From patchwork Tue Apr 16 06:14:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 42401 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E4C6C1746D for ; Tue, 16 Apr 2024 06:14:08 +0000 (UTC) Received: from a27-29.smtp-out.us-west-2.amazonses.com (a27-29.smtp-out.us-west-2.amazonses.com [54.240.27.29]) by mx.groups.io with SMTP id smtpd.web10.13585.1713248038243705258 for ; Mon, 15 Apr 2024 23:14:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=lvjh2tk576v2ro5mi6k4dt3mc6wpqbky header.b=argYfhqO; dkim=pass header.i=@amazonses.com header.s=7v7vs6w47njt4pimodk5mmttbegzsi6n header.b=u6CINITQ; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.29, mailfrom: 0101018ee58a766d-a97ed650-620c-4752-b8a9-bdcfd6094398-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=lvjh2tk576v2ro5mi6k4dt3mc6wpqbky; d=yoctoproject.org; t=1713248040; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=1BHsZIT8vYjCx7XhjrKo+EqdEF8llQcJWvluSah/ZY8=; b=argYfhqOsoyqwPB+0bKyBVETASrK22XOqu1FgPAYL/H/krEyMfrtJjfWpYon70TB 0UULxymTSon11bpdaxZhcNb9swMpIvnr81J9dZHER0afDkZHKXI+SetH6BvcgjvEKuH FC7+YG/S3X3rYQUqAyvhuJakpk74ggwB59lfrmos= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=7v7vs6w47njt4pimodk5mmttbegzsi6n; d=amazonses.com; t=1713248040; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=1BHsZIT8vYjCx7XhjrKo+EqdEF8llQcJWvluSah/ZY8=; b=u6CINITQcDyqUkJIxjAQa2M5Qxf/aiTx5DLdAG/v5fJHaJJc2eenKg3eYnflZqLD nz17StGhn68YdB17TL9Zbgi5d8MXw+zQCzEwdK+e9/nm6/ZW6mDDUN9wosRpMkfaHko 03MSSchh9j9c094PxSRWamDH12KHistDizh/Aj/Q= MIME-Version: 1.0 From: auh@yoctoproject.org To: Richard Purdie Cc: openembedded-core@lists.openembedded.org Subject: [AUH] qemu: upgrading to 8.2.2 FAILED Message-ID: <0101018ee58a766d-a97ed650-620c-4752-b8a9-bdcfd6094398-000000@us-west-2.amazonses.com> Date: Tue, 16 Apr 2024 06:14:00 +0000 Feedback-ID: 1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2024.04.16-54.240.27.29 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Apr 2024 06:14:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/198329 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe *qemu* to *8.2.2* has Failed(do_compile). Detailed error information: do_compile failed Next steps: - apply the patch: git am 0001-qemu-upgrade-8.2.1-8.2.2.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 96e56f14cf34ba9304f7da7f6a2665c759526342 Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Mon, 15 Apr 2024 20:25:04 +0000 Subject: [PATCH] qemu: upgrade 8.2.1 -> 8.2.2 --- meta/recipes-devtools/qemu/qemu.inc | 5 +- ...4-Handle-the-vsyscall-page-in-open_s.patch | 13 +-- ...n-environment-space-to-boot-loader-q.patch | 15 ++- ...ce-use-of-lfs64-related-functions-an.patch | 59 ++++++------ ...ongarch64-Remove-TARGET_FORCE_SHMLBA.patch | 7 +- .../0003-apic-fixup-fallthrough-to-PIC.patch | 15 ++- ...0003-linux-user-Add-strace-for-shmat.patch | 7 +- ...dd-pkg-config-handling-for-libgcrypt.patch | 15 ++- ...0004-linux-user-Rewrite-target_shmat.patch | 13 +-- ...mu-Do-not-include-file-if-not-exists.patch | 15 ++- ...that-shmat-does-not-break-proc-self-.patch | 8 +- ...er-space-mmap-tweaks-to-address-musl.patch | 16 ++-- .../qemu/0007-qemu-Determinism-fixes.patch | 15 ++- ...d-use-relative-path-to-refer-to-file.patch | 17 ++-- ...and-MAP_SHARED_VALIDATE-on-needed-li.patch | 13 ++- ...t-against-buggy-or-malicious-guest-d.patch | 20 ++-- ...round-for-missing-MAP_FIXED_NOREPLAC.patch | 66 +++++++------- ...round-for-missing-MAP_SHARED_VALIDAT.patch | 9 +- ...79ad8629b57a43daa62e46cc7af6e1078116.patch | 11 +-- .../qemu/qemu/CVE-2023-6683.patch | 91 ------------------- .../qemu/qemu/fixedmeson.patch | 16 +++- meta/recipes-devtools/qemu/qemu/no-pip.patch | 16 +++- .../qemu/{qemu_8.2.1.bb => qemu_8.2.2.bb} | 0 23 files changed, 178 insertions(+), 284 deletions(-) delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch rename meta/recipes-devtools/qemu/{qemu_8.2.1.bb => qemu_8.2.2.bb} (100%) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 4501f84c2b..b1bf2a0a46 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -39,9 +39,10 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0003-linux-user-Add-strace-for-shmat.patch \ file://0004-linux-user-Rewrite-target_shmat.patch \ file://0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch \ - file://CVE-2023-6683.patch \ file://qemu-guest-agent.init \ file://qemu-guest-agent.udev \ + file://0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch \ + file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" @@ -58,7 +59,7 @@ SRC_URI:append:class-native = " \ file://0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch \ " -SRC_URI[sha256sum] = "8562751158175f9d187c5f22b57555abe3c870f0325c8ced12c34c6d987729be" +SRC_URI[sha256sum] = "847346c1b82c1a54b2c38f6edbd85549edeb17430b7d4d3da12620e2962bc4f3" CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default." diff --git a/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch b/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch index 2eaebe883c..0d03ed893a 100644 --- a/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch +++ b/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch @@ -1,7 +1,7 @@ -From 4517e2046610722879761bcdb60edbb2b929c848 Mon Sep 17 00:00:00 2001 +From 1d4b0c04124ec9ac94cf1ac7932a5e9c51744747 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 28 Feb 2024 10:25:14 -1000 -Subject: [PATCH 1/5] linux-user/x86_64: Handle the vsyscall page in +Subject: [PATCH] linux-user/x86_64: Handle the vsyscall page in open_self_maps_{2,4} This is the only case in which we expect to have no host memory backing @@ -18,10 +18,10 @@ Signed-off-by: Richard Purdie 1 file changed, 16 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index a114f29a8..8307a8a61 100644 +index 668019af5..0ce3efd07 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -7922,6 +7922,10 @@ static void open_self_maps_4(const struct open_self_maps_data *d, +@@ -7921,6 +7921,10 @@ static void open_self_maps_4(const struct open_self_maps_data *d, path = "[heap]"; } else if (start == info->vdso) { path = "[vdso]"; @@ -32,7 +32,7 @@ index a114f29a8..8307a8a61 100644 } /* Except null device (MAP_ANON), adjust offset for this fragment. */ -@@ -8010,6 +8014,18 @@ static int open_self_maps_2(void *opaque, target_ulong guest_start, +@@ -8009,6 +8013,18 @@ static int open_self_maps_2(void *opaque, target_ulong guest_start, uintptr_t host_start = (uintptr_t)g2h_untagged(guest_start); uintptr_t host_last = (uintptr_t)g2h_untagged(guest_end - 1); @@ -51,6 +51,3 @@ index a114f29a8..8307a8a61 100644 while (1) { IntervalTreeNode *n = interval_tree_iter_first(d->host_maps, host_start, host_start); --- -2.34.