraiseexcept (FE_INVALID); ++ b = a_nan.value; ++ } ++ return f_washf (b); ++} +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/603e/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc32/603e/fpu/Implies +new file mode 100644 +index 0000000000..b103b4dea5 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/603e/fpu/Implies +@@ -0,0 +1 @@ ++powerpc/powerpc32/603e/fpu +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/e300c3/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e300c3/fpu/Implies +new file mode 100644 +index 0000000000..64db17fada +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e300c3/fpu/Implies +@@ -0,0 +1,2 @@ ++# e300c3 is a variant of 603e so use the same optimizations for sqrt ++powerpc/powerpc32/603e/fpu +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/e500mc/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e500mc/fpu/Implies +new file mode 100644 +index 0000000000..7eac5fcf02 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e500mc/fpu/Implies +@@ -0,0 +1 @@ ++powerpc/powerpc32/e500mc/fpu +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/e5500/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e5500/fpu/Implies +new file mode 100644 +index 0000000000..264b2a7700 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e5500/fpu/Implies +@@ -0,0 +1 @@ ++powerpc/powerpc32/e5500/fpu +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/e6500/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e6500/fpu/Implies +new file mode 100644 +index 0000000000..a25934467b +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e6500/fpu/Implies +@@ -0,0 +1 @@ ++powerpc/powerpc32/e6500/fpu +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/e5500/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc64/e5500/fpu/Implies +new file mode 100644 +index 0000000000..a7bc854be8 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/e5500/fpu/Implies +@@ -0,0 +1 @@ ++powerpc/powerpc64/e5500/fpu +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/e6500/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc64/e6500/fpu/Implies +new file mode 100644 +index 0000000000..04ff8cc181 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/e6500/fpu/Implies +@@ -0,0 +1 @@ ++powerpc/powerpc64/e6500/fpu diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0009-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0009-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch new file mode 100644 index 000000000..0c8bf94a7 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0009-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch @@ -0,0 +1,205 @@ +From 3b5fe5b1a7390cde0f07351415e3891f62d1f7e0 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:15:07 +0000 +Subject: [PATCH] ppc/sqrt: Fix undefined reference to `__sqrt_finite' + +on ppc fixes the errors like below +| ./.libs/libpulsecore-1.1.so: undefined reference to `__sqrt_finite' +| collect2: ld returned 1 exit status + +Upstream-Status: Pending + +ChangeLog + +2012-01-06 Khem Raj + + * sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c: Add __*_finite alias. + Remove cruft. + * sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c: Ditto. + * sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c: Ditto. + * sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c: Ditto. + +Signed-off-by: Khem Raj +--- + sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c | 7 +------ + sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c | 7 +------ + sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c | 1 + + sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c | 1 + + sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c | 1 + + sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c | 1 + + sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c | 1 + + sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c | 1 + + sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c | 7 +------ + sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c | 7 +------ + sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c | 1 + + sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c | 1 + + 12 files changed, 12 insertions(+), 24 deletions(-) + +diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c +index 71e516d1c8..1795fd6c3e 100644 +--- a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c +@@ -39,14 +39,8 @@ static const float half = 0.5; + We find the actual square root and half of its reciprocal + simultaneously. */ + +-#ifdef __STDC__ + double + __ieee754_sqrt (double b) +-#else +-double +-__ieee754_sqrt (b) +- double b; +-#endif + { + if (__builtin_expect (b > 0, 1)) + { +@@ -132,3 +126,4 @@ __ieee754_sqrt (b) + } + return f_wash (b); + } ++strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c +index 26fa067abf..a917f313ab 100644 +--- a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c +@@ -37,14 +37,8 @@ static const float threehalf = 1.5; + We find the reciprocal square root and use that to compute the actual + square root. */ + +-#ifdef __STDC__ + float + __ieee754_sqrtf (float b) +-#else +-float +-__ieee754_sqrtf (b) +- float b; +-#endif + { + if (__builtin_expect (b > 0, 1)) + { +@@ -99,3 +93,4 @@ __ieee754_sqrtf (b) + } + return f_washf (b); + } ++strong_alias (__ieee754_sqrtf, __sqrtf_finite) +diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c +index 71e516d1c8..fc4a74990e 100644 +--- a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c +@@ -132,3 +132,4 @@ __ieee754_sqrt (b) + } + return f_wash (b); + } ++strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c +index 26fa067abf..9d175122a8 100644 +--- a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c +@@ -99,3 +99,4 @@ __ieee754_sqrtf (b) + } + return f_washf (b); + } ++strong_alias (__ieee754_sqrtf, __sqrtf_finite) +diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c +index 71e516d1c8..fc4a74990e 100644 +--- a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c +@@ -132,3 +132,4 @@ __ieee754_sqrt (b) + } + return f_wash (b); + } ++strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c +index 26fa067abf..9d175122a8 100644 +--- a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c +@@ -99,3 +99,4 @@ __ieee754_sqrtf (b) + } + return f_washf (b); + } ++strong_alias (__ieee754_sqrtf, __sqrtf_finite) +diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c +index 71e516d1c8..fc4a74990e 100644 +--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c +@@ -132,3 +132,4 @@ __ieee754_sqrt (b) + } + return f_wash (b); + } ++strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c +index 26fa067abf..9d175122a8 100644 +--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c +@@ -99,3 +99,4 @@ __ieee754_sqrtf (b) + } + return f_washf (b); + } ++strong_alias (__ieee754_sqrtf, __sqrtf_finite) +diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c +index 71e516d1c8..1795fd6c3e 100644 +--- a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c +@@ -39,14 +39,8 @@ static const float half = 0.5; + We find the actual square root and half of its reciprocal + simultaneously. */ + +-#ifdef __STDC__ + double + __ieee754_sqrt (double b) +-#else +-double +-__ieee754_sqrt (b) +- double b; +-#endif + { + if (__builtin_expect (b > 0, 1)) + { +@@ -132,3 +126,4 @@ __ieee754_sqrt (b) + } + return f_wash (b); + } ++strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c +index 26fa067abf..a917f313ab 100644 +--- a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c +@@ -37,14 +37,8 @@ static const float threehalf = 1.5; + We find the reciprocal square root and use that to compute the actual + square root. */ + +-#ifdef __STDC__ + float + __ieee754_sqrtf (float b) +-#else +-float +-__ieee754_sqrtf (b) +- float b; +-#endif + { + if (__builtin_expect (b > 0, 1)) + { +@@ -99,3 +93,4 @@ __ieee754_sqrtf (b) + } + return f_washf (b); + } ++strong_alias (__ieee754_sqrtf, __sqrtf_finite) +diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c +index 71e516d1c8..fc4a74990e 100644 +--- a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c +@@ -132,3 +132,4 @@ __ieee754_sqrt (b) + } + return f_wash (b); + } ++strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c +index 26fa067abf..9d175122a8 100644 +--- a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c +@@ -99,3 +99,4 @@ __ieee754_sqrtf (b) + } + return f_washf (b); + } ++strong_alias (__ieee754_sqrtf, __sqrtf_finite) diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0010-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0010-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch new file mode 100644 index 000000000..cadaa0b2e --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0010-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch @@ -0,0 +1,384 @@ +From 6b6e1dcd707017598ea3bdc2d91a761943b62218 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:16:38 +0000 +Subject: [PATCH] __ieee754_sqrt{,f} are now inline functions and call out + __slow versions + +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c | 12 ++++++++++-- + sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c | 8 +++++++- + sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c | 14 +++++++++++--- + sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c | 12 ++++++++++-- + sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c | 14 +++++++++++--- + sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c | 12 ++++++++++-- + sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c | 8 ++++++++ + sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c | 8 ++++++++ + sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c | 12 ++++++++++-- + sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c | 9 ++++++++- + sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c | 14 +++++++++++--- + sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c | 12 ++++++++++-- + 12 files changed, 114 insertions(+), 21 deletions(-) + +diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c +index 1795fd6c3e..daa83f3fe8 100644 +--- a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c +@@ -40,7 +40,7 @@ static const float half = 0.5; + simultaneously. */ + + double +-__ieee754_sqrt (double b) ++__slow_ieee754_sqrt (double b) + { + if (__builtin_expect (b > 0, 1)) + { +@@ -77,7 +77,7 @@ __ieee754_sqrt (double b) + + /* Handle small numbers by scaling. */ + if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) +- return __ieee754_sqrt (b * two108) * twom54; ++ return __slow_ieee754_sqrt (b * two108) * twom54; + + #define FMADD(a_, c_, b_) \ + ({ double __r; \ +@@ -126,4 +126,12 @@ __ieee754_sqrt (double b) + } + return f_wash (b); + } ++ ++#undef __ieee754_sqrt ++double ++__ieee754_sqrt (double x) ++{ ++ return __slow_ieee754_sqrt (x); ++} ++ + strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c +index a917f313ab..b812cf1705 100644 +--- a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c +@@ -38,7 +38,7 @@ static const float threehalf = 1.5; + square root. */ + + float +-__ieee754_sqrtf (float b) ++__slow_ieee754_sqrtf (float b) + { + if (__builtin_expect (b > 0, 1)) + { +@@ -93,4 +93,10 @@ __ieee754_sqrtf (float b) + } + return f_washf (b); + } ++#undef __ieee754_sqrtf ++float ++__ieee754_sqrtf (float x) ++{ ++ return __slow_ieee754_sqrtf (x); ++} + strong_alias (__ieee754_sqrtf, __sqrtf_finite) +diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c +index fc4a74990e..7038a70b47 100644 +--- a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c +@@ -41,10 +41,10 @@ static const float half = 0.5; + + #ifdef __STDC__ + double +-__ieee754_sqrt (double b) ++__slow_ieee754_sqrt (double b) + #else + double +-__ieee754_sqrt (b) ++__slow_ieee754_sqrt (b) + double b; + #endif + { +@@ -83,7 +83,7 @@ __ieee754_sqrt (b) + + /* Handle small numbers by scaling. */ + if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) +- return __ieee754_sqrt (b * two108) * twom54; ++ return __slow_ieee754_sqrt (b * two108) * twom54; + + #define FMADD(a_, c_, b_) \ + ({ double __r; \ +@@ -132,4 +132,12 @@ __ieee754_sqrt (b) + } + return f_wash (b); + } ++ ++#undef __ieee754_sqrt ++double ++__ieee754_sqrt (double x) ++{ ++ return __slow_ieee754_sqrt (x); ++} ++ + strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c +index 9d175122a8..10de1f0cc3 100644 +--- a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c +@@ -39,10 +39,10 @@ static const float threehalf = 1.5; + + #ifdef __STDC__ + float +-__ieee754_sqrtf (float b) ++__slow_ieee754_sqrtf (float b) + #else + float +-__ieee754_sqrtf (b) ++__slow_ieee754_sqrtf (b) + float b; + #endif + { +@@ -99,4 +99,12 @@ __ieee754_sqrtf (b) + } + return f_washf (b); + } ++ ++#undef __ieee754_sqrtf ++float ++__ieee754_sqrtf (float x) ++{ ++ return __slow_ieee754_sqrtf (x); ++} ++ + strong_alias (__ieee754_sqrtf, __sqrtf_finite) +diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c +index fc4a74990e..7038a70b47 100644 +--- a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c +@@ -41,10 +41,10 @@ static const float half = 0.5; + + #ifdef __STDC__ + double +-__ieee754_sqrt (double b) ++__slow_ieee754_sqrt (double b) + #else + double +-__ieee754_sqrt (b) ++__slow_ieee754_sqrt (b) + double b; + #endif + { +@@ -83,7 +83,7 @@ __ieee754_sqrt (b) + + /* Handle small numbers by scaling. */ + if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) +- return __ieee754_sqrt (b * two108) * twom54; ++ return __slow_ieee754_sqrt (b * two108) * twom54; + + #define FMADD(a_, c_, b_) \ + ({ double __r; \ +@@ -132,4 +132,12 @@ __ieee754_sqrt (b) + } + return f_wash (b); + } ++ ++#undef __ieee754_sqrt ++double ++__ieee754_sqrt (double x) ++{ ++ return __slow_ieee754_sqrt (x); ++} ++ + strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c +index 9d175122a8..10de1f0cc3 100644 +--- a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c +@@ -39,10 +39,10 @@ static const float threehalf = 1.5; + + #ifdef __STDC__ + float +-__ieee754_sqrtf (float b) ++__slow_ieee754_sqrtf (float b) + #else + float +-__ieee754_sqrtf (b) ++__slow_ieee754_sqrtf (b) + float b; + #endif + { +@@ -99,4 +99,12 @@ __ieee754_sqrtf (b) + } + return f_washf (b); + } ++ ++#undef __ieee754_sqrtf ++float ++__ieee754_sqrtf (float x) ++{ ++ return __slow_ieee754_sqrtf (x); ++} ++ + strong_alias (__ieee754_sqrtf, __sqrtf_finite) +diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c +index fc4a74990e..1c34244bd8 100644 +--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c +@@ -132,4 +132,12 @@ __ieee754_sqrt (b) + } + return f_wash (b); + } ++ ++#undef __ieee754_sqrt ++double ++__ieee754_sqrt (double x) ++{ ++ return __slow_ieee754_sqrt (x); ++} ++ + strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c +index 9d175122a8..812653558f 100644 +--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c +@@ -99,4 +99,12 @@ __ieee754_sqrtf (b) + } + return f_washf (b); + } ++ ++#undef __ieee754_sqrtf ++float ++__ieee754_sqrtf (float x) ++{ ++ return __slow_ieee754_sqrtf (x); ++} ++ + strong_alias (__ieee754_sqrtf, __sqrtf_finite) +diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c +index 1795fd6c3e..13a81973e3 100644 +--- a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c +@@ -40,7 +40,7 @@ static const float half = 0.5; + simultaneously. */ + + double +-__ieee754_sqrt (double b) ++__slow_ieee754_sqrt (double b) + { + if (__builtin_expect (b > 0, 1)) + { +@@ -77,7 +77,7 @@ __ieee754_sqrt (double b) + + /* Handle small numbers by scaling. */ + if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) +- return __ieee754_sqrt (b * two108) * twom54; ++ return __slow_ieee754_sqrt (b * two108) * twom54; + + #define FMADD(a_, c_, b_) \ + ({ double __r; \ +@@ -126,4 +126,12 @@ __ieee754_sqrt (double b) + } + return f_wash (b); + } ++ ++#undef __ieee754_sqrt ++double ++__ieee754_sqrt (double x) ++{ ++ return __slow_ieee754_sqrt (x); ++} ++ + strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c +index a917f313ab..fae2d81210 100644 +--- a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c +@@ -38,7 +38,7 @@ static const float threehalf = 1.5; + square root. */ + + float +-__ieee754_sqrtf (float b) ++__slow_ieee754_sqrtf (float b) + { + if (__builtin_expect (b > 0, 1)) + { +@@ -93,4 +93,11 @@ __ieee754_sqrtf (float b) + } + return f_washf (b); + } ++#undef __ieee754_sqrtf ++float ++__ieee754_sqrtf (float x) ++{ ++ return __slow_ieee754_sqrtf (x); ++} ++ + strong_alias (__ieee754_sqrtf, __sqrtf_finite) +diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c +index fc4a74990e..7038a70b47 100644 +--- a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c +@@ -41,10 +41,10 @@ static const float half = 0.5; + + #ifdef __STDC__ + double +-__ieee754_sqrt (double b) ++__slow_ieee754_sqrt (double b) + #else + double +-__ieee754_sqrt (b) ++__slow_ieee754_sqrt (b) + double b; + #endif + { +@@ -83,7 +83,7 @@ __ieee754_sqrt (b) + + /* Handle small numbers by scaling. */ + if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) +- return __ieee754_sqrt (b * two108) * twom54; ++ return __slow_ieee754_sqrt (b * two108) * twom54; + + #define FMADD(a_, c_, b_) \ + ({ double __r; \ +@@ -132,4 +132,12 @@ __ieee754_sqrt (b) + } + return f_wash (b); + } ++ ++#undef __ieee754_sqrt ++double ++__ieee754_sqrt (double x) ++{ ++ return __slow_ieee754_sqrt (x); ++} ++ + strong_alias (__ieee754_sqrt, __sqrt_finite) +diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c +index 9d175122a8..10de1f0cc3 100644 +--- a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c +@@ -39,10 +39,10 @@ static const float threehalf = 1.5; + + #ifdef __STDC__ + float +-__ieee754_sqrtf (float b) ++__slow_ieee754_sqrtf (float b) + #else + float +-__ieee754_sqrtf (b) ++__slow_ieee754_sqrtf (b) + float b; + #endif + { +@@ -99,4 +99,12 @@ __ieee754_sqrtf (b) + } + return f_washf (b); + } ++ ++#undef __ieee754_sqrtf ++float ++__ieee754_sqrtf (float x) ++{ ++ return __slow_ieee754_sqrtf (x); ++} ++ + strong_alias (__ieee754_sqrtf, __sqrtf_finite) diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0011-Quote-from-bug-1443-which-explains-what-the-patch-do.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0011-Quote-from-bug-1443-which-explains-what-the-patch-do.patch new file mode 100644 index 000000000..e4c78b5c7 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0011-Quote-from-bug-1443-which-explains-what-the-patch-do.patch @@ -0,0 +1,58 @@ +From 297bac9429260f8df495b81d3fae8ae4c6913f5f Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:20:09 +0000 +Subject: [PATCH] Quote from bug 1443 which explains what the patch does : + + We build some random program and link it with -lust. When we run it, + it dies with a SIGSEGV before reaching main(). + + Libust.so depends on liburcu-bp.so from the usermode-rcu package. + Although libust.so is not prelinked, liburcu-bp.so IS prelinked; this + is critical. + + Libust.so uses a TLS / __thread variable that is defined in liburcu- + bp.so. There are special ARM-specific relocation types that allow two + shared libraries to share thread-specific data. This is critical too. + + One more critical issue: although liburcu-bp.so is prelinked, we can't + load it at its prelinked address, because we also link against + librt.so, and librt.so uses that address. + + The dynamic linker is forced to relink liburcu-bp.so at a different + address. In the course of relinking, it processes the special ARM + relocation record mentioned above. The prelinker has already filled + in the information, which is a short offset into a table of thread- + specific data that is allocated per-thread for each library that uses + TLS. Because the normal behavior of a relocation is to add the symbol + value to an addend stored at the address being relocated, we end up + adding the short offset to itself, doubling it. + + Now we have an awkward situation. The libust.so library doesn't know + about the addend, so its TLS data for this element is correct. The + liburcu-bp.so library has a different offset for the element. When we + go to initialize the element for the first time in liburcu-bp.so, we + write the address of the result at the doubled (broken) offset. + Later, when we refer to the address from libust.so, we check the value + at the correct offset, but it's NULL, so we eat hot SIGSEGV. + +Upstream-Status: Pending + +Signed-off-by: Andrei Dinu +Signed-off-by: Khem Raj +--- + sysdeps/arm/dl-machine.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sysdeps/arm/dl-machine.h b/sysdeps/arm/dl-machine.h +index ff5e09e207..d68bfe5cbe 100644 +--- a/sysdeps/arm/dl-machine.h ++++ b/sysdeps/arm/dl-machine.h +@@ -510,7 +510,7 @@ elf_machine_rel (struct link_map *map, const Elf32_Rel *reloc, + + case R_ARM_TLS_DTPOFF32: + if (sym != NULL) +- *reloc_addr += sym->st_value; ++ *reloc_addr = sym->st_value; + break; + + case R_ARM_TLS_TPOFF32: diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0012-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0012-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch new file mode 100644 index 000000000..c5e8e6473 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0012-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch @@ -0,0 +1,33 @@ +From f389babf3c920e68b7d7391556a78ebf62a21ebe Mon Sep 17 00:00:00 2001 +From: Ting Liu +Date: Wed, 19 Dec 2012 04:39:57 -0600 +Subject: [PATCH] eglibc: run libm-err-tab.pl with specific dirs in ${S} + +libm-err-tab.pl will parse all the files named "libm-test-ulps" +in the given dir recursively. To avoid parsing the one in +${S}/.pc/ (it does exist after eglibc adds aarch64 support, +${S}/.pc/aarch64-0001-glibc-fsf-v1-eaf6f205.patch/ports/sysdeps/ +aarch64/libm-test-ulps), run libm-err-tab.pl with specific dirs +in ${S}. + +Upstream-Status: inappropriate [OE specific] + +Signed-off-by: Ting Liu +--- + manual/Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/manual/Makefile b/manual/Makefile +index e83444341e..aa2645bc55 100644 +--- a/manual/Makefile ++++ b/manual/Makefile +@@ -103,7 +103,8 @@ $(objpfx)stamp-libm-err: $(..)math/gen-libm-test.py \ + $(wildcard $(foreach dir,$(sysdirs),\ + $(dir)/libm-test-ulps)) + pwd=`pwd`; \ +- $(PYTHON) $< -s $$pwd/.. -m $(objpfx)libm-err-tmp ++ $(PYTHON) $< -s $$pwd/../ports -m $(objpfx)libm-err-tmp ++ $(PYTHON) $< -s $$pwd/../sysdeps -m $(objpfx)libm-err-tmp + $(move-if-change) $(objpfx)libm-err-tmp $(objpfx)libm-err.texi + touch $@ + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0013-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0013-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch new file mode 100644 index 000000000..7f362cace --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0013-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch @@ -0,0 +1,58 @@ +From 4b0d41a315e66f688fef7b0c2e2b6ce9fa16ec93 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:24:46 +0000 +Subject: [PATCH] __ieee754_sqrt{,f} are now inline functions and call out + __slow versions + +Upstream-Status: Pending + +Signed-off-by: chunrong guo +Signed-off-by: Khem Raj +--- + sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c | 6 +++--- + sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c +index 1c34244bd8..7038a70b47 100644 +--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c ++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c +@@ -41,10 +41,10 @@ static const float half = 0.5; + + #ifdef __STDC__ + double +-__ieee754_sqrt (double b) ++__slow_ieee754_sqrt (double b) + #else + double +-__ieee754_sqrt (b) ++__slow_ieee754_sqrt (b) + double b; + #endif + { +@@ -83,7 +83,7 @@ __ieee754_sqrt (b) + + /* Handle small numbers by scaling. */ + if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0)) +- return __ieee754_sqrt (b * two108) * twom54; ++ return __slow_ieee754_sqrt (b * two108) * twom54; + + #define FMADD(a_, c_, b_) \ + ({ double __r; \ +diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c +index 812653558f..10de1f0cc3 100644 +--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c ++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c +@@ -39,10 +39,10 @@ static const float threehalf = 1.5; + + #ifdef __STDC__ + float +-__ieee754_sqrtf (float b) ++__slow_ieee754_sqrtf (float b) + #else + float +-__ieee754_sqrtf (b) ++__slow_ieee754_sqrtf (b) + float b; + #endif + { diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0014-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0014-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch new file mode 100644 index 000000000..4da0e003c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0014-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch @@ -0,0 +1,39 @@ +From c062a462fee53a30a85d693c8288b5bd8fe4ec6e Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:27:10 +0000 +Subject: [PATCH] sysdeps/gnu/configure.ac: handle correctly + $libc_cv_rootsbindir + +Upstream-Status:Pending + +Signed-off-by: Matthieu Crapet +Signed-off-by: Khem Raj +--- + sysdeps/gnu/configure | 2 +- + sysdeps/gnu/configure.ac | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sysdeps/gnu/configure b/sysdeps/gnu/configure +index c15d1087e8..37cc983f2a 100644 +--- a/sysdeps/gnu/configure ++++ b/sysdeps/gnu/configure +@@ -32,6 +32,6 @@ case "$prefix" in + else + libc_cv_localstatedir=$localstatedir + fi +- libc_cv_rootsbindir=/sbin ++ test -n "$libc_cv_rootsbindir" || libc_cv_rootsbindir=/sbin + ;; + esac +diff --git a/sysdeps/gnu/configure.ac b/sysdeps/gnu/configure.ac +index 634fe4de2a..3db1697f4f 100644 +--- a/sysdeps/gnu/configure.ac ++++ b/sysdeps/gnu/configure.ac +@@ -21,6 +21,6 @@ case "$prefix" in + else + libc_cv_localstatedir=$localstatedir + fi +- libc_cv_rootsbindir=/sbin ++ test -n "$libc_cv_rootsbindir" || libc_cv_rootsbindir=/sbin + ;; + esac diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch new file mode 100644 index 000000000..15e83f891 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch @@ -0,0 +1,260 @@ +From 0bd39d8907953f18e01742f42b24647ac7689d0a Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:31:06 +0000 +Subject: [PATCH] 'yes' within the path sets wrong config variables + +It seems that the 'AC_EGREP_CPP(yes...' example is quite popular +but being such a short word to grep it is likely to produce +false-positive matches with the path it is configured into. + +The change is to use a more elaborated string to grep for. + +Upstream-Status: Submitted [libc-alpha@sourceware.org] + +Signed-off-by: Benjamin Esquivel +Signed-off-by: Khem Raj +--- + sysdeps/aarch64/configure | 4 ++-- + sysdeps/aarch64/configure.ac | 4 ++-- + sysdeps/arm/configure | 4 ++-- + sysdeps/arm/configure.ac | 4 ++-- + sysdeps/mips/configure | 4 ++-- + sysdeps/mips/configure.ac | 4 ++-- + sysdeps/nios2/configure | 4 ++-- + sysdeps/nios2/configure.ac | 4 ++-- + sysdeps/unix/sysv/linux/mips/configure | 4 ++-- + sysdeps/unix/sysv/linux/mips/configure.ac | 4 ++-- + sysdeps/unix/sysv/linux/powerpc/powerpc64/configure | 8 ++++---- + sysdeps/unix/sysv/linux/powerpc/powerpc64/configure.ac | 8 ++++---- + 12 files changed, 28 insertions(+), 28 deletions(-) + +diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure +index 83c3a23e44..a68c946277 100644 +--- a/sysdeps/aarch64/configure ++++ b/sysdeps/aarch64/configure +@@ -157,12 +157,12 @@ else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #ifdef __AARCH64EB__ +- yes ++ is_aarch64_be + #endif + + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- $EGREP "yes" >/dev/null 2>&1; then : ++ $EGREP "is_aarch64_be" >/dev/null 2>&1; then : + libc_cv_aarch64_be=yes + else + libc_cv_aarch64_be=no +diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac +index 66f755078a..a32b265bbe 100644 +--- a/sysdeps/aarch64/configure.ac ++++ b/sysdeps/aarch64/configure.ac +@@ -17,8 +17,8 @@ AC_DEFINE(SUPPORT_STATIC_PIE) + # the dynamic linker via %ifdef. + AC_CACHE_CHECK([for big endian], + [libc_cv_aarch64_be], +- [AC_EGREP_CPP(yes,[#ifdef __AARCH64EB__ +- yes ++ [AC_EGREP_CPP(is_aarch64_be,[#ifdef __AARCH64EB__ ++ is_aarch64_be + #endif + ], libc_cv_aarch64_be=yes, libc_cv_aarch64_be=no)]) + if test $libc_cv_aarch64_be = yes; then +diff --git a/sysdeps/arm/configure b/sysdeps/arm/configure +index 431e843b2b..e152461138 100644 +--- a/sysdeps/arm/configure ++++ b/sysdeps/arm/configure +@@ -151,12 +151,12 @@ else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #ifdef __ARM_PCS_VFP +- yes ++ use_arm_pcs_vfp + #endif + + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- $EGREP "yes" >/dev/null 2>&1; then : ++ $EGREP "use_arm_pcs_vfp" >/dev/null 2>&1; then : + libc_cv_arm_pcs_vfp=yes + else + libc_cv_arm_pcs_vfp=no +diff --git a/sysdeps/arm/configure.ac b/sysdeps/arm/configure.ac +index 90cdd69c75..05a262ba00 100644 +--- a/sysdeps/arm/configure.ac ++++ b/sysdeps/arm/configure.ac +@@ -15,8 +15,8 @@ AC_DEFINE(PI_STATIC_AND_HIDDEN) + # the dynamic linker via %ifdef. + AC_CACHE_CHECK([whether the compiler is using the ARM hard-float ABI], + [libc_cv_arm_pcs_vfp], +- [AC_EGREP_CPP(yes,[#ifdef __ARM_PCS_VFP +- yes ++ [AC_EGREP_CPP(use_arm_pcs_vfp,[#ifdef __ARM_PCS_VFP ++ use_arm_pcs_vfp + #endif + ], libc_cv_arm_pcs_vfp=yes, libc_cv_arm_pcs_vfp=no)]) + if test $libc_cv_arm_pcs_vfp = yes; then +diff --git a/sysdeps/mips/configure b/sysdeps/mips/configure +index 4e13248c03..f14af952d0 100644 +--- a/sysdeps/mips/configure ++++ b/sysdeps/mips/configure +@@ -143,11 +143,11 @@ else + /* end confdefs.h. */ + dnl + #ifdef __mips_nan2008 +-yes ++use_mips_nan2008 + #endif + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- $EGREP "yes" >/dev/null 2>&1; then : ++ $EGREP "use_mips_nan2008" >/dev/null 2>&1; then : + libc_cv_mips_nan2008=yes + else + libc_cv_mips_nan2008=no +diff --git a/sysdeps/mips/configure.ac b/sysdeps/mips/configure.ac +index bcbdaffd9f..ad3057f4cc 100644 +--- a/sysdeps/mips/configure.ac ++++ b/sysdeps/mips/configure.ac +@@ -6,9 +6,9 @@ dnl position independent way. + dnl AC_DEFINE(PI_STATIC_AND_HIDDEN) + + AC_CACHE_CHECK([whether the compiler is using the 2008 NaN encoding], +- libc_cv_mips_nan2008, [AC_EGREP_CPP(yes, [dnl ++ libc_cv_mips_nan2008, [AC_EGREP_CPP(use_mips_nan2008, [dnl + #ifdef __mips_nan2008 +-yes ++use_mips_nan2008 + #endif], libc_cv_mips_nan2008=yes, libc_cv_mips_nan2008=no)]) + if test x$libc_cv_mips_nan2008 = xyes; then + AC_DEFINE(HAVE_MIPS_NAN2008) +diff --git a/sysdeps/nios2/configure b/sysdeps/nios2/configure +index 14c8a3a014..dde3814ef2 100644 +--- a/sysdeps/nios2/configure ++++ b/sysdeps/nios2/configure +@@ -142,12 +142,12 @@ else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #ifdef __nios2_big_endian__ +- yes ++ is_nios2_be + #endif + + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- $EGREP "yes" >/dev/null 2>&1; then : ++ $EGREP "is_nios2_be" >/dev/null 2>&1; then : + libc_cv_nios2_be=yes + else + libc_cv_nios2_be=no +diff --git a/sysdeps/nios2/configure.ac b/sysdeps/nios2/configure.ac +index f05f43802b..dc8639902d 100644 +--- a/sysdeps/nios2/configure.ac ++++ b/sysdeps/nios2/configure.ac +@@ -4,8 +4,8 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory. + # Nios II big endian is not yet supported. + AC_CACHE_CHECK([for big endian], + [libc_cv_nios2_be], +- [AC_EGREP_CPP(yes,[#ifdef __nios2_big_endian__ +- yes ++ [AC_EGREP_CPP(is_nios2_be,[#ifdef __nios2_big_endian__ ++ is_nios2_be + #endif + ], libc_cv_nios2_be=yes, libc_cv_nios2_be=no)]) + if test $libc_cv_nios2_be = yes; then +diff --git a/sysdeps/unix/sysv/linux/mips/configure b/sysdeps/unix/sysv/linux/mips/configure +index f25f2a3a65..1b7483e6c6 100644 +--- a/sysdeps/unix/sysv/linux/mips/configure ++++ b/sysdeps/unix/sysv/linux/mips/configure +@@ -414,11 +414,11 @@ else + /* end confdefs.h. */ + dnl + #ifdef __mips_nan2008 +-yes ++use_mips_nan2008 + #endif + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- $EGREP "yes" >/dev/null 2>&1; then : ++ $EGREP "use_mips_nan2008" >/dev/null 2>&1; then : + libc_cv_mips_nan2008=yes + else + libc_cv_mips_nan2008=no +diff --git a/sysdeps/unix/sysv/linux/mips/configure.ac b/sysdeps/unix/sysv/linux/mips/configure.ac +index 049a0f4bdf..005526d4e8 100644 +--- a/sysdeps/unix/sysv/linux/mips/configure.ac ++++ b/sysdeps/unix/sysv/linux/mips/configure.ac +@@ -105,9 +105,9 @@ AC_COMPILE_IFELSE( + LIBC_CONFIG_VAR([mips-mode-switch],[${libc_mips_mode_switch}]) + + AC_CACHE_CHECK([whether the compiler is using the 2008 NaN encoding], +- libc_cv_mips_nan2008, [AC_EGREP_CPP(yes, [dnl ++ libc_cv_mips_nan2008, [AC_EGREP_CPP(use_mips_nan2008, [dnl + #ifdef __mips_nan2008 +-yes ++use_mips_nan2008 + #endif], libc_cv_mips_nan2008=yes, libc_cv_mips_nan2008=no)]) + + libc_mips_nan= +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure b/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure +index ae7f254da4..874519000b 100644 +--- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure +@@ -155,12 +155,12 @@ else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #if _CALL_ELF == 2 +- yes ++ use_ppc_elfv2_abi + #endif + + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- $EGREP "yes" >/dev/null 2>&1; then : ++ $EGREP "use_ppc_elfv2_abi" >/dev/null 2>&1; then : + libc_cv_ppc64_elfv2_abi=yes + else + libc_cv_ppc64_elfv2_abi=no +@@ -188,12 +188,12 @@ else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #ifdef _CALL_ELF +- yes ++ is_def_call_elf + #endif + + _ACEOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- $EGREP "yes" >/dev/null 2>&1; then : ++ $EGREP "is_def_call_elf" >/dev/null 2>&1; then : + libc_cv_ppc64_def_call_elf=yes + else + libc_cv_ppc64_def_call_elf=no +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure.ac b/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure.ac +index f9cba6e15d..b21f72f1e4 100644 +--- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure.ac ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure.ac +@@ -6,8 +6,8 @@ LIBC_SLIBDIR_RTLDDIR([lib64], [lib64]) + # Define default-abi according to compiler flags. + AC_CACHE_CHECK([whether the compiler is using the PowerPC64 ELFv2 ABI], + [libc_cv_ppc64_elfv2_abi], +- [AC_EGREP_CPP(yes,[#if _CALL_ELF == 2 +- yes ++ [AC_EGREP_CPP(use_ppc_elfv2_abi,[#if _CALL_ELF == 2 ++ use_ppc_elfv2_abi + #endif + ], libc_cv_ppc64_elfv2_abi=yes, libc_cv_ppc64_elfv2_abi=no)]) + if test $libc_cv_ppc64_elfv2_abi = yes; then +@@ -19,8 +19,8 @@ else + # Compiler that do not support ELFv2 ABI does not define _CALL_ELF + AC_CACHE_CHECK([whether the compiler defines _CALL_ELF], + [libc_cv_ppc64_def_call_elf], +- [AC_EGREP_CPP(yes,[#ifdef _CALL_ELF +- yes ++ [AC_EGREP_CPP(is_def_call_elf,[#ifdef _CALL_ELF ++ is_def_call_elf + #endif + ], libc_cv_ppc64_def_call_elf=yes, libc_cv_ppc64_def_call_elf=no)]) + if test $libc_cv_ppc64_def_call_elf = no; then diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch new file mode 100644 index 000000000..79bd70415 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch @@ -0,0 +1,42 @@ +From 3feb4213628f1485000ffe1d3fd26e37a7b14336 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:33:03 +0000 +Subject: [PATCH] timezone: re-written tzselect as posix sh + +To avoid the bash dependency. + +Upstream-Status: Pending + +Signed-off-by: Hongxu Jia +Signed-off-by: Khem Raj +--- + timezone/Makefile | 2 +- + timezone/tzselect.ksh | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/timezone/Makefile b/timezone/Makefile +index 395abfeebd..2d939edf75 100644 +--- a/timezone/Makefile ++++ b/timezone/Makefile +@@ -123,7 +123,7 @@ $(testdata)/XT%: testdata/XT% + cp $< $@ + + $(objpfx)tzselect: tzselect.ksh $(common-objpfx)config.make +- sed -e 's|/bin/bash|$(BASH)|' \ ++ sed -e 's|/bin/bash|/bin/sh|' \ + -e 's|TZDIR=[^}]*|TZDIR=$(zonedir)|' \ + -e '/TZVERSION=/s|see_Makefile|"$(version)"|' \ + -e '/PKGVERSION=/s|=.*|="$(PKGVERSION)"|' \ +diff --git a/timezone/tzselect.ksh b/timezone/tzselect.ksh +index 18fce27e24..70745f9d36 100755 +--- a/timezone/tzselect.ksh ++++ b/timezone/tzselect.ksh +@@ -34,7 +34,7 @@ REPORT_BUGS_TO=tz@iana.org + + # Specify default values for environment variables if they are unset. + : ${AWK=awk} +-: ${TZDIR=`pwd`} ++: ${TZDIR=$(pwd)} + + # Output one argument as-is to standard output. + # Safer than 'echo', which can mishandle '\' or leading '-'. diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch new file mode 100644 index 000000000..c32d70b59 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch @@ -0,0 +1,72 @@ +From f6119b98a9caa80642d69a97edc98f57ecef5c3c Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Thu, 31 Dec 2015 14:33:02 -0800 +Subject: [PATCH] Remove bash dependency for nscd init script + +The nscd init script uses #! /bin/bash but only really uses one bashism +(translated strings), so remove them and switch the shell to #!/bin/sh. + +Upstream-Status: Pending + +Signed-off-by: Ross Burton +Signed-off-by: Khem Raj +--- + nscd/nscd.init | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/nscd/nscd.init b/nscd/nscd.init +index a882da7d8b..b02986ec15 100644 +--- a/nscd/nscd.init ++++ b/nscd/nscd.init +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + # + # nscd: Starts the Name Switch Cache Daemon + # +@@ -49,7 +49,7 @@ prog=nscd + start () { + [ -d /var/run/nscd ] || mkdir /var/run/nscd + [ -d /var/db/nscd ] || mkdir /var/db/nscd +- echo -n $"Starting $prog: " ++ echo -n "Starting $prog: " + daemon /usr/sbin/nscd + RETVAL=$? + echo +@@ -58,7 +58,7 @@ start () { + } + + stop () { +- echo -n $"Stopping $prog: " ++ echo -n "Stopping $prog: " + /usr/sbin/nscd -K + RETVAL=$? + if [ $RETVAL -eq 0 ]; then +@@ -67,9 +67,9 @@ stop () { + # a non-privileged user + rm -f /var/run/nscd/nscd.pid + rm -f /var/run/nscd/socket +- success $"$prog shutdown" ++ success "$prog shutdown" + else +- failure $"$prog shutdown" ++ failure "$prog shutdown" + fi + echo + return $RETVAL +@@ -103,13 +103,13 @@ case "$1" in + RETVAL=$? + ;; + force-reload | reload) +- echo -n $"Reloading $prog: " ++ echo -n "Reloading $prog: " + killproc /usr/sbin/nscd -HUP + RETVAL=$? + echo + ;; + *) +- echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}" ++ echo "Usage: $0 {start|stop|status|restart|reload|condrestart}" + RETVAL=1 + ;; + esac diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch new file mode 100644 index 000000000..826e5af46 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch @@ -0,0 +1,616 @@ +From 060ba13b5ac5e90517d540f009ebdcdcf62f9685 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:42:58 +0000 +Subject: [PATCH] eglibc: Cross building and testing instructions + +Ported from eglibc +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + GLIBC.cross-building | 383 +++++++++++++++++++++++++++++++++++++++++++ + GLIBC.cross-testing | 205 +++++++++++++++++++++++ + 2 files changed, 588 insertions(+) + create mode 100644 GLIBC.cross-building + create mode 100644 GLIBC.cross-testing + +diff --git a/GLIBC.cross-building b/GLIBC.cross-building +new file mode 100644 +index 0000000000..e6e0da1aaf +--- /dev/null ++++ b/GLIBC.cross-building +@@ -0,0 +1,383 @@ ++ -*- mode: text -*- ++ ++ Cross-Compiling GLIBC ++ Jim Blandy ++ ++ ++Introduction ++ ++Most GNU tools have a simple build procedure: you run their ++'configure' script, and then you run 'make'. Unfortunately, the ++process of cross-compiling the GNU C library is quite a bit more ++involved: ++ ++1) Build a cross-compiler, with certain facilities disabled. ++ ++2) Configure the C library using the compiler you built in step 1). ++ Build a few of the C run-time object files, but not the rest of the ++ library. Install the library's header files and the run-time ++ object files, and create a dummy libc.so. ++ ++3) Build a second cross-compiler, using the header files and object ++ files you installed in step 2. ++ ++4) Configure, build, and install a fresh C library, using the compiler ++ built in step 3. ++ ++5) Build a third cross-compiler, based on the C library built in step 4. ++ ++The reason for this complexity is that, although GCC and the GNU C ++library are distributed separately, they are not actually independent ++of each other: GCC requires the C library's headers and some object ++files to compile its own libraries, while the C library depends on ++GCC's libraries. GLIBC includes features and bug fixes to the stock ++GNU C library that simplify this process, but the fundamental ++interdependency stands. ++ ++In this document, we explain how to cross-compile an GLIBC/GCC pair ++from source. Our intended audience is developers who are already ++familiar with the GNU toolchain and comfortable working with ++cross-development tools. While we do present a worked example to ++accompany the explanation, for clarity's sake we do not cover many of ++the options available to cross-toolchain users. ++ ++ ++Preparation ++ ++GLIBC requires recent versions of the GNU binutils, GCC, and the ++Linux kernel. The web page ++documents the current requirements, and lists patches needed for ++certain target architectures. As of this writing, these build ++instructions have been tested with binutils 2.22.51, GCC 4.6.2, ++and Linux 3.1. ++ ++First, let's set some variables, to simplify later commands. We'll ++build GLIBC and GCC for an ARM target, known to the Linux kernel ++as 'arm', and we'll do the build on an Intel x86_64 Linux box: ++ ++ $ build=x86_64-pc-linux-gnu ++ $ host=$build ++ $ target=arm-none-linux-gnueabi ++ $ linux_arch=arm ++ ++We're using the aforementioned versions of Binutils, GCC, and Linux: ++ ++ $ binutilsv=binutils-2.22.51 ++ $ gccv=gcc-4.6.2 ++ $ linuxv=linux-3.1 ++ ++We're carrying out the entire process under '~/cross-build', which ++contains unpacked source trees for binutils, gcc, and linux kernel, ++along with GLIBC svn trunk (which can be checked-out with ++'svn co http://www.eglibc.org/svn/trunk eglibc'): ++ ++ $ top=$HOME/cross-build/$target ++ $ src=$HOME/cross-build/src ++ $ ls $src ++ binutils-2.22.51 glibc gcc-4.6.2 linux-3.1 ++ ++We're going to place our build directories in a subdirectory 'obj', ++we'll install the cross-development toolchain in 'tools', and we'll ++place our sysroot (containing files to be installed on the target ++system) in 'sysroot': ++ ++ $ obj=$top/obj ++ $ tools=$top/tools ++ $ sysroot=$top/sysroot ++ ++ ++Binutils ++ ++Configuring and building binutils for the target is straightforward: ++ ++ $ mkdir -p $obj/binutils ++ $ cd $obj/binutils ++ $ $src/$binutilsv/configure \ ++ > --target=$target \ ++ > --prefix=$tools \ ++ > --with-sysroot=$sysroot ++ $ make ++ $ make install ++ ++ ++The First GCC ++ ++For our work, we need a cross-compiler targeting an ARM Linux ++system. However, that configuration includes the shared library ++'libgcc_s.so', which is compiled against the GLIBC headers (which we ++haven't installed yet) and linked against 'libc.so' (which we haven't ++built yet). ++ ++Fortunately, there are configuration options for GCC which tell it not ++to build 'libgcc_s.so'. The '--without-headers' option is supposed to ++take care of this, but its implementation is incomplete, so you must ++also configure with the '--with-newlib' option. While '--with-newlib' ++appears to mean "Use the Newlib C library", its effect is to tell the ++GCC build machinery, "Don't assume there is a C library available." ++ ++We also need to disable some of the libraries that would normally be ++built along with GCC, and specify that only the compiler for the C ++language is needed. ++ ++So, we create a build directory, configure, make, and install. ++ ++ $ mkdir -p $obj/gcc1 ++ $ cd $obj/gcc1 ++ $ $src/$gccv/configure \ ++ > --target=$target \ ++ > --prefix=$tools \ ++ > --without-headers --with-newlib \ ++ > --disable-shared --disable-threads --disable-libssp \ ++ > --disable-libgomp --disable-libmudflap --disable-libquadmath \ ++ > --disable-decimal-float --disable-libffi \ ++ > --enable-languages=c ++ $ PATH=$tools/bin:$PATH make ++ $ PATH=$tools/bin:$PATH make install ++ ++ ++Linux Kernel Headers ++ ++To configure GLIBC, we also need Linux kernel headers in place. ++Fortunately, the Linux makefiles have a target that installs them for ++us. Since the process does modify the source tree a bit, we make a ++copy first: ++ ++ $ cp -r $src/$linuxv $obj/linux ++ $ cd $obj/linux ++ ++Now we're ready to install the headers into the sysroot: ++ ++ $ PATH=$tools/bin:$PATH \ ++ > make headers_install \ ++ > ARCH=$linux_arch CROSS_COMPILE=$target- \ ++ > INSTALL_HDR_PATH=$sysroot/usr ++ ++ ++GLIBC Headers and Preliminary Objects ++ ++Using the cross-compiler we've just built, we can now configure GLIBC ++well enough to install the headers and build the object files that the ++full cross-compiler will need: ++ ++ $ mkdir -p $obj/glibc-headers ++ $ cd $obj/glibc-headers ++ $ BUILD_CC=gcc \ ++ > CC=$tools/bin/$target-gcc \ ++ > CXX=$tools/bin/$target-g++ \ ++ > AR=$tools/bin/$target-ar \ ++ > RANLIB=$tools/bin/$target-ranlib \ ++ > $src/glibc/libc/configure \ ++ > --prefix=/usr \ ++ > --with-headers=$sysroot/usr/include \ ++ > --build=$build \ ++ > --host=$target \ ++ > --disable-profile --without-gd --without-cvs \ ++ > --enable-add-ons=nptl,libidn,../ports ++ ++The option '--prefix=/usr' may look strange, but you should never ++configure GLIBC with a prefix other than '/usr': in various places, ++GLIBC's build system checks whether the prefix is '/usr', and does ++special handling only if that is the case. Unless you use this ++prefix, you will get a sysroot that does not use the standard Linux ++directory layouts and cannot be used as a basis for the root ++filesystem on your target system compatibly with normal GLIBC ++installations. ++ ++The '--with-headers' option tells GLIBC where the Linux headers have ++been installed. ++ ++The '--enable-add-ons=nptl,libidn,../ports' option tells GLIBC to look ++for the listed glibc add-ons. Most notably the ports add-on (located ++just above the libc sources in the GLIBC svn tree) is required to ++support ARM targets. ++ ++We can now use the 'install-headers' makefile target to install the ++headers: ++ ++ $ make install-headers install_root=$sysroot \ ++ > install-bootstrap-headers=yes ++ ++The 'install_root' variable indicates where the files should actually ++be installed; its value is treated as the parent of the '--prefix' ++directory we passed to the configure script, so the headers will go in ++'$sysroot/usr/include'. The 'install-bootstrap-headers' variable ++requests special handling for certain tricky header files. ++ ++Next, there are a few object files needed to link shared libraries, ++which we build and install by hand: ++ ++ $ mkdir -p $sysroot/usr/lib ++ $ make csu/subdir_lib ++ $ cp csu/crt1.o csu/crti.o csu/crtn.o $sysroot/usr/lib ++ ++Finally, 'libgcc_s.so' requires a 'libc.so' to link against. However, ++since we will never actually execute its code, it doesn't matter what ++it contains. So, treating '/dev/null' as a C source file, we produce ++a dummy 'libc.so' in one step: ++ ++ $ $tools/bin/$target-gcc -nostdlib -nostartfiles -shared -x c /dev/null \ ++ > -o $sysroot/usr/lib/libc.so ++ ++ ++The Second GCC ++ ++With the GLIBC headers and selected object files installed, we can ++now build a GCC that is capable of compiling GLIBC. We configure, ++build, and install the second GCC, again building only the C compiler, ++and avoiding libraries we won't use: ++ ++ $ mkdir -p $obj/gcc2 ++ $ cd $obj/gcc2 ++ $ $src/$gccv/configure \ ++ > --target=$target \ ++ > --prefix=$tools \ ++ > --with-sysroot=$sysroot \ ++ > --disable-libssp --disable-libgomp --disable-libmudflap \ ++ > --disable-libffi --disable-libquadmath \ ++ > --enable-languages=c ++ $ PATH=$tools/bin:$PATH make ++ $ PATH=$tools/bin:$PATH make install ++ ++ ++GLIBC, Complete ++ ++With the second compiler built and installed, we're now ready for the ++full GLIBC build: ++ ++ $ mkdir -p $obj/glibc ++ $ cd $obj/glibc ++ $ BUILD_CC=gcc \ ++ > CC=$tools/bin/$target-gcc \ ++ > CXX=$tools/bin/$target-g++ \ ++ > AR=$tools/bin/$target-ar \ ++ > RANLIB=$tools/bin/$target-ranlib \ ++ > $src/glibc/libc/configure \ ++ > --prefix=/usr \ ++ > --with-headers=$sysroot/usr/include \ ++ > --with-kconfig=$obj/linux/scripts/kconfig \ ++ > --build=$build \ ++ > --host=$target \ ++ > --disable-profile --without-gd --without-cvs \ ++ > --enable-add-ons=nptl,libidn,../ports ++ ++Note the additional '--with-kconfig' option. This tells GLIBC where to ++find the host config tools used by the kernel 'make config' and 'make ++menuconfig'. These tools