[app-emulation/qemu] use in-tree now
This commit is contained in:
parent
d92f169ffe
commit
9bcd99ead5
app-emulation/qemu
Manifest
files
65-kvm.rulesbridge.confqemu-2.5.0-cflags.patchqemu-2.5.0-sysmacros.patchqemu-2.7.0-CVE-2016-6836.patchqemu-2.7.0-CVE-2016-7155.patchqemu-2.7.0-CVE-2016-7156.patchqemu-2.7.0-CVE-2016-7157-1.patchqemu-2.7.0-CVE-2016-7157-2.patchqemu-2.7.0-CVE-2016-7170.patchqemu-2.7.0-CVE-2016-7421.patchqemu-2.7.0-CVE-2016-7422.patchqemu-2.7.0-CVE-2016-7423.patchqemu-2.7.0-CVE-2016-7466.patchqemu-2.7.0-CVE-2016-7907.patchqemu-2.7.0-CVE-2016-7908.patchqemu-2.7.0-CVE-2016-7909.patchqemu-2.7.0-CVE-2016-7994-1.patchqemu-2.7.0-CVE-2016-7994-2.patchqemu-2.7.0-CVE-2016-8576.patchqemu-2.7.0-CVE-2016-8577.patchqemu-2.7.0-CVE-2016-8578.patchqemu-2.7.0-CVE-2016-8668.patchqemu-2.7.0-CVE-2016-8669-1.patchqemu-2.7.0-CVE-2016-8669-2.patchqemu-2.7.0-CVE-2016-8909.patchqemu-2.7.0-CVE-2016-8910.patchqemu-2.7.0-CVE-2016-9102.patchqemu-2.7.0-CVE-2016-9103.patchqemu-2.7.0-CVE-2016-9104.patchqemu-2.7.0-CVE-2016-9105.patchqemu-2.7.0-CVE-2016-9106.patchqemu-binfmt.initd-r1
qemu-2.7.0-r7.ebuild@ -1 +0,0 @@
|
||||
DIST qemu-2.7.0.tar.bz2 26867760 SHA256 326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 SHA512 654acaa7b3724a288e5d7e2a26ab780d9c9ed9f647fba00a906cbaffbe9d58fd666f2d962514aa2c5b391b4c53811ac3170d2eb51727f090bd19dfe45ca9a9db WHIRLPOOL dcb3e5f7da89dd8e14d636d7ebd476e076e0043880bb9ea3fb1c03cb4bcd4e5c7d3c4719da26c3ce521e3a3db5ae671e86f198ac1bc3474e774d75504fef8b8d
|
@ -1 +0,0 @@
|
||||
KERNEL=="kvm", GROUP="kvm", MODE="0660"
|
@ -1,14 +0,0 @@
|
||||
# This should have the following permissions: root:qemu 0640
|
||||
|
||||
# allow br0
|
||||
# Uncommenting the above would allow users in the 'qemu' group
|
||||
# to add devices to 'br0'
|
||||
|
||||
# allow virbr0
|
||||
# Uncommenting the above would allow users in the 'qemu' group
|
||||
# to add devices to 'virbr0'
|
||||
|
||||
# include /etc/qemu/bob.conf
|
||||
# Uncommenting the above would allow users in the 'bob' group
|
||||
# to have permissions defined in it, iff it has the following
|
||||
# permissions: root:bob 0640
|
@ -1,13 +0,0 @@
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -4468,10 +4468,6 @@ fi
|
||||
if test "$gcov" = "yes" ; then
|
||||
CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
|
||||
LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
|
||||
-elif test "$fortify_source" = "yes" ; then
|
||||
- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
|
||||
-elif test "$debug" = "no"; then
|
||||
- CFLAGS="-O2 $CFLAGS"
|
||||
fi
|
||||
|
||||
##########################################
|
@ -1,15 +0,0 @@
|
||||
Linux C libs are moving away from implicit header pollution with sys/types.h
|
||||
|
||||
--- a/include/qemu/osdep.h
|
||||
+++ b/include/qemu/osdep.h
|
||||
@@ -78,6 +78,10 @@ extern int daemon(int, int);
|
||||
#include <assert.h>
|
||||
#include <signal.h>
|
||||
|
||||
+#ifdef __linux__
|
||||
+#include <sys/sysmacros.h>
|
||||
+#endif
|
||||
+
|
||||
#ifdef __OpenBSD__
|
||||
#include <sys/signal.h>
|
||||
#endif
|
@ -1,27 +0,0 @@
|
||||
From: Li Qiang <address@hidden>
|
||||
|
||||
In Vmxnet3 device emulator while processing transmit(tx) queue,
|
||||
when it reaches end of packet, it calls vmxnet3_complete_packet.
|
||||
In that local 'txcq_descr' object is not initialised, which could
|
||||
leak host memory bytes a guest.
|
||||
|
||||
Reported-by: Li Qiang <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/net/vmxnet3.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
|
||||
index 90f6943..92f6af9 100644
|
||||
--- a/hw/net/vmxnet3.c
|
||||
+++ b/hw/net/vmxnet3.c
|
||||
@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int qidx, uint32_t tx_ridx)
|
||||
|
||||
VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring);
|
||||
|
||||
+ memset(&txcq_descr, 0, sizeof(txcq_descr));
|
||||
txcq_descr.txdIdx = tx_ridx;
|
||||
txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
|
||||
|
||||
--
|
||||
2.5.5
|
@ -1,81 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
Vmware Paravirtual SCSI emulation uses command descriptors to
|
||||
process SCSI commands. These descriptors come with their ring
|
||||
buffers. A guest could set the page count for these rings to
|
||||
an arbitrary value, leading to infinite loop or OOB access.
|
||||
Add check to avoid it.
|
||||
|
||||
Reported-by: Tom Victor <address@hidden>
|
||||
Reported-by: Li Qiang <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/scsi/vmw_pvscsi.c | 21 ++++++++++-----------
|
||||
1 file changed, 10 insertions(+), 11 deletions(-)
|
||||
|
||||
Update per review
|
||||
-> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00019.html
|
||||
|
||||
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
|
||||
index 5116f4a..4245c15 100644
|
||||
--- a/hw/scsi/vmw_pvscsi.c
|
||||
+++ b/hw/scsi/vmw_pvscsi.c
|
||||
@@ -152,7 +152,7 @@ pvscsi_log2(uint32_t input)
|
||||
return log;
|
||||
}
|
||||
|
||||
-static int
|
||||
+static void
|
||||
pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
|
||||
{
|
||||
int i;
|
||||
@@ -160,10 +160,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
|
||||
uint32_t req_ring_size, cmp_ring_size;
|
||||
m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT;
|
||||
|
||||
- if ((ri->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)
|
||||
- || (ri->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)) {
|
||||
- return -1;
|
||||
- }
|
||||
req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
|
||||
cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
|
||||
txr_len_log2 = pvscsi_log2(req_ring_size - 1);
|
||||
@@ -195,8 +191,6 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
|
||||
|
||||
/* Flush ring state page changes */
|
||||
smp_wmb();
|
||||
-
|
||||
- return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -746,7 +740,7 @@ pvscsi_dbg_dump_tx_rings_config(PVSCSICmdDescSetupRings *rc)
|
||||
|
||||
trace_pvscsi_tx_rings_num_pages("Confirm Ring", rc->cmpRingNumPages);
|
||||
for (i = 0; i < rc->cmpRingNumPages; i++) {
|
||||
- trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->reqRingPPNs[i]);
|
||||
+ trace_pvscsi_tx_rings_ppn("Confirm Ring", rc->cmpRingPPNs[i]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -779,10 +773,15 @@ pvscsi_on_cmd_setup_rings(PVSCSIState *s)
|
||||
|
||||
trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS");
|
||||
|
||||
+ if (!rc->reqRingNumPages
|
||||
+ || rc->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES
|
||||
+ || !rc->cmpRingNumPages
|
||||
+ || rc->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES) {
|
||||
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
|
||||
+ }
|
||||
+
|
||||
pvscsi_dbg_dump_tx_rings_config(rc);
|
||||
- if (pvscsi_ring_init_data(&s->rings, rc) < 0) {
|
||||
- return PVSCSI_COMMAND_PROCESSING_FAILED;
|
||||
- }
|
||||
+ pvscsi_ring_init_data(&s->rings, rc);
|
||||
|
||||
s->rings_info_valid = TRUE;
|
||||
return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
|
||||
--
|
||||
2.5.5
|
@ -1,62 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very
|
||||
long time or go into an infinite loop due to two different bugs:
|
||||
|
||||
1) the request descriptor data length is defined to be 64 bit. While
|
||||
building SG list from a request descriptor, it gets truncated to 32bit
|
||||
in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop
|
||||
situation for large 'dataLen' values, when data_length is cast to uint32_t
|
||||
and chunk_size becomes always zero. Fix this by removing the incorrect
|
||||
cast.
|
||||
|
||||
2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the
|
||||
element has a zero length. Get out of the loop early when this happens,
|
||||
by introducing an upper limit on the number of SG list elements.
