diff options
Diffstat (limited to 'poky/meta/recipes-devtools/qemu')
7 files changed, 257 insertions, 6 deletions
diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_6.2.0.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_6.2.0.bb index b544ab4e81..bc5384d472 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-system-native_6.2.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu-system-native_6.2.0.bb @@ -12,7 +12,7 @@ DEPENDS = "glib-2.0-native zlib-native pixman-native qemu-native bison-native me EXTRA_OECONF:append = " --target-list=${@get_qemu_system_target_list(d)}" PACKAGECONFIG ??= "fdt alsa kvm pie \ - ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ " # Handle distros such as CentOS 5 32-bit that do not have kvm support diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index cbbb99f611..9f2fa4322e 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -28,6 +28,10 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0001-tests-meson.build-use-relative-path-to-refer-to-file.patch \ file://0001-riscv-Set-5.4-as-minimum-kernel-version-for-riscv32.patch \ file://0001-acpi-tpm-Add-missing-device-identification-objects.patch \ + file://0001-ppc-Include-asm-ptrace.h-for-pt_regs-struct-definiti.patch \ + file://0001-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \ + file://0001-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch \ + file://0002-virtio-net-fix-map-leaking-on-error-during-receive.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" @@ -140,8 +144,8 @@ do_install:append() { # END of qemu-mips workaround # Disable kvm/virgl/mesa on targets that do not support it -PACKAGECONFIG:remove:darwin = "kvm virglrenderer glx gtk+" -PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer glx gtk+" +PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+" +PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+" PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2" PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr," @@ -163,7 +167,7 @@ PACKAGECONFIG[nettle] = "--enable-nettle,--disable-nettle,nettle" PACKAGECONFIG[libusb] = "--enable-libusb,--disable-libusb,libusb1" PACKAGECONFIG[fdt] = "--enable-fdt,--disable-fdt,dtc" PACKAGECONFIG[alsa] = "--audio-drv-list=default,,alsa-lib" -PACKAGECONFIG[glx] = "--enable-opengl,--disable-opengl,virtual/libgl" +PACKAGECONFIG[epoxy] = "--enable-opengl,--disable-opengl,libepoxy" PACKAGECONFIG[lzo] = "--enable-lzo,--disable-lzo,lzo" PACKAGECONFIG[numa] = "--enable-numa,--disable-numa,numactl" PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls" diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch new file mode 100644 index 0000000000..4691a3672a --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/0001-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch @@ -0,0 +1,48 @@ +From 444e80e63d35006f41e7d658e2bf6d7c9f7641df Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 21 Mar 2022 10:09:38 -0700 +Subject: [PATCH] Define MAP_SYNC and MAP_SHARED_VALIDATE on needed linux + systems + +linux only wires MAP_SYNC and MAP_SHARED_VALIDATE for architectures +which include asm-generic/mman.h and mips/powerpc are not including this +file in linux/mman.h, therefore these should be defined for such +architectures on Linux as well. This fixes build on mips/musl/linux + +Upstream-Status: Submitted [https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05298.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Cc: Zhang Yi <yi.z.zhang@linux.intel.com> +Cc: Michael S. Tsirkin <mst@redhat.com> +--- + util/mmap-alloc.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c +index 893d864354..86d3cda248 100644 +--- a/util/mmap-alloc.c ++++ b/util/mmap-alloc.c +@@ -10,14 +10,18 @@ + * later. See the COPYING file in the top-level directory. + */ + ++#include "qemu/osdep.h" + #ifdef CONFIG_LINUX + #include <linux/mman.h> +-#else /* !CONFIG_LINUX */ ++#endif /* CONFIG_LINUX */ ++ ++#ifndef MAP_SYNC + #define MAP_SYNC 0x0 ++#endif /* MAP_SYNC */ ++#ifndef MAP_SHARED_VALIDATE + #define MAP_SHARED_VALIDATE 0x0 +-#endif /* CONFIG_LINUX */ ++#endif /* MAP_SHARED_VALIDATE */ + +-#include "qemu/osdep.h" + #include "qemu/mmap-alloc.h" + #include "qemu/host-utils.h" + #include "qemu/cutils.h" +-- +2.35.