can be re-used by GLIBC for its own 'make ++*config' support, which will create 'option-groups.config' for you. ++But first make sure those tools have been built by running some ++dummy 'make *config' calls in the kernel directory: ++ ++ $ cd $obj/linux ++ $ PATH=$tools/bin:$PATH make config \ ++ > ARCH=$linux_arch CROSS_COMPILE=$target- \ ++ $ PATH=$tools/bin:$PATH make menuconfig \ ++ > ARCH=$linux_arch CROSS_COMPILE=$target- \ ++ ++Now we can configure and build the full GLIBC: ++ ++ $ cd $obj/glibc ++ $ PATH=$tools/bin:$PATH make defconfig ++ $ PATH=$tools/bin:$PATH make menuconfig ++ $ PATH=$tools/bin:$PATH make ++ $ PATH=$tools/bin:$PATH make install install_root=$sysroot ++ ++At this point, we have a complete GLIBC installation in '$sysroot', ++with header files, library files, and most of the C runtime startup ++files in place. ++ ++ ++The Third GCC ++ ++Finally, we recompile GCC against this full installation, enabling ++whatever languages and libraries we would like to use: ++ ++ $ mkdir -p $obj/gcc3 ++ $ cd $obj/gcc3 ++ $ $src/$gccv/configure \ ++ > --target=$target \ ++ > --prefix=$tools \ ++ > --with-sysroot=$sysroot \ ++ > --enable-__cxa_atexit \ ++ > --disable-libssp --disable-libgomp --disable-libmudflap \ ++ > --enable-languages=c,c++ ++ $ PATH=$tools/bin:$PATH make ++ $ PATH=$tools/bin:$PATH make install ++ ++The '--enable-__cxa_atexit' option tells GCC what sort of C++ ++destructor support to expect from the C library; it's required with ++GLIBC. ++ ++And since GCC's installation process isn't designed to help construct ++sysroot trees, we must manually copy certain libraries into place in ++the sysroot. ++ ++ $ cp -d $tools/$target/lib/libgcc_s.so* $sysroot/lib ++ $ cp -d $tools/$target/lib/libstdc++.so* $sysroot/usr/lib ++ ++ ++Trying Things Out ++ ++At this point, '$tools' contains a cross toolchain ready to use ++the GLIBC installation in '$sysroot': ++ ++ $ cat > hello.c < #include ++ > int ++ > main (int argc, char **argv) ++ > { ++ > puts ("Hello, world!"); ++ > return 0; ++ > } ++ > EOF ++ $ $tools/bin/$target-gcc -Wall hello.c -o hello ++ $ cat > c++-hello.cc < #include ++ > int ++ > main (int argc, char **argv) ++ > { ++ > std::cout << "Hello, C++ world!" << std::endl; ++ > return 0; ++ > } ++ > EOF ++ $ $tools/bin/$target-g++ -Wall c++-hello.cc -o c++-hello ++ ++ ++We can use 'readelf' to verify that these are indeed executables for ++our target, using our dynamic linker: ++ ++ $ $tools/bin/$target-readelf -hl hello ++ ELF Header: ++ ... ++ Type: EXEC (Executable file) ++ Machine: ARM ++ ++ ... ++ Program Headers: ++ Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align ++ PHDR 0x000034 0x10000034 0x10000034 0x00100 0x00100 R E 0x4 ++ INTERP 0x000134 0x00008134 0x00008134 0x00013 0x00013 R 0x1 ++ [Requesting program interpreter: /lib/ld-linux.so.3] ++ LOAD 0x000000 0x00008000 0x00008000 0x0042c 0x0042c R E 0x8000 ++ ... ++ ++Looking at the dynamic section of the installed 'libgcc_s.so', we see ++that the 'NEEDED' entry for the C library does include the '.6' ++suffix, indicating that was linked against our fully build GLIBC, and ++not our dummy 'libc.so': ++ ++ $ $tools/bin/$target-readelf -d $sysroot/lib/libgcc_s.so.1 ++ Dynamic section at offset 0x1083c contains 24 entries: ++ Tag Type Name/Value ++ 0x00000001 (NEEDED) Shared library: [libc.so.6] ++ 0x0000000e (SONAME) Library soname: [libgcc_s.so.1] ++ ... ++ ++ ++And on the target machine, we can run our programs: ++ ++ $ $sysroot/lib/ld.so.1 --library-path $sysroot/lib:$sysroot/usr/lib \ ++ > ./hello ++ Hello, world! ++ $ $sysroot/lib/ld.so.1 --library-path $sysroot/lib:$sysroot/usr/lib \ ++ > ./c++-hello ++ Hello, C++ world! +diff --git a/GLIBC.cross-testing b/GLIBC.cross-testing +new file mode 100644 +index 0000000000..b67b468466 +--- /dev/null ++++ b/GLIBC.cross-testing +@@ -0,0 +1,205 @@ ++ -*- mode: text -*- ++ ++ Cross-Testing With GLIBC ++ Jim Blandy ++ ++ ++Introduction ++ ++Developers writing software for embedded systems often use a desktop ++or other similarly capable computer for development, but need to run ++tests on the embedded system, or perhaps on a simulator. When ++configured for cross-compilation, the stock GNU C library simply ++disables running tests altogether: the command 'make tests' builds ++test programs, but does not run them. GLIBC, however, provides ++facilities for compiling tests and generating data files on the build ++system, but running the test programs themselves on a remote system or ++simulator. ++ ++ ++Test environment requirements ++ ++The test environment must meet certain conditions for GLIBC's ++cross-testing facilities to work: ++ ++- Shared filesystems. The 'build' system, on which you configure and ++ compile GLIBC, and the 'host' system, on which you intend to run ++ GLIBC, must share a filesystem containing the GLIBC build and ++ source trees. Files must appear at the same paths on both systems. ++ ++- Remote-shell like invocation. There must be a way to run a program ++ on the host system from the build system, passing it properly quoted ++ command-line arguments, setting environment variables, and ++ inheriting the caller's standard input and output. ++ ++ ++Usage ++ ++To use GLIBC's cross-testing support, provide values for the ++following Make variables when you invoke 'make': ++ ++- cross-test-wrapper ++ ++ This should be the name of the cross-testing wrapper command, along ++ with any arguments. ++ ++- cross-localedef ++ ++ This should be the name of a cross-capable localedef program, like ++ that included in the GLIBC 'localedef' module, along with any ++ arguments needed. ++ ++These are each explained in detail below. ++ ++ ++The Cross-Testing Wrapper ++ ++To run test programs reliably, the stock GNU C library takes care to ++ensure that test programs use the newly compiled dynamic linker and ++shared libraries, and never the host system's installed libraries. To ++accomplish this, it runs the tests by explicitly invoking the dynamic ++linker from the build tree, passing it a list of build tree ++directories to search for shared libraries, followed by the name of ++the executable to run and its arguments. ++ ++For example, where one might normally run a test program like this: ++ ++ $ ./tst-foo arg1 arg2 ++ ++the GNU C library might run that program like this: ++ ++ $ $objdir/elf/ld-linux.so.3 --library-path $objdir \ ++ ./tst-foo arg1 arg2 ++ ++(where $objdir is the path to the top of the build tree, and the ++trailing backslash indicates a continuation of the command). In other ++words, each test program invocation is 'wrapped up' inside an explicit ++invocation of the dynamic linker, which must itself execute the test ++program, having loaded shared libraries from the appropriate ++directories. ++ ++To support cross-testing, GLIBC allows the developer to optionally ++set the 'cross-test-wrapper' Make variable to another wrapper command, ++to which it passes the entire dynamic linker invocation shown above as ++arguments. For example, if the developer supplies a wrapper of ++'my-wrapper hostname', then GLIBC would run the test above as ++follows: ++ ++ $ my-wrapper hostname \ ++ $objdir/elf/ld-linux.so.3 --library-path $objdir \ ++ ./tst-foo arg1 arg2 ++ ++The 'my-wrapper' command is responsible for executing the command ++given on the host system. ++ ++Since tests are run in varying directories, the wrapper should either ++be in your command search path, or 'cross-test-wrapper' should give an ++absolute path for the wrapper. ++ ++The wrapper must meet several requirements: ++ ++- It must preserve the current directory. As explained above, the ++ build directory tree must be visible on both the build and host ++ systems, at the same path. The test wrapper must ensure that the ++ current directory it inherits is also inherited by the dynamic ++ linker (and thus the test program itself). ++ ++- It must preserve environment variables' values. Many GLIBC tests ++ set environment variables for test runs; in native testing, it ++ invokes programs like this: ++ ++ $ GCONV_PATH=$objdir/iconvdata \ ++ $objdir/elf/ld-linux.so.3 --library-path $objdir \ ++ ./tst-foo arg1 arg2 ++ ++ With the cross-testing wrapper, that invocation becomes: ++ ++ $ GCONV_PATH=$objdir/iconvdata \ ++ my-wrapper hostname \ ++ $objdir/elf/ld-linux.so.3 --library-path $objdir \ ++ ./tst-foo arg1 arg2 ++ ++ Here, 'my-wrapper' must ensure that the value it sees for ++ 'GCONV_PATH' will be seen by the dynamic linker, and thus 'tst-foo' ++ itself. (The wrapper supplied with GLIBC simply preserves the ++ values of *all* enviroment variables, with a fixed set of ++ exceptions.) ++ ++ If your wrapper is a shell script, take care to correctly propagate ++ environment variables whose values contain spaces and shell ++ metacharacters. ++ ++- It must pass the command's arguments, unmodified. The arguments ++ seen by the test program should be exactly those seen by the wrapper ++ (after whatever arguments are given to the wrapper itself). The ++ GLIBC test framework performs all needed shell word splitting and ++ expansion (wildcard expansion, parameter substitution, and so on) ++ before invoking the wrapper; further expansion may break the tests. ++ ++ ++The 'cross-test-ssh.sh' script ++ ++If you want to use 'ssh' (or something sufficiently similar) to run ++test programs on your host system, GLIBC includes a shell script, ++'scripts/cross-test-ssh.sh', which you can use as your wrapper ++command. This script takes care of setting the test command's current ++directory, propagating environment variable values, and carrying ++command-line arguments, all across an 'ssh' connection. You may even ++supply an alternative to 'ssh' on the command line, if needed. ++ ++For more details, pass 'cross-test-ssh.sh' the '--help' option. ++ ++ ++The Cross-Compiling Locale Definition Command ++ ++Some GLIBC tests rely on locales generated especially for the test ++process. In a native configuration, these tests simply run the ++'localedef' command built by the normal GLIBC build process, ++'locale/localedef', to process and install their locales. However, in ++a cross-compiling configuration, this 'localedef' is built for the ++host system, not the build system, and since it requires quite a bit ++of memory to run (we have seen it fail on systems with 64MiB of ++memory), it may not be practical to run it on the host system. ++ ++If set, GLIBC uses the 'cross-localedef' Make variable as the command ++to run on the build system to process and install locales. The ++localedef program built from the GLIBC 'localedef' module is ++suitable. ++ ++The value of 'cross-localedef' may also include command-line arguments ++to be passed to the program; if you are using GLIBC's 'localedef', ++you may include endianness and 'uint32_t' alignment arguments here. ++ ++ ++Example ++ ++In developing GLIBC's cross-testing facility, we invoked 'make' with ++the following script: ++ ++ #!/bin/sh ++ ++ srcdir=... ++ test_hostname=... ++ localedefdir=... ++ cross_gxx=...-g++ ++ ++ wrapper="$srcdir/scripts/cross-test-ssh.sh $test_hostname" ++ localedef="$localedefdir/localedef --little-endian --uint32-align=4" ++ ++ make cross-test-wrapper="$wrapper" \ ++ cross-localedef="$localedef" \ ++ CXX="$cross_gxx" \ ++ "$@" ++ ++ ++Other Cross-Testing Concerns ++ ++Here are notes on some other issues which you may encounter in running ++the GLIBC tests in a cross-compiling environment: ++ ++- Some tests require a C++ cross-compiler; you should set the 'CXX' ++ Make variable to the name of an appropriate cross-compiler. ++ ++- Some tests require access to libstdc++.so.6 and libgcc_s.so.1; we ++ simply place copies of these libraries in the top GLIBC build ++ directory. diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch new file mode 100644 index 000000000..afac2e04f --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch @@ -0,0 +1,97 @@ +From f13c2f525e9bc82ce13e4cf486f7fe0831fc3fac Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:49:28 +0000 +Subject: [PATCH] eglibc: Help bootstrap cross toolchain + +Taken from EGLIBC, r1484 + r1525 + + 2007-02-20 Jim Blandy + + * Makefile (install-headers): Preserve old behavior: depend on + $(inst_includedir)/gnu/stubs.h only if install-bootstrap-headers + is set; otherwise, place gnu/stubs.h on the 'install-others' list. + + 2007-02-16 Jim Blandy + + * Makefile: Amend make install-headers to install everything + necessary for building a cross-compiler. Install gnu/stubs.h as + part of 'install-headers', not 'install-others'. + If install-bootstrap-headers is 'yes', install a dummy copy of + gnu/stubs.h, instead of computing the real thing. + * include/stubs-bootstrap.h: New file. + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + Makefile | 22 +++++++++++++++++++++- + include/stubs-bootstrap.h | 12 ++++++++++++ + 2 files changed, 33 insertions(+), 1 deletion(-) + create mode 100644 include/stubs-bootstrap.h + +diff --git a/Makefile b/Makefile +index 50f99ca611..31eed15f02 100644 +--- a/Makefile ++++ b/Makefile +@@ -79,9 +79,18 @@ subdir-dirs = include + vpath %.h $(subdir-dirs) + + # What to install. +-install-others = $(inst_includedir)/gnu/stubs.h + install-bin-script = + ++# If we're bootstrapping, install a dummy gnu/stubs.h along with the ++# other headers, so 'make install-headers' produces a useable include ++# tree. Otherwise, install gnu/stubs.h later, after the rest of the ++# build is done. ++ifeq ($(install-bootstrap-headers),yes) ++install-headers: $(inst_includedir)/gnu/stubs.h ++else ++install-others = $(inst_includedir)/gnu/stubs.h ++endif ++ + ifeq (yes,$(build-shared)) + headers += gnu/lib-names.h + endif +@@ -416,6 +425,16 @@ others: $(common-objpfx)testrun.sh $(common-objpfx)debugglibc.sh + + subdir-stubs := $(foreach dir,$(subdirs),$(common-objpfx)$(dir)/stubs) + ++# gnu/stubs.h depends (via the subdir 'stubs' targets) on all the .o ++# files in EGLIBC. For bootstrapping a GCC/EGLIBC pair, an empty ++# gnu/stubs.h is good enough. ++ifeq ($(install-bootstrap-headers),yes) ++$(inst_includedir)/gnu/stubs.h: include/stubs-bootstrap.h $(+force) ++ $(make-target-directory) ++ $(INSTALL_DATA) $< $@ ++ ++installed-stubs = ++else + ifndef abi-variants + installed-stubs = $(inst_includedir)/gnu/stubs.h + else +@@ -442,6 +461,7 @@ $(inst_includedir)/gnu/stubs.h: $(+force) + + install-others-nosubdir: $(installed-stubs) + endif ++endif + + + # Since stubs.h is never needed when building the library, we simplify the +diff --git a/include/stubs-bootstrap.h b/include/stubs-bootstrap.h +new file mode 100644 +index 0000000000..1d2b669aff +--- /dev/null ++++ b/include/stubs-bootstrap.h +@@ -0,0 +1,12 @@ ++/* Placeholder stubs.h file for bootstrapping. ++ ++ When bootstrapping a GCC/EGLIBC pair, GCC requires that the EGLIBC ++ headers be installed, but we can't fully build EGLIBC without that ++ GCC. So we run the command: ++ ++ make install-headers install-bootstrap-headers=yes ++ ++ to install the headers GCC needs, but avoid building certain ++ difficult headers. The header depends, via the ++ EGLIBC subdir 'stubs' make targets, on every .o file in EGLIBC, but ++ an empty stubs.h like this will do fine for GCC. */ diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0020-eglibc-Resolve-__fpscr_values-on-SH4.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0020-eglibc-Resolve-__fpscr_values-on-SH4.patch new file mode 100644 index 000000000..9a610c670 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0020-eglibc-Resolve-__fpscr_values-on-SH4.patch @@ -0,0 +1,53 @@ +From 330c4e50e28e29c31fb8d6ab39cdbb2af4d3def7 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:55:53 +0000 +Subject: [PATCH] eglibc: Resolve __fpscr_values on SH4 + +2010-09-29 Nobuhiro Iwamatsu + Andrew Stubbs + + Resolve SH's __fpscr_values to symbol in libc.so. + + * sysdeps/sh/sh4/fpu/fpu_control.h: Add C++ __set_fpscr prototype. + * sysdeps/unix/sysv/linux/sh/Versions (GLIBC_2.2): Add __fpscr_values. + * sysdeps/unix/sysv/linux/sh/sysdep.S (___fpscr_values): New constant. + +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + sysdeps/unix/sysv/linux/sh/Versions | 1 + + sysdeps/unix/sysv/linux/sh/sysdep.S | 11 +++++++++++ + 2 files changed, 12 insertions(+) + +diff --git a/sysdeps/unix/sysv/linux/sh/Versions b/sysdeps/unix/sysv/linux/sh/Versions +index e0938c4165..ca1d7da339 100644 +--- a/sysdeps/unix/sysv/linux/sh/Versions ++++ b/sysdeps/unix/sysv/linux/sh/Versions +@@ -2,6 +2,7 @@ libc { + GLIBC_2.2 { + # functions used in other libraries + __xstat64; __fxstat64; __lxstat64; ++ __fpscr_values; + + # a* + alphasort64; +diff --git a/sysdeps/unix/sysv/linux/sh/sysdep.S b/sysdeps/unix/sysv/linux/sh/sysdep.S +index a18fbb2e8b..59421bfbb0 100644 +--- a/sysdeps/unix/sysv/linux/sh/sysdep.S ++++ b/sysdeps/unix/sysv/linux/sh/sysdep.S +@@ -30,3 +30,14 @@ ENTRY (__syscall_error) + + #define __syscall_error __syscall_error_1 + #include ++ ++ .data ++ .align 3 ++ .globl ___fpscr_values ++ .type ___fpscr_values, @object ++ .size ___fpscr_values, 8 ++___fpscr_values: ++ .long 0 ++ .long 0x80000 ++weak_alias (___fpscr_values, __fpscr_values) ++ diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0021-eglibc-Forward-port-cross-locale-generation-support.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0021-eglibc-Forward-port-cross-locale-generation-support.patch new file mode 100644 index 000000000..0b2f020fd --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0021-eglibc-Forward-port-cross-locale-generation-support.patch @@ -0,0 +1,560 @@ +From 557ed640b26bd208ce8d4a6fd725b124893668d7 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 01:33:49 +0000 +Subject: [PATCH] eglibc: Forward port cross locale generation support + +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + locale/Makefile | 3 +- + locale/catnames.c | 46 +++++++++++++++++++++++++++ + locale/localeinfo.h | 2 +- + locale/programs/charmap-dir.c | 6 ++++ + locale/programs/ld-collate.c | 17 +++++----- + locale/programs/ld-ctype.c | 27 ++++++++-------- + locale/programs/ld-time.c | 31 ++++++++++++------ + locale/programs/linereader.c | 2 +- + locale/programs/localedef.c | 8 +++++ + locale/programs/locfile.c | 5 ++- + locale/programs/locfile.h | 59 +++++++++++++++++++++++++++++++++-- + locale/setlocale.c | 29 ----------------- + 12 files changed, 167 insertions(+), 68 deletions(-) + create mode 100644 locale/catnames.c + +diff --git a/locale/Makefile b/locale/Makefile +index b7c60681fa..07c606cde3 100644 +--- a/locale/Makefile ++++ b/locale/Makefile +@@ -26,7 +26,8 @@ headers = langinfo.h locale.h bits/locale.h \ + bits/types/locale_t.h bits/types/__locale_t.h + routines = setlocale findlocale loadlocale loadarchive \ + localeconv nl_langinfo nl_langinfo_l mb_cur_max \ +- newlocale duplocale freelocale uselocale ++ newlocale duplocale freelocale uselocale \ ++ catnames + tests = tst-C-locale tst-locname tst-duplocale + tests-container = tst-localedef-path-norm + categories = ctype messages monetary numeric time paper name \ +diff --git a/locale/catnames.c b/locale/catnames.c +new file mode 100644 +index 0000000000..538f3f5edb +--- /dev/null ++++ b/locale/catnames.c +@@ -0,0 +1,46 @@ ++/* Copyright (C) 2006 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, write to the Free ++ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++ 02111-1307 USA. */ ++ ++#include "localeinfo.h" ++ ++/* Define an array of category names (also the environment variable names). */ ++const struct catnamestr_t _nl_category_names attribute_hidden = ++ { ++#define DEFINE_CATEGORY(category, category_name, items, a) \ ++ category_name, ++#include "categories.def" ++#undef DEFINE_CATEGORY ++ }; ++ ++const uint8_t _nl_category_name_idxs[__LC_LAST] attribute_hidden = ++ { ++#define DEFINE_CATEGORY(category, category_name, items, a) \ ++ [category] = offsetof (struct catnamestr_t, CATNAMEMF (__LINE__)), ++#include "categories.def" ++#undef DEFINE_CATEGORY ++ }; ++ ++/* An array of their lengths, for convenience. */ ++const uint8_t _nl_category_name_sizes[] attribute_hidden = ++ { ++#define DEFINE_CATEGORY(category, category_name, items, a) \ ++ [category] = sizeof (category_name) - 1, ++#include "categories.def" ++#undef DEFINE_CATEGORY ++ [LC_ALL] = sizeof ("LC_ALL") - 1 ++ }; +diff --git a/locale/localeinfo.h b/locale/localeinfo.h +index 22f9dc1140..fa31b3c5ea 100644 +--- a/locale/localeinfo.h ++++ b/locale/localeinfo.h +@@ -230,7 +230,7 @@ __libc_tsd_define (extern, locale_t, LOCALE) + unused. We can manage this playing some tricks with weak references. + But with thread-local locale settings, it becomes quite ungainly unless + we can use __thread variables. So only in that case do we attempt this. */ +-#ifndef SHARED ++#if !defined SHARED && !defined IN_GLIBC_LOCALEDEF + # include + # define NL_CURRENT_INDIRECT 1 + #endif +diff --git a/locale/programs/charmap-dir.c b/locale/programs/charmap-dir.c +index 4841bfd05d..ffcba1fd79 100644 +--- a/locale/programs/charmap-dir.c ++++ b/locale/programs/charmap-dir.c +@@ -18,7 +18,9 @@ + #include + #include + #include ++#ifndef NO_UNCOMPRESS + #include ++#endif + #include + #include + #include +@@ -154,6 +156,7 @@ charmap_closedir (CHARMAP_DIR *cdir) + return closedir (dir); + } + ++#ifndef NO_UNCOMPRESS + /* Creates a subprocess decompressing the given pathname, and returns + a stream reading its output (the decompressed data). */ + static +@@ -202,6 +205,7 @@ fopen_uncompressed (const char *pathname, const char *compressor) + } + return NULL; + } ++#endif + + /* Opens a charmap for reading, given its name (not an alias name). */ + FILE * +@@ -224,6 +228,7 @@ charmap_open (const char *directory, const char *name) + if (stream != NULL) + return stream; + ++#ifndef NO_UNCOMPRESS + memcpy (p, ".gz", 4); + stream = fopen_uncompressed (pathname, "gzip"); + if (stream != NULL) +@@ -233,6 +238,7 @@ charmap_open (const char *directory, const char *name) + stream = fopen_uncompressed (pathname, "bzip2"); + if (stream != NULL) + return stream; ++#endif + + return NULL; + } +diff --git a/locale/programs/ld-collate.c b/locale/programs/ld-collate.c +index 0af21e05e2..4980b0c52f 100644 +--- a/locale/programs/ld-collate.c ++++ b/locale/programs/ld-collate.c +@@ -349,7 +349,7 @@ new_element (struct locale_collate_t *collate, const char *mbs, size_t mbslen, + } + if (wcs != NULL) + { +- size_t nwcs = wcslen ((wchar_t *) wcs); ++ size_t nwcs = wcslen_uint32 (wcs); + uint32_t zero = 0; + /* Handle as a single character. */ + if (nwcs == 0) +@@ -1772,8 +1772,7 @@ symbol `%s' has the same encoding as"), (*eptr)->name); + + if ((*eptr)->nwcs == runp->nwcs) + { +- int c = wmemcmp ((wchar_t *) (*eptr)->wcs, +- (wchar_t *) runp->wcs, runp->nwcs); ++ int c = wmemcmp_uint32 ((*eptr)->wcs, runp->wcs, runp->nwcs); + + if (c == 0) + { +@@ -2000,9 +1999,9 @@ add_to_tablewc (uint32_t ch, struct element_t *runp) + one consecutive entry. */ + if (runp->wcnext != NULL + && runp->nwcs == runp->wcnext->nwcs +- && wmemcmp ((wchar_t *) runp->wcs, +- (wchar_t *)runp->wcnext->wcs, +- runp->nwcs - 1) == 0 ++ && wmemcmp_uint32 (runp->wcs, ++ runp->wcnext->wcs, ++ runp->nwcs - 1) == 0 + && (runp->wcs[runp->nwcs - 1] + == runp->wcnext->wcs[runp->nwcs - 1] + 1)) + { +@@ -2026,9 +2025,9 @@ add_to_tablewc (uint32_t ch, struct element_t *runp) + runp = runp->wcnext; + while (runp->wcnext != NULL + && runp->nwcs == runp->wcnext->nwcs +- && wmemcmp ((wchar_t *) runp->wcs, +- (wchar_t *)runp->wcnext->wcs, +- runp->nwcs - 1) == 0 ++ && wmemcmp_uint32 (runp->wcs, ++ runp->wcnext->wcs, ++ runp->nwcs - 1) == 0 + && (runp->wcs[runp->nwcs - 1] + == runp->wcnext->wcs[runp->nwcs - 1] + 1)); + +diff --git a/locale/programs/ld-ctype.c b/locale/programs/ld-ctype.c +index 2fb579bbbf..d0be99581c 100644 +--- a/locale/programs/ld-ctype.c ++++ b/locale/programs/ld-ctype.c +@@ -915,7 +915,7 @@ ctype_output (struct localedef_t *locale, const struct charmap_t *charmap, + allocate_arrays (ctype, charmap, ctype->repertoire); + + default_missing_len = (ctype->default_missing +- ? wcslen ((wchar_t *) ctype->default_missing) ++ ? wcslen_uint32 (ctype->default_missing) + : 0); + + init_locale_data (&file, nelems); +@@ -1927,7 +1927,7 @@ read_translit_entry (struct linereader *ldfile, struct locale_ctype_t *ctype, + ignore = 1; + else + /* This value is usable. */ +- obstack_grow (ob, to_wstr, wcslen ((wchar_t *) to_wstr) * 4); ++ obstack_grow (ob, to_wstr, wcslen_uint32 (to_wstr) * 4); + + first = 0; + } +@@ -2461,8 +2461,8 @@ with character code range values one must use the absolute ellipsis `...'")); + } + + handle_tok_digit: +- class_bit = _ISwdigit; +- class256_bit = _ISdigit; ++ class_bit = BITw (tok_digit); ++ class256_bit = BIT (tok_digit); + handle_digits = 1; + goto read_charclass; + +@@ -3904,8 +3904,7 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap, + + while (idx < number) + { +- int res = wcscmp ((const wchar_t *) sorted[idx]->from, +- (const wchar_t *) runp->from); ++ int res = wcscmp_uint32 (sorted[idx]->from, runp->from); + if (res == 0) + { + replace = 1; +@@ -3942,11 +3941,11 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap, + for (size_t cnt = 0; cnt < number; ++cnt) + { + struct translit_to_t *srunp; +- from_len += wcslen ((const wchar_t *) sorted[cnt]->from) + 1; ++ from_len += wcslen_uint32 (sorted[cnt]->from) + 1; + srunp = sorted[cnt]->to; + while (srunp != NULL) + { +- to_len += wcslen ((const wchar_t *) srunp->str) + 1; ++ to_len += wcslen_uint32 (srunp->str) + 1; + srunp = srunp->next; + } + /* Plus one for the extra NUL character marking the end of +@@ -3970,18 +3969,18 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap, + ctype->translit_from_idx[cnt] = from_len; + ctype->translit_to_idx[cnt] = to_len; + +- len = wcslen ((const wchar_t *) sorted[cnt]->from) + 1; +- wmemcpy ((wchar_t *) &ctype->translit_from_tbl[from_len], +- (const wchar_t *) sorted[cnt]->from, len); ++ len = wcslen_uint32 (sorted[cnt]->from) + 1; ++ wmemcpy_uint32 (&ctype->translit_from_tbl[from_len], ++ sorted[cnt]->from, len); + from_len += len; + + ctype->translit_to_idx[cnt] = to_len; + srunp = sorted[cnt]->to; + while (srunp != NULL) + { +- len = wcslen ((const wchar_t *) srunp->str) + 1; +- wmemcpy ((wchar_t *) &ctype->translit_to_tbl[to_len], +- (const wchar_t *) srunp->str, len); ++ len = wcslen_uint32 (srunp->str) + 1; ++ wmemcpy_uint32 (&ctype->translit_to_tbl[to_len], ++ srunp->str, len); + to_len += len; + srunp = srunp->next; + } +diff --git a/locale/programs/ld-time.c b/locale/programs/ld-time.c +index dcd2a2386d..6814740325 100644 +--- a/locale/programs/ld-time.c ++++ b/locale/programs/ld-time.c +@@ -220,8 +220,10 @@ No definition for %s category found"), "LC_TIME"); + } + else + { ++ static const uint32_t wt_fmt_ampm[] ++ = { '%','I',':','%','M',':','%','S',' ','%','p',0 }; + time->t_fmt_ampm = "%I:%M:%S %p"; +- time->wt_fmt_ampm = (const uint32_t *) L"%I:%M:%S %p"; ++ time->wt_fmt_ampm = wt_fmt_ampm; + } + } + +@@ -231,7 +233,7 @@ No definition for %s category found"), "LC_TIME"); + const int days_per_month[12] = { 31, 29, 31, 30, 31, 30, + 31, 31, 30, 31 ,30, 31 }; + size_t idx; +- wchar_t *wstr; ++ uint32_t *wstr; + + time->era_entries = + (struct era_data *) xmalloc (time->num_era +@@ -457,18 +459,18 @@ No definition for %s category found"), "LC_TIME"); + } + + /* Now generate the wide character name and format. */ +- wstr = wcschr ((wchar_t *) time->wera[idx], L':');/* end direction */ +- wstr = wstr ? wcschr (wstr + 1, L':') : NULL; /* end offset */ +- wstr = wstr ? wcschr (wstr + 1, L':') : NULL; /* end start */ +- wstr = wstr ? wcschr (wstr + 1, L':') : NULL; /* end end */ ++ wstr = wcschr_uint32 (time->wera[idx], L':'); /* end direction */ ++ wstr = wstr ? wcschr_uint32 (wstr + 1, L':') : NULL; /* end offset */ ++ wstr = wstr ? wcschr_uint32 (wstr + 1, L':') : NULL; /* end start */ ++ wstr = wstr ? wcschr_uint32 (wstr + 1, L':') : NULL; /* end end */ + if (wstr != NULL) + { +- time->era_entries[idx].wname = (uint32_t *) wstr + 1; +- wstr = wcschr (wstr + 1, L':'); /* end name */ ++ time->era_entries[idx].wname = wstr + 1; ++ wstr = wcschr_uint32 (wstr + 1, L':'); /* end name */ + if (wstr != NULL) + { + *wstr = L'\0'; +- time->era_entries[idx].wformat = (uint32_t *) wstr + 1; ++ time->era_entries[idx].wformat = wstr + 1; + } + else + time->era_entries[idx].wname = +@@ -527,7 +529,16 @@ No definition for %s category found"), "LC_TIME"); + if (time->date_fmt == NULL) + time->date_fmt = "%a %b %e %H:%M:%S %Z %Y"; + if (time->wdate_fmt == NULL) +- time->wdate_fmt = (const uint32_t *) L"%a %b %e %H:%M:%S %Z %Y"; ++ { ++ static const uint32_t wdate_fmt[] = ++ { '%','a',' ', ++ '%','b',' ', ++ '%','e',' ', ++ '%','H',':','%','M',':','%','S',' ', ++ '%','Z',' ', ++ '%','Y',0 }; ++ time->wdate_fmt = wdate_fmt; ++ } + } + + +diff --git a/locale/programs/linereader.c b/locale/programs/linereader.c +index 96d3ab66db..3af379d2c3 100644 +--- a/locale/programs/linereader.c ++++ b/locale/programs/linereader.c +@@ -595,7 +595,7 @@ get_string (struct linereader *lr, const struct charmap_t *charmap, + { + int return_widestr = lr->return_widestr; + char *buf; +- wchar_t *buf2 = NULL; ++ uint32_t *buf2 = NULL; + size_t bufact; + size_t bufmax = 56; + +diff --git a/locale/programs/localedef.c b/locale/programs/localedef.c +index 832c8fd1fc..fe689b3ae1 100644 +--- a/locale/programs/localedef.c ++++ b/locale/programs/localedef.c +@@ -109,6 +109,7 @@ void (*argp_program_version_hook) (FILE *, struct argp_state *) = print_version; + #define OPT_NO_WARN 402 + #define OPT_WARN 403 + #define OPT_NO_HARD_LINKS 404 ++#define OPT_UINT32_ALIGN 405 + + /* Definitions of arguments for argp functions. */ + static const struct argp_option options[] = +@@ -153,6 +154,8 @@ static const struct argp_option options[] = + N_("Generate little-endian output") }, + { "big-endian", OPT_BIG_ENDIAN, NULL, 0, + N_("Generate big-endian output") }, ++ { "uint32-align", OPT_UINT32_ALIGN, "ALIGNMENT", 0, ++ N_("Set the target's uint32_t alignment in bytes (default 4)") }, + { NULL, 0, NULL, 0, NULL } + }; + +@@ -243,12 +246,14 @@ main (int argc, char *argv[]) + ctype locale. (P1003.2 4.35.5.2) */ + setlocale (LC_CTYPE, "POSIX"); + ++#ifndef NO_SYSCONF + /* Look whether the system really allows locale definitions. POSIX + defines error code 3 for this situation so I think it must be + a fatal error (see P1003.2 4.35.8). */ + if (sysconf (_SC_2_LOCALEDEF) < 0) + record_error (3, 0, _("\ + FATAL: system does not define `_POSIX2_LOCALEDEF'")); ++#endif + + /* Process charmap file. */ + charmap = charmap_read (charmap_file, verbose, 1, be_quiet, 1); +@@ -400,6 +405,9 @@ parse_opt (int key, char *arg, struct argp_state *state) + /* Do not hard link to other locales. */ + hard_links = false; + break; ++ case OPT_UINT32_ALIGN: ++ uint32_align_mask = strtol (arg, NULL, 0) - 1; ++ break; + case 'c': + force_output = 1; + break; +diff --git a/locale/programs/locfile.c b/locale/programs/locfile.c +index 0f1affa1d4..7d86fae801 100644 +--- a/locale/programs/locfile.c ++++ b/locale/programs/locfile.c +@@ -544,6 +544,9 @@ compare_files (const char *filename1, const char *filename2, size_t size, + machine running localedef. */ + bool swap_endianness_p; + ++/* The target's value of __align__(uint32_t) - 1. */ ++unsigned int uint32_align_mask = 3; ++ + /* When called outside a start_locale_structure/end_locale_structure + or start_locale_prelude/end_locale_prelude block, record that the + next byte in FILE's obstack will be the first byte of a new element. +@@ -621,7 +624,7 @@ add_locale_string (struct locale_file *file, const char *string) + void + add_locale_wstring (struct locale_file *file, const uint32_t *string) + { +- add_locale_uint32_array (file, string, wcslen ((const wchar_t *) string) + 1); ++ add_locale_uint32_array (file, string, wcslen_uint32 (string) + 1); + } + + /* Record that FILE's next element is the 32-bit integer VALUE. */ +diff --git a/locale/programs/locfile.h b/locale/programs/locfile.h +index c986d599ec..222a779176 100644 +--- a/locale/programs/locfile.h ++++ b/locale/programs/locfile.h +@@ -71,6 +71,8 @@ extern void write_all_categories (struct localedef_t *definitions, + + extern bool swap_endianness_p; + ++extern unsigned int uint32_align_mask; ++ + /* Change the output to be big-endian if BIG_ENDIAN is true and + little-endian otherwise. */ + static inline void +@@ -89,7 +91,8 @@ maybe_swap_uint32 (uint32_t value) + } + + /* Likewise, but munge an array of N uint32_ts starting at ARRAY. */ +-static inline void ++static void ++__attribute__ ((unused)) + maybe_swap_uint32_array (uint32_t *array, size_t n) + { + if (swap_endianness_p) +@@ -99,7 +102,8 @@ maybe_swap_uint32_array (uint32_t *array, size_t n) + + /* Like maybe_swap_uint32_array, but the array of N elements is at + the end of OBSTACK's current object. */ +-static inline void ++static void ++__attribute__ ((unused)) + maybe_swap_uint32_obstack (struct obstack *obstack, size_t n) + { + maybe_swap_uint32_array ((uint32_t *) obstack_next_free (obstack) - n, n); +@@ -276,4 +280,55 @@ extern void identification_output (struct localedef_t *locale, + const struct charmap_t *charmap, + const char *output_path); + ++static size_t wcslen_uint32 (const uint32_t *str) __attribute__ ((unused)); ++static uint32_t * wmemcpy_uint32 (uint32_t *s1, const uint32_t *s2, size_t n) __attribute__ ((unused)); ++static uint32_t * wcschr_uint32 (const uint32_t *s, uint32_t ch) __attribute__ ((unused)); ++static int wcscmp_uint32 (const uint32_t *s1, const uint32_t *s2) __attribute__ ((unused)); ++static int wmemcmp_uint32 (const uint32_t *s1, const uint32_t *s2, size_t n) __attribute__ ((unused)); ++ ++static size_t ++wcslen_uint32 (const uint32_t *str) ++{ ++ size_t len = 0; ++ while (str[len] != 0) ++ len++; ++ return len; ++} ++ ++static int ++wmemcmp_uint32 (const uint32_t *s1, const uint32_t *s2, size_t n) ++{ ++ while (n-- != 0) ++ { ++ int diff = *s1++ - *s2++; ++ if (diff != 0) ++ return diff; ++ } ++ return 0; ++} ++ ++static int ++wcscmp_uint32 (const uint32_t *s1, const uint32_t *s2) ++{ ++ while (*s1 != 0 && *s1 == *s2) ++ s1++, s2++; ++ return *s1 - *s2; ++} ++ ++static uint32_t * ++wmemcpy_uint32 (uint32_t *s1, const uint32_t *s2, size_t n) ++{ ++ return memcpy (s1, s2, n * sizeof (uint32_t)); ++} ++ ++static uint32_t * ++wcschr_uint32 (const uint32_t *s, uint32_t ch) ++{ ++ do ++ if (*s == ch) ++ return (uint32_t *) s; ++ while (*s++ != 0); ++ return 0; ++} ++ + #endif /* locfile.h */ +diff --git a/locale/setlocale.c b/locale/setlocale.c +index 19ed85ae8e..f28ca11446 100644 +--- a/locale/setlocale.c ++++ b/locale/setlocale.c +@@ -63,35 +63,6 @@ static char *const _nl_current_used[] = + + #endif + +- +-/* Define an array of category names (also the environment variable names). */ +-const struct catnamestr_t _nl_category_names attribute_hidden = +- { +-#define DEFINE_CATEGORY(category, category_name, items, a) \ +- category_name, +-#include "categories.def" +-#undef DEFINE_CATEGORY +- }; +- +-const uint8_t _nl_category_name_idxs[__LC_LAST] attribute_hidden = +- { +-#define DEFINE_CATEGORY(category, category_name, items, a) \ +- [category] = offsetof (struct catnamestr_t, CATNAMEMF (__LINE__)), +-#include "categories.def" +-#undef DEFINE_CATEGORY +- }; +- +-/* An array of their lengths, for convenience. */ +-const uint8_t _nl_category_name_sizes[] attribute_hidden = +- { +-#define DEFINE_CATEGORY(category, category_name, items, a) \ +- [category] = sizeof (category_name) - 1, +-#include "categories.def" +-#undef DEFINE_CATEGORY +- [LC_ALL] = sizeof ("LC_ALL") - 1 +- }; +- +- + #ifdef NL_CURRENT_INDIRECT + # define WEAK_POSTLOAD(postload) weak_extern (postload) + #else diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0022-Define-DUMMY_LOCALE_T-if-not-defined.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0022-Define-DUMMY_LOCALE_T-if-not-defined.patch new file mode 100644 index 000000000..33d912d35 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0022-Define-DUMMY_LOCALE_T-if-not-defined.patch @@ -0,0 +1,29 @@ +From c8df3cf4556d8d78a98675865395ce42f3b67109 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 20 Apr 2016 21:11:00 -0700 +Subject: [PATCH] Define DUMMY_LOCALE_T if not defined + +This is a hack to fix building the locale bits on an older +CentOs 5.X machine + +Upstream-Status: Inappropriate [other] + +Signed-off-by: Khem Raj +--- + locale/programs/config.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/locale/programs/config.h b/locale/programs/config.h +index 2edcf3696c..5350101e38 100644 +--- a/locale/programs/config.h ++++ b/locale/programs/config.h +@@ -19,6 +19,9 @@ + #ifndef _LD_CONFIG_H + #define _LD_CONFIG_H 1 + ++#ifndef DUMMY_LOCALE_T ++#define DUMMY_LOCALE_T ++#endif + /* Use the internal textdomain used for libc messages. */ + #define PACKAGE _libc_intl_domainname + #ifndef VERSION diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch new file mode 100644 index 000000000..a5a7a0cad --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch @@ -0,0 +1,80 @@ +From 2ec233ce078b74030de9195096058cd502fdc395 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 3 Aug 2018 09:42:06 -0700 +Subject: [PATCH] localedef --add-to-archive uses a hard-coded locale path + +it doesn't exist in normal use, and there's no way to pass an +alternative filename. + +Add a fallback of $LOCALEARCHIVE from the environment, and allow +creation of new locale archives that are not the system archive. + +Upstream-Status: Inappropriate (OE-specific) + +Signed-off-by: Ross Burton +Signed-off-by: Khem Raj +--- + locale/programs/locarchive.c | 35 +++++++++++++++++++++++++---------- + 1 file changed, 25 insertions(+), 10 deletions(-) + +diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c +index 6bb189ae37..0711c5c44e 100644 +--- a/locale/programs/locarchive.c ++++ b/locale/programs/locarchive.c +@@ -340,12 +340,24 @@ enlarge_archive (struct locarhandle *ah, const struct locarhead *head) + struct namehashent *oldnamehashtab; + struct locarhandle new_ah; + size_t prefix_len = output_prefix ? strlen (output_prefix) : 0; +- char archivefname[prefix_len + sizeof (ARCHIVE_NAME)]; +- char fname[prefix_len + sizeof (ARCHIVE_NAME) + sizeof (".XXXXXX") - 1]; ++ char *archivefname; ++ char *fname; ++ char *envarchive = getenv("LOCALEARCHIVE"); + +- if (output_prefix) +- memcpy (archivefname, output_prefix, prefix_len); +- strcpy (archivefname + prefix_len, ARCHIVE_NAME); ++ if (envarchive != NULL) ++ { ++ archivefname = xmalloc(strlen(envarchive) + 1); ++ fname = xmalloc(strlen(envarchive) + sizeof (".XXXXXX")); ++ strcpy (archivefname, envarchive); ++ } ++ else ++ { ++ archivefname = xmalloc(prefix_len + sizeof (ARCHIVE_NAME)); ++ fname = xmalloc(prefix_len + sizeof (ARCHIVE_NAME) + sizeof (".XXXXXX") - 1); ++ if (output_prefix) ++ memcpy (archivefname, output_prefix, prefix_len); ++ strcpy (archivefname + prefix_len, ARCHIVE_NAME); ++ } + strcpy (stpcpy (fname, archivefname), ".XXXXXX"); + + /* Not all of the old file has to be mapped. Change this now this +@@ -569,10 +581,13 @@ open_archive (struct locarhandle *ah, bool readonly) + /* If ah has a non-NULL fname open that otherwise open the default. */ + if (archivefname == NULL) + { +- archivefname = default_fname; +- if (output_prefix) +- memcpy (default_fname, output_prefix, prefix_len); +- strcpy (default_fname + prefix_len, ARCHIVE_NAME); ++ archivefname = getenv("LOCALEARCHIVE"); ++ if (archivefname == NULL) { ++ archivefname = default_fname; ++ if (output_prefix) ++ memcpy (default_fname, output_prefix, prefix_len); ++ strcpy (default_fname + prefix_len, ARCHIVE_NAME); ++ } + } + + while (1) +@@ -585,7 +600,7 @@ open_archive (struct locarhandle *ah, bool readonly) + the default locale archive we ignore the failure and + list an empty archive, otherwise we print an error + and exit. */ +- if (errno == ENOENT && archivefname == default_fname) ++ if (errno == ENOENT) + { + if (readonly) + { diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch new file mode 100644 index 000000000..d2691e1ee --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch @@ -0,0 +1,53 @@ +From f8289aa320b00f6db43213979cceab2325a7a611 Mon Sep 17 00:00:00 2001 +From: Mark Hatle +Date: Thu, 18 Aug 2016 14:07:58 -0500 +Subject: [PATCH] elf/dl-deps.c: Make _dl_build_local_scope breadth first + +According to the ELF specification: + +When resolving symbolic references, the dynamic linker examines the symbol +tables with a breadth-first search. + +This function was using a depth first search. By doing so the conflict +resolution reported to the prelinker (when LD_TRACE_PRELINKING=1 is set) +was incorrect. This caused problems when their were various circular +dependencies between libraries. The problem usually manifested itself by +the wrong IFUNC being executed. + +[BZ# 20488] + +Upstream-Status: Submitted [libc-alpha] + +Signed-off-by: Mark Hatle +--- + elf/dl-deps.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/elf/dl-deps.c b/elf/dl-deps.c +index 087a49b212..c09f9334f2 100644 +--- a/elf/dl-deps.c ++++ b/elf/dl-deps.c +@@ -73,13 +73,19 @@ _dl_build_local_scope (struct link_map **list, struct link_map *map) + { + struct link_map **p = list; + struct link_map **q; ++ struct link_map **r; + + *p++ = map; + map->l_reserved = 1; +- if (map->l_initfini) +- for (q = map->l_initfini + 1; *q; ++q) +- if (! (*q)->l_reserved) +- p += _dl_build_local_scope (p, *q); ++ ++ for (r = list; r < p; ++r) ++ if ((*r)->l_initfini) ++ for (q = (*r)->l_initfini + 1; *q; ++q) ++ if (! (*q)->l_reserved) ++ { ++ *p++ = *q; ++ (*q)->l_reserved = 1; ++ } + return p - list; + } + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0025-intl-Emit-no-lines-in-bison-generated-files.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0025-intl-Emit-no-lines-in-bison-generated-files.patch new file mode 100644 index 000000000..32f8fd22b --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0025-intl-Emit-no-lines-in-bison-generated-files.patch @@ -0,0 +1,31 @@ +From 3156464f9a95bf1dafd2e22d19d7bf89c520acc1 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 3 Aug 2018 09:44:00 -0700 +Subject: [PATCH] intl: Emit no lines in bison generated files + +Improve reproducibility: +Do not put any #line preprocessor commands in bison generated files. +These lines contain absolute paths containing file locations on +the host build machine. + +Upstream-Status: Pending + +Signed-off-by: Juro Bystricky +Signed-off-by: Khem Raj +--- + intl/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/intl/Makefile b/intl/Makefile +index 93478d87e8..b27a7935eb 100644 +--- a/intl/Makefile ++++ b/intl/Makefile +@@ -155,7 +155,7 @@ $(objpfx)tst-gettext6.out: $(objpfx)tst-gettext.out + + CPPFLAGS += -D'LOCALEDIR="$(localedir)"' \ + -D'LOCALE_ALIAS_PATH="$(localedir)"' +-BISONFLAGS = --yacc --name-prefix=__gettext --output ++BISONFLAGS = --yacc --no-lines --name-prefix=__gettext --output + + $(inst_localedir)/locale.alias: locale.alias $(+force) + $(do-install) diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0027-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0027-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch new file mode 100644 index 000000000..782d931f2 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0027-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch @@ -0,0 +1,53 @@ +From 881f5b8134afd9a30049b93fc79dda7a44947a5f Mon Sep 17 00:00:00 2001 +From: Martin Jansa +Date: Mon, 17 Dec 2018 21:36:18 +0000 +Subject: [PATCH] locale: prevent maybe-uninitialized errors with -Os [BZ + #19444] + +Fixes following error when building for aarch64 with -Os: +| In file included from strcoll_l.c:43: +| strcoll_l.c: In function '__strcoll_l': +| ../locale/weight.h:31:26: error: 'seq2.back_us' may be used uninitialized in this function [-Werror=maybe-uninitialized] +| int_fast32_t i = table[*(*cpp)++]; +| ^~~~~~~~~ +| strcoll_l.c:304:18: note: 'seq2.back_us' was declared here +| coll_seq seq1, seq2; +| ^~~~ +| In file included from strcoll_l.c:43: +| ../locale/weight.h:31:26: error: 'seq1.back_us' may be used uninitialized in this function [-Werror=maybe-uninitialized] +| int_fast32_t i = table[*(*cpp)++]; +| ^~~~~~~~~ +| strcoll_l.c:304:12: note: 'seq1.back_us' was declared here +| coll_seq seq1, seq2; +| ^~~~ + + Partial fix for [BZ #19444] + * locale/weight.h: Fix build with -Os. + +Upstream-Status: Submitted [https://patchwork.ozlabs.org/patch/1014766] + +Signed-off-by: Martin Jansa +Signed-off-by: Khem Raj +--- + locale/weight.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/locale/weight.h b/locale/weight.h +index 723e1fefda..f5798d379a 100644 +--- a/locale/weight.h ++++ b/locale/weight.h +@@ -28,7 +28,14 @@ findidx (const int32_t *table, + const unsigned char *extra, + const unsigned char **cpp, size_t len) + { ++ /* With GCC 8 when compiling with -Os the compiler warns that ++ seq1.back_us and seq2.back_us might be used uninitialized. ++ This uninitialized use is impossible for the same reason ++ as described in comments in locale/weightwc.h. */ ++ DIAG_PUSH_NEEDS_COMMENT; ++ DIAG_IGNORE_Os_NEEDS_COMMENT (8, "-Wmaybe-uninitialized"); + int_fast32_t i = table[*(*cpp)++]; ++ DIAG_POP_NEEDS_COMMENT; + const unsigned char *cp; + const unsigned char *usrc; + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch new file mode 100644 index 000000000..d273cab4a --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch @@ -0,0 +1,29 @@ +From b4e0a034b12b313dcb82d22341bef6a66b3e9ef9 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Wed, 18 Mar 2015 00:11:22 +0000 +Subject: [PATCH] readlib: Add OECORE_KNOWN_INTERPRETER_NAMES to known names + +This bolts in a hook for OE to pass its own version of interpreter +names into glibc especially for multilib case, where it differs from any +other distros + +Upstream-Status: Inappropriate [OE specific] + +Signed-off-by: Lianhao Lu +Signed-off-by: Khem Raj +--- + elf/readlib.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/elf/readlib.c b/elf/readlib.c +index 7383c23249..e97ea9449d 100644 +--- a/elf/readlib.c ++++ b/elf/readlib.c +@@ -51,6 +51,7 @@ static struct known_names interpreters[] = + #ifdef SYSDEP_KNOWN_INTERPRETER_NAMES + SYSDEP_KNOWN_INTERPRETER_NAMES + #endif ++ OECORE_KNOWN_INTERPRETER_NAMES + }; + + static struct known_names known_libs[] = diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch new file mode 100644 index 000000000..11a77cdf9 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch @@ -0,0 +1,75 @@ +From 2ae3ff3ae28abb1d0d100b4722da7ff188de9a30 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 15 May 2020 17:05:45 -0700 +Subject: [PATCH] wordsize.h: Unify the header between arm and aarch64 + +This helps OE multilibs to not sythesize this header which causes all +kind of recursions and other issues since wordsize is fundamental header +and ends up including itself in many case e.g. clang tidy, bpf etc. + +Upstream-Status: Inappropriate [ OE-Specific ] + +Signed-off-by: Khem Raj +--- + sysdeps/aarch64/bits/wordsize.h | 8 ++++++-- + sysdeps/{aarch64 => arm}/bits/wordsize.h | 10 +++++++--- + 2 files changed, 13 insertions(+), 5 deletions(-) + copy sysdeps/{aarch64 => arm}/bits/wordsize.h (80%) + +diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/aarch64/bits/wordsize.h +index 91da566b74..9a754514b3 100644 +--- a/sysdeps/aarch64/bits/wordsize.h ++++ b/sysdeps/aarch64/bits/wordsize.h +@@ -17,12 +17,16 @@ + License along with the GNU C Library; if not, see + . */ + +-#ifdef __LP64__ ++#if defined (__aarch64__) && defined (__LP64__) + # define __WORDSIZE 64 +-#else ++#elif defined (__aarch64__) + # define __WORDSIZE 32 + # define __WORDSIZE32_SIZE_ULONG 1 + # define __WORDSIZE32_PTRDIFF_LONG 1 ++#else ++# define __WORDSIZE 32 ++# define __WORDSIZE32_SIZE_ULONG 0 ++# define __WORDSIZE32_PTRDIFF_LONG 0 + #endif + + #define __WORDSIZE_TIME64_COMPAT32 0 +diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h +similarity index 80% +copy from sysdeps/aarch64/bits/wordsize.h +copy to sysdeps/arm/bits/wordsize.h +index 91da566b74..34fcdef1f1 100644 +--- a/sysdeps/aarch64/bits/wordsize.h ++++ b/sysdeps/arm/bits/wordsize.h +@@ -1,6 +1,6 @@ + /* Determine the wordsize from the preprocessor defines. + +- Copyright (C) 2016-2021 Free Software Foundation, Inc. ++ Copyright (C) 2016-2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +@@ -17,12 +17,16 @@ + License along with the GNU C Library; if not, see + . */ + +-#ifdef __LP64__ ++#if defined (__aarch64__) && defined (__LP64__) + # define __WORDSIZE 64 +-#else ++#elif defined (__aarch64__) + # define __WORDSIZE 32 + # define __WORDSIZE32_SIZE_ULONG 1 + # define __WORDSIZE32_PTRDIFF_LONG 1 ++#else ++# define __WORDSIZE 32 ++# define __WORDSIZE32_SIZE_ULONG 0 ++# define __WORDSIZE32_PTRDIFF_LONG 0 + #endif + + #define __WORDSIZE_TIME64_COMPAT32 0 diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch new file mode 100644 index 000000000..5ef1ac2ed --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch @@ -0,0 +1,48 @@ +From 5cc14938f05ae1354c8062f017a21f39d5fc9729 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 7 Aug 2020 14:31:16 -0700 +Subject: [PATCH] powerpc: Do not ask compiler for finding arch + +This does not work well in cross compiling environments like OE +and moreover it uses its own -mcpu/-march options via cflags + +Upstream-Status: Inappropriate [ OE-Specific] + +Signed-off-by: Khem Raj +--- + sysdeps/powerpc/preconfigure | 5 +---- + sysdeps/powerpc/preconfigure.ac | 5 +---- + 2 files changed, 2 insertions(+), 8 deletions(-) + +diff --git a/sysdeps/powerpc/preconfigure b/sysdeps/powerpc/preconfigure +index dfe8e20399..bbff040f0f 100644 +--- a/sysdeps/powerpc/preconfigure ++++ b/sysdeps/powerpc/preconfigure +@@ -29,10 +29,7 @@ esac + # directive which shows up, and try using it. + case "${machine}:${submachine}" in + *powerpc*:) +- archcpu=`echo "int foo () { return 0; }" \ +- | $CC $CFLAGS $CPPFLAGS -S -frecord-gcc-switches -xc -o - - \ +- | grep -E "mcpu=|.machine" -m 1 \ +- | sed -e "s/.