|
||||
|
||||
Reported-by: Li Qiang <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/scsi/vmw_pvscsi.c | 11 ++++++-----
|
||||
1 file changed, 6 insertions(+), 5 deletions(-)
|
||||
|
||||
Update as per:
|
||||
-> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01172.html
|
||||
|
||||
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
|
||||
index 4245c15..babac5a 100644
|
||||
--- a/hw/scsi/vmw_pvscsi.c
|
||||
+++ b/hw/scsi/vmw_pvscsi.c
|
||||
@@ -40,6 +40,8 @@
|
||||
#define PVSCSI_MAX_DEVS (64)
|
||||
#define PVSCSI_MSIX_NUM_VECTORS (1)
|
||||
|
||||
+#define PVSCSI_MAX_SG_ELEM 2048
|
||||
+
|
||||
#define PVSCSI_MAX_CMD_DATA_WORDS \
|
||||
(sizeof(PVSCSICmdDescSetupRings)/sizeof(uint32_t))
|
||||
|
||||
@@ -628,17 +630,16 @@ pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d,
|
||||
static void
|
||||
pvscsi_convert_sglist(PVSCSIRequest *r)
|
||||
{
|
||||
- int chunk_size;
|
||||
+ uint32_t chunk_size, elmcnt = 0;
|
||||
uint64_t data_length = r->req.dataLen;
|
||||
PVSCSISGState sg = r->sg;
|
||||
- while (data_length) {
|
||||
- while (!sg.resid) {
|
||||
+ while (data_length && elmcnt < PVSCSI_MAX_SG_ELEM) {
|
||||
+ while (!sg.resid && elmcnt++ < PVSCSI_MAX_SG_ELEM) {
|
||||
pvscsi_get_next_sg_elem(&sg);
|
||||
trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr,
|
||||
r->sg.resid);
|
||||
}
|
||||
- assert(data_length > 0);
|
||||
- chunk_size = MIN((unsigned) data_length, sg.resid);
|
||||
+ chunk_size = MIN(data_length, sg.resid);
|
||||
if (chunk_size) {
|
||||
qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size);
|
||||
}
|
||||
--
|
||||
2.5.5
|
@ -1,28 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
When LSI SAS1068 Host Bus emulator builds configuration page
|
||||
headers, the format string used in 'mptsas_config_manufacturing_1'
|
||||
was wrong. It could lead to an invalid memory access.
|
||||
|
||||
Reported-by: Tom Victor <address@hidden>
|
||||
Fix-suggested-by: Paolo Bonzini <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/scsi/mptconfig.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
|
||||
index 7071854..1ec895b 100644
|
||||
--- a/hw/scsi/mptconfig.c
|
||||
+++ b/hw/scsi/mptconfig.c
|
||||
@@ -203,7 +203,7 @@ size_t mptsas_config_manufacturing_1(MPTSASState *s, uint8_t **data, int address
|
||||
{
|
||||
/* VPD - all zeros */
|
||||
return MPTSAS_CONFIG_PACK(1, MPI_CONFIG_PAGETYPE_MANUFACTURING, 0x00,
|
||||
- "s256");
|
||||
+ "*s256");
|
||||
}
|
||||
|
||||
static
|
||||
--
|
||||
2.5.5
|
@ -1,27 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
When LSI SAS1068 Host Bus emulator builds configuration page
|
||||
headers, mptsas_config_pack() asserts to check returned size
|
||||
value is within limit of 256 bytes. Fix that assert expression.
|
||||
|
||||
Suggested-by: Paolo Bonzini <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/scsi/mptconfig.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
|
||||
index 1ec895b..531947f 100644
|
||||
--- a/hw/scsi/mptconfig.c
|
||||
+++ b/hw/scsi/mptconfig.c
|
||||
@@ -158,7 +158,7 @@ static size_t mptsas_config_pack(uint8_t **data, const char *fmt, ...)
|
||||
va_end(ap);
|
||||
|
||||
if (data) {
|
||||
- assert(ret < 256 && (ret % 4) == 0);
|
||||
+ assert(ret / 4 < 256);
|
||||
stb_p(*data + 1, ret / 4);
|
||||
}
|
||||
return ret;
|
||||
--
|
||||
2.5.5
|
@ -1,40 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
|
||||
the computed BITMAP and PIXMAP size are checked against the
|
||||
'cursor.mask[]' and 'cursor.image[]' array sizes in bytes.
|
||||
Correct these checks to avoid OOB memory access.
|
||||
|
||||
Reported-by: Qinghao Tang <address@hidden>
|
||||
Reported-by: Li Qiang <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/display/vmware_vga.c | 12 +++++++-----
|
||||
1 file changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
|
||||
index e51a05e..6599cf0 100644
|
||||
--- a/hw/display/vmware_vga.c
|
||||
+++ b/hw/display/vmware_vga.c
|
||||
@@ -676,11 +676,13 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
|
||||
cursor.bpp = vmsvga_fifo_read(s);
|
||||
|
||||
args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
|
||||
- if (cursor.width > 256 ||
|
||||
- cursor.height > 256 ||
|
||||
- cursor.bpp > 32 ||
|
||||
- SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
|
||||
- SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
|
||||
+ if (cursor.width > 256
|
||||
+ || cursor.height > 256
|
||||
+ || cursor.bpp > 32
|
||||
+ || SVGA_BITMAP_SIZE(x, y)
|
||||
+ > sizeof(cursor.mask) / sizeof(cursor.mask[0])
|
||||
+ || SVGA_PIXMAP_SIZE(x, y, cursor.bpp)
|
||||
+ > sizeof(cursor.image) / sizeof(cursor.image[0])) {
|
||||
goto badcmd;
|
||||
}
|
||||
|
||||
--
|
||||
2.5.5
|
||||
|
@ -1,34 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
Vmware Paravirtual SCSI emulator while processing IO requests
|
||||
could run into an infinite loop if 'pvscsi_ring_pop_req_descr'
|
||||
always returned positive value. Limit IO loop to the ring size.
|
||||
|
||||
Cc: address@hidden
|
||||
Reported-by: Li Qiang <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
Message-Id: <address@hidden>
|
||||
Signed-off-by: Paolo Bonzini <address@hidden>
|
||||
---
|
||||
hw/scsi/vmw_pvscsi.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
|
||||
index babac5a..a5ce7de 100644
|
||||
--- a/hw/scsi/vmw_pvscsi.c
|
||||
+++ b/hw/scsi/vmw_pvscsi.c
|
||||
@@ -247,8 +247,11 @@ static hwaddr
|
||||
pvscsi_ring_pop_req_descr(PVSCSIRingInfo *mgr)
|
||||
{
|
||||
uint32_t ready_ptr = RS_GET_FIELD(mgr, reqProdIdx);
|
||||
+ uint32_t ring_size = PVSCSI_MAX_NUM_PAGES_REQ_RING
|
||||
+ * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
|
||||
|
||||
- if (ready_ptr != mgr->consumed_ptr) {
|
||||
+ if (ready_ptr != mgr->consumed_ptr
|
||||
+ && ready_ptr - mgr->consumed_ptr < ring_size) {
|
||||
uint32_t next_ready_ptr =
|
||||
mgr->consumed_ptr++ & mgr->txr_len_mask;
|
||||
uint32_t next_ready_page =
|
||||
--
|
||||
1.8.3.1
|
@ -1,38 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
virtio back end uses set of buffers to facilitate I/O operations.
|
||||
If its size is too large, 'cpu_physical_memory_map' could return
|
||||
a null address. This would result in a null dereference
|
||||
while un-mapping descriptors. Add check to avoid it.
|
||||
|
||||
Reported-by: Qinghao Tang <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/virtio/virtio.c | 10 ++++++----
|
||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
|
||||
index 15ee3a7..0a4c5b6 100644
|
||||
--- a/hw/virtio/virtio.c
|
||||
+++ b/hw/virtio/virtio.c
|
||||
@@ -472,12 +472,14 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove
|
||||
}
|
||||
|
||||
iov[num_sg].iov_base = cpu_physical_memory_map(pa, &len, is_write);
|
||||
- iov[num_sg].iov_len = len;
|
||||
- addr[num_sg] = pa;
|
||||
+ if (iov[num_sg].iov_base) {
|
||||
+ iov[num_sg].iov_len = len;
|
||||
+ addr[num_sg] = pa;
|
||||
|
||||
+ pa += len;
|
||||
+ num_sg++;
|
||||
+ }
|
||||
sz -= len;
|
||||
- pa += len;
|
||||
- num_sg++;
|
||||
}
|
||||
*p_num_sg = num_sg;
|
||||
}
|
||||
--
|
||||
2.5.5
|
@ -1,31 +0,0 @@
|
||||
From: Li Qiang <address@hidden>
|
||||
|
||||
When processing IO request in mptsas, it uses g_new to allocate
|
||||
a 'req' object. If an error occurs before 'req->sreq' is
|
||||
allocated, It could lead to an OOB write in mptsas_free_request
|
||||
function. Use g_new0 to avoid it.
