From patchwork Mon Feb 7 09:06:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 14151 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org From: "Anuj Mittal" Subject: [hardknott][PATCH 01/12] qemu: fix CVE-2021-3713 Date: Mon, 7 Feb 2022 17:06:51 +0800 Message-Id: <7879ba4406eb9633079275c57abeee9e738b1c99.1644224643.git.anuj.mittal@intel.com> In-Reply-To: References: MIME-Version: 1.0 List-id: To: openembedded-core@lists.openembedded.org From: Sakib Sajal Signed-off-by: Sakib Sajal Signed-off-by: Anuj Mittal --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2021-3713.patch | 68 +++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3713.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 463339e42b..3aad41088a 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -70,6 +70,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3607.patch \ file://CVE-2021-3608.patch \ file://CVE-2021-3682.patch \ + file://CVE-2021-3713.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3713.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3713.patch new file mode 100644 index 0000000000..33fca66d3d --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3713.patch @@ -0,0 +1,68 @@ +From 9a8f71ec660e67c51cc5905dd9d2a12ff78ce743 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Wed, 18 Aug 2021 14:05:05 +0200 +Subject: [PATCH 08/12] uas: add stream number sanity checks. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The device uses the guest-supplied stream number unchecked, which can +lead to guest-triggered out-of-band access to the UASDevice->data3 and +UASDevice->status3 fields. Add the missing checks. + +Fixes: CVE-2021-3713 +Signed-off-by: Gerd Hoffmann +Reported-by: Chen Zhe +Reported-by: Tan Jingguo +Reviewed-by: Philippe Mathieu-Daudé +Message-Id: <20210818120505.1258262-2-kraxel@redhat.com> +(cherry picked from commit 13b250b12ad3c59114a6a17d59caf073ce45b33a) +Signed-off-by: Michael Roth + +Upstream-Status: Backport [36403e8788a264dc96174f52584681ebcb4f54b1] +CVE: CVE-2021-3713 + +Signed-off-by: Sakib Sajal +--- + hw/usb/dev-uas.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c +index cec071d96..157734eb0 100644 +--- a/hw/usb/dev-uas.c ++++ b/hw/usb/dev-uas.c +@@ -831,6 +831,9 @@ static void usb_uas_handle_data(USBDevice *dev, USBPacket *p) + } + break; + case UAS_PIPE_ID_STATUS: ++ if (p->stream > UAS_MAX_STREAMS) { ++ goto err_stream; ++ } + if (p->stream) { + QTAILQ_FOREACH(st, &uas->results, next) { + if (st->stream == p->stream) { +@@ -858,6 +861,9 @@ static void usb_uas_handle_data(USBDevice *dev, USBPacket *p) + break; + case UAS_PIPE_ID_DATA_IN: + case UAS_PIPE_ID_DATA_OUT: ++ if (p->stream > UAS_MAX_STREAMS) { ++ goto err_stream; ++ } + if (p->stream) { + req = usb_uas_find_request(uas, p->stream); + } else { +@@ -893,6 +899,11 @@ static void usb_uas_handle_data(USBDevice *dev, USBPacket *p) + p->status = USB_RET_STALL; + break; + } ++ ++err_stream: ++ error_report("%s: invalid stream %d", __func__, p->stream); ++ p->status = USB_RET_STALL; ++ return; + } + + static void usb_uas_unrealize(USBDevice *dev) +-- +2.31.1 + From patchwork Mon Feb 7 09:06:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 3363 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4D1FC433F5 for ; Mon, 7 Feb 2022 09:07:15 +0000 (UTC) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.19860.1644224834864333556 for ; Mon, 07 Feb 2022 01:07:15 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=NHppgxw4; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644224835; x=1675760835; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=BxRlVEON8IVyEPziq5LUMoZMa0JvFqb6ozhkZJolmzU=; b=NHppgxw4DxEECguoo2sPm1XIqEAzSUyHgXr5nt1FSunHIcqqC8XaXaaT 6jsu8agWL4/TXF4sR+rGenmXmysQDRYOZ/wkHdXwMnCsffoZsNweXWS7B UhrbapJm4kkrsV7goQzjgP2HqUqcDEAQY3oEUz/skpmQKqgpMhgck/ixw pDt9ybDYBDDqYQmlmrVU4w1a3yDvCKZSIlJFDBAig66oytRMOYhi3ureg tPuX0yTSQmOIwuevBFjoF2JsrF6hlWCICHeyYT8Y2my+kkvQnyxmaXpnM Ewlnym8/tzhd3X9TgowI8fF1hlAJUi0nPH4tBONmWRXhsSjE/xpdAcATa A==; X-IronPort-AV: E=McAfee;i="6200,9189,10250"; a="309420786" X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="309420786" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:13 -0800 X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="499140394" Received: from xgoh-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.138.138]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:10 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 02/12] qemu: fix CVE-2021-3748 Date: Mon, 7 Feb 2022 17:06:52 +0800 Message-Id: <6fe3b1002a273808fe4caf6f2e1ecd54729b954d.1644224643.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 07 Feb 2022 09:07:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161445 From: Sakib Sajal Signed-off-by: Sakib Sajal Signed-off-by: Anuj Mittal --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2021-3748.patch | 127 ++++++++++++++++++ 2 files changed, 128 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3748.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 3aad41088a..5c1c88db25 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -71,6 +71,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3608.patch \ file://CVE-2021-3682.patch \ file://CVE-2021-3713.patch \ + file://CVE-2021-3748.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3748.