*machine //" -e "s/.*mcpu=\(.*\)\"/\1/"` ++ archcpu='' + # Note if you add patterns here you must ensure that an appropriate + # directory exists in sysdeps/powerpc. Likewise, if we find a + # cpu, don't let the generic configure append extra compiler options. +diff --git a/sysdeps/powerpc/preconfigure.ac b/sysdeps/powerpc/preconfigure.ac +index 6c63bd8257..3e925f1d48 100644 +--- a/sysdeps/powerpc/preconfigure.ac ++++ b/sysdeps/powerpc/preconfigure.ac +@@ -29,10 +29,7 @@ esac + # directive which shows up, and try using it. + case "${machine}:${submachine}" in + *powerpc*:) +- archcpu=`echo "int foo () { return 0; }" \ +- | $CC $CFLAGS $CPPFLAGS -S -frecord-gcc-switches -xc -o - - \ +- | grep -E "mcpu=|[.]machine" -m 1 \ +- | sed -e "s/.*machine //" -e "s/.*mcpu=\(.*\)\"/\1/"` ++ archcpu='' + # Note if you add patterns here you must ensure that an appropriate + # directory exists in sysdeps/powerpc. Likewise, if we find a + # cpu, don't let the generic configure append extra compiler options. diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch deleted file mode 100644 index 708c481e3..000000000 --- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 228edd356f03bf62dcf2b1335f25d43c602ee68d Mon Sep 17 00:00:00 2001 -From: Michael Colavita -Date: Thu, 19 Nov 2020 11:44:40 -0500 -Subject: [PATCH] iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923) - -Previously, in UCS4 conversion routines we limit the number of -characters we examine to the minimum of the number of characters in the -input and the number of characters in the output. This is not the -correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume -an output character when we skip a code unit. Instead, track the input -and output pointers and terminate the loop when either reaches its -limit. - -This resolves assertion failures when resetting the input buffer in a step of -iconv, which assumes that the input will be fully consumed given sufficient -output space. ---- - iconv/Makefile | 2 +- - iconv/gconv_simple.c | 16 ++++---------- - iconv/tst-iconv8.c | 50 ++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 55 insertions(+), 13 deletions(-) - create mode 100644 iconv/tst-iconv8.c - -diff --git a/iconv/Makefile b/iconv/Makefile -index 30bf996d3a..f9b51e23ec 100644 ---- a/iconv/Makefile -+++ b/iconv/Makefile -@@ -44,7 +44,7 @@ CFLAGS-linereader.c += -DNO_TRANSLITERATION - CFLAGS-simple-hash.c += -I../locale - - tests = tst-iconv1 tst-iconv2 tst-iconv3 tst-iconv4 tst-iconv5 tst-iconv6 \ -- tst-iconv7 tst-iconv-mt -+ tst-iconv7 tst-iconv8 tst-iconv-mt - - others = iconv_prog iconvconfig - install-others-programs = $(inst_bindir)/iconv -diff --git a/iconv/gconv_simple.c b/iconv/gconv_simple.c -index d4797fba17..963b29f246 100644 ---- a/iconv/gconv_simple.c -+++ b/iconv/gconv_simple.c -@@ -239,11 +239,9 @@ ucs4_internal_loop (struct __gconv_step *step, - int flags = step_data->__flags; - const unsigned char *inptr = *inptrp; - unsigned char *outptr = *outptrp; -- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; - int result; -- size_t cnt; - -- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) -+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) - { - uint32_t inval; - -@@ -307,11 +305,9 @@ ucs4_internal_loop_unaligned (struct __gconv_step *step, - int flags = step_data->__flags; - const unsigned char *inptr = *inptrp; - unsigned char *outptr = *outptrp; -- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; - int result; -- size_t cnt; - -- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) -+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) - { - if (__glibc_unlikely (inptr[0] > 0x80)) - { -@@ -613,11 +609,9 @@ ucs4le_internal_loop (struct __gconv_step *step, - int flags = step_data->__flags; - const unsigned char *inptr = *inptrp; - unsigned char *outptr = *outptrp; -- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; - int result; -- size_t cnt; - -- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) -+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) - { - uint32_t inval; - -@@ -684,11 +678,9 @@ ucs4le_internal_loop_unaligned (struct __gconv_step *step, - int flags = step_data->__flags; - const unsigned char *inptr = *inptrp; - unsigned char *outptr = *outptrp; -- size_t n_convert = MIN (inend - inptr, outend - outptr) / 4; - int result; -- size_t cnt; - -- for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4) -+ for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4) - { - if (__glibc_unlikely (inptr[3] > 0x80)) - { -diff --git a/iconv/tst-iconv8.c b/iconv/tst-iconv8.c -new file mode 100644 -index 0000000000..0b92b19f66 ---- /dev/null -+++ b/iconv/tst-iconv8.c -@@ -0,0 +1,50 @@ -+/* Test iconv behavior on UCS4 conversions with //IGNORE. -+ Copyright (C) 2020 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+/* Derived from BZ #26923 */ -+#include -+#include -+#include -+#include -+ -+static int -+do_test (void) -+{ -+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "ISO-10646/UCS4/"); -+ TEST_VERIFY_EXIT (cd != (iconv_t) -1); -+ -+ /* -+ * Convert sequence beginning with an irreversible character into buffer that -+ * is too small. -+ */ -+ char input[12] = "\xe1\x80\xa1" "AAAAAAAAA"; -+ char *inptr = input; -+ size_t insize = sizeof (input); -+ char output[6]; -+ char *outptr = output; -+ size_t outsize = sizeof (output); -+ -+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == -1); -+ TEST_VERIFY (errno == E2BIG); -+ -+ TEST_VERIFY_EXIT (iconv_close (cd) != -1); -+ -+ return 0; -+} -+ -+#include --- -2.27.0 - diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch new file mode 100644 index 000000000..3cb60b2e5 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch @@ -0,0 +1,116 @@ +From b1971f6f1331d738d1d6b376b4741668a7546125 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Tue, 2 Feb 2021 13:45:58 -0800 +Subject: [PATCH] x86: Require full ISA support for x86-64 level marker [BZ #27318] + +Since -march=sandybridge enables ISAs in x86-64 ISA level v3, the v3 +marker is set on libc.so. We couldn't set the needed ISA marker to v2 +since this libc won't run on all v2 machines. Technically, the v3 marker +is correct. But the resulting libc.so won't run on Sandy Brigde, which +is a v2 machine, even when libc is compiled with -march=sandybridge: + +$ ./elf/ld.so ./libc.so +./libc.so: (p) CPU ISA level is lower than required: needed: 7; got: 3 + +Instead, we require full ISA support for x86-64 level marker and disable +x86-64 level marker for -march=sandybridge which enables ISAs between v2 +and v3. + +Upstream-Status: Submitted [https://sourceware.org/pipermail/libc-alpha/2021-February/122297.html] +Signed-off-by: Khem Raj +--- + + sysdeps/x86/configure | 7 ++++++- + sysdeps/x86/configure.ac | 2 +- + sysdeps/x86/isa-level.c | 21 ++++++++++++++++++++- + 3 files changed, 27 insertions(+), 3 deletions(-) + +diff --git a/sysdeps/x86/configure b/sysdeps/x86/configure +index 5e32dc62b3..5b20646843 100644 +--- a/sysdeps/x86/configure ++++ b/sysdeps/x86/configure +@@ -133,7 +133,12 @@ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest c + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l` +- if test "$count" = 1; then ++ if test "$count" = 1 && { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -DINCLUDE_X86_ISA_LEVEL -S -o conftest.s $srcdir/sysdeps/x86/isa-level.c' ++ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ test $ac_status = 0; }; }; then + libc_cv_include_x86_isa_level=yes + fi + fi +diff --git a/sysdeps/x86/configure.ac b/sysdeps/x86/configure.ac +index f94088f377..54ecd33d2c 100644 +--- a/sysdeps/x86/configure.ac ++++ b/sysdeps/x86/configure.ac +@@ -100,7 +100,7 @@ EOF + libc_cv_include_x86_isa_level=no + if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S); then + count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l` +- if test "$count" = 1; then ++ if test "$count" = 1 && AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -DINCLUDE_X86_ISA_LEVEL -S -o conftest.s $srcdir/sysdeps/x86/isa-level.c); then + libc_cv_include_x86_isa_level=yes + fi + fi +diff --git a/sysdeps/x86/isa-level.c b/sysdeps/x86/isa-level.c +index aaf524cb56..7f83449061 100644 +--- a/sysdeps/x86/isa-level.c ++++ b/sysdeps/x86/isa-level.c +@@ -25,12 +25,17 @@ + License along with the GNU C Library; if not, see + . */ + +-#include ++#ifdef _LIBC ++# include ++#endif + + /* ELF program property for x86 ISA level. */ + #ifdef INCLUDE_X86_ISA_LEVEL + # if defined __x86_64__ || defined __FXSR__ || !defined _SOFT_FLOAT \ + || defined __MMX__ || defined __SSE__ || defined __SSE2__ ++# if !defined __SSE__ || !defined __SSE2__ ++# error "Missing ISAs for x86-64 ISA level baseline" ++# endif + # define ISA_BASELINE GNU_PROPERTY_X86_ISA_1_BASELINE + # else + # define ISA_BASELINE 0 +@@ -40,6 +45,11 @@ + || (defined __x86_64__ && defined __LAHF_SAHF__) \ + || defined __POPCNT__ || defined __SSE3__ \ + || defined __SSSE3__ || defined __SSE4_1__ || defined __SSE4_2__ ++# if !defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \ ++ || !defined __POPCNT__ || !defined __SSE3__ \ ++ || !defined __SSSE3__ || !defined __SSE4_1__ || !defined __SSE4_2__ ++# error "Missing ISAs for x86-64 ISA level v2" ++# endif + # define ISA_V2 GNU_PROPERTY_X86_ISA_1_V2 + # else + # define ISA_V2 0 +@@ -48,6 +58,10 @@ + # if defined __AVX__ || defined __AVX2__ || defined __F16C__ \ + || defined __FMA__ || defined __LZCNT__ || defined __MOVBE__ \ + || defined __XSAVE__ ++# if !defined __AVX__ || !defined __AVX2__ || !defined __F16C__ \ ++ || !defined __FMA__ || !defined __LZCNT__ ++# error "Missing ISAs for x86-64 ISA level v3" ++# endif + # define ISA_V3 GNU_PROPERTY_X86_ISA_1_V3 + # else + # define ISA_V3 0 +@@ -55,6 +69,11 @@ + + # if defined __AVX512F__ || defined __AVX512BW__ || defined __AVX512CD__ \ + || defined __AVX512DQ__ || defined __AVX512VL__ ++# if !defined __AVX512F__ || !defined __AVX512BW__ \ ++ || !defined __AVX512CD__ || !defined __AVX512DQ__ \ ++ || !defined __AVX512VL__ ++# error "Missing ISAs for x86-64 ISA level v4" ++# endif + # define ISA_V4 GNU_PROPERTY_X86_ISA_1_V4 + # else + # define ISA_V4 0 diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch deleted file mode 100644 index bc012e290..000000000 --- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch +++ /dev/null @@ -1,133 +0,0 @@ -From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Mon, 21 Dec 2020 08:56:43 +0530 -Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973) - -The byte 0xfe as input to the EUC-KR conversion denotes a user-defined -area and is not allowed. The from_euc_kr function used to skip two bytes -when told to skip over the unknown designation, potentially running over -the buffer end. ---- - iconvdata/Makefile | 3 ++- - iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++ - iconvdata/euc-kr.c | 6 +---- - iconvdata/ksc5601.h | 6 ++--- - 4 files changed, 59 insertions(+), 9 deletions(-) - create mode 100644 iconvdata/bug-iconv13.c - -diff --git a/iconvdata/Makefile b/iconvdata/Makefile -index 4ec2741cdc..85009f3390 100644 ---- a/iconvdata/Makefile -+++ b/iconvdata/Makefile -@@ -73,7 +73,8 @@ modules.so := $(addsuffix .so, $(modules)) - ifeq (yes,$(build-shared)) - tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ - tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ -- bug-iconv10 bug-iconv11 bug-iconv12 -+ bug-iconv10 bug-iconv11 bug-iconv12 \ -+ bug-iconv13 - ifeq ($(have-thread-library),yes) - tests += bug-iconv3 - endif -diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c -new file mode 100644 -index 0000000000..87aaff398e ---- /dev/null -+++ b/iconvdata/bug-iconv13.c -@@ -0,0 +1,53 @@ -+/* bug 24973: Test EUC-KR module -+ Copyright (C) 2020 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+ -+static int -+do_test (void) -+{ -+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR"); -+ TEST_VERIFY_EXIT (cd != (iconv_t) -1); -+ -+ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined -+ areas, which are not allowed and should be skipped over due to -+ //IGNORE. The trailing 0xfe also is an incomplete sequence, which -+ should be checked first. */ -+ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' }; -+ char *inptr = input; -+ size_t insize = sizeof (input); -+ char output[4]; -+ char *outptr = output; -+ size_t outsize = sizeof (output); -+ -+ /* This used to crash due to buffer overrun. */ -+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1); -+ TEST_VERIFY (errno == EINVAL); -+ /* The conversion should produce one character, the converted null -+ character. */ -+ TEST_VERIFY (sizeof (output) - outsize == 1); -+ -+ TEST_VERIFY_EXIT (iconv_close (cd) != -1); -+ -+ return 0; -+} -+ -+#include -diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c -index b0d56cf3ee..1045bae926 100644 ---- a/iconvdata/euc-kr.c -+++ b/iconvdata/euc-kr.c -@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp) - \ - if (ch <= 0x9f) \ - ++inptr; \ -- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \ -- user-defined areas. */ \ -- else if (__builtin_expect (ch == 0xa0, 0) \ -- || __builtin_expect (ch > 0xfe, 0) \ -- || __builtin_expect (ch == 0xc9, 0)) \ -+ else if (__glibc_unlikely (ch == 0xa0)) \ - { \ - /* This is illegal. */ \ - STANDARD_FROM_LOOP_ERR_HANDLER (1); \ -diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h -index d3eb3a4ff8..f5cdc72797 100644 ---- a/iconvdata/ksc5601.h -+++ b/iconvdata/ksc5601.h -@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset) - unsigned char ch2; - int idx; - -+ if (avail < 2) -+ return 0; -+ - /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */ - - if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e - || (ch - offset) == 0x49) - return __UNKNOWN_10646_CHAR; - -- if (avail < 2) -- return 0; -- - ch2 = (*s)[1]; - if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f) - return __UNKNOWN_10646_CHAR; --- -2.27.0 - diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch new file mode 100644 index 000000000..e904b28a0 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch @@ -0,0 +1,58 @@ +From 044e603b698093cf48f6e6229e0b66acf05227e4 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Fri, 19 Feb 2021 13:29:00 +0100 +Subject: [PATCH] string: Work around GCC PR 98512 in rawmemchr + +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=044e603b698093cf48f6e6229e0b66acf05227e4] +Signed-off-by: Khem Raj +--- + string/rawmemchr.c | 26 +++++++++++++++----------- + 1 file changed, 15 insertions(+), 11 deletions(-) + +diff --git a/string/rawmemchr.c b/string/rawmemchr.c +index 59bbeeaa42..b8523118e5 100644 +--- a/string/rawmemchr.c ++++ b/string/rawmemchr.c +@@ -22,24 +22,28 @@ + # define RAWMEMCHR __rawmemchr + #endif + +-/* Find the first occurrence of C in S. */ +-void * +-RAWMEMCHR (const void *s, int c) +-{ +- DIAG_PUSH_NEEDS_COMMENT; ++/* The pragmata should be nested inside RAWMEMCHR below, but that ++ triggers GCC PR 98512. */ ++DIAG_PUSH_NEEDS_COMMENT; + #if __GNUC_PREREQ (7, 0) +- /* GCC 8 warns about the size passed to memchr being larger than +- PTRDIFF_MAX; the use of SIZE_MAX is deliberate here. */ +- DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow="); ++/* GCC 8 warns about the size passed to memchr being larger than ++ PTRDIFF_MAX; the use of SIZE_MAX is deliberate here. */ ++DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow="); + #endif + #if __GNUC_PREREQ (11, 0) +- /* Likewise GCC 11, with a different warning option. */ +- DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread"); ++/* Likewise GCC 11, with a different warning option. */ ++DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread"); + #endif ++ ++/* Find the first occurrence of C in S. */ ++void * ++RAWMEMCHR (const void *s, int c) ++{ + if (c != '\0') + return memchr (s, c, (size_t)-1); +- DIAG_POP_NEEDS_COMMENT; + return (char *)s + strlen (s); + } + libc_hidden_def (__rawmemchr) + weak_alias (__rawmemchr, rawmemchr) ++ ++DIAG_POP_NEEDS_COMMENT; +-- +2.30.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch new file mode 100644 index 000000000..3a004e227 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch @@ -0,0 +1,185 @@ +From 750b00a1ddae220403fd892a6fd4e0791ffd154a Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Fri, 18 Sep 2020 07:55:14 -0700 +Subject: [PATCH] x86: Handle _SC_LEVEL1_ICACHE_LINESIZE [BZ #27444] + + x86: Move x86 processor cache info to cpu_features + +missed _SC_LEVEL1_ICACHE_LINESIZE. + +1. Add level1_icache_linesize to struct cpu_features. +2. Initialize level1_icache_linesize by calling handle_intel, +handle_zhaoxin and handle_amd with _SC_LEVEL1_ICACHE_LINESIZE. +3. Return level1_icache_linesize for _SC_LEVEL1_ICACHE_LINESIZE. + +Upstream-Status: Backport [https://sourceware.org/bugzilla/show_bug.cgi?id=27444] +Signed-off-by: Andrei Gherzan +--- + sysdeps/x86/Makefile | 8 +++ + sysdeps/x86/cacheinfo.c | 3 + + sysdeps/x86/dl-cacheinfo.h | 6 ++ + sysdeps/x86/include/cpu-features.h | 2 + + .../x86/tst-sysconf-cache-linesize-static.c | 1 + + sysdeps/x86/tst-sysconf-cache-linesize.c | 57 +++++++++++++++++++ + 6 files changed, 77 insertions(+) + create mode 100644 sysdeps/x86/tst-sysconf-cache-linesize-static.c + create mode 100644 sysdeps/x86/tst-sysconf-cache-linesize.c + +diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile +index dd82674342..d231263051 100644 +--- a/sysdeps/x86/Makefile ++++ b/sysdeps/x86/Makefile +@@ -208,3 +208,11 @@ $(objpfx)check-cet.out: $(..)sysdeps/x86/check-cet.awk \ + generated += check-cet.out + endif + endif ++ ++ifeq ($(subdir),posix) ++tests += \ ++ tst-sysconf-cache-linesize \ ++ tst-sysconf-cache-linesize-static ++tests-static += \ ++ tst-sysconf-cache-linesize-static ++endif +diff --git a/sysdeps/x86/cacheinfo.c b/sysdeps/x86/cacheinfo.c +index 7b8df45e3b..5ea4723ca6 100644 +--- a/sysdeps/x86/cacheinfo.c ++++ b/sysdeps/x86/cacheinfo.c +@@ -32,6 +32,9 @@ __cache_sysconf (int name) + case _SC_LEVEL1_ICACHE_SIZE: + return cpu_features->level1_icache_size; + ++ case _SC_LEVEL1_ICACHE_LINESIZE: ++ return cpu_features->level1_icache_linesize; ++ + case _SC_LEVEL1_DCACHE_SIZE: + return cpu_features->level1_dcache_size; + +diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h +index a31fa0783a..7cd00b92f1 100644 +--- a/sysdeps/x86/dl-cacheinfo.h ++++ b/sysdeps/x86/dl-cacheinfo.h +@@ -707,6 +707,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) + long int core; + unsigned int threads = 0; + unsigned long int level1_icache_size = -1; ++ unsigned long int level1_icache_linesize = -1; + unsigned long int level1_dcache_size = -1; + unsigned long int level1_dcache_assoc = -1; + unsigned long int level1_dcache_linesize = -1; +@@ -726,6 +727,8 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) + + level1_icache_size + = handle_intel (_SC_LEVEL1_ICACHE_SIZE, cpu_features); ++ level1_icache_linesize ++ = handle_intel (_SC_LEVEL1_ICACHE_LINESIZE, cpu_features); + level1_dcache_size = data; + level1_dcache_assoc + = handle_intel (_SC_LEVEL1_DCACHE_ASSOC, cpu_features); +@@ -753,6 +756,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) + shared = handle_zhaoxin (_SC_LEVEL3_CACHE_SIZE); + + level1_icache_size = handle_zhaoxin (_SC_LEVEL1_ICACHE_SIZE); ++ level1_icache_linesize = handle_zhaoxin (_SC_LEVEL1_ICACHE_LINESIZE); + level1_dcache_size = data; + level1_dcache_assoc = handle_zhaoxin (_SC_LEVEL1_DCACHE_ASSOC); + level1_dcache_linesize = handle_zhaoxin (_SC_LEVEL1_DCACHE_LINESIZE); +@@ -772,6 +776,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) + shared = handle_amd (_SC_LEVEL3_CACHE_SIZE); + + level1_icache_size = handle_amd (_SC_LEVEL1_ICACHE_SIZE); ++ level1_icache_linesize = handle_amd (_SC_LEVEL1_ICACHE_LINESIZE); + level1_dcache_size = data; + level1_dcache_assoc = handle_amd (_SC_LEVEL1_DCACHE_ASSOC); + level1_dcache_linesize = handle_amd (_SC_LEVEL1_DCACHE_LINESIZE); +@@ -833,6 +838,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) + } + + cpu_features->level1_icache_size = level1_icache_size; ++ cpu_features->level1_icache_linesize = level1_icache_linesize; + cpu_features->level1_dcache_size = level1_dcache_size; + cpu_features->level1_dcache_assoc = level1_dcache_assoc; + cpu_features->level1_dcache_linesize = level1_dcache_linesize; +diff --git a/sysdeps/x86/include/cpu-features.h b/sysdeps/x86/include/cpu-features.h +index 624736b40e..39a3f4f311 100644 +--- a/sysdeps/x86/include/cpu-features.h ++++ b/sysdeps/x86/include/cpu-features.h +@@ -874,6 +874,8 @@ struct cpu_features + unsigned long int rep_stosb_threshold; + /* _SC_LEVEL1_ICACHE_SIZE. */ + unsigned long int level1_icache_size; ++ /* _SC_LEVEL1_ICACHE_LINESIZE. */ ++ unsigned long int level1_icache_linesize; + /* _SC_LEVEL1_DCACHE_SIZE. */ + unsigned long int level1_dcache_size; + /* _SC_LEVEL1_DCACHE_ASSOC. */ +diff --git a/sysdeps/x86/tst-sysconf-cache-linesize-static.c b/sysdeps/x86/tst-sysconf-cache-linesize-static.c +new file mode 100644 +index 0000000000..152ae68821 +--- /dev/null ++++ b/sysdeps/x86/tst-sysconf-cache-linesize-static.c +@@ -0,0 +1 @@ ++#include "tst-sysconf-cache-linesize.c" +diff --git a/sysdeps/x86/tst-sysconf-cache-linesize.c b/sysdeps/x86/tst-sysconf-cache-linesize.c +new file mode 100644 +index 0000000000..642dbde5d2 +--- /dev/null ++++ b/sysdeps/x86/tst-sysconf-cache-linesize.c +@@ -0,0 +1,57 @@ ++/* Test system cache line sizes. ++ Copyright (C) 2021 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++static struct ++{ ++ const char *name; ++ int _SC_val; ++} sc_options[] = ++ { ++#define N(name) { "_SC_"#name, _SC_##name } ++ N (LEVEL1_ICACHE_LINESIZE), ++ N (LEVEL1_DCACHE_LINESIZE), ++ N (LEVEL2_CACHE_LINESIZE) ++ }; ++ ++static int ++do_test (void) ++{ ++ int result = EXIT_SUCCESS; ++ ++ for (int i = 0; i < array_length (sc_options); ++i) ++ { ++ long int scret = sysconf (sc_options[i]._SC_val); ++ if (scret < 0) ++ { ++ printf ("sysconf (%s) returned < 0 (%ld)\n", ++ sc_options[i].name, scret); ++ result = EXIT_FAILURE; ++ } ++ else ++ printf ("sysconf (%s): %ld\n", sc_options[i].name, scret); ++ } ++ ++ return result; ++} ++ ++#include diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0035-Fix-build-error.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0035-Fix-build-error.patch new file mode 100644 index 000000000..6cf56c64f --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0035-Fix-build-error.patch @@ -0,0 +1,26 @@ +From 2a246ee8129e7cd4660fe76f7ab656191be7bc5e Mon Sep 17 00:00:00 2001 +From: Jae Hyun Yoo +Date: Thu, 11 Mar 2021 11:23:00 -0800 +Subject: [PATCH] Fix build error + +Signed-off-by: Jae Hyun Yoo +--- + stdlib/canonicalize.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c +index 698f9ede2557..cac1f73d7471 100644 +--- a/stdlib/canonicalize.c ++++ b/stdlib/canonicalize.c +@@ -198,7 +198,7 @@ static char * + realpath_stk (const char *name, char *resolved, + struct scratch_buffer *rname_buf) + { +- char *dest; ++ char *dest = NULL; + char const *start; + char const *end; + int num_links = 0; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch new file mode 100644 index 000000000..5e1bc958b --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch @@ -0,0 +1,54 @@ +From 42d359350510506b87101cf77202fefcbfc790cb Mon Sep 17 00:00:00 2001 +From: Andreas Schwab +Date: Thu, 27 May 2021 12:49:47 +0200 +Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896) + +Make a deep copy of the pthread attribute object to remove a potential +use-after-free issue. +--- + sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c +index cc575a0cdd..f7ddfe5a6c 100644 +--- a/sysdeps/unix/sysv/linux/mq_notify.c ++++ b/sysdeps/unix/sysv/linux/mq_notify.c +@@ -133,8 +133,11 @@ helper_thread (void *arg) + (void) __pthread_barrier_wait (¬ify_barrier); + } + else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED) +- /* The only state we keep is the copy of the thread attributes. */ +- free (data.attr); ++ { ++ /* The only state we keep is the copy of the thread attributes. */ ++ pthread_attr_destroy (data.attr); ++ free (data.attr); ++ } + } + return NULL; + } +@@ -255,8 +258,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) + if (data.attr == NULL) + return -1; + +- memcpy (data.attr, notification->sigev_notify_attributes, +- sizeof (pthread_attr_t)); ++ __pthread_attr_copy (data.attr, notification->sigev_notify_attributes); + } + + /* Construct the new request. */ +@@ -270,7 +272,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) + + /* If it failed, free the allocated memory. */ + if (__glibc_unlikely (retval != 0)) +- free (data.attr); ++ { ++ pthread_attr_destroy (data.attr); ++ free (data.attr); ++ } + + return retval; + } +-- +2.27.0 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch new file mode 100644 index 000000000..447943a46 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch @@ -0,0 +1,52 @@ +From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Tue, 1 Jun 2021 17:51:41 +0200 +Subject: [PATCH] Fix use of __pthread_attr_copy in mq_notify (bug 27896) + +__pthread_attr_copy can fail and does not initialize the attribute +structure in that case. + +If __pthread_attr_copy is never called and there is no allocated +attribute, pthread_attr_destroy should not be called, otherwise +there is a null pointer dereference in rt/tst-mqueue6. + +Fixes commit 42d359350510506b87101cf77202fefcbfc790cb +("Use __pthread_attr_copy in mq_notify (bug 27896)"). + +Reviewed-by: Siddhesh Poyarekar +--- + sysdeps/unix/sysv/linux/mq_notify.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c +index f7ddfe5a6c..6f46d29d1d 100644 +--- a/sysdeps/unix/sysv/linux/mq_notify.c ++++ b/sysdeps/unix/sysv/linux/mq_notify.c +@@ -258,7 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) + if (data.attr == NULL) + return -1; + +- __pthread_attr_copy (data.attr, notification->sigev_notify_attributes); ++ int ret = __pthread_attr_copy (data.attr, ++ notification->sigev_notify_attributes); ++ if (ret != 0) ++ { ++ free (data.attr); ++ __set_errno (ret); ++ return -1; ++ } + } + + /* Construct the new request. */ +@@ -271,7 +278,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) + int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se); + + /* If it failed, free the allocated memory. */ +- if (__glibc_unlikely (retval != 0)) ++ if (retval != 0 && data.attr != NULL) + { + pthread_attr_destroy (data.attr); + free (data.attr); +-- +2.27.0 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/CVE-2021-27645.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/CVE-2021-27645.patch new file mode 100644 index 000000000..26c5c0d2a --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/CVE-2021-27645.patch @@ -0,0 +1,51 @@ +From dca565886b5e8bd7966e15f0ca42ee5cff686673 Mon Sep 17 00:00:00 2001 +From: DJ Delorie +Date: Thu, 25 Feb 2021 16:08:21 -0500 +Subject: [PATCH] nscd: Fix double free in netgroupcache [BZ #27462] + +In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free +was fixed, but this led to an occasional double-free. This patch +tracks the "live" allocation better. + +Tested manually by a third party. + +Related: RHBZ 1927877 + +Reviewed-by: Siddhesh Poyarekar +Reviewed-by: Carlos O'Donell + +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673] + +CVE: CVE-2021-27645 + +Reviewed-by: Carlos O'Donell +Signed-off-by: Khairul Rohaizzat Jamaluddin +--- + nscd/netgroupcache.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index dba6ceec1b..ad2daddafd 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -248,7 +248,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + : NULL); + ndomain = (ndomain ? newbuf + ndomaindiff + : NULL); +- buffer = newbuf; ++ *tofreep = buffer = newbuf; + } + + nhost = memcpy (buffer + bufused, +@@ -319,7 +319,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE) + { + buflen *= 2; +- buffer = xrealloc (buffer, buflen); ++ *tofreep = buffer = xrealloc (buffer, buflen); + } + else if (status == NSS_STATUS_RETURN + || status == NSS_STATUS_NOTFOUND +-- +2.27.0 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/check-test-wrapper b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/check-test-wrapper new file mode 100644 index 000000000..f8e04e02d --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/check-test-wrapper @@ -0,0 +1,71 @@ +#!/usr/bin/env python3 +import sys +import os +import subprocess + +env = os.environ.copy() +args = sys.argv[1:] +targettype = args.pop(0) + +if targettype == "user": + qemuargs = os.environ.get("QEMU_OPTIONS", "").split() + if not os.path.exists(qemuargs[0]): + # ensure qemu args has a valid absolute path + for i in os.environ.get("PATH", "").split(":"): + if os.path.exists(os.path.join(i, qemuargs[0])): + qemuargs[0] = os.path.join(i, qemuargs[0]) + break + sysroot = os.environ.get("QEMU_SYSROOT", None) + if not sysroot: + sys.exit(-1) + libpaths = [sysroot + "/usr/lib", sysroot + "/lib"] + + if args[0] == "env": + args.pop(0) + if len(args) == 0: + args = ["env"] + else: + # process options + while args[0].startswith("-"): + opt = args.pop(0).lstrip("-") + if "i" in opt: + env.clear() + # process environment vars + while "=" in args[0]: + key, val = args.pop(0).split("=", 1) + if key == "LD_LIBRARY_PATH": + libpaths += val.split(":") + else: + env[key] = val + if args[0] == "cp": + # ignore copies, the filesystem is the same + sys.exit(0) + + qemuargs += ["-L", sysroot] + qemuargs += ["-E", "LD_LIBRARY_PATH={}".format(":".join(libpaths))] + command = qemuargs + args +elif targettype == "ssh": + host = os.environ.get("SSH_HOST", None) + user = os.environ.get("SSH_HOST_USER", None) + port = os.environ.get("SSH_HOST_PORT", None) + + command = ["ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"] + if port: + command += ["-p", str(port)] + if not host: + sys.exit(-1) + command += ["{}@{}".format(user, host) if user else host] + + # wrap and replace quotes for correct transformation on ssh + wrapped = " ".join(["'{0}'".format(i.replace("'", r"'\''")) for i in ["cd", os.getcwd()]]) + "; " + wrapped += " ".join(["'{0}'".format(i.replace("'", r"'\''")) for i in args]) + command += ["sh", "-c", "\"{}\"".format(wrapped)] +else: + sys.exit(-1) + +try: + r = subprocess.run(command, timeout = 1800, env = env) + sys.exit(r.returncode) +except subprocess.TimeoutExpired: + sys.exit(-1) + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/etc/ld.so.conf b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/etc/ld.so.conf new file mode 100644 index 000000000..83327c01b --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/etc/ld.so.conf @@ -0,0 +1 @@ +include /etc/ld.so.conf.d/*.conf diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/faccessat2-perm.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/faccessat2-perm.patch new file mode 100644 index 000000000..2ee7110ca --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/faccessat2-perm.patch @@ -0,0 +1,31 @@ +Older seccomp-based filters used in container frameworks will block faccessat2 +calls as it's a relatively new syscall. This isn't a big problem with +glibc <2.33 but 2.33 will call faccessat2 itself, get EPERM, and thenn be confused +about what to do as EPERM isn't an expected error code. + +This manifests itself as mysterious errors, for example a kernel failing to link. + +The root cause of bad seccomp filters is mostly fixed (systemd 247, Docker 20.10.0) +but we can't expect everyone to upgrade, so add a workaound (originally from +Red Hat) to handle EPERM like ENOSYS and fallback to faccessat(). + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton + +diff --git a/sysdeps/unix/sysv/linux/faccessat.c b/sysdeps/unix/sysv/linux/faccessat.c +index 56cb6dcc8b4d58d3..5de75032bbc93a2c 100644 +--- a/sysdeps/unix/sysv/linux/faccessat.c ++++ b/sysdeps/unix/sysv/linux/faccessat.c +@@ -34,7 +34,11 @@ faccessat (int fd, const char *file, int mode, int flag) + #if __ASSUME_FACCESSAT2 + return ret; + #else +- if (ret == 0 || errno != ENOSYS) ++ /* Fedora-specific workaround: ++ As a workround for a broken systemd-nspawn that returns ++ EPERM when a syscall is not allowed instead of ENOSYS ++ we must check for EPERM here and fall back to faccessat. */ ++ if (ret == 0 || !(errno == ENOSYS || errno == EPERM)) + return ret; + + if (flag & ~(AT_SYMLINK_NOFOLLOW | AT_EACCESS)) diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/generate-supported.mk b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/generate-supported.mk new file mode 100644 index 000000000..d2a28c2dc --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/generate-supported.mk @@ -0,0 +1,11 @@ +#!/usr/bin/make + +include $(IN) + +all: + rm -f $(OUT) + touch $(OUT) + for locale in $(SUPPORTED-LOCALES); do \ + [ $$locale = true ] && continue; \ + echo $$locale | sed 's,/, ,' >> $(OUT); \ + done diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/makedbs.sh b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/makedbs.sh new file mode 100755 index 000000000..7d51a6735 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/makedbs.sh @@ -0,0 +1,177 @@ +#!/bin/sh + +# +# Make passwd.db, group.db, etc. +# + +VAR_DB=/var/db + +# Use make if available +if [ -x /usr/bin/make -o -x /bin/make ]; then + make -C $VAR_DB + exit 0 +fi + +# No make available, do it in hard way + +# passwd.db +if [ -e /etc/passwd ]; then +target=$VAR_DB/passwd.db +echo -n "passwd... " +awk 'BEGIN { FS=":"; OFS=":" } \ + /^[ \t]*$$/ { next } \ + /^[ \t]*#/ { next } \ + /^[^#]/ { printf ".%s ", $$1; print; \ + printf "=%s ", $$3; print }' /etc/passwd | \ +makedb --quiet -o $target - +echo "done." +fi + +# group.db +if [ -e /etc/group ]; then +target=$VAR_DB/group.db +echo -n "group... " +awk 'BEGIN { FS=":"; OFS=":" } \ + /^[ \t]*$$/ { next } \ + /^[ \t]*#/ { next } \ + /^[^#]/ { printf ".%s ", $$1; print; \ + printf "=%s ", $$3; print; \ + if ($$4 != "") { \ + split($$4, grmems, ","); \ + for (memidx in grmems) { \ + mem=grmems[memidx]; \ + if (members[mem] == "") \ + members[mem]=$$3; \ + else \ + members[mem]=members[mem] "," $$3; \ + } \ + delete grmems; } } \ + END { for (mem in members) \ + printf ":%s %s %s\n", mem, mem, members[mem]; }' /etc/group | \ +makedb --quiet -o $target - +echo "done." +fi + +# ethers.db +if [ -e /etc/ethers ]; then +target=$VAR_DB/ethers.db +echo -n "ethers... " +awk '/^[ \t]*$$/ { next } \ + /^[ \t]*#/ { next } \ + /^[^#]/ { printf ".%s ", $$1; print; \ + printf "=%s ", $$2; print }' /etc/ethers | \ +makedb --quiet -o $target - +echo "done." +fi + +# protocols.db +if [ -e /etc/protocols ]; then +target=$VAR_DB/protocols.db +echo -n "protocols... " +awk '/^[ \t]*$$/ { next } \ + /^[ \t]*#/ { next } \ + /^[^#]/ { printf ".%s ", $$1; print; \ + printf "=%s ", $$2; print; \ + for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \ + { printf ".%s ", $$i; print } }' /etc/protocols | \ +makedb --quiet -o $target - +echo "done." +fi + +# rpc.db +if [ -e /etc/rpc ]; then +target=$VAR_DB/rpc.db +echo -n "rpc... " +awk '/^[ \t]*$$/ { next } \ + /^[ \t]*#/ { next } \ + /^[^#]/ { printf ".%s ", $$1; print; \ + printf "=%s ", $$2; print; \ + for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \ + { printf ".%s ", $$i; print } }' /etc/rpc | \ +makedb --quiet -o $target - +echo "done." +fi + +# services.db +if [ -e /etc/services ]; then +target=$VAR_DB/services.db +echo -n "services... " +awk 'BEGIN { FS="[ \t/]+" } \ + /^[ \t]*$$/ { next } \ + /^[ \t]*#/ { next } \ + /^[^#]/ { sub(/[ \t]*#.*$$/, "");\ + printf ":%s/%s ", $$1, $$3; print; \ + printf ":%s/ ", $$1; print; \ + printf "=%s/%s ", $$2, $$3; print; \ + printf "=%s/ ", $$2; print; \ + for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \ + { printf ":%s/%s ", $$i, $$3; print; \ + printf ":%s/ ", $$i; print } }' /etc/services | \ +makedb --quiet -o $target - +echo "done." +fi + +# shadow.db +if [ -e /etc/shadow ]; then +target=$VAR_DB/shadow.db +echo -n "shadow... " +awk 'BEGIN { FS=":"; OFS=":" } \ + /^[ \t]*$$/ { next } \ + /^[ \t]*#/ { next } \ + /^[^#]/ { printf ".%s ", $$1; print }' /etc/shadow | \ +(umask 077 && makedb --quiet -o $target -) +echo "done." +if chgrp shadow $target 2>/dev/null; then + chmod g+r $target +else + chown 0 $target; chgrp 0 $target; chmod 600 $target; + echo + echo "Warning: The shadow password database $target" + echo "has been set to be readable only by root. You may want" + echo "to make it readable by the \`shadow' group depending" + echo "on your configuration." + echo +fi +fi + +# gshadow.db +if [ -e /etc/gshadow ]; then +target=$VAR_DB/gshadow.db +echo -n "gshadow... " +awk 'BEGIN { FS=":"; OFS=":" } \ + /^[ \t]*$$/ { next } \ + /^[ \t]*#/ { next } \ + /^[^#]/ { printf ".%s ", $$1; print }' /etc/gshadow | \ +(umask 077 && makedb --quiet -o $target -) +echo "done." +if chgrp shadow $target 2>/dev/null; then + chmod g+r $target +else + chown 0 $target; chgrp 0 $target; chmod 600 $target + echo + echo "Warning: The shadow group database $target" + echo "has been set to be readable only by root. You may want" + echo "to make it readable by the \`shadow' group depending" + echo "on your configuration." + echo +fi +fi + +# netgroup.db +if [ -e /etc/netgroup ]; then +target=$VAR_DB/netgroup.db +echo -n "netgroup... " +awk 'BEGIN { ini=1 } \ + /^[ \t]*$$/ { next } \ + /^[ \t]*#/ { next } \ + /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \ + else end=""; \ + gsub(/[ \t]+/, " "); \ + sub(/^[ \t]*/, ""); \ + if (ini == 0) printf "%s%s", $$0, end; \ + else printf ".%s %s%s", $$1, $$0, end; \ + ini=end == "" ? 0 : 1; } \ + END { if (ini==0) printf "\n" }' /etc/netgroup | \ +makedb --quiet -o $target +echo "done." +fi diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend deleted file mode 100644 index 3fa99af0a..000000000 --- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend +++ /dev/null @@ -1,5 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRC_URI += "file://0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch \ - file://0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch \ - " diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb new file mode 100644 index 000000000..5c4d944b0 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb @@ -0,0 +1,126 @@ +require glibc.inc +require glibc-version.inc + +CVE_CHECK_WHITELIST += "CVE-2020-10029" + +DEPENDS += "gperf-native bison-native make-native" + +NATIVESDKFIXES ?= "" +NATIVESDKFIXES_class-nativesdk = "\ + file://0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch \ + file://0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \ + file://0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \ + file://0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \ + file://0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch \ + file://faccessat2-perm.patch \ +" + +SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ + file://etc/ld.so.conf \ + file://generate-supported.mk \ + file://makedbs.sh \ + \ + ${NATIVESDKFIXES} \ + file://0008-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch \ + file://0009-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch \ + file://0010-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \ + file://0011-Quote-from-bug-1443-which-explains-what-the-patch-do.patch \ + file://0012-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \ + file://0013-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \ + file://0014-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch \ + file://0015-yes-within-the-path-sets-wrong-config-variables.patch \ + file://0016-timezone-re-written-tzselect-as-posix-sh.patch \ + file://0017-Remove-bash-dependency-for-nscd-init-script.patch \ + file://0018-eglibc-Cross-building-and-testing-instructions.patch \ + file://0019-eglibc-Help-bootstrap-cross-toolchain.patch \ + file://0020-eglibc-Resolve-__fpscr_values-on-SH4.patch \ + file://0021-eglibc-Forward-port-cross-locale-generation-support.patch \ + file://0022-Define-DUMMY_LOCALE_T-if-not-defined.patch \ + file://0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch \ + file://0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \ + file://0025-intl-Emit-no-lines-in-bison-generated-files.patch \ + file://0027-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ + file://0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \ + file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \ + file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ + file://0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch \ + file://0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch \ + file://0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch \ + file://CVE-2021-27645.patch \ + file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \ + file://0035-Fix-build-error.patch \ + file://0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch \ + file://0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch \ + " +S = "${WORKDIR}/git" +B = "${WORKDIR}/build-${TARGET_SYS}" + +PACKAGES_DYNAMIC = "" + +# the -isystem in bitbake.conf screws up glibc do_stage +BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}" +TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir}" + +GLIBC_BROKEN_LOCALES = "" + +GLIBCPIE ??= "" + +EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \ + --disable-profile \ + --disable-debug --without-gd \ + --enable-clocale=gnu \ + --with-headers=${STAGING_INCDIR} \ + --without-selinux \ + --enable-tunables \ + --enable-bind-now \ + --enable-stack-protector=strong \ + --enable-stackguard-randomization \ + --disable-crypt \ + --with-default-link \ + ${@bb.utils.contains_any('SELECTED_OPTIMIZATION', '-O0 -Og', '--disable-werror', '', d)} \ + ${GLIBCPIE} \ + ${GLIBC_EXTRA_OECONF}" + +EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}" + +EXTRA_OECONF_append_x86 = " --enable-cet" +EXTRA_OECONF_append_x86-64 = " --enable-cet" + +PACKAGECONFIG ??= "nscd" +PACKAGECONFIG[nscd] = "--enable-nscd,--disable-nscd" + +do_patch_append() { + bb.build.exec_func('do_fix_readlib_c', d) +} + +do_fix_readlib_c () { + sed -i -e 's#OECORE_KNOWN_INTERPRETER_NAMES#${EGLIBC_KNOWN_INTERPRETER_NAMES}#' ${S}/elf/readlib.c +} + +do_configure () { +# override this function to avoid the autoconf/automake/aclocal/autoheader +# calls for now +# don't pass CPPFLAGS into configure, since it upsets the kernel-headers +# version check and doesn't really help with anything + (cd ${S} && gnu-configize) || die "failure in running gnu-configize" + find ${S} -name "configure" | xargs touch + CPPFLAGS="" oe_runconf +} + +LDFLAGS += "-fuse-ld=bfd" +do_compile () { + base_do_compile + echo "Adjust ldd script" + if [ -n "${RTLDLIST}" ] + then + prevrtld=`cat ${B}/elf/ldd | grep "^RTLDLIST=" | sed 's#^RTLDLIST="\?\([^"]*\)"\?$#\1#'` + # remove duplicate entries + newrtld=`echo $(printf '%s\n' ${prevrtld} ${RTLDLIST} | LC_ALL=C sort -u)` + echo "ldd \"${prevrtld} ${RTLDLIST}\" -> \"${newrtld}\"" + sed -i ${B}/elf/ldd -e "s#^RTLDLIST=.*\$#RTLDLIST=\"${newrtld}\"#" + fi +} + +require glibc-package.inc + +BBCLASSEXTEND = "nativesdk" diff --git a/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch new file mode 100644 index 000000000..15ecbe477 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch @@ -0,0 +1,29 @@ +From 099016b7e8d70a6d5dd814e788bba08d33d48426 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Mon, 4 May 2020 19:41:16 +0200 +Subject: [PATCH] Protect array_list_del_idx against size_t overflow. + +If the assignment of stop overflows due to idx and count being +larger than SIZE_T_MAX in sum, out of boundary access could happen. + +It takes invalid usage of this function for this to happen, but +I decided to add this check so array_list_del_idx is as safe against +bad usage as the other arraylist functions. +--- + arraylist.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/arraylist.c b/arraylist.c +index 12ad8af6d3..e5524aca75 100644 +--- a/arraylist.c ++++ b/arraylist.c +@@ -136,6 +136,9 @@ int array_list_del_idx(struct array_list *arr, size_t idx, size_t count) + { + size_t i, stop; + ++ /* Avoid overflow in calculation with large indices. */ ++ if (idx > SIZE_T_MAX - count) ++ return -1; + stop = idx + count; + if (idx >= arr->length || stop > arr->length) + return -1; diff --git a/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0002-Prevent-division-by-zero-in-linkhash.patch b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0002-Prevent-division-by-zero-in-linkhash.patch new file mode 100644 index 000000000..447dfe776 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0002-Prevent-division-by-zero-in-linkhash.patch @@ -0,0 +1,34 @@ +From 77d935b7ae7871a1940cd827e850e6063044ec45 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Mon, 4 May 2020 19:46:45 +0200 +Subject: [PATCH] Prevent division by zero in linkhash. + +If a linkhash with a size of zero is created, then modulo operations +are prone to division by zero operations. + +Purely protective measure against bad usage. +--- + linkhash.