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch index c65508017d..a6739bdf73 100644 --- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch +++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch @@ -1,7 +1,7 @@ -From de64af82950a6908f9407dfc92b83c17e2af3eab Mon Sep 17 00:00:00 2001 +From 832b5c3e4ef387497780b5310356faf893fcfd93 Mon Sep 17 00:00:00 2001 From: Jason Wessel Date: Fri, 28 Mar 2014 17:42:43 +0800 -Subject: [PATCH 01/12] qemu: Add addition environment space to boot loader +Subject: [PATCH] qemu: Add addition environment space to boot loader qemu-system-mips Upstream-Status: Inappropriate - OE uses deep paths @@ -13,16 +13,15 @@ to only 256 bytes. This patch expands the limit. Signed-off-by: Jason Wessel Signed-off-by: Roy Li - --- hw/mips/malta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: qemu-8.0.0/hw/mips/malta.c -=================================================================== ---- qemu-8.0.0.orig/hw/mips/malta.c -+++ qemu-8.0.0/hw/mips/malta.c -@@ -64,7 +64,7 @@ +diff --git a/hw/mips/malta.c b/hw/mips/malta.c +index 049de46a9..5cb71d600 100644 +--- a/hw/mips/malta.c ++++ b/hw/mips/malta.c +@@ -63,7 +63,7 @@ #define ENVP_PADDR 0x2000 #define ENVP_VADDR cpu_mips_phys_to_kseg0(NULL, ENVP_PADDR) #define ENVP_NB_ENTRIES 16 diff --git a/meta/recipes-devtools/qemu/qemu/0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch b/meta/recipes-devtools/qemu/qemu/0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch index ceae67be64..90b5d13f69 100644 --- a/meta/recipes-devtools/qemu/qemu/0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch +++ b/meta/recipes-devtools/qemu/qemu/0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch @@ -1,8 +1,7 @@ -From 71f14902256e3c3529710b713e1ea43100bf4c40 Mon Sep 17 00:00:00 2001 +From fe15efaddb1275adde90240f71a4ee48f9c9483c Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Sat, 17 Dec 2022 08:37:46 -0800 -Subject: [PATCH 2/2] linux-user: Replace use of lfs64 related functions and - macros +Subject: [PATCH] linux-user: Replace use of lfs64 related functions and macros Builds defines -D_FILE_OFFSET_BITS=64 which makes the original functions anf macros behave same as their 64 suffixed counterparts. This also @@ -16,11 +15,11 @@ Cc: Laurent Vivier linux-user/syscall.c | 153 +++++++++++-------------------------------- 1 file changed, 39 insertions(+), 114 deletions(-) -Index: qemu-8.0.0/linux-user/syscall.c -=================================================================== ---- qemu-8.0.0.orig/linux-user/syscall.c -+++ qemu-8.0.0/linux-user/syscall.c -@@ -761,8 +761,8 @@ safe_syscall6(ssize_t, copy_file_range, +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index 02374f84f..668019af5 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -761,8 +761,8 @@ safe_syscall6(ssize_t, copy_file_range, int, infd, loff_t *, pinoff, */ #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__) /* Similarly for fcntl. Note that callers must always: @@ -31,7 +30,7 @@ Index: qemu-8.0.0/linux-user/syscall.c * This will then work and use a 64-bit offset for both 32-bit and 64-bit hosts. */ #ifdef __NR_fcntl64 -@@ -6813,13 +6813,13 @@ static int target_to_host_fcntl_cmd(int +@@ -6727,13 +6727,13 @@ static int target_to_host_fcntl_cmd(int cmd) ret = cmd; break; case TARGET_F_GETLK: @@ -48,7 +47,7 @@ Index: qemu-8.0.0/linux-user/syscall.c break; case TARGET_F_GETOWN: ret = F_GETOWN; -@@ -6833,17 +6833,6 @@ static int target_to_host_fcntl_cmd(int +@@ -6747,17 +6747,6 @@ static int target_to_host_fcntl_cmd(int cmd) case TARGET_F_SETSIG: ret = F_SETSIG; break; @@ -66,7 +65,7 @@ Index: qemu-8.0.0/linux-user/syscall.c case TARGET_F_SETLEASE: ret = F_SETLEASE; break; -@@ -6895,8 +6884,8 @@ static int target_to_host_fcntl_cmd(int +@@ -6809,8 +6798,8 @@ static int target_to_host_fcntl_cmd(int cmd) * them to 5, 6 and 7 before making the syscall(). Since we make the * syscall directly, adjust to what is supported by the kernel. */ @@ -77,7 +76,7 @@ Index: qemu-8.0.0/linux-user/syscall.c } #endif -@@ -6929,55 +6918,11 @@ static int host_to_target_flock(int type +@@ -6843,55 +6832,11 @@ static int host_to_target_flock(int type) return type; } @@ -136,7 +135,7 @@ Index: qemu-8.0.0/linux-user/syscall.c abi_short l_type; abi_short l_whence; abi_llong l_start; -@@ -6985,10 +6930,10 @@ struct target_oabi_flock64 { +@@ -6899,10 +6844,10 @@ struct target_oabi_flock64 { abi_int l_pid; } QEMU_PACKED; @@ -149,7 +148,7 @@ Index: qemu-8.0.0/linux-user/syscall.c int l_type; if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) { -@@ -7009,10 +6954,10 @@ static inline abi_long copy_from_user_oa +@@ -6923,10 +6868,10 @@ static inline abi_long copy_from_user_oabi_flock64(struct flock64 *fl, return 0; } @@ -163,7 +162,7 @@ Index: qemu-8.0.0/linux-user/syscall.c short l_type; if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) { -@@ -7030,10 +6975,10 @@ static inline abi_long copy_to_user_oabi +@@ -6944,10 +6889,10 @@ static inline abi_long copy_to_user_oabi_flock64(abi_ulong target_flock_addr, } #endif @@ -176,7 +175,7 @@ Index: qemu-8.0.0/linux-user/syscall.c int l_type; if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) { -@@ -7054,10 +6999,10 @@ static inline abi_long copy_from_user_fl +@@ -6968,10 +6913,10 @@ static inline abi_long copy_from_user_flock64(struct flock64 *fl, return 0; } @@ -190,7 +189,7 @@ Index: qemu-8.0.0/linux-user/syscall.c short l_type; if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) { -@@ -7076,7 +7021,7 @@ static inline abi_long copy_to_user_floc +@@ -6990,7 +6935,7 @@ static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr, static abi_long do_fcntl(int fd, int cmd, abi_ulong arg) { @@ -199,7 +198,7 @@ Index: qemu-8.0.0/linux-user/syscall.c #ifdef F_GETOWN_EX struct f_owner_ex fox; struct target_f_owner_ex *target_fox; -@@ -7089,6 +7034,7 @@ static abi_long do_fcntl(int fd, int cmd +@@ -7003,6 +6948,7 @@ static abi_long do_fcntl(int fd, int cmd, abi_ulong arg) switch(cmd) { case TARGET_F_GETLK: @@ -207,7 +206,7 @@ Index: qemu-8.0.0/linux-user/syscall.c ret = copy_from_user_flock(&fl64, arg); if (ret) { return ret; -@@ -7098,32 +7044,11 @@ static abi_long do_fcntl(int fd, int cmd +@@ -7012,32 +6958,11 @@ static abi_long do_fcntl(int fd, int cmd, abi_ulong arg) ret = copy_to_user_flock(arg, &fl64); } break; @@ -241,7 +240,7 @@ Index: qemu-8.0.0/linux-user/syscall.c if (ret) { return ret; } -@@ -7348,7 +7273,7 @@ static inline abi_long target_truncate64 +@@ -7266,7 +7191,7 @@ static inline abi_long target_truncate64(CPUArchState *cpu_env, const char *arg1 arg2 = arg3; arg3 = arg4; } @@ -250,7 +249,7 @@ Index: qemu-8.0.0/linux-user/syscall.c } #endif -@@ -7362,7 +7287,7 @@ static inline abi_long target_ftruncate6 +@@ -7280,7 +7205,7 @@ static inline abi_long target_ftruncate64(CPUArchState *cpu_env, abi_long arg1, arg2 = arg3; arg3 = arg4; } @@ -259,7 +258,7 @@ Index: qemu-8.0.0/linux-user/syscall.c } #endif -@@ -8598,7 +8523,7 @@ static int do_getdents(abi_long dirfd, a +@@ -8639,7 +8564,7 @@ static int do_getdents(abi_long dirfd, abi_long arg2, abi_long count) void *tdirp; int hlen, hoff, toff; int hreclen, treclen; @@ -268,7 +267,7 @@ Index: qemu-8.0.0/linux-user/syscall.c hdirp = g_try_malloc(count); if (!hdirp) { -@@ -8651,7 +8576,7 @@ static int do_getdents(abi_long dirfd, a +@@ -8692,7 +8617,7 @@ static int do_getdents(abi_long dirfd, abi_long arg2, abi_long count) * Return what we have, resetting the file pointer to the * location of the first record not returned. */ @@ -277,7 +276,7 @@ Index: qemu-8.0.0/linux-user/syscall.c break; } -@@ -8685,7 +8610,7 @@ static int do_getdents64(abi_long dirfd, +@@ -8726,7 +8651,7 @@ static int do_getdents64(abi_long dirfd, abi_long arg2, abi_long count) void *tdirp; int hlen, hoff, toff; int hreclen, treclen; @@ -286,7 +285,7 @@ Index: qemu-8.0.0/linux-user/syscall.c hdirp = g_try_malloc(count); if (!hdirp) { -@@ -8727,7 +8652,7 @@ static int do_getdents64(abi_long dirfd, +@@ -8768,7 +8693,7 @@ static int do_getdents64(abi_long dirfd, abi_long arg2, abi_long count) * Return what we have, resetting the file pointer to the * location of the first record not returned. */ @@ -295,7 +294,7 @@ Index: qemu-8.0.0/linux-user/syscall.c break; } -@@ -11158,7 +11083,7 @@ static abi_long do_syscall1(CPUArchState +@@ -11399,7 +11324,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, return -TARGET_EFAULT; } } @@ -304,7 +303,7 @@ Index: qemu-8.0.0/linux-user/syscall.c unlock_user(p, arg2, ret); return ret; case TARGET_NR_pwrite64: -@@ -11175,7 +11100,7 @@ static abi_long do_syscall1(CPUArchState +@@ -11416,7 +11341,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, return -TARGET_EFAULT; } } @@ -313,7 +312,7 @@ Index: qemu-8.0.0/linux-user/syscall.c unlock_user(p, arg2, 0); return ret; #endif -@@ -11998,14 +11923,14 @@ static abi_long do_syscall1(CPUArchState +@@ -12276,14 +12201,14 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, case TARGET_NR_fcntl64: { int cmd; @@ -333,7 +332,7 @@ Index: qemu-8.0.0/linux-user/syscall.c } #endif -@@ -12015,7 +11940,7 @@ static abi_long do_syscall1(CPUArchState +@@ -12293,7 +12218,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, } switch(arg2) { @@ -342,7 +341,7 @@ Index: qemu-8.0.0/linux-user/syscall.c ret = copyfrom(&fl, arg3); if (ret) { break; -@@ -12026,8 +11951,8 @@ static abi_long do_syscall1(CPUArchState +@@ -12304,8 +12229,8 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, } break; diff --git a/meta/recipes-devtools/qemu/qemu/0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch b/meta/recipes-devtools/qemu/qemu/0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch index 3f01aaa644..8e82a44dbf 100644 --- a/meta/recipes-devtools/qemu/qemu/0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch +++ b/meta/recipes-devtools/qemu/qemu/0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch @@ -1,7 +1,7 @@ -From 5bf65b24414d3ff8339f6f1beb221c7c35c91e5d Mon Sep 17 00:00:00 2001 +From cb2f4337f0e04ea68815817e2fd8b5bb512f87e3 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 28 Feb 2024 10:25:15 -1000 -Subject: [PATCH 2/5] linux-user/loongarch64: Remove TARGET_FORCE_SHMLBA +Subject: [PATCH] linux-user/loongarch64: Remove TARGET_FORCE_SHMLBA The kernel abi was changed with @@ -38,6 +38,3 @@ index 8b5de5212..39f229bb9 100644 -} - #endif --- -2.34.