|
||||
|
||||
Reported-by: Li Qiang <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
Message-Id: <address@hidden>
|
||||
Cc: address@hidden
|
||||
Signed-off-by: Paolo Bonzini <address@hidden>
|
||||
---
|
||||
hw/scsi/mptsas.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
|
||||
index 0e0a22f..eaae1bb 100644
|
||||
--- a/hw/scsi/mptsas.c
|
||||
+++ b/hw/scsi/mptsas.c
|
||||
@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
|
||||
goto bad;
|
||||
}
|
||||
|
||||
- req = g_new(MPTSASRequest, 1);
|
||||
+ req = g_new0(MPTSASRequest, 1);
|
||||
QTAILQ_INSERT_TAIL(&s->pending, req, next);
|
||||
req->scsi_io = *scsi_io;
|
||||
req->dev = s;
|
||||
--
|
||||
1.8.3.1
|
@ -1,26 +0,0 @@
|
||||
From: Li Qiang <address@hidden>
|
||||
|
||||
If the xhci uses msix, it doesn't free the corresponding
|
||||
memory, thus leading a memory leak. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <address@hidden>
|
||||
---
|
||||
hw/usb/hcd-xhci.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
|
||||
index 188f954..281a2a5 100644
|
||||
--- a/hw/usb/hcd-xhci.c
|
||||
+++ b/hw/usb/hcd-xhci.c
|
||||
@@ -3709,8 +3709,7 @@ static void usb_xhci_exit(PCIDevice *dev)
|
||||
/* destroy msix memory region */
|
||||
if (dev->msix_table && dev->msix_pba
|
||||
&& dev->msix_entry_used) {
|
||||
- memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio);
|
||||
- memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio);
|
||||
+ msix_uninit(dev, &xhci->mem, &xhci->mem);
|
||||
}
|
||||
|
||||
usb_bus_release(&xhci->bus);
|
||||
--
|
||||
1.8.3.1
|
@ -1,45 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
i.MX Fast Ethernet Controller uses buffer descriptors to manage
|
||||
data flow to/fro receive & transmit queues. While transmitting
|
||||
packets, it could continue to read buffer descriptors if a buffer
|
||||
descriptor has length of zero and has crafted values in bd.flags.
|
||||
Set an upper limit to number of buffer descriptors.
|
||||
|
||||
Reported-by: Li Qiang <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/net/imx_fec.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
Update per
|
||||
-> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05284.html
|
||||
|
||||
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
|
||||
index 1c415ab..1d74827 100644
|
||||
--- a/hw/net/imx_fec.c
|
||||
+++ b/hw/net/imx_fec.c
|
||||
@@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = {
|
||||
#define PHY_INT_PARFAULT (1 << 2)
|
||||
#define PHY_INT_AUTONEG_PAGE (1 << 1)
|
||||
|
||||
+#define IMX_MAX_DESC 1024
|
||||
+
|
||||
static void imx_eth_update(IMXFECState *s);
|
||||
|
||||
/*
|
||||
@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s)
|
||||
|
||||
static void imx_fec_do_tx(IMXFECState *s)
|
||||
{
|
||||
- int frame_size = 0;
|
||||
+ int frame_size = 0, descnt = 0;
|
||||
uint8_t frame[ENET_MAX_FRAME_SIZE];
|
||||
uint8_t *ptr = frame;
|
||||
uint32_t addr = s->tx_descriptor;
|
||||
|
||||
- while (1) {
|
||||
+ while (descnt++ < IMX_MAX_DESC) {
|
||||
IMXFECBufDesc bd;
|
||||
int len;
|
||||
|
@ -1,52 +0,0 @@
|
||||
From 070c4b92b8cd5390889716677a0b92444d6e087a Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Thu, 22 Sep 2016 16:02:37 +0530
|
||||
Subject: [PATCH] net: mcf: limit buffer descriptor count
|
||||
|
||||
ColdFire Fast Ethernet Controller uses buffer descriptors to manage
|
||||
data flow to/fro receive & transmit queues. While transmitting
|
||||
packets, it could continue to read buffer descriptors if a buffer
|
||||
descriptor has length of zero and has crafted values in bd.flags.
|
||||
Set upper limit to number of buffer descriptors.
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||
---
|
||||
hw/net/mcf_fec.c | 5 +++--
|
||||
1 files changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
|
||||
index 0ee8ad9..d31fea1 100644
|
||||
--- a/hw/net/mcf_fec.c
|
||||
+++ b/hw/net/mcf_fec.c
|
||||
@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0)
|
||||
#define DPRINTF(fmt, ...) do {} while(0)
|
||||
#endif
|
||||
|
||||
+#define FEC_MAX_DESC 1024
|
||||
#define FEC_MAX_FRAME_SIZE 2032
|
||||
|
||||
typedef struct {
|
||||
@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
|
||||
uint32_t addr;
|
||||
mcf_fec_bd bd;
|
||||
int frame_size;
|
||||
- int len;
|
||||
+ int len, descnt = 0;
|
||||
uint8_t frame[FEC_MAX_FRAME_SIZE];
|
||||
uint8_t *ptr;
|
||||
|
||||
@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
|
||||
ptr = frame;
|
||||
frame_size = 0;
|
||||
addr = s->tx_descriptor;
|
||||
- while (1) {
|
||||
+ while (descnt++ < FEC_MAX_DESC) {
|
||||
mcf_fec_read_bd(&bd, addr);
|
||||
DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
|
||||
addr, bd.flags, bd.length, bd.data);
|
||||
--
|
||||
1.7.0.4
|
||||
|
@ -1,32 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
The AMD PC-Net II emulator has set of control and status(CSR)
|
||||
registers. Of these, CSR76 and CSR78 hold receive and transmit
|
||||
descriptor ring length respectively. This ring length could range
|
||||
from 1 to 65535. Setting ring length to zero leads to an infinite
|
||||
loop in pcnet_rdra_addr. Add check to avoid it.
|
||||
|
||||
Reported-by: Li Qiang <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/net/pcnet.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
|
||||
index 198a01f..3078de8 100644
|
||||
--- a/hw/net/pcnet.c
|
||||
+++ b/hw/net/pcnet.c
|
||||
@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
|
||||
case 47: /* POLLINT */
|
||||
case 72:
|
||||
case 74:
|
||||
+ break;
|
||||
case 76: /* RCVRL */
|
||||
case 78: /* XMTRL */
|
||||
+ val = (val > 0) ? val : 512;
|
||||
+ break;
|
||||
case 112:
|
||||
if (CSR_STOP(s) || CSR_SPND(s))
|
||||
break;
|
||||
--
|
||||
2.5.5
|
@ -1,25 +0,0 @@
|
||||
From: Li Qiang <address@hidden>
|
||||
|
||||
In virtio gpu resource create dispatch, if the pixman format is zero
|
||||
it doesn't free the resource object allocated previously. Thus leading
|
||||
a host memory leak issue. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <address@hidden>
|
||||
---
|
||||
hw/display/virtio-gpu.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
|
||||
index 7fe6ed8..5b6d17b 100644
|
||||
--- a/hw/display/virtio-gpu.c
|
||||
+++ b/hw/display/virtio-gpu.c
|
||||
@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
|
||||
qemu_log_mask(LOG_GUEST_ERROR,
|
||||
"%s: host couldn't handle guest format %d\n",
|
||||
__func__, c2d.format);
|
||||
+ g_free(res);
|
||||
cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
|
||||
return;
|
||||
}
|
||||
--
|
||||
1.8.3.1
|
@ -1,26 +0,0 @@
|
||||
From: Li Qiang <address@hidden>
|
||||
|
||||
While processing isochronous transfer descriptors(iTD), if the page
|
||||
select(PG) field value is out of bands it will return. In this
|
||||
situation the ehci's sg list doesn't be freed thus leading a memory
|
||||
leak issue. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <address@hidden>
|
||||
---
|
||||
hw/usb/hcd-ehci.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
|
||||
index b093db7..f4ece9a 100644
|
||||
--- a/hw/usb/hcd-ehci.c
|
||||
+++ b/hw/usb/hcd-ehci.c
|
||||
@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
|
||||
if (off + len > 4096) {
|
||||
/* transfer crosses page border */
|
||||
if (pg == 6) {
|
||||
+ qemu_sglist_destroy(&ehci->isgl);
|
||||
return -1; /* avoid page pg + 1 */
|
||||
}
|
||||
ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
|
||||
--
|
||||
1.8.3.1
|
@ -1,61 +0,0 @@
|
||||
From 20009bdaf95d10bf748fa69b104672d3cfaceddf Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <address@hidden>
|
||||
Date: Fri, 7 Oct 2016 10:15:29 +0200
|
||||
Subject: [PATCH] xhci: limit the number of link trbs we are willing to process
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <address@hidden>
|
||||
---
|
||||
hw/usb/hcd-xhci.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
|
||||
index 726435c..ee4fa48 100644
|
||||
--- a/hw/usb/hcd-xhci.c
|
||||
+++ b/hw/usb/hcd-xhci.c
|
||||
@@ -54,6 +54,8 @@
|
||||
* to the specs when it gets them */
|
||||
#define ER_FULL_HACK
|
||||
|
||||
+#define TRB_LINK_LIMIT 4
|
||||
+
|
||||
#define LEN_CAP 0x40
|
||||
#define LEN_OPER (0x400 + 0x10 * MAXPORTS)
|
||||
#define LEN_RUNTIME ((MAXINTRS + 1) * 0x20)
|
||||
@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
|
||||
dma_addr_t *addr)
|
||||
{
|
||||
PCIDevice *pci_dev = PCI_DEVICE(xhci);
|
||||
+ uint32_t link_cnt = 0;
|
||||
|
||||
while (1) {
|
||||
TRBType type;
|
||||
@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