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/linkhash.c b/linkhash.c +index 7ea58c0abf..f05cc38030 100644 +--- a/linkhash.c ++++ b/linkhash.c +@@ -12,6 +12,7 @@ + + #include "config.h" + ++#include + #include + #include + #include +@@ -499,6 +500,8 @@ struct lh_table *lh_table_new(int size, lh_entry_free_fn *free_fn, lh_hash_fn *h + int i; + struct lh_table *t; + ++ /* Allocate space for elements to avoid divisions by zero. */ ++ assert(size > 0); + t = (struct lh_table*)calloc(1, sizeof(struct lh_table)); + if (!t) + return NULL; diff --git a/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0003-Fix-integer-overflows.patch b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0003-Fix-integer-overflows.patch new file mode 100644 index 000000000..c94430210 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0003-Fix-integer-overflows.patch @@ -0,0 +1,90 @@ +From d07b91014986900a3a75f306d302e13e005e9d67 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Mon, 4 May 2020 19:47:25 +0200 +Subject: [PATCH] Fix integer overflows. + +The data structures linkhash and printbuf are limited to 2 GB in size +due to a signed integer being used to track their current size. + +If too much data is added, then size variable can overflow, which is +an undefined behaviour in C programming language. + +Assuming that a signed int overflow just leads to a negative value, +like it happens on many sytems (Linux i686/amd64 with gcc), then +printbuf is vulnerable to an out of boundary write on 64 bit systems. +--- + linkhash.c | 7 +++++-- + printbuf.c | 19 ++++++++++++++++--- + 2 files changed, 21 insertions(+), 5 deletions(-) + +diff --git a/linkhash.c b/linkhash.c +index f05cc38030..51e90b13a2 100644 +--- a/linkhash.c ++++ b/linkhash.c +@@ -580,9 +580,12 @@ int lh_table_insert_w_hash(struct lh_table *t, const void *k, const void *v, con + { + unsigned long n; + +- if (t->count >= t->size * LH_LOAD_FACTOR) +- if (lh_table_resize(t, t->size * 2) != 0) ++ if (t->count >= t->size * LH_LOAD_FACTOR) { ++ /* Avoid signed integer overflow with large tables. */ ++ int new_size = INT_MAX / 2 < t->size ? t->size * 2 : INT_MAX; ++ if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0) + return -1; ++ } + + n = h % t->size; + +diff --git a/printbuf.c b/printbuf.c +index 976c12dde5..00822fac4f 100644 +--- a/printbuf.c ++++ b/printbuf.c +@@ -15,6 +15,7 @@ + + #include "config.h" + ++#include + #include + #include + #include +@@ -65,10 +66,16 @@ static int printbuf_extend(struct printbuf *p, int min_size) + + if (p->size >= min_size) + return 0; +- +- new_size = p->size * 2; +- if (new_size < min_size + 8) ++ /* Prevent signed integer overflows with large buffers. */ ++ if (min_size > INT_MAX - 8) ++ return -1; ++ if (p->size > INT_MAX / 2) + new_size = min_size + 8; ++ else { ++ new_size = p->size * 2; ++ if (new_size < min_size + 8) ++ new_size = min_size + 8; ++ } + #ifdef PRINTBUF_DEBUG + MC_DEBUG("printbuf_memappend: realloc " + "bpos=%d min_size=%d old_size=%d new_size=%d\n", +@@ -83,6 +90,9 @@ static int printbuf_extend(struct printbuf *p, int min_size) + + int printbuf_memappend(struct printbuf *p, const char *buf, int size) + { ++ /* Prevent signed integer overflows with large buffers. */ ++ if (size > INT_MAX - p->bpos - 1) ++ return -1; + if (p->size <= p->bpos + size + 1) { + if (printbuf_extend(p, p->bpos + size + 1) < 0) + return -1; +@@ -100,6 +110,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len) + + if (offset == -1) + offset = pb->bpos; ++ /* Prevent signed integer overflows with large buffers. */ ++ if (len > INT_MAX - offset) ++ return -1; + size_needed = offset + len; + if (pb->size < size_needed) + { diff --git a/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c_%.bbappend b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c_%.bbappend new file mode 100644 index 000000000..40d7250c3 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c_%.bbappend @@ -0,0 +1,6 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://0001-Protect-array_list_del_idx-against-size_t-overflow.patch \ + file://0002-Prevent-division-by-zero-in-linkhash.patch \ + file://0003-Fix-integer-overflows.patch \ + " diff --git a/meta-openbmc-mods/meta-common/recipes-intel/host-misc-comm-manager/host-misc-comm-manager_git.bb b/meta-openbmc-mods/meta-common/recipes-intel/host-misc-comm-manager/host-misc-comm-manager_git.bb index 1a55391f9..35b641986 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/host-misc-comm-manager/host-misc-comm-manager_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-intel/host-misc-comm-manager/host-misc-comm-manager_git.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" SRC_URI = "git://github.com/Intel-BMC/host-misc-comm-manager.git;protocol=ssh" -SRCREV = "17481c639999cda1bfc999fe1703290425c7ce45" +SRCREV = "9cdaeb8f63889f63d315ecd0e94b364e8cba883a" inherit cmake systemd SYSTEMD_SERVICE_${PN} = "xyz.openbmc_project.Host.Misc.Manager.service" diff --git a/meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch b/meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch new file mode 100644 index 000000000..23b805b87 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch @@ -0,0 +1,73 @@ +From 5829d9e6e1956ebb34ed8a723b0758146529459f Mon Sep 17 00:00:00 2001 +From: AppaRao Puli +Date: Wed, 7 Oct 2020 22:42:26 +0530 +Subject: [PATCH] disable PSU cold redundancy + +In RP platforms, single PSU also considered as +valid configuration. We don't have user configuration +option to enable/disable PSU cold redundancy. So +it should be disabled by default to avoid issues in +Rp platforms. +Also make sure if persistent config already set this +to true, make it to false. + +This avoids unwanted critical event logs and +unexpected LED status for RP platforms where +single PSU also considered as valid config. + +Tested: + - Rebooted BMC and observed no CR event logs and + no amber blocking of status LED. + - Set the persistent store to true, rebooted + BMC and value changed back to disabled. + +Change-Id: Ie0f1f3f8daa95593af6db698d65ea804cebfee87 +Signed-off-by: AppaRao Puli +--- + src/cold_redundancy.cpp | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/cold_redundancy.cpp b/src/cold_redundancy.cpp +index d64a9e3..3bfd37f 100644 +--- a/src/cold_redundancy.cpp ++++ b/src/cold_redundancy.cpp +@@ -76,8 +76,9 @@ ColdRedundancy::ColdRedundancy( + std::cerr << "error initializing assoc interface\n"; + } + ++ // For RP platforms, default cold redundancy should be disabled. ++ powerSupplyRedundancyEnabled(false); + // set default configuration +- powerSupplyRedundancyEnabled(true); + rotationEnabled(true); + periodOfRotation(7 * oneDay); + rotationAlgorithm(Algo::bmcSpecific); +@@ -109,6 +110,14 @@ ColdRedundancy::ColdRedundancy( + return; + } + ++ // For RP platforms, cold redundancy should be disabled. ++ // If its already set to true in persistent area, Lets ++ // override to false during bootup. ++ if (*redundancyEnabled) ++ { ++ *redundancyEnabled = false; ++ } ++ + if (*period >= minRotationPeriod && *period <= maxRotationPeriod) + { + periodOfRotation(*period); +@@ -867,6 +876,10 @@ void ColdRedundancy::readPmbus(uint8_t bus, uint8_t slaveAddr, int& value) + + void ColdRedundancy::checkRedundancyEvent() + { ++ if (!crSupported || !powerSupplyRedundancyEnabled()) ++ { ++ return; ++ } + puRedundantTimer.expires_after(std::chrono::seconds(2)); + puRedundantTimer.async_wait([this](const boost::system::error_code& ec) { + if (ec == boost::asio::error::operation_aborted) +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb b/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb index 5a5604524..31daf1b51 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb +++ b/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb @@ -2,7 +2,7 @@ SUMMARY = "SMBIOS MDR version 2 service for Intel based platform" DESCRIPTION = "SMBIOS MDR version 2 service for Intel based platfrom" SRC_URI = "git://github.com/Intel-BMC/mdrv2.git;protocol=ssh" -SRCREV = "4478c25423287575ebe2c579aea3da0150f2b735" +SRCREV = "3ba68e4fd97aac7511fab8eff6c5afc259ee1b6a" S = "${WORKDIR}/git" diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27815/0001-jfs-Fix-array-index-bounds-check-in-dbAdjTree.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27815/0001-jfs-Fix-array-index-bounds-check-in-dbAdjTree.patch new file mode 100644 index 000000000..013f21a39 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27815/0001-jfs-Fix-array-index-bounds-check-in-dbAdjTree.patch @@ -0,0 +1,35 @@ +From c2032bf94ba4fb15db0c277614338d377fe430d2 Mon Sep 17 00:00:00 2001 +From: Dave Kleikamp +Date: Fri, 13 Nov 2020 14:58:46 -0600 +Subject: [PATCH] jfs: Fix array index bounds check in dbAdjTree + +commit c61b3e4839007668360ed8b87d7da96d2e59fc6c upstream. + +Bounds checking tools can flag a bug in dbAdjTree() for an array index +out of bounds in dmt_stree. Since dmt_stree can refer to the stree in +both structures dmaptree and dmapctl, use the larger array to eliminate +the false positive. + +Signed-off-by: Dave Kleikamp +Reported-by: butt3rflyh4ck +Signed-off-by: Greg Kroah-Hartman +--- + fs/jfs/jfs_dmap.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/jfs/jfs_dmap.h b/fs/jfs/jfs_dmap.h +index 29891fad3f09..aa03a904d5ab 100644 +--- a/fs/jfs/jfs_dmap.h ++++ b/fs/jfs/jfs_dmap.h +@@ -183,7 +183,7 @@ typedef union dmtree { + #define dmt_leafidx t1.leafidx + #define dmt_height t1.height + #define dmt_budmin t1.budmin +-#define dmt_stree t1.stree ++#define dmt_stree t2.stree + + /* + * on-disk aggregate disk allocation map descriptor. +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-28588/0001-lib-syscall-fix-syscall-registers-retrieval-on-32-bi.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-28588/0001-lib-syscall-fix-syscall-registers-retrieval-on-32-bi.patch new file mode 100644 index 000000000..dc2ae62fc --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-28588/0001-lib-syscall-fix-syscall-registers-retrieval-on-32-bi.patch @@ -0,0 +1,62 @@ +From 4f134b89a24b965991e7c345b9a4591821f7c2a6 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Mon, 30 Nov 2020 08:36:48 +0100 +Subject: [PATCH] lib/syscall: fix syscall registers retrieval on 32-bit + platforms + +Lilith >_> and Claudio Bozzato of Cisco Talos security team reported +that collect_syscall() improperly casts the syscall registers to 64-bit +values leaking the uninitialized last 24 bytes on 32-bit platforms, that +are visible in /proc/self/syscall. + +The cause is that info->data.args are u64 while syscall_get_arguments() +uses longs, as hinted by the bogus pointer cast in the function. + +Let's just proceed like the other call places, by retrieving the +registers into an array of longs before assigning them to the caller's +array. This was successfully tested on x86_64, i386 and ppc32. + +Reference: CVE-2020-28588, TALOS-2020-1211 +Fixes: 631b7abacd02 ("ptrace: Remove maxargs from task_current_syscall()") +Cc: Greg KH +Reviewed-by: Kees Cook +Tested-by: Michael Ellerman (ppc32) +Signed-off-by: Willy Tarreau +Reviewed-by: Thomas Gleixner +Signed-off-by: Linus Torvalds +--- + lib/syscall.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/lib/syscall.c b/lib/syscall.c +index 8533d2fea2d7..ba13e924c430 100644 +--- a/lib/syscall.c ++++ b/lib/syscall.c +@@ -7,6 +7,7 @@ + + static int collect_syscall(struct task_struct *target, struct syscall_info *info) + { ++ unsigned long args[6] = { }; + struct pt_regs *regs; + + if (!try_get_task_stack(target)) { +@@ -27,8 +28,14 @@ static int collect_syscall(struct task_struct *target, struct syscall_info *info + + info->data.nr = syscall_get_nr(target, regs); + if (info->data.nr != -1L) +- syscall_get_arguments(target, regs, +- (unsigned long *)&info->data.args[0]); ++ syscall_get_arguments(target, regs, args); ++ ++ info->data.args[0] = args[0]; ++ info->data.args[1] = args[1]; ++ info->data.args[2] = args[2]; ++ info->data.args[3] = args[3]; ++ info->data.args[4] = args[4]; ++ info->data.args[5] = args[5]; + + put_task_stack(target); + return 0; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-35508/0001-fork-fix-copy_process-CLONE_PARENT-race-with-the-exi.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-35508/0001-fork-fix-copy_process-CLONE_PARENT-race-with-the-exi.patch new file mode 100644 index 000000000..61004dbdc --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-35508/0001-fork-fix-copy_process-CLONE_PARENT-race-with-the-exi.patch @@ -0,0 +1,55 @@ +From 7589cef5e0bd71dc3830aeccbda9c0b718641a63 Mon Sep 17 00:00:00 2001 +From: Eddy Wu +Date: Sat, 7 Nov 2020 14:47:22 +0800 +Subject: [PATCH] fork: fix copy_process(CLONE_PARENT) race with the exiting + ->real_parent + +current->group_leader->exit_signal may change during copy_process() if +current->real_parent exits. + +Move the assignment inside tasklist_lock to avoid the race. + +Signed-off-by: Eddy Wu +Acked-by: Oleg Nesterov +Signed-off-by: Linus Torvalds +--- + kernel/fork.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/kernel/fork.c b/kernel/fork.c +index 9180f4416dba..fe799c9e787b 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -2080,14 +2080,9 @@ static __latent_entropy struct task_struct *copy_process( + /* ok, now we should be set up.. */ + p->pid = pid_nr(pid); + if (clone_flags & CLONE_THREAD) { +- p->exit_signal = -1; + p->group_leader = current->group_leader; + p->tgid = current->tgid; + } else { +- if (clone_flags & CLONE_PARENT) +- p->exit_signal = current->group_leader->exit_signal; +- else +- p->exit_signal = args->exit_signal; + p->group_leader = p; + p->tgid = p->pid; + } +@@ -2132,9 +2127,14 @@ static __latent_entropy struct task_struct *copy_process( + if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) { + p->real_parent = current->real_parent; + p->parent_exec_id = current->parent_exec_id; ++ if (clone_flags & CLONE_THREAD) ++ p->exit_signal = -1; ++ else ++ p->exit_signal = current->group_leader->exit_signal; + } else { + p->real_parent = current; + p->parent_exec_id = current->self_exec_id; ++ p->exit_signal = args->exit_signal; + } + + klp_copy_process(p); +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-20177/0001-netfilter-add-and-use-nf_hook_slow_list.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-20177/0001-netfilter-add-and-use-nf_hook_slow_list.patch new file mode 100644 index 000000000..8563d5cae --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-20177/0001-netfilter-add-and-use-nf_hook_slow_list.patch @@ -0,0 +1,119 @@ +From ca58fbe06c54795f00db79e447f94c2028d30124 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Fri, 11 Oct 2019 00:30:37 +0200 +Subject: [PATCH] netfilter: add and use nf_hook_slow_list() + +At this time, NF_HOOK_LIST() macro will iterate the list and then calls +nf_hook() for each individual skb. + +This makes it so the entire list is passed into the netfilter core. +The advantage is that we only need to fetch the rule blob once per list +instead of per-skb. + +NF_HOOK_LIST now only works for ipv4 and ipv6, as those are the only +callers. + +v2: use skb_list_del_init() instead of list_del (Edward Cree) + +Signed-off-by: Florian Westphal +Acked-by: Edward Cree +Signed-off-by: Pablo Neira Ayuso +--- + include/linux/netfilter.h | 41 +++++++++++++++++++++++++++++---------- + net/netfilter/core.c | 20 +++++++++++++++++++ + 2 files changed, 51 insertions(+), 10 deletions(-) + +diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h +index 77ebb61faf48..eb312e7ca36e 100644 +--- a/include/linux/netfilter.h ++++ b/include/linux/netfilter.h +@@ -199,6 +199,8 @@ extern struct static_key nf_hooks_needed[NFPROTO_NUMPROTO][NF_MAX_HOOKS]; + int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state, + const struct nf_hook_entries *e, unsigned int i); + ++void nf_hook_slow_list(struct list_head *head, struct nf_hook_state *state, ++ const struct nf_hook_entries *e); + /** + * nf_hook - call a netfilter hook + * +@@ -311,17 +313,36 @@ NF_HOOK_LIST(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, + struct list_head *head, struct net_device *in, struct net_device *out, + int (*okfn)(struct net *, struct sock *, struct sk_buff *)) + { +- struct sk_buff *skb, *next; +- struct list_head sublist; +- +- INIT_LIST_HEAD(&sublist); +- list_for_each_entry_safe(skb, next, head, list) { +- list_del(&skb->list); +- if (nf_hook(pf, hook, net, sk, skb, in, out, okfn) == 1) +- list_add_tail(&skb->list, &sublist); ++ struct nf_hook_entries *hook_head = NULL; ++ ++#ifdef CONFIG_JUMP_LABEL ++ if (__builtin_constant_p(pf) && ++ __builtin_constant_p(hook) && ++ !static_key_false(&nf_hooks_needed[pf][hook])) ++ return; ++#endif ++ ++ rcu_read_lock(); ++ switch (pf) { ++ case NFPROTO_IPV4: ++ hook_head = rcu_dereference(net->nf.hooks_ipv4[hook]); ++ break; ++ case NFPROTO_IPV6: ++ hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]); ++ break; ++ default: ++ WARN_ON_ONCE(1); ++ break; + } +- /* Put passed packets back on main list */ +- list_splice(&sublist, head); ++ ++ if (hook_head) { ++ struct nf_hook_state state; ++ ++ nf_hook_state_init(&state, hook, pf, in, out, sk, net, okfn); ++ ++ nf_hook_slow_list(head, &state, hook_head); ++ } ++ rcu_read_unlock(); + } + + /* Call setsockopt() */ +diff --git a/net/netfilter/core.c b/net/netfilter/core.c +index 5d5bdf450091..78f046ec506f 100644 +--- a/net/netfilter/core.c ++++ b/net/netfilter/core.c +@@ -536,6 +536,26 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state, + } + EXPORT_SYMBOL(nf_hook_slow); + ++void nf_hook_slow_list(struct list_head *head, struct nf_hook_state *state, ++ const struct nf_hook_entries *e) ++{ ++ struct sk_buff *skb, *next; ++ struct list_head sublist; ++ int ret; ++ ++ INIT_LIST_HEAD(&sublist); ++ ++ list_for_each_entry_safe(skb, next, head, list) { ++ skb_list_del_init(skb); ++ ret = nf_hook_slow(skb, state, e, 0); ++ if (ret == 1) ++ list_add_tail(&skb->list, &sublist); ++ } ++ /* Put passed packets back on main list */ ++ list_splice(&sublist, head); ++} ++EXPORT_SYMBOL(nf_hook_slow_list); ++ + /* This needs to be compiled in any case to avoid dependencies between the + * nfnetlink_queue code and nf_conntrack. + */ +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch new file mode 100644 index 000000000..b0232e56d --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch @@ -0,0 +1,58 @@ +From add3b2ec508d24c739ad1842dc1590fd0ca026f9 Mon Sep 17 00:00:00 2001 +From: Mark Tomlinson +Date: Mon, 8 Mar 2021 14:24:13 +1300 +Subject: [PATCH] netfilter: x_tables: Use correct memory barriers. + +When a new table value was assigned, it was followed by a write memory +barrier. This ensured that all writes before this point would complete +before any writes after this point. However, to determine whether the +rules are unused, the sequence counter is read. To ensure that all +writes have been done before these reads, a full memory barrier is +needed, not just a write memory barrier. The same argument applies when +incrementing the counter, before the rules are read. + +Changing to using smp_mb() instead of smp_wmb() fixes the kernel panic +reported in cc00bcaa5899 (which is still present), while still +maintaining the same speed of replacing tables. + +The smb_mb() barriers potentially slow the packet path, however testing +has shown no measurable change in performance on a 4-core MIPS64 +platform. + +Fixes: 7f5c6d4f665b ("netfilter: get rid of atomic ops in fast path") +Signed-off-by: Mark Tomlinson +Signed-off-by: Pablo Neira Ayuso +--- + include/linux/netfilter/x_tables.h | 2 +- + net/netfilter/x_tables.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h +index 1b261c51b3a3..04e7f5630509 100644 +--- a/include/linux/netfilter/x_tables.h ++++ b/include/linux/netfilter/x_tables.h +@@ -376,7 +376,7 @@ static inline unsigned int xt_write_recseq_begin(void) + * since addend is most likely 1 + */ + __this_cpu_add(xt_recseq.sequence, addend); +- smp_wmb(); ++ smp_mb(); + + return addend; + } +diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c +index 44f971f31992..e1a5a32605a4 100644 +--- a/net/netfilter/x_tables.c ++++ b/net/netfilter/x_tables.c +@@ -1387,7 +1387,7 @@ xt_replace_table(struct xt_table *table, + table->private = newinfo; + + /* make sure all cpus see new ->private value */ +- smp_wmb(); ++ smp_mb(); + + /* + * Even though table entries have now been swapped, other CPU's +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-30002/0001-media-v4l-ioctl-Fix-memory-leak-in-video_usercopy.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-30002/0001-media-v4l-ioctl-Fix-memory-leak-in-video_usercopy.patch new file mode 100644 index 000000000..2b3916723 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-30002/0001-media-v4l-ioctl-Fix-memory-leak-in-video_usercopy.patch @@ -0,0 +1,78 @@ +From 12c97777a902f6a04f3c268038ed831d405ebf1a Mon Sep 17 00:00:00 2001 +From: Sakari Ailus +Date: Sat, 19 Dec 2020 23:29:58 +0100 +Subject: [PATCH] media: v4l: ioctl: Fix memory leak in video_usercopy + +When an IOCTL with argument size larger than 128 that also used array +arguments were handled, two memory allocations were made but alas, only +the latter one of them was released. This happened because there was only +a single local variable to hold such a temporary allocation. + +Fix this by adding separate variables to hold the pointers to the +temporary allocations. + +Reported-by: Arnd Bergmann +Reported-by: syzbot+1115e79c8df6472c612b@syzkaller.appspotmail.com +Fixes: d14e6d76ebf7 ("[media] v4l: Add multi-planar ioctl handling code") +Cc: stable@vger.kernel.org +Signed-off-by: Sakari Ailus +Acked-by: Arnd Bergmann +Acked-by: Hans Verkuil +Reviewed-by: Laurent Pinchart +Signed-off-by: Mauro Carvalho Chehab +--- + drivers/media/v4l2-core/v4l2-ioctl.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c +index 58868d7129eb..d72a274ade8d 100644 +--- a/drivers/media/v4l2-core/v4l2-ioctl.c ++++ b/drivers/media/v4l2-core/v4l2-ioctl.c +@@ -3016,7 +3016,7 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg, + v4l2_kioctl func) + { + char sbuf[128]; +- void *mbuf = NULL; ++ void *mbuf = NULL, *array_buf = NULL; + void *parg = (void *)arg; + long err = -EINVAL; + bool has_array_args; +@@ -3081,14 +3081,14 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg, + * array) fits into sbuf (so that mbuf will still remain + * unused up to here). + */ +- mbuf = kvmalloc(array_size, GFP_KERNEL); ++ array_buf = kvmalloc(array_size, GFP_KERNEL); + err = -ENOMEM; +- if (NULL == mbuf) ++ if (array_buf == NULL) + goto out_array_args; + err = -EFAULT; +- if (copy_from_user(mbuf, user_ptr, array_size)) ++ if (copy_from_user(array_buf, user_ptr, array_size)) + goto out_array_args; +- *kernel_ptr = mbuf; ++ *kernel_ptr = array_buf; + } + + /* Handles IOCTL */ +@@ -3107,7 +3107,7 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg, + + if (has_array_args) { + *kernel_ptr = (void __force *)user_ptr; +- if (copy_to_user(user_ptr, mbuf, array_size)) ++ if (copy_to_user(user_ptr, array_buf, array_size)) + err = -EFAULT; + goto out_array_args; + } +@@ -3129,6 +3129,7 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg, + } + + out: ++ kvfree(array_buf); + kvfree(mbuf); + return err; + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-31916/0001-dm-ioctl-fix-out-of-bounds-array-access-when-no-devi.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-31916/0001-dm-ioctl-fix-out-of-bounds-array-access-when-no-devi.patch new file mode 100644 index 000000000..95def3832 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-31916/0001-dm-ioctl-fix-out-of-bounds-array-access-when-no-devi.patch @@ -0,0 +1,40 @@ +From 921aae17bb0f02181fa05cf5580ebc855fdbd74d Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Fri, 26 Mar 2021 14:32:32 -0400 +Subject: [PATCH] dm ioctl: fix out of bounds array access when no devices + +commit 4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a upstream. + +If there are not any dm devices, we need to zero the "dev" argument in +the first structure dm_name_list. However, this can cause out of +bounds write, because the "needed" variable is zero and len may be +less than eight. + +Fix this bug by reporting DM_BUFFER_FULL_FLAG if the result buffer is +too small to hold the "nl->dev" value. + +Signed-off-by: Mikulas Patocka +Reported-by: Dan Carpenter +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-ioctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c +index 5e306bba4375..1ca65b434f1f 100644 +--- a/drivers/md/dm-ioctl.c ++++ b/drivers/md/dm-ioctl.c +@@ -529,7 +529,7 @@ static int list_devices(struct file *filp, struct dm_ioctl *param, size_t param_ + * Grab our output buffer. + */ + nl = orig_nl = get_result_buffer(param, param_size, &len); +- if (len < needed) { ++ if (len < needed || len < sizeof(nl->dev)) { + param->flags |= DM_BUFFER_FULL_FLAG; + goto out; + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0001-futex-Fix-incorrect-should_fail_futex-handling.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0001-futex-Fix-incorrect-should_fail_futex-handling.patch new file mode 100644 index 000000000..15420d4a4 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0001-futex-Fix-incorrect-should_fail_futex-handling.patch @@ -0,0 +1,47 @@ +From 2db7590371520735366639647352b44c0eeda11f Mon Sep 17 00:00:00 2001 +From: Mateusz Nosek +Date: Sun, 27 Sep 2020 02:08:58 +0200 +Subject: [PATCH] futex: Fix incorrect should_fail_futex() handling + +[ Upstream commit 921c7ebd1337d1a46783d7e15a850e12aed2eaa0 ] + +If should_futex_fail() returns true in futex_wake_pi(), then the 'ret' +variable is set to -EFAULT and then immediately overwritten. So the failure +injection is non-functional. + +Fix it by actually leaving the function and returning -EFAULT. + +The Fixes tag is kinda blury because the initial commit which introduced +failure injection was already sloppy, but the below mentioned commit broke +it completely. + +[ tglx: Massaged changelog ] + +Fixes: 6b4f4bc9cb22 ("locking/futex: Allow low-level atomic operations to return -EAGAIN") +Signed-off-by: Mateusz Nosek +Signed-off-by: Thomas Gleixner +Link: https://lore.kernel.org/r/20200927000858.24219-1-mateusznosek0@gmail.com +Signed-off-by: Sasha Levin +--- + kernel/futex.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index 5660c02b01b0..17fba7a986e0 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -1594,8 +1594,10 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_pi_state *pi_ + */ + newval = FUTEX_WAITERS | task_pid_vnr(new_owner); + +- if (unlikely(should_fail_futex(true))) ++ if (unlikely(should_fail_futex(true))) { + ret = -EFAULT; ++ goto out_unlock; ++ } + + ret = cmpxchg_futex_value_locked(&curval, uaddr, uval, newval); + if (!ret && (curval != uval)) { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0002-futex-Handle-transient-ownerless-rtmutex-state-corre.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0002-futex-Handle-transient-ownerless-rtmutex-state-corre.patch new file mode 100644 index 000000000..c8c3b08eb --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0002-futex-Handle-transient-ownerless-rtmutex-state-corre.patch @@ -0,0 +1,82 @@ +From 2716e78a6486814537df95a82efec4e9e4e081d9 Mon Sep 17 00:00:00 2001 +From: Mike Galbraith +Date: Wed, 4 Nov 2020 16:12:44 +0100 +Subject: [PATCH] futex: Handle transient "ownerless" rtmutex state correctly + +commit 9f5d1c336a10c0d24e83e40b4c1b9539f7dba627 upstream. + +Gratian managed to trigger the BUG_ON(!newowner) in fixup_pi_state_owner(). +This is one possible chain of events leading to this: + +Task Prio Operation +T1 120 lock(F) +T2 120 lock(F) -> blocks (top waiter) +T3 50 (RT) lock(F) -> boosts T1 and blocks (new top waiter) +XX timeout/ -> wakes T2 + signal +T1 50 unlock(F) -> wakes T3 (rtmutex->owner == NULL, waiter bit is set) +T2 120 cleanup -> try_to_take_mutex() fails because T3 is the top waiter + and the lower priority T2 cannot steal the lock. + -> fixup_pi_state_owner() sees newowner == NULL -> BUG_ON() + +The comment states that this is invalid and rt_mutex_real_owner() must +return a non NULL owner when the trylock failed, but in case of a queued +and woken up waiter rt_mutex_real_owner() == NULL is a valid transient +state. The higher priority waiter has simply not yet managed to take over +the rtmutex. + +The BUG_ON() is therefore wrong and this is just another retry condition in +fixup_pi_state_owner(). + +Drop the locks, so that T3 can make progress, and then try the fixup again. + +Gratian provided a great analysis, traces and a reproducer. The analysis is +to the point, but it confused the hell out of that tglx dude who had to +page in all the futex horrors again. Condensed version is above. + +[ tglx: Wrote comment and changelog ] + +Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex") +Reported-by: Gratian Crisan +Signed-off-by: Mike Galbraith +Signed-off-by: Thomas Gleixner +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/87a6w6x7bb.fsf@ni.com +Link: https://lore.kernel.org/r/87sg9pkvf7.fsf@nanos.tec.linutronix.de +Signed-off-by: Greg Kroah-Hartman +--- + kernel/futex.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index 17fba7a986e0..9c4f9b868a49 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -2511,10 +2511,22 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + } + + /* +- * Since we just failed the trylock; there must be an owner. ++ * The trylock just failed, so either there is an owner or ++ * there is a higher priority waiter than this one. + */ + newowner = rt_mutex_owner(&pi_state->pi_mutex); +- BUG_ON(!newowner); ++ /* ++ * If the higher priority waiter has not yet taken over the ++ * rtmutex then newowner is NULL. We can't return here with ++ * that state because it's inconsistent vs. the user space ++ * state. So drop the locks and try again. It's a valid ++ * situation and not any different from the other retry ++ * conditions. ++ */ ++ if (unlikely(!newowner)) { ++ err = -EAGAIN; ++ goto handle_err; ++ } + } else { + WARN_ON_ONCE(argowner != current); + if (oldowner == current) { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch new file mode 100644 index 000000000..d58a046fc --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch @@ -0,0 +1,51 @@ +From 2192d905df0d540f6f3240046bcb06c53bcf5016 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 6 Nov 2020 11:52:05 +0300 +Subject: [PATCH] futex: Don't enable IRQs unconditionally in put_pi_state() + +commit 1e106aa3509b86738769775969822ffc1ec21bf4 upstream. + +The exit_pi_state_list() function calls put_pi_state() with IRQs disabled +and is not expecting that IRQs will be enabled inside the function. + +Use the _irqsave() variant so that IRQs are restored to the original state +instead of being enabled unconditionally. + +Fixes: 153fbd1226fb ("futex: Fix more put_pi_state() vs. exit_pi_state_list() races") +Signed-off-by: Dan Carpenter +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20201106085205.GA1159983@mwanda +Signed-off-by: Greg Kroah-Hartman +--- + kernel/futex.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index 9c4f9b868a49..b6dec5f79370 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -880,8 +880,9 @@ static void put_pi_state(struct futex_pi_state *pi_state) + */ + if (pi_state->owner) { + struct task_struct *owner; ++ unsigned long flags; + +- raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); ++ raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags); + owner = pi_state->owner; + if (owner) { + raw_spin_lock(&owner->pi_lock); +@@ -889,7 +890,7 @@ static void put_pi_state(struct futex_pi_state *pi_state) + raw_spin_unlock(&owner->pi_lock); + } + rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner); +- raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); ++ raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags); + } + + if (current->pi_state_cache) { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0004-futex-Ensure-the-correct-return-value-from-futex_loc.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0004-futex-Ensure-the-correct-return-value-from-futex_loc.patch new file mode 100644 index 000000000..24f1986a8 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0004-futex-Ensure-the-correct-return-value-from-futex_loc.patch @@ -0,0 +1,138 @@ +From 0dae88a92596db9405fd4a341c1915cf7d8fbad4 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 20 Jan 2021 16:00:24 +0100 +Subject: [PATCH] futex: Ensure the correct return value from futex_lock_pi() + +commit 12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9 upstream + +In case that futex_lock_pi() was aborted by a signal or a timeout and the +task returned without acquiring the rtmutex, but is the designated owner of +the futex due to a concurrent futex_unlock_pi() fixup_owner() is invoked to +establish consistent state. In that case it invokes fixup_pi_state_owner() +which in turn tries to acquire the rtmutex again. If that succeeds then it +does not propagate this success to fixup_owner() and futex_lock_pi() +returns -EINTR or -ETIMEOUT despite having the futex locked. + +Return success from fixup_pi_state_owner() in all cases where the current +task owns the rtmutex and therefore the futex and propagate it correctly +through fixup_owner(). Fixup the other callsite which does not expect a +positive return value. + +Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex") +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/futex.c | 32 ++++++++++++++++---------------- + 1 file changed, 16 insertions(+), 16 deletions(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index b6dec5f79370..d2cc406c6658 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -2506,8 +2506,8 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + } + + if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) { +- /* We got the lock after all, nothing to fix. */ +- ret = 0; ++ /* We got the lock. pi_state is correct. Tell caller. */ ++ ret = 1; + goto out_unlock; + } + +@@ -2535,7 +2535,7 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + * We raced against a concurrent self; things are + * already fixed up. Nothing to do. + */ +- ret = 0; ++ ret = 1; + goto out_unlock; + } + newowner = argowner; +@@ -2581,7 +2581,7 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + raw_spin_unlock(&newowner->pi_lock); + raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); + +- return 0; ++ return argowner == current; + + /* + * In order to reschedule or handle a page fault, we need to drop the +@@ -2623,7 +2623,7 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + * Check if someone else fixed it for us: + */ + if (pi_state->owner != oldowner) { +- ret = 0; ++ ret = argowner == current; + goto out_unlock; + } + +@@ -2656,8 +2656,6 @@ static long futex_wait_restart(struct restart_block *restart); + */ + static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) + { +- int ret = 0; +- + if (locked) { + /* + * Got the lock. We might not be the anticipated owner if we +@@ -2668,8 +2666,8 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) + * stable state, anything else needs more attention. + */ + if (q->pi_state->owner != current) +- ret = fixup_pi_state_owner(uaddr, q, current); +- goto out; ++ return fixup_pi_state_owner(uaddr, q, current); ++ return 1; + } + + /* +@@ -2680,10 +2678,8 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) + * Another speculative read; pi_state->owner == current is unstable + * but needs our attention. + */ +- if (q->pi_state->owner == current) { +- ret = fixup_pi_state_owner(uaddr, q, NULL); +- goto out; +- } ++ if (q->pi_state->owner == current) ++ return fixup_pi_state_owner(uaddr, q, NULL); + + /* + * Paranoia check. If we did not take the lock, then we should not be +@@ -2696,8 +2692,7 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) + q->pi_state->owner); + } + +-out: +- return ret ? ret : locked; ++ return 0; + } + + /** +@@ -3406,7 +3401,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, + if (q.pi_state && (q.pi_state->owner != current)) { + spin_lock(q.lock_ptr); + ret = fixup_pi_state_owner(uaddr2, &q, current); +- if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current) { ++ if (ret < 0 && rt_mutex_owner(&q.pi_state->pi_mutex) == current) { + pi_state = q.pi_state; + get_pi_state(pi_state); + } +@@ -3416,6 +3411,11 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, + */ + put_pi_state(q.pi_state); + spin_unlock(q.lock_ptr); ++ /* ++ * Adjust the return value. It's either -EFAULT or ++ * success (1) but the caller expects 0 for success. ++ */ ++ ret = ret < 0 ? ret : 0; + } + } else { + struct rt_mutex *pi_mutex; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0005-futex-Replace-pointless-printk-in-fixup_owner.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0005-futex-Replace-pointless-printk-in-fixup_owner.patch new file mode 100644 index 000000000..d8711e8b9 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0005-futex-Replace-pointless-printk-in-fixup_owner.patch @@ -0,0 +1,44 @@ +From 65aad57cac8db8dd0d1dcdd86bc8603039d937b7 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Tue, 19 Jan 2021 16:06:10 +0100 +Subject: [PATCH] futex: Replace pointless printk in fixup_owner() + +commit 04b79c55201f02ffd675e1231d731365e335c307 upstream + +If that unexpected case of inconsistent arguments ever happens then the +futex state is left completely inconsistent and the printk is not really +helpful. Replace it with a warning and make the state consistent. + +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/futex.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index d2cc406c6658..8bfb16258ae7 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -2683,14 +2683,10 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) + + /* + * Paranoia check. If we did not take the lock, then we should not be +- * the owner of the rt_mutex. ++ * the owner of the rt_mutex. Warn and establish consistent state. + */ +- if (rt_mutex_owner(&q->pi_state->pi_mutex) == current) { +- printk(KERN_ERR "fixup_owner: ret = %d pi-mutex: %p " +- "pi-state %p\n", ret, +- q->pi_state->pi_mutex.owner, +- q->pi_state->owner); +- } ++ if (WARN_ON_ONCE(rt_mutex_owner(&q->pi_state->pi_mutex) == current)) ++ return fixup_pi_state_owner(uaddr, q, current); + + return 0; + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0006-futex-Provide-and-use-pi_state_update_owner.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0006-futex-Provide-and-use-pi_state_update_owner.patch new file mode 100644 index 000000000..ae0f63a18 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0006-futex-Provide-and-use-pi_state_update_owner.patch @@ -0,0 +1,117 @@ +From 015b6a4c2564a9385401a6105e80a20c333e1d44 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Tue, 19 Jan 2021 15:21:35 +0100 +Subject: [PATCH] futex: Provide and use pi_state_update_owner() + +commit c5cade200ab9a2a3be9e7f32a752c8d86b502ec7 upstream + +Updating pi_state::owner is done at several places with the same +code. Provide a function for it and use that at the obvious places. + +This is also a preparation for a bug fix to avoid yet another copy of the +same code or alternatively introducing a completely unpenetratable mess of +gotos. + +Originally-by: Peter Zijlstra +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/futex.c | 66 +++++++++++++++++++++++++------------------------- + 1 file changed, 33 insertions(+), 33 deletions(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index 8bfb16258ae7..69f62d0f5851 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -857,6 +857,29 @@ static struct futex_pi_state *alloc_pi_state(void) + return pi_state; + } + ++static void pi_state_update_owner(struct futex_pi_state *pi_state, ++ struct task_struct *new_owner) ++{ ++ struct task_struct *old_owner = pi_state->owner; ++ ++ lockdep_assert_held(&pi_state->pi_mutex.wait_lock); ++ ++ if (old_owner) { ++ raw_spin_lock(&old_owner->pi_lock); ++ WARN_ON(list_empty(&pi_state->list)); ++ list_del_init(&pi_state->list); ++ raw_spin_unlock(&old_owner->pi_lock); ++ } ++ ++ if (new_owner) { ++ raw_spin_lock(&new_owner->pi_lock); ++ WARN_ON(!list_empty(&pi_state->list)); ++ list_add(&pi_state->list, &new_owner->pi_state_list); ++ pi_state->owner = new_owner; ++ raw_spin_unlock(&new_owner->pi_lock); ++ } ++} ++ + static void get_pi_state(struct futex_pi_state *pi_state) + { + WARN_ON_ONCE(!refcount_inc_not_zero(&pi_state->refcount)); +@@ -1614,26 +1637,15 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_pi_state *pi_ + ret = -EINVAL; + } + +- if (ret) +- goto out_unlock; +- +- /* +- * This is a point of no return; once we modify the uval there is no +- * going back and subsequent operations must not fail. +- */ +- +- raw_spin_lock(&pi_state->owner->pi_lock); +- WARN_ON(list_empty(&pi_state->list)); +- list_del_init(&pi_state->list); +- raw_spin_unlock(&pi_state->owner->pi_lock); +- +- raw_spin_lock(&new_owner->pi_lock); +- WARN_ON(!list_empty(&pi_state->list)); +- list_add(&pi_state->list, &new_owner->pi_state_list); +- pi_state->owner = new_owner; +- raw_spin_unlock(&new_owner->pi_lock); +- +- postunlock = __rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q); ++ if (!ret) { ++ /* ++ * This is a point of no return; once we modified the uval ++ * there is no going back and subsequent operations must ++ * not fail. ++ */ ++ pi_state_update_owner(pi_state, new_owner); ++ postunlock = __rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q); ++ } + + out_unlock: + raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); +@@ -2566,19 +2578,7 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + * We fixed up user space. Now we need to fix the pi_state + * itself. + */ +- if (pi_state->owner != NULL) { +- raw_spin_lock(&pi_state->owner->pi_lock); +- WARN_ON(list_empty(&pi_state->list)); +- list_del_init(&pi_state->list); +- raw_spin_unlock(&pi_state->owner->pi_lock); +- } +- +- pi_state->owner = newowner; +- +- raw_spin_lock(&newowner->pi_lock); +- WARN_ON(!list_empty(&pi_state->list)); +- list_add(&pi_state->list, &newowner->pi_state_list); +- raw_spin_unlock(&newowner->pi_lock); ++ pi_state_update_owner(pi_state, newowner); + raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); + + return argowner == current; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0007-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0007-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch new file mode 100644 index 000000000..9196c9ed2 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0007-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch @@ -0,0 +1,64 @@ +From ceb83cf9ed6764977c86a03fe187578def3b4e18 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 20 Jan 2021 11:32:07 +0100 +Subject: [PATCH] rtmutex: Remove unused argument from rt_mutex_proxy_unlock() + +commit 2156ac1934166d6deb6cd0f6ffc4c1076ec63697 upstream + +Nothing uses the argument. Remove it as preparation to use +pi_state_update_owner(). + +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/futex.c | 2 +- + kernel/locking/rtmutex.c | 3 +-- + kernel/locking/rtmutex_common.h | 3 +-- + 3 files changed, 3 insertions(+), 5 deletions(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index 69f62d0f5851..8175bdce7267 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -912,7 +912,7 @@ static void put_pi_state(struct futex_pi_state *pi_state) + list_del_init(&pi_state->list); + raw_spin_unlock(&owner->pi_lock); + } +- rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner); ++ rt_mutex_proxy_unlock(&pi_state->pi_mutex); + raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags); + } + +diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c +index 2874bf556162..734698aec5f9 100644 +--- a/kernel/locking/rtmutex.c ++++ b/kernel/locking/rtmutex.c +@@ -1718,8 +1718,7 @@ void rt_mutex_init_proxy_locked(struct rt_mutex *lock, + * possible because it belongs to the pi_state which is about to be freed + * and it is not longer visible to other tasks. + */ +-void rt_mutex_proxy_unlock(struct rt_mutex *lock, +- struct task_struct *proxy_owner) ++void rt_mutex_proxy_unlock(struct rt_mutex *lock) + { + debug_rt_mutex_proxy_unlock(lock); + rt_mutex_set_owner(lock, NULL); +diff --git a/kernel/locking/rtmutex_common.h b/kernel/locking/rtmutex_common.h +index d1d62f942be2..ca6fb489007b 100644 +--- a/kernel/locking/rtmutex_common.h ++++ b/kernel/locking/rtmutex_common.h +@@ -133,8 +133,7 @@ enum rtmutex_chainwalk { + extern struct task_struct *rt_mutex_next_owner(struct rt_mutex *lock); + extern void rt_mutex_init_proxy_locked(struct rt_mutex *lock, + struct task_struct *proxy_owner); +-extern void rt_mutex_proxy_unlock(struct rt_mutex *lock, +- struct task_struct *proxy_owner); ++extern void rt_mutex_proxy_unlock(struct rt_mutex *lock); + extern void rt_mutex_init_waiter(struct rt_mutex_waiter *waiter); + extern int __rt_mutex_start_proxy_lock(struct rt_mutex *lock, + struct rt_mutex_waiter *waiter, +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0008-futex-Use-pi_state_update_owner-in-put_pi_state.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0008-futex-Use-pi_state_update_owner-in-put_pi_state.patch new file mode 100644 index 000000000..cfff74b57 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0008-futex-Use-pi_state_update_owner-in-put_pi_state.patch @@ -0,0 +1,42 @@ +From a3155c362ca0a4677d0c886798bbeb5f0a9efe86 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 20 Jan 2021 11:35:19 +0100 +Subject: [PATCH] futex: Use pi_state_update_owner() in put_pi_state() + +commit 6ccc84f917d33312eb2846bd7b567639f585ad6d upstream + +No point in open coding it. This way it gains the extra sanity checks. + +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/futex.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index 8175bdce7267..758deac71345 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -902,16 +902,10 @@ static void put_pi_state(struct futex_pi_state *pi_state) + * and has cleaned up the pi_state already + */ + if (pi_state->owner) { +- struct task_struct *owner; + unsigned long flags; + + raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags); +- owner = pi_state->owner; +- if (owner) { +- raw_spin_lock(&owner->pi_lock); +- list_del_init(&pi_state->list); +- raw_spin_unlock(&owner->pi_lock); +- } ++ pi_state_update_owner(pi_state, NULL); + rt_mutex_proxy_unlock(&pi_state->pi_mutex); + raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags); + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0009-futex-Simplify-fixup_pi_state_owner.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0009-futex-Simplify-fixup_pi_state_owner.patch new file mode 100644 index 000000000..d6b60749d --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0009-futex-Simplify-fixup_pi_state_owner.patch @@ -0,0 +1,138 @@ +From 55ea172ce3ebe276e734352eb1b236b3065496c3 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Tue, 19 Jan 2021 16:26:38 +0100 +Subject: [PATCH] futex: Simplify fixup_pi_state_owner() + +commit f2dac39d93987f7de1e20b3988c8685523247ae2 upstream + +Too many gotos already and an upcoming fix would make it even more +unreadable. + +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/futex.c | 53 +++++++++++++++++++++++++------------------------- + 1 file changed, 26 insertions(+), 27 deletions(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index 758deac71345..48c37ff4388d 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -2462,18 +2462,13 @@ static void unqueue_me_pi(struct futex_q *q) + spin_unlock(q->lock_ptr); + } + +-static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, +- struct task_struct *argowner) ++static int __fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, ++ struct task_struct *argowner) + { ++ u32 uval, uninitialized_var(curval), newval, newtid; + struct futex_pi_state *pi_state = q->pi_state; +- u32 uval, uninitialized_var(curval), newval; + struct task_struct *oldowner, *newowner; +- u32 newtid; +- int ret, err = 0; +- +- lockdep_assert_held(q->lock_ptr); +- +- raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); ++ int err = 0; + + oldowner = pi_state->owner; + +@@ -2507,14 +2502,12 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + * We raced against a concurrent self; things are + * already fixed up. Nothing to do. + */ +- ret = 0; +- goto out_unlock; ++ return 0; + } + + if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) { + /* We got the lock. pi_state is correct. Tell caller. */ +- ret = 1; +- goto out_unlock; ++ return 1; + } + + /* +@@ -2541,8 +2534,7 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + * We raced against a concurrent self; things are + * already fixed up. Nothing to do. + */ +- ret = 1; +- goto out_unlock; ++ return 1; + } + newowner = argowner; + } +@@ -2573,7 +2565,6 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + * itself. + */ + pi_state_update_owner(pi_state, newowner); +- raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); + + return argowner == current; + +@@ -2596,17 +2587,16 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + + switch (err) { + case -EFAULT: +- ret = fault_in_user_writeable(uaddr); ++ err = fault_in_user_writeable(uaddr); + break; + + case -EAGAIN: + cond_resched(); +- ret = 0; ++ err = 0; + break; + + default: + WARN_ON_ONCE(1); +- ret = err; + break; + } + +@@ -2616,17 +2606,26 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + /* + * Check if someone else fixed it for us: + */ +- if (pi_state->owner != oldowner) { +- ret = argowner == current; +- goto out_unlock; +- } ++ if (pi_state->owner != oldowner) ++ return argowner == current; + +- if (ret) +- goto out_unlock; ++ /* Retry if err was -EAGAIN or the fault in succeeded */ ++ if (!err) ++ goto retry; + +- goto retry; ++ return err; ++} + +-out_unlock: ++static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, ++ struct task_struct *argowner) ++{ ++ struct futex_pi_state *pi_state = q->pi_state; ++ int ret; ++ ++ lockdep_assert_held(q->lock_ptr); ++ ++ raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); ++ ret = __fixup_pi_state_owner(uaddr, q, argowner); + raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); + return ret; + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0010-futex-Handle-faults-correctly-for-PI-futexes.