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3748.patch new file mode 100644 index 0000000000..4765f24739 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3748.patch @@ -0,0 +1,127 @@ +From bacc200f623647632258f7efc0f098ac30dd4225 Mon Sep 17 00:00:00 2001 +From: Jason Wang +Date: Thu, 2 Sep 2021 13:44:12 +0800 +Subject: [PATCH 09/12] virtio-net: fix use after unmap/free for sg + +When mergeable buffer is enabled, we try to set the num_buffers after +the virtqueue elem has been unmapped. This will lead several issues, +E.g a use after free when the descriptor has an address which belongs +to the non direct access region. In this case we use bounce buffer +that is allocated during address_space_map() and freed during +address_space_unmap(). + +Fixing this by storing the elems temporarily in an array and delay the +unmap after we set the the num_buffers. + +This addresses CVE-2021-3748. + +Reported-by: Alexander Bulekov +Fixes: fbe78f4f55c6 ("virtio-net support") +Cc: qemu-stable@nongnu.org +Signed-off-by: Jason Wang + +Upstream-Status: Backport [bedd7e93d01961fcb16a97ae45d93acf357e11f6] +CVE: CVE-2021-3748 + +Signed-off-by: Sakib Sajal +--- + hw/net/virtio-net.c | 39 ++++++++++++++++++++++++++++++++------- + 1 file changed, 32 insertions(+), 7 deletions(-) + +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c +index 9179013ac..df1d30e2c 100644 +--- a/hw/net/virtio-net.c ++++ b/hw/net/virtio-net.c +@@ -1665,10 +1665,13 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, + VirtIONet *n = qemu_get_nic_opaque(nc); + VirtIONetQueue *q = virtio_net_get_subqueue(nc); + VirtIODevice *vdev = VIRTIO_DEVICE(n); ++ VirtQueueElement *elems[VIRTQUEUE_MAX_SIZE]; ++ size_t lens[VIRTQUEUE_MAX_SIZE]; + struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE]; + struct virtio_net_hdr_mrg_rxbuf mhdr; + unsigned mhdr_cnt = 0; +- size_t offset, i, guest_offset; ++ size_t offset, i, guest_offset, j; ++ ssize_t err; + + if (!virtio_net_can_receive(nc)) { + return -1; +@@ -1699,6 +1702,12 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, + + total = 0; + ++ if (i == VIRTQUEUE_MAX_SIZE) { ++ virtio_error(vdev, "virtio-net unexpected long buffer chain"); ++ err = size; ++ goto err; ++ } ++ + elem = virtqueue_pop(q->rx_vq, sizeof(VirtQueueElement)); + if (!elem) { + if (i) { +@@ -1710,7 +1719,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, + n->guest_hdr_len, n->host_hdr_len, + vdev->guest_features); + } +- return -1; ++ err = -1; ++ goto err; + } + + if (elem->in_num < 1) { +@@ -1718,7 +1728,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, + "virtio-net receive queue contains no in buffers"); + virtqueue_detach_element(q->rx_vq, elem, 0); + g_free(elem); +- return -1; ++ err = -1; ++ goto err; + } + + sg = elem->in_sg; +@@ -1755,12 +1766,13 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, + if (!n->mergeable_rx_bufs && offset < size) { + virtqueue_unpop(q->rx_vq, elem, total); + g_free(elem); +- return size; ++ err = size; ++ goto err; + } + +- /* signal other side */ +- virtqueue_fill(q->rx_vq, elem, total, i++); +- g_free(elem); ++ elems[i] = elem; ++ lens[i] = total; ++ i++; + } + + if (mhdr_cnt) { +@@ -1770,10 +1782,23 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, + &mhdr.num_buffers, sizeof mhdr.num_buffers); + } + ++ for (j = 0; j < i; j++) { ++ /* signal other side */ ++ virtqueue_fill(q->rx_vq, elems[j], lens[j], j); ++ g_free(elems[j]); ++ } ++ + virtqueue_flush(q->rx_vq, i); + virtio_notify(vdev, q->rx_vq); + + return size; ++ ++err: ++ for (j = 0; j < i; j++) { ++ g_free(elems[j]); ++ } ++ ++ return err; + } + + static ssize_t virtio_net_do_receive(NetClientState *nc, const uint8_t *buf, +-- +2.31.1 + From patchwork Mon Feb 7 09:06:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 3362 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5A41C433FE for ; Mon, 7 Feb 2022 09:07:15 +0000 (UTC) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.19860.1644224834864333556 for ; Mon, 07 Feb 2022 01:07:15 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=S/5f1QDJ; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644224834; x=1675760834; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=ayrlJBLzg3Nz7PXQNjfNPCFDA8ZOlZ4AmEHx+Q2RDxE=; b=S/5f1QDJaHSpBMREE/wceUXbz+1tuDpwOHpMfaQZcpl+ya9zJGr6/GJ4 ZeE6OUZ80viozMSo9scTY/W5+wP47Oei61LOo4EqRp7Zih61/GrwKDZ9n 5tPT4sWV0VbGBASlHtdpaVbPeP76yMKXl2pQi0NJHfi9u5y9p8lsVsszD J4Iir/Sf9KEfUqs6RjIoy9qpnYDJGM4YnRxo/WgzoPhctez2Iev7qP+CU PwbCpR2B5RfpDty/elbr9A33EyVX9PxXVOGD+Iw6Sc6YHdPLMDLdp727U FvvIT+SmKEQo0kJX+UQXvcl8SH3bIKMmY/+YMF+rRoAygrkMeKKR/RSfT w==; X-IronPort-AV: E=McAfee;i="6200,9189,10250"; a="309420787" X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="309420787" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:13 -0800 X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="499140398" Received: from xgoh-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.138.138]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:11 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 03/12] qemu: fix CVE-2021-3930 Date: Mon, 7 Feb 2022 17:06:53 +0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 07 Feb 2022 09:07:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161444 From: Sakib Sajal Signed-off-by: Sakib Sajal Signed-off-by: Anuj Mittal --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2021-3930.patch | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3930.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 5c1c88db25..35aa3e1d7e 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -72,6 +72,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3682.patch \ file://CVE-2021-3713.patch \ file://CVE-2021-3748.patch \ + file://CVE-2021-3930.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3930.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3930.patch new file mode 100644 index 0000000000..bfbe5cee33 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3930.patch @@ -0,0 +1,53 @@ +From cdca50eff9c38367be54f92839734ab490c8b0f7 Mon Sep 17 00:00:00 2001 +From: Mauro Matteo Cascella +Date: Thu, 4 Nov 2021 17:31:38 +0100 +Subject: [PATCH 10/12] hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE + SELECT commands + +This avoids an off-by-one read of 'mode_sense_valid' buffer in +hw/scsi/scsi-disk.c:mode_sense_page(). + +Fixes: CVE-2021-3930 +Cc: qemu-stable@nongnu.org +Reported-by: Alexander Bulekov +Fixes: a8f4bbe2900 ("scsi-disk: store valid mode pages in a table") +Fixes: #546 +Reported-by: Qiuhao Li +Signed-off-by: Mauro Matteo Cascella +Signed-off-by: Paolo Bonzini + +Upstream-Status: Backport [b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8] +CVE: CVE-2021-3930 + +Signed-off-by: Sakib Sajal +--- + hw/scsi/scsi-disk.