diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu')
37 files changed, 1734 insertions, 1030 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch deleted file mode 100644 index 1304ee3bfd..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch +++ /dev/null @@ -1,29 +0,0 @@ -From b921e5204030845dc7c9d16d5f66d965e8d05367 Mon Sep 17 00:00:00 2001 -From: Jeremy Puhlman <jpuhlman@mvista.com> -Date: Thu, 19 Mar 2020 11:54:26 -0700 -Subject: [PATCH] Add enable/disable libudev - -Upstream-Status: Pending -Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> - -[update patch context] -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - configure | 4 ++++ - 1 file changed, 4 insertions(+) - -Index: qemu-5.1.0/configure -=================================================================== ---- qemu-5.1.0.orig/configure -+++ qemu-5.1.0/configure -@@ -1640,6 +1640,10 @@ for opt do - ;; - --disable-libdaxctl) libdaxctl=no - ;; -+ --enable-libudev) libudev="yes" -+ ;; -+ --disable-libudev) libudev="no" -+ ;; - *) - echo "ERROR: unknown option $opt" - echo "Try '$0 --help' for more information" diff --git a/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch b/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch new file mode 100644 index 0000000000..2eaebe883c --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch @@ -0,0 +1,56 @@ +From 4517e2046610722879761bcdb60edbb2b929c848 Mon Sep 17 00:00:00 2001 +From: Richard Henderson <richard.henderson@linaro.org> +Date: Wed, 28 Feb 2024 10:25:14 -1000 +Subject: [PATCH 1/5] linux-user/x86_64: Handle the vsyscall page in + open_self_maps_{2,4} + +This is the only case in which we expect to have no host memory backing +for a guest memory page, because in general linux user processes cannot +map any pages in the top half of the 64-bit address space. + +Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html] + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2170 +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +--- + linux-user/syscall.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index a114f29a8..8307a8a61 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -7922,6 +7922,10 @@ static void open_self_maps_4(const struct open_self_maps_data *d, + path = "[heap]"; + } else if (start == info->vdso) { + path = "[vdso]"; ++#ifdef TARGET_X86_64 ++ } else if (start == TARGET_VSYSCALL_PAGE) { ++ path = "[vsyscall]"; ++#endif + } + + /* Except null device (MAP_ANON), adjust offset for this fragment. */ +@@ -8010,6 +8014,18 @@ static int open_self_maps_2(void *opaque, target_ulong guest_start, + uintptr_t host_start = (uintptr_t)g2h_untagged(guest_start); + uintptr_t host_last = (uintptr_t)g2h_untagged(guest_end - 1); + ++#ifdef TARGET_X86_64 ++ /* ++ * Because of the extremely high position of the page within the guest ++ * virtual address space, this is not backed by host memory at all. ++ * Therefore the loop below would fail. This is the only instance ++ * of not having host backing memory. ++ */ ++ if (guest_start == TARGET_VSYSCALL_PAGE) { ++ return open_self_maps_3(opaque, guest_start, guest_end, flags); ++ } ++#endif ++ + while (1) { + IntervalTreeNode *n = + interval_tree_iter_first(d->host_maps, host_start, host_start); +-- +2.34.1 + diff --git a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch index 33cef42217..c65508017d 100644 --- a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch +++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch @@ -1,7 +1,7 @@ -From ce1eceab2350d27960ec254650717085f6a11c9a Mon Sep 17 00:00:00 2001 +From de64af82950a6908f9407dfc92b83c17e2af3eab Mon Sep 17 00:00:00 2001 From: Jason Wessel <jason.wessel@windriver.com> Date: Fri, 28 Mar 2014 17:42:43 +0800 -Subject: [PATCH] qemu: Add addition environment space to boot loader +Subject: [PATCH 01/12] qemu: Add addition environment space to boot loader qemu-system-mips Upstream-Status: Inappropriate - OE uses deep paths @@ -18,13 +18,13 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com> hw/mips/malta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: qemu-5.1.0/hw/mips/malta.c +Index: qemu-8.0.0/hw/mips/malta.c =================================================================== ---- qemu-5.1.0.orig/hw/mips/malta.c -+++ qemu-5.1.0/hw/mips/malta.c -@@ -59,7 +59,7 @@ - - #define ENVP_ADDR 0x80002000l +--- qemu-8.0.0.orig/hw/mips/malta.c ++++ qemu-8.0.0/hw/mips/malta.c +@@ -64,7 +64,7 @@ + #define ENVP_PADDR 0x2000 + #define ENVP_VADDR cpu_mips_phys_to_kseg0(NULL, ENVP_PADDR) #define ENVP_NB_ENTRIES 16 -#define ENVP_ENTRY_SIZE 256 +#define ENVP_ENTRY_SIZE 1024 diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch deleted file mode 100644 index 46c9da08a5..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 883feb43129dc39b491e492c7ccfe89aefe53c44 Mon Sep 17 00:00:00 2001 -From: Richard Purdie <richard.purdie@linuxfoundation.org> -Date: Thu, 27 Nov 2014 14:04:29 +0000 -Subject: [PATCH] qemu: Add missing wacom HID descriptor - -The USB wacom device is missing a HID descriptor which causes it -to fail to operate with recent kernels (e.g. 3.17). - -This patch adds a HID desriptor to the device, based upon one from -real wcom device. - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> - -Upstream-Status: Submitted -2014/11/27 - -[update patch context] -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 93 insertions(+), 1 deletion(-) - -Index: qemu-5.1.0/hw/usb/dev-wacom.c -=================================================================== ---- qemu-5.1.0.orig/hw/usb/dev-wacom.c -+++ qemu-5.1.0/hw/usb/dev-wacom.c -@@ -74,6 +74,89 @@ static const USBDescStrings desc_strings - [STR_SERIALNUMBER] = "1", - }; - -+static const uint8_t qemu_tablet_hid_report_descriptor[] = { -+ 0x05, 0x01, /* Usage Page (Generic Desktop) */ -+ 0x09, 0x02, /* Usage (Mouse) */ -+ 0xa1, 0x01, /* Collection (Application) */ -+ 0x85, 0x01, /* Report ID (1) */ -+ 0x09, 0x01, /* Usage (Pointer) */ -+ 0xa1, 0x00, /* Collection (Physical) */ -+ 0x05, 0x09, /* Usage Page (Button) */ -+ 0x19, 0x01, /* Usage Minimum (1) */ -+ 0x29, 0x05, /* Usage Maximum (5) */ -+ 0x15, 0x00, /* Logical Minimum (0) */ -+ 0x25, 0x01, /* Logical Maximum (1) */ -+ 0x95, 0x05, /* Report Count (5) */ -+ 0x75, 0x01, /* Report Size (1) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x95, 0x01, /* Report Count (1) */ -+ 0x75, 0x03, /* Report Size (3) */ -+ 0x81, 0x01, /* Input (Constant) */ -+ 0x05, 0x01, /* Usage Page (Generic Desktop) */ -+ 0x09, 0x30, /* Usage (X) */ -+ 0x09, 0x31, /* Usage (Y) */ -+ 0x15, 0x81, /* Logical Minimum (-127) */ -+ 0x25, 0x7f, /* Logical Maximum (127) */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x02, /* Report Count (2) */ -+ 0x81, 0x06, /* Input (Data, Variable, Relative) */ -+ 0xc0, /* End Collection */ -+ 0xc0, /* End Collection */ -+ 0x05, 0x0d, /* Usage Page (Digitizer) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0xa1, 0x01, /* Collection (Application) */ -+ 0x85, 0x02, /* Report ID (2) */ -+ 0xa1, 0x00, /* Collection (Physical) */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x15, 0x00, /* Logical Minimum (0) */ -+ 0x26, 0xff, 0x00, /* Logical Maximum (255) */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x08, /* Report Count (8) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0xc0, /* End Collection */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x85, 0x02, /* Report ID (2) */ -+ 0x95, 0x01, /* Report Count (1) */ -+ 0xb1, 0x02, /* FEATURE (2) */ -+ 0xc0, /* End Collection */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0xa1, 0x01, /* Collection (Application) */ -+ 0x85, 0x02, /* Report ID (2) */ -+ 0x05, 0x0d, /* Usage Page (Digitizer) */ -+ 0x09, 0x22, /* Usage (Finger) */ -+ 0xa1, 0x00, /* Collection (Physical) */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x15, 0x00, /* Logical Minimum (0) */ -+ 0x26, 0xff, 0x00, /* Logical Maximum */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x02, /* Report Count (2) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x05, 0x01, /* Usage Page (Generic Desktop) */ -+ 0x09, 0x30, /* Usage (X) */ -+ 0x35, 0x00, /* Physical Minimum */ -+ 0x46, 0xe0, 0x2e, /* Physical Maximum */ -+ 0x26, 0xe0, 0x01, /* Logical Maximum */ -+ 0x75, 0x10, /* Report Size (16) */ -+ 0x95, 0x01, /* Report Count (1) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x09, 0x31, /* Usage (Y) */ -+ 0x46, 0x40, 0x1f, /* Physical Maximum */ -+ 0x26, 0x40, 0x01, /* Logical Maximum */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x26, 0xff, 0x00, /* Logical Maximum */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x0d, /* Report Count (13) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0xc0, /* End Collection */ -+ 0xc0, /* End Collection */ -+}; -+ -+ - static const USBDescIface desc_iface_wacom = { - .bInterfaceNumber = 0, - .bNumEndpoints = 1, -@@ -91,7 +174,7 @@ static const USBDescIface desc_iface_wac - 0x00, /* u8 country_code */ - 0x01, /* u8 num_descriptors */ - 0x22, /* u8 type: Report */ -- 0x6e, 0, /* u16 len */ -+ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ - }, - }, - }, -@@ -271,6 +354,15 @@ static void usb_wacom_handle_control(USB - } - - switch (request) { -+ case InterfaceRequest | USB_REQ_GET_DESCRIPTOR: -+ switch (value >> 8) { -+ case 0x22: -+ memcpy(data, qemu_tablet_hid_report_descriptor, -+ sizeof(qemu_tablet_hid_report_descriptor)); -+ p->actual_length = sizeof(qemu_tablet_hid_report_descriptor); -+ break; -+ } -+ break; - case WACOM_SET_REPORT: - if (s->mouse_grabbed) { - qemu_remove_mouse_event_handler(s->eh_entry); diff --git a/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch b/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch deleted file mode 100644 index 5227b7cbd2..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 68fa519a6cb455005317bd61f95214b58b2f1e69 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org> -Date: Fri, 16 Oct 2020 15:20:37 +0200 -Subject: [PATCH] target/mips: Increase number of TLB entries on the 34Kf core - (16 -> 64) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Per "MIPS32 34K Processor Core Family Software User's Manual, -Revision 01.13" page 8 in "Joint TLB (JTLB)" section: - - "The JTLB is a fully associative TLB cache containing 16, 32, - or 64-dual-entries mapping up to 128 virtual pages to their - corresponding physical addresses." - -There is no particular reason to restrict the 34Kf core model to -16 TLB entries, so raise its config to 64. - -This is helpful for other projects, in particular the Yocto Project: - - Yocto Project uses qemu-system-mips 34Kf cpu model, to run 32bit - MIPS CI loop. It was observed that in this case CI test execution - time was almost twice longer than 64bit MIPS variant that runs - under MIPS64R2-generic model. It was investigated and concluded - that the difference in number of TLBs 16 in 34Kf case vs 64 in - MIPS64R2-generic is responsible for most of CI real time execution - difference. Because with 16 TLBs linux user-land trashes TLB more - and it needs to execute more instructions in TLB refill handler - calls, as result it runs much longer. - -(https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03428.html) - -Buglink: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13992 -Reported-by: Victor Kamensky <kamensky@cisco.com> -Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -Reviewed-by: Richard Henderson <richard.henderson@linaro.org> -Message-Id: <20201016133317.553068-1-f4bug@amsat.org> - -Upstream-Status: Backport [https://github.com/qemu/qemu/commit/68fa519a6cb455005317bd61f95214b58b2f1e69] -Signed-off-by: Victor Kamensky <kamensky@cisco.com> - ---- - target/mips/translate_init.c.inc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: qemu-5.1.0/target/mips/translate_init.inc.c -=================================================================== ---- qemu-5.1.0.orig/target/mips/translate_init.inc.c -+++ qemu-5.1.0/target/mips/translate_init.inc.c -@@ -254,7 +254,7 @@ const mips_def_t mips_defs[] = - .CP0_PRid = 0x00019500, - .CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) | - (MMU_TYPE_R4000 << CP0C0_MT), -- .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (15 << CP0C1_MMU) | -+ .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (63 << CP0C1_MMU) | - (0 << CP0C1_IS) | (3 << CP0C1_IL) | (1 << CP0C1_IA) | - (0 << CP0C1_DS) | (3 << CP0C1_DL) | (1 << CP0C1_DA) | - (1 << CP0C1_CA), diff --git a/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch deleted file mode 100644 index f379948f14..