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-ppc-Include-asm-ptrace.h-for-pt_regs-struct-definiti.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-ppc-Include-asm-ptrace.h-for-pt_regs-struct-definiti.patch new file mode 100644 index 0000000000..e8e42007df --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/0001-ppc-Include-asm-ptrace.h-for-pt_regs-struct-definiti.patch @@ -0,0 +1,92 @@ +From 91e15627fd05d5a59fd2b88bc5c3491d3e0b56b0 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 14 Mar 2022 09:58:21 -0700 +Subject: [PATCH] ppc: Include asm/ptrace.h for pt_regs struct definition +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes +../qemu-6.2.0/linux-user/host/ppc64/../ppc/host-signal.h:16:32: error: incomplete definition of type 'struct pt_regs' + return uc->uc_mcontext.regs->nip; + ~~~~~~~~~~~~~~~~~~~~^ + +Upstream-Status: Submitted [https://patchwork.kernel.org/project/qemu-devel/patch/20220314170223.554679-1-raj.khem@gmail.com/] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Cc: Peter Maydell <peter.maydell@linaro.org> +Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> +Cc: Richard Henderson <richard.henderson@linaro.org> +--- + linux-user/include/host/ppc/host-signal.h | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/linux-user/host/ppc/host-signal.h ++++ /dev/null +@@ -1,30 +0,0 @@ +-/* +- * host-signal.h: signal info dependent on the host architecture +- * +- * Copyright (c) 2003-2005 Fabrice Bellard +- * Copyright (c) 2021 Linaro Limited +- * +- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. +- * See the COPYING file in the top-level directory. +- */ +- +-#ifndef PPC_HOST_SIGNAL_H +-#define PPC_HOST_SIGNAL_H +- +-static inline uintptr_t host_signal_pc(ucontext_t *uc) +-{ +- return uc->uc_mcontext.regs->nip; +-} +- +-static inline void host_signal_set_pc(ucontext_t *uc, uintptr_t pc) +-{ +- uc->uc_mcontext.regs->nip = pc; +-} +- +-static inline bool host_signal_write(siginfo_t *info, ucontext_t *uc) +-{ +- return uc->uc_mcontext.regs->trap != 0x400 +- && (uc->uc_mcontext.regs->dsisr & 0x02000000); +-} +- +-#endif +--- a/linux-user/host/ppc64/host-signal.h ++++ b/linux-user/host/ppc64/host-signal.h +@@ -1 +1,32 @@ +-#include "../ppc/host-signal.h" ++/* ++ * host-signal.h: signal info dependent on the host architecture ++ * ++ * Copyright (c) 2003-2005 Fabrice Bellard ++ * Copyright (c) 2021 Linaro Limited ++ * ++ * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. ++ * See the COPYING file in the top-level directory. ++ */ ++ ++#ifndef PPC_HOST_SIGNAL_H ++#define PPC_HOST_SIGNAL_H ++ ++#include <asm/ptrace.h> ++ ++static inline uintptr_t host_signal_pc(ucontext_t *uc) ++{ ++ return uc->uc_mcontext.gp_regs[PT_NIP]; ++} ++ ++static inline void host_signal_set_pc(ucontext_t *uc, uintptr_t pc) ++{ ++ uc->uc_mcontext.gp_regs[PT_NIP] = pc; ++} ++ ++static inline bool host_signal_write(siginfo_t *info, ucontext_t *uc) ++{ ++ return uc->uc_mcontext.gp_regs[PT_TRAP] != 0x400 ++ && (uc->uc_mcontext.gp_regs[PT_DSISR] & 0x02000000); ++} ++ ++#endif diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch new file mode 100644 index 0000000000..dcea9040c7 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/0001-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch @@ -0,0 +1,60 @@ +CVE: CVE-2022-26354 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 0190d651a73463dc2b8f170b29326d1f38140a04 Mon Sep 17 00:00:00 2001 +From: Stefano Garzarella <sgarzare@redhat.com> +Date: Mon, 28 Feb 2022 10:50:58 +0100 +Subject: [PATCH 1/2] vhost-vsock: detach the virqueue element in case of error + +In vhost_vsock_common_send_transport_reset(), if an element popped from +the virtqueue is invalid, we should call virtqueue_detach_element() to +detach it from the virtqueue before freeing its memory. + +Fixes: fc0b9b0e1c ("vhost-vsock: add virtio sockets device") +Fixes: CVE-2022-26354 +Cc: qemu-stable@nongnu.org +Reported-by: VictorV <vv474172261@gmail.com> +Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> +Message-Id: <20220228095058.27899-1-sgarzare@redhat.com> +Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +--- + hw/virtio/vhost-vsock-common.