|
||||
ring->dequeue += TRB_SIZE;
|
||||
return type;
|
||||
} else {
|
||||
+ if (++link_cnt > TRB_LINK_LIMIT) {
|
||||
+ return 0;
|
||||
+ }
|
||||
ring->dequeue = xhci_mask64(trb->parameter);
|
||||
if (trb->control & TRB_LK_TC) {
|
||||
ring->ccs = !ring->ccs;
|
||||
@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
|
||||
bool ccs = ring->ccs;
|
||||
/* hack to bundle together the two/three TDs that make a setup transfer */
|
||||
bool control_td_set = 0;
|
||||
+ uint32_t link_cnt = 0;
|
||||
|
||||
while (1) {
|
||||
TRBType type;
|
||||
@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
|
||||
type = TRB_TYPE(trb);
|
||||
|
||||
if (type == TR_LINK) {
|
||||
+ if (++link_cnt > TRB_LINK_LIMIT) {
|
||||
+ return -length;
|
||||
+ }
|
||||
dequeue = xhci_mask64(trb.parameter);
|
||||
if (trb.control & TRB_LK_TC) {
|
||||
ccs = !ccs;
|
||||
--
|
||||
1.8.3.1
|
@ -1,34 +0,0 @@
|
||||
From: Li Qiang <address@hidden>
|
||||
|
||||
In 9pfs read dispatch function, it doesn't free two QEMUIOVector
|
||||
object thus causing potential memory leak. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <address@hidden>
|
||||
---
|
||||
hw/9pfs/9p.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index 119ee58..543a791 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -1826,14 +1826,15 @@ static void v9fs_read(void *opaque)
|
||||
if (len < 0) {
|
||||
/* IO error return the error */
|
||||
err = len;
|
||||
- goto out;
|
||||
+ goto out_free_iovec;
|
||||
}
|
||||
} while (count < max_count && len > 0);
|
||||
err = pdu_marshal(pdu, offset, "d", count);
|
||||
if (err < 0) {
|
||||
- goto out;
|
||||
+ goto out_free_iovec;
|
||||
}
|
||||
err += offset + count;
|
||||
+out_free_iovec:
|
||||
qemu_iovec_destroy(&qiov);
|
||||
qemu_iovec_destroy(&qiov_full);
|
||||
} else if (fidp->fid_type == P9_FID_XATTR) {
|
||||
--
|
||||
1.8.3.1
|
@ -1,58 +0,0 @@
|
||||
From ba42ebb863ab7d40adc79298422ed9596df8f73a Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Mon, 17 Oct 2016 14:13:58 +0200
|
||||
Subject: [PATCH] 9pfs: allocate space for guest originated empty strings
|
||||
|
||||
If a guest sends an empty string paramater to any 9P operation, the current
|
||||
code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }.
|
||||
|
||||
This is unfortunate because it can cause NULL pointer dereference to happen
|
||||
at various locations in the 9pfs code. And we don't want to check str->data
|
||||
everywhere we pass it to strcmp() or any other function which expects a
|
||||
dereferenceable pointer.
|
||||
|
||||
This patch enforces the allocation of genuine C empty strings instead, so
|
||||
callers don't have to bother.
|
||||
|
||||
Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if
|
||||
the returned string is empty. It now uses v9fs_string_size() since
|
||||
name.data cannot be NULL anymore.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
[groug, rewritten title and changelog,
|
||||
fix empty string check in v9fs_xattrwalk()]
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
fsdev/9p-iov-marshal.c | 2 +-
|
||||
hw/9pfs/9p.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
|
||||
index 663cad5..1d16f8d 100644
|
||||
--- a/fsdev/9p-iov-marshal.c
|
||||
+++ b/fsdev/9p-iov-marshal.c
|
||||
@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
|
||||
str->data = g_malloc(str->size + 1);
|
||||
copied = v9fs_unpack(str->data, out_sg, out_num, offset,
|
||||
str->size);
|
||||
- if (copied > 0) {
|
||||
+ if (copied >= 0) {
|
||||
str->data[str->size] = 0;
|
||||
} else {
|
||||
v9fs_string_free(str);
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index 119ee58..39a7e1d 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -3174,7 +3174,7 @@ static void v9fs_xattrwalk(void *opaque)
|
||||
goto out;
|
||||
}
|
||||
v9fs_path_copy(&xattr_fidp->path, &file_fidp->path);
|
||||
- if (name.data == NULL) {
|
||||
+ if (!v9fs_string_size(&name)) {
|
||||
/*
|
||||
* listxattr request. Get the size first
|
||||
*/
|
||||
--
|
||||
2.7.3
|
||||
|
@ -1,30 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
Rocker network switch emulator has test registers to help debug
|
||||
DMA operations. While testing host DMA access, a buffer address
|
||||
is written to register 'TEST_DMA_ADDR' and its size is written to
|
||||
register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
|
||||
test, if DMA buffer size was greater than 'INT_MAX', it leads to
|
||||
an invalid buffer access. Limit the DMA buffer size to avoid it.
|
||||
|
||||
Reported-by: Huawei PSIRT <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/net/rocker/rocker.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
|
||||
index 30f2ce4..e9d215a 100644
|
||||
--- a/hw/net/rocker/rocker.c
|
||||
+++ b/hw/net/rocker/rocker.c
|
||||
@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val)
|
||||
rocker_msix_irq(r, val);
|
||||
break;
|
||||
case ROCKER_TEST_DMA_SIZE:
|
||||
- r->test_dma_size = val;
|
||||
+ r->test_dma_size = val & 0xFFFF;
|
||||
break;
|
||||
case ROCKER_TEST_DMA_ADDR + 4:
|
||||
r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32;
|
||||
--
|
||||
2.5.5
|
@ -1,29 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
The JAZZ RC4030 chipset emulator has a periodic timer and
|
||||
associated interval reload register. The reload value is used
|
||||
as divider when computing timer's next tick value. If reload
|
||||
value is large, it could lead to divide by zero error. Limit
|
||||
the interval reload value to avoid it.
|
||||
|
||||
Reported-by: Huawei PSIRT <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/dma/rc4030.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
|
||||
index 2f2576f..c1b4997 100644
|
||||
--- a/hw/dma/rc4030.c
|
||||
+++ b/hw/dma/rc4030.c
|
||||
@@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data,
|
||||
break;
|
||||
/* Interval timer reload */
|
||||
case 0x0228:
|
||||
- s->itr = val;
|
||||
+ s->itr = val & 0x01FF;
|
||||
qemu_irq_lower(s->timer_irq);
|
||||
set_next_tick(s);
|
||||
break;
|
||||
--
|
||||
2.5.5
|
@ -1,34 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
16550A UART device uses an oscillator to generate frequencies
|
||||
(baud base), which decide communication speed. This speed could
|
||||
be changed by dividing it by a divider. If the divider is
|
||||
greater than the baud base, speed is set to zero, leading to a
|
||||
divide by zero error. Add check to avoid it.
|
||||
|
||||
Reported-by: Huawei PSIRT <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/char/serial.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
Update per
|
||||
-> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02400.html
|
||||
|
||||
diff --git a/hw/char/serial.c b/hw/char/serial.c
|
||||
index 3442f47..eec72b7 100644
|
||||
--- a/hw/char/serial.c
|
||||
+++ b/hw/char/serial.c
|
||||
@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)
|
||||
int speed, parity, data_bits, stop_bits, frame_size;
|
||||
QEMUSerialSetParams ssp;
|
||||
|
||||
- if (s->divider == 0)
|
||||
+ if (s->divider == 0 || s->divider > s->baudbase) {
|
||||
return;
|
||||
+ }
|
||||
|
||||
/* Start bit. */
|
||||
frame_size = 1;
|
||||
--
|
||||
2.5.5
|
@ -1,31 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
Intel HDA emulator uses stream of buffers during DMA data
|
||||
transfers. Each entry has buffer length and buffer pointer
|
||||
position, which are used to derive bytes to 'copy'. If this
|
||||
length and buffer pointer were to be same, 'copy' could be
|
||||
set to zero(0), leading to an infinite loop. Add check to
|
||||
avoid it.
|
||||
|
||||
Reported-by: Huawei PSIRT <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/audio/intel-hda.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
|
||||
index cd95340..537face 100644
|
||||
--- a/hw/audio/intel-hda.c
|
||||
+++ b/hw/audio/intel-hda.c
|
||||
@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
|
||||
}
|
||||
|
||||
left = len;
|
||||
- while (left > 0) {
|
||||
+ s = st->bentries;
|
||||
+ while (left > 0 && s-- > 0) {
|
||||
copy = left;
|
||||
if (copy > st->bsize - st->lpib)
|
||||
copy = st->bsize - st->lpib;
|
||||
--
|
||||
2.7.4
|
@ -1,29 +0,0 @@
|
||||
From: Prasad J Pandit <address@hidden>
|
||||
|
||||
RTL8139 ethernet controller in C+ mode supports multiple
|
||||
descriptor rings, each with maximum of 64 descriptors. While
|
||||
processing transmit descriptor ring in 'rtl8139_cplus_transmit',
|
||||
it does not limit the descriptor count and runs forever. Add
|
||||
check to avoid it.