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0010-futex-Handle-faults-correctly-for-PI-futexes.patch new file mode 100644 index 000000000..321ba84d8 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0010-futex-Handle-faults-correctly-for-PI-futexes.patch @@ -0,0 +1,164 @@ +From ecd62d2e9ab405d9575c3aa8eb44e44e523a0d19 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Mon, 18 Jan 2021 19:01:21 +0100 +Subject: [PATCH] futex: Handle faults correctly for PI futexes + +commit 34b1a1ce1458f50ef27c54e28eb9b1947012907a upstream + +fixup_pi_state_owner() tries to ensure that the state of the rtmutex, +pi_state and the user space value related to the PI futex are consistent +before returning to user space. In case that the user space value update +faults and the fault cannot be resolved by faulting the page in via +fault_in_user_writeable() the function returns with -EFAULT and leaves +the rtmutex and pi_state owner state inconsistent. + +A subsequent futex_unlock_pi() operates on the inconsistent pi_state and +releases the rtmutex despite not owning it which can corrupt the RB tree of +the rtmutex and cause a subsequent kernel stack use after free. + +It was suggested to loop forever in fixup_pi_state_owner() if the fault +cannot be resolved, but that results in runaway tasks which is especially +undesired when the problem happens due to a programming error and not due +to malice. + +As the user space value cannot be fixed up, the proper solution is to make +the rtmutex and the pi_state consistent so both have the same owner. This +leaves the user space value out of sync. Any subsequent operation on the +futex will fail because the 10th rule of PI futexes (pi_state owner and +user space value are consistent) has been violated. + +As a consequence this removes the inept attempts of 'fixing' the situation +in case that the current task owns the rtmutex when returning with an +unresolvable fault by unlocking the rtmutex which left pi_state::owner and +rtmutex::owner out of sync in a different and only slightly less dangerous +way. + +Fixes: 1b7558e457ed ("futexes: fix fault handling in futex_lock_pi") +Reported-by: gzobqq@gmail.com +Signed-off-by: Thomas Gleixner +Acked-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/futex.c | 56 ++++++++++++++++++-------------------------------- + 1 file changed, 20 insertions(+), 36 deletions(-) + +diff --git a/kernel/futex.c b/kernel/futex.c +index 48c37ff4388d..042c2707e913 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -1052,7 +1052,8 @@ static inline void exit_pi_state_list(struct task_struct *curr) { } + * FUTEX_OWNER_DIED bit. See [4] + * + * [10] There is no transient state which leaves owner and user space +- * TID out of sync. ++ * TID out of sync. Except one error case where the kernel is denied ++ * write access to the user address, see fixup_pi_state_owner(). + * + * + * Serialization and lifetime rules: +@@ -2613,6 +2614,24 @@ static int __fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, + if (!err) + goto retry; + ++ /* ++ * fault_in_user_writeable() failed so user state is immutable. At ++ * best we can make the kernel state consistent but user state will ++ * be most likely hosed and any subsequent unlock operation will be ++ * rejected due to PI futex rule [10]. ++ * ++ * Ensure that the rtmutex owner is also the pi_state owner despite ++ * the user space value claiming something different. There is no ++ * point in unlocking the rtmutex if current is the owner as it ++ * would need to wait until the next waiter has taken the rtmutex ++ * to guarantee consistent state. Keep it simple. Userspace asked ++ * for this wreckaged state. ++ * ++ * The rtmutex has an owner - either current or some other ++ * task. See the EAGAIN loop above. ++ */ ++ pi_state_update_owner(pi_state, rt_mutex_owner(&pi_state->pi_mutex)); ++ + return err; + } + +@@ -2893,7 +2912,6 @@ static int futex_lock_pi(u32 __user *uaddr, unsigned int flags, + ktime_t *time, int trylock) + { + struct hrtimer_sleeper timeout, *to; +- struct futex_pi_state *pi_state = NULL; + struct task_struct *exiting = NULL; + struct rt_mutex_waiter rt_waiter; + struct futex_hash_bucket *hb; +@@ -3030,23 +3048,9 @@ static int futex_lock_pi(u32 __user *uaddr, unsigned int flags, + if (res) + ret = (res < 0) ? res : 0; + +- /* +- * If fixup_owner() faulted and was unable to handle the fault, unlock +- * it and return the fault to userspace. +- */ +- if (ret && (rt_mutex_owner(&q.pi_state->pi_mutex) == current)) { +- pi_state = q.pi_state; +- get_pi_state(pi_state); +- } +- + /* Unqueue and drop the lock */ + unqueue_me_pi(&q); + +- if (pi_state) { +- rt_mutex_futex_unlock(&pi_state->pi_mutex); +- put_pi_state(pi_state); +- } +- + goto out_put_key; + + out_unlock_put_key: +@@ -3312,7 +3316,6 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, + u32 __user *uaddr2) + { + struct hrtimer_sleeper timeout, *to; +- struct futex_pi_state *pi_state = NULL; + struct rt_mutex_waiter rt_waiter; + struct futex_hash_bucket *hb; + union futex_key key2 = FUTEX_KEY_INIT; +@@ -3390,10 +3393,6 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, + if (q.pi_state && (q.pi_state->owner != current)) { + spin_lock(q.lock_ptr); + ret = fixup_pi_state_owner(uaddr2, &q, current); +- if (ret < 0 && rt_mutex_owner(&q.pi_state->pi_mutex) == current) { +- pi_state = q.pi_state; +- get_pi_state(pi_state); +- } + /* + * Drop the reference to the pi state which + * the requeue_pi() code acquired for us. +@@ -3435,25 +3434,10 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, + if (res) + ret = (res < 0) ? res : 0; + +- /* +- * If fixup_pi_state_owner() faulted and was unable to handle +- * the fault, unlock the rt_mutex and return the fault to +- * userspace. +- */ +- if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current) { +- pi_state = q.pi_state; +- get_pi_state(pi_state); +- } +- + /* Unqueue and drop the lock. */ + unqueue_me_pi(&q); + } + +- if (pi_state) { +- rt_mutex_futex_unlock(&pi_state->pi_mutex); +- put_pi_state(pi_state); +- } +- + if (ret == -EINTR) { + /* + * We've already been requeued, but cannot restart by calling +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend index 0186ee5f4..467578d85 100644 --- a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend @@ -207,5 +207,62 @@ SRC_URI += " \ file://0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch \ " +# CVE-2021-3347 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-3347:" +SRC_URI += " \ + file://0001-futex-Fix-incorrect-should_fail_futex-handling.patch \ + file://0002-futex-Handle-transient-ownerless-rtmutex-state-corre.patch \ + file://0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch \ + file://0004-futex-Ensure-the-correct-return-value-from-futex_loc.patch \ + file://0005-futex-Replace-pointless-printk-in-fixup_owner.patch \ + file://0006-futex-Provide-and-use-pi_state_update_owner.patch \ + file://0007-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch \ + file://0008-futex-Use-pi_state_update_owner-in-put_pi_state.patch \ + file://0009-futex-Simplify-fixup_pi_state_owner.patch \ + file://0010-futex-Handle-faults-correctly-for-PI-futexes.patch \ + " + +# CVE-2020-35508 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-35508:" +SRC_URI += " \ + file://0001-fork-fix-copy_process-CLONE_PARENT-race-with-the-exi.patch \ + " + +# CVE-2021-29650 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-29650:" +SRC_URI += " \ + file://0001-netfilter-x_tables-Use-correct-memory-barriers.patch \ + " + +# CVE-2021-30002 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-30002:" +SRC_URI += " \ + file://0001-media-v4l-ioctl-Fix-memory-leak-in-video_usercopy.patch \ + " + +# CVE-2020-28588 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-28588:" +SRC_URI += " \ + file://0001-lib-syscall-fix-syscall-registers-retrieval-on-32-bi.patch \ + " + +# CVE-2020-27815 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-27815:" +SRC_URI += " \ + file://0001-jfs-Fix-array-index-bounds-check-in-dbAdjTree.patch \ + " + +# CVE-2021-20177 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-20177:" +SRC_URI += " \ + file://0001-netfilter-add-and-use-nf_hook_slow_list.patch \ + " + +# CVE-2021-31916 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-31916:" +SRC_URI += " \ + file://0001-dm-ioctl-fix-out-of-bounds-array-access-when-no-devi.patch \ + " + SRC_URI += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', 'file://0005-128MB-flashmap-for-PFR.patch', '', d)}" SRC_URI += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', 'file://debug.cfg', '', d)}" diff --git a/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0003-Adding-channel-specific-privilege-to-network.patch b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0003-Adding-channel-specific-privilege-to-network.patch index f361c3d07..3c168141d 100644 --- a/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0003-Adding-channel-specific-privilege-to-network.patch +++ b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0003-Adding-channel-specific-privilege-to-network.patch @@ -1,4 +1,4 @@ -From 5dfcd6c81a9f26c6c9c867a7a49f5259c3512be2 Mon Sep 17 00:00:00 2001 +From 7ff692291e9548bfc3e91f3ac32ab973a42b0b79 Mon Sep 17 00:00:00 2001 From: AppaRao Puli Date: Thu, 2 Apr 2020 17:06:07 +0530 Subject: [PATCH 1/2] Adding channel specific privilege to network @@ -17,20 +17,21 @@ access command Change-Id: I3b592a19363eef684e31d5f7c34dad8f2f9211df Signed-off-by: AppaRao Puli Signed-off-by: Yong Li +Signed-off-by: Johnathan Mantey --- - ethernet_interface.cpp | 123 +++++++++++++++++++++++++++++++++++++++++++++++++ - ethernet_interface.hpp | 39 +++++++++++++++- - network_manager.cpp | 104 +++++++++++++++++++++++++++++++++++++++++ - network_manager.hpp | 9 ++++ - 4 files changed, 274 insertions(+), 1 deletion(-) + ethernet_interface.cpp | 123 +++++++++++++++++++++++++++++++++++++++++ + ethernet_interface.hpp | 38 ++++++++++++- + network_manager.cpp | 102 ++++++++++++++++++++++++++++++++++ + network_manager.hpp | 9 +++ + 4 files changed, 271 insertions(+), 1 deletion(-) diff --git a/ethernet_interface.cpp b/ethernet_interface.cpp -index ed1e1ba..fca86bd 100644 +index 4827f68..fd75514 100644 --- a/ethernet_interface.cpp +++ b/ethernet_interface.cpp -@@ -37,6 +37,10 @@ using namespace phosphor::logging; - using namespace sdbusplus::xyz::openbmc_project::Common::Error; - using Argument = xyz::openbmc_project::Common::InvalidArgument; +@@ -44,6 +44,10 @@ constexpr auto PROPERTY_INTERFACE = "org.freedesktop.DBus.Properties"; + constexpr auto RESOLVED_SERVICE_PATH = "/org/freedesktop/resolve1/link/"; + constexpr auto METHOD_GET = "Get"; +static constexpr const char* networkChannelCfgFile = + "/var/channel_intf_data.json"; @@ -39,15 +40,15 @@ index ed1e1ba..fca86bd 100644 struct EthernetIntfSocket { EthernetIntfSocket(int domain, int type, int protocol) -@@ -86,6 +90,7 @@ EthernetInterface::EthernetInterface(sdbusplus::bus::bus& bus, - EthernetInterfaceIntf::speed(std::get<0>(ifInfo)); +@@ -93,6 +97,7 @@ EthernetInterface::EthernetInterface(sdbusplus::bus::bus& bus, EthernetInterfaceIntf::linkUp(std::get<3>(ifInfo)); + EthernetInterfaceIntf::nICEnabled(std::get<4>(ifInfo)); #endif + getChannelPrivilege(intfName); // Emit deferred signal. if (emitSignal) -@@ -869,5 +874,123 @@ void EthernetInterface::deleteAll() +@@ -1007,5 +1012,123 @@ void EthernetInterface::deleteAll() manager.writeToConfigurationFile(); } @@ -115,7 +116,7 @@ index ed1e1ba..fca86bd 100644 + } + else + { -+ jsonData[interfaceName] = priv; ++ return priv; + } + + if (writeJsonFile(networkChannelCfgFile, jsonData) != 0) @@ -172,7 +173,7 @@ index ed1e1ba..fca86bd 100644 } // namespace network } // namespace phosphor diff --git a/ethernet_interface.hpp b/ethernet_interface.hpp -index 68668d6..058d328 100644 +index f8086a4..4191d49 100644 --- a/ethernet_interface.hpp +++ b/ethernet_interface.hpp @@ -2,11 +2,14 @@ @@ -215,7 +216,7 @@ index 68668d6..058d328 100644 namespace fs = std::experimental::filesystem; class Manager; // forward declaration of network manager. -@@ -199,6 +208,14 @@ class EthernetInterface : public Ifaces +@@ -217,6 +225,14 @@ class EthernetInterface : public Ifaces */ void deleteAll(); @@ -230,7 +231,7 @@ index 68668d6..058d328 100644 using EthernetInterfaceIntf::dHCPEnabled; using EthernetInterfaceIntf::interfaceName; using EthernetInterfaceIntf::linkUp; -@@ -296,6 +313,26 @@ class EthernetInterface : public Ifaces +@@ -316,6 +332,26 @@ class EthernetInterface : public Ifaces std::string objPath; friend class TestEthernetInterface; @@ -258,7 +259,7 @@ index 68668d6..058d328 100644 } // namespace network diff --git a/network_manager.cpp b/network_manager.cpp -index 043d7a2..75f4e5f 100644 +index 637092b..6e5234c 100644 --- a/network_manager.cpp +++ b/network_manager.cpp @@ -34,6 +34,13 @@ extern std::unique_ptr restartTimer; @@ -378,7 +379,7 @@ index 043d7a2..75f4e5f 100644 bool Manager::createDefaultNetworkFiles(bool force) diff --git a/network_manager.hpp b/network_manager.hpp -index edb341f..5fb9fe8 100644 +index 80d017e..e308650 100644 --- a/network_manager.hpp +++ b/network_manager.hpp @@ -137,6 +137,12 @@ class Manager : public details::VLANCreateIface @@ -405,5 +406,5 @@ index edb341f..5fb9fe8 100644 } // namespace network -- -2.7.4 +2.31.1 diff --git a/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0010-Correct-several-latent-issues-discovered-by-a-Klocwo.patch b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0010-Correct-several-latent-issues-discovered-by-a-Klocwo.patch new file mode 100644 index 000000000..222a07aff --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0010-Correct-several-latent-issues-discovered-by-a-Klocwo.patch @@ -0,0 +1,63 @@ +From 8d0cc1dfc3b48bccbe09a205f1ff2eb7721dbc6f Mon Sep 17 00:00:00 2001 +From: Johnathan Mantey +Date: Mon, 21 Jun 2021 13:34:04 -0700 +Subject: [PATCH] Correct several latent issues discovered by a Klocwork scan + +Klocwork identified several issues: +1. ncsi_util: Null pointer dereferences +2. vlan_interface: Missing return value for non-void function + +Tested: +Programmed the updated code to WCity system. + +Change-Id: Ie6a601b343404f3070f35171336c0c5796c8d635 +Signed-off-by: Johnathan Mantey +--- + ncsi_util.cpp | 11 +++++++++++ + vlan_interface.cpp | 1 + + 2 files changed, 12 insertions(+) + +diff --git a/ncsi_util.cpp b/ncsi_util.cpp +index 2b3fb54..4a46849 100644 +--- a/ncsi_util.cpp ++++ b/ncsi_util.cpp +@@ -180,6 +180,12 @@ int applyCmd(int ifindex, int cmd, int package = DEFAULT_VALUE, + CallBack function = nullptr) + { + nlSocketPtr socket(nl_socket_alloc(), &::nl_socket_free); ++ if (socket == nullptr) ++ { ++ log("Unable to allocate memory for the socket."); ++ return -ENOMEM; ++ } ++ + auto ret = genl_connect(socket.get()); + if (ret < 0) + { +@@ -195,6 +201,11 @@ int applyCmd(int ifindex, int cmd, int package = DEFAULT_VALUE, + } + + nlMsgPtr msg(nlmsg_alloc(), &::nlmsg_free); ++ if (msg == nullptr) ++ { ++ log("Unable to allocate memory for the message."); ++ return -ENOMEM; ++ } + + auto msgHdr = genlmsg_put(msg.get(), 0, 0, driverID, 0, flags, cmd, 0); + if (!msgHdr) +diff --git a/vlan_interface.cpp b/vlan_interface.cpp +index 26282cb..baa5271 100644 +--- a/vlan_interface.cpp ++++ b/vlan_interface.cpp +@@ -41,6 +41,7 @@ std::string VlanInterface::mACAddress(std::string) + { + log("Tried to set MAC address on VLAN"); + elog(); ++ return {}; + } + + void VlanInterface::writeDeviceFile() +-- +2.31.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network_%.bbappend b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network_%.bbappend index 5774d5318..c5d608371 100644 --- a/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network_%.bbappend @@ -6,6 +6,7 @@ DEPENDS += "nlohmann-json boost" SRC_URI = "git://github.com/openbmc/phosphor-networkd;nobranch=1" SRC_URI += "file://0003-Adding-channel-specific-privilege-to-network.patch \ file://0009-Enhance-DHCP-beyond-just-OFF-and-IPv4-IPv6-enabled.patch \ + file://0010-Correct-several-latent-issues-discovered-by-a-Klocwo.patch \ " SRCREV = "d0679f9bb46670c593061c4aaebec2a577cdd5c3" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager/0001-Verify-that-certificate-is-loadable-in-SSL-context.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager/0001-Verify-that-certificate-is-loadable-in-SSL-context.patch new file mode 100644 index 000000000..b0bbd1080 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager/0001-Verify-that-certificate-is-loadable-in-SSL-context.patch @@ -0,0 +1,53 @@ +From 811a29e1941db0157f49d2e05491be945f7b2f07 Mon Sep 17 00:00:00 2001 +From: Nidhin MS +Date: Thu, 13 May 2021 12:54:32 +0530 +Subject: [PATCH] Verify that certificate is loadable in SSL context + +Openssl requires private keys to have a minimum keylength specified by +openssl security level 1. As a result RSA keys shorter +than 1024 bits and ECC keys shorter than 160 bits are prohibited. Add a +validation step to create an SSL context and try to load the +certificate. + +Tested: +Tested RSA with length 512 756 and 1024 + +Change-Id: Idac4dea6279964bfd8e3d996d91cd278678c73f9 +Signed-off-by: Nidhin MS +--- + certificate.cpp | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/certificate.cpp b/certificate.cpp +index 6bfd4af..7b902bd 100644 +--- a/certificate.cpp ++++ b/certificate.cpp +@@ -9,6 +9,7 @@ + #include + #include + #include ++#include + #include + + #include +@@ -351,6 +352,17 @@ void Certificate::install(const std::string& certSrcFilePath) + + validateCertificateExpiryDate(cert); + ++ // Verify that the certificate can be used in a TLS context ++ const SSL_METHOD* method = TLS_method(); ++ std::unique_ptr ctx(SSL_CTX_new(method), ++ SSL_CTX_free); ++ if (SSL_CTX_use_certificate(ctx.get(), cert.get()) != 1) ++ { ++ log("Certificate is not usable", ++ entry("ERRCODE=%x", ERR_get_error())); ++ elog(Reason("Certificate is not usable")); ++ } ++ + // Invoke type specific append private key function. + auto appendIter = appendKeyMap.find(certType); + if (appendIter == appendKeyMap.end()) +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager_%.bbappend new file mode 100644 index 000000000..f46e1b596 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" + +SRCREV = "c4522d2ea747e139dc97238b58c9609ac9d11776" +SRC_URI += "file://0001-Verify-that-certificate-is-loadable-in-SSL-context.patch" + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0003-Klocwork-fix-fruDevice.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0003-Klocwork-fix-fruDevice.patch new file mode 100644 index 000000000..c2faddce2 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0003-Klocwork-fix-fruDevice.patch @@ -0,0 +1,41 @@ +From c3286fb24b5d10557dbe2f91e03db6230e1d3b9a Mon Sep 17 00:00:00 2001 +From: Zhikui Ren +Date: Tue, 15 Jun 2021 10:02:07 -0700 +Subject: [PATCH] Klocwork fix - fruDevice + +Fix for Klocwork issues. + +Signed-off-by: Zhikui Ren +--- + src/FruDevice.cpp | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/FruDevice.cpp b/src/FruDevice.cpp +index e1e95f8..a2078a1 100644 +--- a/src/FruDevice.cpp ++++ b/src/FruDevice.cpp +@@ -903,7 +903,7 @@ static std::pair + + case FRUDataEncoding::sixBitASCII: + { +- unsigned int accum; ++ unsigned int accum = 0; + unsigned int accumBitLen = 0; + value = std::string(); + for (i = 0; i < len; i++, iter++) +@@ -982,7 +982,11 @@ bool formatFru(const std::vector& fruBytes, + std::tm fruTime = intelEpoch(); + std::time_t timeValue = std::mktime(&fruTime); + timeValue += minutes * 60; +- fruTime = *std::gmtime(&timeValue); ++ std::tm* realTime = std::gmtime(&timeValue); ++ if (realTime != NULL) ++ { ++ fruTime = *realTime; ++ } + + // Tue Nov 20 23:08:00 2018 + char timeString[32] = {0}; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager_%.bbappend index 212797329..7b84000dc 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager_%.bbappend @@ -4,4 +4,5 @@ SRCREV = "e18edb5badc2e16181cfc464a6ccd0ef51dc4548" FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" SRC_URI += "file://0001-Add-retries-to-mapper-calls.patch \ - file://0002-Improve-initialization-of-I2C-sensors.patch" + file://0002-Improve-initialization-of-I2C-sensors.patch \ + file://0003-Klocwork-fix-fruDevice.patch" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0015-Fix-delete-image-by-ID-and-inhibit-removal-of-bmc_ac.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0015-Fix-delete-image-by-ID-and-inhibit-removal-of-bmc_ac.patch index 54efbee8c..c10dadea4 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0015-Fix-delete-image-by-ID-and-inhibit-removal-of-bmc_ac.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0015-Fix-delete-image-by-ID-and-inhibit-removal-of-bmc_ac.patch @@ -1,13 +1,13 @@ -From f2dd5e13a0774d8683542798dd96979f9d7a6691 Mon Sep 17 00:00:00 2001 +From f268c4679e391e213c36d2046f0d95b858f41054 Mon Sep 17 00:00:00 2001 From: Vernon Mauery Date: Tue, 29 Sep 2020 13:38:35 -0700 Subject: [PATCH] Fix delete image by ID and inhibit removal of bmc_active Delete image by ID was broken because when hitting the delete dbus interface, it recalculated the ID from the parent version, which then -does not match because of the random number addition that was added to -the ID when the parent interface was created. This saves away the parent -interface ID and recalls it rather than recalculating it. +does not match because of the random number addition that was added +to the ID when the parent interface was created. This saves away the +parent interface ID and recalls it rather than recalculating it. Also, there was a logic error in deleting images that would delete the active BMC image. This fixes up that error. @@ -17,6 +17,7 @@ Tested: run multiple back-to back updates and see that when the fwupd deleted and that the bmc_active interface is not deleted. Signed-off-by: Vernon Mauery +Signed-off-by: AppaRao Puli --- item_updater.cpp | 17 +++++++++++------ pfr_image_manager.cpp | 2 +- @@ -25,10 +26,10 @@ Signed-off-by: Vernon Mauery 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/item_updater.cpp b/item_updater.cpp -index db255d6..90970d3 100644 +index 8d7bb82..5bf8b87 100644 --- a/item_updater.cpp +++ b/item_updater.cpp -@@ -133,7 +133,7 @@ void ItemUpdater::createActivation(sdbusplus::message::message& msg) +@@ -132,7 +132,7 @@ void ItemUpdater::createActivation(sdbusplus::message::message& msg) activationState, associations))); auto versionPtr = std::make_unique( @@ -37,7 +38,7 @@ index db255d6..90970d3 100644 std::bind(&ItemUpdater::erase, this, std::placeholders::_1)); versionPtr->deleteObject = std::make_unique(bus, path, -@@ -247,7 +247,7 @@ void ItemUpdater::processBMCImage() +@@ -224,7 +224,7 @@ void ItemUpdater::processBMCImage() // Create Version instance for this version. auto versionPtr = std::make_unique( @@ -46,7 +47,7 @@ index db255d6..90970d3 100644 std::bind(&ItemUpdater::erase, this, std::placeholders::_1)); auto isVersionFunctional = versionPtr->isFunctional(); if (!isVersionFunctional) -@@ -322,11 +322,11 @@ void ItemUpdater::erase(std::string entryId) +@@ -298,11 +298,11 @@ void ItemUpdater::erase(std::string entryId) auto it = versions.find(entryId); if (it != versions.end()) { @@ -61,8 +62,8 @@ index db255d6..90970d3 100644 + entry("VERSIONID=%s", entryId.c_str())); return; } - } -@@ -669,6 +669,11 @@ void ItemUpdater::freeSpace(Activation& caller) + +@@ -633,6 +633,11 @@ void ItemUpdater::freeSpace(Activation& caller) std::size_t count = 0; for (const auto& iter : activations) { @@ -75,10 +76,10 @@ index db255d6..90970d3 100644 server::Activation::Activations::Active) || (iter.second.get()->activation() == diff --git a/pfr_image_manager.cpp b/pfr_image_manager.cpp -index 145237e..0c6c3d8 100644 +index ba73cc1..36f0a62 100644 --- a/pfr_image_manager.cpp +++ b/pfr_image_manager.cpp -@@ -308,7 +308,7 @@ int Manager::processImage(const std::string& imgFilePath) +@@ -265,7 +265,7 @@ int Manager::processImage(const std::string& imgFilePath) std::string objPath = std::string{SOFTWARE_OBJPATH} + '/' + id; auto versionPtr = std::make_unique( @@ -88,10 +89,10 @@ index 145237e..0c6c3d8 100644 versionPtr->deleteObject = std::make_unique(bus, objPath, diff --git a/version.cpp b/version.cpp -index 18f3f4f..e6fd481 100644 +index f50500a..1471233 100644 --- a/version.cpp +++ b/version.cpp -@@ -182,7 +182,7 @@ void Delete::delete_() +@@ -181,7 +181,7 @@ void Delete::delete_() { if (parent.eraseCallback) { @@ -101,10 +102,10 @@ index 18f3f4f..e6fd481 100644 } diff --git a/version.hpp b/version.hpp -index 9cf76da..ae70ea8 100644 +index 5827c8a..ad1170a 100644 --- a/version.hpp +++ b/version.hpp -@@ -74,14 +74,15 @@ class Version : public VersionInherit +@@ -73,14 +73,15 @@ class Version : public VersionInherit * @param[in] callback - The eraseFunc callback */ Version(sdbusplus::bus::bus& bus, const std::string& objPath, @@ -115,16 +116,16 @@ index 9cf76da..ae70ea8 100644 + eraseFunc callback) : VersionInherit(bus, (objPath).c_str(), true), - eraseCallback(callback), versionStr(versionString) -+ eraseCallback(callback), extId(extId), versionStr(versionString) ++ eraseCallback(callback), versionStr(versionString), extId(extId) { // Set properties. purpose(versionPurpose); - version(versionString); -+ version(extId); ++ version(versionStr); path(filePath); // Emit deferred signal. emit_object_added(); -@@ -134,6 +135,15 @@ class Version : public VersionInherit +@@ -133,6 +134,15 @@ class Version : public VersionInherit */ bool isFunctional(); @@ -140,7 +141,7 @@ index 9cf76da..ae70ea8 100644 /** @brief Persistent Delete D-Bus object */ std::unique_ptr deleteObject; -@@ -143,6 +153,7 @@ class Version : public VersionInherit +@@ -142,6 +152,7 @@ class Version : public VersionInherit private: /** @brief This Version's version string */ const std::string versionStr; @@ -149,5 +150,5 @@ index 9cf76da..ae70ea8 100644 } // namespace manager -- -2.17.1 +2.7.4 diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend index 623c4f77e..0b1bdf1e4 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend @@ -20,6 +20,7 @@ SRC_URI += "file://0001-Add-more-error-types.patch \ SRC_URI_PFR = "file://0007-PFR-images-support.patch \ file://0008-PFR-image-HASH-verification.patch \ file://0010-Add-error-reporting-to-pfr_image_manager.patch \ + file://0015-Fix-delete-image-by-ID-and-inhibit-removal-of-bmc_ac.patch \ " SRC_URI += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', SRC_URI_PFR, '', d)}" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0042-Fix-nlohmann-json-dump-calls.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0042-Fix-nlohmann-json-dump-calls.patch new file mode 100644 index 000000000..c72f36d28 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0042-Fix-nlohmann-json-dump-calls.patch @@ -0,0 +1,451 @@ +From 7c93f19e80d6d6fb11710e112a7aa449c77924f6 Mon Sep 17 00:00:00 2001 +From: Ed Tanous +Date: Fri, 19 Feb 2021 08:51:17 -0800 +Subject: [PATCH] Fix nlohmann::json::dump calls + +The nlohmann::json::dump call needs to be called with specific arguments +to avoid throwing in failure cases. http connection already does this +properly, but a bunch of code has snuck in (mostly in redfish) that +ignores this, and calls it incorrectly. This can potentially lead to a +crash if the wrong thing throws on invalid UTF8 characters. + +This audits the whole codebase, and replaces every dump() call with the +correct dump(2, ' ', true, nlohmann::json::error_handler_t::replace) +call. For correct output, the callers should expect no change, and in +practice, this would require injecting non-utf8 characters into the +BMC. + +Tested: +Ran several of the endpoints/error conditions in question, including +some of the error cases. Observed correct responses. I don't know of a +security issue that would allow injecting invalid utf8 into the BMC, but +in theory if it were possible, this would prevent a crash. + +Signed-off-by: Ed Tanous +Change-Id: I4a15b8e260e3db129bc20484ade4ed5449f75ad0 +Signed-off-by: Terry S. Duncan +--- + http/http_connection.h | 3 +- + include/dbus_monitor.hpp | 3 +- + include/openbmc_dbus_rest.hpp | 6 ++- + .../include/event_service_manager.hpp | 12 +++-- + redfish-core/include/utils/json_utils.hpp | 30 ++++++++++-- + redfish-core/lib/account_service.hpp | 4 +- + redfish-core/lib/ethernet.hpp | 48 +++++++++++------- + redfish-core/lib/event_service.hpp | 4 +- + redfish-core/lib/hypervisor_ethernet.hpp | 7 ++- + redfish-core/lib/managers.hpp | 49 +++++++++++++------ + 10 files changed, 115 insertions(+), 51 deletions(-) + +diff --git a/http/http_connection.h b/http/http_connection.h +index 59a134f..4fb2d85 100644 +--- a/http/http_connection.h ++++ b/http/http_connection.h +@@ -660,7 +660,8 @@ class Connection : + else + { + res.jsonMode(); +- res.body() = res.jsonValue.dump(2, ' ', true); ++ res.body() = res.jsonValue.dump( ++ 2, ' ', true, nlohmann::json::error_handler_t::replace); + } + } + +diff --git a/include/dbus_monitor.hpp b/include/dbus_monitor.hpp +index 9e22b9c..db0d07b 100644 +--- a/include/dbus_monitor.hpp ++++ b/include/dbus_monitor.hpp +@@ -110,7 +110,8 @@ inline int onPropertyUpdate(sd_bus_message* m, void* userdata, + return 0; + } + +- connection->sendText(j.dump()); ++ connection->sendText( ++ j.dump(2, ' ', true, nlohmann::json::error_handler_t::replace)); + return 0; + } + +diff --git a/include/openbmc_dbus_rest.hpp b/include/openbmc_dbus_rest.hpp +index c41a568..00d849a 100644 +--- a/include/openbmc_dbus_rest.hpp ++++ b/include/openbmc_dbus_rest.hpp +@@ -508,7 +508,9 @@ int convertJsonToDbus(sd_bus_message* m, const std::string& arg_type, + const nlohmann::json& input_json) + { + int r = 0; +- BMCWEB_LOG_DEBUG << "Converting " << input_json.dump() ++ BMCWEB_LOG_DEBUG << "Converting " ++ << input_json.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace) + << " to type: " << arg_type; + const std::vector argTypes = dbusArgSplit(arg_type); + +@@ -917,7 +919,7 @@ int readDictEntryFromMessage(const std::string& typeCode, + { + // json doesn't support non-string keys. If we hit this condition, + // convert the result to a string so we can proceed +- key = key.dump(); ++ key = key.dump(2, ' ', true, nlohmann::json::error_handler_t::replace); + keyPtr = key.get_ptr(); + // in theory this can't fail now, but lets be paranoid about it + // anyway +diff --git a/redfish-core/include/event_service_manager.hpp b/redfish-core/include/event_service_manager.hpp +index 470636f..633e096 100644 +--- a/redfish-core/include/event_service_manager.hpp ++++ b/redfish-core/include/event_service_manager.hpp +@@ -462,7 +462,8 @@ class Subscription + {"Name", "Event Log"}, + {"Events", logEntryArray}}; + +- this->sendEvent(msg.dump()); ++ this->sendEvent( ++ msg.dump(2, ' ', true, nlohmann::json::error_handler_t::replace)); + this->eventSeqNum++; + } + +@@ -526,7 +527,8 @@ class Subscription + {"Name", "Event Log"}, + {"Events", logEntryArray}}; + +- this->sendEvent(msg.dump()); ++ this->sendEvent( ++ msg.dump(2, ' ', true, nlohmann::json::error_handler_t::replace)); + this->eventSeqNum++; + } + #endif +@@ -573,7 +575,8 @@ class Subscription + {"MetricReportDefinition", {{"@odata.id", metricReportDef}}}, + {"MetricValues", metricValuesArray}}; + +- this->sendEvent(msg.dump()); ++ this->sendEvent( ++ msg.dump(2, ' ', true, nlohmann::json::error_handler_t::replace)); + } + + void updateRetryConfig(const uint32_t retryAttempts, +@@ -826,7 +829,8 @@ class EventServiceManager + + const std::string tmpFile(std::string(eventServiceFile) + "_tmp"); + std::ofstream ofs(tmpFile, std::ios::out); +- const auto& writeData = jsonData.dump(); ++ const auto& writeData = jsonData.dump( ++ 2, ' ', true, nlohmann::json::error_handler_t::replace); + ofs << writeData; + ofs.close(); + +diff --git a/redfish-core/include/utils/json_utils.hpp b/redfish-core/include/utils/json_utils.hpp +index fbb259d..1252746 100644 +--- a/redfish-core/include/utils/json_utils.hpp ++++ b/redfish-core/include/utils/json_utils.hpp +@@ -222,12 +222,20 @@ bool unpackValue(nlohmann::json& jsonValue, const std::string& key, + { + if (!jsonValue.is_array()) + { +- messages::propertyValueTypeError(res, res.jsonValue.dump(), key); ++ messages::propertyValueTypeError( ++ res, ++ res.jsonValue.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ key); + return false; + } + if (jsonValue.size() != value.size()) + { +- messages::propertyValueTypeError(res, res.jsonValue.dump(), key); ++ messages::propertyValueTypeError( ++ res, ++ res.jsonValue.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ key); + return false; + } + size_t index = 0; +@@ -242,7 +250,11 @@ bool unpackValue(nlohmann::json& jsonValue, const std::string& key, + { + if (!jsonValue.is_array()) + { +- messages::propertyValueTypeError(res, res.jsonValue.dump(), key); ++ messages::propertyValueTypeError( ++ res, ++ res.jsonValue.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ key); + return false; + } + +@@ -261,11 +273,19 @@ bool unpackValue(nlohmann::json& jsonValue, const std::string& key, + { + if (ec == UnpackErrorCode::invalidType) + { +- messages::propertyValueTypeError(res, jsonValue.dump(), key); ++ messages::propertyValueTypeError( ++ res, ++ jsonValue.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ key); + } + else if (ec == UnpackErrorCode::outOfRange) + { +- messages::propertyValueNotInList(res, jsonValue.dump(), key); ++ messages::propertyValueNotInList( ++ res, ++ jsonValue.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ key); + } + return false; + } +diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp +index 8ef1434..1619a3e 100644 +--- a/redfish-core/lib/account_service.hpp ++++ b/redfish-core/lib/account_service.hpp +@@ -240,7 +240,9 @@ static void handleRoleMapPatch( + { + BMCWEB_LOG_ERROR << "Can't delete the object"; + messages::propertyValueTypeError( +- asyncResp->res, thisJson.dump(), ++ asyncResp->res, ++ thisJson.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), + "RemoteRoleMapping/" + std::to_string(index)); + return; + } +diff --git a/redfish-core/lib/ethernet.hpp b/redfish-core/lib/ethernet.hpp +index b1a9f69..fc909ce 100644 +--- a/redfish-core/lib/ethernet.hpp ++++ b/redfish-core/lib/ethernet.hpp +@@ -1421,8 +1421,11 @@ class EthernetInterface : public Node + { + if ((!input.is_array()) || input.empty()) + { +- messages::propertyValueTypeError(asyncResp->res, input.dump(), +- "IPv4StaticAddresses"); ++ messages::propertyValueTypeError( ++ asyncResp->res, ++ input.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ "IPv4StaticAddresses"); + return; + } + +@@ -1450,7 +1453,10 @@ class EthernetInterface : public Node + "Gateway", gateway)) + { + messages::propertyValueFormatError( +- asyncResp->res, thisJson.dump(), pathString); ++ asyncResp->res, ++ thisJson.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ pathString); + return; + } + +@@ -1569,12 +1575,12 @@ class EthernetInterface : public Node + messages::resourceCannotBeDeleted(asyncResp->res); + return; + } +- else +- { +- messages::propertyValueFormatError( +- asyncResp->res, thisJson.dump(), pathString); +- return; +- } ++ messages::propertyValueFormatError( ++ asyncResp->res, ++ thisJson.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ pathString); ++ return; + } + + if (thisJson.is_null()) +@@ -1619,8 +1625,11 @@ class EthernetInterface : public Node + { + if (!input.is_array() || input.empty()) + { +- messages::propertyValueTypeError(asyncResp->res, input.dump(), +- "IPv6StaticAddresses"); ++ messages::propertyValueTypeError( ++ asyncResp->res, ++ input.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ "IPv6StaticAddresses"); + return; + } + size_t entryIdx = 1; +@@ -1640,7 +1649,10 @@ class EthernetInterface : public Node + address, "PrefixLength", prefixLength)) + { + messages::propertyValueFormatError( +- asyncResp->res, thisJson.dump(), pathString); ++ asyncResp->res, ++ thisJson.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ pathString); + return; + } + +@@ -1706,12 +1718,12 @@ class EthernetInterface : public Node + messages::resourceCannotBeDeleted(asyncResp->res); + return; + } +- else +- { +- messages::propertyValueFormatError( +- asyncResp->res, thisJson.dump(), pathString); +- return; +- } ++ messages::propertyValueFormatError( ++ asyncResp->res, ++ thisJson.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ pathString); ++ return; + } + + if (thisJson.is_null()) +diff --git a/redfish-core/lib/event_service.hpp b/redfish-core/lib/event_service.hpp +index 7a29af5..dd5cf32 100644 +--- a/redfish-core/lib/event_service.hpp ++++ b/redfish-core/lib/event_service.hpp +@@ -472,7 +472,9 @@ class EventDestinationCollection : public Node + else + { + messages::propertyValueFormatError( +- asyncResp->res, mrdObj.dump(), ++ asyncResp->res, ++ mrdObj.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), + "MetricReportDefinitions"); + return; + } +diff --git a/redfish-core/lib/hypervisor_ethernet.hpp b/redfish-core/lib/hypervisor_ethernet.hpp +index 7b64c20..6fb301f 100644 +--- a/redfish-core/lib/hypervisor_ethernet.hpp ++++ b/redfish-core/lib/hypervisor_ethernet.hpp +@@ -521,8 +521,11 @@ class HypervisorInterface : public Node + address, "SubnetMask", subnetMask, + "Gateway", gateway)) + { +- messages::propertyValueFormatError(asyncResp->res, +- thisJson.dump(), pathString); ++ messages::propertyValueFormatError( ++ asyncResp->res, ++ thisJson.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace), ++ pathString); + return; + } + +diff --git a/redfish-core/lib/managers.hpp b/redfish-core/lib/managers.hpp +index 7832e81..176d146 100644 +--- a/redfish-core/lib/managers.hpp ++++ b/redfish-core/lib/managers.hpp +@@ -865,8 +865,10 @@ static CreatePIDRet createPidInterface( + "PositiveHysteresis", doubles["PositiveHysteresis"], + "NegativeHysteresis", doubles["NegativeHysteresis"])) + { +- BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property " +- << it.value().dump(); ++ BMCWEB_LOG_ERROR << "Line:" << __LINE__ ++ << "Illegal Property " ++ << it.value().dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace); + return CreatePIDRet::fail; + } + if (zones) +@@ -972,8 +974,10 @@ static CreatePIDRet createPidInterface( + failSafePercent, "MinThermalOutput", + minThermalOutput)) + { +- BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property " +- << it.value().dump(); ++ BMCWEB_LOG_ERROR << "Line:" << __LINE__ ++ << "Illegal Property " ++ << it.value().dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace); + return CreatePIDRet::fail; + } + +@@ -984,8 +988,11 @@ static CreatePIDRet createPidInterface( + if (!redfish::json_util::readJson(*chassisContainer, response->res, + "@odata.id", chassisId)) + { +- BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property " +- << chassisContainer->dump(); ++ BMCWEB_LOG_ERROR << "Line:" << __LINE__ ++ << "Illegal Property " ++ << chassisContainer->dump( ++ 2, ' ', true, ++ nlohmann::json::error_handler_t::replace); + return CreatePIDRet::fail; + } + +@@ -1022,8 +1029,10 @@ static CreatePIDRet createPidInterface( + "NegativeHysteresis", negativeHysteresis, "Direction", + direction)) + { +- BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property " +- << it.value().dump(); ++ BMCWEB_LOG_ERROR << "Line:" << __LINE__ ++ << "Illegal Property " ++ << it.value().dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace); + return CreatePIDRet::fail; + } + +@@ -1057,8 +1066,10 @@ static CreatePIDRet createPidInterface( + target, "Output", output)) + { + BMCWEB_LOG_ERROR << "Line:" << __LINE__ +- << ", Illegal Property " +- << it.value().dump(); ++ << "Illegal Property " ++ << it.value().dump( ++ 2, ' ', true, ++ nlohmann::json::error_handler_t::replace); + return CreatePIDRet::fail; + } + readings.emplace_back(target); +@@ -1299,8 +1310,10 @@ struct SetPIDValues : std::enable_shared_from_this + "FanControllers", fanControllers, "FanZones", fanZones, + "StepwiseControllers", stepwiseControllers, "Profile", profile)) + { +- BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property " +- << data.dump(); ++ BMCWEB_LOG_ERROR << "Line:" << __LINE__ ++ << "Illegal Property " ++ << data.dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace); + return; + } + configuration.emplace_back("PidControllers", std::move(pidControllers)); +@@ -1822,8 +1835,10 @@ class Manager : public Node + std::optional openbmc; + if (!redfish::json_util::readJson(*oem, res, "OpenBmc", openbmc)) + { +- BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property " +- << oem->dump(); ++ BMCWEB_LOG_ERROR << "Line:" << __LINE__ ++ << "Illegal Property " ++ << oem->dump(2, ' ', true, ++ nlohmann::json::error_handler_t::replace); + return; + } + if (openbmc) +@@ -1832,8 +1847,10 @@ class Manager : public Node + if (!redfish::json_util::readJson(*openbmc, res, "Fan", fan)) + { + BMCWEB_LOG_ERROR << "Line:" << __LINE__ +- << ", Illegal Property " +- << openbmc->dump(); ++ << "Illegal Property " ++ << openbmc->dump( ++ 2, ' ', true, ++ nlohmann::json::error_handler_t::replace); + return; + } + if (fan) +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0043-account_service-Fix-incorrect-pointer-dereference.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0043-account_service-Fix-incorrect-pointer-dereference.patch new file mode 100644 index 000000000..263a7412d --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0043-account_service-Fix-incorrect-pointer-dereference.patch @@ -0,0 +1,40 @@ +From 2cfacab5512cdf9802b267138d06d955989c8593 Mon Sep 17 00:00:00 2001 +From: P Dheeraj Srujan Kumar +Date: Tue, 15 Jun 2021 01:38:43 +0530 +Subject: [PATCH] account_service: Fix incorrect pointer dereference flow + +The pointer is being dereferenced before checking for null. +Moved dereferencing of pointer to occur after null check. + +Tested: + -Built Successfully + -No regressions observed. + +Signed-off-by: P Dheeraj Srujan Kumar +--- + redfish-core/lib/account_service.hpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp +index 1619a3e..9263090 100644 +--- a/redfish-core/lib/account_service.hpp ++++ b/redfish-core/lib/account_service.hpp +@@ -122,13 +122,14 @@ void userErrorMessageHandler(const sd_bus_error* e, + const std::string& newUser, + const std::string& username) + { +- const char* errorMessage = e->name; + if (e == nullptr) + { + messages::internalError(asyncResp->res); + return; + } + ++ const char* errorMessage = e->name; ++ + if (strcmp(errorMessage, + "xyz.openbmc_project.User.Common.Error.UserNameExists") == 0) + { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend index b409243a4..3f4eb3f72 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend @@ -56,6 +56,8 @@ SRC_URI += "file://0001-Firmware-update-support-for-StandBySpare.patch \ file://0039-Return-InternalError-on-DBus-error.patch \ file://0040-Add-boundary-check-to-avoid-crash.patch \ file://0041-Revamp-Redfish-Event-Log-Unique-ID-Generation.patch \ + file://0042-Fix-nlohmann-json-dump-calls.patch \ + file://0043-account_service-Fix-incorrect-pointer-dereference.patch \ " # Temporary downstream mirror of upstream patches, see telemetry\README for details diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-ipmb/0001-Add-dbus-method-SlotIpmbRequest.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-ipmb/0001-Add-dbus-method-SlotIpmbRequest.patch index 3f01cd2c8..d119b4d4f 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-ipmb/0001-Add-dbus-method-SlotIpmbRequest.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-ipmb/0001-Add-dbus-method-SlotIpmbRequest.patch @@ -1,4 +1,4 @@ -From 644165bf32fd6e757c261881987d127a865cbf2b Mon Sep 17 00:00:00 2001 +From b0baf051a2b56e87d63d047c4a09a00d6d4bb955 Mon Sep 17 00:00:00 2001 From: Rajashekar Gade Reddy Date: Mon, 23 Mar 2020 22:19:07 +0530 Subject: [PATCH] Add dbus method SlotIpmbRequest @@ -33,8 +33,7 @@ ipmitool raw 0x3e 0x51 0 0x01 0xb0 0x6 1 Note: Tested for all possible negative test cases and it works fine. Signed-off-by: Rajashekar Gade Reddy - -%% original patch: 0001-Add-dbus-method-SlotIpmbRequest.patch +Signed-off-by: Jayaprakash Mutyala --- CMakeLists.txt | 2 +- include/linux/i2c.h | 159 ++++++++++++++++++++++++++++++++ @@ -240,7 +239,7 @@ index 0876db7..ff570c6 100644 ] } diff --git a/ipmbbridged.cpp b/ipmbbridged.cpp -index e0eadfc..72ede8c 100644 +index e0eadfc..6e998bf 100644 --- a/ipmbbridged.cpp +++ b/ipmbbridged.cpp @@ -18,6 +18,11 @@ @@ -362,7 +361,6 @@ index e0eadfc..72ede8c 100644 + std::shared_ptr request, + const uint8_t pcieSlot) +{ -+ makeRequestValid(request); + std::filesystem::path p = + "/dev/i2c-mux/PCIE_Mux/Pcie_Slot_" + std::to_string(pcieSlot); + @@ -386,6 +384,7 @@ index e0eadfc..72ede8c 100644 + return returnStatus(ipmbResponseStatus::error); + } + ++ makeRequestValid(request); + uint8_t size = buffer.size(); + + const uint8_t slaveAddrIndex = 1; diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs/0001-Add-WA-for-host-OS-not-retrying-when-BMC-times-out.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs/0001-Add-WA-for-host-OS-not-retrying-when-BMC-times-out.patch new file mode 100644 index 000000000..5b9ba9820 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs/0001-Add-WA-for-host-OS-not-retrying-when-BMC-times-out.patch @@ -0,0 +1,61 @@ +From b8ab6980db2132276b0b74335710fe43a7a0c5b0 Mon Sep 17 00:00:00 2001 +From: "Terry S. Duncan" +Date: Tue, 23 Feb 2021 14:55:02 -0800 +Subject: [PATCH] Add WA for host OS not retrying when BMC times out + +Patch was submitted upstream to add return codes to list being retried. +This work around changes the completion code to one that the OS will +retry. + +Signed-off-by: Terry S. Duncan +--- + kcsbridged.cpp | 22 ++++++++++++++-------- + 1 file changed, 14 insertions(+), 8 deletions(-) + +diff --git a/kcsbridged.cpp b/kcsbridged.cpp +index 38911fa..b72cede 100644 +--- a/kcsbridged.cpp ++++ b/kcsbridged.cpp +@@ -191,16 +191,21 @@ class SmsChannel + if (ec) + { + log( +- "kcs<->ipmid bus error:", entry("NETFN=0x%02x", netfn), +- entry("LUN=0x%02x", lun), entry("CMD=0x%02x", cmd), ++ "kcs<->ipmid DBus error:", ++ entry("NETFN=0x%02x", netfnCap), ++ entry("LUN=0x%02x", lunCap), ++ entry("CMD=0x%02x", cmdCap), + entry("ERROR=%s", ec.message().c_str())); +- // send unspecified error for a D-Bus error +- constexpr uint8_t ccResponseNotAvailable = 0xce; +- rsp.resize(sizeof(netfn) + sizeof(cmd) + sizeof(cc)); ++ // Send cannot-execute error for a D-Bus error. ++ // This CC gets retried by the host driver. ++ constexpr uint8_t ccCannotExecute = 0xd5; ++ rsp.resize(sizeof(netfnCap) + sizeof(cmdCap) + sizeof(cc)); ++ ++ // DBUS fail response will have zeros; copy values from req. + rsp[0] = + ((netfnCap + 1) << netFnShift) | (lunCap & lunMask); + rsp[1] = cmdCap; +- rsp[2] = ccResponseNotAvailable; ++ rsp[2] = ccCannotExecute; + } + else + { +@@ -233,8 +238,9 @@ class SmsChannel + "Failed to send rsp msg", entry("SIZE=%d", wlen), + entry("EXPECT=%d", rsp.size()), + entry("ERROR=%s", ecWr.message().c_str()), +- entry("NETFN=0x%02x", netfn), entry("LUN=0x%02x", lun), +- entry("CMD=0x%02x", cmd), entry("CC=0x%02x", cc)); ++ entry("NETFN=0x%02x", netfnCap), ++ entry("LUN=0x%02x", lunCap), ++ entry("CMD=0x%02x", cmdCap), entry("CC=0x%02x", cc)); + } + }, + ipmiQueueService, ipmiQueuePath, ipmiQueueIntf, ipmiQueueMethod, +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs_%.bbappend index a3dceb01e..d19fe8014 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs_%.bbappend @@ -13,7 +13,9 @@ SYSTEMD_SERVICE_${PN}_append = " ${PN}@${SMM_DEVICE}.service " SRC_URI = "git://github.com/openbmc/kcsbridge.git" SRCREV = "d8594e9a62feb8b2fac789159966b4782b4aa31e" -SRC_URI += "file://99-ipmi-kcs.rules" +SRC_URI += "file://99-ipmi-kcs.rules \ + file://0001-Add-WA-for-host-OS-not-retrying-when-BMC-times-out.patch \ +" do_install_append() { install -d ${D}${base_libdir}/udev/rules.d diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0012-crypt_algo-Null-check-on-Cipher-context.