Age | Commit message (Collapse) | Author |
|
Fixes CVE-2018-18954, CVE-2019-3812, CVE-2019-6778, and CVE-2019-8934.
Also deleted duplicated patch and cleanup.
Signed-off-by: Dan Tran <dantran@microsoft.com>
[fixup for thud-next]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The build fails on qemu-native if we're using kernels after commit
0768e17073dc527ccd18ed5f96ce85f9985e9115. This adds an upstream
patch that fixes the issue.
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Refactoried for thud context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: qemu.org
MR: 98623
Type: Security Fix
Disposition: Backport from qemu.org
ChangeID: 03b3f28e5860ef1cb9f58dce89f252bd7ed59f37
Description:
Fixes both CVE-2018-20815 and CVE-2019-9824
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: qemu.org
MR: 98382
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
ChangeID: e4e5983ec1fa489eb8a0db08d1afa0606e59dde3
Description:
Fixes CVE-2019-12155
Affects: <= 4.0.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Source: Qemu.org
MR: 97453
Type: Security Fix
Disposition: Backport from git.qemu.org/gemu.git
ChangeID: a06fcb432d447cec2ed1caf112822dd1b4831ace
Description:
In the spirt of YP Compatible, sending change upstream.
fixes CVE CVE-2018-19489
Affect < = 4.0.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: qemu.org
MR: 97258, 97342, 97438, 97443
Type: Security Fix
Disposition: Backport from git.qemu.org/qemu.git
ChangeID: a5e9fd03ca5bebc880dcc3c4567e10a9ae47dba5
Description:
These issues affect qemu < 3.1.0
Fixes:
CVE-2018-16867
CVE-2018-16872
CVE-2018-18849
CVE-2018-19364
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* drop patches which are now included upstream
* revert "linux-user: fix mmap/munmap/mprotect/mremap/shma" which is
causing
0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
to stop working and qemu-i386 hanging during gobject-introspection in
webkitgtk when building for qemux86 with musl
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
During Qemu guest migration, a destination process invokes ps2
post_load function. In that, if 'rptr' and 'count' values were
invalid, it could lead to OOB access or infinite loop issue.
Add check to avoid it.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch chardev-connect-socket-to-a-spawned-command.patch calls
"socketpair". This function is missing in mingw, so the patch
needs to be modified accordingly (by conditional compilation using
_WIN32 macro where appropriate), otherwise we end up with a broken
mingw build.
While it is possible to simply remove the whole patch for mingw build
(via a .bbappend file in meta-mingw), it makes more sense to modify
the patch itself.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport fix from qemu mainline for intermediate qemuarm64 hang
issue. Root caused in OE environment, issue with aarch64 qemu
logic of executing instructions that reenabe interrupts. See patch
commit message for more details.
Upstream-Status: Backport
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Due to patch fuzz it was applied again in a different place.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Bump the QEMU version to the bug fix release of 2.11.1 and remove the
patches that are no longer required.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to
be vulnerable to an unbounded memory allocation issue, as it did not throttle
the framebuffer updates sent to its client. If the client did not consume these
updates, VNC server allocates growing memory to hold onto this data. A malicious
remote VNC client could use this flaw to cause DoS to the server host.
Backport a series of patches from upstream to resolve this.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
glibc 2.27 has added memfd_create() but this conflicts with a copy in qemu, so
take a patch from upstream to fix building with glibc 2.27.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use the latest QEMU release 2.11. Remove all patches that are no longer
required as they have been merged into the 2.11 releaese. One patch had
to be updated to apply to the 2.11 tree.
This also applies a linux user patch to avoid webkitgtk build hangs.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Virtio Vring implementation in QEMU allows local OS guest users to
cause a denial of service (divide-by-zero error and QEMU process crash)
by unsetting vring alignment while updating Virtio rings.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-17381
Upstream patch:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=758ead31c7e17bf17a9ef2e0ca1c3e86ab296b43
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch chardev-connect-socket-to-a-spawned-command.patch calls
"socketpair". This function is missing in mingw, so the patch
needs to be modified accordingly, otherwise we end up with a broken
mingw build.
While it is possible to simply remove the patch on a recipe level for
mingw platform, it makes more sense to modify the patch itself.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream finally accepted and merged a different approach for
connecting QEMU to swtpm: instead of a custom cuse-tpm device, a
normal chardev connects to swtpm, and that chardev then is used by the
TPM device. For now we have to backport those patches, but the next
major QEMU update will have them.
However, the chardev-connect-socket-to-a-spawned-command.patch is
something that OE will have to carry permanently. It simplifies
starting and stopping swtpm when invoking QEMU through runqemu without
having to teach that script about the additional process. Upstream
rejected the patch because they want to keep the complexity of
starting additional processes out of QEMU.
A recent enough swtpm is needed. The one currently used by
meta-security fails to communicate properly with QEMU, leading to this
failure:
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Failed to send CMD_SET_DATAFD: Input/output error
qemu-system-x86_64: -tpmdev emulator,id=tpm0,chardev=chrtpm0: tpm-emulator: Could not cleanly shutdown the TPM: Invalid argument
With a recent enough swtpm, one can create a TPM device like this:
- bitbake swtpm-native
- create a TPM instance and initialize it with:
$ mkdir -p my-machine/myvtpm0
$ tmp*/work/*/swtpm-wrappers-native/*/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
Starting vTPM manufacturing as root:root @ Wed 06 Dec 2017 10:03:14 AM CET
TPM is listening on TCP port 34613.
Successfully created EK.
Successfully authored TPM state.
Ending vTPM manufacturing @ Wed 06 Dec 2017 10:03:14 AM CET
- runqemu "qemuparams=-chardev 'socket,id=chrtpm0,cmd=exec
swtpm_oe.sh socket --terminate --ctrl type=unixio,,clientfd=0
--tpmstate dir=... --log level=10,,file=.../swtpm.log --tpm2'
-tpmdev emulator,id=tpm0,chardev=chrtpm0 -device
tpm-tis,tpmdev=tpm0" ...
Beware that the double commas are intentional. They are needed to
embed commas in the "cmd" value.
swtpm_oe.sh is from swtpm-wrappers-native. In the example it is
invoked without the full path for the sake of brevity. In practice,
one has to use the full
path (tmp*/work/*/swtpm-wrappers-native/*/swtpm_oe.sh).
With the TPM2-preview version of swtpm, the same works for TPM2 by
adding the --tpm2 parameter when invoking swtpm_setup_oe.sh and
swtpm_oe.sh.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
qemuppc boots are occasionally hanging on the autobuilder. This adds a
patch which fixes the issue in local testing. Its being discussed with
upstream qemu.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
All CVE patches removed because these are already integrated in 2.10.1.
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix CVE-2017-13672, CVE-2017-13673, CVE-2017-13711, CVE-2017-14167
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13672
https://nvd.nist.gov/vuln/detail/CVE-2017-13673
https://nvd.nist.gov/vuln/detail/CVE-2017-13711
https://nvd.nist.gov/vuln/detail/CVE-2017-14167
Patches from:
CVE-2017-13672:
https://git.qemu.org/?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681
CVE-2017-13673:
https://git.qemu.org/?p=qemu.git;a=commit;h=e65294157d4b69393b3f819c99f4f647452b48e3
CVE-2017-13711:
https://git.qemu.org/?p=qemu.git;a=commit;h=1201d308519f1e915866d7583d5136d03cc1d384
CVE-2017-14167:
https://git.qemu.org/?p=qemu.git;a=commit;h=ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove the following patches since they are unused after qemu update to
2.10:
0001-replace-struct-ucontext-with-ucontext_t-type.patch
CVE-2016-9908.patch
CVE-2016-9912.patch
configure-fix-Darwin-target-detection.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove recipes for older versions.
Remove patches no longer needed.
Modify the patch "add-ptest-in-makefile.patch" for version 2.10.0
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport two patches to fix the following error when booting qemu.
Failed to unlock byte 100
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In order to support Nios2 emulation by QEMU, we need
at least QEMU version 2.9.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a commit from qemu upstream to fix a protection fault
https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removed patch target-ppc-fix-user-mode.patch [1] already on
upstream.