|
||||
|
||||
Reported-by: Andrew Henderson <address@hidden>
|
||||
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||
---
|
||||
hw/net/rtl8139.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
|
||||
index 3345bc6..f05e59c 100644
|
||||
--- a/hw/net/rtl8139.c
|
||||
+++ b/hw/net/rtl8139.c
|
||||
@@ -2350,7 +2350,7 @@ static void rtl8139_cplus_transmit(RTL8139State *s)
|
||||
{
|
||||
int txcount = 0;
|
||||
|
||||
- while (rtl8139_cplus_transmit_one(s))
|
||||
+ while (txcount < 64 && rtl8139_cplus_transmit_one(s))
|
||||
{
|
||||
++txcount;
|
||||
}
|
||||
--
|
||||
2.7.4
|
@ -1,21 +0,0 @@
|
||||
From: Li Qiang <address@hidden>
|
||||
|
||||
The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
|
||||
situation that this field has been allocated previously. Every time, it
|
||||
will be allocated directly. This leads a host memory leak issue. This
|
||||
patch fix this.
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index 75ba5f1..a4c7109 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
|
||||
xattr_fidp->fs.xattr.flags = flags;
|
||||
v9fs_string_init(&xattr_fidp->fs.xattr.name);
|
||||
v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
|
||||
+ g_free(xattr_fidp->fs.xattr.value);
|
||||
xattr_fidp->fs.xattr.value = g_malloc(size);
|
||||
err = offset;
|
||||
put_fid(pdu, file_fidp);
|
@ -1,27 +0,0 @@
|
||||
Author: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Mon Oct 17 14:13:58 2016 +0200
|
||||
|
||||
9pfs: fix information leak in xattr read
|
||||
|
||||
9pfs uses g_malloc() to allocate the xattr memory space, if the guest
|
||||
reads this memory before writing to it, this will leak host heap memory
|
||||
to the guest. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index 26aa7d5..bf23b01 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -3269,8 +3269,8 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
|
||||
xattr_fidp->fs.xattr.flags = flags;
|
||||
v9fs_string_init(&xattr_fidp->fs.xattr.name);
|
||||
v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
|
||||
g_free(xattr_fidp->fs.xattr.value);
|
||||
- xattr_fidp->fs.xattr.value = g_malloc(size);
|
||||
+ xattr_fidp->fs.xattr.value = g_malloc0(size);
|
||||
err = offset;
|
||||
put_fid(pdu, file_fidp);
|
||||
out_nofid:
|
@ -1,92 +0,0 @@
|
||||
From 7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Tue, 1 Nov 2016 12:00:40 +0100
|
||||
Subject: [PATCH] 9pfs: fix integer overflow issue in xattr read/write
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest
|
||||
originated offset: they must ensure this offset does not go beyond
|
||||
the size of the extended attribute that was set in v9fs_xattrcreate().
|
||||
Unfortunately, the current code implement these checks with unsafe
|
||||
calculations on 32 and 64 bit values, which may allow a malicious
|
||||
guest to cause OOB access anyway.
|
||||
|
||||
Fix this by comparing the offset and the xattr size, which are
|
||||
both uint64_t, before trying to compute the effective number of bytes
|
||||
to read or write.
|
||||
|
||||
Suggested-by: Greg Kurz <groug@kaod.org>
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
Reviewed-By: Guido Günther <agx@sigxcpu.org>
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
hw/9pfs/9p.c | 32 ++++++++++++--------------------
|
||||
1 file changed, 12 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index ab18ef2..7705ead 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -1637,20 +1637,17 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
|
||||
{
|
||||
ssize_t err;
|
||||
size_t offset = 7;
|
||||
- int read_count;
|
||||
- int64_t xattr_len;
|
||||
+ uint64_t read_count;
|
||||
V9fsVirtioState *v = container_of(s, V9fsVirtioState, state);
|
||||
VirtQueueElement *elem = v->elems[pdu->idx];
|
||||
|
||||
- xattr_len = fidp->fs.xattr.len;
|
||||
- read_count = xattr_len - off;
|
||||
+ if (fidp->fs.xattr.len < off) {
|
||||
+ read_count = 0;
|
||||
+ } else {
|
||||
+ read_count = fidp->fs.xattr.len - off;
|
||||
+ }
|
||||
if (read_count > max_count) {
|
||||
read_count = max_count;
|
||||
- } else if (read_count < 0) {
|
||||
- /*
|
||||
- * read beyond XATTR value
|
||||
- */
|
||||
- read_count = 0;
|
||||
}
|
||||
err = pdu_marshal(pdu, offset, "d", read_count);
|
||||
if (err < 0) {
|
||||
@@ -1979,23 +1976,18 @@ static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
|
||||
{
|
||||
int i, to_copy;
|
||||
ssize_t err = 0;
|
||||
- int write_count;
|
||||
- int64_t xattr_len;
|
||||
+ uint64_t write_count;
|
||||
size_t offset = 7;
|
||||
|
||||
|
||||
- xattr_len = fidp->fs.xattr.len;
|
||||
- write_count = xattr_len - off;
|
||||
- if (write_count > count) {
|
||||
- write_count = count;
|
||||
- } else if (write_count < 0) {
|
||||
- /*
|
||||
- * write beyond XATTR value len specified in
|
||||
- * xattrcreate
|
||||
- */
|
||||
+ if (fidp->fs.xattr.len < off) {
|
||||
err = -ENOSPC;
|
||||
goto out;
|
||||
}
|
||||
+ write_count = fidp->fs.xattr.len - off;
|
||||
+ if (write_count > count) {
|
||||
+ write_count = count;
|
||||
+ }
|
||||
err = pdu_marshal(pdu, offset, "d", write_count);
|
||||
if (err < 0) {
|
||||
return err;
|
||||
--
|
||||
2.7.3
|
||||
|
@ -1,25 +0,0 @@
|
||||
From: Li Qiang <address@hidden>
|
||||
|
||||
In v9fs_link dispatch function, it doesn't put the 'oldfidp'
|
||||
fid object, this will make the 'oldfidp->ref' never reach to 0,
|
||||
thus leading a memory leak issue. This patch fix this.
|
||||
|
||||
Signed-off-by: Li Qiang <address@hidden>
|
||||
---
|
||||
hw/9pfs/9p.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index 8b50bfb..29f8b7a 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -2413,6 +2413,7 @@ static void v9fs_link(void *opaque)
|
||||
if (!err) {
|
||||
err = offset;
|
||||
}
|
||||
+ put_fid(pdu, oldfidp);
|
||||
out:
|
||||
put_fid(pdu, dfidp);
|
||||
out_nofid:
|
||||
--
|
||||
1.8.3.1
|
@ -1,27 +0,0 @@
|
||||
Author: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Mon Oct 17 14:13:58 2016 +0200
|
||||
|
||||
9pfs: fix memory leak in v9fs_write
|
||||
|
||||
If an error occurs when marshalling the transfer length to the guest, the
|
||||
v9fs_write() function doesn't free an IO vector, thus leading to a memory
|
||||
leak. This patch fixes the issue.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
[groug, rephrased the changelog]
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index d43a552..e88cf25 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -2090,7 +2090,7 @@ static void coroutine_fn v9fs_write(void *opaque)
|
||||
offset = 7;
|
||||
err = pdu_marshal(pdu, offset, "d", total);
|
||||
if (err < 0) {
|
||||
- goto out;
|
||||
+ goto out_qiov;
|
||||
}
|
||||
err += offset;
|
||||
|
@ -1,139 +0,0 @@
|
||||
#!/sbin/openrc-run
|
||||
# Copyright 1999-2016 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel
|
||||
|
||||
# Defaulting to OC should be safe because it comes down to:
|
||||
# - do we trust the interp itself to not be malicious? yes; we built it.
|
||||
# - do we trust the programs we're running? ish; same permission as native
|
||||
# binaries apply. so if user can do bad stuff natively, cross isn't worse.
|
||||
: ${QEMU_BINFMT_FLAGS:=OC}
|
||||
|
||||
depend() {
|
||||
after procfs
|
||||
}
|
||||
|
||||
start() {
|
||||
ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
|
||||
|
||||
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
|
||||
modprobe -q binfmt_misc
|
||||
fi
|
||||
|
||||
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
|
||||
eend $? "You need support for 'misc binaries' in your kernel!" || return
|
||||
fi
|
||||
|
||||
if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then
|
||||
mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1
|
||||
eend $? || return
|
||||
fi
|
||||
|
||||
# probe cpu type
|
||||
cpu=`uname -m`
|
||||
case "$cpu" in
|
||||
i386|i486|i586|i686|i86pc|BePC|x86_64)
|
||||
cpu="i386"
|
||||
;;
|
||||
m68k)
|
||||
cpu="m68k"
|
||||
;;
|
||||
mips*)
|
||||
cpu="mips"
|
||||
;;
|
||||
"Power Macintosh"|ppc|ppc64)
|
||||
cpu="ppc"
|
||||
;;
|
||||
armv[4-9]*)
|
||||
cpu="arm"
|
||||
;;
|
||||
sparc*)
|
||||
cpu="sparc"
|
||||
;;
|
||||
esac
|
||||
|
||||
# register the interpreter for each cpu except for the native one
|
||||
if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then
|
||||
echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then
|
||||
echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then
|
||||
echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then
|
||||
echo ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then
|
||||
echo ':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then
|
||||
echo ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then
|
||||
echo ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then
|
||||
#echo 'Please check cpu value and header information for m68k!'