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0003-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0003-apic-fixup-fallthrough-to-PIC.patch index e85f8202e9..a604582d05 100644 --- a/meta/recipes-devtools/qemu/qemu/0003-apic-fixup-fallthrough-to-PIC.patch +++ b/meta/recipes-devtools/qemu/qemu/0003-apic-fixup-fallthrough-to-PIC.patch @@ -1,7 +1,7 @@ -From dc2a8ccd440ee3741b61606eafed3f7e092f4312 Mon Sep 17 00:00:00 2001 +From 691f1873d554b807afd0bd96b6c28f7053c1a407 Mon Sep 17 00:00:00 2001 From: Mark Asselstine Date: Tue, 26 Feb 2013 11:43:28 -0500 -Subject: [PATCH 03/12] apic: fixup fallthrough to PIC +Subject: [PATCH] apic: fixup fallthrough to PIC Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC interrupts through the local APIC if the local APIC config says so.] @@ -24,16 +24,15 @@ serviced, is -1. Signed-off-by: Mark Asselstine Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html] Signed-off-by: He Zhe - --- hw/intc/apic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: qemu-8.0.0/hw/intc/apic.c -=================================================================== ---- qemu-8.0.0.orig/hw/intc/apic.c -+++ qemu-8.0.0/hw/intc/apic.c -@@ -607,7 +607,7 @@ int apic_accept_pic_intr(DeviceState *de +diff --git a/hw/intc/apic.c b/hw/intc/apic.c +index ac3d47d23..8978af6ab 100644 +--- a/hw/intc/apic.c ++++ b/hw/intc/apic.c +@@ -607,7 +607,7 @@ int apic_accept_pic_intr(DeviceState *dev) APICCommonState *s = APIC(dev); uint32_t lvt0; diff --git a/meta/recipes-devtools/qemu/qemu/0003-linux-user-Add-strace-for-shmat.patch b/meta/recipes-devtools/qemu/qemu/0003-linux-user-Add-strace-for-shmat.patch index 0c601c804a..4a89ba5e55 100644 --- a/meta/recipes-devtools/qemu/qemu/0003-linux-user-Add-strace-for-shmat.patch +++ b/meta/recipes-devtools/qemu/qemu/0003-linux-user-Add-strace-for-shmat.patch @@ -1,7 +1,7 @@ -From e8f06676c6c88e12cd5f4f81a839b7111c683596 Mon Sep 17 00:00:00 2001 +From 943b8ec0cc90a0f6fb35d7e44d2aa9443962bdd7 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 28 Feb 2024 10:25:16 -1000 -Subject: [PATCH 3/5] linux-user: Add strace for shmat +Subject: [PATCH] linux-user: Add strace for shmat Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html] @@ -66,6 +66,3 @@ index 6655d4f26..dfd4237d1 100644 #endif #ifdef TARGET_NR_shmctl { TARGET_NR_shmctl, "shmctl" , NULL, NULL, NULL }, --- -2.34.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0004-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta/recipes-devtools/qemu/qemu/0004-configure-Add-pkg-config-handling-for-libgcrypt.patch index f981a64a54..38491c2f8a 100644 --- a/meta/recipes-devtools/qemu/qemu/0004-configure-Add-pkg-config-handling-for-libgcrypt.patch +++ b/meta/recipes-devtools/qemu/qemu/0004-configure-Add-pkg-config-handling-for-libgcrypt.patch @@ -1,7 +1,7 @@ -From d8265abdce5dc2bf74b3fccdf2b7257b4f3894f0 Mon Sep 17 00:00:00 2001 +From 3d493e38fb9cf6c561a216e491cae4166d00c26d Mon Sep 17 00:00:00 2001 From: He Zhe Date: Wed, 28 Aug 2019 19:56:28 +0800 -Subject: [PATCH 04/12] configure: Add pkg-config handling for libgcrypt +Subject: [PATCH] configure: Add pkg-config handling for libgcrypt libgcrypt may also be controlled by pkg-config, this patch adds pkg-config handling for libgcrypt. @@ -9,16 +9,15 @@ handling for libgcrypt. Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg06333.html] Signed-off-by: He Zhe - --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: qemu-8.1.0/meson.build -=================================================================== ---- qemu-8.1.0.orig/meson.build -+++ qemu-8.1.0/meson.build -@@ -1481,7 +1481,7 @@ endif +diff --git a/meson.build b/meson.build +index 6c77d9687..2e3235c92 100644 +--- a/meson.build ++++ b/meson.build +@@ -1497,7 +1497,7 @@ endif if not gnutls_crypto.found() if (not get_option('gcrypt').auto() or have_system) and not get_option('nettle').enabled() gcrypt = dependency('libgcrypt', version: '>=1.8', diff --git a/meta/recipes-devtools/qemu/qemu/0004-linux-user-Rewrite-target_shmat.patch b/meta/recipes-devtools/qemu/qemu/0004-linux-user-Rewrite-target_shmat.patch index 88c3ed40b0..ec1df47389 100644 --- a/meta/recipes-devtools/qemu/qemu/0004-linux-user-Rewrite-target_shmat.patch +++ b/meta/recipes-devtools/qemu/qemu/0004-linux-user-Rewrite-target_shmat.patch @@ -1,7 +1,7 @@ -From cb48d5d1592e63ebd0d4a3e300ef98e38e6306d7 Mon Sep 17 00:00:00 2001 +From 6d5a4dd225ff1c8c9829b2ea4fc99c7761ad9301 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 28 Feb 2024 10:25:17 -1000 -Subject: [PATCH 4/5] linux-user: Rewrite target_shmat +Subject: [PATCH] linux-user: Rewrite target_shmat Handle combined host and guest alignment requirements. Handle host and guest page size differences. @@ -17,10 +17,10 @@ Signed-off-by: Richard Purdie 1 file changed, 133 insertions(+), 33 deletions(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c -index 18fb3aaf7..6a2f649bb 100644 +index 0f8062eec..c9f294263 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c -@@ -1062,69 +1062,161 @@ static inline abi_ulong target_shmlba(CPUArchState *cpu_env) +@@ -1068,69 +1068,161 @@ static inline abi_ulong target_shmlba(CPUArchState *cpu_env) } #endif @@ -214,7 +214,7 @@ index 18fb3aaf7..6a2f649bb 100644 } /* -@@ -1138,7 +1230,15 @@ abi_ulong target_shmat(CPUArchState *cpu_env, int shmid, +@@ -1144,7 +1236,15 @@ abi_ulong target_shmat(CPUArchState *cpu_env, int shmid, tb_flush(cpu); } @@ -231,6 +231,3 @@ index 18fb3aaf7..6a2f649bb 100644 } abi_long target_shmdt(abi_ulong shmaddr) --- -2.34.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-Do-not-include-file-if-not-exists.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-Do-not-include-file-if-not-exists.patch index 38aa4c3bbe..f8de5a321e 100644 --- a/meta/recipes-devtools/qemu/qemu/0005-qemu-Do-not-include-file-if-not-exists.patch +++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-Do-not-include-file-if-not-exists.patch @@ -1,7 +1,7 @@ -From f39e7bfc5ed07b5ecaeb705c4eae4855ca120d47 Mon Sep 17 00:00:00 2001 +From ba8b90c8b8d9365eddb01a2e6d2d986490924ff1 Mon Sep 17 00:00:00 2001 From: Oleksiy Obitotskyy Date: Wed, 25 Mar 2020 21:21:35 +0200 -Subject: [PATCH 05/12] qemu: Do not include file if not exists +Subject: [PATCH] qemu: Do not include file if not exists Script configure checks for if_alg.h and check failed but if_alg.h still included. @@ -11,16 +11,15 @@ Signed-off-by: Oleksiy Obitotskyy [update patch context] Signed-off-by: Sakib Sajal - --- linux-user/syscall.c | 2 ++ 1 file changed, 2 insertions(+) -Index: qemu-8.0.0/linux-user/syscall.c -=================================================================== ---- qemu-8.0.0.orig/linux-user/syscall.c -+++ qemu-8.0.0/linux-user/syscall.c -@@ -115,7 +115,9 @@ +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index e384e1424..02374f84f 