[1] http://git.qemu.org/?p=qemu.git;a=history;f=linux-user/main.c;
h=65a769cf797254a86a7cf589d69e67595a9e1adb;hb=refs/heads/stable-2.8
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
virtio-gpu: memory leakage when destroying gpu resource
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9912
Reference to upstream patch:
http://git.qemu-project.org/?p=qemu.git;a=patch;h=b8e23926c568f2e963af39028b71c472e3023793
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
virtio-gpu: information leakage in virgl_cmd_get_capset
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9908
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This enables the use of swtpm (from meta-security) as a virtual TPM in
qemu. These patches extend the existing support in qemu for TPM
passthrough so that a swtpm daemon can be accessed via CUSE (character
device in user space).
To use this:
- add the meta-security layer including the swtpm enhancements for qemu
- bitbake swtpm-native
- create a TPM instance and initialize it with:
$ mkdir -p my-machine/myvtpm0
$ tmp-glibc/sysroots/x86_64-linux/usr/bin/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
Starting vTPM manufacturing as root:root @ Fri 20 Jan 2017 08:56:18 AM CET
TPM is listening on TCP port 52167.
Successfully created EK.
Successfully authored TPM state.
Ending vTPM manufacturing @ Fri 20 Jan 2017 08:56:19 AM CET
- run swtpm *before each runqemu invocation* (it shuts down after use) and
do it as root (required to set up the /dev/vtpm0 CUSE device):
$ sudo sh -c 'PATH=`pwd`/tmp-glibc/sysroots/x86_64-linux/usr/bin/:`pwd`/tmp-glibc/sysroots/x86_64-linux/usr/sbin/:$PATH; export TPM_PATH=`pwd`/my-machine/myvtpm0; swtpm_cuse -n vtpm0' && sudo chmod a+rw /dev/vtpm0
- run qemu:
$ runqemu 'qemuparams=-tpmdev cuse-tpm,id=tpm0,path=/dev/vtpm0 -device tpm-tis,tpmdev=tpm0' ...
The guest kernel has to have TPM support enabled, which can be done with:
KERNEL_FEATURES_append = " features/tpm/tpm.scc"
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Added patches:
- target-ppc-fix-user-mode.patch
Rebased patches:
- exclude-some-arm-EABI-obsolete-syscalls.patc
Removed patches (already in upstream):
- 0003-fix-CVE-2016-7908.patch
- 0004-fix-CVE-2016-7909.patch
- 0001-target-mips-add-24KEc-CPU-definition.patch
Changelog,
http://wiki.qemu.org/ChangeLog/2.8
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Minor upgrade contains fixes from 2.7.0.
Removed patches (already in upstream):
- 0001-pci-assign-sync-MSI-MSI-X-cap-and-table-with-PCIDevi.patch
- 0001-virtio-zero-vq-inuse-in-virtio_reset.patch
- 0002-fix-CVE-2016-7423.patch
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix iommu pci device assignment failure.
"qemu-system-x86_64: -device pci-assign,host=02:00.0: No IOMMU found.
Unable to assign device "(null)""
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The Makefile in directory tests has been renamed, then update script
run-ptest to follow the change.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patch to fix CVE-2016-7909 of qemu.
Ref:
https://security-tracker.debian.org/tracker/CVE-2016-7909
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patches to fix CVE-2016-7423 and CVE-2016-7908 of qemu.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It is reported in qemu community that VM always exits with:
| 2016-10-17T07:33:40.393592Z qemu-kvm: Virtqueue size exceede
when VM is suspend and resume. Solution from the maintainer of virtio
is to merge following 3 commits:
http://git.qemu.org/?p=qemu.git;a=commit;h=bccdef6
http://git.qemu.org/?p=qemu.git;a=commit;h=58a83c6
http://git.qemu.org/?p=qemu.git;a=commit;h=4b7f91e
The first 2 commits have been merged in qemu 2.7.0. Then apply the
third one.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This upgrade can fix a qemuppc + openssh bug, the ssh connection maybe
refused or closed randomly, and it's not easy to reproduce. RP pointed
that this upgrade can fix the problem, and it does work in my local
testing.
* Update add-ptest-in-makefile.patch
* Drop backported patch 0001-configure-support-vte-2.91.patch
Here is the Changlog:
http://wiki.qemu.org/ChangeLog/2.7
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch has been accepted upstream:
http://lists.nongnu.org/archive/html/qemu-devel/2016-07/msg05778.html
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Enforce the correct tag names across all of oe-core for consistency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|