|
||||
echo ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then
|
||||
# FIXME: We could use the other endianness on a MIPS host.
|
||||
echo ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then
|
||||
echo ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then
|
||||
echo ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then
|
||||
echo ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then
|
||||
echo ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then
|
||||
echo ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then
|
||||
echo ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then
|
||||
echo ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then
|
||||
echo ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||
fi
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
ebegin "Unregistering qemu-user binaries"
|
||||
local arches
|
||||
|
||||
arches="${arches} i386 i486"
|
||||
arches="${arches} alpha"
|
||||
arches="${arches} arm armeb"
|
||||
arches="${arches} aarch64"
|
||||
arches="${arches} sparc"
|
||||
arches="${arches} ppc"
|
||||
arches="${arches} m68k"
|
||||
arches="${arches} mips mipsel mipsn32 mipsn32el mips64 mips64el"
|
||||
arches="${arches} sh4 sh4eb"
|
||||
arches="${arches} s390x"
|
||||
|
||||
for a in ${arches}; do
|
||||
if [ -f /proc/sys/fs/binfmt_misc/$a ] ; then
|
||||
echo '-1' > /proc/sys/fs/binfmt_misc/$a
|
||||
fi
|
||||
done
|
||||
|
||||
eend $?
|
||||
}
|
||||
|
||||
# vim: ts=4 :
|
@ -1,710 +0,0 @@
|
||||
# Copyright 1999-2016 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
EAPI="5"
|
||||
|
||||
#MY_P="${P/_/-}"
|
||||
|
||||
PYTHON_COMPAT=( python2_7 )
|
||||
PYTHON_REQ_USE="ncurses,readline"
|
||||
|
||||
PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
|
||||
|
||||
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
|
||||
user udev fcaps readme.gentoo-r1 pax-utils l10n
|
||||
|
||||
if [[ ${PV} = *9999* ]]; then
|
||||
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
|
||||
inherit git-2
|
||||
SRC_URI=""
|
||||
else
|
||||
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
|
||||
KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
|
||||
fi
|
||||
|
||||
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
|
||||
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
|
||||
|
||||
LICENSE="GPL-2 LGPL-2 BSD-2"
|
||||
SLOT="0"
|
||||
IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
|
||||
gnutls gtk gtk2 infiniband iscsi +jpeg \
|
||||
kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
|
||||
+png pulseaudio python \
|
||||
rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
|
||||
static-user systemtap tci test +threads usb usbredir +uuid vde +vhost-net \
|
||||
virgl virtfs +vnc vte xattr xen xfs"
|
||||
|
||||
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
|
||||
mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 unicore32
|
||||
x86_64"
|
||||
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore xtensa xtensaeb"
|
||||
IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
|
||||
|
||||
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
|
||||
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
|
||||
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
|
||||
|
||||
# Allow no targets to be built so that people can get a tools-only build.
|
||||
# Block USE flag configurations known to not work.
|
||||
REQUIRED_USE="${PYTHON_REQUIRED_USE}
|
||||
gtk2? ( gtk )
|
||||
qemu_softmmu_targets_arm? ( fdt )
|
||||
qemu_softmmu_targets_microblaze? ( fdt )
|
||||
qemu_softmmu_targets_ppc? ( fdt )
|
||||
qemu_softmmu_targets_ppc64? ( fdt )
|
||||
sdl2? ( sdl )
|
||||
static? ( static-softmmu static-user )
|
||||
static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
|
||||
virtfs? ( xattr )
|
||||
vte? ( gtk )"
|
||||
|
||||
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
|
||||
#
|
||||
# The attr lib isn't always linked in (although the USE flag is always
|
||||
# respected). This is because qemu supports using the C library's API
|
||||
# when available rather than always using the extranl library.
|
||||
#
|
||||
# Older versions of gnutls are supported, but it's simpler to just require
|
||||
# the latest versions. This is also why we require nettle.
|
||||
#
|
||||
# TODO: Split out tools deps into another var. e.g. bzip2 is only used by
|
||||
# system binaries and tools, not user binaries.
|
||||
COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
|
||||
sys-libs/zlib[static-libs(+)]
|
||||
bzip2? ( app-arch/bzip2[static-libs(+)] )
|
||||
xattr? ( sys-apps/attr[static-libs(+)] )"
|
||||
SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
|
||||
>=x11-libs/pixman-0.28.0[static-libs(+)]
|
||||
accessibility? ( app-accessibility/brltty[static-libs(+)] )
|
||||
aio? ( dev-libs/libaio[static-libs(+)] )
|
||||
alsa? ( >=media-libs/alsa-lib-1.0.13 )
|
||||
bluetooth? ( net-wireless/bluez )
|
||||
caps? ( sys-libs/libcap-ng[static-libs(+)] )
|
||||
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
|
||||
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
|
||||
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
|
||||
gnutls? (
|
||||
dev-libs/nettle:=[static-libs(+)]
|
||||
>=net-libs/gnutls-3.0:=[static-libs(+)]
|
||||
)
|
||||
gtk? (
|
||||
gtk2? (
|
||||
x11-libs/gtk+:2
|
||||
vte? ( x11-libs/vte:0 )
|
||||
)
|
||||
!gtk2? (
|
||||
x11-libs/gtk+:3
|
||||
vte? ( x11-libs/vte:2.91 )
|
||||
)
|
||||
)
|
||||
infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
|
||||
iscsi? ( net-libs/libiscsi )
|
||||
jpeg? ( virtual/jpeg:0=[static-libs(+)] )
|
||||
lzo? ( dev-libs/lzo:2[static-libs(+)] )
|
||||
ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
|
||||
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
|
||||
numa? ( sys-process/numactl[static-libs(+)] )
|
||||
opengl? (
|
||||
virtual/opengl
|
||||
media-libs/libepoxy[static-libs(+)]
|
||||
media-libs/mesa[static-libs(+)]
|
||||
media-libs/mesa[egl,gles2,gbm]
|
||||
)
|
||||
png? ( media-libs/libpng:0=[static-libs(+)] )
|
||||
pulseaudio? ( media-sound/pulseaudio )
|
||||
rbd? ( sys-cluster/ceph[static-libs(+)] )
|
||||
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
|
||||
sdl? (
|
||||
!sdl2? (
|
||||
media-libs/libsdl[X]
|
||||
>=media-libs/libsdl-1.2.11[static-libs(+)]
|
||||
)
|
||||
sdl2? (
|
||||
media-libs/libsdl2[X]
|
||||
media-libs/libsdl2[static-libs(+)]
|
||||
)
|
||||
)
|
||||
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
|
||||
smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
|
||||
snappy? ( app-arch/snappy[static-libs(+)] )
|
||||
spice? (
|
||||
>=app-emulation/spice-protocol-0.12.3
|
||||
>=app-emulation/spice-0.12.0[static-libs(+)]
|
||||
)
|
||||
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
|
||||
usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
|
||||
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
|
||||
uuid? ( >=sys-apps/util-linux-2.16.0[static-libs(+)] )
|
||||
vde? ( net-misc/vde[static-libs(+)] )
|
||||
virgl? ( media-libs/virglrenderer[static-libs(+)] )
|
||||
virtfs? ( sys-libs/libcap )
|
||||
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
|
||||
USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
|
||||
X86_FIRMWARE_DEPEND="
|
||||
>=sys-firmware/ipxe-1.0.0_p20130624
|
||||
pin-upstream-blobs? (
|
||||
~sys-firmware/seabios-1.9.0
|
||||
~sys-firmware/sgabios-0.1_pre8
|
||||
~sys-firmware/vgabios-0.7a
|
||||
)
|
||||
!pin-upstream-blobs? (
|
||||
sys-firmware/seabios
|
||||
sys-firmware/sgabios
|
||||
)"
|
||||
CDEPEND="
|
||||
!static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
|
||||
!static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
|
||||
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
|
||||
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
|
||||
python? ( ${PYTHON_DEPS} )
|
||||
systemtap? ( dev-util/systemtap )
|
||||
xen? ( app-emulation/xen-tools:= )"
|
||||
DEPEND="${CDEPEND}
|
||||
dev-lang/perl
|
||||
=dev-lang/python-2*
|
||||
sys-apps/texinfo
|
||||
virtual/pkgconfig
|
||||
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
|
||||
gtk? ( nls? ( sys-devel/gettext ) )
|
||||
static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
|
||||
static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
|
||||
test? (
|
||||
dev-libs/glib[utils]
|
||||
sys-devel/bc
|
||||
)"
|
||||
RDEPEND="${CDEPEND}
|
||||
selinux? ( sec-policy/selinux-qemu )
|
||||
"
|
||||
|
||||
STRIP_MASK="/usr/share/qemu/palcode-clipper"
|
||||
|
||||
QA_PREBUILT="
|
||||
usr/share/qemu/openbios-ppc
|
||||
usr/share/qemu/openbios-sparc64
|
||||
usr/share/qemu/openbios-sparc32
|
||||
usr/share/qemu/palcode-clipper
|
||||
usr/share/qemu/s390-ccw.img
|
||||
usr/share/qemu/u-boot.e500
|
||||
"
|
||||
|
||||
QA_WX_LOAD="usr/bin/qemu-i386
|
||||
usr/bin/qemu-x86_64
|
||||
usr/bin/qemu-alpha
|
||||
usr/bin/qemu-arm
|
||||
usr/bin/qemu-cris
|
||||
usr/bin/qemu-m68k