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c +index 90841ad79..5b44ed7d8 100644 +--- a/hw/scsi/scsi-disk.c ++++ b/hw/scsi/scsi-disk.c +@@ -1100,6 +1100,7 @@ static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, + uint8_t *p = *p_outbuf + 2; + int length; + ++ assert(page < ARRAY_SIZE(mode_sense_valid)); + if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { + return -1; + } +@@ -1441,6 +1442,11 @@ static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, + return -1; + } + ++ /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */ ++ if (page == MODE_PAGE_ALLS) { ++ return -1; ++ } ++ + p = mode_current; + memset(mode_current, 0, inlen + 2); + len = mode_sense_page(s, page, &p, 0); +-- +2.31.1 + From patchwork Mon Feb 7 09:06:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 14152 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org From: "Anuj Mittal" Subject: [hardknott][PATCH 04/12] qemu: fix CVE-2021-20196 Date: Mon, 7 Feb 2022 17:06:54 +0800 Message-Id: <3014cb660e7128f65ee2aec004ede39e80cd891d.1644224643.git.anuj.mittal@intel.com> In-Reply-To: References: MIME-Version: 1.0 List-id: To: openembedded-core@lists.openembedded.org From: Sakib Sajal Signed-off-by: Sakib Sajal Signed-off-by: Anuj Mittal --- meta/recipes-devtools/qemu/qemu.inc | 2 + .../qemu/qemu/CVE-2021-20196_1.patch | 54 +++++++++++++++ .../qemu/qemu/CVE-2021-20196_2.patch | 67 +++++++++++++++++++ 3 files changed, 123 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-20196_1.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-20196_2.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 35aa3e1d7e..568ef1be94 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -73,6 +73,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3713.patch \ file://CVE-2021-3748.patch \ file://CVE-2021-3930.patch \ + file://CVE-2021-20196_1.patch \ + file://CVE-2021-20196_2.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-20196_1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-20196_1.patch new file mode 100644 index 0000000000..8b1ad0423b --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-20196_1.patch @@ -0,0 +1,54 @@ +From e907ff3d4cb7fd20d402f45355059e67d0dc93e7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Wed, 24 Nov 2021 17:15:34 +0100 +Subject: [PATCH 11/12] hw/block/fdc: Extract blk_create_empty_drive() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We are going to re-use this code in the next commit, +so extract it as a new blk_create_empty_drive() function. + +Inspired-by: Hanna Reitz +Signed-off-by: Philippe Mathieu-Daudé +Message-id: 20211124161536.631563-2-philmd@redhat.com +Signed-off-by: John Snow + +Upstream-Status: Backport [b154791e7b6d4ca5cdcd54443484d97360bd7ad2] +CVE: CVE-2021-20196 + +Signed-off-by: Sakib Sajal +--- + hw/block/fdc.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/hw/block/fdc.c b/hw/block/fdc.c +index 4c2c35e22..854b4f172 100644 +--- a/hw/block/fdc.c ++++ b/hw/block/fdc.c +@@ -61,6 +61,12 @@ + } while (0) + + ++/* Anonymous BlockBackend for empty drive */ ++static BlockBackend *blk_create_empty_drive(void) ++{ ++ return blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); ++} ++ + /********************************************************/ + /* qdev floppy bus */ + +@@ -543,8 +549,7 @@ static void floppy_drive_realize(DeviceState *qdev, Error **errp) + } + + if (!dev->conf.blk) { +- /* Anonymous BlockBackend for an empty drive */ +- dev->conf.blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL); ++ dev->conf.blk = blk_create_empty_drive(); + ret = blk_attach_dev(dev->conf.blk, qdev); + assert(ret == 0); + +-- +2.31.1 + diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-20196_2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-20196_2.patch new file mode 100644 index 0000000000..dd442ccb8f --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-20196_2.patch @@ -0,0 +1,67 @@ +From 1d48445a951fd5504190a38abeda70ea9372cf77 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Wed, 24 Nov 2021 17:15:35 +0100 +Subject: [PATCH 12/12] hw/block/fdc: Kludge missing floppy drive to fix + CVE-2021-20196 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Guest might select another drive on the bus by setting the +DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR). +The current controller model doesn't expect a BlockBackend +to be NULL. A simple way to fix CVE-2021-20196 is to create +an empty BlockBackend when it is missing. All further +accesses will be safely handled, and the controller state +machines keep behaving correctly. + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2021-20196 +Reported-by: Gaoning Pan (Ant Security Light-Year Lab) +Reviewed-by: Darren Kenny +Reviewed-by: Hanna Reitz +Signed-off-by: Philippe Mathieu-Daudé +Message-id: 20211124161536.631563-3-philmd@redhat.com +BugLink: https://bugs.launchpad.net/qemu/+bug/1912780 +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/338 +Reviewed-by: Darren Kenny +Reviewed-by: Hanna Reitz +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: John Snow + +Upstream-Status: Backport [1ab95af033a419e7a64e2d58e67dd96b20af5233] +CVE: CVE-2021-20196 + +Signed-off-by: Sakib Sajal +--- + hw/block/fdc.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/hw/block/fdc.c b/hw/block/fdc.c +index 854b4f172..a736c4d14 100644 +--- a/hw/block/fdc.c ++++ b/hw/block/fdc.c +@@ -1365,7 +1365,19 @@ static FDrive *get_drv(FDCtrl *fdctrl, int unit) + + static FDrive *get_cur_drv(FDCtrl *fdctrl) + { +- return get_drv(fdctrl, fdctrl->cur_drv); ++ FDrive *cur_drv = get_drv(fdctrl, fdctrl->cur_drv); ++ ++ if (!cur_drv->blk) { ++ /* ++ * Kludge: empty drive line selected. Create an anonymous ++ * BlockBackend to avoid NULL deref with various BlockBackend ++ * API calls within this model (CVE-2021-20196). ++ * Due to the controller QOM model limitations, we don't ++ * attach the created to the controller device. ++ */ ++ cur_drv->blk = blk_create_empty_drive(); ++ } ++ return cur_drv; + } + + /* Status A register : 0x00 (read-only) */ +-- +2.31.1 + From patchwork Mon Feb 7 09:06:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 3364 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB65CC433EF for ; Mon, 7 Feb 2022 09:07:17 +0000 (UTC) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.19860.1644224834864333556 for ; Mon, 07 Feb 2022 01:07:17 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=KHUiQDW7; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644224836; x=1675760836; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=Up5llH4y/hTd9oRq/a7JjDYrKQG5s53LEFL7Ndz+0oA=; b=KHUiQDW7m75F1/kbBYepUCkkmZdZ4lsR4afxhinyiqofXPQ3oLMSLFtM 3uv9f7dOESvWFZPGDGFbs44xA5EZU61tdY0kt/j26tlWSJsW1mAnZtBUM ldKpgYutXTFu8fCRWSEDqERk3jg7kKh9G67YEss0L/03kjtG3hG88VUyt 0cpRugBU2iolDJwB7mVqDtpsuMpwJHOIwaXwnsr0BIj1v3ihuiwqcUxOC 0IbVeOsA1o++UNctiI/V/7jvfOhTpSQlEF6uUiBbl940WcERQ74sxTmzd UbrQVxXwO4ycX40zHq2qmLLCQXLM0J+XgNbk7I/wTkSOoKIjZIg9+pEZ+ Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10250"; a="309420804" X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="309420804" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:16 -0800 X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="499140425" Received: from xgoh-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.138.138]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:15 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 05/12] sstate: A third fix for for touching files inside pseudo Date: Mon, 7 Feb 2022 17:06:55 +0800 Message-Id: <3eceda67a1098ab9641cb1b7fc789048b7daeae8.1644224643.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 07 Feb 2022 09:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161447 From: Peter Kjellerstedt This continues where commit676757f "sstate: fix touching files inside pseudo" and commit 29fc8599 "sstate: another fix for touching files inside pseudo" left off. The previous changes switched from trying to check if the sstate file is writable before touching it, to always touching the sstate file and ignoring any errors. However, if the sstate file is actually a symbolic link that links to nothing, this would actually result in an empty sstate file being created. And this in turn leads to that future setscene tasks will fail when they try to unpack the empty file. Change the code so that if an sstate file linking to nothing already exists, it is overwritten with the new sstate file. Also change it so that the temporary file that is used is always removed, even if ln fails to link the sstate file to it. Signed-off-by: Peter Kjellerstedt Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal (cherry picked from commit b2a5d9bc61e0b2b7e0f187a262a514952ed30563) Signed-off-by: Anuj Mittal --- meta/classes/sstate.bbclass | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index da29225983..caa25815e0 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -827,14 +827,18 @@ sstate_create_package () { fi chmod 0664 $TFILE # Skip if it was already created by some other process - if [ ! -e ${SSTATE_PKG} ]; then + if [ -h ${SSTATE_PKG} ] && [ ! -e ${SSTATE_PKG} ]; then + # There is a symbolic link, but it links to nothing. + # Forcefully replace it with the new file. + ln -f $TFILE ${SSTATE_PKG} || true + elif [ ! -e ${SSTATE_PKG} ]; then # Move into place using ln to attempt an atomic op. # Abort if it already exists - ln $TFILE ${SSTATE_PKG} && rm $TFILE + ln $TFILE ${SSTATE_PKG} || true else - rm $TFILE + touch ${SSTATE_PKG} 2>/dev/null || true fi - touch ${SSTATE_PKG} 2>/dev/null || true + rm $TFILE } python sstate_sign_package () { @@ -864,7 +868,7 @@ python sstate_report_unihash() { sstate_unpack_package () { tar -xvzf ${SSTATE_PKG} # update .siginfo atime on local/NFS mirror if it is a symbolic link - [ ! -h ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true + [ ! -h ${SSTATE_PKG}.siginfo ] || [ ! -e ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true # update each symbolic link instead of any referenced file touch --no-dereference ${SSTATE_PKG} 2>/dev/null || true [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig 2>/dev/null || true From patchwork Mon Feb 7 09:06:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 3365 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0FADC433FE for ; Mon, 7 Feb 2022 09:07:18 +0000 (UTC) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.19860.1644224834864333556 for ; Mon, 07 Feb 2022 01:07:18 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=bwGjDKEZ; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644224838; x=1675760838; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=dt9yF81xKfr3SXP0hXTQpqam4PO9n586CLnLyuXeBX8=; b=bwGjDKEZuI2gTW+xUTCgwcn45Vxr/zVx1ZFKgmeZMMwuYov1O8qbkfSf SIZgmXiGhnWNg3o0Rbgbcct19WHbICM2g/ucJFTc1xjaGwZkPCPFAWbp+ nHoIqXrUuZ+lH3Wp53rL8UfQIalwUJLukOy2hS6wmGjRFT+46vJxRinD/ AuRhVCQv7qsiN+7M6IklR3By1FqvO4kIVouFjjbXuyoBSx5SB/d8dOmRE TOL6Ph2ELnyh+rmC8A4/aSLfZUwBgR8KRMs7b1j9BiXdTv5AiJFXnI0u2 OhScb8ChHb+/liDL2EzEw/ZyB4WfrwPfaolC2NAlGwDhsVTWXogx9aod/ w==; X-IronPort-AV: E=McAfee;i="6200,9189,10250"; a="309420819" X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="309420819" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:17 -0800 X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="499140443" Received: from xgoh-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.138.138]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:16 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 06/12] linux-yocto/5.10: update to v5.10.92 Date: Mon, 7 Feb 2022 17:06:56 +0800 Message-Id: <61bb3c237303f9048b1c4e17eeaa629d985f6d9e.1644224643.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 07 Feb 2022 09:07:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161448 From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: c982c1a83932 Linux 5.10.92 c0091233f3d8 staging: greybus: fix stack size warning with UBSAN 66d21c005d9b drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() 2d4fda471dc3 staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() 3609fed7ac8b media: Revert "media: uvcvideo: Set unique vdev name based in type" 9b3c761e78d5 random: fix crash on multiple early calls to add_bootloader_randomness() 61cca7d191c7 random: fix data race on crng init time 3de9478230c3 random: fix data race on crng_node_pool 43c494294f30 can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} 45221a57b609 can: isotp: convert struct tpcon::{idx,len} to unsigned int bd61ae808b15 can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data f68e60001735 mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() 5f76445a31b7 veth: Do not record rx queue hint in veth_xmit ddfa53825f3d mmc: sdhci-pci: Add PCI ID for Intel ADL 2e691f9894cc ath11k: Fix buffer overflow when scanning with extraie a87cecf94375 USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status 15982330b61d