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5da6cef7761157a003e7ebde74fb3cf90ab396d9 Mon Sep 17 00:00:00 2001 -From: Juro Bystricky <juro.bystricky@intel.com> -Date: Thu, 31 Aug 2017 11:06:56 -0700 -Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for - qemu. - -Upstream-Status: Pending - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> - -[update patch context] -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - tests/Makefile.include | 8 ++++++++ - 1 file changed, 8 insertions(+) - -Index: qemu-5.1.0/tests/Makefile.include -=================================================================== ---- qemu-5.1.0.orig/tests/Makefile.include -+++ qemu-5.1.0/tests/Makefile.include -@@ -982,4 +982,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) - -include $(wildcard tests/qtest/*.d) - -include $(wildcard tests/qtest/libqos/*.d) - -+buildtest-TESTS: $(check-unit-y) -+ -+runtest-TESTS: -+ for f in $(check-unit-y); do \ -+ nf=$$(echo $$f | sed 's/tests\//\.\//g'); \ -+ $$nf; \ -+ done -+ - endif diff --git a/meta/recipes-devtools/qemu/qemu/0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch b/meta/recipes-devtools/qemu/qemu/0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch new file mode 100644 index 0000000000..ceae67be64 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0002-linux-user-Replace-use-of-lfs64-related-functions-an.patch @@ -0,0 +1,355 @@ +From 71f14902256e3c3529710b713e1ea43100bf4c40 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 17 Dec 2022 08:37:46 -0800 +Subject: [PATCH 2/2] linux-user: Replace use of lfs64 related functions and + macros + +Builds defines -D_FILE_OFFSET_BITS=64 which makes the original functions +anf macros behave same as their 64 suffixed counterparts. This also +helps in compiling with latest musl C library, where these macros and +functions are no more available under _GNU_SOURCE feature macro + +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2022-12/msg02841.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Cc: Laurent Vivier <laurent@vivier.eu> +--- + linux-user/syscall.c | 153 +++++++++++-------------------------------- + 1 file changed, 39 insertions(+), 114 deletions(-) + +Index: qemu-8.0.0/linux-user/syscall.c +=================================================================== +--- qemu-8.0.0.orig/linux-user/syscall.c ++++ qemu-8.0.0/linux-user/syscall.c +@@ -761,8 +761,8 @@ safe_syscall6(ssize_t, copy_file_range, + */ + #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__) + /* Similarly for fcntl. Note that callers must always: +- * pass the F_GETLK64 etc constants rather than the unsuffixed F_GETLK +- * use the flock64 struct rather than unsuffixed flock ++ * pass the F_GETLK etc constants rather than the unsuffixed F_GETLK ++ * use the flock struct rather than unsuffixed flock + * This will then work and use a 64-bit offset for both 32-bit and 64-bit hosts. + */ + #ifdef __NR_fcntl64 +@@ -6813,13 +6813,13 @@ static int target_to_host_fcntl_cmd(int + ret = cmd; + break; + case TARGET_F_GETLK: +- ret = F_GETLK64; ++ ret = F_GETLK; + break; + case TARGET_F_SETLK: +- ret = F_SETLK64; ++ ret = F_SETLK; + break; + case TARGET_F_SETLKW: +- ret = F_SETLKW64; ++ ret = F_SETLKW; + break; + case TARGET_F_GETOWN: + ret = F_GETOWN; +@@ -6833,17 +6833,6 @@ static int target_to_host_fcntl_cmd(int + case TARGET_F_SETSIG: + ret = F_SETSIG; + break; +-#if TARGET_ABI_BITS == 32 +- case TARGET_F_GETLK64: +- ret = F_GETLK64; +- break; +- case TARGET_F_SETLK64: +- ret = F_SETLK64; +- break; +- case TARGET_F_SETLKW64: +- ret = F_SETLKW64; +- break; +-#endif + case TARGET_F_SETLEASE: + ret = F_SETLEASE; + break; +@@ -6895,8 +6884,8 @@ static int target_to_host_fcntl_cmd(int + * them to 5, 6 and 7 before making the syscall(). Since we make the + * syscall directly, adjust to what is supported by the kernel. + */ +- if (ret >= F_GETLK64 && ret <= F_SETLKW64) { +- ret -= F_GETLK64 - 5; ++ if (ret >= F_GETLK && ret <= F_SETLKW) { ++ ret -= F_GETLK - 5; + } + #endif + +@@ -6929,55 +6918,11 @@ static int host_to_target_flock(int type + return type; + } + +-static inline abi_long copy_from_user_flock(struct flock64 *fl, +- abi_ulong target_flock_addr) +-{ +- struct target_flock *target_fl; +- int l_type; +- +- if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) { +- return -TARGET_EFAULT; +- } +- +- __get_user(l_type, &target_fl->l_type); +- l_type = target_to_host_flock(l_type); +- if (l_type < 0) { +- return l_type; +- } +- fl->l_type = l_type; +- __get_user(fl->l_whence, &target_fl->l_whence); +- __get_user(fl->l_start, &target_fl->l_start); +- __get_user(fl->l_len, &target_fl->l_len); +- __get_user(fl->l_pid, &target_fl->l_pid); +- unlock_user_struct(target_fl, target_flock_addr, 0); +- return 0; +-} +- +-static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr, +- const struct flock64 *fl) +-{ +- struct target_flock *target_fl; +- short l_type; +- +- if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) { +- return -TARGET_EFAULT; +- } +- +- l_type = host_to_target_flock(fl->l_type); +- __put_user(l_type, &target_fl->l_type); +- __put_user(fl->l_whence, &target_fl->l_whence); +- __put_user(fl->l_start, &target_fl->l_start); +- __put_user(fl->l_len, &target_fl->l_len); +- __put_user(fl->l_pid, &target_fl->l_pid); +- unlock_user_struct(target_fl, target_flock_addr, 1); +- return 0; +-} +- +-typedef abi_long from_flock64_fn(struct flock64 *fl, abi_ulong target_addr); +-typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock64 *fl); ++typedef abi_long from_flock_fn(struct flock *fl, abi_ulong target_addr); ++typedef abi_long to_flock_fn(abi_ulong target_addr, const struct flock *fl); + + #if defined(TARGET_ARM) && TARGET_ABI_BITS == 32 +-struct target_oabi_flock64 { ++struct target_oabi_flock { + abi_short l_type; + abi_short l_whence; + abi_llong l_start; +@@ -6985,10 +6930,10 @@ struct target_oabi_flock64 { + abi_int l_pid; + } QEMU_PACKED; + +-static inline abi_long copy_from_user_oabi_flock64(struct flock64 *fl, ++static inline abi_long copy_from_user_oabi_flock(struct flock *fl, + abi_ulong target_flock_addr) + { +- struct target_oabi_flock64 *target_fl; ++ struct target_oabi_flock *target_fl; + int l_type; + + if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) { +@@ -7009,10 +6954,10 @@ static inline abi_long copy_from_user_oa + return 0; + } + +-static inline abi_long copy_to_user_oabi_flock64(abi_ulong target_flock_addr, +- const struct flock64 *fl) ++static inline abi_long copy_to_user_oabi_flock(abi_ulong target_flock_addr, ++ const struct flock *fl) + { +- struct target_oabi_flock64 *target_fl; ++ struct target_oabi_flock *target_fl; + short l_type; + + if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) { +@@ -7030,10 +6975,10 @@ static inline abi_long copy_to_user_oabi + } + #endif + +-static inline abi_long copy_from_user_flock64(struct flock64 *fl, ++static inline abi_long copy_from_user_flock(struct flock *fl, + abi_ulong target_flock_addr) + { +- struct target_flock64 *target_fl; ++ struct target_flock *target_fl; + int l_type; + + if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) { +@@ -7054,10 +6999,10 @@ static inline abi_long copy_from_user_fl + return 0; + } + +-static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr, +- const struct flock64 *fl) ++static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr, ++ const struct flock *fl) + { +- struct target_flock64 *target_fl; ++ struct target_flock *target_fl; + short l_type; + + if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) { +@@ -7076,7 +7021,7 @@ static inline abi_long copy_to_user_floc + + static abi_long do_fcntl(int fd, int cmd, abi_ulong arg) + { +- struct flock64 fl64; ++ struct flock fl64; + #ifdef F_GETOWN_EX + struct f_owner_ex fox; + struct target_f_owner_ex *target_fox; +@@ -7089,6 +7034,7 @@ static abi_long do_fcntl(int fd, int cmd + + switch(cmd) { + case TARGET_F_GETLK: ++ case TARGET_F_OFD_GETLK: + ret = copy_from_user_flock(&fl64, arg); + if (ret) { + return ret; +@@ -7098,32 +7044,11 @@ static abi_long do_fcntl(int fd, int cmd + ret = copy_to_user_flock(arg, &fl64); + } + break; +- + case TARGET_F_SETLK: + case TARGET_F_SETLKW: +- ret = copy_from_user_flock(&fl64, arg); +- if (ret) { +- return ret; +- } +- ret = get_errno(safe_fcntl(fd, host_cmd, &fl64)); +- break; +- +- case TARGET_F_GETLK64: +- case TARGET_F_OFD_GETLK: +- ret = copy_from_user_flock64(&fl64, arg); +- if (ret) { +- return ret; +- } +- ret = get_errno(safe_fcntl(fd, host_cmd, &fl64)); +- if (ret == 0) { +- ret = copy_to_user_flock64(arg, &fl64); +- } +- break; +- case TARGET_F_SETLK64: +- case TARGET_F_SETLKW64: + case TARGET_F_OFD_SETLK: + case TARGET_F_OFD_SETLKW: +- ret = copy_from_user_flock64(&fl64, arg); ++ ret = copy_from_user_flock(&fl64, arg); + if (ret) { + return ret; + } +@@ -7348,7 +7273,7 @@ static inline abi_long target_truncate64 + arg2 = arg3; + arg3 = arg4; + } +- return get_errno(truncate64(arg1, target_offset64(arg2, arg3))); ++ return get_errno(truncate(arg1, target_offset64(arg2, arg3))); + } + #endif + +@@ -7362,7 +7287,7 @@ static inline abi_long target_ftruncate6 + arg2 = arg3; + arg3 = arg4; + } +- return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3))); ++ return get_errno(ftruncate(arg1, target_offset64(arg2, arg3))); + } + #endif + +@@ -8598,7 +8523,7 @@ static int do_getdents(abi_long dirfd, a + void *tdirp; + int hlen, hoff, toff; + int hreclen, treclen; +- off64_t prev_diroff = 0; ++ off_t prev_diroff = 0; + + hdirp = g_try_malloc(count); + if (!hdirp) { +@@ -8651,7 +8576,7 @@ static int do_getdents(abi_long dirfd, a + * Return what we have, resetting the file pointer to the + * location of the first record not returned. + */ +- lseek64(dirfd, prev_diroff, SEEK_SET); ++ lseek(dirfd, prev_diroff, SEEK_SET); + break; + } + +@@ -8685,7 +8610,7 @@ static int do_getdents64(abi_long dirfd, + void *tdirp; + int hlen, hoff, toff; + int hreclen, treclen; +- off64_t prev_diroff = 0; ++ off_t prev_diroff = 0; + + hdirp = g_try_malloc(count); + if (!hdirp) { +@@ -8727,7 +8652,7 @@ static int do_getdents64(abi_long dirfd, + * Return what we have, resetting the file pointer to the + * location of the first record not returned. + */ +- lseek64(dirfd, prev_diroff, SEEK_SET); ++ lseek(dirfd, prev_diroff, SEEK_SET); + break; + } + +@@ -11158,7 +11083,7 @@ static abi_long do_syscall1(CPUArchState + return -TARGET_EFAULT; + } + } +- ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5))); ++ ret = get_errno(pread(arg1, p, arg3, target_offset64(arg4, arg5))); + unlock_user(p, arg2, ret); + return ret; + case TARGET_NR_pwrite64: +@@ -11175,7 +11100,7 @@ static abi_long do_syscall1(CPUArchState + return -TARGET_EFAULT; + } + } +- ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5))); ++ ret = get_errno(pwrite(arg1, p, arg3, target_offset64(arg4, arg5))); + unlock_user(p, arg2, 0); + return ret; + #endif +@@ -11998,14 +11923,14 @@ static abi_long do_syscall1(CPUArchState + case TARGET_NR_fcntl64: + { + int cmd; +- struct flock64 fl; +- from_flock64_fn *copyfrom = copy_from_user_flock64; +- to_flock64_fn *copyto = copy_to_user_flock64; ++ struct flock fl; ++ from_flock_fn *copyfrom = copy_from_user_flock; ++ to_flock_fn *copyto = copy_to_user_flock; + + #ifdef TARGET_ARM + if (!cpu_env->eabi) { +- copyfrom = copy_from_user_oabi_flock64; +- copyto = copy_to_user_oabi_flock64; ++ copyfrom = copy_from_user_oabi_flock; ++ copyto = copy_to_user_oabi_flock; + } + #endif + +@@ -12015,7 +11940,7 @@ static abi_long do_syscall1(CPUArchState + } + + switch(arg2) { +- case TARGET_F_GETLK64: ++ case TARGET_F_GETLK: + ret = copyfrom(&fl, arg3); + if (ret) { + break; +@@ -12026,8 +11951,8 @@ static abi_long do_syscall1(CPUArchState + } + break; + +- case TARGET_F_SETLK64: +- case TARGET_F_SETLKW64: ++ case TARGET_F_SETLK: ++ case TARGET_F_SETLKW: + ret = copyfrom(&fl, arg3); + if (ret) { + break; diff --git a/meta/recipes-devtools/qemu/qemu/0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch b/meta/recipes-devtools/qemu/qemu/0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch new file mode 100644 index 0000000000..3f01aaa644 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0002-linux-user-loongarch64-Remove-TARGET_FORCE_SHMLBA.patch @@ -0,0 +1,43 @@ +From 5bf65b24414d3ff8339f6f1beb221c7c35c91e5d Mon Sep 17 00:00:00 2001 +From: Richard Henderson <richard.henderson@linaro.org> +Date: Wed, 28 Feb 2024 10:25:15 -1000 +Subject: [PATCH 2/5] linux-user/loongarch64: Remove TARGET_FORCE_SHMLBA + +The kernel abi was changed with + + commit d23b77953f5a4fbf94c05157b186aac2a247ae32 + Author: Huacai Chen <chenhuacai@kernel.org> + Date: Wed Jan 17 12:43:08 2024 +0800 + + LoongArch: Change SHMLBA from SZ_64K to PAGE_SIZE + +during the v6.8 cycle. + +Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html] + +Reviewed-by: Song Gao <gaosong@loongson.cn> +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +--- + linux-user/loongarch64/target_syscall.h | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/linux-user/loongarch64/target_syscall.h b/linux-user/loongarch64/target_syscall.h +index 8b5de5212..39f229bb9 100644 +--- a/linux-user/loongarch64/target_syscall.h ++++ b/linux-user/loongarch64/target_syscall.h +@@ -38,11 +38,4 @@ struct target_pt_regs { + #define TARGET_MCL_FUTURE 2 + #define TARGET_MCL_ONFAULT 4 + +-#define TARGET_FORCE_SHMLBA +- +-static inline abi_ulong target_shmlba(CPULoongArchState *env) +-{ +- return 64 * KiB; +-} +- + #endif +-- +2.34.1 + diff --git a/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0003-apic-fixup-fallthrough-to-PIC.patch index 034ac57821..e85f8202e9 100644 --- a/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch +++ b/meta/recipes-devtools/qemu/qemu/0003-apic-fixup-fallthrough-to-PIC.patch @@ -1,7 +1,7 @@ -From a59a98d100123030a4145e7efe3b8a001920a9f1 Mon Sep 17 00:00:00 2001 +From dc2a8ccd440ee3741b61606eafed3f7e092f4312 Mon Sep 17 00:00:00 2001 From: Mark Asselstine <mark.asselstine@windriver.com> Date: Tue, 26 Feb 2013 11:43:28 -0500 -Subject: [PATCH] apic: fixup fallthrough to PIC +Subject: [PATCH 03/12] apic: fixup fallthrough to PIC Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC interrupts through the local APIC if the local APIC config says so.] @@ -29,11 +29,11 @@ Signed-off-by: He Zhe <zhe.he@windriver.com> hw/intc/apic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: qemu-5.1.0/hw/intc/apic.c +Index: qemu-8.0.0/hw/intc/apic.c =================================================================== ---- qemu-5.1.0.orig/hw/intc/apic.c -+++ qemu-5.1.0/hw/intc/apic.c -@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *de +--- qemu-8.0.0.orig/hw/intc/apic.c ++++ qemu-8.0.0/hw/intc/apic.c +@@ -607,7 +607,7 @@ int apic_accept_pic_intr(DeviceState *de APICCommonState *s = APIC(dev); uint32_t lvt0; diff --git a/meta/recipes-devtools/qemu/qemu/0003-linux-user-Add-strace-for-shmat.patch b/meta/recipes-devtools/qemu/qemu/0003-linux-user-Add-strace-for-shmat.patch new file mode 100644 index 0000000000..0c601c804a --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0003-linux-user-Add-strace-for-shmat.patch @@ -0,0 +1,71 @@ +From e8f06676c6c88e12cd5f4f81a839b7111c683596 Mon Sep 17 00:00:00 2001 +From: Richard Henderson <richard.henderson@linaro.org> +Date: Wed, 28 Feb 2024 10:25:16 -1000 +Subject: [PATCH 3/5] linux-user: Add strace for shmat + +Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html] + +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +--- + linux-user/strace.c | 23 +++++++++++++++++++++++ + linux-user/strace.list | 2 +- + 2 files changed, 24 insertions(+), 1 deletion(-) + +diff --git a/linux-user/strace.c b/linux-user/strace.c +index cf26e5526..47d6ec326 100644 +--- a/linux-user/strace.c ++++ b/linux-user/strace.c +@@ -670,6 +670,25 @@ print_semctl(CPUArchState *cpu_env, const struct syscallname *name, + } + #endif + ++static void ++print_shmat(CPUArchState *cpu_env, const struct syscallname *name, ++ abi_long arg0, abi_long arg1, abi_long arg2, ++ abi_long arg3, abi_long arg4, abi_long arg5) ++{ ++ static const struct flags shmat_flags[] = { ++ FLAG_GENERIC(SHM_RND), ++ FLAG_GENERIC(SHM_REMAP), ++ FLAG_GENERIC(SHM_RDONLY), ++ FLAG_GENERIC(SHM_EXEC), ++ }; ++ ++ print_syscall_prologue(name); ++ print_raw_param(TARGET_ABI_FMT_ld, arg0, 0); ++ print_pointer(arg1, 0); ++ print_flags(shmat_flags, arg2, 1); ++ print_syscall_epilogue(name); ++} ++ + #ifdef TARGET_NR_ipc + static void + print_ipc(CPUArchState *cpu_env, const struct syscallname *name, +@@ -683,6 +702,10 @@ print_ipc(CPUArchState *cpu_env, const struct syscallname *name, + print_ipc_cmd(arg3); + qemu_log(",0x" TARGET_ABI_FMT_lx ")", arg4); + break; ++ case IPCOP_shmat: ++ print_shmat(cpu_env, &(const struct syscallname){ .name = "shmat" }, ++ arg1, arg4, arg2, 0, 0, 0); ++ break; + default: + qemu_log(("%s(" + TARGET_ABI_FMT_ld "," +diff --git a/linux-user/strace.list b/linux-user/strace.list +index 6655d4f26..dfd4237d1 100644 +--- a/linux-user/strace.list ++++ b/linux-user/strace.list +@@ -1398,7 +1398,7 @@ + { TARGET_NR_sgetmask, "sgetmask" , NULL, NULL, NULL }, + #endif + #ifdef TARGET_NR_shmat +-{ TARGET_NR_shmat, "shmat" , NULL, NULL, print_syscall_ret_addr }, ++{ TARGET_NR_shmat, "shmat" , NULL, print_shmat, print_syscall_ret_addr }, + #endif + #ifdef TARGET_NR_shmctl + { TARGET_NR_shmctl, "shmctl" , NULL, NULL, NULL }, +-- +2.34.1 + diff --git a/meta/recipes-devtools/qemu/qemu/0004-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta/recipes-devtools/qemu/qemu/0004-configure-Add-pkg-config-handling-for-libgcrypt.patch new file mode 100644 index 0000000000..f981a64a54 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0004-configure-Add-pkg-config-handling-for-libgcrypt.patch @@ -0,0 +1,29 @@ +From d8265abdce5dc2bf74b3fccdf2b7257b4f3894f0 Mon Sep 17 00:00:00 2001 +From: He Zhe <zhe.he@windriver.com> +Date: Wed, 28 Aug 2019 19:56:28 +0800 +Subject: [PATCH 04/12] configure: Add pkg-config handling for libgcrypt + +libgcrypt may also be controlled by pkg-config, this patch adds pkg-config +handling for libgcrypt. + +Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg06333.html] + +Signed-off-by: He Zhe <zhe.he@windriver.com> + +--- + meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-8.1.0/meson.build +=================================================================== +--- qemu-8.1.0.orig/meson.build ++++ qemu-8.1.0/meson.build +@@ -1481,7 +1481,7 @@ endif + if not gnutls_crypto.found() + if (not get_option('gcrypt').auto() or have_system) and not get_option('nettle').enabled() + gcrypt = dependency('libgcrypt', version: '>=1.8', +- method: 'config-tool', ++ method: 'pkg-config', + required: get_option('gcrypt')) + # Debian has removed -lgpg-error from libgcrypt-config + # as it "spreads unnecessary dependencies" which in diff --git a/meta/recipes-devtools/qemu/qemu/0004-linux-user-Rewrite-target_shmat.patch b/meta/recipes-devtools/qemu/qemu/0004-linux-user-Rewrite-target_shmat.patch new file mode 100644 index 0000000000..88c3ed40b0 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0004-linux-user-Rewrite-target_shmat.patch @@ -0,0 +1,236 @@ +From cb48d5d1592e63ebd0d4a3e300ef98e38e6306d7 Mon Sep 17 00:00:00 2001 +From: Richard Henderson <richard.henderson@linaro.org> +Date: Wed, 28 Feb 2024 10:25:17 -1000 +Subject: [PATCH 4/5] linux-user: Rewrite target_shmat + +Handle combined host and guest alignment requirements. +Handle host and guest page size differences. +Handle SHM_EXEC. + +Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html] + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/115 +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +--- + linux-user/mmap.c | 166 +++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 133 insertions(+), 33 deletions(-) + +diff --git a/linux-user/mmap.c b/linux-user/mmap.c +index 18fb3aaf7..6a2f649bb 100644 +--- a/linux-user/mmap.c ++++ b/linux-user/mmap.c +@@ -1062,69 +1062,161 @@ static inline abi_ulong target_shmlba(CPUArchState *cpu_env) + } + #endif + ++#if defined(__arm__) || defined(__mips__) || defined(__sparc__) ++#define HOST_FORCE_SHMLBA 1 ++#else ++#define HOST_FORCE_SHMLBA 0 ++#endif ++ + abi_ulong target_shmat(CPUArchState *cpu_env, int shmid, + abi_ulong shmaddr, int shmflg) + { + CPUState *cpu = env_cpu(cpu_env); +- abi_ulong raddr; + struct shmid_ds shm_info; + int ret; +- abi_ulong shmlba; ++ int h_pagesize; ++ int t_shmlba, h_shmlba, m_shmlba; ++ size_t t_len, h_len, m_len; + + /* shmat pointers are always untagged */ + +- /* find out the length of the shared memory segment */ ++ /* ++ * Because we can't use host shmat() unless the address is sufficiently ++ * aligned for the host, we'll need to check both. ++ * TODO: Could be fixed with softmmu. ++ */ ++ t_shmlba = target_shmlba(cpu_env); ++ h_pagesize = qemu_real_host_page_size(); ++ h_shmlba = (HOST_FORCE_SHMLBA ? SHMLBA : h_pagesize); ++ m_shmlba = MAX(t_shmlba, h_shmlba); ++ ++ if (shmaddr) { ++ if (shmaddr & (m_shmlba - 1)) { ++ if (shmflg & SHM_RND) { ++ /* ++ * The guest is allowing the kernel to round the address. ++ * Assume that the guest is ok with us rounding to the ++ * host required alignment too. Anyway if we don't, we'll ++ * get an error from the kernel. ++ */ ++ shmaddr &= ~(m_shmlba - 1); ++ if (shmaddr == 0 && (shmflg & SHM_REMAP)) { ++ return -TARGET_EINVAL; ++ } ++ } else { ++ int require = TARGET_PAGE_SIZE; ++#ifdef TARGET_FORCE_SHMLBA ++ require = t_shmlba; ++#endif ++ /* ++ * Include host required alignment, as otherwise we cannot ++ * use host shmat at all. ++ */ ++ require = MAX(require, h_shmlba); ++ if (shmaddr & (require - 1)) { ++ return -TARGET_EINVAL; ++ } ++ } ++ } ++ } else { ++ if (shmflg & SHM_REMAP) { ++ return -TARGET_EINVAL; ++ } ++ } ++ /* All rounding now manually concluded. */ ++ shmflg &= ~SHM_RND; ++ ++ /* Find out the length of the shared memory segment. */ + ret = get_errno(shmctl(shmid, IPC_STAT, &shm_info)); + if (is_error(ret)) { + /* can't get length, bail out */ + return ret; + } ++ t_len = TARGET_PAGE_ALIGN(shm_info.shm_segsz); ++ h_len = ROUND_UP(shm_info.shm_segsz, h_pagesize); ++ m_len = MAX(t_len, h_len); + +- shmlba = target_shmlba(cpu_env); +- +- if (shmaddr & (shmlba - 1)) { +- if (shmflg & SHM_RND) { +- shmaddr &= ~(shmlba - 1); +- } else { +- return -TARGET_EINVAL; +- } +- } +- if (!guest_range_valid_untagged(shmaddr, shm_info.shm_segsz)) { ++ if (!guest_range_valid_untagged(shmaddr, m_len)) { + return -TARGET_EINVAL; + } + + WITH_MMAP_LOCK_GUARD() { +- void *host_raddr; ++ bool mapped = false; ++ void *want, *test; + abi_ulong last; + +- if (shmaddr) { +- host_raddr = shmat(shmid, (void *)g2h_untagged(shmaddr), shmflg); ++ if (!shmaddr) { ++ shmaddr = mmap_find_vma(0, m_len, m_shmlba); ++ if (shmaddr == -1) { ++ return -TARGET_ENOMEM; ++ } ++ mapped = !reserved_va; ++ } else if (shmflg & SHM_REMAP) { ++ /* ++ * If host page size > target page size, the host shmat may map ++ * more memory than the guest expects. Reject a mapping that ++ * would replace memory in the unexpected gap. ++ * TODO: Could be fixed with softmmu. ++ */ ++ if (t_len < h_len && ++ !page_check_range_empty(shmaddr + t_len, ++ shmaddr + h_len - 1)) { ++ return -TARGET_EINVAL; ++ } + } else { +- abi_ulong mmap_start; ++ if (!page_check_range_empty(shmaddr, shmaddr + m_len - 1)) { ++ return -TARGET_EINVAL; ++ } ++ } + +- /* In order to use the host shmat, we need to honor host SHMLBA. */ +- mmap_start = mmap_find_vma(0, shm_info.shm_segsz, +- MAX(SHMLBA, shmlba)); ++ /* All placement is now complete. */ ++ want = (void *)g2h_untagged(shmaddr); + +- if (mmap_start == -1) { +- return -TARGET_ENOMEM; ++ /* ++ * Map anonymous pages across the entire range, then remap with ++ * the shared memory. This is required for a number of corner ++ * cases for which host and guest page sizes differ. ++ */ ++ if (h_len != t_len) { ++ int mmap_p = PROT_READ | (shmflg & SHM_RDONLY ? 0 : PROT_WRITE); ++ int mmap_f = MAP_PRIVATE | MAP_ANONYMOUS ++ | (reserved_va || (shmflg & SHM_REMAP) ++ ? MAP_FIXED : MAP_FIXED_NOREPLACE); ++ ++ test = mmap(want, m_len, mmap_p, mmap_f, -1, 0); ++ if (unlikely(test != want)) { ++ /* shmat returns EINVAL not EEXIST like mmap. */ ++ ret = (test == MAP_FAILED && errno != EEXIST ++ ? get_errno(-1) : -TARGET_EINVAL); ++ if (mapped) { ++ do_munmap(want, m_len); ++ } ++ return ret; + } +- host_raddr = shmat(shmid, g2h_untagged(mmap_start), +- shmflg | SHM_REMAP); ++ mapped = true; + } + +- if (host_raddr == (void *)-1) { +- return get_errno(-1); ++ if (reserved_va || mapped) { ++ shmflg |= SHM_REMAP; ++ } ++ test = shmat(shmid, want, shmflg); ++ if (test == MAP_FAILED) { ++ ret = get_errno(-1); ++ if (mapped) { ++ do_munmap(want, m_len); ++ } ++ return ret; + } +- raddr = h2g(host_raddr); +- last = raddr + shm_info.shm_segsz - 1; ++ assert(test == want); + +- page_set_flags(raddr, last, ++ last = shmaddr + m_len - 1; ++ page_set_flags(shmaddr, last, + PAGE_VALID | PAGE_RESET | PAGE_READ | +- (shmflg & SHM_RDONLY ? 0 : PAGE_WRITE)); ++ (shmflg & SHM_RDONLY ? 