|
||||
usr/bin/qemu-microblaze
|
||||
usr/bin/qemu-microblazeel
|
||||
usr/bin/qemu-mips
|
||||
usr/bin/qemu-mipsel
|
||||
usr/bin/qemu-or32
|
||||
usr/bin/qemu-ppc
|
||||
usr/bin/qemu-ppc64
|
||||
usr/bin/qemu-ppc64abi32
|
||||
usr/bin/qemu-sh4
|
||||
usr/bin/qemu-sh4eb
|
||||
usr/bin/qemu-sparc
|
||||
usr/bin/qemu-sparc64
|
||||
usr/bin/qemu-armeb
|
||||
usr/bin/qemu-sparc32plus
|
||||
usr/bin/qemu-s390x
|
||||
usr/bin/qemu-unicore32"
|
||||
|
||||
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
|
||||
you have the kernel module loaded before running kvm. The easiest way to
|
||||
ensure that the kernel module is loaded is to load it on boot.\n
|
||||
For AMD CPUs the module is called 'kvm-amd'.\n
|
||||
For Intel CPUs the module is called 'kvm-intel'.\n
|
||||
Please review /etc/conf.d/modules for how to load these.\n\n
|
||||
Make sure your user is in the 'kvm' group\n
|
||||
Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
|
||||
For brand new installs, the default permissions on /dev/kvm might not let you
|
||||
access it. You can tell udev to reset ownership/perms:\n
|
||||
udevadm trigger -c add /dev/kvm"
|
||||
|
||||
qemu_support_kvm() {
|
||||
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
|
||||
use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
|
||||
use qemu_softmmu_targets_s390x; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
pkg_pretend() {
|
||||
if use kernel_linux && kernel_is lt 2 6 25; then
|
||||
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
|
||||
elif use kernel_linux; then
|
||||
if ! linux_config_exists; then
|
||||
eerror "Unable to check your kernel for KVM support"
|
||||
else
|
||||
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
|
||||
ERROR_KVM="You must enable KVM in your kernel to continue"
|
||||
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
|
||||
ERROR_KVM_AMD+=" your kernel configuration."
|
||||
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
|
||||
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
|
||||
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
|
||||
ERROR_TUN+=" into your kernel or loaded as a module to use the"
|
||||
ERROR_TUN+=" virtual network device if using -net tap."
|
||||
ERROR_BRIDGE="You will also need support for 802.1d"
|
||||
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
|
||||
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
|
||||
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
|
||||
ERROR_VHOST_NET+=" support"
|
||||
|
||||
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
|
||||
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
|
||||
fi
|
||||
|
||||
use python && CONFIG_CHECK+=" ~DEBUG_FS"
|
||||
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
|
||||
|
||||
# Now do the actual checks setup above
|
||||
check_extra_config
|
||||
fi
|
||||
fi
|
||||
|
||||
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
|
||||
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
|
||||
eerror "instances are still pointing to it. Please update your"
|
||||
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
|
||||
eerror "and the right system binary (e.g. qemu-system-x86_64)."
|
||||
die "update your virt configs to not use qemu-kvm"
|
||||
fi
|
||||
}
|
||||
|
||||
pkg_setup() {
|
||||
enewgroup kvm 78
|
||||
}
|
||||
|
||||
# Sanity check to make sure target lists are kept up-to-date.
|
||||
check_targets() {
|
||||
local var=$1 mak=$2
|
||||
local detected sorted
|
||||
|
||||
pushd "${S}"/default-configs >/dev/null || die
|
||||
|
||||
# Force C locale until glibc is updated. #564936
|
||||
detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
|
||||
sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
|
||||
if [[ ${sorted} != "${detected}" ]] ; then
|
||||
eerror "The ebuild needs to be kept in sync."
|
||||
eerror "${var}: ${sorted}"
|
||||
eerror "$(printf '%-*s' ${#var} configure): ${detected}"
|
||||
die "sync ${var} to the list of targets"
|
||||
fi
|
||||
|
||||
popd >/dev/null
|
||||
}
|
||||
|
||||
handle_locales() {
|
||||
# Make sure locale list is kept up-to-date.
|
||||
local detected sorted
|
||||
detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
|
||||
sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
|
||||
if [[ ${sorted} != "${detected}" ]] ; then
|
||||
eerror "The ebuild needs to be kept in sync."
|
||||
eerror "PLOCALES: ${sorted}"
|
||||
eerror " po/*.po: ${detected}"
|
||||
die "sync PLOCALES"
|
||||
fi
|
||||
|
||||
# Deal with selective install of locales.
|
||||
if use nls ; then
|
||||
# Delete locales the user does not want. #577814
|
||||
rm_loc() { rm po/$1.po || die; }
|
||||
l10n_for_each_disabled_locale_do rm_loc
|
||||
else
|
||||
# Cheap hack to disable gettext .mo generation.
|
||||
rm -f po/*.po
|
||||
fi
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
check_targets IUSE_SOFTMMU_TARGETS softmmu
|
||||
check_targets IUSE_USER_TARGETS linux-user
|
||||
|
||||
# Alter target makefiles to accept CFLAGS set via flag-o
|
||||
sed -i -r \
|
||||
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
|
||||
Makefile Makefile.target || die
|
||||
|
||||
epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
|
||||
epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
|
||||
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-6836.patch # bug 591242
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7155.patch # bug 593034
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7156.patch # bug 593036
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7157-1.patch # bug 593038
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7157-2.patch # bug 593038
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7170.patch # bug 593284
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7421.patch # bug 593950
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7422.patch # bug 593956
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7423.patch # bug 594368
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7466.patch # bug 594520
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7907.patch # bug 596048
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7908.patch # bug 596049
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7909.patch # bug 596048
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7994-1.patch # bug 596738
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-7994-2.patch # bug 596738
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-8576.patch # bug 596752
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-8577.patch # bug 596776
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-8578.patch # bug 596774
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-8668.patch # bug 597110
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-8669-1.patch # bug 597108
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-8669-2.patch # bug 597108
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-8909.patch # bug 598044
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-8910.patch # bug 598046
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-9102.patch # bug 598328
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-9103.patch # bug 598328
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-9104.patch # bug 598328
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-9105.patch # bug 598328
|
||||
epatch "${FILESDIR}"/${P}-CVE-2016-9106.patch # bug 598772
|
||||
|
||||
# Fix ld and objcopy being called directly
|
||||
tc-export AR LD OBJCOPY
|
||||
|
||||
# Verbose builds
|
||||
MAKEOPTS+=" V=1"
|
||||
|
||||
epatch_user
|
||||
|
||||
# Run after we've applied all patches.
|
||||
handle_locales
|
||||
}
|
||||
|
||||
##
|
||||
# configures qemu based on the build directory and the build type
|
||||
# we are using.
|
||||
#
|
||||
qemu_src_configure() {
|
||||
debug-print-function ${FUNCNAME} "$@"
|
||||
|
||||
local buildtype=$1
|
||||
local builddir="${S}/${buildtype}-build"
|
||||
local static_flag="static-${buildtype}"
|
||||
|
||||
mkdir "${builddir}"
|
||||
|
||||
local conf_opts=(
|
||||
--prefix=/usr
|
||||
--sysconfdir=/etc
|
||||
--libdir=/usr/$(get_libdir)
|
||||
--docdir=/usr/share/doc/${PF}/html
|
||||
--disable-bsd-user
|
||||
--disable-guest-agent
|
||||
--disable-strip
|
||||
--disable-werror
|
||||
# We support gnutls/nettle for crypto operations. It is possible
|
||||
# to use gcrypt when gnutls/nettle are disabled (but not when they
|
||||
# are enabled), but it's not really worth the hassle. Disable it
|
||||
# all the time to avoid automatically detecting it. #568856
|
||||
--disable-gcrypt
|
||||
--python="${PYTHON}"
|
||||
--cc="$(tc-getCC)"
|
||||
--cxx="$(tc-getCXX)"
|
||||
--host-cc="$(tc-getBUILD_CC)"
|
||||
$(use_enable debug debug-info)
|
||||
$(use_enable debug debug-tcg)
|
||||
--enable-docs
|
||||
$(use_enable tci tcg-interpreter)
|
||||
$(use_enable xattr attr)
|
||||
)