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -116,7 +116,9 @@ #include #include #include diff --git a/meta/recipes-devtools/qemu/qemu/0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch b/meta/recipes-devtools/qemu/qemu/0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch index 5afb35ea0c..cbf6b1e545 100644 --- a/meta/recipes-devtools/qemu/qemu/0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch +++ b/meta/recipes-devtools/qemu/qemu/0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch @@ -1,8 +1,7 @@ -From 1234063488134ad1f541f56dd30caa7896905f06 Mon Sep 17 00:00:00 2001 +From 035ba1a39429a47e4e7e68e512d367bab6f7ee7a Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Wed, 28 Feb 2024 10:25:18 -1000 -Subject: [PATCH 5/5] tests/tcg: Check that shmat() does not break - /proc/self/maps +Subject: [PATCH] tests/tcg: Check that shmat() does not break /proc/self/maps Add a regression test for a recently fixed issue, where shmat() desynced the guest and the host view of the address space and caused @@ -80,6 +79,3 @@ index 000000000..0ccf7a973 + + return EXIT_SUCCESS; +} --- -2.34.1 - diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch index 5d1d7c6881..b6036a4591 100644 --- a/meta/recipes-devtools/qemu/qemu/0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch +++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch @@ -1,8 +1,7 @@ -From 375cae3dd6151ef33cae8f243f6a2c2da6c0c356 Mon Sep 17 00:00:00 2001 +From 21400b2742731a1fe29392ee6ed0d759efa952ef Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Fri, 8 Jan 2021 17:27:06 +0000 -Subject: [PATCH 06/12] qemu: Add some user space mmap tweaks to address musl - 32 bit +Subject: [PATCH] qemu: Add some user space mmap tweaks to address musl 32 bit When using qemu-i386 to build qemux86 webkitgtk on musl, it sits in an infinite loop of mremap calls of ever decreasing/increasing addresses. @@ -18,16 +17,15 @@ rather than ENOMEM so adjust the other part of the test to this. Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg01355.html] Signed-off-by: Richard Purdie Date: Mon, 1 Mar 2021 13:00:47 +0000 -Subject: [PATCH 07/12] qemu: Determinism fixes +Subject: [PATCH] qemu: Determinism fixes When sources are included within debug information, a couple of areas of the qemu build are not reproducible due to either full buildpaths or timestamps. @@ -11,16 +11,15 @@ meson to pass relative paths but we can fix that in the script. Upstream-Status: Pending [some version of all/part of this may be accepted] RP 2021/3/1 - --- scripts/decodetree.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: qemu-8.0.0/scripts/decodetree.py -=================================================================== ---- qemu-8.0.0.orig/scripts/decodetree.py -+++ qemu-8.0.0/scripts/decodetree.py -@@ -1328,7 +1328,7 @@ def main(): +diff --git a/scripts/decodetree.py b/scripts/decodetree.py +index e8b72da3a..5cd86b142 100644 +--- a/scripts/decodetree.py ++++ b/scripts/decodetree.py +@@ -1558,7 +1558,7 @@ def main(): toppat = ExcMultiPattern(0) for filename in args: diff --git a/meta/recipes-devtools/qemu/qemu/0008-tests-meson.build-use-relative-path-to-refer-to-file.patch b/meta/recipes-devtools/qemu/qemu/0008-tests-meson.build-use-relative-path-to-refer-to-file.patch index a84364ccc1..032c9e1ca9 100644 --- a/meta/recipes-devtools/qemu/qemu/0008-tests-meson.build-use-relative-path-to-refer-to-file.patch +++ b/meta/recipes-devtools/qemu/qemu/0008-tests-meson.build-use-relative-path-to-refer-to-file.patch @@ -1,7 +1,7 @@ -From 2bf9388b801d4389e2d57e95a7897bfc1c42786e Mon Sep 17 00:00:00 2001 +From d8e2cc23eb43629e84734f272f649e3a982ea65f Mon Sep 17 00:00:00 2001 From: Changqing Li Date: Thu, 14 Jan 2021 06:33:04 +0000 -Subject: [PATCH 08/12] tests/meson.build: use relative path to refer to files +Subject: [PATCH] tests/meson.build: use relative path to refer to files Fix error like: Fatal error: can't create tests/ptimer-test.p/..._qemu-5.2.0_hw_core_ptimer.c.o: File name too long @@ -12,16 +12,15 @@ filename too long. Fixed by using relative path to refer to files Upstream-Status: Submitted [send to qemu-devel] Signed-off-by: Changqing Li - --- tests/unit/meson.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -Index: qemu-8.0.0/tests/unit/meson.build -=================================================================== ---- qemu-8.0.0.orig/tests/unit/meson.build -+++ qemu-8.0.0/tests/unit/meson.build -@@ -46,7 +46,7 @@ tests = { +diff --git a/tests/unit/meson.build b/tests/unit/meson.build +index a05d47109..f258c7cbd 100644 +--- a/tests/unit/meson.build ++++ b/tests/unit/meson.build +@@ -47,7 +47,7 @@ tests = { 'test-keyval': [testqapi], 'test-logging': [], 'test-uuid': [], @@ -30,7 +29,7 @@ Index: qemu-8.0.0/tests/unit/meson.build 'test-qapi-util': [], 'test-interval-tree': [], 'test-xs-node': [qom], -@@ -136,7 +136,7 @@ if have_system +@@ -138,7 +138,7 @@ if have_system 'test-util-sockets': ['socket-helpers.c'], 'test-base64': [], 'test-bufferiszero': [], diff --git a/meta/recipes-devtools/qemu/qemu/0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch b/meta/recipes-devtools/qemu/qemu/0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch index 4de6cc2445..9154db7cae 100644 --- a/meta/recipes-devtools/qemu/qemu/0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch +++ b/meta/recipes-devtools/qemu/qemu/0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch @@ -1,7 +1,7 @@ -From ebf4bb2f51da83af0c61480414cfa156f7308b34 Mon Sep 17 00:00:00 2001 +From b5def3771fe757559a0225da3cefa178a95d8af2 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 21 Mar 2022 10:09:38 -0700 -Subject: [PATCH 09/12] Define MAP_SYNC and MAP_SHARED_VALIDATE on needed linux +Subject: [PATCH] Define MAP_SYNC and MAP_SHARED_VALIDATE on needed linux systems linux only wires MAP_SYNC and MAP_SHARED_VALIDATE for architectures @@ -13,15 +13,14 @@ Upstream-Status: Submitted [https://lists.nongnu.org/archive/html/qemu-devel/202 Signed-off-by: Khem Raj Cc: Zhang Yi Cc: Michael S. Tsirkin - --- util/mmap-alloc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) -Index: qemu-8.0.0/util/mmap-alloc.c -=================================================================== ---- qemu-8.0.0.orig/util/mmap-alloc.c -+++ qemu-8.0.0/util/mmap-alloc.c +diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c +index ed14f9c64..038f5b4b5 100644 +--- a/util/mmap-alloc.c ++++ b/util/mmap-alloc.c @@ -10,14 +10,18 @@ * later. See the COPYING file in the top-level directory. */ diff --git a/meta/recipes-devtools/qemu/qemu/0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch b/meta/recipes-devtools/qemu/qemu/0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch index 6caf35b634..329a15bd90 100644 --- a/meta/recipes-devtools/qemu/qemu/0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch +++ b/meta/recipes-devtools/qemu/qemu/0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch @@ -1,12 +1,12 @@ -CVE: CVE-2022-1050 -Upstream-Status: Submitted [https://lore.kernel.org/qemu-devel/20220403095234.2210-1-yuval.shaia.ml@gmail.com/] -Signed-off-by: Ross Burton - -From dbdef95c272e8f3ec037c3db4197c66002e30995 Mon Sep 17 00:00:00 2001 +From 582a41ba31945895b039dedf500dbbeef68c074a Mon Sep 17 00:00:00 2001 From: Yuval Shaia Date: Sun, 3 Apr 2022 12:52:34 +0300 Subject: [PATCH] hw/pvrdma: Protect against buggy or malicious guest driver +CVE: CVE-2022-1050 +Upstream-Status: Submitted [https://lore.kernel.org/qemu-devel/20220403095234.2210-1-yuval.shaia.ml@gmail.com/] +Signed-off-by: Ross Burton + Guest driver might execute HW commands when shared buffers are not yet allocated. This could happen on purpose (malicious guest) or because of some other @@ -21,11 +21,11 @@ Signed-off-by: Yuval Shaia hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++ 1 file changed, 6 insertions(+) -Index: qemu-8.0.0/hw/rdma/vmw/pvrdma_cmd.c -=================================================================== ---- qemu-8.0.0.orig/hw/rdma/vmw/pvrdma_cmd.c -+++ qemu-8.0.0/hw/rdma/vmw/pvrdma_cmd.c -@@ -782,6 +782,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev) +diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c +index d385d18d9..116adddec 100644 +--- a/hw/rdma/vmw/pvrdma_cmd.c ++++ b/hw/rdma/vmw/pvrdma_cmd.c +@@ -786,6 +786,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev) goto out; } diff --git a/meta/recipes-devtools/qemu/qemu/0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch b/meta/recipes-devtools/qemu/qemu/0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch index cc53b1eedd..514500f979 100644 --- a/meta/recipes-devtools/qemu/qemu/0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch +++ b/meta/recipes-devtools/qemu/qemu/0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch @@ -1,7 +1,7 @@ -From fa9bcabe2387bb230ef82d62827ad6f93b8a1e61 Mon Sep 17 00:00:00 2001 +From 2af56942c7d0fec740ff1fafa61d325017b72f11 Mon Sep 17 00:00:00 2001 From: Frederic Konrad Date: Wed, 17 Jan 2024 18:15:06 +0000 -Subject: [PATCH 1/2] linux-user/*: workaround for missing MAP_FIXED_NOREPLACE +Subject: [PATCH] linux-user/*: workaround for missing MAP_FIXED_NOREPLACE QEMU v8.1.0 recently requires MAP_FIXED_NOREPLACE flags implementation for mmap. @@ -34,16 +34,16 @@ Signed-off-by: Mark Hatle linux-user/meson.build | 1 + linux-user/mmap-fixed.c | 63 +++++++++++++++++++++++++++++++++++++++++ linux-user/mmap-fixed.h | 39 +++++++++++++++++++++++++ - linux-user/mmap.c | 31 +++++++++++--------- + linux-user/mmap.c | 27 ++++++++++-------- linux-user/syscall.c | 1 + - 6 files changed, 125 insertions(+), 17 deletions(-) + 6 files changed, 123 insertions(+), 15 deletions(-) create mode 100644 linux-user/mmap-fixed.c create mode 100644 linux-user/mmap-fixed.h -Index: qemu-8.2.1/linux-user/elfload.c -=================================================================== ---- qemu-8.2.1.orig/linux-user/elfload.c -+++ qemu-8.2.1/linux-user/elfload.c +diff --git a/linux-user/elfload.c b/linux-user/elfload.c +index cf9e74468..ffd7e469d 100644 +--- a/linux-user/elfload.c ++++ b/linux-user/elfload.c @@ -22,6 +22,7 @@ #include "qemu/error-report.h" #include "target_signal.h" @@ -52,7 +52,7 @@ Index: qemu-8.2.1/linux-user/elfload.c #ifdef TARGET_ARM #include "target/arm/cpu-features.h" -@@ -2765,9 +2766,9 @@ static abi_ulong create_elf_tables(abi_u +@@ -2765,9 +2766,9 @@ static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, static int pgb_try_mmap(uintptr_t addr, uintptr_t addr_last, bool keep) { size_t size = addr_last - addr + 1; @@ -65,10 +65,10 @@ Index: qemu-8.2.1/linux-user/elfload.c int ret; if (p == MAP_FAILED) { -Index: qemu-8.2.1/linux-user/meson.build -=================================================================== ---- qemu-8.2.1.orig/linux-user/meson.build -+++ qemu-8.2.1/linux-user/meson.build +diff --git a/linux-user/meson.build b/linux-user/meson.build +index bc41e8c3b..e34c76621 100644 +--- a/linux-user/meson.build ++++ b/linux-user/meson.build @@ -14,6 +14,7 @@ linux_user_ss.add(files( 'linuxload.c', 'main.c', @@ -77,10 +77,11 @@ Index: qemu-8.2.1/linux-user/meson.build 'signal.c', 'strace.c', 'syscall.c', -Index: qemu-8.2.1/linux-user/mmap-fixed.c -=================================================================== +diff --git a/linux-user/mmap-fixed.c b/linux-user/mmap-fixed.c +new file mode 100644 +index 000000000..d9e580880 --- /dev/null -+++ qemu-8.2.1/linux-user/mmap-fixed.c ++++ b/linux-user/mmap-fixed.c @@ -0,0 +1,63 @@ +/* + * Workaround for MAP_FIXED_NOREPLACE @@ -145,10 +146,11 @@ Index: qemu-8.2.1/linux-user/mmap-fixed.c +} + +#endif -Index: qemu-8.2.1/linux-user/mmap-fixed.h -=================================================================== +diff --git a/linux-user/mmap-fixed.h b/linux-user/mmap-fixed.h +new file mode 100644 +index 000000000..ef6eef511 --- /dev/null -+++ qemu-8.2.1/linux-user/mmap-fixed.h ++++ b/linux-user/mmap-fixed.h @@ -0,0 +1,39 @@ +/* + * Workaround for MAP_FIXED_NOREPLACE @@ -189,10 +191,10 @@ Index: qemu-8.2.1/linux-user/mmap-fixed.h +#endif /* MAP_FIXED_NOREPLACE */ + +#endif /* MMAP_FIXED_H */ -Index: qemu-8.2.1/linux-user/mmap.c -=================================================================== ---- qemu-8.2.1.orig/linux-user/mmap.c -+++ qemu-8.2.1/linux-user/mmap.c +diff --git a/linux-user/mmap.c b/linux-user/mmap.c +index c9f294263..058f22ff7 100644 +--- a/linux-user/mmap.c ++++ b/linux-user/mmap.c @@ -25,6 +25,7 @@ #include "user-mmap.h" #include "target_mman.h" @@ -201,7 +203,7 @@ Index: qemu-8.2.1/linux-user/mmap.c #ifdef TARGET_ARM #include "target/arm/cpu-features.h" -@@ -273,7 +274,7 @@ int target_mprotect(abi_ulong start, abi +@@ -273,7 +274,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int target_prot) static int do_munmap(void *addr, size_t len) { if (reserved_va) { @@ -210,7 +212,7 @@ Index: qemu-8.2.1/linux-user/mmap.c MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0); return ptr == addr ? 0 : -1; -@@ -319,9 +320,9 @@ static bool mmap_frag(abi_ulong real_sta +@@ -319,9 +320,9 @@ static bool mmap_frag(abi_ulong real_start, abi_ulong start, abi_ulong last, * outside of the fragment we need to map. Allocate a new host * page to cover, discarding whatever else may have been present. */ @@ -223,7 +225,7 @@ Index: qemu-8.2.1/linux-user/mmap.c if (p != host_start) { if (p != MAP_FAILED) { munmap(p, qemu_host_page_size); -@@ -420,8 +421,9 @@ abi_ulong mmap_find_vma(abi_ulong start, +@@ -420,8 +421,9 @@ abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size, abi_ulong align) * - mremap() with MREMAP_FIXED flag * - shmat() with SHM_REMAP flag */ @@ -235,7 +237,7 @@ Index: qemu-8.2.1/linux-user/mmap.c /* ENOMEM, if host address space has no memory */ if (ptr == MAP_FAILED) { -@@ -615,16 +617,16 @@ abi_long target_mmap(abi_ulong start, ab +@@ -615,16 +617,16 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int target_prot, * especially important if qemu_host_page_size > * qemu_real_host_page_size. */ @@ -256,7 +258,7 @@ Index: qemu-8.2.1/linux-user/mmap.c if (p == MAP_FAILED) { munmap(g2h_untagged(start), host_len); goto fail; -@@ -749,8 +751,9 @@ abi_long target_mmap(abi_ulong start, ab +@@ -749,8 +751,9 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int target_prot, len1 = real_last - real_start + 1; want_p = g2h_untagged(real_start); @@ -268,10 +270,10 @@ Index: qemu-8.2.1/linux-user/mmap.c if (p != want_p) { if (p != MAP_FAILED) { munmap(p, len1); -Index: qemu-8.2.1/linux-user/syscall.c -=================================================================== ---- qemu-8.2.1.orig/linux-user/syscall.c -+++ qemu-8.2.1/linux-user/syscall.c +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index 0ce3efd07..538cba33b 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c @@ -145,6 +145,7 @@ #include "qapi/error.h" #include "fd-trans.h" diff --git a/meta/recipes-devtools/qemu/qemu/0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch b/meta/recipes-devtools/qemu/qemu/0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch index 48034a4680..b6d18bcb40 100644 --- a/meta/recipes-devtools/qemu/qemu/0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch +++ b/meta/recipes-devtools/qemu/qemu/0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch @@ -1,7 +1,7 @@ -From 5c73e53997df800a742f9cd7355f3045861984bb Mon Sep 17 00:00:00 2001 +From b13cbe6b98c1768cebf42953c01f9dcd19aff3a2 Mon Sep 17 00:00:00 2001 From: Frederic Konrad Date: Thu, 18 Jan 2024 10:43:44 +0000 -Subject: [PATCH 2/2] linux-user/*: workaround for missing MAP_SHARED_VALIDATE +Subject: [PATCH] linux-user/*: workaround for missing MAP_SHARED_VALIDATE QEMU v8.1.0 recently requires MAP_SHARED_VALIDATE flags implementation for mmap. @@ -32,7 +32,7 @@ Signed-off-by: Mark Hatle 1 file changed, 4 insertions(+) diff --git a/linux-user/mmap-fixed.h b/linux-user/mmap-fixed.h -index ef6eef5114..ec86586c1f 100644 +index ef6eef511..ec86586c1 100644 --- a/linux-user/mmap-fixed.h +++ b/linux-user/mmap-fixed.h @@ -26,6 +26,10 @@ @@ -46,6 +46,3 @@ index ef6eef5114..ec86586c1f 100644 #ifndef MAP_FIXED_NOREPLACE #define MAP_FIXED_NOREPLACE 0x100000 --- -2.34.1 - diff --git a/meta/recipes-devtools/qemu/qemu/4a8579ad8629b57a43daa62e46cc7af6e1078116.patch b/meta/recipes-devtools/qemu/qemu/4a8579ad8629b57a43daa62e46cc7af6e1078116.patch index 5ad859ebe6..133240e1c0 100644 --- a/meta/recipes-devtools/qemu/qemu/4a8579ad8629b57a43daa62e46cc7af6e1078116.patch +++ b/meta/recipes-devtools/qemu/qemu/4a8579ad8629b57a43daa62e46cc7af6e1078116.patch @@ -1,4 +1,4 @@ -From 4a8579ad8629b57a43daa62e46cc7af6e1078116 Mon Sep 17 00:00:00 2001 +From fe71eaf636560ec61622addf98ca35eef247b96b Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Tue, 13 Feb 2024 10:20:27 -1000 Subject: [PATCH] linux-user: Split out do_munmap @@ -15,10 +15,10 @@ Signed-off-by: Richard Henderson 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c -index 1bbfeb25b14..8ebcca44444 100644 +index 90ceeb894..0f8062eec 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c -@@ -267,6 +267,21 @@ int target_mprotect(abi_ulong start, abi_ulong len, int target_prot) +@@ -266,6 +266,21 @@ int target_mprotect(abi_ulong start, abi_ulong len, int target_prot) return ret; } @@ -40,7 +40,7 @@ index 1bbfeb25b14..8ebcca44444 100644 /* map an incomplete host page */ static bool mmap_frag(abi_ulong real_start, abi_ulong start, abi_ulong last, int prot, int flags, int fd, off_t offset) -@@ -854,13 +869,7 @@ static int mmap_reserve_or_unmap(abi_ulong start, abi_ulong len) +@@ -836,13 +851,7 @@ static int mmap_reserve_or_unmap(abi_ulong start, abi_ulong len) real_len = real_last - real_start + 1; host_start = g2h_untagged(real_start); @@ -55,6 +55,3 @@ index 1bbfeb25b14..8ebcca44444 100644 } int target_munmap(abi_ulong start, abi_ulong len) --- -GitLab - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch deleted file mode 100644 index 732cb6af18..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 405484b29f6548c7b86549b0f961b906337aa68a Mon Sep 17 00:00:00 2001 -From: Fiona Ebner -Date: Wed, 24 Jan 2024 11:57:48 +0100 -Subject: [PATCH] ui/clipboard: mark type as not available when there is no - data -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -With VNC, a client can send a non-extended VNC_MSG_CLIENT_CUT_TEXT -message with len=0. In qemu_clipboard_set_data(), the clipboard info -will be updated setting data to NULL (because g_memdup(data, size) -returns NULL when size is 0). If the client does not set the -VNC_ENCODING_CLIPBOARD_EXT feature when setting up the encodings, then -the 'request' callback for the clipboard peer is not initialized. -Later, because data is NULL, qemu_clipboard_request() can be reached -via vdagent_chr_write() and vdagent_clipboard_recv_request() and -there, the clipboard owner's 'request' callback will be attempted to -be called, but that is a NULL pointer. - -In particular, this can happen when using the KRDC (22.12.3) VNC -client. - -Another scenario leading to the same issue is with two clients (say -noVNC and KRDC): - -The noVNC client sets the extension VNC_FEATURE_CLIPBOARD_EXT and -initializes its cbpeer. - -The KRDC client does not, but triggers a vnc_client_cut_text() (note -it's not the _ext variant)). There, a new clipboard info with it as -the 'owner' is created and via qemu_clipboard_set_data() is called, -which in turn calls qemu_clipboard_update() with that info. - -In qemu_clipboard_update(), the notifier for the noVNC client will be -called, i.e. vnc_clipboard_notify() and also set vs->cbinfo for the -noVNC client. The 'owner' in that clipboard info is the clipboard peer -for the KRDC client, which did not initialize the 'request' function. -That sounds correct to me, it is the owner of that clipboard info. - -Then when noVNC sends a VNC_MSG_CLIENT_CUT_TEXT message (it did set -the VNC_FEATURE_CLIPBOARD_EXT feature correctly, so a check for it -passes), that clipboard info is passed to qemu_clipboard_request() and -the original segfault still happens. - -Fix the issue by handling updates with size 0 differently. In -particular, mark in the clipboard info that the type is not available. - -While at it, switch to g_memdup2(), because g_memdup() is deprecated. - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2023-6683 -Reported-by: Markus Frank -Suggested-by: Marc-André Lureau -Signed-off-by: Fiona Ebner -Reviewed-by: Marc-André Lureau -Tested-by: Markus Frank -Message-ID: <20240124105749.204610-1-f.ebner@proxmox.com> - -CVE: CVE-2023-6683 - -Upstream-Status: Backport [https://github.com/qemu/qemu/commit/405484b29f6548c7b86549b0f961b906337aa68a] -Signed-off-by: Simone Weiß - ---- - ui/clipboard.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/ui/clipboard.c b/ui/clipboard.c -index 3d14bffaf80f..b3f6fa3c9e1f 100644 ---- a/ui/clipboard.c -+++ b/ui/clipboard.c -@@ -163,9 +163,15 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer, - } - - g_free(info->types[type].data); -- info->types[type].data = g_memdup(data, size); -- info->types[type].size = size; -- info->types[type].available = true; -+ if (size) { -+ info->types[type].data = g_memdup2(data, size); -+ info->types[type].size = size; -+ info->types[type].available = true; -+ } else { -+ info->types[type].data = NULL; -+ info->types[type].size = 0; -+ info->types[type].available = false; -+ } - - if (update) { - qemu_clipboard_update(info); diff --git a/meta/recipes-devtools/qemu/qemu/fixedmeson.patch b/meta/recipes-devtools/qemu/qemu/fixedmeson.patch index 9047f66dc3..a847ca9824 100644 --- a/meta/recipes-devtools/qemu/qemu/fixedmeson.patch +++ b/meta/recipes-devtools/qemu/qemu/fixedmeson.patch @@ -1,9 +1,17 @@ +From 37dfccd805920113f1e8cd6d5e329367e44d3aa3 Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Thu, 24 Aug 2023 16:41:20 +0100 +Subject: [PATCH] qemu: Upgrade 8.0.4 -> 8.1.0 + Upstream-Status: Inappropriate [workaround, would need a real fix for upstream] +--- + configure | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) -Index: qemu-8.2.0/configure -=================================================================== ---- qemu-8.2.0.orig/configure -+++ qemu-8.2.0/configure +diff --git a/configure b/configure +index d3ab43604..430799662 100755 +--- a/configure ++++ b/configure @@ -955,12 +955,7 @@ fi $mkvenv ensuregroup --dir "${source_path}/python/wheels" \ ${source_path}/pythondeps.toml meson || exit 1 diff --git a/meta/recipes-devtools/qemu/qemu/no-pip.patch b/meta/recipes-devtools/qemu/qemu/no-pip.patch index 92b2edbe9f..54467af112 100644 --- a/meta/recipes-devtools/qemu/qemu/no-pip.patch +++ b/meta/recipes-devtools/qemu/qemu/no-pip.patch @@ -1,4 +1,7 @@ -qemu: Ensure pip and the python venv aren't used for meson +From a499c1821400aca6cff720533b8b3331901c51ff Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Tue, 19 Dec 2023 21:24:57 +0000 +Subject: [PATCH] qemu: Ensure pip and the python venv aren't used for meson Qemu wants to use a supported python version and a specific meson version to "help" users and uses pip and creates a venv to do this. This is a nightmare @@ -21,11 +24,14 @@ as it stands is a workaround. Upstream-Status: Inappropriate [oe specific] Signed-off-by: Richard Purdie +--- + configure | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) -Index: qemu-8.2.0/configure -=================================================================== ---- qemu-8.2.0.orig/configure -+++ qemu-8.2.0/configure +diff --git a/configure b/configure +index 430799662..b9f765dfa 100755 +--- a/configure ++++ b/configure @@ -937,7 +937,7 @@ python="$(command -v "$python")" echo "python determined to be '$python'" echo "python version: $($python --version)" diff --git a/meta/recipes-devtools/qemu/qemu_8.2.1.bb b/meta/recipes-devtools/qemu/qemu_8.2.2.bb similarity index 100% rename from meta/recipes-devtools/qemu/qemu_8.2.1.bb rename to meta/recipes-devtools/qemu/qemu_8.2.2.bb