USB: core: Fix bug in resuming hub's handling of wakeup requests 413108ce3b56 ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100 b6dd07023699 Bluetooth: bfusb: fix division by zero in send path 869e1677a058 Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0 c20021ce945f Bluetooth: btusb: Add support for Foxconn MT7922A 83493918380f Bluetooth: btusb: Add two more Bluetooth parts for WCN6855 294c0dd80d8a Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() 35ab8c9085b0 bpf: Fix out of bounds access from invalid *_or_null type verification c84fbba8a945 workqueue: Fix unbind_workers() VS wq_worker_running() race c39d68ab3836 md: revert io stats accounting Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 35dfcd31518e66fc4dc1f2283bd3320f994c868b) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index ca7d5dd97c..a1986adcd5 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "85c14e209f1ab7cee673735c4561e656b4e65217" -SRCREV_meta ?= "de35f8006d0f932924752ddda94dd24e2da67fbc" +SRCREV_machine ?= "73ddd15bb13083c63f183814223b1f064f707964" +SRCREV_meta ?= "940dd7a24ebe6ad709d6912a24660dadf34ece83" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.91" +LINUX_VERSION ?= "5.10.92" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index dbfeea6c82..13a1ec8cce 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.91" +LINUX_VERSION ?= "5.10.92" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "2227ab16358ca3193f03d0cd8509092076aeffbb" -SRCREV_machine ?= "b3fdab7a9f3c11a61565cead0445883a61081583" -SRCREV_meta ?= "de35f8006d0f932924752ddda94dd24e2da67fbc" +SRCREV_machine_qemuarm ?= "05c74d1b7b9b5ce5b386e2dbb787f1b00bbfdcb8" +SRCREV_machine ?= "3c4b46871c0220942e07fc2c73ba94ac04b0d9ca" +SRCREV_meta ?= "940dd7a24ebe6ad709d6912a24660dadf34ece83" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 82dfb0f903..827b5aa32e 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base" KBRANCH_qemux86-64 ?= "v5.10/standard/base" KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "fb570663823bd492e4c8d4339be825bda4210dc6" -SRCREV_machine_qemuarm64 ?= "5a52b700c1693a95b8efa54cb65bec7807a75cd2" -SRCREV_machine_qemumips ?= "8eb8a801f5f4764c362aefd5e97e704755cf740b" -SRCREV_machine_qemuppc ?= "21b014e385a6b54a2fd7d667a1b556c69cda77de" -SRCREV_machine_qemuriscv64 ?= "77c8d144b066f69e009ce2ee540a593b11eb736a" -SRCREV_machine_qemuriscv32 ?= "77c8d144b066f69e009ce2ee540a593b11eb736a" -SRCREV_machine_qemux86 ?= "77c8d144b066f69e009ce2ee540a593b11eb736a" -SRCREV_machine_qemux86-64 ?= "77c8d144b066f69e009ce2ee540a593b11eb736a" -SRCREV_machine_qemumips64 ?= "5468343e50389dba73b5d441289d5094bd0dc9f0" -SRCREV_machine ?= "77c8d144b066f69e009ce2ee540a593b11eb736a" -SRCREV_meta ?= "de35f8006d0f932924752ddda94dd24e2da67fbc" +SRCREV_machine_qemuarm ?= "1e8e1a5927984c545448b4b15974addf670b0f5d" +SRCREV_machine_qemuarm64 ?= "c42d48cae11e605f70cfc6f64dbc23711bfbf8cf" +SRCREV_machine_qemumips ?= "0366c14c30f0ca1f9d4a793632ba9cdc86e7225e" +SRCREV_machine_qemuppc ?= "4570b1179fe4eda809fa2b89a06e6acf95e35fc8" +SRCREV_machine_qemuriscv64 ?= "b0f8d81ad4c501e24f062e080f38fb8a7873b68a" +SRCREV_machine_qemuriscv32 ?= "b0f8d81ad4c501e24f062e080f38fb8a7873b68a" +SRCREV_machine_qemux86 ?= "b0f8d81ad4c501e24f062e080f38fb8a7873b68a" +SRCREV_machine_qemux86-64 ?= "b0f8d81ad4c501e24f062e080f38fb8a7873b68a" +SRCREV_machine_qemumips64 ?= "f2a78b852f4afb30a5e453a8b1eac3e785cbfc39" +SRCREV_machine ?= "b0f8d81ad4c501e24f062e080f38fb8a7873b68a" +SRCREV_meta ?= "940dd7a24ebe6ad709d6912a24660dadf34ece83" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.91" +LINUX_VERSION ?= "5.10.92" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Mon Feb 7 09:06:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 3366 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D02E2C433F5 for ; Mon, 7 Feb 2022 09:07:20 +0000 (UTC) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.19860.1644224834864333556 for ; Mon, 07 Feb 2022 01:07:20 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=DwHnoq1g; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644224840; x=1675760840; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=FZE/Z7Q5icso3OWpUOYNB0y2vvGdFIdI42YXt7Z6mCI=; b=DwHnoq1g5mz5YgEGobHfXBTSnIKZ5ieu0efuaekm2rToSHW5le9Ym1No JHx5WETRMFewpZdfMZ9svHDPFo3fS9S1uh/+oGeyq1MuIKq5owg9XCRec t2n69V/rZitI9V/Dhm+IarQb+FvjJVd/9fCdr6XBtDJ4mkvgyfiM9BDkq 2z1MqJLwLU8bslWG3F7J58/rcct+DlYM5NqUFWYGYqFvbzRYGvh/TGJM9 nPvp/rRg38+vKEYmrq6taztXPm7o2mVzio/wqhBLlGBcqBTRy9DycGN7M 8wMYvueA4VKQy2esIuYqozolq8w2lLlAmVq/TPseXalt28POhCg0V/okf w==; X-IronPort-AV: E=McAfee;i="6200,9189,10250"; a="309420831" X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="309420831" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:20 -0800 X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="499140461" Received: from xgoh-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.138.138]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:18 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 07/12] linux-yocto/5.10: update to v5.10.93 Date: Mon, 7 Feb 2022 17:06:57 +0800 Message-Id: <8104d934d137bf94baab6f55cd970b6150e3eb85.1644224643.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 07 Feb 2022 09:07:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161449 From: Bruce Ashfield Updating linux-yocto/5.10 to the latest korg -stable release that comprises the following commits: fd187a492557 Linux 5.10.93 bed97c903621 mtd: fixup CFI on ixp4xx f50803b519c3 powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS 68c1aa82be00 ALSA: hda/realtek: Re-order quirk entries for Lenovo 4d15a17d065d ALSA: hda/realtek: Add quirk for Legion Y9000X 2020 d7b41464f1b7 ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk 87246ae94b73 ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows 9c27e513fb33 ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices 4c7fb4d519e5 KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all 6b8c3a185377 firmware: qemu_fw_cfg: fix kobject leak in probe error path 889c73305b48 firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries ff9588cf1592 firmware: qemu_fw_cfg: fix sysfs information leak 358a4b054abe rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled 93c4506f9f8b media: uvcvideo: fix division by zero at stream start 4c3f70be6f3a video: vga16fb: Only probe for EGA and VGA 16 color graphic cards 161e43ab8cc1 9p: only copy valid iattrs in 9P2000.L setattr implementation 0e6c0f3f4055 KVM: s390: Clarify SIGP orders versus STOP/RESTART 413b427f5fff KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest 723acd75a062 perf: Protect perf_guest_cbs with RCU eadde287a62e vfs: fs_context: fix up param length parsing in legacy_parse_param c5f38277163e remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided 5d88e24b23af orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() 0084fefe2960 devtmpfs regression fix: reconfigure on each mount ee40594c95ae kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 4f3dd05c163efe6da87a58ab9e1df61b83ed4444) Signed-off-by: Anuj Mittal --- .../linux/linux-yocto-rt_5.10.bb | 6 ++--- .../linux/linux-yocto-tiny_5.10.bb | 8 +++---- meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb index a1986adcd5..48d2694995 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "73ddd15bb13083c63f183814223b1f064f707964" -SRCREV_meta ?= "940dd7a24ebe6ad709d6912a24660dadf34ece83" +SRCREV_machine ?= "ba47a407fe04203adb0ab5e164597c958cd9e334" +SRCREV_meta ?= "7df27e6d296dfa16f289883c0661eed45059360c" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.10.92" +LINUX_VERSION ?= "5.10.93" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb index 13a1ec8cce..eb42c407fa 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.10.92" +LINUX_VERSION ?= "5.10.93" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "05c74d1b7b9b5ce5b386e2dbb787f1b00bbfdcb8" -SRCREV_machine ?= "3c4b46871c0220942e07fc2c73ba94ac04b0d9ca" -SRCREV_meta ?= "940dd7a24ebe6ad709d6912a24660dadf34ece83" +SRCREV_machine_qemuarm ?= "ceb1f194e59c9dd3bdd83d51bb0994f3db23bf61" +SRCREV_machine ?= "878e5c1469550bb0f8778d16d4adbe7d48b0b28d" +SRCREV_meta ?= "7df27e6d296dfa16f289883c0661eed45059360c" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb index 827b5aa32e..e67bf54c98 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb @@ -13,17 +13,17 @@ KBRANCH_qemux86 ?= "v5.10/standard/base" KBRANCH_qemux86-64 ?= "v5.10/standard/base" KBRANCH_qemumips64 ?= "v5.10/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "1e8e1a5927984c545448b4b15974addf670b0f5d" -SRCREV_machine_qemuarm64 ?= "c42d48cae11e605f70cfc6f64dbc23711bfbf8cf" -SRCREV_machine_qemumips ?= "0366c14c30f0ca1f9d4a793632ba9cdc86e7225e" -SRCREV_machine_qemuppc ?= "4570b1179fe4eda809fa2b89a06e6acf95e35fc8" -SRCREV_machine_qemuriscv64 ?= "b0f8d81ad4c501e24f062e080f38fb8a7873b68a" -SRCREV_machine_qemuriscv32 ?= "b0f8d81ad4c501e24f062e080f38fb8a7873b68a" -SRCREV_machine_qemux86 ?= "b0f8d81ad4c501e24f062e080f38fb8a7873b68a" -SRCREV_machine_qemux86-64 ?= "b0f8d81ad4c501e24f062e080f38fb8a7873b68a" -SRCREV_machine_qemumips64 ?= "f2a78b852f4afb30a5e453a8b1eac3e785cbfc39" -SRCREV_machine ?= "b0f8d81ad4c501e24f062e080f38fb8a7873b68a" -SRCREV_meta ?= "940dd7a24ebe6ad709d6912a24660dadf34ece83" +SRCREV_machine_qemuarm ?= "50c0e06718fb2b264619ce8d82608877d1e62a81" +SRCREV_machine_qemuarm64 ?= "7907c5eb81e9a51307b5269d546999ebf47d9d59" +SRCREV_machine_qemumips ?= "e9c51de36554662082afc08c6e54599b310c7951" +SRCREV_machine_qemuppc ?= "77f361ea5eb293dcfe122ecb65f33ba32fd12501" +SRCREV_machine_qemuriscv64 ?= "a1bbb29fe30c94c21309aa8b8c0d06fa12f3368d" +SRCREV_machine_qemuriscv32 ?= "a1bbb29fe30c94c21309aa8b8c0d06fa12f3368d" +SRCREV_machine_qemux86 ?= "a1bbb29fe30c94c21309aa8b8c0d06fa12f3368d" +SRCREV_machine_qemux86-64 ?= "a1bbb29fe30c94c21309aa8b8c0d06fa12f3368d" +SRCREV_machine_qemumips64 ?= "b668a352c94a8c29e585608e8302cacb1350f5ed" +SRCREV_machine ?= "a1bbb29fe30c94c21309aa8b8c0d06fa12f3368d" +SRCREV_meta ?= "7df27e6d296dfa16f289883c0661eed45059360c" # remap qemuarm to qemuarma15 for the 5.8 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -32,7 +32,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "5.10.92" +LINUX_VERSION ?= "5.10.93" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" From patchwork Mon Feb 7 09:06:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 3367 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBE2DC433F5 for ; Mon, 7 Feb 2022 09:07:22 +0000 (UTC) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.19860.1644224834864333556 for ; Mon, 07 Feb 2022 01:07:21 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=l1boa2Wt; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644224841; x=1675760841; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=Of9NrhD3Y+I0crK9jPOGFgR6FFZA/EFBFrWGOvIJZ8I=; b=l1boa2Wtoihno7O/eo+/ZNNnI7epb5A4jaeZKwfIGGgYId75lNPYvDKe dE1b5xsO/HcqO09NDiQU9W4M++iKzHSCMVyLK6eadvtFG2V/Nn66ZdRpl Cz+aROXVWeVmCreD8CP6uHGmBUzgdwC/qKdHWSi/UpOAyDK1h7/Hp1epi x9S3hFD/0LNy4twDEgWEhVF/qz1udGBz6roXp8torqWo1UNvyFFq7pwaJ wfcVMltcfILyvUpJlgrMd9kd9GxzQ07TXjhuwwrYkxsZgkP4d/XHlJqwI 0XsSVaSOuVuPqtY9pnoR2s8+IYkxBLtJbuoptQdmf1z56lxQgddhAHxA+ A==; X-IronPort-AV: E=McAfee;i="6200,9189,10250"; a="309420838" X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="309420838" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:21 -0800 X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="499140466" Received: from xgoh-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.138.138]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:20 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 08/12] linux-firmware: Add CLM blob to linux-firmware-bcm4373 package Date: Mon, 7 Feb 2022 17:06:58 +0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 07 Feb 2022 09:07:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161450 From: Rudolf J Streif The Country Local Matrix (CLM) blob brcmfmac4373-sdio.clm_blob was not included with the files for the linux-firmware-bcm4373 package but instead packaged with linux-firmware. Signed-off-by: Rudolf J Streif Signed-off-by: Richard Purdie (cherry picked from commit 18ba64d4a12e7275381cf34fe72b757accbb1544) Signed-off-by: Anuj Mittal (cherry picked from commit 289a849f8f639cd2546153827fc265a9409f5538) Signed-off-by: Anuj Mittal --- meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb index 92b6ff5157..07389f6982 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb @@ -751,6 +751,7 @@ FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pc FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \ ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \ ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.clm_blob \ " LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress" From patchwork Mon Feb 7 09:06:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 3368 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC6DDC433EF for ; Mon, 7 Feb 2022 09:07:23 +0000 (UTC) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.19860.1644224834864333556 for ; Mon, 07 Feb 2022 01:07:23 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=jF+MtQjI; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644224843; x=1675760843; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=TOWEjF7yI1x4bSLc0J4bacm+S+TfvC/d6IBUEZ2pKT4=; b=jF+MtQjI1mWVnsvccGkVTyvUhIK3sNo64/x3oClUMkaLsWvc4dI35/bw fROhrokVpVgoRdsrss5URoaP5GEsQR/iAAJVQbInUW74wWhNH5HUBAoRX 8wzdTpAvRjxD4sblGDmuD/Ea3e7WLyIG74q/EB2Q5vks1jEPOcIH9xvLM jxmihS6sOw1m92JGDJ78qCp6s/xwRTtT6tX2YIAGr71apOlcS10ZK7X2R 52vJLaFSLHZZtFvc/5nqqJ2qjr1NZ00OK5C6BYL3IsXVsNp0BFyIH7xjK FdpLVfpPADDPaK47rPJ9b/edfFkSrEbNF9aLW/Q7feRSnw77sk9r/+HJL w==; X-IronPort-AV: E=McAfee;i="6200,9189,10250"; a="309420842" X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="309420842" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:22 -0800 X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="499140467" Received: from xgoh-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.138.138]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:21 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 09/12] yocto-check-layer: add debug output for the layers that were found Date: Mon, 7 Feb 2022 17:06:59 +0800 Message-Id: <606924b7bc751741c58aaf2ba60639612b113fcd.1644224643.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 07 Feb 2022 09:07:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161451 From: Ross Burton When debugging weird yocto-check-layer output it is useful to know what the tool found when looking for layers. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 711e2d4d7baf36f8497741c14268d7f72d0db016) Signed-off-by: Anuj Mittal (cherry picked from commit 6ff05fe05a23d4355c3a33a03350dea025133689) Signed-off-by: Anuj Mittal --- scripts/yocto-check-layer | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/scripts/yocto-check-layer b/scripts/yocto-check-layer index 6975b09502..00a16d18fc 100755 --- a/scripts/yocto-check-layer +++ b/scripts/yocto-check-layer @@ -41,6 +41,12 @@ def test_layer(td, layer, test_software_layer_signatures): tc.loadTests(CASES_PATHS) return tc.runTests() +def dump_layer_debug(layer): + logger.debug("Found layer %s (%s)" % (layer["name"], layer["path"])) + collections = layer.get("collections", {}) + if collections: + logger.debug("%s collections: %s" % (layer["name"], ", ".join(collections))) + def main(): parser = argparse.ArgumentParser( description="Yocto Project layer checking tool", @@ -106,6 +112,13 @@ def main(): else: dep_layers = layers + logger.debug("Found additional layers:") + for l in additional_layers: + dump_layer_debug(l) + logger.debug("Found dependency layers:") + for l in dep_layers: + dump_layer_debug(l) + logger.info("Detected layers:") for layer in layers: if layer['type'] == LayerType.ERROR_BSP_DISTRO: From patchwork Mon Feb 7 09:07:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 3370 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC034C433F5 for ; Mon, 7 Feb 2022 09:07:25 +0000 (UTC) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.19860.1644224834864333556 for ; Mon, 07 Feb 2022 01:07:24 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=YGFtFNrw; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644224844; x=1675760844; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=rYT8ZkAQwcvWBoE4zg922zvtOzPNWjKPcEpSOmGkxss=; b=YGFtFNrwVYoAhM8A4EAh7ecVk8MDUByuqcVYNvm6HZ15Ne7CEMvKk1EU yzr+Y7csWpP+jsEcwCqfw4JM4OXhf8TJAOy5g25wV3E3fYQwB/LcO6uNw 9J5GMk8L+RR+Mqi4LxCXgXQ3iYeMJBL+bGTNq37hpB27UXV+yfO2zgimv rOgjQyIE4+dL7PMqKwoJDs8B3SH+TCigilKnMv5h7yR9K9H9CoCFkFCvn y2j8Wt6RnMsTsI79QizM+z0k2w8bduw8GgNYfk8N0lq5LRxzJ8SCLmVPd bAPnLePpcZybngZ4LxdvMAwkFh1pTka/k64RyZCfb9POvY8qMA5c1YN2z w==; X-IronPort-AV: E=McAfee;i="6200,9189,10250"; a="309420845" X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="309420845" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:24 -0800 X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="499140469" Received: from xgoh-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.138.138]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:23 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 10/12] libusb1: correct SRC_URI Date: Mon, 7 Feb 2022 17:07:00 +0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 07 Feb 2022 09:07:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161452 From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit d4c37ca1f1e97d53045521e9894dc9ed5b1c22a1) Signed-off-by: Anuj Mittal (cherry picked from commit 0fccab0724769a862e31e635ffa1db3ba2f37312) Signed-off-by: Anuj Mittal --- meta/recipes-support/libusb/libusb1_1.0.24.bb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/libusb/libusb1_1.0.24.bb b/meta/recipes-support/libusb/libusb1_1.0.24.bb index 92e66b1b16..76a707b70f 100644 --- a/meta/recipes-support/libusb/libusb1_1.0.24.bb +++ b/meta/recipes-support/libusb/libusb1_1.0.24.bb @@ -1,7 +1,7 @@ SUMMARY = "Userspace library to access USB (version 1.0)" DESCRIPTION = "A cross-platform library to access USB devices from Linux, \ macOS, Windows, OpenBSD/NetBSD, Haiku and Solaris userspace." -HOMEPAGE = "http://libusb.sf.net" +HOMEPAGE = "https://libusb.info" BUGTRACKER = "http://www.libusb.org/report" SECTION = "libs" @@ -10,10 +10,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" BBCLASSEXTEND = "native nativesdk" -SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \ +SRC_URI = "https://github.com/libusb/libusb/releases/download/v${PV}/libusb-${PV}.tar.bz2 \ file://run-ptest \ " +UPSTREAM_CHECK_URI = "https://github.com/libusb/libusb/releases" + SRC_URI[sha256sum] = "7efd2685f7b327326dcfb85cee426d9b871fd70e22caa15bb68d595ce2a2b12a" S = "${WORKDIR}/libusb-${PV}" From patchwork Mon Feb 7 09:07:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 3369 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBF24C433EF for ; Mon, 7 Feb 2022 09:07:26 +0000 (UTC) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.19860.1644224834864333556 for ; Mon, 07 Feb 2022 01:07:26 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=gpeTnM+t; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644224846; x=1675760846; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=gzldZOeYdiKcPdLhyQmFvkP69cmOYTn+oaqLpifMGCk=; b=gpeTnM+t+oO8LJgRjpD2bvaDrtdGCzak58BAMxDRiwaTXZjm/73uWpNp UF59H2jyxjgi2M1u+fA0CMUO+E7o5NhIr1Dq4RLI3seVnUpF4+SC9Yr1C I4EHPMWH5DrgRIgemuvKVOosdcfLRdQLKAru/8FJ4RWiGLooL7beYOxDb IPhJPsK03q4nkRhhcWF/ayCpl89tDxutebsibK2RT88TAuoLgotxnjjdO MBar5FkOJsz75/Qm/UY8LPw6f4N4a8iQsCaZ9JJj33maSWxUGRdeF9oq/ Cp2w3Cg+B2GfF19YFzYbj/z0pjC72dBtyWQU+ITIZdqdjvJ0R7zMPrsW0 A==; X-IronPort-AV: E=McAfee;i="6200,9189,10250"; a="309420856" X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="309420856" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:26 -0800 X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="499140473" Received: from xgoh-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.138.138]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:24 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 11/12] expat: fix CVE-2022-23852 Date: Mon, 7 Feb 2022 17:07:01 +0800 Message-Id: <8a50809a0e54c66a8a7aafb1b9bffbec009f8c57.1644224643.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 07 Feb 2022 09:07:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161453 From: Steve Sakoman Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer for configurations with a nonzero XML_CONTEXT_BYTES. Backport patch from: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 CVE: CVE-2022-23852 Signed-off-by: Steve Sakoman (cherry picked from commit af81bb9d10c0f1e9dcaffc1bbc18ef780eea7127) Signed-off-by: Anuj Mittal --- .../expat/expat/CVE-2022-23852.patch | 33 +++++++++++++++++++ meta/recipes-core/expat/expat_2.2.10.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2022-23852.patch diff --git a/meta/recipes-core/expat/expat/CVE-2022-23852.patch b/meta/recipes-core/expat/expat/CVE-2022-23852.patch new file mode 100644 index 0000000000..41425c108b --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2022-23852.patch @@ -0,0 +1,33 @@ +From 847a645152f5ebc10ac63b74b604d0c1a79fae40 Mon Sep 17 00:00:00 2001 +From: Samanta Navarro +Date: Sat, 22 Jan 2022 17:48:00 +0100 +Subject: [PATCH] lib: Detect and prevent integer overflow in XML_GetBuffer + (CVE-2022-23852) + +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 + +CVE: CVE-2022-23852 + +Signed-off-by: Steve Sakoman + +--- + expat/lib/xmlparse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index d54af683..5ce31402 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -2067,6 +2067,11 @@ XML_GetBuffer(XML_Parser parser, int len) { + keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer); + if (keep > XML_CONTEXT_BYTES) + keep = XML_CONTEXT_BYTES; ++ /* Detect and prevent integer overflow */ ++ if (keep > INT_MAX - neededSize) { ++ parser->m_errorCode = XML_ERROR_NO_MEMORY; ++ return NULL; ++ } + neededSize += keep; + #endif /* defined XML_CONTEXT_BYTES */ + if (neededSize diff --git a/meta/recipes-core/expat/expat_2.2.10.bb b/meta/recipes-core/expat/expat_2.2.10.bb index e5415361d8..074441dc2a 100644 --- a/meta/recipes-core/expat/expat_2.2.10.bb +++ b/meta/recipes-core/expat/expat_2.2.10.bb @@ -15,6 +15,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA file://CVE-2022-22822-27.patch \ file://CVE-2021-45960.patch \ file://CVE-2021-46143.patch \ + file://CVE-2022-23852.patch \ " UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" From patchwork Mon Feb 7 09:07:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 3371 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD555C433F5 for ; Mon, 7 Feb 2022 09:07:29 +0000 (UTC) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.19860.1644224834864333556 for ; Mon, 07 Feb 2022 01:07:29 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Boy7vbwl; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644224849; x=1675760849; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=C/BofeSh+PM2NlrL2aYAbNe6ejzfi1NKnnji3CirvOg=; b=Boy7vbwlNz4SLWmI6tqLFY/9/utK7BOY3281b4TKSsJ9Dm5wwF5hbfxv WGIV0phd3XlKr7AduasbMsjtyiwydGBVUnOkDUMOWFvM9ZHgjz63+Qc8Q hEyz3EB+LoLdeE132PNUEaxCl4l5I/Y3xyIGKV6a7kUvoS2azdGw57Bzu MXQB9SZ7mdLyQQR1buKzCPL6CIO7ZAZI7U80+bdZ/owd4ZUeM3U9V/VsQ rPKKSmUfPoXstU7HhSd78eT2/wf6UHAa4CPYDSsUVj/7ltyo4Zu8hUEEI aOvh2U78BZ9HTv62JS7n54EkJrKGaHlasswGumaLtcN128BKYF5O4n+06 g==; X-IronPort-AV: E=McAfee;i="6200,9189,10250"; a="309420861" X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="309420861" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:27 -0800 X-IronPort-AV: E=Sophos;i="5.88,349,1635231600"; d="scan'208";a="499140479" Received: from xgoh-mobl1.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.213.138.138]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Feb 2022 01:07:26 -0800 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 12/12] expat: add missing Upstream-status, CVE tag and sign-off to CVE-2021-46143.patch Date: Mon, 7 Feb 2022 17:07:02 +0800 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 07 Feb 2022 09:07:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161454 From: Steve Sakoman Signed-off-by: Steve Sakoman (cherry picked from commit 7e33aa25acc0c29b8f5e78757c6557e614eb1434) Signed-off-by: Anuj Mittal --- meta/recipes-core/expat/expat/CVE-2021-46143.patch | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/meta/recipes-core/expat/expat/CVE-2021-46143.patch b/meta/recipes-core/expat/expat/CVE-2021-46143.patch index d6bafba0ff..b1a726d9a8 100644 --- a/meta/recipes-core/expat/expat/CVE-2021-46143.patch +++ b/meta/recipes-core/expat/expat/CVE-2021-46143.patch @@ -4,6 +4,12 @@ Date: Sat, 25 Dec 2021 20:52:08 +0100 Subject: [PATCH] lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143) +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b + +CVE: CVE-2021-46143 + +Signed-off-by: Steve Sakoman --- expat/lib/xmlparse.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+)