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0012-crypt_algo-Null-check-on-Cipher-context.patch new file mode 100644 index 000000000..d4c6a3847 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0012-crypt_algo-Null-check-on-Cipher-context.patch @@ -0,0 +1,47 @@ +From 0b1184586b34ae40976e307d30fc44c3ed71dc11 Mon Sep 17 00:00:00 2001 +From: P Dheeraj Srujan Kumar +Date: Fri, 25 Jun 2021 20:23:26 +0530 +Subject: [PATCH] crypt_algo: Null check on Cipher context + +There is no Null check performed while creating a new +Cipher contex. OPENSSL_zalloc can return NULL. + +Tested: No regression observed + +Change-Id: Ibc135adf9a20783c72116587ed3c45e3d457b3ad +Signed-off-by: P Dheeraj Srujan Kumar +--- + crypt_algo.cpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/crypt_algo.cpp b/crypt_algo.cpp +index c51465f..d5be1cb 100644 +--- a/crypt_algo.cpp ++++ b/crypt_algo.cpp +@@ -103,6 +103,11 @@ std::vector AlgoAES128::decryptData(const uint8_t* iv, + // Initializes Cipher context + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + ++ if (!ctx) ++ { ++ throw std::runtime_error("EVP_CIPHER_CTX failed"); ++ } ++ + auto cleanupFunc = [](EVP_CIPHER_CTX* ctx) { EVP_CIPHER_CTX_free(ctx); }; + + std::unique_ptr ctxPtr(ctx, +@@ -164,6 +169,11 @@ std::vector AlgoAES128::encryptData(const uint8_t* input, + // Initializes Cipher context + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + ++ if (!ctx) ++ { ++ throw std::runtime_error("EVP_CIPHER_CTX failed"); ++ } ++ + auto cleanupFunc = [](EVP_CIPHER_CTX* ctx) { EVP_CIPHER_CTX_free(ctx); }; + + std::unique_ptr ctxPtr(ctx, +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend index fcf8df18d..f10bb6ef4 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend @@ -23,6 +23,7 @@ SRC_URI += " file://10-nice-rules.conf \ file://0006-Modify-dbus-namespace-of-chassis-control-for-guid.patch \ file://0009-Add-dbus-interface-for-sol-commands.patch \ file://0011-Remove-Get-SOL-Config-Command-from-Netipmid.patch \ + file://0012-crypt_algo-Null-check-on-Cipher-context.patch \ " do_install_append() { diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0003-Add-check-for-min-max-received-from-hwmon-files.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0003-Add-check-for-min-max-received-from-hwmon-files.patch new file mode 100644 index 000000000..2abfcbd41 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0003-Add-check-for-min-max-received-from-hwmon-files.patch @@ -0,0 +1,95 @@ +From 540b694667c659e2e811ddbb86a73d3356cc1885 Mon Sep 17 00:00:00 2001 +From: Zbigniew Lukwinski +Date: Wed, 21 Apr 2021 15:01:18 +0200 +Subject: [PATCH] Add check for min/max received from hwmon files + + When hwmon reports incorrect min/max values or CPU Sensor cannot access + readings, it shall keep the last known good readings and not update + DBus with incorrect values. + This patch adds min < max verification check for the values received + from hwmon and removes check for power on/off in the case of a read + failure. + + Tested manually on a physical platform, test cases cover incorrect + max/min values and failing access to hwmon files. + SDR over IPMI can be fully received in the case of error. + +Signed-off-by: Wojciech Dembinski +Signed-off-by: Zbigniew Lukwinski +--- + src/CPUSensor.cpp | 40 ++++++++++++++++++++++------------------ + 1 file changed, 22 insertions(+), 18 deletions(-) + +diff --git a/src/CPUSensor.cpp b/src/CPUSensor.cpp +index f96b178..a17d5db 100644 +--- a/src/CPUSensor.cpp ++++ b/src/CPUSensor.cpp +@@ -156,16 +156,21 @@ void CPUSensor::setupRead(void) + + void CPUSensor::updateMinMaxValues(void) + { ++ double newMin = std::numeric_limits::quiet_NaN(); ++ double newMax = std::numeric_limits::quiet_NaN(); ++ + const boost::container::flat_map< + std::string, + std::vector, +- const char*>>> ++ const char*, std::reference_wrapper>>> + map = { + { + "cap", + { +- std::make_tuple("cap_max", std::ref(maxValue), "MaxValue"), +- std::make_tuple("cap_min", std::ref(minValue), "MinValue"), ++ std::make_tuple("cap_max", std::ref(maxValue), "MaxValue", ++ std::ref(newMax)), ++ std::make_tuple("cap_min", std::ref(minValue), "MinValue", ++ std::ref(newMin)), + }, + }, + }; +@@ -178,26 +183,25 @@ void CPUSensor::updateMinMaxValues(void) + { + for (const auto& vectorItem : mapIt->second) + { +- auto [suffix, oldValue, dbusName] = vectorItem; ++ auto [suffix, oldValue, dbusName, newValue] = vectorItem; + auto attrPath = boost::replace_all_copy(path, fileItem, suffix); +- if (auto newVal = +- readFile(attrPath, CPUSensor::sensorScaleFactor)) ++ if (auto tmp = readFile(attrPath, CPUSensor::sensorScaleFactor)) + { +- updateProperty(sensorInterface, oldValue, *newVal, +- dbusName); ++ newValue.get() = *tmp; + } + else + { +- if (isPowerOn()) +- { +- updateProperty(sensorInterface, oldValue, 0, dbusName); +- } +- else +- { +- updateProperty(sensorInterface, oldValue, +- std::numeric_limits::quiet_NaN(), +- dbusName); +- } ++ newValue.get() = std::numeric_limits::quiet_NaN(); ++ } ++ } ++ if (std::isfinite(newMin) && std::isfinite(newMax) && ++ (newMin < newMax)) ++ { ++ for (const auto& vectorItem : mapIt->second) ++ { ++ auto& [suffix, oldValue, dbusName, newValue] = vectorItem; ++ updateProperty(sensorInterface, oldValue, newValue, ++ dbusName); + } + } + } +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend index 5cdb6c525..ab5fdac56 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend @@ -7,6 +7,7 @@ SRCREV = "8aeffd91ff3434f7812e9fdb6b0b03c6119921dd" SRC_URI += "\ file://intrusionsensor-depend-on-networkd.conf \ file://0001-Fix-for-intrusionsensor-service-crash.patch \ + file://0003-Add-check-for-min-max-received-from-hwmon-files.patch \ " DEPENDS_append = " libgpiod libmctp" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend index a0141f2b7..36b155fe9 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend @@ -1,14 +1,4 @@ SRC_URI = "git://github.com/Intel-BMC/phosphor-webui;protocol=ssh;branch=intel2" FILESEXTRAPATHS_prepend_intel := "${THISDIR}/${PN}:" -SRCREV = "6313c9df615fd85a8617c46444f964b972abdebd" - -# Adding the code below as a workaround as -# favicon gets corrupted during emit due to issue with html-webpack-plugin. -# This workaround needs to be removed once this issue is fixed in the -# newer version of html-webpack-plugin -do_compile_append() { - rm -rf ${S}/dist/favicon.ico.gz - mv ${S}/dist/favicon.gz ${S}/dist/favicon.ico.gz - rm -rf ${S}/dist/app.bundle.js.LICENSE.txt.gz -} +SRCREV = "2397c142c0d75c7705757a52848945b00928232d" diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/init b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/init new file mode 100755 index 000000000..47995466f --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/init @@ -0,0 +1,66 @@ +#! /bin/sh +# /etc/init.d/snmpd: start snmp daemon. + +. /etc/init.d/functions + +# Defaults +export MIBDIRS=/usr/share/snmp/mibs +SNMPDRUN=yes +SNMPDOPTS='-Lsd -Lf /dev/null -p /var/run/snmpd.pid' +TRAPDRUN=no +TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' +PIDFILE=/var/run/snmpd.pid +SPIDFILE=/var/run/snmptrapd.pid + +# Reads config file if exists (will override defaults above) +[ -r /etc/default/snmpd ] && . /etc/default/snmpd + +[ "$SNMPDRUN" = "yes" ] && { test -x /usr/sbin/snmpd || exit 0; } +[ "$TRAPDRUN" = "yes" ] && { test -x /usr/sbin/snmptrapd || exit 0; } + +case "$1" in + start) + echo -n "Starting network management services:" + if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf -a ! -f "$PIDFILE" ]; then + start-stop-daemon -o --start --quiet --name snmpd --pidfile "$PIDFILE" \ + --exec /usr/sbin/snmpd -- $SNMPDOPTS + echo -n " snmpd" + fi + if [ "$TRAPDRUN" = "yes" -a -f /etc/snmp/snmptrapd.conf -a ! -f "$SPIDFILE" ]; then + start-stop-daemon -o --start --quiet --name snmptrapd --pidfile "$SPIDFILE" \ + --exec /usr/sbin/snmptrapd -- $TRAPDOPTS + echo -n " snmptrapd" + fi + echo "." + + test ! -x /sbin/restorecon || /sbin/restorecon -FR /var/lib/net-snmp + ;; + stop) + echo -n "Stopping network management services:" + if [ -f "$PIDFILE" ] ; then + start-stop-daemon -o --stop --quiet --pidfile $PIDFILE --name snmpd + fi + echo -n " snmpd" + if [ -f "$SPIDFILE" ] ; then + start-stop-daemon -o --stop --quiet --pidfile $SPIDFILE --name snmptrapd + rm -rf $SPIDFILE + fi + echo -n " snmptrapd" + echo "." + ;; + status) + status /usr/sbin/snmpd; + exit $? + ;; + restart|reload|force-reload) + $0 stop + # Allow the daemons time to exit completely. + sleep 2 + $0 start + ;; + *) + echo "Usage: /etc/init.d/snmpd {start|stop|status|restart|reload|force-reload}" + exit 1 +esac + +exit 0 diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmpd.conf b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmpd.conf new file mode 100644 index 000000000..728171c42 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmpd.conf @@ -0,0 +1,422 @@ +############################################################################### +# +# EXAMPLE.conf: +# An example configuration file for configuring the ucd-snmp snmpd agent. +# +############################################################################### +# +# This file is intended to only be an example. If, however, you want +# to use it, it should be placed in /etc/snmp/snmpd.conf. +# When the snmpd agent starts up, this is where it will look for it. +# +# You might be interested in generating your own snmpd.conf file using +# the "snmpconf" program (perl script) instead. It's a nice menu +# based interface to writing well commented configuration files. Try it! +# +# Note: This file is automatically generated from EXAMPLE.conf.def. +# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run +# configure & make, and then make sure you read the EXAMPLE.conf file +# instead, as it will tailor itself to your configuration. + +# All lines beginning with a '#' are comments and are intended for you +# to read. All other lines are configuration commands for the agent. + +# +# PLEASE: read the snmpd.conf(5) manual page as well! +# + + +############################################################################### +# Access Control +############################################################################### + +# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY +# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. + +# By far, the most common question I get about the agent is "why won't +# it work?", when really it should be "how do I configure the agent to +# allow me to access it?" +# +# By default, the agent responds to the "public" community for read +# only access, if run out of the box without any configuration file in +# place. The following examples show you other ways of configuring +# the agent so that you can change the community names, and give +# yourself write access as well. +# +# The following lines change the access permissions of the agent so +# that the COMMUNITY string provides read-only access to your entire +# NETWORK (EG: 10.10.10.0/24), and read/write access to only the +# localhost (127.0.0.1, not its real ipaddress). +# +# For more information, read the FAQ as well as the snmpd.conf(5) +# manual page. + +#### +# First, map the community name (COMMUNITY) into a security name +# (local and mynetwork, depending on where the request is coming +# from): + +# sec.name source community +com2sec paranoid default public +#com2sec readonly default public +#com2sec readwrite default private + +#### +# Second, map the security names into group names: + +# sec.model sec.name +group MyROSystem v1 paranoid +group MyROSystem v2c paranoid +group MyROSystem usm paranoid +group MyROGroup v1 readonly +group MyROGroup v2c readonly +group MyROGroup usm readonly +group MyRWGroup v1 readwrite +group MyRWGroup v2c readwrite +group MyRWGroup usm readwrite + +#### +# Third, create a view for us to let the groups have rights to: + +# incl/excl subtree mask +view all included .1 80 +view system included .iso.org.dod.internet.mgmt.mib-2.system + +#### +# Finally, grant the 2 groups access to the 1 view with different +# write permissions: + +# context sec.model sec.level match read write notif +access MyROSystem "" any noauth exact system none none +access MyROGroup "" any noauth exact all none none +access MyRWGroup "" any noauth exact all all none + +# ----------------------------------------------------------------------------- + + +############################################################################### +# System contact information +# + +# It is also possible to set the sysContact and sysLocation system +# variables through the snmpd.conf file. **PLEASE NOTE** that setting +# the value of these objects here makes these objects READ-ONLY +# (regardless of any access control settings). Any attempt to set the +# value of an object whose value is given here will fail with an error +# status of notWritable. + +syslocation Unknown (configure /etc/snmp/snmpd.local.conf) +syscontact Root (configure /etc/snmp/snmpd.local.conf) + +# Example output of snmpwalk: +# % snmpwalk -v 1 -c public localhost system +# system.sysDescr.0 = "SunOS name sun4c" +# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 +# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 +# system.sysContact.0 = "Me " +# system.sysName.0 = "name" +# system.sysLocation.0 = "Right here, right now." +# system.sysServices.0 = 72 + + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Process checks. +# +# The following are examples of how to use the agent to check for +# processes running on the host. The syntax looks something like: +# +# proc NAME [MAX=0] [MIN=0] +# +# NAME: the name of the process to check for. It must match +# exactly (ie, http will not find httpd processes). +# MAX: the maximum number allowed to be running. Defaults to 0. +# MIN: the minimum number to be running. Defaults to 0. + +# +# Examples: +# + +# Make sure mountd is running +#proc mountd + +# Make sure there are no more than 4 ntalkds running, but 0 is ok too. +#proc ntalkd 4 + +# Make sure at least one sendmail, but less than or equal to 10 are running. +#proc sendmail 10 1 + +# A snmpwalk of the prTable would look something like this: +# +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 +# +# Note that the errorFlag for mountd is set to 1 because one is not +# running (in this case an rpc.mountd is, but thats not good enough), +# and the ErrMessage tells you what's wrong. The configuration +# imposed in the snmpd.conf file is also shown. +# +# Special Case: When the min and max numbers are both 0, it assumes +# you want a max of infinity and a min of 1. +# + + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Executables/scripts +# + +# +# You can also have programs run by the agent that return a single +# line of output and an exit code. Here are two examples. +# +# exec NAME PROGRAM [ARGS ...] +# +# NAME: A generic name. +# PROGRAM: The program to run. Include the path! +# ARGS: optional arguments to be passed to the program + +# a simple hello world +#exec echotest /bin/echo hello world + +# Run a shell script containing: +# +# #!/bin/sh +# echo hello world +# echo hi there +# exit 35 +# +# Note: this has been specifically commented out to prevent +# accidental security holes due to someone else on your system writing +# a /tmp/shtest before you do. Uncomment to use it. +# +#exec shelltest /bin/sh /tmp/shtest + +# Then, +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 + +# Note that the second line of the /tmp/shtest shell script is cut +# off. Also note that the exit status of 35 was returned. + +# ----------------------------------------------------------------------------- + + +############################################################################### +# disk checks +# + +# The agent can check the amount of available disk space, and make +# sure it is above a set limit. + +# disk PATH [MIN=DEFDISKMINIMUMSPACE] +# +# PATH: mount path to the disk in question. +# MIN: Disks with space below this value will have the Mib's errorFlag set. +# Default value = DEFDISKMINIMUMSPACE. + +# Check the / partition and make sure it contains at least 10 megs. + +#disk / 10000 + +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" + +# ----------------------------------------------------------------------------- + + +############################################################################### +# load average checks +# + +# load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE] +# +# 1MAX: If the 1 minute load average is above this limit at query +# time, the errorFlag will be set. +# 5MAX: Similar, but for 5 min average. +# 15MAX: Similar, but for 15 min average. + +# Check for loads: +#load 12 14 14 + +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.10 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Extensible sections. +# + +# This alleviates the multiple line output problem found in the +# previous executable mib by placing each mib in its own mib table: + +# Run a shell script containing: +# +# #!/bin/sh +# echo hello world +# echo hi there +# exit 35 +# +# Note: this has been specifically commented out to prevent +# accidental security holes due to someone else on your system writing +# a /tmp/shtest before you do. Uncomment to use it. +# +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest + +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.50 +# enterprises.ucdavis.50.1.1 = 1 +# enterprises.ucdavis.50.2.1 = "shelltest" +# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" +# enterprises.ucdavis.50.100.1 = 35 +# enterprises.ucdavis.50.101.1 = "hello world." +# enterprises.ucdavis.50.101.2 = "hi there." +# enterprises.ucdavis.50.102.1 = 0 + +# Now the Output has grown to two lines, and we can see the 'hi +# there.' output as the second line from our shell script. +# +# Note that you must alter the mib.txt file to be correct if you want +# the .50.* outputs above to change to reasonable text descriptions. + +# Other ideas: +# +# exec .1.3.6.1.4.1.2021.51 ps /bin/ps +# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top +# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Pass through control. +# + +# Usage: +# pass MIBOID EXEC-COMMAND +# +# This will pass total control of the mib underneath the MIBOID +# portion of the mib to the EXEC-COMMAND. +# +# Note: You'll have to change the path of the passtest script to your +# source directory or install it in the given location. +# +# Example: (see the script for details) +# (commented out here since it requires that you place the +# script in the right location. (its not installed by default)) + +# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/passtest + +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255 +# enterprises.ucdavis.255.1 = "life the universe and everything" +# enterprises.ucdavis.255.2.1 = 42 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 +# enterprises.ucdavis.255.5 = 42 +# enterprises.ucdavis.255.6 = Gauge: 42 +# +# % snmpget -v 1 -c public localhost .1.3.6.1.4.1.2021.255.5 +# enterprises.ucdavis.255.5 = 42 +# +# % snmpset -v 1 -c public localhost .1.3.6.1.4.1.2021.255.1 s "New string" +# enterprises.ucdavis.255.1 = "New string" +# + +# For specific usage information, see the man/snmpd.conf.5 manual page +# as well as the local/passtest script used in the above example. + +############################################################################### +# Subagent control +# + +# The agent can support subagents using a number of extension mechanisms. +# From the 4.2.1 release, AgentX support is being compiled in by default. +# However, this is still experimental code, so should not be used on +# critical production systems. +# Please see the file README.agentx for more details. +# +# If having read, marked, learnt and inwardly digested this information, +# you decide that you do wish to make use of this mechanism, simply +# uncomment the following directive. +# +# master agentx +# +# I repeat - this is *NOT* regarded as suitable for front-line production +# systems, though it is probably stable enough for day-to-day use. +# Probably. +# +# No refunds will be given. + +############################################################################### +# Further Information +# +# See the snmpd.conf manual page, and the output of "snmpd -H". +# MUCH more can be done with the snmpd.conf than is shown as an +# example here. diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmptrapd.conf b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmptrapd.conf new file mode 100644 index 000000000..8d2e4375e --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmptrapd.conf @@ -0,0 +1,18 @@ +############################################################################### +# +# EXAMPLE.conf: +# An example configuration file for configuring the ucd-snmp snmptrapd agent. +# +############################################################################### +# +# This file is intended to only be an example. If, however, you want +# to use it, it should be placed in /etc/snmp/snmptrapd.conf. +# When the snmptrapd agent starts up, this is where it will look for it. +# +# All lines beginning with a '#' are comments and are intended for you +# to read. All other lines are configuration commands for the agent. + +# +# PLEASE: read the snmptrapd.conf(5) manual page as well! +# + diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch new file mode 100644 index 000000000..4cd729044 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch @@ -0,0 +1,39 @@ +From 6f8ea2e841ad45eed193310b599d3f3b410ae91d Mon Sep 17 00:00:00 2001 +From: Mingli Yu +Date: Fri, 29 Jan 2021 08:49:15 +0000 +Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and 64bit + +With configure option "--with-openssl=${STAGING_EXECPREFIXDIR}", it behaves +differently between 32bit and 64bit system as the openssl lib resides under +/build/tmp/work/corei7-64-wrs-linux/net-snmp/5.9-r0/recipe-sysroot/usr/lib64 +for 64bit system, but resides under [1] for 32bit system. + +So add the patch to fix the gap between 32bit and 64bit system. + +[1] /build/tmp/work/corei7-64-wrs-linux/net-snmp/5.9-r0/recipe-sysroot/usr/lib + +Upstream-Status: Inappropriate [configuration specific] + +Signed-off-by: Mingli Yu +--- + m4/ac_add_search_path.m4 | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/m4/ac_add_search_path.m4 b/m4/ac_add_search_path.m4 +index 8e0a819..961f587 100644 +--- a/m4/ac_add_search_path.m4 ++++ b/m4/ac_add_search_path.m4 +@@ -3,8 +3,8 @@ dnl Add a search path to the LIBS and CPPFLAGS variables + dnl + AC_DEFUN([AC_ADD_SEARCH_PATH],[ + if test "x$1" != x -a -d $1; then +- if test -d $1/lib; then +- LDFLAGS="-L$1/lib $LDFLAGS" ++ if test -d $1/${libdir:5}; then ++ LDFLAGS="-L$1/${libdir:5} $LDFLAGS" + fi + if test -d $1/include; then + CPPFLAGS="-I$1/include $CPPFLAGS" +-- +2.29.2 + diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch new file mode 100644 index 000000000..05a47f61c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch @@ -0,0 +1,35 @@ +From 69d4c517c07f55c505090e48d96ace8cd599fb26 Mon Sep 17 00:00:00 2001 +From: Li xin +Date: Fri, 21 Aug 2015 18:23:13 +0900 +Subject: [PATCH] config_os_headers: Error Fix + +ERROR: This autoconf log indicates errors, it looked at host include +and/or library paths while determining system capabilities. +cc1: warning: include location "/usr/local/include" is unsafe for cross-compilation [-Wpoison-system-directories] +conftest.c:168:17: fatal error: pkg.h: No such file or directory + #include + ^ + +Upstream-Status: pending + +Signed-off-by: Li Xin + +--- + configure.d/config_os_headers | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers +index f07d512..2363b42 100644 +--- a/configure.d/config_os_headers ++++ b/configure.d/config_os_headers +@@ -395,8 +395,8 @@ then + unset ac_cv_header_pkg_h + netsnmp_save_CPPFLAGS="$CPPFLAGS" + netsnmp_save_LDFLAGS="$LDFLAGS" +- CPPFLAGS="$CPPFLAGS -I/usr/local/include" +- LDFLAGS="$LDFLAGS -L/usr/local/lib" ++ CPPFLAGS="$CPPFLAGS" ++ LDFLAGS="$LDFLAGS" + AC_CHECK_HEADERS(pkg.h, + NETSNMP_SEARCH_LIBS(pkg_init, pkg, + AC_DEFINE(HAVE_LIBPKG, 1, [define if you have BSD pkg-ng]))) diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch new file mode 100644 index 000000000..22e591556 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch @@ -0,0 +1,27 @@ +From 2bf1bbe1d428ed06d57aa76b03e394b72ff2216d Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 22 Jul 2016 18:34:39 +0000 +Subject: [PATCH] get_pid_from_inode: Include limit.h + +PATH_MAX and NAME_MAX are required by this file + +Upstream-Status: Pending + +Signed-off-by: Khem Raj + +--- + agent/mibgroup/util_funcs/get_pid_from_inode.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/agent/mibgroup/util_funcs/get_pid_from_inode.c b/agent/mibgroup/util_funcs/get_pid_from_inode.c +index aee907d..7abaec2 100644 +--- a/agent/mibgroup/util_funcs/get_pid_from_inode.c ++++ b/agent/mibgroup/util_funcs/get_pid_from_inode.c +@@ -6,6 +6,7 @@ + #include + + #include ++#include + #include + #if HAVE_STDLIB_H + #include diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch new file mode 100644 index 000000000..42352a6b0 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch @@ -0,0 +1,34 @@ +From f3ff99736b8cccbba77349b0d10a3cee366a4c87 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 18 Sep 2015 00:28:45 -0400 +Subject: [PATCH] snmplib/keytools.c: Don't check for return from + + EVP_MD_CTX_init() + +EVP_MD_CTX_init() API returns void, it fixes errors with new compilers + +snmplib/keytools.c: In function 'generate_Ku': error: invalid use of void expression + +Signed-off-by: Khem Raj +Signed-off-by: Ovidiu Panait + +--- + snmplib/keytools.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/snmplib/keytools.c b/snmplib/keytools.c +index 129a7c0..2fc1efc 100644 +--- a/snmplib/keytools.c ++++ b/snmplib/keytools.c +@@ -183,10 +183,7 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, + ctx = EVP_MD_CTX_create(); + #else + ctx = malloc(sizeof(*ctx)); +- if (!EVP_MD_CTX_init(ctx)) { +- rval = SNMPERR_GENERR; +- goto generate_Ku_quit; +- } ++ EVP_MD_CTX_init(ctx); + #endif + if (!EVP_DigestInit(ctx, hashfn)) { + rval = SNMPERR_GENERR; diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch new file mode 100644 index 000000000..c973bde72 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch @@ -0,0 +1,28 @@ +From 0a02ac779c51a2b4af3b58cb96967bf3eff80367 Mon Sep 17 00:00:00 2001 +From: Wenlin Kang +Date: Wed, 24 May 2017 16:45:34 +0800 +Subject: [PATCH] configure: fix a cc check issue. + +When has "." in cc value, the expression +$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);' +can't get corretly the cc's value. + +Signed-off-by: Wenlin Kang + +--- + configure.d/config_project_perl_python | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.d/config_project_perl_python b/configure.d/config_project_perl_python +index 475c843..22d2ad3 100644 +--- a/configure.d/config_project_perl_python ++++ b/configure.d/config_project_perl_python +@@ -87,7 +87,7 @@ if test "x$install_perl" != "xno" ; then + if test "x$enable_perl_cc_checks" != "xno" ; then + AC_MSG_CHECKING([for Perl cc]) + changequote(, ) +- PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);'` ++ PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\.\w\s\/]+).;\s*/$1/);'` + changequote([, ]) + if test "x$PERLCC" != "x" ; then + AC_MSG_RESULT([$PERLCC]) diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch new file mode 100644 index 000000000..bfddc63dd --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch @@ -0,0 +1,28 @@ +From 011bdcd07f2a289d0cfc1b411c03c0cc7c42dad1 Mon Sep 17 00:00:00 2001 +From: Wenlin Kang +Date: Wed, 24 May 2017 17:10:20 +0800 +Subject: [PATCH] configure: fix incorrect variable + +For cross compile platform, this variable will not be correct, so fix it. + +Upstream-Status: Inappropriate [cross compile specific] + +Signed-off-by: Wenlin Kang + +--- + Makefile.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.in b/Makefile.in +index 912f6b2..a53d1b2 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -174,7 +174,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt + # + # override LD_RUN_PATH to avoid dependencies on the build directory + perlmodules: perlmakefiles subdirs +- @(cd perl ; $(MAKE) LD_RUN_PATH="$(libdir):`$(PERL) -e 'use Config; print qq($$Config{archlibexp}/CORE);'`") ; \ ++ @(cd perl ; $(MAKE) LD_RUN_PATH="$(libdir):`$(PERL) -e 'use Config; print qq($$Config{installprivlib}/CORE);'`") ; \ + if test $$? != 0 ; then \ + exit 1 ; \ + fi diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch new file mode 100644 index 000000000..26dd014ce --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch @@ -0,0 +1,34 @@ +From 27444fbf8323679ea0551a3bd5f04c365143d8c0 Mon Sep 17 00:00:00 2001 +From: "Roy.Li" +Date: Fri, 16 Jan 2015 14:14:01 +0800 +Subject: [PATCH] net-snmp: fix "libtool --finish" + +LIB_LDCONFIG_CMD failed since it is using a host dir $(libdir) +which is /usr/lib64 does not exist on host when compile 64bit +image. + +In fact, configuring dynamic linker run-time bindings is meaningless +at this step, If it is needed, Poky would write ldconfig scripts to +rpm-postinst for each recipe while do_package, in package.bbclass. + +Upstream-Status: Inappropriate [cross compile specific] + +Signed-off-by: Roy.Li + +--- + Makefile.top | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.top b/Makefile.top +index 6315401..fc0ee06 100644 +--- a/Makefile.top ++++ b/Makefile.top +@@ -89,7 +89,7 @@ LIBREVISION = 0 + LIB_LD_CMD = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) -o + LIB_EXTENSION = la + LIB_VERSION = +-LIB_LDCONFIG_CMD = $(LIBTOOL) --mode=finish $(INSTALL_PREFIX)$(libdir) ++LIB_LDCONFIG_CMD = echo "do not ldconfig\n" + LINK = $(LIBTOOL) --mode=link $(LINKCC) + # RANLIB = @RANLIB@ + RANLIB = : diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch new file mode 100644 index 000000000..da6d80ef4 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch @@ -0,0 +1,43 @@ +From b6a3d6c8af35f1ef27b80b0516742fce89f4eb29 Mon Sep 17 00:00:00 2001 +From: Marian Florea +Date: Thu, 20 Jul 2017 16:55:24 +0800 +Subject: [PATCH] net snmp: fix engineBoots value on SIGHUP + +Upstream-Status: Pending + +Signed-off-by: Marian Florea +Signed-off-by: Li Zhou + +--- + agent/snmpd.c | 1 + + snmplib/snmpv3.c | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/agent/snmpd.c b/agent/snmpd.c +index ae73eda..66b4560 100644 +--- a/agent/snmpd.c ++++ b/agent/snmpd.c +@@ -1207,6 +1207,7 @@ receive(void) + snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n", + netsnmp_get_version()); + update_config(); ++ snmp_store(app_name); + send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3); + #if HAVE_SIGHOLD + sigrelse(SIGHUP); +diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c +index 29c2a0f..ada961c 100644 +--- a/snmplib/snmpv3.c ++++ b/snmplib/snmpv3.c +@@ -1059,9 +1059,9 @@ init_snmpv3_post_config(int majorid, int minorid, void *serverarg, + /* + * if our engineID has changed at all, the boots record must be set to 1 + */ +- if (engineIDLen != oldEngineIDLength || ++ if (oldEngineIDLength != (size_t)0 && (engineIDLen != oldEngineIDLength || + oldEngineID == NULL || c_engineID == NULL || +- memcmp(oldEngineID, c_engineID, engineIDLen) != 0) { ++ memcmp(oldEngineID, c_engineID, engineIDLen) != 0)) { + engineBoots = 1; + } + diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch new file mode 100644 index 000000000..f1ebe2bb6 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch @@ -0,0 +1,36 @@ +From e507dcf8b29c55011f85d88bf05400d4717e4074 Mon Sep 17 00:00:00 2001 +From: Chong Lu +Date: Thu, 28 May 2020 09:46:34 -0500 +Subject: [PATCH] net-snmp: add knob whether nlist.h are checked + +Previously, it still was checked when there was no nlish.h in sysroots directory. +Add knob to decide whether nlist.h are checked or not. + +Upstream-status: Pending + +Signed-off-by: Chong Lu + +--- + configure.d/config_os_headers | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers +index 76ef58a..f07d512 100644 +--- a/configure.d/config_os_headers ++++ b/configure.d/config_os_headers +@@ -37,6 +37,7 @@ AC_CHECK_HEADERS([getopt.h pthread.h regex.h ] dnl + [sys/timeb.h ]) + + # Library and Agent: ++if test "x$with_elf" != "xno"; then + AC_CHECK_HEADERS([nlist.h],,,[ + AC_INCLUDES_DEFAULT + [ +@@ -44,6 +45,7 @@ AC_INCLUDES_DEFAULT + #define LIBBSD_DISABLE_DEPRECATED 1 + #endif + ]]) ++fi + + # Library: + AC_CHECK_HEADERS([crt_externs.h ] dnl diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch new file mode 100644 index 000000000..2941a3609 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch @@ -0,0 +1,30 @@ +From 3ca4335ec1d6b7b384c134fc85d7a9e513c68376 Mon Sep 17 00:00:00 2001 +From: Jackie Huang +Date: Thu, 22 Jun 2017 10:25:08 +0800 +Subject: [PATCH] net-snmp: fix for --disable-des + +Include des.h only if it's found in openssl so that +the --disable-des works correctly. + +Upstream-Status: Submitted [net-snmp-coders@lists.sourceforge.net] + +Signed-off-by: Jackie Huang + +--- + snmplib/scapi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/snmplib/scapi.c b/snmplib/scapi.c +index 00c9174..c6875e1 100644 +--- a/snmplib/scapi.c ++++ b/snmplib/scapi.c +@@ -85,7 +85,9 @@ netsnmp_feature_child_of(usm_scapi, usm_support); + #include + #include + #include ++#ifdef HAVE_OPENSSL_DES_H + #include ++#endif + #ifdef HAVE_AES + #include + #endif diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch new file mode 100644 index 000000000..807983f61 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch @@ -0,0 +1,35 @@ +From 972df16e9599dffddf5d714a4cbf43008c771122 Mon Sep 17 00:00:00 2001 +From: Jackie Huang +Date: Wed, 14 Jan 2015 15:10:06 +0800 +Subject: [PATCH] testing: add the output format for ptest + +Upstream-Status: Inappropriate [OE specific] + +Signed-off-by: Jackie Huang + +--- + testing/RUNTESTS | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/testing/RUNTESTS b/testing/RUNTESTS +index 6715831..a2b6fb8 100755 +--- a/testing/RUNTESTS ++++ b/testing/RUNTESTS +@@ -17,13 +17,17 @@ failed_count=0 + rm -f failed_tests + for i in "${srcdir}"/testing/fulltests/default/T*$1*; do + echo "RUNNING $i" ++ test_name=`basename $i` + ${srcdir}/testing/fulltests/support/simple_run $i + if [ $? = 0 ]; then ++ echo "PASS: $test_name" + success_count=`expr $success_count + 1` + else ++ echo "FAIL: $test_name" + failed_count=`expr $failed_count + 1` + echo "$i" >> failed_tests + fi ++ echo + done + + if [ -f failed_tests ]; then diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch new file mode 100644 index 000000000..bf1e7bedf --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch @@ -0,0 +1,30 @@ +From 84e362fe97f50fbad69f083bc2d8fe18f83eb2f7 Mon Sep 17 00:00:00 2001 +From: "douglas.royds" +Date: Wed, 21 Nov 2018 13:52:18 +1300 +Subject: [PATCH] net-snmp: Reproducibility: Don't check build host for + +Reproducible build: Don't check for /etc/printcap on the build machine when +cross-compiling. Use AC_CHECK_FILE to set the cached variable +ac_cv_file__etc_printcap instead. When cross-compiling, this variable should be +set in the environment to "yes" or "no" as appropriate for the target platform. + +--- + configure.d/config_os_misc4 | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.d/config_os_misc4 b/configure.d/config_os_misc4 +index 6f23c8e..8cea75a 100644 +--- a/configure.d/config_os_misc4 ++++ b/configure.d/config_os_misc4 +@@ -99,9 +99,9 @@ if test x$LPSTAT_PATH != x; then + [Path to the lpstat command]) + AC_DEFINE(HAVE_LPSTAT, 1, [Set if the lpstat command is available]) + fi +-if test -r /etc/printcap; then ++AC_CHECK_FILE([/etc/printcap], + AC_DEFINE(HAVE_PRINTCAP, 1, [Set if /etc/printcap exists]) +-fi ++) + + + # Check ps args diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/run-ptest b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/run-ptest new file mode 100755 index 000000000..76514c202 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/run-ptest @@ -0,0 +1,5 @@ +#!/bin/sh + +workdir=$(dirname `realpath $0`) +cd ${workdir}/testing +./RUNTESTS diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmpd.service b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmpd.service new file mode 100644 index 000000000..447683f85 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmpd.service @@ -0,0 +1,13 @@ +[Unit] +Description=Simple Network Management Protocol (SNMP) Daemon. +After=syslog.target network.target + +[Service] +Type=notify +Environment=OPTIONS="-Ls0-6d" +EnvironmentFile=-/etc/default/snmpd +ExecStart=/usr/sbin/snmpd $OPTIONS -a -f +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmptrapd.service b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmptrapd.service new file mode 100644 index 000000000..951f9f270 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmptrapd.service @@ -0,0 +1,13 @@ +[Unit] +Description=Simple Network Management Protocol (SNMP) Trap Daemon. +After=syslog.target network.target + +[Service] +Type=notify +Environment=OPTIONS="-Lsd" +EnvironmentFile=-/etc/default/snmptrapd +ExecStart=/usr/sbin/snmptrapd $OPTIONS -f +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/systemd-support.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/systemd-support.patch new file mode 100644 index 000000000..c6af8c0f3 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/systemd-support.patch @@ -0,0 +1,1652 @@ +From 0cad0c6c36af2a2d589563804c9ed2b37b7085fb Mon Sep 17 00:00:00 2001 +From: Li xin +Date: Fri, 21 Aug 2015 14:37:02 +0900 +Subject: [PATCH] ystemd support backported from the master branch as of + 23/04/2012 (post 5.7.1, pre 5.8). + +The following commits have been cherry-picked: + +19499c3c90bf9d7b2b9e5d08baa26cc6bba28a11 +fef6cddfdb94da1a6b1fb768af62918b80f11fd3 +0641e43c694c485cbbffef0556efc4641bd3ff50 +76530a89f1c8bbd0b63acce63e10d5d4812a1a16 (conflict resolved) +bf108d7f1354f6276fc43c129963f2c49b9fc242 +3692875172352f72cf3afd0d35f355e83d7e421b +74412748067c685e1d8ab6ed3bcc3ca9c2774844 +86132e3f1e6ef7b4e0b96d8fa24e37c81b71b0e0 +63557cf8986a33dba1d4429b583a901361052c4f + +Upstream-Status: Backport + +Signed-off-by: Thomas Fitzsimmons +--- + README.systemd | 41 +++ + agent/snmpd.c | 33 +- + apps/snmptrapd.c | 32 +- + configure.d/config_modules_lib | 8 + + configure.d/config_project_with_enable | 9 + + dist/snmpd.servic | 18 + + dist/snmpd.socket | 17 + + dist/snmptrapd.service | 16 + + dist/snmptrapd.socket | 14 + + include/net-snmp/library/sd-daemon.h | 290 ++++++++++++++++ + snmplib/sd-daemon.c | 532 +++++++++++++++++++++++++++++ + snmplib/transports/snmpTCPDomain.c | 43 ++- + snmplib/transports/snmpTCPIPv6Domain.c | 46 ++- + snmplib/transports/snmpUDPIPv4BaseDomain.c | 33 +- + snmplib/transports/snmpUDPIPv6Domain.c | 34 +- + snmplib/transports/snmpUnixDomain.c | 66 ++-- + win32/libsnmp/Makefile.in | 6 + + win32/net-snmp/net-snmp-config.h | 2 + + win32/net-snmp/net-snmp-config.h.in | 2 + + 19 files changed, 1176 insertions(+), 66 deletions(-) + create mode 100644 README.systemd + create mode 100644 dist/snmpd.servic + create mode 100644 dist/snmpd.socket + create mode 100644 dist/snmptrapd.service + create mode 100644 dist/snmptrapd.socket + create mode 100644 include/net-snmp/library/sd-daemon.h + create mode 100644 snmplib/sd-daemon.c + +diff --git a/README.systemd b/README.systemd +new file mode 100644 +index 0000000..dba15d1 +--- /dev/null ++++ b/README.systemd +@@ -0,0 +1,41 @@ ++README.systemd ++-------------- ++Net-SNMP provides two daemons, which support systemd system manager. ++See http://www.freedesktop.org/wiki/Software/systemd to learn how ++systemd works. Both socket activation and notification is supported by these ++daemons. ++ ++To enable systemd support, the sources must be compiled with ++--with-systemd configure option. ++ ++snmpd - The SNMP agent ++---------------------- ++Socket activation od snmpd daemon is implemented, but it's discouraged. ++The reason is simple - snmpd not only listens and processes SNMP requests ++from network, but also gathers system statistics counters, sends traps and ++communicates with subagents. It even opens few netlink sockets. ++ ++In other words, snmpd should run from system start to properly work. ++This can be done in two ways: ++1) either as snmpd service unit with 'Type=notification' and without a socket ++ unit ++2) or as snmpd service unit with 'Type=simple', appropriate socket socket unit ++ and the snmpd service enabled. This way systemd creates the snmpd listening ++ socket early during boot and passes the sockets to snmpd slightly later ++ (but still during machine boot). This way systemd can paralelize start of ++ services, which depend on snmpd. Admins must adjust the socket file manually, ++ depending if the snmpd support AgentX, IPv6, SMUX etc. ++ ++snmpd should be started with '-f' command line parameter to disable forking - ++systemd does that for us automatically. ++ ++ ++snmptrapd - The trap processing daemon ++-------------------------------------- ++snmptrapd supports full socket activation and also notification (if needed). ++Both 'Type=simple' (with appropriate socket unit) and 'Type=notify' services ++will work. Again, '-f' parameter should be provided on snmptrapd command line. ++ ++If integration with SNMP agent using AgentX protocol is enabled, snmptrapd should ++start during boot and not after first SNMP trap arrives. Same rules as for snmpd ++applies then. +diff --git a/agent/snmpd.c b/agent/snmpd.c +index cfc7bce..116ee5c 100644 +--- a/agent/snmpd.c ++++ b/agent/snmpd.c +@@ -164,6 +164,10 @@ typedef long fd_mask; + + #endif + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + netsnmp_feature_want(logging_file) + netsnmp_feature_want(logging_stdio) + netsnmp_feature_want(logging_syslog) +@@ -443,19 +447,29 @@ main(int argc, char *argv[]) + int agent_mode = -1; + char *pid_file = NULL; + char option_compatability[] = "-Le"; ++#ifndef WIN32 ++ int prepared_sockets = 0; ++#endif + #if HAVE_GETPID + int fd; + FILE *PID; + #endif + + #ifndef WIN32 ++#ifndef NETSNMP_NO_SYSTEMD ++ /* check if systemd has sockets for us and don't close them */ ++ prepared_sockets = netsnmp_sd_listen_fds(0); ++#endif /* NETSNMP_NO_SYSTEMD */ ++ + /* + * close all non-standard file descriptors we may have + * inherited from the shell. + */ +- for (i = getdtablesize() - 1; i > 2; --i) { +- (void) close(i); +- } ++ if (!prepared_sockets) { ++ for (i = getdtablesize() - 1; i > 2; --i) { ++ (void) close(i); ++ } ++} + #endif /* #WIN32 */ + + /* +@@ -1107,6 +1121,19 @@ main(int argc, char *argv[]) + netsnmp_addrcache_initialise(); + + /* ++ * Let systemd know we're up. ++ */ ++#ifndef NETSNMP_NO_SYSTEMD ++ netsnmp_sd_notify(1, "READY=1\n"); ++ if (prepared_sockets) ++ /* ++ * Clear the environment variable, we already processed all the sockets ++ * by now. ++ */ ++ netsnmp_sd_listen_fds(1); ++#endif ++ ++ /* + * Forever monitor the dest_port for incoming PDUs. + */ + DEBUGMSGTL(("snmpd/main", "We're up. Starting to process data.\n")); +diff --git a/apps/snmptrapd.c b/apps/snmptrapd.c +index bce0d47..c6a74ec 100644 +--- a/apps/snmptrapd.c ++++ b/apps/snmptrapd.c +@@ -125,6 +125,10 @@ SOFTWARE. + + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #ifndef BSD4_3 + #define BSD4_2 + #endif +@@ -657,16 +661,25 @@ main(int argc, char *argv[]) + int agentx_subagent = 1; + #endif + netsnmp_trapd_handler *traph; ++#ifndef WIN32 ++ int prepared_sockets = 0; ++#endif + + + #ifndef WIN32 ++#ifndef NETSNMP_NO_SYSTEMD ++ /* check if systemd has sockets for us and don't close them */ ++ prepared_sockets = netsnmp_sd_listen_fds(0); ++#endif + /* + * close all non-standard file descriptors we may have + * inherited from the shell. + */ +- for (i = getdtablesize() - 1; i > 2; --i) { +- (void) close(i); +- } ++ if (!prepared_sockets) { ++ for (i = getdtablesize() - 1; i > 2; --i) { ++ (void) close(i); ++ } ++} + #endif /* #WIN32 */ + + #ifdef SIGTERM +@@ -1318,6 +1331,19 @@ main(int argc, char *argv[]) + #endif + #endif + ++ /* ++ * Let systemd know we're up. ++ */ ++#ifndef NETSNMP_NO_SYSTEMD ++ netsnmp_sd_notify(1, "READY=1\n"); ++ if (prepared_sockets) ++ /* ++ * Clear the environment variable, we already processed all the sockets ++ * by now. ++ */ ++ netsnmp_sd_listen_fds(1); ++#endif ++ + #ifdef WIN32SERVICE + trapd_status = SNMPTRAPD_RUNNING; + #endif +diff --git a/configure.d/config_modules_lib b/configure.d/config_modules_lib +index 362ba0a..bb69daa 100644 +--- a/configure.d/config_modules_lib ++++ b/configure.d/config_modules_lib +@@ -53,6 +53,14 @@ if test "x$PARTIALTARGETOS" = "xmingw32" -o "x$PARTIALTARGETOS" = "xmingw32msvc" + other_ftobjs_list="$other_ftobjs_list winpipe.ft" + fi + ++# Linux systemd ++if test "x$with_systemd" == "xyes"; then ++ other_src_list="$other_src_list sd-daemon.c" ++ other_objs_list="$other_objs_list sd-daemon.o" ++ other_lobjs_list="$other_lobjs_list sd-daemon.lo" ++ other_ftobjs_list="$other_ftobjs_list sd-daemon.ft" ++fi ++ + AC_SUBST(other_src_list) + AC_SUBST(other_objs_list) + AC_SUBST(other_lobjs_list) +diff --git a/configure.d/config_project_with_enable b/configure.d/config_project_with_enable +index 61ba026..d782d12 100644 +--- a/configure.d/config_project_with_enable ++++ b/configure.d/config_project_with_enable +@@ -690,6 +690,15 @@ if test "x$with_dummy_values" != "xyes"; then + data for]) + fi + ++NETSNMP_ARG_WITH(systemd, ++[ --with-systemd Provide systemd support. See README.systemd ++ for details.]) ++# Define unless specifically suppressed (i.e., option defaults to false). ++if test "x$with_systemd" != "xyes"; then ++ AC_DEFINE(NETSNMP_NO_SYSTEMD, 1, ++ [If you don't want to integrate with systemd.]) ++fi ++ + NETSNMP_ARG_ENABLE(set-support, + [ --disable-set-support Do not allow SNMP set requests.]) + if test "x$enable_set_support" = "xno"; then +diff --git a/dist/snmpd.servic b/dist/snmpd.servic +new file mode 100644 +index 0000000..31391e5 +--- /dev/null ++++ b/dist/snmpd.servic +@@ -0,0 +1,18 @@ ++# ++# SNMP agent service file for systemd ++# ++# ++# The service should be enabled, i.e. snmpd should start during machine boot. ++# Socket activation shall not be used. See README.systemd for details. ++ ++[Unit] ++Description=Simple Network Management Protocol (SNMP) daemon. ++After=syslog.target network.target ++ ++[Service] ++# Type=notify is also supported. It should be set when snmpd.socket is not used. ++Type=simple ++ExecStart=/usr/sbin/snmpd -f ++ ++[Install] ++WantedBy=multi-user.target +diff --git a/dist/snmpd.socket b/dist/snmpd.socket +new file mode 100644 +index 0000000..7f3a2d9 +--- /dev/null ++++ b/dist/snmpd.socket +@@ -0,0 +1,17 @@ ++[Unit] ++Description=Socket listening for SNMP and AgentX messages ++ ++[Socket] ++ListenDatagram=0.0.0.0:161 ++# Uncomment other listening addresses as needed - TCP, UDP6, TCP6. ++# It must match listening addresses/ports defined in snmpd.service ++# or snmpd.conf. ++# ListenStream=0.0.0.0:161 ++# ListenDatagram=[::]:161 ++# ListenStream=[::]:161 ++# ++# Uncomment AgentX socket if snmpd.conf enables AgentX protocol. ++# ListenStream=/var/agentx/master ++ ++[Install] ++WantedBy=sockets.target +diff --git a/dist/snmptrapd.service b/dist/snmptrapd.service +new file mode 100644 +index 0000000..e88a5b4 +--- /dev/null ++++ b/dist/snmptrapd.service +@@ -0,0 +1,16 @@ ++# ++# SNMP trap-processing service file for systemd ++# ++ ++[Unit] ++Description=Simple Network Management Protocol (SNMP) Trap daemon. ++After=syslog.target network.target ++ ++[Service] ++# Type=notify is also supported. It should be set when snmptrapd.socket is not ++# used. ++Type=simple ++ExecStart=/usr/sbin/snmptrapd -f ++ ++[Install] ++WantedBy=multi-user.target +diff --git a/dist/snmptrapd.socket b/dist/snmptrapd.socket +new file mode 100644 +index 0000000..2d24fb8 +--- /dev/null ++++ b/dist/snmptrapd.socket +@@ -0,0 +1,14 @@ +++[Unit] +++Description=Socket listening for SNMP trap messages +++ +++[Socket] +++ListenDatagram=0.0.0.0:162 +++# Uncomment other listening addresses as needed - TCP, UDP6, TCP6. +++# It must match listening addresses/ports defined in snmptrapd.service +++# or snmptrapd.conf. +++# ListenStream=0.0.0.0:162 +++# ListenDatagram=[::]:162 +++# ListenStream=[::]:162 +++ +++[Install] +++WantedBy=sockets.target +diff --git a/include/net-snmp/library/sd-daemon.h b/include/net-snmp/library/sd-daemon.h +new file mode 100644 +index 0000000..85274c9 +--- /dev/null ++++ b/include/net-snmp/library/sd-daemon.h +@@ -0,0 +1,290 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++#ifndef SNMPD_SD_DAEMON_H ++#define SNMPD_SD_DAEMON_H ++ ++/*** ++ Copyright 2010 Lennart Poettering ++ ++ Permission is hereby granted, free of charge, to any person ++ obtaining a copy of this software and associated documentation files ++ (the "Software"), to deal in the Software without restriction, ++ including without limitation the rights to use, copy, modify, merge, ++ publish, distribute, sublicense, and/or sell copies of the Software, ++ and to permit persons to whom the Software is furnished to do so, ++ subject to the following conditions: ++ ++ The above copyright notice and this permission notice shall be ++ included in all copies or substantial portions of the Software. ++ ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS ++ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ++ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ++ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE. ++***/ ++ ++#ifdef HAVE_SYS_TYPES_H ++#include ++#endif ++#ifdef HAVE_INTTYPES_H ++#include ++#endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* ++ Reference implementation of a few systemd related interfaces for ++ writing daemons. These interfaces are trivial to implement. To ++ simplify porting we provide this reference implementation. ++ Applications are welcome to reimplement the algorithms described ++ here if they do not want to include these two source files. ++ ++ The following functionality is provided: ++ ++ - Support for logging with log levels on stderr ++ - File descriptor passing for socket-based activation ++ - Daemon startup and status notification ++ - Detection of systemd boots ++ ++ You may compile this with -DDISABLE_SYSTEMD to disable systemd ++ support. This makes all those calls NOPs that are directly related to ++ systemd (i.e. only sd_is_xxx() will stay useful). ++ ++ Since this is drop-in code we don't want any of our symbols to be ++ exported in any case. Hence we declare hidden visibility for all of ++ them. ++ ++ You may find an up-to-date version of these source files online: ++ ++ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h ++ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c ++ ++ This should compile on non-Linux systems, too, but with the ++ exception of the sd_is_xxx() calls all functions will become NOPs. ++ ++ See sd-daemon(7) for more information. ++*/ ++ ++#ifndef _sd_printf_attr_ ++#if __GNUC__ >= 4 ++#define _sd_printf_attr_(a,b) __attribute__ ((format (printf, a, b))) ++#else ++#define _sd_printf_attr_(a,b) ++#endif ++#endif ++ ++/* ++ Log levels for usage on stderr: ++ ++ fprintf(stderr, SD_NOTICE "Hello World!