diff options
Diffstat (limited to 'poky/meta/recipes-devtools/qemu')
| -rw-r--r-- | poky/meta/recipes-devtools/qemu/qemu.inc | 2 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/qemu/qemu/no-ps2.patch | 123 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/qemu/qemu/pvrdma.patch | 45 |
3 files changed, 170 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index 9f2fa4322e..09a2d47005 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -32,6 +32,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0001-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \ file://0001-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch \ file://0002-virtio-net-fix-map-leaking-on-error-during-receive.patch \ + file://pvrdma.patch \ + file://no-ps2.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/qemu/qemu/no-ps2.patch b/poky/meta/recipes-devtools/qemu/qemu/no-ps2.patch new file mode 100644 index 0000000000..8c167521d7 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/no-ps2.patch @@ -0,0 +1,123 @@ +Upstream-Status: Backport [4ccd5fe22feb95137d325f422016a6473541fe9f] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From ec2d4aa7ca28127faa7ccdbf89d2bf5a4984b62f Mon Sep 17 00:00:00 2001 +From: Joelle van Dyne <j@getutm.app> +Date: Sun, 27 Feb 2022 13:06:55 -0800 +Subject: [PATCH] pc: add option to disable PS/2 mouse/keyboard + +On some older software like Windows 7 installer, having both a PS/2 +mouse and USB mouse results in only one device working property (which +might be a different device each boot). While the workaround to not use +a USB mouse with such software is valid, it creates an inconsistent +experience if the user wishes to always use a USB mouse. + +This introduces a new machine property to inhibit the creation of the +i8042 PS/2 controller. + +Signed-off-by: Joelle van Dyne <j@getutm.app> +Message-Id: <20220227210655.45592-1-j@getutm.app> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +--- + hw/i386/pc.c | 28 ++++++++++++++++++++++++++-- + include/hw/i386/pc.h | 2 ++ + 2 files changed, 28 insertions(+), 2 deletions(-) + +diff --git a/hw/i386/pc.c b/hw/i386/pc.c +index a2ef40ecbc..8a6a089ee2 100644 +--- a/hw/i386/pc.c ++++ b/hw/i386/pc.c +@@ -1008,7 +1008,8 @@ static const MemoryRegionOps ioportF0_io_ops = { + }, + }; + +-static void pc_superio_init(ISABus *isa_bus, bool create_fdctrl, bool no_vmport) ++static void pc_superio_init(ISABus *isa_bus, bool create_fdctrl, ++ bool create_i8042, bool no_vmport) + { + int i; + DriveInfo *fd[MAX_FD]; +@@ -1030,6 +1031,10 @@ static void pc_superio_init(ISABus *isa_bus, bool create_fdctrl, bool no_vmport) + } + } + ++ if (!create_i8042) { ++ return; ++ } ++ + i8042 = isa_create_simple(isa_bus, "i8042"); + if (!no_vmport) { + isa_create_simple(isa_bus, TYPE_VMPORT); +@@ -1125,7 +1130,8 @@ void pc_basic_device_init(struct PCMachineState *pcms, + i8257_dma_init(isa_bus, 0); + + /* Super I/O */ +- pc_superio_init(isa_bus, create_fdctrl, pcms->vmport != ON_OFF_AUTO_ON); ++ pc_superio_init(isa_bus, create_fdctrl, pcms->i8042_enabled, ++ pcms->vmport != ON_OFF_AUTO_ON); + } + + void pc_nic_init(PCMachineClass *pcmc, ISABus *isa_bus, PCIBus *pci_bus) +@@ -1506,6 +1512,20 @@ static void pc_machine_set_hpet(Object *obj, bool value, Error **errp) + pcms->hpet_enabled = value; + } + ++static bool pc_machine_get_i8042(Object *obj, Error **errp) ++{ ++ PCMachineState *pcms = PC_MACHINE(obj); ++ ++ return pcms->i8042_enabled; ++} ++ ++static void pc_machine_set_i8042(Object *obj, bool value, Error **errp) ++{ ++ PCMachineState *pcms = PC_MACHINE(obj); ++ ++ pcms->i8042_enabled = value; ++} ++ + static bool pc_machine_get_default_bus_bypass_iommu(Object *obj, Error **errp) + { + PCMachineState *pcms = PC_MACHINE(obj); +@@ -1616,6 +1636,7 @@ static void pc_machine_initfn(Object *obj) + pcms->smbus_enabled = true; + pcms->sata_enabled = true; + pcms->pit_enabled = true; ++ pcms->i8042_enabled = true; + pcms->max_fw_size = 8 * MiB; + #ifdef CONFIG_HPET + pcms->hpet_enabled = true; +@@ -1744,6 +1765,9 @@ static void pc_machine_class_init(ObjectClass *oc, void *data) + object_class_property_add_bool(oc, "hpet", + pc_machine_get_hpet, pc_machine_set_hpet); + ++ object_class_property_add_bool(oc, PC_MACHINE_I8042, ++ pc_machine_get_i8042, pc_machine_set_i8042); ++ + object_class_property_add_bool(oc, "default-bus-bypass-iommu", + pc_machine_get_default_bus_bypass_iommu, + pc_machine_set_default_bus_bypass_iommu); +diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h +index 9ab39e428f..642c915aa3 100644 +--- a/include/hw/i386/pc.h ++++ b/include/hw/i386/pc.h +@@ -46,6 +46,7 @@ typedef struct PCMachineState { + bool sata_enabled; + bool pit_enabled; + bool hpet_enabled; ++ bool i8042_enabled; + bool default_bus_bypass_iommu; + uint64_t max_fw_size; + +@@ -62,6 +63,7 @@ typedef struct PCMachineState { + #define PC_MACHINE_SMBUS "smbus" + #define PC_MACHINE_SATA "sata" + #define PC_MACHINE_PIT "pit" ++#define PC_MACHINE_I8042 "i8042" + #define PC_MACHINE_MAX_FW_SIZE "max-fw-size" + /** + * PCMachineClass: +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/pvrdma.patch b/poky/meta/recipes-devtools/qemu/qemu/pvrdma.patch new file mode 100644 index 0000000000..7b0335b1dc --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/pvrdma.patch @@ -0,0 +1,45 @@ +hw/pvrdma: Protect against buggy or malicious guest driver + +Guest driver might execute HW commands when shared buffers are not yet +allocated. +This might happen on purpose (malicious guest) or because some other +guest/host address mapping. +We need to protect againts such case. + +Reported-by: Mauro Matteo Cascella <mcascell@redhat.com> +Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com> + +CVE: CVE-2022-1050 +Upstream-Status: Submitted [https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05197.html] + +Index: qemu-6.2.0/hw/rdma/vmw/pvrdma_cmd.c +=================================================================== +--- qemu-6.2.0.orig/hw/rdma/vmw/pvrdma_cmd.c ++++ qemu-6.2.0/hw/rdma/vmw/pvrdma_cmd.c +@@ -796,6 +796,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev) + + dsr_info = &dev->dsr_info; + ++ if (!dsr_info->dsr) { ++ /* Buggy or malicious guest driver */ ++ rdma_error_report("Exec command without dsr, req or rsp buffers"); ++ goto out; ++ } ++ + if (dsr_info->req->hdr.cmd >= sizeof(cmd_handlers) / + sizeof(struct cmd_handler)) { + rdma_error_report("Unsupported command"); +Index: qemu-6.2.0/hw/rdma/vmw/pvrdma_main.c +=================================================================== +--- qemu-6.2.0.orig/hw/rdma/vmw/pvrdma_main.c ++++ qemu-6.2.0/hw/rdma/vmw/pvrdma_main.c +@@ -249,7 +249,8 @@ static void init_dsr_dev_caps(PVRDMADev + { + struct pvrdma_device_shared_region *dsr; + +- if (dev->dsr_info.dsr == NULL) { ++ if (!dev->dsr_info.dsr) { ++ /* Buggy or malicious guest driver */ + rdma_error_report("Can't initialized DSR"); + return; + } |