0 : PAGE_WRITE) | ++ (shmflg & SHM_EXEC ? PAGE_EXEC : 0)); + +- shm_region_rm_complete(raddr, last); +- shm_region_add(raddr, last); ++ shm_region_rm_complete(shmaddr, last); ++ shm_region_add(shmaddr, last); + } + + /* +@@ -1138,7 +1230,15 @@ abi_ulong target_shmat(CPUArchState *cpu_env, int shmid, + tb_flush(cpu); + } + +- return raddr; ++ if (qemu_loglevel_mask(CPU_LOG_PAGE)) { ++ FILE *f = qemu_log_trylock(); ++ if (f) { ++ fprintf(f, "page layout changed following shmat\n"); ++ page_dump(f); ++ qemu_log_unlock(f); ++ } ++ } ++ return shmaddr; + } + + abi_long target_shmdt(abi_ulong shmaddr) +-- +2.34.1 + diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch deleted file mode 100644 index 71f537f9b0..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 4127296bb1046cdf73994ba69dc913d8c02fd74f Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Tue, 20 Oct 2015 22:19:08 +0100 -Subject: [PATCH] qemu: disable Valgrind - -There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds. - -Upstream-Status: Inappropriate -Signed-off-by: Ross Burton <ross.burton@intel.com> - ---- - configure | 9 --------- - 1 file changed, 9 deletions(-) - -Index: qemu-5.1.0/configure -=================================================================== ---- qemu-5.1.0.orig/configure -+++ qemu-5.1.0/configure -@@ -5751,15 +5751,6 @@ fi - # check if we have valgrind/valgrind.h - - valgrind_h=no --cat > $TMPC << EOF --#include <valgrind/valgrind.h> --int main(void) { -- return 0; --} --EOF --if compile_prog "" "" ; then -- valgrind_h=yes --fi - - ######################################## - # check if environ is declared diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-Do-not-include-file-if-not-exists.patch index d6c0f9ebe9..38aa4c3bbe 100644 --- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch +++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-Do-not-include-file-if-not-exists.patch @@ -1,7 +1,7 @@ -From 34247f83095f8cdcdc1f9d7f0c6ffbd46b25d979 Mon Sep 17 00:00:00 2001 +From f39e7bfc5ed07b5ecaeb705c4eae4855ca120d47 Mon Sep 17 00:00:00 2001 From: Oleksiy Obitotskyy <oobitots@cisco.com> Date: Wed, 25 Mar 2020 21:21:35 +0200 -Subject: [PATCH] qemu: Do not include file if not exists +Subject: [PATCH 05/12] qemu: Do not include file if not exists Script configure checks for if_alg.h and check failed but if_alg.h still included. @@ -11,15 +11,16 @@ Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> [update patch context] Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> + --- linux-user/syscall.c | 2 ++ 1 file changed, 2 insertions(+) -Index: qemu-5.1.0/linux-user/syscall.c +Index: qemu-8.0.0/linux-user/syscall.c =================================================================== ---- qemu-5.1.0.orig/linux-user/syscall.c -+++ qemu-5.1.0/linux-user/syscall.c -@@ -109,7 +109,9 @@ +--- qemu-8.0.0.orig/linux-user/syscall.c ++++ qemu-8.0.0/linux-user/syscall.c +@@ -115,7 +115,9 @@ #include <linux/blkpg.h> #include <netpacket/packet.h> #include <linux/netlink.h> @@ -28,4 +29,4 @@ Index: qemu-5.1.0/linux-user/syscall.c +#endif #include <linux/rtc.h> #include <sound/asound.h> - #ifdef HAVE_DRM_H + #ifdef HAVE_BTRFS_H diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch deleted file mode 100644 index 02ebbee1a0..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 230fe5804099bdca0c9e4cae7280c9fc513cb7f5 Mon Sep 17 00:00:00 2001 -From: Stephen Arnold <sarnold@vctlabs.com> -Date: Sun, 12 Jun 2016 18:09:56 -0700 -Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment - -Upstream-Status: Pending - -[update patch context] -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - configure | 4 ---- - 1 file changed, 4 deletions(-) - -Index: qemu-5.1.0/configure -=================================================================== ---- qemu-5.1.0.orig/configure -+++ qemu-5.1.0/configure -@@ -6515,10 +6515,6 @@ write_c_skeleton - if test "$gcov" = "yes" ; then - QEMU_CFLAGS="-fprofile-arcs -ftest-coverage -g $QEMU_CFLAGS" - QEMU_LDFLAGS="-fprofile-arcs -ftest-coverage $QEMU_LDFLAGS" --elif test "$fortify_source" = "yes" ; then -- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" --elif test "$debug" = "no"; then -- CFLAGS="-O2 $CFLAGS" - fi - - if test "$have_asan" = "yes"; then diff --git a/meta/recipes-devtools/qemu/qemu/0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch b/meta/recipes-devtools/qemu/qemu/0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch new file mode 100644 index 0000000000..5afb35ea0c --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0005-tests-tcg-Check-that-shmat-does-not-break-proc-self-.patch @@ -0,0 +1,85 @@ +From 1234063488134ad1f541f56dd30caa7896905f06 Mon Sep 17 00:00:00 2001 +From: Ilya Leoshkevich <iii@linux.ibm.com> +Date: Wed, 28 Feb 2024 10:25:18 -1000 +Subject: [PATCH 5/5] tests/tcg: Check that shmat() does not break + /proc/self/maps + +Add a regression test for a recently fixed issue, where shmat() +desynced the guest and the host view of the address space and caused +open("/proc/self/maps") to SEGV. + +Upstream-Status: Submitted [https://www.mail-archive.com/qemu-devel@nongnu.org/msg1026793.html] + +Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> +Message-Id: <jwyuvao4apydvykmsnvacwshdgy3ixv7qvkh4dbxm3jkwgnttw@k4wpaayou7oq> +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +--- + tests/tcg/multiarch/linux/linux-shmat-maps.c | 55 ++++++++++++++++++++ + 1 file changed, 55 insertions(+) + create mode 100644 tests/tcg/multiarch/linux/linux-shmat-maps.c + +diff --git a/tests/tcg/multiarch/linux/linux-shmat-maps.c b/tests/tcg/multiarch/linux/linux-shmat-maps.c +new file mode 100644 +index 000000000..0ccf7a973 +--- /dev/null ++++ b/tests/tcg/multiarch/linux/linux-shmat-maps.c +@@ -0,0 +1,55 @@ ++/* ++ * Test that shmat() does not break /proc/self/maps. ++ * ++ * SPDX-License-Identifier: GPL-2.0-or-later ++ */ ++#include <assert.h> ++#include <fcntl.h> ++#include <stdlib.h> ++#include <sys/ipc.h> ++#include <sys/shm.h> ++#include <unistd.h> ++ ++int main(void) ++{ ++ char buf[128]; ++ int err, fd; ++ int shmid; ++ ssize_t n; ++ void *p; ++ ++ shmid = shmget(IPC_PRIVATE, 1, IPC_CREAT | 0600); ++ assert(shmid != -1); ++ ++ /* ++ * The original bug required a non-NULL address, which skipped the ++ * mmap_find_vma step, which could result in a host mapping smaller ++ * than the target mapping. Choose an address at random. ++ */ ++ p = shmat(shmid, (void *)0x800000, SHM_RND); ++ if (p == (void *)-1) { ++ /* ++ * Because we are now running the testcase for all guests for which ++ * we have a cross-compiler, the above random address might conflict ++ * with the guest executable in some way. Rather than stopping, ++ * continue with a system supplied address, which should never fail. ++ */ ++ p = shmat(shmid, NULL, 0); ++ assert(p != (void *)-1); ++ } ++ ++ fd = open("/proc/self/maps", O_RDONLY); ++ assert(fd != -1); ++ do { ++ n = read(fd, buf, sizeof(buf)); ++ assert(n >= 0); ++ } while (n != 0); ++ close(fd); ++ ++ err = shmdt(p); ++ assert(err == 0); ++ err = shmctl(shmid, IPC_RMID, NULL); ++ assert(err == 0); ++ ++ return EXIT_SUCCESS; ++} +-- +2.34.1 + diff --git a/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch deleted file mode 100644 index 98fd5e9133..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch +++ /dev/null @@ -1,241 +0,0 @@ -From bcc63f775e265df69963a4ad7805b8678ace68f0 Mon Sep 17 00:00:00 2001 -From: Alistair Francis <alistair.francis@xilinx.com> -Date: Thu, 21 Dec 2017 11:35:16 -0800 -Subject: [PATCH] chardev: connect socket to a spawned command - -The command is started in a shell (sh -c) with stdin connect to QEMU -via a Unix domain stream socket. QEMU then exchanges data via its own -end of the socket, just like it normally does. - -"-chardev socket" supports some ways of connecting via protocols like -telnet, but that is only a subset of the functionality supported by -tools socat. To use socat instead, for example to connect via a socks -proxy, use: - - -chardev 'socket,id=socat,cmd=exec socat FD:0 SOCKS4A:socks-proxy.localdomain:example.com:9999,,socksuser=nobody' \ - -device usb-serial,chardev=socat - -Beware that commas in the command must be escaped as double commas. - -Or interactively in the console: - (qemu) chardev-add socket,id=cat,cmd=cat - (qemu) device_add usb-serial,chardev=cat - ^ac - # cat >/dev/ttyUSB0 - hello - hello - -Another usage is starting swtpm from inside QEMU. swtpm will -automatically shut down once it looses the connection to the parent -QEMU, so there is no risk of lingering processes: - - -chardev 'socket,id=chrtpm0,cmd=exec swtpm socket --terminate --ctrl type=unixio,,clientfd=0 --tpmstate dir=... --log file=swtpm.log' \ - -tpmdev emulator,id=tpm0,chardev=chrtpm0 \ - -device tpm-tis,tpmdev=tpm0 - -The patch was discussed upstream, but QEMU developers believe that the -code calling QEMU should be responsible for managing additional -processes. In OE-core, that would imply enhancing runqemu and -oeqa. This patch is a simpler solution. - -Because it is not going upstream, the patch was written so that it is -as simple as possible. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - ---- - chardev/char-socket.c | 101 ++++++++++++++++++++++++++++++++++++++++++ - chardev/char.c | 3 ++ - qapi/char.json | 5 +++ - 3 files changed, 109 insertions(+) - -Index: qemu-5.1.0/chardev/char-socket.c -=================================================================== ---- qemu-5.1.0.orig/chardev/char-socket.c -+++ qemu-5.1.0/chardev/char-socket.c -@@ -1292,6 +1292,67 @@ static bool qmp_chardev_validate_socket( - return true; - } - -+#ifndef _WIN32 -+static void chardev_open_socket_cmd(Chardev *chr, -+ const char *cmd, -+ Error **errp) -+{ -+ int fds[2] = { -1, -1 }; -+ QIOChannelSocket *sioc = NULL; -+ pid_t pid = -1; -+ const char *argv[] = { "/bin/sh", "-c", cmd, NULL }; -+ -+ /* -+ * We need a Unix domain socket for commands like swtpm and a single -+ * connection, therefore we cannot use qio_channel_command_new_spawn() -+ * without patching it first. Duplicating the functionality is easier. -+ */ -+ if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds)) { -+ error_setg_errno(errp, errno, "Error creating socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC)"); -+ goto error; -+ } -+ -+ pid = qemu_fork(errp); -+ if (pid < 0) { -+ goto error; -+ } -+ -+ if (!pid) { -+ /* child */ -+ dup2(fds[1], STDIN_FILENO); -+ execv(argv[0], (char * const *)argv); -+ _exit(1); -+ } -+ -+ /* -+ * Hand over our end of the socket pair to the qio channel. -+ * -+ * We don't reap the child because it is expected to keep -+ * running. We also don't support the "reconnect" option for the -+ * same reason. -+ */ -+ sioc = qio_channel_socket_new_fd(fds[0], errp); -+ if (!sioc) { -+ goto error; -+ } -+ fds[0] = -1; -+ -+ g_free(chr->filename); -+ chr->filename = g_strdup_printf("cmd:%s", cmd); -+ tcp_chr_new_client(chr, sioc); -+ -+ error: -+ if (fds[0] >= 0) { -+ close(fds[0]); -+ } -+ if (fds[1] >= 0) { -+ close(fds[1]); -+ } -+ if (sioc) { -+ object_unref(OBJECT(sioc)); -+ } -+} -+#endif - - static void qmp_chardev_open_socket(Chardev *chr, - ChardevBackend *backend, -@@ -1300,6 +1361,9 @@ static void qmp_chardev_open_socket(Char - { - SocketChardev *s = SOCKET_CHARDEV(chr); - ChardevSocket *sock = backend->u.socket.data; -+#ifndef _WIN32 -+ const char *cmd = sock->cmd; -+#endif - bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; - bool is_listen = sock->has_server ? sock->server : true; - bool is_telnet = sock->has_telnet ? sock->telnet : false; -@@ -1365,6 +1429,14 @@ static void qmp_chardev_open_socket(Char - - update_disconnected_filename(s); - -+#ifndef _WIN32 -+ if (cmd) { -+ chardev_open_socket_cmd(chr, cmd, errp); -+ -+ /* everything ready (or failed permanently) before we return */ -+ *be_opened = true; -+ } else -+#endif - if (s->is_listen) { - if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270, - is_waitconnect, errp) < 0) { -@@ -1384,11 +1456,27 @@ static void qemu_chr_parse_socket(QemuOp - const char *host = qemu_opt_get(opts, "host"); - const char *port = qemu_opt_get(opts, "port"); - const char *fd = qemu_opt_get(opts, "fd"); -+#ifndef _WIN32 -+ const char *cmd = qemu_opt_get(opts, "cmd"); -+#endif - bool tight = qemu_opt_get_bool(opts, "tight", true); - bool abstract = qemu_opt_get_bool(opts, "abstract", false); - SocketAddressLegacy *addr; - ChardevSocket *sock; - -+#ifndef _WIN32 -+ if (cmd) { -+ /* -+ * Here we have to ensure that no options are set which are incompatible with -+ * spawning a command, otherwise unmodified code that doesn't know about -+ * command spawning (like socket_reconnect_timeout()) might get called. -+ */ -+ if (path || sock->server || sock->has_telnet || sock->has_tn3270 || sock->reconnect || host || port || sock->tls_creds) { -+ error_setg(errp, "chardev: socket: cmd does not support any additional options"); -+ return; -+ } -+ } else -+#endif - if ((!!path + !!fd + !!host) != 1) { - error_setg(errp, - "Exactly one of 'path', 'fd' or 'host' required"); -@@ -1431,12 +1519,24 @@ static void qemu_chr_parse_socket(QemuOp - sock->has_tls_authz = qemu_opt_get(opts, "tls-authz"); - sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz")); - -- addr = g_new0(SocketAddressLegacy, 1); -+#ifndef _WIN32 -+ sock->cmd = g_strdup(cmd); -+#endif -+ -+ addr = g_new0(SocketAddressLegacy, 1); -+#ifndef _WIN32 -+ if (path || cmd) { -+#else - if (path) { -+#endif - UnixSocketAddress *q_unix; - addr->type = SOCKET_ADDRESS_LEGACY_KIND_UNIX; - q_unix = addr->u.q_unix.data = g_new0(UnixSocketAddress, 1); -+#ifndef _WIN32 -+ q_unix->path = cmd ? g_strdup_printf("cmd:%s", cmd) : g_strdup(path); -+#else - q_unix->path = g_strdup(path); -+#endif - q_unix->tight = tight; - q_unix->abstract = abstract; - } else if (host) { -Index: qemu-5.1.0/chardev/char.c -=================================================================== ---- qemu-5.1.0.orig/chardev/char.c -+++ qemu-5.1.0/chardev/char.c -@@ -826,6 +826,9 @@ QemuOptsList qemu_chardev_opts = { - .name = "path", - .type = QEMU_OPT_STRING, - },{ -+ .name = "cmd", -+ .type = QEMU_OPT_STRING, -+ },{ - .name = "host", - .type = QEMU_OPT_STRING, - },{ -Index: qemu-5.1.0/qapi/char.json -=================================================================== ---- qemu-5.1.0.orig/qapi/char.json -+++ qemu-5.1.0/qapi/char.json -@@ -250,6 +250,10 @@ - # - # @addr: socket address to listen on (server=true) - # or connect to (server=false) -+# @cmd: command to run via "sh -c" with stdin as one end of -+# a AF_UNIX SOCK_DSTREAM socket pair. The other end -+# is used by the chardev. Either an addr or a cmd can -+# be specified, but not both. - # @tls-creds: the ID of the TLS credentials object (since 2.6) - # @tls-authz: the ID of the QAuthZ authorization object against which - # the client's x509 distinguished name will be validated. This -@@ -276,6 +280,7 @@ - ## - { 'struct': 'ChardevSocket', - 'data': { 'addr': 'SocketAddressLegacy', -+ '*cmd': 'str', - '*tls-creds': 'str', - '*tls-authz' : 'str', - '*server': 'bool', diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch new file mode 100644 index 0000000000..5d1d7c6881 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch @@ -0,0 +1,49 @@ +From 375cae3dd6151ef33cae8f243f6a2c2da6c0c356 Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.purdie@linuxfoundation.org> +Date: Fri, 8 Jan 2021 17:27:06 +0000 +Subject: [PATCH 06/12] qemu: Add some user space mmap tweaks to address musl + 32 bit + +When using qemu-i386 to build qemux86 webkitgtk on musl, it sits in an +infinite loop of mremap calls of ever decreasing/increasing addresses. + +I suspect something in the musl memory allocation code loops indefinitely +if it only sees ENOMEM and only exits when it hits EFAULT. + +According to the docs, trying to mremap outside the address space +can/should return EFAULT and changing this allows the build to succeed. + +A better return value for the other cases of invalid addresses is EINVAL +rather than ENOMEM so adjust the other part of the test to this. + +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg01355.html] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org + +--- + linux-user/mmap.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +Index: qemu-8.0.0/linux-user/mmap.c +=================================================================== +--- qemu-8.0.0.orig/linux-user/mmap.c ++++ qemu-8.0.0/linux-user/mmap.c +@@ -776,12 +776,16 @@ abi_long target_mremap(abi_ulong old_add + int prot; + void *host_addr; + +- if (!guest_range_valid_untagged(old_addr, old_size) || +- ((flags & MREMAP_FIXED) && ++ if (!guest_range_valid_untagged(old_addr, old_size)) { ++ errno = EFAULT; ++ return -1; ++ } ++ ++ if (((flags & MREMAP_FIXED) && + !guest_range_valid_untagged(new_addr, new_size)) || + ((flags & MREMAP_MAYMOVE) == 0 && + !guest_range_valid_untagged(old_addr, new_size))) { +- errno = ENOMEM; ++ errno = EINVAL; + return -1; + } + diff --git a/meta/recipes-devtools/qemu/qemu/0007-qemu-Determinism-fixes.patch b/meta/recipes-devtools/qemu/qemu/0007-qemu-Determinism-fixes.patch new file mode 100644 index 0000000000..d3f965e070 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0007-qemu-Determinism-fixes.patch @@ -0,0 +1,31 @@ +From 50bab5c2605b609ea7ea154f57a9be96d656725a Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.purdie@linuxfoundation.org> +Date: Mon, 1 Mar 2021 13:00:47 +0000 +Subject: [PATCH 07/12] qemu: Determinism fixes + +When sources are included within debug information, a couple of areas of the +qemu build are not reproducible due to either full buildpaths or timestamps. + +Replace the full paths with relative ones. I couldn't figure out how to get +meson to pass relative paths but we can fix that in the script. + +Upstream-Status: Pending [some version of all/part of this may be accepted] +RP 2021/3/1 + +--- + scripts/decodetree.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: qemu-8.0.0/scripts/decodetree.py +=================================================================== +--- qemu-8.0.0.orig/scripts/decodetree.py ++++ qemu-8.0.0/scripts/decodetree.py +@@ -1328,7 +1328,7 @@ def main(): + toppat = ExcMultiPattern(0) + + for filename in args: +- input_file = filename ++ input_file = os.path.relpath(filename) + f = open(filename, 'rt', encoding='utf-8') + parse_file(f, toppat) + f.close() diff --git a/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch deleted file mode 100644 index d20f04ee59..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch +++ /dev/null @@ -1,33 +0,0 @@ -From cf8c9aac5243f506a1a3e8e284414f311cde04f5 Mon Sep 17 00:00:00 2001 -From: Alistair Francis <alistair.francis@xilinx.com> -Date: Wed, 17 Jan 2018 10:51:49 -0800 -Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target - -Since commit "linux-user: Tidy and enforce reserved_va initialization" -(18e80c55bb6ec17c05ec0ba717ec83933c2bfc07) the Yocto webkitgtk build -hangs when cross compiling for 32-bit x86 on a 64-bit x86 machine using -musl. - -To fix the issue reduce the MAX_RESERVED_VA macro to be a closer match -to what it was before the problematic commit. - -Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html -Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> - ---- - linux-user/main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: qemu-5.1.0/linux-user/main.c -=================================================================== ---- qemu-5.1.0.orig/linux-user/main.c -+++ qemu-5.1.0/linux-user/main.c -@@ -92,7 +92,7 @@ static int last_log_mask; - (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) - /* There are a number of places where we assign reserved_va to a variable - of type abi_ulong and expect it to fit. Avoid the last page. */ --# define MAX_RESERVED_VA(CPU) (0xfffffffful & TARGET_PAGE_MASK) -+# define MAX_RESERVED_VA(CPU) (0x7ffffffful & TARGET_PAGE_MASK) - # else - # define MAX_RESERVED_VA(CPU) (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - # endif diff --git a/meta/recipes-devtools/qemu/qemu/0008-tests-meson.build-use-relative-path-to-refer-to-file.patch b/meta/recipes-devtools/qemu/qemu/0008-tests-meson.build-use-relative-path-to-refer-to-file.patch new file mode 100644 index 0000000000..a84364ccc1 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0008-tests-meson.build-use-relative-path-to-refer-to-file.patch @@ -0,0 +1,41 @@ +From 2bf9388b801d4389e2d57e95a7897bfc1c42786e Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 14 Jan 2021 06:33:04 +0000 +Subject: [PATCH 08/12] tests/meson.build: use relative path to refer to files + +Fix error like: +Fatal error: can't create tests/ptimer-test.p/..._qemu-5.2.0_hw_core_ptimer.c.o: File name too long + +when build path is too long, use meson.source_root() will make this +filename too long. Fixed by using relative path to refer to files + +Upstream-Status: Submitted [send to qemu-devel] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + tests/unit/meson.build | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: qemu-8.0.0/tests/unit/meson.build +=================================================================== +--- qemu-8.0.0.orig/tests/unit/meson.build ++++ qemu-8.0.0/tests/unit/meson.build +@@ -46,7 +46,7 @@ tests = { + 'test-keyval': [testqapi], + 'test-logging': [], + 'test-uuid': [], +- 'ptimer-test': ['ptimer-test-stubs.c', meson.project_source_root() / 'hw/core/ptimer.c'], ++ 'ptimer-test': ['ptimer-test-stubs.c', '../../hw/core/ptimer.c'], + 'test-qapi-util': [], + 'test-interval-tree': [], + 'test-xs-node': [qom], +@@ -136,7 +136,7 @@ if have_system + 'test-util-sockets': ['socket-helpers.c'], + 'test-base64': [], + 'test-bufferiszero': [], +- 'test-smp-parse': [qom, meson.project_source_root() / 'hw/core/machine-smp.c'], ++ 'test-smp-parse': [qom, '../../hw/core/machine-smp.c'], + 'test-vmstate': [migration, io], + 'test-yank': ['socket-helpers.c', qom, io, chardev] + } diff --git a/meta/recipes-devtools/qemu/qemu/0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch b/meta/recipes-devtools/qemu/qemu/0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch new file mode 100644 index 0000000000..4de6cc2445 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0009-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch @@ -0,0 +1,46 @@ +From ebf4bb2f51da83af0c61480414cfa156f7308b34 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 21 Mar 2022 10:09:38 -0700 +Subject: [PATCH 09/12] Define MAP_SYNC and MAP_SHARED_VALIDATE on needed linux + systems + +linux only wires MAP_SYNC and MAP_SHARED_VALIDATE for architectures +which include asm-generic/mman.h and mips/powerpc are not including this +file in linux/mman.h, therefore these should be defined for such +architectures on Linux as well. This fixes build on mips/musl/linux + +Upstream-Status: Submitted [https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05298.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Cc: Zhang Yi <yi.z.zhang@linux.intel.com> +Cc: Michael S. Tsirkin <mst@redhat.com> + +--- + util/mmap-alloc.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +Index: qemu-8.0.0/util/mmap-alloc.c +=================================================================== +--- qemu-8.0.0.orig/util/mmap-alloc.c ++++ qemu-8.0.0/util/mmap-alloc.c +@@ -10,14 +10,18 @@ + * later. See the COPYING file in the top-level directory. + */ + ++#include "qemu/osdep.h" + #ifdef CONFIG_LINUX + #include <linux/mman.h> +-#else /* !CONFIG_LINUX */ ++#endif /* CONFIG_LINUX */ ++ ++#ifndef MAP_SYNC + #define MAP_SYNC 0x0 ++#endif /* MAP_SYNC */ ++#ifndef MAP_SHARED_VALIDATE + #define MAP_SHARED_VALIDATE 0x0 +-#endif /* CONFIG_LINUX */ ++#endif /* MAP_SHARED_VALIDATE */ + +-#include "qemu/osdep.h" + #include "qemu/mmap-alloc.h" + #include "qemu/host-utils.h" + #include "qemu/cutils.h" diff --git a/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch b/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch deleted file mode 100644 index f2a44986b7..