\n"); ++ ++ This is similar to printk() usage in the kernel. ++*/ ++#define SD_EMERG "<0>" /* system is unusable */ ++#define SD_ALERT "<1>" /* action must be taken immediately */ ++#define SD_CRIT "<2>" /* critical conditions */ ++#define SD_ERR "<3>" /* error conditions */ ++#define SD_WARNING "<4>" /* warning conditions */ ++#define SD_NOTICE "<5>" /* normal but significant condition */ ++#define SD_INFO "<6>" /* informational */ ++#define SD_DEBUG "<7>" /* debug-level messages */ ++ ++/* The first passed file descriptor is fd 3 */ ++#define SD_LISTEN_FDS_START 3 ++ ++/* ++ Returns how many file descriptors have been passed, or a negative ++ errno code on failure. Optionally, removes the $LISTEN_FDS and ++ $LISTEN_PID file descriptors from the environment (recommended, but ++ problematic in threaded environments). If r is the return value of ++ this function you'll find the file descriptors passed as fds ++ SD_LISTEN_FDS_START to SD_LISTEN_FDS_START+r-1. Returns a negative ++ errno style error code on failure. This function call ensures that ++ the FD_CLOEXEC flag is set for the passed file descriptors, to make ++ sure they are not passed on to child processes. If FD_CLOEXEC shall ++ not be set, the caller needs to unset it after this call for all file ++ descriptors that are used. ++ ++ See sd_listen_fds(3) for more information. ++*/ ++int netsnmp_sd_listen_fds(int unset_environment); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is a FIFO in the file system stored under the ++ specified path, 0 otherwise. If path is NULL a path name check will ++ not be done and the call only verifies if the file descriptor ++ refers to a FIFO. Returns a negative errno style error code on ++ failure. ++ ++ See sd_is_fifo(3) for more information. ++*/ ++int netsnmp_sd_is_fifo(int fd, const char *path); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is a special character device on the file ++ system stored under the specified path, 0 otherwise. ++ If path is NULL a path name check will not be done and the call ++ only verifies if the file descriptor refers to a special character. ++ Returns a negative errno style error code on failure. ++ ++ See sd_is_special(3) for more information. ++*/ ++int netsnmp_sd_is_special(int fd, const char *path); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is a socket of the specified family (AF_INET, ++ ...) and type (SOCK_DGRAM, SOCK_STREAM, ...), 0 otherwise. If ++ family is 0 a socket family check will not be done. If type is 0 a ++ socket type check will not be done and the call only verifies if ++ the file descriptor refers to a socket. If listening is > 0 it is ++ verified that the socket is in listening mode. (i.e. listen() has ++ been called) If listening is == 0 it is verified that the socket is ++ not in listening mode. If listening is < 0 no listening mode check ++ is done. Returns a negative errno style error code on failure. ++ ++ See sd_is_socket(3) for more information. ++*/ ++int netsnmp_sd_is_socket(int fd, int family, int type, int listening); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is an Internet socket, of the specified family ++ (either AF_INET or AF_INET6) and the specified type (SOCK_DGRAM, ++ SOCK_STREAM, ...), 0 otherwise. If version is 0 a protocol version ++ check is not done. If type is 0 a socket type check will not be ++ done. If port is 0 a socket port check will not be done. The ++ listening flag is used the same way as in sd_is_socket(). Returns a ++ negative errno style error code on failure. ++ ++ See sd_is_socket_inet(3) for more information. ++*/ ++int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is an AF_UNIX socket of the specified type ++ (SOCK_DGRAM, SOCK_STREAM, ...) and path, 0 otherwise. If type is 0 ++ a socket type check will not be done. If path is NULL a socket path ++ check will not be done. For normal AF_UNIX sockets set length to ++ 0. For abstract namespace sockets set length to the length of the ++ socket name (including the initial 0 byte), and pass the full ++ socket path in path (including the initial 0 byte). The listening ++ flag is used the same way as in sd_is_socket(). Returns a negative ++ errno style error code on failure. ++ ++ See sd_is_socket_unix(3) for more information. ++*/ ++int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length); ++ ++/* ++ Informs systemd about changed daemon state. This takes a number of ++ newline separated environment-style variable assignments in a ++ string. The following variables are known: ++ ++ READY=1 Tells systemd that daemon startup is finished (only ++ relevant for services of Type=notify). The passed ++ argument is a boolean "1" or "0". Since there is ++ little value in signaling non-readiness the only ++ value daemons should send is "READY=1". ++ ++ STATUS=... Passes a single-line status string back to systemd ++ that describes the daemon state. This is free-from ++ and can be used for various purposes: general state ++ feedback, fsck-like programs could pass completion ++ percentages and failing programs could pass a human ++ readable error message. Example: "STATUS=Completed ++ 66% of file system check..." ++ ++ ERRNO=... If a daemon fails, the errno-style error code, ++ formatted as string. Example: "ERRNO=2" for ENOENT. ++ ++ BUSERROR=... If a daemon fails, the D-Bus error-style error ++ code. Example: "BUSERROR=org.freedesktop.DBus.Error.TimedOut" ++ ++ MAINPID=... The main pid of a daemon, in case systemd did not ++ fork off the process itself. Example: "MAINPID=4711" ++ ++ Daemons can choose to send additional variables. However, it is ++ recommended to prefix variable names not listed above with X_. ++ ++ Returns a negative errno-style error code on failure. Returns > 0 ++ if systemd could be notified, 0 if it couldn't possibly because ++ systemd is not running. ++ ++ Example: When a daemon finished starting up, it could issue this ++ call to notify systemd about it: ++ ++ sd_notify(0, "READY=1"); ++ ++ See sd_notifyf() for more complete examples. ++ ++ See sd_notify(3) for more information. ++*/ ++int netsnmp_sd_notify(int unset_environment, const char *state); ++ ++/* ++ Similar to sd_notify() but takes a format string. ++ ++ Example 1: A daemon could send the following after initialization: ++ ++ sd_notifyf(0, "READY=1\n" ++ "STATUS=Processing requests...\n" ++ "MAINPID=%lu", ++ (unsigned long) getpid()); ++ ++ Example 2: A daemon could send the following shortly before ++ exiting, on failure: ++ ++ sd_notifyf(0, "STATUS=Failed to start up: %s\n" ++ "ERRNO=%i", ++ strerror(errno), ++ errno); ++ ++ See sd_notifyf(3) for more information. ++*/ ++int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(2,3); ++ ++/* ++ Returns > 0 if the system was booted with systemd. Returns < 0 on ++ error. Returns 0 if the system was not booted with systemd. Note ++ that all of the functions above handle non-systemd boots just ++ fine. You should NOT protect them with a call to this function. Also ++ note that this function checks whether the system, not the user ++ session is controlled by systemd. However the functions above work ++ for both user and system services. ++ ++ See sd_booted(3) for more information. ++*/ ++int netsnmp_sd_booted(void); ++ ++/** ++ * Find an socket with given parameters. See man sd_is_socket_inet for ++ * description of the arguments. ++ * ++ * Returns the file descriptor if it is found, 0 otherwise. ++ */ ++int netsnmp_sd_find_inet_socket(int family, int type, int listening, int port); ++ ++/** ++ * Find an unix socket with given parameters. See man sd_is_socket_unix for ++ * description of the arguments. ++ * ++ * Returns the file descriptor if it is found, 0 otherwise. ++ */ ++int ++netsnmp_sd_find_unix_socket(int type, int listening, const char *path); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* SNMPD_SD_DAEMON_H */ +diff --git a/snmplib/sd-daemon.c b/snmplib/sd-daemon.c +new file mode 100644 +index 0000000..42dba29 +--- /dev/null ++++ b/snmplib/sd-daemon.c +@@ -0,0 +1,532 @@ ++/* ++ * Systemd integration parts. ++ * ++ * Most of this file is directly copied from systemd sources. ++ * Changes: ++ * - all functions were renamed to have netsnmp_ prefix ++ * - includes were changed to match Net-SNMP style. ++ * - removed gcc export macros ++ * - removed POSIX message queues ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#ifndef NETSNMP_NO_SYSTEMD ++ ++/*** ++ Copyright 2010 Lennart Poettering ++ ++ Permission is hereby granted, free of charge, to any person ++ obtaining a copy of this software and associated documentation files ++ (the "Software"), to deal in the Software without restriction, ++ including without limitation the rights to use, copy, modify, merge, ++ publish, distribute, sublicense, and/or sell copies of the Software, ++ and to permit persons to whom the Software is furnished to do so, ++ subject to the following conditions: ++ ++ The above copyright notice and this permission notice shall be ++ included in all copies or substantial portions of the Software. ++ ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS ++ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ++ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ++ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE. ++***/ ++ ++#ifndef _GNU_SOURCE ++#define _GNU_SOURCE ++#endif ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++ ++int netsnmp_sd_listen_fds(int unset_environment) { ++ ++ int r, fd; ++ const char *e; ++ char *p = NULL; ++ unsigned long l; ++ ++ if (!(e = getenv("LISTEN_PID"))) { ++ r = 0; ++ goto finish; ++ } ++ ++ errno = 0; ++ l = strtoul(e, &p, 10); ++ ++ if (errno != 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (!p || *p || l <= 0) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ /* Is this for us? */ ++ if (getpid() != (pid_t) l) { ++ r = 0; ++ goto finish; ++ } ++ ++ if (!(e = getenv("LISTEN_FDS"))) { ++ r = 0; ++ goto finish; ++ } ++ ++ errno = 0; ++ l = strtoul(e, &p, 10); ++ ++ if (errno != 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (!p || *p) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) { ++ int flags; ++ ++ if ((flags = fcntl(fd, F_GETFD)) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (flags & FD_CLOEXEC) ++ continue; ++ ++ if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ } ++ ++ r = (int) l; ++ ++finish: ++ if (unset_environment) { ++ unsetenv("LISTEN_PID"); ++ unsetenv("LISTEN_FDS"); ++ } ++ ++ return r; ++} ++ ++int netsnmp_sd_is_fifo(int fd, const char *path) { ++ struct stat st_fd; ++ ++ if (fd < 0) ++ return -EINVAL; ++ ++ memset(&st_fd, 0, sizeof(st_fd)); ++ if (fstat(fd, &st_fd) < 0) ++ return -errno; ++ ++ if (!S_ISFIFO(st_fd.st_mode)) ++ return 0; ++ ++ if (path) { ++ struct stat st_path; ++ ++ memset(&st_path, 0, sizeof(st_path)); ++ if (stat(path, &st_path) < 0) { ++ ++ if (errno == ENOENT || errno == ENOTDIR) ++ return 0; ++ ++ return -errno; ++ } ++ ++ return ++ st_path.st_dev == st_fd.st_dev && ++ st_path.st_ino == st_fd.st_ino; ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_is_special(int fd, const char *path) { ++ struct stat st_fd; ++ ++ if (fd < 0) ++ return -EINVAL; ++ ++ if (fstat(fd, &st_fd) < 0) ++ return -errno; ++ ++ if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode)) ++ return 0; ++ ++ if (path) { ++ struct stat st_path; ++ ++ if (stat(path, &st_path) < 0) { ++ ++ if (errno == ENOENT || errno == ENOTDIR) ++ return 0; ++ ++ return -errno; ++ } ++ ++ if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode)) ++ return ++ st_path.st_dev == st_fd.st_dev && ++ st_path.st_ino == st_fd.st_ino; ++ else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode)) ++ return st_path.st_rdev == st_fd.st_rdev; ++ else ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int sd_is_socket_internal(int fd, int type, int listening) { ++ struct stat st_fd; ++ ++ if (fd < 0 || type < 0) ++ return -EINVAL; ++ ++ if (fstat(fd, &st_fd) < 0) ++ return -errno; ++ ++ if (!S_ISSOCK(st_fd.st_mode)) ++ return 0; ++ ++ if (type != 0) { ++ int other_type = 0; ++ socklen_t l = sizeof(other_type); ++ ++ if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < 0) ++ return -errno; ++ ++ if (l != sizeof(other_type)) ++ return -EINVAL; ++ ++ if (other_type != type) ++ return 0; ++ } ++ ++ if (listening >= 0) { ++ int accepting = 0; ++ socklen_t l = sizeof(accepting); ++ ++ if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &l) < 0) ++ return -errno; ++ ++ if (l != sizeof(accepting)) ++ return -EINVAL; ++ ++ if (!accepting != !listening) ++ return 0; ++ } ++ ++ return 1; ++} ++ ++union sockaddr_union { ++ struct sockaddr sa; ++ struct sockaddr_in in4; ++ struct sockaddr_in6 in6; ++ struct sockaddr_un un; ++ struct sockaddr_storage storage; ++}; ++ ++int netsnmp_sd_is_socket(int fd, int family, int type, int listening) { ++ int r; ++ ++ if (family < 0) ++ return -EINVAL; ++ ++ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) ++ return r; ++ ++ if (family > 0) { ++ union sockaddr_union sockaddr; ++ socklen_t l; ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ l = sizeof(sockaddr); ++ ++ if (getsockname(fd, &sockaddr.sa, &l) < 0) ++ return -errno; ++ ++ if (l < sizeof(sa_family_t)) ++ return -EINVAL; ++ ++ return sockaddr.sa.sa_family == family; ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) { ++ union sockaddr_union sockaddr; ++ socklen_t l; ++ int r; ++ ++ if (family != 0 && family != AF_INET && family != AF_INET6) ++ return -EINVAL; ++ ++ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) ++ return r; ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ l = sizeof(sockaddr); ++ ++ if (getsockname(fd, &sockaddr.sa, &l) < 0) ++ return -errno; ++ ++ if (l < sizeof(sa_family_t)) ++ return -EINVAL; ++ ++ if (sockaddr.sa.sa_family != AF_INET && ++ sockaddr.sa.sa_family != AF_INET6) ++ return 0; ++ ++ if (family > 0) ++ if (sockaddr.sa.sa_family != family) ++ return 0; ++ ++ if (port > 0) { ++ if (sockaddr.sa.sa_family == AF_INET) { ++ if (l < sizeof(struct sockaddr_in)) ++ return -EINVAL; ++ ++ return htons(port) == sockaddr.in4.sin_port; ++ } else { ++ if (l < sizeof(struct sockaddr_in6)) ++ return -EINVAL; ++ ++ return htons(port) == sockaddr.in6.sin6_port; ++ } ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) { ++ union sockaddr_union sockaddr; ++ socklen_t l; ++ int r; ++ ++ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) ++ return r; ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ l = sizeof(sockaddr); ++ ++ if (getsockname(fd, &sockaddr.sa, &l) < 0) ++ return -errno; ++ ++ if (l < sizeof(sa_family_t)) ++ return -EINVAL; ++ ++ if (sockaddr.sa.sa_family != AF_UNIX) ++ return 0; ++ ++ if (path) { ++ if (length <= 0) ++ length = strlen(path); ++ ++ if (length <= 0) ++ /* Unnamed socket */ ++ return l == offsetof(struct sockaddr_un, sun_path); ++ ++ if (path[0]) ++ /* Normal path socket */ ++ return ++ (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) && ++ memcmp(path, sockaddr.un.sun_path, length+1) == 0; ++ else ++ /* Abstract namespace socket */ ++ return ++ (l == offsetof(struct sockaddr_un, sun_path) + length) && ++ memcmp(path, sockaddr.un.sun_path, length) == 0; ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_notify(int unset_environment, const char *state) { ++ int fd = -1, r; ++ struct msghdr msghdr; ++ struct iovec iovec; ++ union sockaddr_union sockaddr; ++ const char *e; ++ ++ if (!state) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ if (!(e = getenv("NOTIFY_SOCKET"))) ++ return 0; ++ ++ /* Must be an abstract socket, or an absolute path */ ++ if ((e[0] != '@' && e[0] != '/') || e[1] == 0) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ if ((fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ sockaddr.sa.sa_family = AF_UNIX; ++ strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path)); ++ ++ if (sockaddr.un.sun_path[0] == '@') ++ sockaddr.un.sun_path[0] = 0; ++ ++ memset(&iovec, 0, sizeof(iovec)); ++ iovec.iov_base = (char *)state; ++ iovec.iov_len = strlen(state); ++ ++ memset(&msghdr, 0, sizeof(msghdr)); ++ msghdr.msg_name = &sockaddr; ++ msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e); ++ ++ if (msghdr.msg_namelen > sizeof(struct sockaddr_un)) ++ msghdr.msg_namelen = sizeof(struct sockaddr_un); ++ ++ msghdr.msg_iov = &iovec; ++ msghdr.msg_iovlen = 1; ++ ++ if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ r = 1; ++ ++finish: ++ if (unset_environment) ++ unsetenv("NOTIFY_SOCKET"); ++ ++ if (fd >= 0) ++ close(fd); ++ ++ return r; ++} ++ ++int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) { ++ va_list ap; ++ char *p = NULL; ++ int r; ++ ++ va_start(ap, format); ++ r = vasprintf(&p, format, ap); ++ va_end(ap); ++ ++ if (r < 0 || !p) ++ return -ENOMEM; ++ ++ r = netsnmp_sd_notify(unset_environment, p); ++ free(p); ++ ++ return r; ++} ++ ++int netsnmp_sd_booted(void) { ++ struct stat a, b; ++ ++ /* We simply test whether the systemd cgroup hierarchy is ++ * mounted */ ++ ++ if (lstat("/sys/fs/cgroup", &a) < 0) ++ return 0; ++ ++ if (lstat("/sys/fs/cgroup/systemd", &b) < 0) ++ return 0; ++ ++ return a.st_dev != b.st_dev; ++} ++ ++/* End of original sd-daemon.c from systemd sources */ ++ ++int ++netsnmp_sd_find_inet_socket(int family, int type, int listening, int port) ++{ ++ int count, fd; ++ ++ count = netsnmp_sd_listen_fds(0); ++ if (count <= 0) { ++ DEBUGMSGTL(("systemd:find_inet_socket", "No LISTEN_FDS found.\n")); ++ return 0; ++ } ++ DEBUGMSGTL(("systemd:find_inet_socket", "LISTEN_FDS reports %d sockets.\n", ++ count)); ++ ++ for (fd = 3; fd < 3+count; fd++) { ++ int rc = netsnmp_sd_is_socket_inet(fd, family, type, listening, port); ++ if (rc < 0) ++ DEBUGMSGTL(("systemd:find_inet_socket", ++ "sd_is_socket_inet error: %d\n", rc)); ++ if (rc > 0) { ++ DEBUGMSGTL(("systemd:find_inet_socket", ++ "Found the socket in LISTEN_FDS\n")); ++ return fd; ++ } ++ } ++ DEBUGMSGTL(("systemd:find_inet_socket", "Socket not found in LISTEN_FDS\n")); ++ return 0; ++} ++ ++int ++netsnmp_sd_find_unix_socket(int type, int listening, const char *path) ++{ ++ int count, fd; ++ ++ count = netsnmp_sd_listen_fds(0); ++ if (count <= 0) { ++ DEBUGMSGTL(("systemd:find_unix_socket", "No LISTEN_FDS found.\n")); ++ return 0; ++ } ++ DEBUGMSGTL(("systemd:find_unix_socket", "LISTEN_FDS reports %d sockets.\n", ++ count)); ++ ++ for (fd = 3; fd < 3+count; fd++) { ++ int rc = netsnmp_sd_is_socket_unix(fd, type, listening, path, 0); ++ if (rc < 0) ++ DEBUGMSGTL(("systemd:find_unix_socket", ++ "netsnmp_sd_is_socket_unix error: %d\n", rc)); ++ if (rc > 0) { ++ DEBUGMSGTL(("systemd:find_unix_socket", ++ "Found the socket in LISTEN_FDS\n")); ++ return fd; ++ } ++ } ++ DEBUGMSGTL(("systemd:find_unix_socket", "Socket not found in LISTEN_FDS\n")); ++ return 0; ++} ++ ++#endif /* ! NETSNMP_NO_SYSTEMD */ +diff --git a/snmplib/transports/snmpTCPDomain.c b/snmplib/transports/snmpTCPDomain.c +index 7feb028..a41b926 100644 +--- a/snmplib/transports/snmpTCPDomain.c ++++ b/snmplib/transports/snmpTCPDomain.c +@@ -43,6 +43,10 @@ + #include + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + /* + * needs to be in sync with the definitions in snmplib/snmpUDPDomain.c + * and perl/agent/agent.xs +@@ -149,6 +153,7 @@ netsnmp_tcp_transport(struct sockaddr_in *addr, int local) + netsnmp_transport *t = NULL; + netsnmp_udp_addr_pair *addr_pair = NULL; + int rc = 0; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -178,7 +183,19 @@ netsnmp_tcp_transport(struct sockaddr_in *addr, int local) + t->domain_length = + sizeof(netsnmp_snmpTCPDomain) / sizeof(netsnmp_snmpTCPDomain[0]); + +- t->sock = socket(PF_INET, SOCK_STREAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_STREAM, 1, ++ ntohs(addr->sin_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET, SOCK_STREAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -215,11 +232,13 @@ netsnmp_tcp_transport(struct sockaddr_in *addr, int local) + setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, + sizeof(opt)); + +- rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +@@ -236,11 +255,13 @@ netsnmp_tcp_transport(struct sockaddr_in *addr, int local) + * Now sit here and wait for connections to arrive. + */ + +- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +diff --git a/snmplib/transports/snmpTCPIPv6Domain.c b/snmplib/transports/snmpTCPIPv6Domain.c +index d2e0a2d..22de6d4 100644 +--- a/snmplib/transports/snmpTCPIPv6Domain.c ++++ b/snmplib/transports/snmpTCPIPv6Domain.c +@@ -49,6 +49,10 @@ + #include + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #include "inet_ntop.h" + + oid netsnmp_TCPIPv6Domain[] = { TRANSPORT_DOMAIN_TCP_IPV6 }; +@@ -140,6 +144,8 @@ netsnmp_tcp6_transport(struct sockaddr_in6 *addr, int local) + { + netsnmp_transport *t = NULL; + int rc = 0; ++ char *str = NULL; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -174,7 +180,19 @@ netsnmp_tcp6_transport(struct sockaddr_in6 *addr, int local) + t->domain = netsnmp_TCPIPv6Domain; + t->domain_length = sizeof(netsnmp_TCPIPv6Domain) / sizeof(oid); + +- t->sock = socket(PF_INET6, SOCK_STREAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_STREAM, 1, ++ ntohs(addr->sin6_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET6, SOCK_STREAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -220,12 +238,14 @@ netsnmp_tcp6_transport(struct sockaddr_in6 *addr, int local) + + setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, sizeof(opt)); + +- rc = bind(t->sock, (struct sockaddr *) addr, +- sizeof(struct sockaddr_in6)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *) addr, ++ sizeof(struct sockaddr_in6)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +@@ -242,11 +262,13 @@ netsnmp_tcp6_transport(struct sockaddr_in6 *addr, int local) + * Now sit here and wait for connections to arrive. + */ + +- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +diff --git a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c +index 8c0fb05..00e5bbc 100644 +--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c ++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c +@@ -40,6 +40,10 @@ + + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #if defined(HAVE_IP_PKTINFO) || defined(HAVE_IP_RECVDSTADDR) + int netsnmp_udpipv4_recvfrom(int s, void *buf, int len, struct sockaddr *from, + socklen_t *fromlen, struct sockaddr *dstip, +@@ -64,6 +68,7 @@ netsnmp_udpipv4base_transport(struct sockaddr_in *addr, int local) + char *client_socket = NULL; + netsnmp_indexed_addr_pair addr_pair; + socklen_t local_addr_len; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -88,7 +93,19 @@ netsnmp_udpipv4base_transport(struct sockaddr_in *addr, int local) + free(str); + } + +- t->sock = socket(PF_INET, SOCK_DGRAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_DGRAM, -1, ++ ntohs(addr->sin_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET, SOCK_DGRAM, 0); + DEBUGMSGTL(("UDPBase", "openned socket %d as local=%d\n", t->sock, local)); + if (t->sock < 0) { + netsnmp_transport_free(t); +@@ -151,12 +168,14 @@ netsnmp_udpipv4base_transport(struct sockaddr_in *addr, int local) + } + } + #endif /* !defined(WIN32) */ +- rc = bind(t->sock, (struct sockaddr *) addr, +- sizeof(struct sockaddr)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *) addr, ++ sizeof(struct sockaddr)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + t->data = NULL; + t->data_length = 0; +diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c +index 18de876..fd2ced4 100644 +--- a/snmplib/transports/snmpUDPIPv6Domain.c ++++ b/snmplib/transports/snmpUDPIPv6Domain.c +@@ -67,6 +67,10 @@ static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; + #include + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #include "inet_ntop.h" + #include "inet_pton.h" + +@@ -190,6 +194,8 @@ netsnmp_udp6_transport(struct sockaddr_in6 *addr, int local) + { + netsnmp_transport *t = NULL; + int rc = 0; ++ char *str = NULL; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -217,7 +223,19 @@ netsnmp_udp6_transport(struct sockaddr_in6 *addr, int local) + t->domain_length = + sizeof(netsnmp_UDPIPv6Domain) / sizeof(netsnmp_UDPIPv6Domain[0]); + +- t->sock = socket(PF_INET6, SOCK_DGRAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_DGRAM, -1, ++ ntohs(addr->sin6_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET6, SOCK_DGRAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -243,12 +261,14 @@ netsnmp_udp6_transport(struct sockaddr_in6 *addr, int local) + } + #endif + +- rc = bind(t->sock, (struct sockaddr *) addr, +- sizeof(struct sockaddr_in6)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *) addr, ++ sizeof(struct sockaddr_in6)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + t->local = (unsigned char*)malloc(18); + if (t->local == NULL) { +diff --git a/snmplib/transports/snmpUnixDomain.c b/snmplib/transports/snmpUnixDomain.c +index 47dffc1..8f34c37 100644 +--- a/snmplib/transports/snmpUnixDomain.c ++++ b/snmplib/transports/snmpUnixDomain.c +@@ -37,6 +37,10 @@ + #include /* mkdirhier */ + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + netsnmp_feature_child_of(transport_unix_socket_all, transport_all) + netsnmp_feature_child_of(unix_socket_paths, transport_unix_socket_all) + +@@ -295,6 +299,8 @@ netsnmp_unix_transport(struct sockaddr_un *addr, int local) + netsnmp_transport *t = NULL; + sockaddr_un_pair *sup = NULL; + int rc = 0; ++ char *string = NULL; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + /* SPECIAL CIRCUMSTANCE: We still want AgentX to be able to operate, +@@ -333,7 +339,18 @@ netsnmp_unix_transport(struct sockaddr_un *addr, int local) + t->data_length = sizeof(sockaddr_un_pair); + sup = (sockaddr_un_pair *) t->data; + +- t->sock = socket(PF_UNIX, SOCK_STREAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_unix_socket(SOCK_STREAM, 1, addr->sun_path); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_UNIX, SOCK_STREAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -357,25 +374,26 @@ netsnmp_unix_transport(struct sockaddr_un *addr, int local) + + t->flags |= NETSNMP_TRANSPORT_FLAG_LISTEN; + +- unlink(addr->sun_path); +- rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); +- +- if (rc != 0 && errno == ENOENT && create_path) { +- rc = mkdirhier(addr->sun_path, create_mode, 1); ++ if (!socket_initialized) { ++ unlink(addr->sun_path); ++ rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); ++ if (rc != 0 && errno == ENOENT && create_path) { ++ rc = mkdirhier(addr->sun_path, create_mode, 1); ++ if (rc != 0) { ++ netsnmp_unix_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } ++ rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); ++ } + if (rc != 0) { ++ DEBUGMSGTL(("netsnmp_unix_transport", ++ "couldn't bind \"%s\", errno %d (%s)\n", ++ addr->sun_path, errno, strerror(errno))); + netsnmp_unix_close(t); + netsnmp_transport_free(t); + return NULL; + } +- rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); +- } +- if (rc != 0) { +- DEBUGMSGTL(("netsnmp_unix_transport", +- "couldn't bind \"%s\", errno %d (%s)\n", +- addr->sun_path, errno, strerror(errno))); +- netsnmp_unix_close(t); +- netsnmp_transport_free(t); +- return NULL; + } + + /* +@@ -391,14 +409,16 @@ netsnmp_unix_transport(struct sockaddr_un *addr, int local) + * Now sit here and listen for connections to arrive. + */ + +- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); +- if (rc != 0) { +- DEBUGMSGTL(("netsnmp_unix_transport", +- "couldn't listen to \"%s\", errno %d (%s)\n", +- addr->sun_path, errno, strerror(errno))); +- netsnmp_unix_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); ++ if (rc != 0) { ++ DEBUGMSGTL(("netsnmp_unix_transport", ++ "couldn't listen to \"%s\", errno %d (%s)\n", ++ addr->sun_path, errno, strerror(errno))); ++ netsnmp_unix_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + } else { +diff --git a/win32/libsnmp/Makefile.in b/win32/libsnmp/Makefile.in +index 98d83c8..b228d20 100644 +--- a/win32/libsnmp/Makefile.in ++++ b/win32/libsnmp/Makefile.in +@@ -42,6 +42,7 @@ LIB32_OBJS= \ + "$(INTDIR)\read_config.obj" \ + "$(INTDIR)\readdir.obj" \ + "$(INTDIR)\scapi.obj" \ ++ "$(INTDIR)\sd-daemon.obj" \ + "$(INTDIR)\snmp-tc.obj" \ + "$(INTDIR)\snmp.obj" \ + "$(INTDIR)\snmpCallbackDomain.obj" \ +@@ -138,6 +139,11 @@ SOURCE=..\..\snmplib\asn1.c + "$(INTDIR)\asn1.obj" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + ++SOURCE=..\..\snmplib\sd-daemon.c ++ ++"$(INTDIR)\sd-daemon.obj" : $(SOURCE) "$(INTDIR)" ++ $(CPP) $(CPP_PROJ) $(SOURCE) ++ + + SOURCE=..\..\snmplib\callback.c + +diff --git a/win32/net-snmp/net-snmp-config.h b/win32/net-snmp/net-snmp-config.h +index 1608563..7aec547 100644 +--- a/win32/net-snmp/net-snmp-config.h ++++ b/win32/net-snmp/net-snmp-config.h +@@ -1717,6 +1717,8 @@ enum { + #define DMALLOC_FUNC_CHECK + #endif + +++#define NETSNMP_NO_SYSTEMD +++ + /* #undef NETSNMP_ENABLE_LOCAL_SMUX */ + + /* define if agentx transport is to use domain sockets only */ +diff --git a/win32/net-snmp/net-snmp-config.h.in b/win32/net-snmp/net-snmp-config.h.in +index 9693730..96ec3d9 100644 +--- a/win32/net-snmp/net-snmp-config.h.in ++++ b/win32/net-snmp/net-snmp-config.h.in +@@ -1717,6 +1717,8 @@ enum { + #define DMALLOC_FUNC_CHECK + #endif + ++#define NETSNMP_NO_SYSTEMD ++ + /* #undef NETSNMP_ENABLE_LOCAL_SMUX */ + + /* define if agentx transport is to use domain sockets only */ +-- +1.8.4.2 + diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp_5.9.bb b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp_5.9.bb new file mode 100644 index 000000000..d9040c164 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp_5.9.bb @@ -0,0 +1,275 @@ +SUMMARY = "Various tools relating to the Simple Network Management Protocol" +HOMEPAGE = "http://www.net-snmp.org/" +SECTION = "net" +LICENSE = "BSD & MIT" + +LIC_FILES_CHKSUM = "file://COPYING;md5=9d100a395a38584f2ec18a8275261687" + +DEPENDS = "openssl libnl pciutils" + +SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ + file://init \ + file://snmpd.conf \ + file://snmptrapd.conf \ + file://snmpd.service \ + file://snmptrapd.service \ + file://net-snmp-add-knob-whether-nlist.h-are-checked.patch \ + file://fix-libtool-finish.patch \ + file://net-snmp-testing-add-the-output-format-for-ptest.patch \ + file://run-ptest \ + file://0001-config_os_headers-Error-Fix.patch \ + file://0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch \ + file://0001-get_pid_from_inode-Include-limit.h.patch \ + file://0002-configure-fix-a-cc-check-issue.patch \ + file://0004-configure-fix-incorrect-variable.patch \ + file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \ + file://net-snmp-fix-for-disable-des.patch \ + file://reproducibility-have-printcap.patch \ + file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ + " +SRC_URI[sha256sum] = "04303a66f85d6d8b16d3cc53bde50428877c82ab524e17591dfceaeb94df6071" + +UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/net-snmp/files/net-snmp/" +UPSTREAM_CHECK_REGEX = "/net-snmp/(?P\d+(\.\d+)+)/" + +inherit autotools-brokensep update-rc.d siteinfo systemd pkgconfig perlnative ptest multilib_script multilib_header + +EXTRA_OEMAKE = "INSTALL_PREFIX=${D} OTHERLDFLAGS='${LDFLAGS}' HOST_CPPFLAGS='${BUILD_CPPFLAGS}'" + +PARALLEL_MAKE = "" +CCACHE = "" + +TARGET_CC_ARCH += "${LDFLAGS}" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} des smux" +PACKAGECONFIG[elfutils] = "--with-elf, --without-elf, elfutils" +PACKAGECONFIG[libnl] = "--with-nl, --without-nl, libnl" + +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,," + +PACKAGECONFIG[perl] = "--enable-embedded-perl --with-perl-modules=yes, --disable-embedded-perl --with-perl-modules=no,\ + perl," +PACKAGECONFIG[des] = "--enable-des,--disable-des" +PACKAGECONFIG[smux] = "" + +EXTRA_OECONF = "--enable-shared \ + --disable-manuals \ + --with-defaults \ + --with-install-prefix=${D} \ + --with-persistent-directory=${localstatedir}/lib/net-snmp \ + ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '--with-endianness=little', '--with-endianness=big', d)} \ + --with-mib-modules='${MIB_MODULES}' \ +" + +MIB_MODULES = "" +MIB_MODULES_append = " ${@bb.utils.filter('PACKAGECONFIG', 'smux', d)}" + +CACHED_CONFIGUREVARS = " \ + ac_cv_header_valgrind_valgrind_h=no \ + ac_cv_header_valgrind_memcheck_h=no \ + ac_cv_ETC_MNTTAB=/etc/mtab \ + lt_cv_shlibpath_overrides_runpath=yes \ + ac_cv_path_UNAMEPROG=${base_bindir}/uname \ + ac_cv_file__etc_printcap=no \ + NETSNMP_CONFIGURE_OPTIONS= \ +" +export PERLPROG="${bindir}/env perl" +PERLPROG_append = "${@bb.utils.contains('PACKAGECONFIG', 'perl', ' -I${WORKDIR}', '', d)}" + +HAS_PERL = "${@bb.utils.contains('PACKAGECONFIG', 'perl', '1', '0', d)}" + +PTEST_BUILD_HOST_FILES += "net-snmp-config gen-variables" + +do_configure_prepend() { + sed -i -e "s|I/usr/include|I${STAGING_INCDIR}|g" \ + "${S}"/configure \ + "${S}"/configure.d/config_os_libs2 + + if [ "${HAS_PERL}" = "1" ]; then + # this may need to be changed when package perl has any change. + cp -f ${STAGING_DIR_TARGET}/usr/lib*/perl?/*/Config.pm ${WORKDIR}/ + cp -f ${STAGING_DIR_TARGET}/usr/lib*/perl?/*/*/Config_heavy.pl ${WORKDIR}/ + sed -e "s@libpth => '/usr/lib.*@libpth => '${STAGING_DIR_TARGET}/${libdir} ${STAGING_DIR_TARGET}/${base_libdir}',@g" \ + -e "s@privlibexp => '/usr@privlibexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@scriptdir => '/usr@scriptdir => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@sitearchexp => '/usr@sitearchexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@sitelibexp => '/usr@sitearchexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@vendorarchexp => '/usr@vendorarchexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@vendorlibexp => '/usr@vendorlibexp => '${STAGING_DIR_TARGET}/usr@g" \ + -i ${WORKDIR}/Config.pm + fi + +} + +do_configure_append() { + sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=${STAGING_DIR_TARGET}\$\{includedir\}@g" \ + -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L${STAGING_DIR_TARGET}\$\{libdir\}@g" \ + -e "s@^NSC_LDFLAGS=\"-L.* @NSC_LDFLAGS=\"-L${STAGING_DIR_TARGET}\$\{libdir\} @g" \ + -i ${B}/net-snmp-config +} + +do_install_append() { + install -d ${D}${sysconfdir}/snmp + install -d ${D}${sysconfdir}/init.d + install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/snmpd + install -m 644 ${WORKDIR}/snmpd.conf ${D}${sysconfdir}/snmp/ + install -m 644 ${WORKDIR}/snmptrapd.conf ${D}${sysconfdir}/snmp/ + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/snmpd.service ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/snmptrapd.service ${D}${systemd_unitdir}/system + sed -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g" \ + -i ${D}${bindir}/net-snmp-create-v3-user + sed -e 's@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g' \ + -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*--sysroot=[^ "]*@@g' \ + -e 's@[^ ]*--with-libtool-sysroot=[^ "]*@@g' \ + -e 's@[^ ]*--with-install-prefix=[^ "]*@@g' \ + -e 's@[^ ]*PKG_CONFIG_PATH=[^ "]*@@g' \ + -e 's@[^ ]*PKG_CONFIG_LIBDIR=[^ "]*@@g' \ + -e 's@${STAGING_DIR_HOST}@@g' \ + -i ${D}${bindir}/net-snmp-config + + sed -e 's@${STAGING_DIR_HOST}@@g' \ + -i ${D}${libdir}/pkgconfig/netsnmp*.pc + + sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=\$\{includedir\}@g" \ + -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L\$\{libdir\}@g" \ + -e "s@^NSC_LDFLAGS=\"-L.* @NSC_LDFLAGS=\"-L\$\{libdir\} @g" \ + -i ${D}${bindir}/net-snmp-config + + oe_multilib_header net-snmp/net-snmp-config.h +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH} + for i in ${S}/dist ${S}/include ${B}/include ${S}/mibs ${S}/configure \ + ${B}/net-snmp-config ${S}/testing; do + if [ -e "$i" ]; then + cp -R --no-dereference --preserve=mode,links -v "$i" ${D}${PTEST_PATH} + fi + done + echo `autoconf -V|awk '/autoconf/{print $NF}'` > ${D}${PTEST_PATH}/dist/autoconf-version + + rmdlist="${D}${PTEST_PATH}/dist/net-snmp-solaris-build" + for i in $rmdlist; do + if [ -d "$i" ]; then + rm -rf "$i" + fi + done +} + +SYSROOT_PREPROCESS_FUNCS += "net_snmp_sysroot_preprocess" +SNMP_DBGDIR = "/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}" + +net_snmp_sysroot_preprocess () { + if [ -e ${D}${bindir}/net-snmp-config ]; then + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/net-snmp-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + sed -e "s@-I/usr/include@-I${STAGING_INCDIR}@g" \ + -e "s@^prefix=.*@prefix=${STAGING_DIR_HOST}${prefix}@g" \ + -e "s@^exec_prefix=.*@exec_prefix=${STAGING_EXECPREFIXDIR}@g" \ + -e "s@^includedir=.*@includedir=${STAGING_INCDIR}@g" \ + -e "s@^libdir=.*@libdir=${STAGING_LIBDIR}@g" \ + -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=${S}@g" \ + -e "s@-fdebug-prefix-map=${SNMP_DBGDIR}@-fdebug-prefix-map=${WORKDIR}=${SNMP_DBGDIR}@g" \ + -e "s@-fdebug-prefix-map= -fdebug-prefix-map=@-fdebug-prefix-map=${STAGING_DIR_NATIVE}= \ + -fdebug-prefix-map=${STAGING_DIR_HOST}=@g" \ + -e "s@--sysroot=@--sysroot=${STAGING_DIR_HOST}@g" \ + -e "s@--with-libtool-sysroot=@--with-libtool-sysroot=${STAGING_DIR_HOST}@g" \ + -e "s@--with-install-prefix=@--with-install-prefix=${D}@g" \ + -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/net-snmp-config + fi +} + +PACKAGES += "${PN}-libs ${PN}-mibs ${PN}-server ${PN}-client \ + ${PN}-server-snmpd ${PN}-server-snmptrapd \ + ${PN}-lib-netsnmp ${PN}-lib-agent ${PN}-lib-helpers \ + ${PN}-lib-mibs ${PN}-lib-trapd" + +# perl module +PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'perl', '${PN}-perl-modules', '', d)}" + +ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY_${PN}-server = "1" +ALLOW_EMPTY_${PN}-libs = "1" + +FILES_${PN}-perl-modules = "${libdir}/perl?/*" +RDEPENDS_${PN}-perl-modules = "perl" + +FILES_${PN}-libs = "" +FILES_${PN}-mibs = "${datadir}/snmp/mibs" +FILES_${PN}-server-snmpd = "${sbindir}/snmpd \ + ${sysconfdir}/snmp/snmpd.conf \ + ${sysconfdir}/init.d \ + ${systemd_unitdir}/system/snmpd.service \ +" + +FILES_${PN}-server-snmptrapd = "${sbindir}/snmptrapd \ + ${sysconfdir}/snmp/snmptrapd.conf \ + ${systemd_unitdir}/system/snmptrapd.service \ +" + +FILES_${PN}-lib-netsnmp = "${libdir}/libnetsnmp${SOLIBS}" +FILES_${PN}-lib-agent = "${libdir}/libnetsnmpagent${SOLIBS}" +FILES_${PN}-lib-helpers = "${libdir}/libnetsnmphelpers${SOLIBS}" +FILES_${PN}-lib-mibs = "${libdir}/libnetsnmpmibs${SOLIBS}" +FILES_${PN}-lib-trapd = "${libdir}/libnetsnmptrapd${SOLIBS}" + +FILES_${PN} = "" +FILES_${PN}-client = "${bindir}/* ${datadir}/snmp/" +FILES_${PN}-dbg += "${libdir}/.debug/ ${sbindir}/.debug/ ${bindir}/.debug/" +FILES_${PN}-dev += "${bindir}/mib2c \ + ${bindir}/mib2c-update \ + ${bindir}/net-snmp-config \ + ${bindir}/net-snmp-create-v3-user \ +" + +CONFFILES_${PN}-server-snmpd = "${sysconfdir}/snmp/snmpd.conf" +CONFFILES_${PN}-server-snmptrapd = "${sysconfdir}/snmp/snmptrapd.conf" + +INITSCRIPT_PACKAGES = "${PN}-server-snmpd" +INITSCRIPT_NAME_${PN}-server-snmpd = "snmpd" +INITSCRIPT_PARAMS_${PN}-server-snmpd = "start 90 2 3 4 5 . stop 60 0 1 6 ." + +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)}" + +SYSTEMD_PACKAGES = "${PN}-server-snmpd \ + ${PN}-server-snmptrapd" + +SYSTEMD_SERVICE_${PN}-server-snmpd = "snmpd.service" +SYSTEMD_SERVICE_${PN}-server-snmptrapd = "snmptrapd.service" + +RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'net-snmp-perl-modules', '', d)}" +RDEPENDS_${PN} += "net-snmp-client" +RDEPENDS_${PN}-server-snmpd += "net-snmp-mibs" +RDEPENDS_${PN}-server-snmptrapd += "net-snmp-server-snmpd ${PN}-lib-trapd" +RDEPENDS_${PN}-server += "net-snmp-server-snmpd net-snmp-server-snmptrapd" +RDEPENDS_${PN}-client += "net-snmp-mibs net-snmp-libs" +RDEPENDS_${PN}-libs += "libpci \ + ${PN}-lib-netsnmp \ + ${PN}-lib-agent \ + ${PN}-lib-helpers \ + ${PN}-lib-mibs \ +" +RDEPENDS_${PN}-ptest += "perl \ + perl-module-test \ + perl-module-file-basename \ + perl-module-getopt-long \ + perl-module-file-temp \ + perl-module-data-dumper \ +" +RDEPENDS_${PN}-dev = "net-snmp-client (= ${EXTENDPKGV}) net-snmp-server (= ${EXTENDPKGV})" +RRECOMMENDS_${PN}-dbg = "net-snmp-client (= ${EXTENDPKGV}) net-snmp-server (= ${EXTENDPKGV})" + +RPROVIDES_${PN}-server-snmpd += "${PN}-server-snmpd-systemd" +RREPLACES_${PN}-server-snmpd += "${PN}-server-snmpd-systemd" +RCONFLICTS_${PN}-server-snmpd += "${PN}-server-snmpd-systemd" + +RPROVIDES_${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd" +RREPLACES_${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd" +RCONFLICTS_${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd" + +LEAD_SONAME = "libnetsnmp.so" + +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/net-snmp-config" diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.74.0.bb b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.74.0.bb deleted file mode 100644 index 73dbd853c..000000000 --- a/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.74.0.bb +++ /dev/null @@ -1,81 +0,0 @@ -SUMMARY = "Command line tool and library for client-side URL transfers" -HOMEPAGE = "http://curl.haxx.se/" -BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" -SECTION = "console/network" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=2e9fb35867314fe31c6a4977ef7dd531" - -SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ - file://0001-replace-krb5-config-with-pkg-config.patch \ -" - -SRC_URI[md5sum] = "646c71c7c9fdb71308032790d885ea00" -SRC_URI[sha256sum] = "0f4d63e6681636539dc88fa8e929f934cd3a840c46e0bf28c73be11e521b77a5" - -CVE_PRODUCT = "curl libcurl" -inherit autotools pkgconfig binconfig multilib_header - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" -PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver verbose zlib" -PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib" - -# 'ares' and 'threaded-resolver' are mutually exclusive -PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" -PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" -PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" -PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," -PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" -PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," -PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" -PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," -PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," -PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" -PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" -PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" -PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," -PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" -PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," -PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," -PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" -PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," -PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," -PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," -PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" -PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," -PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," -PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" -PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" -PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" - -EXTRA_OECONF = " \ - --disable-libcurl-option \ - --disable-ntlm-wb \ - --enable-crypto-auth \ - --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ - --without-libmetalink \ - --without-libpsl \ -" - -do_install_append_class-target() { - # cleanup buildpaths from curl-config - sed -i \ - -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's|${DEBUG_PREFIX_MAP}||g' \ - ${D}${bindir}/curl-config -} - -PACKAGES =+ "lib${BPN}" - -FILES_lib${BPN} = "${libdir}/lib*.so.*" -RRECOMMENDS_lib${BPN} += "ca-certificates" - -FILES_${PN} += "${datadir}/zsh" - -inherit multilib_script -MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.77.0.bb b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.77.0.bb new file mode 100644 index 000000000..9a5a40ec7 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.77.0.bb @@ -0,0 +1,81 @@ +SUMMARY = "Command line tool and library for client-side URL transfers" +HOMEPAGE = "http://curl.haxx.se/" +BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" +SECTION = "console/network" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=425f6fdc767cc067518eef9bbdf4ab7b" + +SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ + file://0001-replace-krb5-config-with-pkg-config.patch \ +" + +SRC_URI[md5sum] = "045d28029679dabb6b20a814934671ad" +SRC_URI[sha256sum] = "6c0c28868cb82593859fc43b9c8fdb769314c855c05cf1b56b023acf855df8ea" + +CVE_PRODUCT = "curl libcurl" +inherit autotools pkgconfig binconfig multilib_header + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" +PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver verbose zlib" +PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib" + +# 'ares' and 'threaded-resolver' are mutually exclusive +PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" +PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" +PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" +PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" +PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," +PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," +PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" +PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" +PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" +PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," +PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" +PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," +PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," +PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" +PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," +PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," +PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," +PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" +PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" +PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," +PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," +PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" +PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" +PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" + +EXTRA_OECONF = " \ + --disable-libcurl-option \ + --disable-ntlm-wb \ + --enable-crypto-auth \ + --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ + --without-libmetalink \ + --without-libpsl \ +" + +do_install_append_class-target() { + # cleanup buildpaths from curl-config + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + ${D}${bindir}/curl-config +} + +PACKAGES =+ "lib${BPN}" + +FILES_lib${BPN} = "${libdir}/lib*.so.*" +RRECOMMENDS_lib${BPN} += "ca-certificates" + +FILES_${PN} += "${datadir}/zsh" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openbmc-mods/meta-common/recipes-support/gnutls/gnutls_%.bbappend b/meta-openbmc-mods/meta-common/recipes-support/gnutls/gnutls_%.bbappend index 4377bf0e3..31eea8292 100644 --- a/meta-openbmc-mods/meta-common/recipes-support/gnutls/gnutls_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-support/gnutls/gnutls_%.bbappend @@ -1,12 +1,11 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" -PV = "3.6.15" +PV = "3.7.1" SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}" SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \ " -SRC_URI[md5sum] = "e80e0d20a8bb337a15fa63caa7f67006" -#SRC_URI[sha256sum] = "3847a3354dd908c5e603f490865ae10577d7ee3b5edf35e82d1ed8cfa1cf0191" -SRC_URI[sha256sum] = "0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558" +SRC_URI[md5sum] = "278e1f50d79cd13727733adbf01fde8f" +SRC_URI[sha256sum] = "3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e5cac6f" diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch new file mode 100644 index 000000000..4df96f001 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch @@ -0,0 +1,90 @@ +From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna +Date: Sat, 27 Apr 2019 19:33:28 +0300 +Subject: [PATCH 1/3] Prefetch GCM look-up tables + +* cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables) +(prefetch_tables): New. +(ghash_internal): Call prefetch_tables. +-- + +Signed-off-by: Jussi Kivilinna + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao +--- + cipher/cipher-gcm.c | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c +index c19f09f..11f119a 100644 +--- a/cipher/cipher-gcm.c ++++ b/cipher/cipher-gcm.c +@@ -118,6 +118,34 @@ static const u16 gcmR[256] = { + 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, + }; + ++static inline ++void prefetch_table(const void *tab, size_t len) ++{ ++ const volatile byte *vtab = tab; ++ size_t i; ++ ++ for (i = 0; i < len; i += 8 * 32) ++ { ++ (void)vtab[i + 0 * 32]; ++ (void)vtab[i + 1 * 32]; ++ (void)vtab[i + 2 * 32]; ++ (void)vtab[i + 3 * 32]; ++ (void)vtab[i + 4 * 32]; ++ (void)vtab[i + 5 * 32]; ++ (void)vtab[i + 6 * 32]; ++ (void)vtab[i + 7 * 32]; ++ } ++ ++ (void)vtab[len - 1]; ++} ++ ++static inline void ++do_prefetch_tables (const void *gcmM, size_t gcmM_size) ++{ ++ prefetch_table(gcmM, gcmM_size); ++ prefetch_table(gcmR, sizeof(gcmR)); ++} ++ + #ifdef GCM_TABLES_USE_U64 + static void + bshift (u64 * b0, u64 * b1) +@@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM) + #define fillM(c) \ + do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table) + #define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table) ++#define prefetch_tables(c) \ ++ do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table)) + + #else + +@@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf) + + #define fillM(c) do { } while (0) + #define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, result, buf) ++#define prefetch_tables(c) do {} while (0) + + #endif /* !GCM_USE_TABLES */ + +@@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const byte *buf, + const unsigned int blocksize = GCRY_GCM_BLOCK_LEN; + unsigned int burn = 0; + ++ prefetch_tables (c); ++ + while (nblocks) + { + burn = GHASH (c, result, buf); +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch new file mode 100644 index 000000000..cd8a5993b --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch @@ -0,0 +1,149 @@ +From bee26d7c4ea0b4a397c289b819b89e78bc325ba0 Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin +Date: Tue, 29 Oct 2019 14:08:32 -0400 +Subject: [PATCH] libgcrypt: fix m4 file for oe-core + +Modify libgcrypt pkgconfig specifically for oe-core. Changes +are based on a previous patch from RP, using wiggle to +incorporate the parts that aren't in the upstream pkgconfig +settings. + +Upstream-Status: Inappropriate [oe-specific] + +Signed-off-by: Trevor Gamblin + +--- + src/libgcrypt.m4 | 90 +++--------------------------------------------- + 1 file changed, 4 insertions(+), 86 deletions(-) + +diff --git a/src/libgcrypt.m4 b/src/libgcrypt.m4 +index 37dfbea2..3d2e90a8 100644 +--- a/src/libgcrypt.m4 ++++ b/src/libgcrypt.m4 +@@ -29,41 +29,6 @@ dnl is added to the gpg_config_script_warn variable. + dnl + AC_DEFUN([AM_PATH_LIBGCRYPT], + [ AC_REQUIRE([AC_CANONICAL_HOST]) +- AC_ARG_WITH(libgcrypt-prefix, +- AC_HELP_STRING([--with-libgcrypt-prefix=PFX], +- [prefix where LIBGCRYPT is installed (optional)]), +- libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") +- if test x"${LIBGCRYPT_CONFIG}" = x ; then +- if test x"${libgcrypt_config_prefix}" != x ; then +- LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config" +- fi +- fi +- +- use_gpgrt_config="" +- if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then +- if $GPGRT_CONFIG libgcrypt --exists; then +- LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt" +- AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config]) +- use_gpgrt_config=yes +- fi +- fi +- if test -z "$use_gpgrt_config"; then +- if test x"${LIBGCRYPT_CONFIG}" = x ; then +- case "${SYSROOT}" in +- /*) +- if test -x "${SYSROOT}/bin/libgcrypt-config" ; then +- LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config" +- fi +- ;; +- '') +- ;; +- *) +- AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.]) +- ;; +- esac +- fi +- AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) +- fi + + tmp=ifelse([$1], ,1:1.2.0,$1) + if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then +@@ -74,56 +39,13 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], + min_libgcrypt_version="$tmp" + fi + +- AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version) +- ok=no +- if test "$LIBGCRYPT_CONFIG" != "no" ; then +- req_major=`echo $min_libgcrypt_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` +- req_minor=`echo $min_libgcrypt_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` +- req_micro=`echo $min_libgcrypt_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` +- if test -z "$use_gpgrt_config"; then +- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` +- else +- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion` +- fi +- major=`echo $libgcrypt_config_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` +- minor=`echo $libgcrypt_config_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` +- micro=`echo $libgcrypt_config_version | \ +- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` +- if test "$major" -gt "$req_major"; then +- ok=yes +- else +- if test "$major" -eq "$req_major"; then +- if test "$minor" -gt "$req_minor"; then +- ok=yes +- else +- if test "$minor" -eq "$req_minor"; then +- if test "$micro" -ge "$req_micro"; then +- ok=yes +- fi +- fi +- fi +- fi +- fi +- fi +- if test $ok = yes; then +- AC_MSG_RESULT([yes ($libgcrypt_config_version)]) +- else +- AC_MSG_RESULT(no) +- fi ++ PKG_CHECK_MODULES(LIBGCRYPT, [libgcrypt >= $min_libgcrypt_version], [ok=yes], [ok=no]) ++ + if test $ok = yes; then + # If we have a recent libgcrypt, we should also check that the + # API is compatible + if test "$req_libgcrypt_api" -gt 0 ; then +- if test -z "$use_gpgrt_config"; then +- tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` +- else +- tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0` +- fi ++ tmp=`$PKG_CONFIG --variable=api_version libgcrypt` + if test "$tmp" -gt 0 ; then + AC_MSG_CHECKING([LIBGCRYPT API version]) + if test "$req_libgcrypt_api" -eq "$tmp" ; then +@@ -136,11 +58,9 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], + fi + fi + if test $ok = yes; then +- LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` +- LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` + ifelse([$2], , :, [$2]) + if test -z "$use_gpgrt_config"; then +- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` ++ libgcrypt_config_host=`$PKG_CONFIG --variable=host libgcrypt` + else + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none` + fi +@@ -158,8 +78,6 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], + fi + fi + else +- LIBGCRYPT_CFLAGS="" +- LIBGCRYPT_LIBS="" + ifelse([$3], , :, [$3]) + fi + AC_SUBST(LIBGCRYPT_CFLAGS) +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch new file mode 100644 index 000000000..c82c5b5c8 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch @@ -0,0 +1,332 @@ +From 119348dd9aa52ab229afb5e2d3342d2b76fe81bf Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna +Date: Fri, 31 May 2019 17:18:09 +0300 +Subject: [PATCH 2/3] AES: move look-up tables to .data section and unshare between + processes + +* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New. +* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure. +(enc_tables): New structure for encryption table with counters before +and after. +(encT): New macro. +(dec_tables): Add counters before and after encryption table; Move +from .rodata to .data section. +(do_encrypt): Change 'encT' to 'enc_tables.T'. +(do_decrypt): Change '&dec_tables' to 'dec_tables.T'. +* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input +with length not multiple of 256. +(prefetch_enc, prefetch_dec): Modify pre- and post-table counters +to unshare look-up table pages between processes. +-- + +GnuPG-bug-id: 4541 +Signed-off-by: Jussi Kivilinna + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao +--- + cipher/rijndael-internal.h | 4 +- + cipher/rijndael-tables.h | 155 +++++++++++++++++++++++++-------------------- + cipher/rijndael.c | 35 ++++++++-- + 3 files changed, 118 insertions(+), 76 deletions(-) + +diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h +index 160fb8c..a62d4b7 100644 +--- a/cipher/rijndael-internal.h ++++ b/cipher/rijndael-internal.h +@@ -29,11 +29,13 @@ + #define BLOCKSIZE (128/8) + + +-/* Helper macro to force alignment to 16 bytes. */ ++/* Helper macro to force alignment to 16 or 64 bytes. */ + #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED + # define ATTR_ALIGNED_16 __attribute__ ((aligned (16))) ++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64))) + #else + # define ATTR_ALIGNED_16 ++# define ATTR_ALIGNED_64 + #endif + + +diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h +index 8359470..b54d959 100644 +--- a/cipher/rijndael-tables.h ++++ b/cipher/rijndael-tables.h +@@ -21,80 +21,98 @@ + /* To keep the actual implementation at a readable size we use this + include file to define the tables. */ + +-static const u32 encT[256] = ++static struct ++{ ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; ++ u32 T[256]; ++ volatile u32 counter_tail; ++} enc_tables ATTR_ALIGNED_64 = + { +- 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, +- 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, +- 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, +- 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, +- 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, +- 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, +- 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, +- 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, +- 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, +- 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, +- 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, +- 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, +- 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, +- 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, +- 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, +- 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, +- 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, +- 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, +- 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, +- 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, +- 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, +- 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, +- 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, +- 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, +- 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, +- 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, +- 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, +- 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, +- 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, +- 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, +- 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, +- 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, +- 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, +- 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, +- 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, +- 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, +- 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, +- 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, +- 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, +- 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, +- 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, +- 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, +- 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, +- 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, +- 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, +- 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, +- 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, +- 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, +- 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, +- 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, +- 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, +- 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, +- 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, +- 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, +- 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, +- 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, +- 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, +- 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, +- 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, +- 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, +- 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, +- 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, +- 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, +- 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c ++ 0, ++ { 0, }, ++ { ++ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, ++ 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, ++ 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, ++ 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, ++ 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, ++ 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, ++ 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, ++ 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, ++ 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, ++ 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, ++ 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, ++ 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, ++ 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, ++ 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, ++ 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, ++ 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, ++ 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, ++ 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, ++ 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, ++ 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, ++ 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, ++ 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, ++ 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, ++ 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, ++ 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, ++ 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, ++ 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, ++ 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, ++ 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, ++ 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, ++ 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, ++ 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, ++ 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, ++ 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, ++ 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, ++ 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, ++ 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, ++ 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, ++ 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, ++ 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, ++ 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, ++ 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, ++ 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, ++ 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, ++ 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, ++ 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, ++ 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, ++ 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, ++ 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, ++ 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, ++ 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, ++ 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, ++ 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, ++ 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, ++ 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, ++ 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, ++ 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, ++ 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, ++ 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, ++ 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, ++ 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, ++ 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, ++ 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, ++ 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c ++ }, ++ 0 + }; + +-static const struct ++#define encT enc_tables.T ++ ++static struct + { ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; + u32 T[256]; + byte inv_sbox[256]; +-} dec_tables = ++ volatile u32 counter_tail; ++} dec_tables ATTR_ALIGNED_64 = + { ++ 0, ++ { 0, }, + { + 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, + 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, +@@ -194,7 +212,8 @@ static const struct + 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61, + 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26, + 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d +- } ++ }, ++ 0 + }; + + #define decT dec_tables.T +diff --git a/cipher/rijndael.c b/cipher/rijndael.c +index 8637195..d0edab2 100644 +--- a/cipher/rijndael.c ++++ b/cipher/rijndael.c +@@ -227,11 +227,11 @@ static const char *selftest(void); + + + /* Prefetching for encryption/decryption tables. */ +-static void prefetch_table(const volatile byte *tab, size_t len) ++static inline void prefetch_table(const volatile byte *tab, size_t len) + { + size_t i; + +- for (i = 0; i < len; i += 8 * 32) ++ for (i = 0; len - i >= 8 * 32; i += 8 * 32) + { + (void)tab[i + 0 * 32]; + (void)tab[i + 1 * 32]; +@@ -242,17 +242,37 @@ static void prefetch_table(const volatile byte *tab, size_t len) + (void)tab[i + 6 * 32]; + (void)tab[i + 7 * 32]; + } ++ for (; i < len; i += 32) ++ { ++ (void)tab[i]; ++ } + + (void)tab[len - 1]; + } + + static void prefetch_enc(void) + { +- prefetch_table((const void *)encT, sizeof(encT)); ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ enc_tables.counter_head++; ++ enc_tables.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ ++ prefetch_table((const void *)&enc_tables, sizeof(enc_tables)); + } + + static void prefetch_dec(void) + { ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ dec_tables.counter_head++; ++ dec_tables.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ + prefetch_table((const void *)&dec_tables, sizeof(dec_tables)); + } + +@@ -737,7 +757,7 @@ do_encrypt (const RIJNDAEL_context *ctx, + #ifdef USE_AMD64_ASM + # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS + return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, +- encT); ++ enc_tables.T); + # else + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ +@@ -757,7 +777,8 @@ do_encrypt (const RIJNDAEL_context *ctx, + return ret; + # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ + #elif defined(USE_ARM_ASM) +- return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT); ++ return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, ++ enc_tables.T); + #else + return do_encrypt_fn (ctx, bx, ax); + #endif /* !USE_ARM_ASM && !USE_AMD64_ASM*/ +@@ -1120,7 +1141,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, + #ifdef USE_AMD64_ASM + # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS + return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, +- &dec_tables); ++ dec_tables.T); + # else + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ +@@ -1141,7 +1162,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, + # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ + #elif defined(USE_ARM_ASM) + return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, +- &dec_tables); ++ dec_tables.T); + #else + return do_decrypt_fn (ctx, bx, ax); + #endif /*!USE_ARM_ASM && !USE_AMD64_ASM*/ +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch new file mode 100644 index 000000000..f9c362431 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch @@ -0,0 +1,39 @@ +From 3c6c10eae0993c8ca60879494c6650f7b8f54ebe Mon Sep 17 00:00:00 2001 +From: Chen Qi +Date: Wed, 16 Aug 2017 10:44:41 +0800 +Subject: [PATCH] libgcrypt: fix building error with '-O2' in sysroot path + +Upstream-Status: Pending + +Characters like '-O2' or '-Ofast' will be replaced by '-O1' when +compiling cipher. +If we are cross compiling libgcrypt and sysroot contains such +characters, we would +get compile errors because the sysroot path has been modified. + +Fix this by adding blank spaces before and after the original matching +pattern in the +sed command. + +Signed-off-by: Chen Qi + +Rebase to 1.8.0 +Signed-off-by: Hongxu Jia + +--- + cipher/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cipher/Makefile.am b/cipher/Makefile.am +index d644005..1cf5072 100644 +--- a/cipher/Makefile.am ++++ b/cipher/Makefile.am +@@ -147,7 +147,7 @@ gost-s-box: gost-s-box.c + + + if ENABLE_O_FLAG_MUNGING +-o_flag_munging = sed -e 's/-O\([2-9sg][2-9sg]*\)/-O1/' -e 's/-Ofast/-O1/g' ++o_flag_munging = sed -e 's/ -O\([2-9sg][2-9sg]*\) / -O1 /' -e 's/ -Ofast / -O1 /g' + else + o_flag_munging = cat + endif diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch new file mode 100644 index 000000000..b580b7b13 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch @@ -0,0 +1,178 @@ +From a4c561aab1014c3630bc88faf6f5246fee16b020 Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna +Date: Fri, 31 May 2019 17:27:25 +0300 +Subject: [PATCH 3/3] GCM: move look-up table to .data section and unshare + between processes + +* cipher/cipher-gcm.c (ATTR_ALIGNED_64): New. +(gcmR): Move to 'gcm_table' structure. +(gcm_table): New structure for look-up table with counters before and +after. +(gcmR): New macro. +(prefetch_table): Handle input with length not multiple of 256. +(do_prefetch_tables): Modify pre- and post-table counters to unshare +look-up table pages between processes. +-- + +GnuPG-bug-id: 4541 +Signed-off-by: Jussi Kivilinna + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao +--- + cipher/cipher-gcm.c | 106 ++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 70 insertions(+), 36 deletions(-) + +diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c +index 11f119a..194e2ec 100644 +--- a/cipher/cipher-gcm.c ++++ b/cipher/cipher-gcm.c +@@ -30,6 +30,14 @@ + #include "./cipher-internal.h" + + ++/* Helper macro to force alignment to 16 or 64 bytes. */ ++#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED ++# define ATTR_ALIGNED_64 __attribute__ ((aligned (64))) ++#else ++# define ATTR_ALIGNED_64 ++#endif ++ ++ + #ifdef GCM_USE_INTEL_PCLMUL + extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c); + +@@ -83,40 +91,54 @@ ghash_armv7_neon (gcry_cipher_hd_t c, byte *result, const byte *buf, + + + #ifdef GCM_USE_TABLES +-static const u16 gcmR[256] = { +- 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e, +- 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e, +- 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e, +- 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e, +- 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e, +- 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e, +- 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e, +- 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e, +- 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce, +- 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde, +- 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee, +- 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe, +- 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e, +- 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e, +- 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae, +- 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe, +- 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e, +- 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e, +- 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e, +- 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e, +- 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e, +- 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e, +- 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e, +- 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e, +- 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce, +- 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade, +- 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee, +- 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe, +- 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e, +- 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e, +- 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae, +- 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, +-}; ++static struct ++{ ++ volatile u32 counter_head; ++ u32 cacheline_align[64 / 4 - 1]; ++ u16 R[256]; ++ volatile u32 counter_tail; ++} gcm_table ATTR_ALIGNED_64 = ++ { ++ 0, ++ { 0, }, ++ { ++ 0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e, ++ 0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e, ++ 0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e, ++ 0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e, ++ 0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e, ++ 0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e, ++ 0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e, ++ 0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e, ++ 0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce, ++ 0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde, ++ 0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee, ++ 0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe, ++ 0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e, ++ 0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e, ++ 0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae, ++ 0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe, ++ 0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e, ++ 0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e, ++ 0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e, ++ 0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e, ++ 0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e, ++ 0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e, ++ 0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e, ++ 0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e, ++ 0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce, ++ 0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade, ++ 0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee, ++ 0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe, ++ 0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e, ++ 0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e, ++ 0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae, ++ 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, ++ }, ++ 0 ++ }; ++ ++#define gcmR gcm_table.R + + static inline + void prefetch_table(const void *tab, size_t len) +@@ -124,7 +146,7 @@ void prefetch_table(const void *tab, size_t len) + const volatile byte *vtab = tab; + size_t i; + +- for (i = 0; i < len; i += 8 * 32) ++ for (i = 0; len - i >= 8 * 32; i += 8 * 32) + { + (void)vtab[i + 0 * 32]; + (void)vtab[i + 1 * 32]; +@@ -135,6 +157,10 @@ void prefetch_table(const void *tab, size_t len) + (void)vtab[i + 6 * 32]; + (void)vtab[i + 7 * 32]; + } ++ for (; i < len; i += 32) ++ { ++ (void)vtab[i]; ++ } + + (void)vtab[len - 1]; + } +@@ -142,8 +168,16 @@ void prefetch_table(const void *tab, size_t len) + static inline void + do_prefetch_tables (const void *gcmM, size_t gcmM_size) + { ++ /* Modify counters to trigger copy-on-write and unsharing if physical pages ++ * of look-up table are shared between processes. Modifying counters also ++ * causes checksums for pages to change and hint same-page merging algorithm ++ * that these pages are frequently changing. */ ++ gcm_table.counter_head++; ++ gcm_table.counter_tail++; ++ ++ /* Prefetch look-up tables to cache. */ + prefetch_table(gcmM, gcmM_size); +- prefetch_table(gcmR, sizeof(gcmR)); ++ prefetch_table(&gcm_table, sizeof(gcm_table)); + } + + #ifdef GCM_TABLES_USE_U64 +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch new file mode 100644 index 000000000..105df2957 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch @@ -0,0 +1,79 @@ +From 7cc702c7b5a1ccc2b0091f3effa1391b6c3030fd Mon Sep 17 00:00:00 2001 +From: Hongxu Jia +Date: Wed, 16 Aug 2017 10:46:28 +0800 +Subject: [PATCH 3/4] tests/bench-slope.c: workaround ICE failure on mips with + '-O -g' + +Hit a ICE and could reduce it to the following minimal example: + +1. Only the size of array assigned with 2 caused the issue: +$ cat > mipgcc-test.c << END + +int main (int argc, char **argv) +{ + char *pStrArry[ARRAY_SIZE_MAX] = {"hello"}; + int i = 0; + + while(pStrArry[i] && i for instructions + +3. The quick workround is trying to enlarge the size of array with +larger +than 2. + +4. File a bug to GNU, but it could not be reproduced on there +environment. +http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60643 + +Upstream-Status: Inappropriate [oe specific] + +Rebase to 1.8.0 +Signed-off-by: Hongxu Jia +--- + tests/bench-slope.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/bench-slope.c b/tests/bench-slope.c +index 75e6e43..4e70842 100644 +--- a/tests/bench-slope.c ++++ b/tests/bench-slope.c +@@ -1463,7 +1463,7 @@ static struct bench_ops hash_ops = { + }; + + +-static struct bench_hash_mode hash_modes[] = { ++static struct bench_hash_mode hash_modes[3] = { + {"", &hash_ops}, + {0}, + }; +@@ -1629,7 +1629,7 @@ static struct bench_ops mac_ops = { + }; + + +-static struct bench_mac_mode mac_modes[] = { ++static struct bench_mac_mode mac_modes[3] = { + {"", &mac_ops}, + {0}, + }; +-- +1.8.3.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch new file mode 100644 index 000000000..8622df3ea --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch @@ -0,0 +1,28 @@ +From e20dbdb0b8f0af840ef90b299c4e2277c52ddf87 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia +Date: Sun, 12 Jun 2016 04:44:29 -0400 +Subject: [PATCH 4/4] tests/Makefile.am: fix undefined reference to + `pthread_create' + +Add missing '-lpthread' to CFLAGS + +Upstream-Status: Pending + +Signed-off-by: Hongxu Jia +--- + tests/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 1744ea7..04cf425 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -64,4 +64,4 @@ EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl \ + + LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS) + t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) +-t_lock_CFLAGS = $(GPG_ERROR_MT_CFLAGS) ++t_lock_CFLAGS = $(GPG_ERROR_MT_CFLAGS) -lpthread +-- +1.8.3.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/determinism.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/determinism.patch new file mode 100644 index 000000000..ad0b8c795 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/determinism.patch @@ -0,0 +1,32 @@ +gnutls detects our outer git trees and injects that revision into its objects. +That isn't deterministic so stop it. Also ensure we're not marked as a development +build as its git detection is faulty. + +RP 2020/2/6 + +Upstream-Status: Pending +Signed-off-by: Richard Purdie + + +Index: libgcrypt-1.8.5/configure.ac +=================================================================== +--- libgcrypt-1.8.5.orig/configure.ac ++++ libgcrypt-1.8.5/configure.ac +@@ -45,7 +45,7 @@ m4_define([mym4_revision_dec], + m4_define([mym4_betastring], + m4_esyscmd_s([git describe --match 'libgcrypt-[0-9].*[0-9]' --long|\ + awk -F- '$3!=0{print"-beta"$3}'])) +-m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes])) ++m4_define([mym4_isgit],[no]) + m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) + + AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) +@@ -2575,7 +2575,7 @@ AM_CONDITIONAL([BUILD_DOC], [test "x$bui + # + # Provide information about the build. + # +-BUILD_REVISION="mym4_revision" ++BUILD_REVISION="None" + AC_SUBST(BUILD_REVISION) + AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", + [GIT commit id revision used to build this package]) diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/libgcrypt_1.8.8.bb b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/libgcrypt_1.8.8.bb new file mode 100644 index 000000000..043044a4b --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/libgcrypt_1.8.8.bb @@ -0,0 +1,58 @@ +SUMMARY = "General purpose cryptographic library based on the code from GnuPG" +HOMEPAGE = "http://directory.fsf.org/project/libgcrypt/" +BUGTRACKER = "https://bugs.g10code.com/gnupg/index" +SECTION = "libs" + +# helper program gcryptrnd and getrandom are under GPL, rest LGPL +LICENSE = "GPLv2+ & LGPLv2.1+ & GPLv3+" +LICENSE_${PN} = "LGPLv2.1+" +LICENSE_${PN}-dev = "GPLv2+ & LGPLv2.1+" +LICENSE_dumpsexp-dev = "GPLv3+" + +LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \ + file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff \ + file://LICENSES;md5=840e3bcb754e5046ffeda7619034cbd8" + +DEPENDS = "libgpg-error" + +UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" +SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ + file://0001-libgcrypt-fix-m4-file-for-oe-core.patch \ + file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \ + file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \ + file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \ + file://0001-Prefetch-GCM-look-up-tables.patch \ + file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \ + file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \ + file://determinism.patch \ +" +SRC_URI[md5sum] = "252045343c586e5261134c91330f5b90" +SRC_URI[sha256sum] = "895de2bb981dd127f0821d1ce13fadf7d760f9fa7737648b15f2c1fe13cc5af5" + +BINCONFIG = "${bindir}/libgcrypt-config" + +inherit autotools texinfo binconfig-disabled pkgconfig + +EXTRA_OECONF = "--disable-asm" +EXTRA_OEMAKE_class-target = "LIBTOOLFLAGS='--tag=CC'" + +PACKAGECONFIG ??= "capabilities" +PACKAGECONFIG[capabilities] = "--with-capabilities,--without-capabilities,libcap" + +do_configure_prepend () { + # Else this could be used in preference to the one in aclocal-copy + rm -f ${S}/m4/gpg-error.m4 +} + +# libgcrypt.pc is added locally and thus installed here +do_install_append() { + install -d ${D}/${libdir}/pkgconfig + install -m 0644 ${B}/src/libgcrypt.pc ${D}/${libdir}/pkgconfig/ +} + +PACKAGES =+ "dumpsexp-dev" + +FILES_${PN}-dev += "${bindir}/hmac256" +FILES_dumpsexp-dev += "${bindir}/dumpsexp" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch new file mode 100644 index 000000000..e3f5c6de7 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch @@ -0,0 +1,45 @@ +Add target to only build tests (not run them) + +Not sending upstream as this is only a start of a solution to +installable tests: It's useful for us already as is. + +Upstream-Status: Inappropriate [not a complete solution] + +Signed-off-by: Jussi Kukkonen +Refactored for 3.4 +Signed-off-by: Armin Kuster +--- + Makefile.in | 3 +++ + testsuite/Makefile.in | 2 ++ + 2 files changed, 5 insertions(+) + +diff --git a/Makefile.in b/Makefile.in +index e5ccfc7..15c9275 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -52,6 +52,9 @@ clean distclean mostlyclean maintainer-clean tags: + echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done + $(MAKE) $@-here + ++buildtest: ++ echo "Making $@ in testsuite" ; (cd testsuite && $(MAKE) $@) ++ + check-here: + true + +diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in +index 3f5e5f6..8fd68a3 100644 +--- a/testsuite/Makefile.in ++++ b/testsuite/Makefile.in +@@ -122,6 +122,8 @@ $(TARGETS) $(EXTRA_TARGETS): testutils.$(OBJEXT) ../nettle-internal.$(OBJEXT) \ + # data. + VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes @IF_ASM@ --partial-loads-ok=yes + ++buildtest: $(TS_ALL) ++ + check: $(TS_ALL) + TEST_SHLIB_DIR="$(TEST_SHLIB_DIR)" \ + srcdir="$(srcdir)" \ +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch new file mode 100644 index 000000000..d5f266681 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch @@ -0,0 +1,36 @@ +From ffee6b5f6204a0210f717968ec6ce514d70acca1 Mon Sep 17 00:00:00 2001 +From: Haiqing Bai +Date: Fri, 9 Dec 2016 15:23:17 +0800 +Subject: [PATCH] nettle: check header files of openssl only if + 'enable_openssl=yes'. + +The original configure script checks openssl header files to generate +config.h even if 'enable_openssl' is not set to yes, this made inconsistent +building for nettle. + +Upstream-Status: Pending +Signed-off-by: Haiqing Bai + +refactored for 3.4. pending not in as of 3.4 + +Signed-off-by: Armin Kuster + +Index: nettle-3.4/configure.ac +=================================================================== +--- nettle-3.4.orig/configure.ac ++++ nettle-3.4/configure.ac +@@ -185,9 +185,11 @@ AC_HEADER_TIME + AC_CHECK_SIZEOF(long) + AC_CHECK_SIZEOF(size_t) + +-AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],, +-[enable_openssl=no +- break]) ++if test "x$enable_openssl" = "xyes"; then ++ AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],, ++ [enable_openssl=no ++ break]) ++fi + + # For use by the testsuite + AC_CHECK_HEADERS([valgrind/memcheck.h]) diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/dlopen-test.patch b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/dlopen-test.patch new file mode 100644 index 000000000..ab9b91f88 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/dlopen-test.patch @@ -0,0 +1,29 @@ +Remove the relative path for libnettle.so so the test +program can find it. +Relative paths are not suitable, as the folder strucure for ptest +is different from the one expected by the nettle testsuite. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Juro Bystricky +Signed-off-by: Mingli Yu +--- + testsuite/dlopen-test.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/testsuite/dlopen-test.c b/testsuite/dlopen-test.c +index 4265bf7..1a25d17 100644 +--- a/testsuite/dlopen-test.c ++++ b/testsuite/dlopen-test.c +@@ -15,7 +15,7 @@ int + main (int argc UNUSED, char **argv UNUSED) + { + #if HAVE_LIBDL +- void *handle = dlopen ("../libnettle." SO_EXT, RTLD_NOW); ++ void *handle = dlopen ("libnettle.so", RTLD_NOW); + int (*get_version)(void); + if (!handle) + { +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/run-ptest b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/run-ptest new file mode 100644 index 000000000..b90bed66d --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/run-ptest @@ -0,0 +1,36 @@ +#! /bin/sh + +cd testsuite + +failed=0 +all=0 + +for f in *-test; do + if [ "$f" = "sha1-huge-test" ] ; then + echo "SKIP: $f (skipped for ludicrous run time)" + continue + fi + + "./$f" + case "$?" in + 0) + echo "PASS: $f" + all=$((all + 1)) + ;; + 77) + echo "SKIP: $f" + ;; + *) + echo "FAIL: $f" + failed=$((failed + 1)) + all=$((all + 1)) + ;; + esac +done + +if [ "$failed" -eq 0 ] ; then + echo "All $all tests passed" +else + echo "$failed of $all tests failed" +fi + diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.2.bb b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.2.bb new file mode 100644 index 000000000..320a9048b --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.2.bb @@ -0,0 +1,58 @@ +SUMMARY = "A low level cryptographic library" +HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/" +DESCRIPTION = "It tries to solve a problem of providing a common set of \ +cryptographic algorithms for higher-level applications by implementing a \ +context-independent set of cryptographic algorithms" +SECTION = "libs" +LICENSE = "LGPLv3+ | GPLv2+" + +LIC_FILES_CHKSUM = "file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 \ + file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \ + file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e" + +DEPENDS += "gmp" + +SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \ + file://Add-target-to-only-build-tests-not-run-them.patch \ + file://run-ptest \ + file://check-header-files-of-openssl-only-if-enable_.patch \ + " + +SRC_URI_append_class-target = "\ + file://dlopen-test.patch \ + " + +SRC_URI[md5sum] = "22849db27ed563ebbc829273f0c97e35" +SRC_URI[sha256sum] = "8d2a604ef1cde4cd5fb77e422531ea25ad064679ff0adf956e78b3352e0ef162" + + +UPSTREAM_CHECK_REGEX = "nettle-(?P\d+(\.\d+)+)\.tar" + +inherit autotools ptest multilib_header + +EXTRA_AUTORECONF += "--exclude=aclocal" + +EXTRA_OECONF = "--disable-openssl" + +do_compile_ptest() { + oe_runmake buildtest +} + +do_install_append() { + oe_multilib_header nettle/version.h +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/testsuite/ + install ${S}/testsuite/gold-bug.txt ${D}${PTEST_PATH}/testsuite/ + install ${S}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/ + # tools can be found in PATH, not in ../tools/ + sed -i -e 's|../tools/||' ${D}${PTEST_PATH}/testsuite/*-test + install ${B}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/ +} + +RDEPENDS_${PN}-ptest += "${PN}-dev" +INSANE_SKIP_${PN}-ptest += "dev-deps" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0003-Improve-graceful-power-state-handling.patch b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0003-Improve-graceful-power-state-handling.patch new file mode 100644 index 000000000..57af6ee71 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0003-Improve-graceful-power-state-handling.patch @@ -0,0 +1,97 @@ +From a7a1a2881643e1e711136363211df30a7133cf5f Mon Sep 17 00:00:00 2001 +From: "Jason M. Bills" +Date: Thu, 4 Mar 2021 12:54:04 -0800 +Subject: [PATCH] Improve graceful power state handling + +The current timeout of 1 minute for an OS to respond to a graceful +shutdown, is not enough for some situations. Extending this to +5 minutes to allow enough time for an OS to gracefully shut down. + +This causes an issue with the current code which ignores further +power change requests during the graceful timeout, which would now +block forced shutdown and reset commands for 5 minutes. So, this +change also adds support for shutdown and reset commands to be +accepted during a graceful shutdown timeout. + +Tested: +Triggered a graceful shutdown and confirmed that it will time out +after 5 minutes and that shutdown and reset commands can be issued +during that time. + +Change-Id: Ie88207cbc754a34642b4e1bc9636a257475cdee6 +Signed-off-by: Jason M. Bills +--- + power-control-x86/src/power_control.cpp | 35 ++++++++++++++++++++++++++++++--- + 1 file changed, 32 insertions(+), 3 deletions(-) + +diff --git a/power-control-x86/src/power_control.cpp b/power-control-x86/src/power_control.cpp +index 9dc08ba..5a8487e 100644 +--- a/power-control-x86/src/power_control.cpp ++++ b/power-control-x86/src/power_control.cpp +@@ -55,9 +55,8 @@ const static constexpr int resetPulseTimeMs = 500; + const static constexpr int powerCycleTimeMs = 5000; + const static constexpr int sioPowerGoodWatchdogTimeMs = 12000; + const static constexpr int psPowerOKWatchdogTimeMs = 8000; +-const static constexpr int gracefulPowerOffTimeMs = 60000; ++const static constexpr int gracefulPowerOffTimeS = 5 * 60; + const static constexpr int warmResetCheckTimeMs = 500; +-const static constexpr int buttonMaskTimeMs = 60000; + const static constexpr int powerOffSaveTimeMs = 7000; + + const static std::filesystem::path powerControlDir = "/var/lib/power-control"; +@@ -1136,7 +1135,7 @@ static void gracefulPowerOffTimerStart() + { + std::cerr << "Graceful power-off timer started\n"; + gracefulPowerOffTimer.expires_after( +- std::chrono::milliseconds(gracefulPowerOffTimeMs)); ++ std::chrono::seconds(gracefulPowerOffTimeS)); + gracefulPowerOffTimer.async_wait([](const boost::system::error_code ec) { + if (ec) + { +@@ -1546,6 +1545,21 @@ static void powerStateGracefulTransitionToOff(const Event event) + case Event::gracefulPowerOffTimerExpired: + setPowerState(PowerState::on); + break; ++ case Event::powerOffRequest: ++ gracefulPowerOffTimer.cancel(); ++ setPowerState(PowerState::transitionToOff); ++ forcePowerOff(); ++ break; ++ case Event::powerCycleRequest: ++ gracefulPowerOffTimer.cancel(); ++ setPowerState(PowerState::transitionToCycleOff); ++ forcePowerOff(); ++ break; ++ case Event::resetRequest: ++ gracefulPowerOffTimer.cancel(); ++ setPowerState(PowerState::on); ++ reset(); ++ break; + default: + phosphor::logging::log( + "No action taken."); +@@ -1614,6 +1628,21 @@ static void powerStateGracefulTransitionToCycleOff(const Event event) + case Event::gracefulPowerOffTimerExpired: + setPowerState(PowerState::on); + break; ++ case Event::powerOffRequest: ++ gracefulPowerOffTimer.cancel(); ++ setPowerState(PowerState::transitionToOff); ++ forcePowerOff(); ++ break; ++ case Event::powerCycleRequest: ++ gracefulPowerOffTimer.cancel(); ++ setPowerState(PowerState::transitionToCycleOff); ++ forcePowerOff(); ++ break; ++ case Event::resetRequest: ++ gracefulPowerOffTimer.cancel(); ++ setPowerState(PowerState::on); ++ reset(); ++ break; + default: + phosphor::logging::log( + "No action taken."); +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend index ea6a65bb2..fbb126681 100755 --- a/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend @@ -7,4 +7,5 @@ FILESEXTRAPATHS_append := "${THISDIR}/${PN}:" SRC_URI += " \ file://0001-Extend-VR-Watchdog-timeout.patch \ file://0002-save-current-power-state-in-tmp-file.patch \ + file://0003-Improve-graceful-power-state-handling.patch \ " -- cgit v1.2.3