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/hw/virtio/vhost-vsock-common.c b/hw/virtio/vhost-vsock-common.c +index 3f3771274e..ed706681ac 100644 +--- a/hw/virtio/vhost-vsock-common.c ++++ b/hw/virtio/vhost-vsock-common.c +@@ -153,19 +153,23 @@ static void vhost_vsock_common_send_transport_reset(VHostVSockCommon *vvc) + if (elem->out_num) { + error_report("invalid vhost-vsock event virtqueue element with " + "out buffers"); +- goto out; ++ goto err; + } + + if (iov_from_buf(elem->in_sg, elem->in_num, 0, + &event, sizeof(event)) != sizeof(event)) { + error_report("vhost-vsock event virtqueue element is too short"); +- goto out; ++ goto err; + } + + virtqueue_push(vq, elem, sizeof(event)); + virtio_notify(VIRTIO_DEVICE(vvc), vq); + +-out: ++ g_free(elem); ++ return; ++ ++err: ++ virtqueue_detach_element(vq, elem, 0); + g_free(elem); + } + +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu/0002-virtio-net-fix-map-leaking-on-error-during-receive.patch b/poky/meta/recipes-devtools/qemu/qemu/0002-virtio-net-fix-map-leaking-on-error-during-receive.patch new file mode 100644 index 0000000000..59ccfdd03c --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/0002-virtio-net-fix-map-leaking-on-error-during-receive.patch @@ -0,0 +1,43 @@ +CVE: CVE-2022-26353 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 4d65ecbddd16f38a8cf23b3053ca5c3594f8d4a4 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Tue, 8 Mar 2022 10:42:51 +0800 +Subject: [PATCH 2/2] virtio-net: fix map leaking on error during receive + +Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg") +tries to fix the use after free of the sg by caching the virtqueue +elements in an array and unmap them at once after receiving the +packets, But it forgot to unmap the cached elements on error which +will lead to leaking of mapping and other unexpected results. + +Fixing this by detaching the cached elements on error. This addresses +CVE-2022-26353. + +Reported-by: Victor Tom <vv474172261@gmail.com> +Cc: qemu-stable@nongnu.org +Fixes: CVE-2022-26353 +Fixes: bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg") +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> +--- + hw/net/virtio-net.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c +index f2014d5ea0..e1f4748831 100644 +--- a/hw/net/virtio-net.c ++++ b/hw/net/virtio-net.c +@@ -1862,6 +1862,7 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, + + err: + for (j = 0; j < i; j++) { ++ virtqueue_detach_element(q->rx_vq, elems[j], lens[j]); + g_free(elems[j]); + } + +-- +2.25.1 + diff --git a/poky/meta/recipes-devtools/qemu/qemu_6.2.0.bb b/poky/meta/recipes-devtools/qemu/qemu_6.2.0.bb index 062ed32b01..9f7fad9886 100644 --- a/poky/meta/recipes-devtools/qemu/qemu_6.2.0.bb +++ b/poky/meta/recipes-devtools/qemu/qemu_6.2.0.bb @@ -6,6 +6,8 @@ DEPENDS = "glib-2.0 zlib pixman bison-native ninja-native meson-native" DEPENDS:append:libc-musl = " libucontext" +CFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', '-DEGL_NO_X11=1', d)}" + RDEPENDS:${PN}:class-target += "bash" EXTRA_OECONF:append:class-target = " --target-list=${@get_qemu_target_list(d)}" @@ -15,9 +17,11 @@ EXTRA_OECONF:append:class-nativesdk = " --target-list=${@get_qemu_target_list(d) PACKAGECONFIG ??= " \ fdt sdl kvm pie \ ${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \ " PACKAGECONFIG:class-nativesdk ??= "fdt sdl kvm pie \ - ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ " +# ppc32 hosts are no longer supported in qemu +COMPATIBLE_HOST:powerpc = "null" |