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 815c97ba0de02da9dace3fcfcbdf9b20e029f0d7 Mon Sep 17 00:00:00 2001 -From: Martin Jansa <martin.jansa@lge.com> -Date: Fri, 1 Jun 2018 08:41:07 +0000 -Subject: [PATCH] Fix webkitgtk builds - -This is a partial revert of "linux-user: fix mmap/munmap/mprotect/mremap/shmat". - -This patch fixes qemu-i386 hangs during gobject-introspection in webkitgtk build -when musl is used on qemux86. This is the same issue that -0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch was -fixing in the 2.11 release. - -This patch also fixes a build failure when building webkitgtk for -qemumips. A QEMU assert is seen while building webkitgtk: -page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed. - -This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583. - -Upstream-Status: Pending -Signed-off-by: Alistair Francis <alistair.francis@wdc.com> - -[update patch context] -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - include/exec/cpu-all.h | 6 +----- - include/exec/cpu_ldst.h | 5 ++++- - linux-user/mmap.c | 17 ++++------------- - linux-user/syscall.c | 5 +---- - 4 files changed, 10 insertions(+), 23 deletions(-) - -Index: qemu-5.1.0/include/exec/cpu-all.h -=================================================================== ---- qemu-5.1.0.orig/include/exec/cpu-all.h -+++ qemu-5.1.0/include/exec/cpu-all.h -@@ -176,11 +176,8 @@ extern unsigned long reserved_va; - * avoid setting bits at the top of guest addresses that might need - * to be used for tags. - */ --#define GUEST_ADDR_MAX_ \ -- ((MIN_CONST(TARGET_VIRT_ADDR_SPACE_BITS, TARGET_ABI_BITS) <= 32) ? \ -- UINT32_MAX : ~0ul) --#define GUEST_ADDR_MAX (reserved_va ? reserved_va - 1 : GUEST_ADDR_MAX_) -- -+#define GUEST_ADDR_MAX (reserved_va ? reserved_va : \ -+ (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1) - #else - - #include "exec/hwaddr.h" -Index: qemu-5.1.0/include/exec/cpu_ldst.h -=================================================================== ---- qemu-5.1.0.orig/include/exec/cpu_ldst.h -+++ qemu-5.1.0/include/exec/cpu_ldst.h -@@ -75,7 +75,10 @@ typedef uint64_t abi_ptr; - #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS - #define guest_addr_valid(x) (1) - #else --#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX) -+#define guest_addr_valid(x) ({ \ -+ ((x) < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \ -+ (!reserved_va || ((x) < reserved_va)); \ -+}) - #endif - #define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base) - -Index: qemu-5.1.0/linux-user/mmap.c -=================================================================== ---- qemu-5.1.0.orig/linux-user/mmap.c -+++ qemu-5.1.0/linux-user/mmap.c -@@ -71,7 +71,7 @@ int target_mprotect(abi_ulong start, abi - return -TARGET_EINVAL; - len = TARGET_PAGE_ALIGN(len); - end = start + len; -- if (!guest_range_valid(start, len)) { -+ if (end < start) { - return -TARGET_ENOMEM; - } - prot &= PROT_READ | PROT_WRITE | PROT_EXEC; -@@ -467,8 +467,8 @@ abi_long target_mmap(abi_ulong start, ab - * It can fail only on 64-bit host with 32-bit target. - * On any other target/host host mmap() handles this error correctly. - */ -- if (end < start || !guest_range_valid(start, len)) { -- errno = ENOMEM; -+ if (end < start || ((unsigned long)start + len - 1 > (abi_ulong) -1)) { -+ errno = EINVAL; - goto fail; - } - -@@ -604,10 +604,8 @@ int target_munmap(abi_ulong start, abi_u - if (start & ~TARGET_PAGE_MASK) - return -TARGET_EINVAL; - len = TARGET_PAGE_ALIGN(len); -- if (len == 0 || !guest_range_valid(start, len)) { -+ if (len == 0) - return -TARGET_EINVAL; -- } -- - mmap_lock(); - end = start + len; - real_start = start & qemu_host_page_mask; -@@ -662,13 +660,6 @@ abi_long target_mremap(abi_ulong old_add - int prot; - void *host_addr; - -- if (!guest_range_valid(old_addr, old_size) || -- ((flags & MREMAP_FIXED) && -- !guest_range_valid(new_addr, new_size))) { -- errno = ENOMEM; -- return -1; -- } -- - mmap_lock(); - - if (flags & MREMAP_FIXED) { -Index: qemu-5.1.0/linux-user/syscall.c -=================================================================== ---- qemu-5.1.0.orig/linux-user/syscall.c -+++ qemu-5.1.0/linux-user/syscall.c -@@ -4336,9 +4336,6 @@ static inline abi_ulong do_shmat(CPUArch - return -TARGET_EINVAL; - } - } -- if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) { -- return -TARGET_EINVAL; -- } - - mmap_lock(); - -@@ -7376,7 +7373,7 @@ static int open_self_maps(void *cpu_env, - const char *path; - - max = h2g_valid(max - 1) ? -- max : (uintptr_t) g2h(GUEST_ADDR_MAX) + 1; -+ max : (uintptr_t) g2h(GUEST_ADDR_MAX); - - if (page_check_range(h2g(min), max - min, flags) == -1) { - continue; diff --git a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch deleted file mode 100644 index d7e3fffdd0..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch +++ /dev/null @@ -1,91 +0,0 @@ -From c207607cdf3996ad9783c3bffbcd3d65e74c0158 Mon Sep 17 00:00:00 2001 -From: He Zhe <zhe.he@windriver.com> -Date: Wed, 28 Aug 2019 19:56:28 +0800 -Subject: [PATCH] configure: Add pkg-config handling for libgcrypt - -libgcrypt may also be controlled by pkg-config, this patch adds pkg-config -handling for libgcrypt. - -Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg06333.html] - -Signed-off-by: He Zhe <zhe.he@windriver.com> - ---- - configure | 48 ++++++++++++++++++++++++++++++++++++++++-------- - 1 file changed, 40 insertions(+), 8 deletions(-) - -Index: qemu-5.1.0/configure -=================================================================== ---- qemu-5.1.0.orig/configure -+++ qemu-5.1.0/configure -@@ -3084,6 +3084,30 @@ has_libgcrypt() { - return 0 - } - -+has_libgcrypt_pkgconfig() { -+ if ! has $pkg_config ; then -+ return 1 -+ fi -+ -+ if ! $pkg_config --list-all | grep libgcrypt > /dev/null 2>&1 ; then -+ return 1 -+ fi -+ -+ if test -n "$cross_prefix" ; then -+ host=$($pkg_config --variable=host libgcrypt) -+ if test "${host%-gnu}-" != "${cross_prefix%-gnu}" ; then -+ print_error "host($host) does not match cross_prefix($cross_prefix)" -+ return 1 -+ fi -+ fi -+ -+ if ! $pkg_config --atleast-version=1.5.0 libgcrypt ; then -+ print_error "libgcrypt version is $($pkg_config --modversion libgcrypt)" -+ return 1 -+ fi -+ -+ return 0 -+} - - if test "$nettle" != "no"; then - pass="no" -@@ -3124,7 +3148,14 @@ fi - - if test "$gcrypt" != "no"; then - pass="no" -- if has_libgcrypt; then -+ if has_libgcrypt_pkgconfig; then -+ gcrypt_cflags=$($pkg_config --cflags libgcrypt) -+ if test "$static" = "yes" ; then -+ gcrypt_libs=$($pkg_config --libs --static libgcrypt) -+ else -+ gcrypt_libs=$($pkg_config --libs libgcrypt) -+ fi -+ elif has_libgcrypt; then - gcrypt_cflags=$(libgcrypt-config --cflags) - gcrypt_libs=$(libgcrypt-config --libs) - # Debian has removed -lgpg-error from libgcrypt-config -@@ -3134,15 +3165,16 @@ if test "$gcrypt" != "no"; then - then - gcrypt_libs="$gcrypt_libs -lgpg-error" - fi -+ fi - -- # Link test to make sure the given libraries work (e.g for static). -- write_c_skeleton -- if compile_prog "" "$gcrypt_libs" ; then -- LIBS="$gcrypt_libs $LIBS" -- QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags" -- pass="yes" -- fi -+ # Link test to make sure the given libraries work (e.g for static). -+ write_c_skeleton -+ if compile_prog "" "$gcrypt_libs" ; then -+ LIBS="$gcrypt_libs $LIBS" -+ QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags" -+ pass="yes" - fi -+ - if test "$pass" = "yes"; then - gcrypt="yes" - cat > $TMPC << EOF diff --git a/meta/recipes-devtools/qemu/qemu/0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch b/meta/recipes-devtools/qemu/qemu/0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch new file mode 100644 index 0000000000..6caf35b634 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0010-hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch @@ -0,0 +1,40 @@ +CVE: CVE-2022-1050 +Upstream-Status: Submitted [https://lore.kernel.org/qemu-devel/20220403095234.2210-1-yuval.shaia.ml@gmail.com/] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From dbdef95c272e8f3ec037c3db4197c66002e30995 Mon Sep 17 00:00:00 2001 +From: Yuval Shaia <yuval.shaia.ml@gmail.com> +Date: Sun, 3 Apr 2022 12:52:34 +0300 +Subject: [PATCH] hw/pvrdma: Protect against buggy or malicious guest driver + +Guest driver might execute HW commands when shared buffers are not yet +allocated. +This could happen on purpose (malicious guest) or because of some other +guest/host address mapping error. +We need to protect againts such case. + +Fixes: CVE-2022-1050 + +Reported-by: Raven <wxhusst@gmail.com> +Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com> +--- + hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +Index: qemu-8.0.0/hw/rdma/vmw/pvrdma_cmd.c +=================================================================== +--- qemu-8.0.0.orig/hw/rdma/vmw/pvrdma_cmd.c ++++ qemu-8.0.0/hw/rdma/vmw/pvrdma_cmd.c +@@ -782,6 +782,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev) + goto out; + } + ++ if (!dsr_info->dsr) { ++ /* Buggy or malicious guest driver */ ++ rdma_error_report("Exec command without dsr, req or rsp buffers"); ++ goto out; ++ } ++ + if (dsr_info->req->hdr.cmd >= sizeof(cmd_handlers) / + sizeof(struct cmd_handler)) { + rdma_error_report("Unsupported command"); diff --git a/meta/recipes-devtools/qemu/qemu/0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch b/meta/recipes-devtools/qemu/qemu/0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch new file mode 100644 index 0000000000..cc53b1eedd --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0011-linux-user-workaround-for-missing-MAP_FIXED_NOREPLAC.patch @@ -0,0 +1,282 @@ +From fa9bcabe2387bb230ef82d62827ad6f93b8a1e61 Mon Sep 17 00:00:00 2001 +From: Frederic Konrad <fkonrad@amd.com> +Date: Wed, 17 Jan 2024 18:15:06 +0000 +Subject: [PATCH 1/2] linux-user/*: workaround for missing MAP_FIXED_NOREPLACE + +QEMU v8.1.0 recently requires MAP_FIXED_NOREPLACE flags implementation for mmap. + +This is missing from ubuntu 18.04, thus this patch catches the mmap calls which +could use that new flag and forwards them to mmap when MAP_FIXED_NOREPLACE +flag isn't set or emulates them by checking the returned address w.r.t the +requested address. + +Signed-off-by: Frederic Konrad <fkonrad@amd.com> +Signed-off-by: Francisco Iglesias <francisco.iglesias@amd.com> + +Upstream-Status: Inappropriate [OE specific] + +The upstream only supports the last two major releases of an OS. The ones +they have declared all have kernel 4.17 or newer. + +See: +https://xilinx.slack.com/archives/D04G2647CTV/p1705074697942019 + +https://www.qemu.org/docs/master/about/build-platforms.html + + The project aims to support the most recent major version at all times for up + to five years after its initial release. Support for the previous major + version will be dropped 2 years after the new major version is released or + when the vendor itself drops support, whichever comes first. + +Signed-off-by: Mark Hatle <mark.hatle@amd.com> +--- + linux-user/elfload.c | 7 +++-- + linux-user/meson.build | 1 + + linux-user/mmap-fixed.c | 63 +++++++++++++++++++++++++++++++++++++++++ + linux-user/mmap-fixed.h | 39 +++++++++++++++++++++++++ + linux-user/mmap.c | 31 +++++++++++--------- + linux-user/syscall.c | 1 + + 6 files changed, 125 insertions(+), 17 deletions(-) + create mode 100644 linux-user/mmap-fixed.c + create mode 100644 linux-user/mmap-fixed.h + +Index: qemu-8.2.1/linux-user/elfload.c +=================================================================== +--- qemu-8.2.1.orig/linux-user/elfload.c ++++ qemu-8.2.1/linux-user/elfload.c +@@ -22,6 +22,7 @@ + #include "qemu/error-report.h" + #include "target_signal.h" + #include "accel/tcg/debuginfo.h" ++#include "mmap-fixed.h" + + #ifdef TARGET_ARM + #include "target/arm/cpu-features.h" +@@ -2765,9 +2766,9 @@ static abi_ulong create_elf_tables(abi_u + static int pgb_try_mmap(uintptr_t addr, uintptr_t addr_last, bool keep) + { + size_t size = addr_last - addr + 1; +- void *p = mmap((void *)addr, size, PROT_NONE, +- MAP_ANONYMOUS | MAP_PRIVATE | +- MAP_NORESERVE | MAP_FIXED_NOREPLACE, -1, 0); ++ void *p = mmap_fixed_noreplace((void *)addr, size, PROT_NONE, ++ MAP_ANONYMOUS | MAP_PRIVATE | ++ MAP_NORESERVE | MAP_FIXED_NOREPLACE, -1, 0); + int ret; + + if (p == MAP_FAILED) { +Index: qemu-8.2.1/linux-user/meson.build +=================================================================== +--- qemu-8.2.1.orig/linux-user/meson.build ++++ qemu-8.2.1/linux-user/meson.build +@@ -14,6 +14,7 @@ linux_user_ss.add(files( + 'linuxload.c', + 'main.c', + 'mmap.c', ++ 'mmap-fixed.c', + 'signal.c', + 'strace.c', + 'syscall.c', +Index: qemu-8.2.1/linux-user/mmap-fixed.c +=================================================================== +--- /dev/null ++++ qemu-8.2.1/linux-user/mmap-fixed.c +@@ -0,0 +1,63 @@ ++/* ++ * Workaround for MAP_FIXED_NOREPLACE ++ * ++ * Copyright (c) 2024, Advanced Micro Devices, Inc. ++ * Developed by Fred Konrad <fkonrad@amd.com> ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL ++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++#include <sys/mman.h> ++#include <errno.h> ++ ++#ifndef MAP_FIXED_NOREPLACE ++#include "mmap-fixed.h" ++ ++void *mmap_fixed_noreplace(void *addr, size_t len, int prot, int flags, ++ int fd, off_t offset) ++{ ++ void *retaddr; ++ ++ if (!(flags & MAP_FIXED_NOREPLACE)) { ++ /* General case, use the regular mmap. */ ++ return mmap(addr, len, prot, flags, fd, offset); ++ } ++ ++ /* Since MAP_FIXED_NOREPLACE is not implemented, try to emulate it. */ ++ flags = flags & ~(MAP_FIXED_NOREPLACE | MAP_FIXED); ++ retaddr = mmap(addr, len, prot, flags, fd, offset); ++ if ((retaddr == addr) || (retaddr == MAP_FAILED)) { ++ /* ++ * Either the map worked and we get the good address so it can be ++ * returned, or it failed and would have failed the same with ++ * MAP_FIXED*, in which case return MAP_FAILED. ++ */ ++ return retaddr; ++ } else { ++ /* ++ * Page has been mapped but not at the requested address.. unmap it and ++ * return EEXIST. ++ */ ++ munmap(retaddr, len); ++ errno = EEXIST; ++ return MAP_FAILED; ++ } ++} ++ ++#endif +Index: qemu-8.2.1/linux-user/mmap-fixed.h +=================================================================== +--- /dev/null ++++ qemu-8.2.1/linux-user/mmap-fixed.h +@@ -0,0 +1,39 @@ ++/* ++ * Workaround for MAP_FIXED_NOREPLACE ++ * ++ * Copyright (c) 2024, Advanced Micro Devices, Inc. ++ * Developed by Fred Konrad <fkonrad@amd.com> ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL ++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++#ifndef MMAP_FIXED_H ++#define MMAP_FIXED_H ++ ++#ifndef MAP_FIXED_NOREPLACE ++#define MAP_FIXED_NOREPLACE 0x100000 ++ ++void *mmap_fixed_noreplace(void *addr, size_t len, int prot, int flags, ++ int fd, off_t offset); ++ ++#else /* MAP_FIXED_NOREPLACE */ ++#define mmap_fixed_noreplace mmap ++#endif /* MAP_FIXED_NOREPLACE */ ++ ++#endif /* MMAP_FIXED_H */ +Index: qemu-8.2.1/linux-user/mmap.c +=================================================================== +--- qemu-8.2.1.orig/linux-user/mmap.c ++++ qemu-8.2.1/linux-user/mmap.c +@@ -25,6 +25,7 @@ + #include "user-mmap.h" + #include "target_mman.h" + #include "qemu/interval-tree.h" ++#include "mmap-fixed.h" + + #ifdef TARGET_ARM + #include "target/arm/cpu-features.h" +@@ -273,7 +274,7 @@ int target_mprotect(abi_ulong start, abi + static int do_munmap(void *addr, size_t len) + { + if (reserved_va) { +- void *ptr = mmap(addr, len, PROT_NONE, ++ void *ptr = mmap_fixed_noreplace(addr, len, PROT_NONE, + MAP_FIXED | MAP_ANONYMOUS + | MAP_PRIVATE | MAP_NORESERVE, -1, 0); + return ptr == addr ? 0 : -1; +@@ -319,9 +320,9 @@ static bool mmap_frag(abi_ulong real_sta + * outside of the fragment we need to map. Allocate a new host + * page to cover, discarding whatever else may have been present. + */ +- void *p = mmap(host_start, qemu_host_page_size, +- target_to_host_prot(prot), +- flags | MAP_ANONYMOUS, -1, 0); ++ void *p = mmap_fixed_noreplace(host_start, qemu_host_page_size, ++ target_to_host_prot(prot), ++ flags | MAP_ANONYMOUS, -1, 0); + if (p != host_start) { + if (p != MAP_FAILED) { + munmap(p, qemu_host_page_size); +@@ -420,8 +421,9 @@ abi_ulong mmap_find_vma(abi_ulong start, + * - mremap() with MREMAP_FIXED flag + * - shmat() with SHM_REMAP flag + */ +- ptr = mmap(g2h_untagged(addr), size, PROT_NONE, +- MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0); ++ ptr = mmap_fixed_noreplace(g2h_untagged(addr), size, PROT_NONE, ++ MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, ++ -1, 0); + + /* ENOMEM, if host address space has no memory */ + if (ptr == MAP_FAILED) { +@@ -615,16 +617,16 @@ abi_long target_mmap(abi_ulong start, ab + * especially important if qemu_host_page_size > + * qemu_real_host_page_size. + */ +- p = mmap(g2h_untagged(start), host_len, host_prot, +- flags | MAP_FIXED | MAP_ANONYMOUS, -1, 0); ++ p = mmap_fixed_noreplace(g2h_untagged(start), host_len, host_prot, ++ flags | MAP_FIXED | MAP_ANONYMOUS, -1, 0); + if (p == MAP_FAILED) { + goto fail; + } + /* update start so that it points to the file position at 'offset' */ + host_start = (uintptr_t)p; + if (!(flags & MAP_ANONYMOUS)) { +- p = mmap(g2h_untagged(start), len, host_prot, +- flags | MAP_FIXED, fd, host_offset); ++ p = mmap_fixed_noreplace(g2h_untagged(start), len, host_prot, ++ flags | MAP_FIXED, fd, host_offset); + if (p == MAP_FAILED) { + munmap(g2h_untagged(start), host_len); + goto fail; +@@ -749,8 +751,9 @@ abi_long target_mmap(abi_ulong start, ab + len1 = real_last - real_start + 1; + want_p = g2h_untagged(real_start); + +- p = mmap(want_p, len1, target_to_host_prot(target_prot), +- flags, fd, offset1); ++ p = mmap_fixed_noreplace(want_p, len1, ++ target_to_host_prot(target_prot), ++ flags, fd, offset1); + if (p != want_p) { + if (p != MAP_FAILED) { + munmap(p, len1); +Index: qemu-8.2.1/linux-user/syscall.c +=================================================================== +--- qemu-8.2.1.orig/linux-user/syscall.c ++++ qemu-8.2.1/linux-user/syscall.c +@@ -145,6 +145,7 @@ + #include "qapi/error.h" + #include "fd-trans.h" + #include "cpu_loop-common.h" ++#include "mmap-fixed.h" + + #ifndef CLONE_IO + #define CLONE_IO 0x80000000 /* Clone io context */ diff --git a/meta/recipes-devtools/qemu/qemu/0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch b/meta/recipes-devtools/qemu/qemu/0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch new file mode 100644 index 0000000000..48034a4680 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0012-linux-user-workaround-for-missing-MAP_SHARED_VALIDAT.patch @@ -0,0 +1,51 @@ +From 5c73e53997df800a742f9cd7355f3045861984bb Mon Sep 17 00:00:00 2001 +From: Frederic Konrad <fkonrad@amd.com> +Date: Thu, 18 Jan 2024 10:43:44 +0000 +Subject: [PATCH 2/2] linux-user/*: workaround for missing MAP_SHARED_VALIDATE + +QEMU v8.1.0 recently requires MAP_SHARED_VALIDATE flags implementation for mmap. + +This is missing from the Ubuntu 18.04 compiler but looks like to be in the +kernel source. + +Signed-off-by: Frederic Konrad <fkonrad@amd.com> +Signed-off-by: Francisco Iglesias <francisco.iglesias@amd.com> + +Upstream-Status: Inappropriate [OE specific] + +The upstream only supports the last two major releases of an OS. The ones +they have declared all have kernel 4.17 or newer. + +See: +https://xilinx.slack.com/archives/D04G2647CTV/p1705074697942019 + +https://www.qemu.org/docs/master/about/build-platforms.html + + The project aims to support the most recent major version at all times for up + to five years after its initial release. Support for the previous major + version will be dropped 2 years after the new major version is released or + when the vendor itself drops support, whichever comes first. + +Signed-off-by: Mark Hatle <mark.hatle@amd.com> +--- + linux-user/mmap-fixed.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/linux-user/mmap-fixed.h b/linux-user/mmap-fixed.h +index ef6eef5114..ec86586c1f 100644 +--- a/linux-user/mmap-fixed.h ++++ b/linux-user/mmap-fixed.h +@@ -26,6 +26,10 @@ + #ifndef MMAP_FIXED_H + #define MMAP_FIXED_H + ++#ifndef MAP_SHARED_VALIDATE ++#define MAP_SHARED_VALIDATE 0x03 ++#endif ++ + #ifndef MAP_FIXED_NOREPLACE + #define MAP_FIXED_NOREPLACE 0x100000 + +-- +2.34.1 + diff --git a/meta/recipes-devtools/qemu/qemu/4a8579ad8629b57a43daa62e46cc7af6e1078116.patch b/meta/recipes-devtools/qemu/qemu/4a8579ad8629b57a43daa62e46cc7af6e1078116.patch new file mode 100644 index 0000000000..5ad859ebe6 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/4a8579ad8629b57a43daa62e46cc7af6e1078116.patch @@ -0,0 +1,60 @@ +From 4a8579ad8629b57a43daa62e46cc7af6e1078116 Mon Sep 17 00:00:00 2001 +From: Richard Henderson <richard.henderson@linaro.org> +Date: Tue, 13 Feb 2024 10:20:27 -1000 +Subject: [PATCH] linux-user: Split out do_munmap +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upstream-Status: Submitted [https://gitlab.com/rth7680/qemu/-/commit/4a8579ad8629b57a43daa62e46cc7af6e1078116] + +Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> +Signed-off-by: Richard Henderson <richard.henderson@linaro.org> +--- + linux-user/mmap.c | 23 ++++++++++++++++------- + 1 file changed, 16 insertions(+), 7 deletions(-) + +diff --git a/linux-user/mmap.c b/linux-user/mmap.c +index 1bbfeb25b14..8ebcca44444 100644 +--- a/linux-user/mmap.c ++++ b/linux-user/mmap.c +@@ -267,6 +267,21 @@ int target_mprotect(abi_ulong start, abi_ulong len, int target_prot) + return ret; + } + ++/* ++ * Perform munmap on behalf of the target, with host parameters. ++ * If reserved_va, we must replace the memory reservation. ++ */ ++static int do_munmap(void *addr, size_t len) ++{ ++ if (reserved_va) { ++ void *ptr = mmap(addr, len, PROT_NONE, ++ MAP_FIXED | MAP_ANONYMOUS ++ | MAP_PRIVATE | MAP_NORESERVE, -1, 0); ++ return ptr == addr ? 0 : -1; ++ } ++ return munmap(addr, len); ++} ++ + /* map an incomplete host page */ + static bool mmap_frag(abi_ulong real_start, abi_ulong start, abi_ulong last, + int prot, int flags, int fd, off_t offset) +@@ -854,13 +869,7 @@ static int mmap_reserve_or_unmap(abi_ulong start, abi_ulong len) + real_len = real_last - real_start + 1; + host_start = g2h_untagged(real_start); + +- if (reserved_va) { +- void *ptr = mmap(host_start, real_len, PROT_NONE, +- MAP_FIXED | MAP_ANONYMOUS +- | MAP_PRIVATE | MAP_NORESERVE, -1, 0); +- return ptr == host_start ? 0 : -1; +- } +- return munmap(host_start, real_len); ++ return do_munmap(host_start, real_len); + } + + int target_munmap(abi_ulong start, abi_ulong len) +-- +GitLab + diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch deleted file mode 100644 index 861ff6c3b0..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-24352.patch +++ /dev/null @@ -1,52 +0,0 @@ -From ca1f9cbfdce4d63b10d57de80fef89a89d92a540 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Wed, 21 Oct 2020 16:08:18 +0530 -Subject: [PATCH 1/1] ati: check x y display parameter values - -The source and destination x,y display parameters in ati_2d_blt() -may run off the vga limits if either of s->regs.[src|dst]_[xy] is -zero. Check the parameter values to avoid potential crash. - -Reported-by: Gaoning Pan <pgn@zju.edu.cn> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Message-id: 20201021103818.1704030-1-ppandit@redhat.com -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> - -Upstream-Status: Backport [ https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ca1f9cbfdce4d63b10d57de80fef89a89d92a540;hp=2ddafce7f797082ad216657c830afd4546f16e37 ] -CVE: CVE-2020-24352 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> ---- - hw/display/ati_2d.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c -index 23a8ae0..4dc10ea 100644 ---- a/hw/display/ati_2d.c -+++ b/hw/display/ati_2d.c -@@ -75,8 +75,9 @@ void ati_2d_blt(ATIVGAState *s) - dst_stride *= bpp; - } - uint8_t *end = s->vga.vram_ptr + s->vga.vram_size; -- if (dst_bits >= end || dst_bits + dst_x + (dst_y + s->regs.dst_height) * -- dst_stride >= end) { -+ if (dst_x > 0x3fff || dst_y > 0x3fff || dst_bits >= end -+ || dst_bits + dst_x -+ + (dst_y + s->regs.dst_height) * dst_stride >= end) { - qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); - return; - } -@@ -107,8 +108,9 @@ void ati_2d_blt(ATIVGAState *s) - src_bits += s->regs.crtc_offset & 0x07ffffff; - src_stride *= bpp; - } -- if (src_bits >= end || src_bits + src_x + -- (src_y + s->regs.dst_height) * src_stride >= end) { -+ if (src_x > 0x3fff || src_y > 0x3fff || src_bits >= end -+ || src_bits + src_x -+ + (src_y + s->regs.dst_height) * src_stride >= end) { - qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); - return; - } --- -1.8.3.1 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch new file mode 100644 index 0000000000..732cb6af18 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-6683.patch @@ -0,0 +1,91 @@ +From 405484b29f6548c7b86549b0f961b906337aa68a Mon Sep 17 00:00:00 2001 +From: Fiona Ebner <f.ebner@proxmox.com> +Date: Wed, 24 Jan 2024 11:57:48 +0100 +Subject: [PATCH] ui/clipboard: mark type as not available when there is no + data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With VNC, a client can send a non-extended VNC_MSG_CLIENT_CUT_TEXT +message with len=0. In qemu_clipboard_set_data(), the clipboard info +will be updated setting data to NULL (because g_memdup(data, size) +returns NULL when size is 0). If the client does not set the +VNC_ENCODING_CLIPBOARD_EXT feature when setting up the encodings, then +the 'request' callback for the clipboard peer is not initialized. +Later, because data is NULL, qemu_clipboard_request() can be reached +via vdagent_chr_write() and vdagent_clipboard_recv_request() and +there, the clipboard owner's 'request' callback will be attempted to +be called, but that is a NULL pointer. + +In particular, this can happen when using the KRDC (22.12.3) VNC +client. + +Another scenario leading to the same issue is with two clients (say +noVNC and KRDC): + +The noVNC client sets the extension VNC_FEATURE_CLIPBOARD_EXT and +initializes its cbpeer. + +The KRDC client does not, but triggers a vnc_client_cut_text() (note +it's not the _ext variant)). There, a new clipboard info with it as +the 'owner' is created and via qemu_clipboard_set_data() is called, +which in turn calls qemu_clipboard_update() with that info. + +In qemu_clipboard_update(), the notifier for the noVNC client will be +called, i.e. vnc_clipboard_notify() and also set vs->cbinfo for the +noVNC client. The 'owner' in that clipboard info is the clipboard peer +for the KRDC client, which did not initialize the 'request' function. +That sounds correct to me, it is the owner of that clipboard info. + +Then when noVNC sends a VNC_MSG_CLIENT_CUT_TEXT message (it did set +the VNC_FEATURE_CLIPBOARD_EXT feature correctly, so a check for it +passes), that clipboard info is passed to qemu_clipboard_request() and +the original segfault still happens. + +Fix the issue by handling updates with size 0 differently. In +particular, mark in the clipboard info that the type is not available. + +While at it, switch to g_memdup2(), because g_memdup() is deprecated. + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2023-6683 +Reported-by: Markus Frank <m.frank@proxmox.com> +Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Signed-off-by: Fiona Ebner <f.ebner@proxmox.com> +Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> +Tested-by: Markus Frank <m.frank@proxmox.com> +Message-ID: <20240124105749.204610-1-f.ebner@proxmox.com> + +CVE: CVE-2023-6683 + +Upstream-Status: Backport [https://github.com/qemu/qemu/commit/405484b29f6548c7b86549b0f961b906337aa68a] +Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> + +--- + ui/clipboard.