|
||||
|
||||
# Disable options not used by user targets as the default configure
|
||||
# options will autoprobe and try to link in a bunch of unused junk.
|
||||
conf_softmmu() {
|
||||
if [[ ${buildtype} == "user" ]] ; then
|
||||
echo "--disable-${2:-$1}"
|
||||
else
|
||||
use_enable "$@"
|
||||
fi
|
||||
}
|
||||
conf_opts+=(
|
||||
$(conf_softmmu accessibility brlapi)
|
||||
$(conf_softmmu aio linux-aio)
|
||||
$(conf_softmmu bzip2)
|
||||
$(conf_softmmu bluetooth bluez)
|
||||
$(conf_softmmu caps cap-ng)
|
||||
$(conf_softmmu curl)
|
||||
$(conf_softmmu fdt)
|
||||
$(conf_softmmu glusterfs)
|
||||
$(conf_softmmu gnutls)
|
||||
$(conf_softmmu gnutls nettle)
|
||||
$(conf_softmmu gtk)
|
||||
$(conf_softmmu infiniband rdma)
|
||||
$(conf_softmmu iscsi libiscsi)
|
||||
$(conf_softmmu jpeg vnc-jpeg)
|
||||
$(conf_softmmu kernel_linux kvm)
|
||||
$(conf_softmmu lzo)
|
||||
$(conf_softmmu ncurses curses)
|
||||
$(conf_softmmu nfs libnfs)
|
||||
$(conf_softmmu numa)
|
||||
$(conf_softmmu opengl)
|
||||
$(conf_softmmu png vnc-png)
|
||||
$(conf_softmmu rbd)
|
||||
$(conf_softmmu sasl vnc-sasl)
|
||||
$(conf_softmmu sdl)
|
||||
$(conf_softmmu seccomp)
|
||||
$(conf_softmmu smartcard)
|
||||
$(conf_softmmu snappy)
|
||||
$(conf_softmmu spice)
|
||||
$(conf_softmmu ssh libssh2)
|
||||
$(conf_softmmu usb libusb)
|
||||
$(conf_softmmu usbredir usb-redir)
|
||||
$(conf_softmmu uuid)
|
||||
$(conf_softmmu vde)
|
||||
$(conf_softmmu vhost-net)
|
||||
$(conf_softmmu virgl virglrenderer)
|
||||
$(conf_softmmu virtfs)
|
||||
$(conf_softmmu vnc)
|
||||
$(conf_softmmu vte)
|
||||
$(conf_softmmu xen)
|
||||
$(conf_softmmu xen xen-pci-passthrough)
|
||||
$(conf_softmmu xfs xfsctl)
|
||||
)
|
||||
|
||||
case ${buildtype} in
|
||||
user)
|
||||
conf_opts+=(
|
||||
--enable-linux-user
|
||||
--disable-system
|
||||
--disable-blobs
|
||||
--disable-tools
|
||||
)
|
||||
;;
|
||||
softmmu)
|
||||
# audio options
|
||||
local audio_opts="oss"
|
||||
use alsa && audio_opts="alsa,${audio_opts}"
|
||||
use sdl && audio_opts="sdl,${audio_opts}"
|
||||
use pulseaudio && audio_opts="pa,${audio_opts}"
|
||||
|
||||
conf_opts+=(
|
||||
--disable-linux-user
|
||||
--enable-system
|
||||
--with-system-pixman
|
||||
--audio-drv-list="${audio_opts}"
|
||||
)
|
||||
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
|
||||
use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
|
||||
;;
|
||||
tools)
|
||||
conf_opts+=(
|
||||
--disable-linux-user
|
||||
--disable-system
|
||||
--disable-blobs
|
||||
$(use_enable bzip2)
|
||||
)
|
||||
static_flag="static"
|
||||
;;
|
||||
esac
|
||||
|
||||
local targets="${buildtype}_targets"
|
||||
[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
|
||||
|
||||
# Add support for SystemTAP
|
||||
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
|
||||
|
||||
# We always want to attempt to build with PIE support as it results
|
||||
# in a more secure binary. But it doesn't work with static or if
|
||||
# the current GCC doesn't have PIE support.
|
||||
if use ${static_flag}; then
|
||||
conf_opts+=( --static --disable-pie )
|
||||
else
|
||||
gcc-specs-pie && conf_opts+=( --enable-pie )
|
||||
fi
|
||||
|
||||
echo "../configure ${conf_opts[*]}"
|
||||
cd "${builddir}"
|
||||
../configure "${conf_opts[@]}" || die "configure failed"
|
||||
|
||||
# FreeBSD's kernel does not support QEMU assigning/grabbing
|
||||
# host USB devices yet
|
||||
use kernel_FreeBSD && \
|
||||
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
local target
|
||||
|
||||
python_setup
|
||||
|
||||
softmmu_targets= softmmu_bins=()
|
||||
user_targets= user_bins=()
|
||||
|
||||
for target in ${IUSE_SOFTMMU_TARGETS} ; do
|
||||
if use "qemu_softmmu_targets_${target}"; then
|
||||
softmmu_targets+=",${target}-softmmu"
|
||||
softmmu_bins+=( "qemu-system-${target}" )
|
||||
fi
|
||||
done
|
||||
|
||||
for target in ${IUSE_USER_TARGETS} ; do
|
||||
if use "qemu_user_targets_${target}"; then
|
||||
user_targets+=",${target}-linux-user"
|
||||
user_bins+=( "qemu-${target}" )
|
||||
fi
|
||||
done
|
||||
|
||||
softmmu_targets=${softmmu_targets#,}
|
||||
user_targets=${user_targets#,}
|
||||
|
||||
[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
|
||||
[[ -n ${user_targets} ]] && qemu_src_configure "user"
|
||||
[[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
|
||||
}
|
||||
|
||||
src_compile() {
|
||||
if [[ -n ${user_targets} ]]; then
|
||||
cd "${S}/user-build"
|
||||
default
|
||||
fi
|
||||
|
||||
if [[ -n ${softmmu_targets} ]]; then
|
||||
cd "${S}/softmmu-build"
|
||||
default
|
||||
fi
|
||||
|
||||
if [[ -z ${softmmu_targets}${user_targets} ]]; then
|
||||
cd "${S}/tools-build"
|
||||
default
|
||||
fi
|
||||
}
|
||||
|
||||
src_test() {
|
||||
if [[ -n ${softmmu_targets} ]]; then
|
||||
cd "${S}/softmmu-build"
|
||||
pax-mark m */qemu-system-* #515550
|
||||
emake -j1 check
|
||||
emake -j1 check-report.html
|
||||
fi
|
||||
}
|
||||
|
||||
qemu_python_install() {
|
||||
python_domodule "${S}/scripts/qmp/qmp.py"
|
||||
|
||||
python_doscript "${S}/scripts/kvm/vmxcap"
|
||||
python_doscript "${S}/scripts/qmp/qmp-shell"
|
||||
python_doscript "${S}/scripts/qmp/qemu-ga-client"
|
||||
}
|
||||
|
||||
src_install() {
|
||||
if [[ -n ${user_targets} ]]; then
|
||||
cd "${S}/user-build"
|
||||
emake DESTDIR="${ED}" install
|
||||
|
||||
# Install binfmt handler init script for user targets
|
||||
newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
|
||||
fi
|
||||
|
||||
if [[ -n ${softmmu_targets} ]]; then
|
||||
cd "${S}/softmmu-build"
|
||||
emake DESTDIR="${ED}" install
|
||||
|
||||
# This might not exist if the test failed. #512010
|
||||
[[ -e check-report.html ]] && dohtml check-report.html
|
||||
|
||||
if use kernel_linux; then
|
||||
udev_dorules "${FILESDIR}"/65-kvm.rules
|
||||
fi
|
||||
|
||||
if use python; then
|
||||
python_foreach_impl qemu_python_install
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -z ${softmmu_targets}${user_targets} ]]; then
|
||||
cd "${S}/tools-build"
|
||||
emake DESTDIR="${ED}" install
|
||||
fi
|
||||
|
||||
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
|
||||
pushd "${ED}"/usr/bin >/dev/null
|
||||
pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
|
||||
popd >/dev/null
|
||||
|
||||
# Install config file example for qemu-bridge-helper
|
||||
insinto "/etc/qemu"
|
||||
doins "${FILESDIR}/bridge.conf"
|
||||
|
||||
# Remove the docdir placed qmp-commands.txt
|
||||
mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
|
||||
|
||||
cd "${S}"
|
||||
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
|
||||
newdoc pc-bios/README README.pc-bios
|
||||
dodoc docs/qmp-*.txt
|
||||
|
||||
if [[ -n ${softmmu_targets} ]]; then
|
||||
# Remove SeaBIOS since we're using the SeaBIOS packaged one
|
||||
rm "${ED}/usr/share/qemu/bios.bin"
|
||||
rm "${ED}/usr/share/qemu/bios-256k.bin"
|
||||
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
|
||||
dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
|
||||
fi
|
||||
|
||||
# