From 6e277bc261fec36bd264246e2b5fbccd6570b520 Mon Sep 17 00:00:00 2001
From: Markus Volk <f_l_k@t-online.de>
Date: Wed, 21 Sep 2022 18:39:22 +0200
Subject: virglrenderer: upgrade 0.9.1 -> 0.10.3

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 ...son.build-use-python3-directly-for-python.patch |  11 +-
 .../virglrenderer/cve-2022-0135.patch              | 117 ---------------------
 .../virglrenderer/cve-2022-0175.patch              | 107 -------------------
 .../virglrenderer/virglrenderer_0.10.3.bb          |  33 ++++++
 .../virglrenderer/virglrenderer_0.9.1.bb           |  25 -----
 5 files changed, 39 insertions(+), 254 deletions(-)
 delete mode 100644 meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
 delete mode 100644 meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
 create mode 100644 meta/recipes-graphics/virglrenderer/virglrenderer_0.10.3.bb
 delete mode 100644 meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb

(limited to 'meta')

diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/0001-meson.build-use-python3-directly-for-python.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/0001-meson.build-use-python3-directly-for-python.patch
index 0fd1d511d6..8230ba588b 100644
--- a/meta/recipes-graphics/virglrenderer/virglrenderer/0001-meson.build-use-python3-directly-for-python.patch
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/0001-meson.build-use-python3-directly-for-python.patch
@@ -1,4 +1,4 @@
-From 63788c63ed39a3ce9994f4315d8997e1a9300d4d Mon Sep 17 00:00:00 2001
+From c853c9e5c44f1b23a15a7ba629ee02f7d8ec23a0 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Mon, 6 Jan 2020 12:44:42 +0100
 Subject: [PATCH] meson.build: use 'python3' directly for python
@@ -8,17 +8,18 @@ its configuration).
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
 ---
  meson.build | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/meson.build b/meson.build
-index 682d7c8..19d2eae 100644
+index 13d95bb..b241eb2 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -60,7 +60,7 @@ foreach w : warnings
-    endif
- endforeach
+@@ -64,7 +64,7 @@ flags = [
+ 
+ add_project_arguments(cc.get_supported_arguments(flags), language : 'c')
  
 -prog_python = import('python').find_installation('python3')
 +prog_python = 'python3'
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
deleted file mode 100644
index ae42dc8f6c..0000000000
--- a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 63aee871365f9c9e7fa9125672302a0fb250d34d Mon Sep 17 00:00:00 2001
-From: Gert Wollny <gert.wollny@collabora.com>
-Date: Tue, 30 Nov 2021 09:16:24 +0100
-Subject: [PATCH 2/2] vrend: propperly check whether the shader image range is
- correct
-
-Also add a test to check the integer underflow.
-
-Closes: #251
-Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
-Reviewed-by: Chia-I Wu <olvaffe@gmail.com>
-
-cherry-pick from anongit.freedesktop.org/virglrenderer
-commit 2aed5d4...
-
-CVE: CVE-2022-0135
-Upstream-Status: Backport
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-
----
- src/vrend_decode.c          |  3 +-
- tests/test_fuzzer_formats.c | 57 +++++++++++++++++++++++++++++++++++++
- 2 files changed, 59 insertions(+), 1 deletion(-)
-
-diff --git a/src/vrend_decode.c b/src/vrend_decode.c
-index 91f5f24..6771b10 100644
---- a/src/vrend_decode.c
-+++ b/src/vrend_decode.c
-@@ -1249,8 +1249,9 @@ static int vrend_decode_set_shader_images(struct vrend_context *ctx, const uint3
-    if (num_images < 1) {
-       return 0;
-    }
-+
-    if (start_slot > PIPE_MAX_SHADER_IMAGES ||
--       start_slot > PIPE_MAX_SHADER_IMAGES - num_images)
-+       start_slot + num_images > PIPE_MAX_SHADER_IMAGES)
-       return EINVAL;
- 
-    for (uint32_t i = 0; i < num_images; i++) {
-diff --git a/tests/test_fuzzer_formats.c b/tests/test_fuzzer_formats.c
-index 154a2e5..e32caf0 100644
---- a/tests/test_fuzzer_formats.c
-+++ b/tests/test_fuzzer_formats.c
-@@ -958,6 +958,61 @@ static void test_vrend_set_signle_abo_heap_overflow() {
-     virgl_renderer_submit_cmd((void *) cmd, ctx_id, 0xde);
- }
- 
-+static void test_vrend_set_shader_images_overflow()
-+{
-+    uint32_t num_shaders = PIPE_MAX_SHADER_IMAGES + 1;
-+    uint32_t size = num_shaders * VIRGL_SET_SHADER_IMAGE_ELEMENT_SIZE + 3;
-+    uint32_t cmd[size];
-+    int i = 0;
-+    cmd[i++] = ((size - 1)<< 16) | 0 << 8 | VIRGL_CCMD_SET_SHADER_IMAGES;
-+    cmd[i++] = PIPE_SHADER_FRAGMENT;
-+    memset(&cmd[i], 0, size - i);
-+
-+    virgl_renderer_submit_cmd((void *) cmd, ctx_id, size);
-+}
-+
-+/* Test adapted from yaojun8558363@gmail.com:
-+ * https://gitlab.freedesktop.org/virgl/virglrenderer/-/issues/250
-+*/
-+static void test_vrend_3d_resource_overflow() {
-+
-+    struct virgl_renderer_resource_create_args resource;
-+    resource.handle = 0x4c474572;
-+    resource.target = PIPE_TEXTURE_2D_ARRAY;
-+    resource.format = VIRGL_FORMAT_Z24X8_UNORM;
-+    resource.nr_samples = 2;
-+    resource.last_level = 0;
-+    resource.array_size = 3;
-+    resource.bind = VIRGL_BIND_SAMPLER_VIEW;
-+    resource.depth = 1;
-+    resource.width = 8;
-+    resource.height = 4;
-+    resource.flags = 0;
-+
-+    virgl_renderer_resource_create(&resource, NULL, 0);
-+    virgl_renderer_ctx_attach_resource(ctx_id, resource.handle);
-+
-+    uint32_t size = 0x400;
-+    uint32_t cmd[size];
-+    int i = 0;
-+    cmd[i++] = (size - 1) << 16 | 0 << 8 | VIRGL_CCMD_RESOURCE_INLINE_WRITE;
-+    cmd[i++] = resource.handle;
-+    cmd[i++] = 0; // level
-+    cmd[i++] = 0; // usage
-+    cmd[i++] = 0; // stride
-+    cmd[i++] = 0; // layer_stride
-+    cmd[i++] = 0; // x
-+    cmd[i++] = 0; // y
-+    cmd[i++] = 0; // z
-+    cmd[i++] = 8; // w
-+    cmd[i++] = 4; // h
-+    cmd[i++] = 3; // d
-+    memset(&cmd[i], 0, size - i);
-+
-+    virgl_renderer_submit_cmd((void *) cmd, ctx_id, size);
-+}
-+
-+
- int main()
- {
-    initialize_environment();
-@@ -980,6 +1035,8 @@ int main()
-    test_cs_nullpointer_deference();
-    test_vrend_set_signle_abo_heap_overflow();
- 
-+   test_vrend_set_shader_images_overflow();
-+   test_vrend_3d_resource_overflow();
- 
-    virgl_renderer_context_destroy(ctx_id);
-    virgl_renderer_cleanup(&cookie);
--- 
-2.25.1
-
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
deleted file mode 100644
index 7fbab75091..0000000000
--- a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 5ca7aca001092c557f0b6fc1ba3db7dcdab860b7 Mon Sep 17 00:00:00 2001
-From: Gert Wollny <gert.wollny@collabora.com>
-Date: Tue, 30 Nov 2021 09:29:42 +0100
-Subject: [PATCH 1/2] vrend: clear memory when allocating a host-backed memory
- resource
-
-Closes: #249
-Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
-Reviewed-by: Chia-I Wu <olvaffe@gmail.com>
-
-cherry-pick from anongit.freedesktop.org/virglrenderer
-commit b05bb61...
-
-CVE: CVE-2022-0175
-Upstream-Status: Backport
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-
----
- src/vrend_renderer.c        |  2 +-
- tests/test_virgl_transfer.c | 51 +++++++++++++++++++++++++++++++++++++
- 2 files changed, 52 insertions(+), 1 deletion(-)
-
-diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
-index b8b2a36..2650cf2 100644
---- a/src/vrend_renderer.c
-+++ b/src/vrend_renderer.c
-@@ -6788,7 +6788,7 @@ vrend_resource_alloc_buffer(struct vrend_resource *gr, uint32_t flags)
-    if (bind == VIRGL_BIND_CUSTOM) {
-       /* use iovec directly when attached */
-       gr->storage_bits |= VREND_STORAGE_HOST_SYSTEM_MEMORY;
--      gr->ptr = malloc(size);
-+      gr->ptr = calloc(1, size);
-       if (!gr->ptr)
-          return -ENOMEM;
-    } else if (bind == VIRGL_BIND_STAGING) {
-diff --git a/tests/test_virgl_transfer.c b/tests/test_virgl_transfer.c
-index bf7f438..3c53c3d 100644
---- a/tests/test_virgl_transfer.c
-+++ b/tests/test_virgl_transfer.c
-@@ -952,6 +952,56 @@ START_TEST(virgl_test_transfer_near_res_bounds_with_stride_succeeds)
- }
- END_TEST
- 
-+START_TEST(test_vrend_host_backed_memory_no_data_leak)
-+{
-+   struct iovec iovs[1];
-+   int niovs = 1;
-+
-+   struct virgl_context ctx = {0};
-+
-+   int ret = testvirgl_init_ctx_cmdbuf(&ctx);
-+
-+   struct virgl_renderer_resource_create_args res;
-+   res.handle = 0x400;
-+   res.target = PIPE_BUFFER;
-+   res.format = VIRGL_FORMAT_R8_UNORM;
-+   res.nr_samples = 0;
-+   res.last_level = 0;
-+   res.array_size = 1;
-+   res.bind = VIRGL_BIND_CUSTOM;
-+   res.depth = 1;
-+   res.width = 32;
-+   res.height = 1;
-+   res.flags = 0;
-+
-+   uint32_t size = 32;
-+   uint8_t* data = calloc(1, size);
-+   memset(data, 1, 32);
-+   iovs[0].iov_base = data;
-+   iovs[0].iov_len = size;
-+
-+   struct pipe_box box = {0,0,0, size, 1,1};
-+
-+   virgl_renderer_resource_create(&res, NULL, 0);
-+   virgl_renderer_ctx_attach_resource(ctx.ctx_id, res.handle);
-+
-+   ret = virgl_renderer_transfer_read_iov(res.handle, ctx.ctx_id, 0, 0, 0,
-+                                          (struct virgl_box *)&box, 0, iovs, niovs);
-+
-+   ck_assert_int_eq(ret, 0);
-+
-+   for (int i = 0; i < 32; ++i)
-+      ck_assert_int_eq(data[i], 0);
-+
-+   virgl_renderer_ctx_detach_resource(1, res.handle);
-+
-+   virgl_renderer_resource_unref(res.handle);
-+   free(data);
-+
-+}
-+END_TEST
-+
-+
- static Suite *virgl_init_suite(void)
- {
-   Suite *s;
-@@ -981,6 +1031,7 @@ static Suite *virgl_init_suite(void)
-   tcase_add_test(tc_core, virgl_test_transfer_buffer_bad_strides);
-   tcase_add_test(tc_core, virgl_test_transfer_2d_array_bad_layer_stride);
-   tcase_add_test(tc_core, virgl_test_transfer_2d_bad_level);
-+  tcase_add_test(tc_core, test_vrend_host_backed_memory_no_data_leak);
- 
-   tcase_add_loop_test(tc_core, virgl_test_transfer_res_read_valid, 0, PIPE_MAX_TEXTURE_TYPES);
-   tcase_add_loop_test(tc_core, virgl_test_transfer_res_write_valid, 0, PIPE_MAX_TEXTURE_TYPES);
--- 
-2.25.1
-
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.10.3.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.10.3.bb
new file mode 100644
index 0000000000..567c62b570
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer_0.10.3.bb
@@ -0,0 +1,33 @@
+SUMMARY = "VirGL virtual OpenGL renderer"
+DESCRIPTION = "Virgil is a research project to investigate the possibility of \
+creating a virtual 3D GPU for use inside qemu virtual machines, that allows \
+the guest operating system to use the capabilities of the host GPU to \
+accelerate 3D rendering."
+HOMEPAGE = "https://virgil3d.github.io/"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=c81c08eeefd9418fca8f88309a76db10"
+
+DEPENDS = "libdrm libepoxy virtual/egl virtual/libgbm"
+SRCREV = "0922041ec6730122e0fec11404e6859e2efc4bc0"
+SRC_URI = "git://gitlab.freedesktop.org/virgl/virglrenderer.git;branch=master \
+           file://0001-meson.build-use-python3-directly-for-python.patch \
+           "
+
+S = "${WORKDIR}/git"
+
+inherit meson pkgconfig features_check
+
+PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'vulkan', 'venus-experimental', '', d)}"
+
+PACKAGECONFIG[venus-experimental] = "-Dvenus-experimental=true,-Dvenus-experimental=false,vulkan-loader vulkan-headers"
+PACKAGECONFIG[va] = "-Dvideo=true,-Dvideo=false,libva"
+PACKAGECONFIG[render-server] = "-Drender-server=true,-Drender-server=false"
+PACKAGECONFIG[drm-msm-experimental] = "-Ddrm-msm-experimental=true,-Ddrm-msm-experimental=false"
+PACKAGECONFIG[minigbm_allocation] = "-Dminigbm_allocation=true,-Dminigbm_allocation=false"
+PACKAGECONFIG[venus-validate] = "-Dvenus-validate=true,-Dvenus-validate=false"
+PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,libcheck"
+
+BBCLASSEXTEND = "native nativesdk"
+
+REQUIRED_DISTRO_FEATURES = "opengl"
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
deleted file mode 100644
index ad3688e300..0000000000
--- a/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
+++ /dev/null
@@ -1,25 +0,0 @@
-SUMMARY = "VirGL virtual OpenGL renderer"
-DESCRIPTION = "Virgil is a research project to investigate the possibility of \
-creating a virtual 3D GPU for use inside qemu virtual machines, that allows \
-the guest operating system to use the capabilities of the host GPU to \
-accelerate 3D rendering."
-HOMEPAGE = "https://virgil3d.github.io/"
-
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=c81c08eeefd9418fca8f88309a76db10"
-
-DEPENDS = "libdrm virtual/egl virtual/libgbm libepoxy"
-SRCREV = "363915595e05fb252e70d6514be2f0c0b5ca312b"
-SRC_URI = "git://anongit.freedesktop.org/git/virglrenderer;branch=branch-0.9.1 \
-           file://0001-meson.build-use-python3-directly-for-python.patch \
-           file://cve-2022-0135.patch \
-           file://cve-2022-0175.patch \
-           "
-
-S = "${WORKDIR}/git"
-
-inherit meson pkgconfig features_check
-
-BBCLASSEXTEND = "native nativesdk"
-
-REQUIRED_DISTRO_FEATURES = "opengl"
-- 
cgit 1.2.3-korg