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/ui/clipboard.c b/ui/clipboard.c +index 3d14bffaf80f..b3f6fa3c9e1f 100644 +--- a/ui/clipboard.c ++++ b/ui/clipboard.c +@@ -163,9 +163,15 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer, + } + + g_free(info->types[type].data); +- info->types[type].data = g_memdup(data, size); +- info->types[type].size = size; +- info->types[type].available = true; ++ if (size) { ++ info->types[type].data = g_memdup2(data, size); ++ info->types[type].size = size; ++ info->types[type].available = true; ++ } else { ++ info->types[type].data = NULL; ++ info->types[type].size = 0; ++ info->types[type].available = false; ++ } + + if (update) { + qemu_clipboard_update(info); diff --git a/meta/recipes-devtools/qemu/qemu/find_datadir.patch b/meta/recipes-devtools/qemu/qemu/find_datadir.patch deleted file mode 100644 index 9a4c11267a..0000000000 --- a/meta/recipes-devtools/qemu/qemu/find_datadir.patch +++ /dev/null @@ -1,39 +0,0 @@ -qemu: search for datadir as in version 4.2 - -os_find_datadir() was changed after the 4.2 release. We need to check for -../share/qemu relative to the executable because that is where the runqemu -configuration assumes it will be. - -Upstream-Status: Submitted [qemu-devel@nongnu.org] - -Signed-off-by: Joe Slater <joe.slater@windriver.com> - - -Index: qemu-5.1.0/os-posix.c -=================================================================== ---- qemu-5.1.0.orig/os-posix.c -+++ qemu-5.1.0/os-posix.c -@@ -82,8 +82,9 @@ void os_setup_signal_handling(void) - - /* - * Find a likely location for support files using the location of the binary. -+ * Typically, this would be "$bindir/../share/qemu". - * When running from the build tree this will be "$bindir/../pc-bios". -- * Otherwise, this is CONFIG_QEMU_DATADIR. -+ * Otherwise, this is CONFIG_QEMU_DATADIR as constructed by configure. - * - * The caller must use g_free() to free the returned data when it is - * no longer required. -@@ -96,6 +97,12 @@ char *os_find_datadir(void) - exec_dir = qemu_get_exec_dir(); - g_return_val_if_fail(exec_dir != NULL, NULL); - -+ dir = g_build_filename(exec_dir, "..", "share", "qemu", NULL); -+ if (g_file_test(dir, G_FILE_TEST_IS_DIR)) { -+ return g_steal_pointer(&dir); -+ } -+ g_free(dir); /* no autofree this time */ -+ - dir = g_build_filename(exec_dir, "..", "pc-bios", NULL); - if (g_file_test(dir, G_FILE_TEST_IS_DIR)) { - return g_steal_pointer(&dir); diff --git a/meta/recipes-devtools/qemu/qemu/fixedmeson.patch b/meta/recipes-devtools/qemu/qemu/fixedmeson.patch new file mode 100644 index 0000000000..9047f66dc3 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/fixedmeson.patch @@ -0,0 +1,20 @@ +Upstream-Status: Inappropriate [workaround, would need a real fix for upstream] + +Index: qemu-8.2.0/configure +=================================================================== +--- qemu-8.2.0.orig/configure ++++ qemu-8.2.0/configure +@@ -955,12 +955,7 @@ fi + $mkvenv ensuregroup --dir "${source_path}/python/wheels" \ + ${source_path}/pythondeps.toml meson || exit 1 + +-# At this point, we expect Meson to be installed and available. +-# We expect mkvenv or pip to have created pyvenv/bin/meson for us. +-# We ignore PATH completely here: we want to use the venv's Meson +-# *exclusively*. +- +-meson="$(cd pyvenv/bin; pwd)/meson" ++meson=`which meson` + + # Conditionally ensure Sphinx is installed. + diff --git a/meta/recipes-devtools/qemu/qemu/no-pip.patch b/meta/recipes-devtools/qemu/qemu/no-pip.patch new file mode 100644 index 0000000000..92b2edbe9f --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/no-pip.patch @@ -0,0 +1,45 @@ +qemu: Ensure pip and the python venv aren't used for meson + +Qemu wants to use a supported python version and a specific meson version +to "help" users and uses pip and creates a venv to do this. This is a nightmare +for us. Our versions stay up to date and should be supported so we don't +really need/want this wrapping. Tweak things to disable it. + +There was breakage from the wrapper shown by: + +bitbake qemu-system-native +<add DISTRO_FEATURES:remove = "opengl" to local.conf> +bitbake qemu-system-native -c configure + +which would crash. The issue is the change in configuration removes pieces +from the sysroot but pyc files remainm as do pieces of pip which causes +problems. + +Ideally we'd convince upstream to allow some way to disable the venv on +the understanding that if/when it breaks, we keep the pieces. The patch +as it stands is a workaround. + +Upstream-Status: Inappropriate [oe specific] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: qemu-8.2.0/configure +=================================================================== +--- qemu-8.2.0.orig/configure ++++ qemu-8.2.0/configure +@@ -937,7 +937,7 @@ python="$(command -v "$python")" + echo "python determined to be '$python'" + echo "python version: $($python --version)" + +-python="$($python -B "${source_path}/python/scripts/mkvenv.py" create pyvenv)" ++python=python3 + if test "$?" -ne 0 ; then + error_exit "python venv creation failed" + fi +@@ -945,6 +945,7 @@ fi + # Suppress writing compiled files + python="$python -B" + mkvenv="$python ${source_path}/python/scripts/mkvenv.py" ++mkvenv=true + + # Finish preparing the virtual environment using vendored .whl files + diff --git a/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init new file mode 100644 index 0000000000..5ebaaddeae --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init @@ -0,0 +1,75 @@ +# SPDX-License-Identifier: GPL-2.0-only +# Initially written by: Michael Tokarev <mjt@tls.msk.ru> +# For QEMU Debian downstream package + +set -e + +. /etc/init.d/functions + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="QEMU Guest Agent" +NAME=qemu-ga +DAEMON=@bindir@/$NAME +PIDFILE=/var/run/$NAME.pid + +# config +DAEMON_ARGS="" +# default transport +TRANSPORT=virtio-serial:/dev/virtio-ports/org.qemu.guest_agent.0 +NO_START=0 + +test ! -r /etc/default/qemu-guest-agent || . /etc/default/qemu-guest-agent +test "$NO_START" = "0" || exit 0 +test -x "$DAEMON" || exit 0 + +# +# Function that checks whenever system has necessary environment +# It also splits $TRANSPORT into $method and $path +# +do_check_transport() { + method=${TRANSPORT%%:*}; + path=${TRANSPORT#*:} + case "$method" in + virtio-serial | isa-serial) + if [ ! -e "$path" ]; then + echo "$NAME: transport endpoint not found, not starting" + return 1 + fi + ;; + esac +} + +case "$1" in + start) + do_check_transport || exit 0 + echo -n "Starting $DESC: " + start-stop-daemon -S -p $PIDFILE -x "$DAEMON" -- \ + $DAEMON_ARGS -d -m "$method" -p "$path" + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon -K -x "$DAEMON" -p $PIDFILE + echo "$NAME." + ;; + status) + status "$DAEMON" + exit $? + ;; + restart|force-reload) + do_check_transport || exit 0 + echo -n "Restarting $DESC: " + start-stop-daemon -K -x "$DAEMON" -p $PIDFILE + sleep 1 + start-stop-daemon -S -p $PIDFILE -x "$DAEMON" -- \ + $DAEMON_ARGS -d -m "$method" -p "$path" + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|status|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.udev b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.udev new file mode 100644 index 0000000000..47097057e3 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.udev @@ -0,0 +1,2 @@ +SUBSYSTEM=="virtio-ports", ATTR{name}=="org.qemu.guest_agent.0", \ + TAG+="systemd", ENV{SYSTEMD_WANTS}="qemu-guest-agent.service" diff --git a/meta/recipes-devtools/qemu/qemu/run-ptest b/meta/recipes-devtools/qemu/qemu/run-ptest index b25a792d4f..f9a4e8fb2b 100644 --- a/meta/recipes-devtools/qemu/qemu/run-ptest +++ b/meta/recipes-devtools/qemu/qemu/run-ptest @@ -7,4 +7,7 @@ ptestdir=$(dirname "$(readlink -f "$0")") export SRC_PATH=$ptestdir cd $ptestdir/tests -make -f Makefile.include -k runtest-TESTS | sed '/^ok /s/ok /PASS: /g' +tests=$(find . -name "test-*" ! -name "*.p") +for f in $tests; do + $f | sed '/^ok/ s/ok/PASS:/g' +done diff --git a/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch b/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch deleted file mode 100644 index 92801da46f..0000000000 --- a/meta/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch +++ /dev/null @@ -1,89 +0,0 @@ -CVE: CVE-2020-14364 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> - -From b946434f2659a182afc17e155be6791ebfb302eb Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <kraxel@redhat.com> -Date: Tue, 25 Aug 2020 07:36:36 +0200 -Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364) - -Store calculated setup_len in a local variable, verify it, and only -write it to the struct (USBDevice->setup_len) in case it passed the -sanity checks. - -This prevents other code (do_token_{in,out} functions specifically) -from working with invalid USBDevice->setup_len values and overrunning -the USBDevice->setup_buf[] buffer. - -Fixes: CVE-2020-14364 -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> -Tested-by: Gonglei <arei.gonglei@huawei.com> -Reviewed-by: Li Qiang <liq3ea@gmail.com> -Message-id: 20200825053636.29648-1-kraxel@redhat.com ---- - hw/usb/core.c | 16 ++++++++++------ - 1 file changed, 10 insertions(+), 6 deletions(-) - -diff --git a/hw/usb/core.c b/hw/usb/core.c -index 5abd128b6bc..5234dcc73fe 100644 ---- a/hw/usb/core.c -+++ b/hw/usb/core.c -@@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream) - static void do_token_setup(USBDevice *s, USBPacket *p) - { - int request, value, index; -+ unsigned int setup_len; - - if (p->iov.size != 8) { - p->status = USB_RET_STALL; -@@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p) - usb_packet_copy(p, s->setup_buf, p->iov.size); - s->setup_index = 0; - p->actual_length = 0; -- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; -- if (s->setup_len > sizeof(s->data_buf)) { -+ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; -+ if (setup_len > sizeof(s->data_buf)) { - fprintf(stderr, - "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", -- s->setup_len, sizeof(s->data_buf)); -+ setup_len, sizeof(s->data_buf)); - p->status = USB_RET_STALL; - return; - } -+ s->setup_len = setup_len; - - request = (s->setup_buf[0] << 8) | s->setup_buf[1]; - value = (s->setup_buf[3] << 8) | s->setup_buf[2]; -@@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p) - static void do_parameter(USBDevice *s, USBPacket *p) - { - int i, request, value, index; -+ unsigned int setup_len; - - for (i = 0; i < 8; i++) { - s->setup_buf[i] = p->parameter >> (i*8); - } - - s->setup_state = SETUP_STATE_PARAM; -- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; - s->setup_index = 0; - - request = (s->setup_buf[0] << 8) | s->setup_buf[1]; - value = (s->setup_buf[3] << 8) | s->setup_buf[2]; - index = (s->setup_buf[5] << 8) | s->setup_buf[4]; - -- if (s->setup_len > sizeof(s->data_buf)) { -+ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; -+ if (setup_len > sizeof(s->data_buf)) { - fprintf(stderr, - "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", -- s->setup_len, sizeof(s->data_buf)); -+ setup_len, sizeof(s->data_buf)); - p->status = USB_RET_STALL; - return; - } -+ s->setup_len = setup_len; - - if (p->pid == USB_TOKEN_OUT) { - usb_packet_copy(p, s->data_buf, s->setup_len); |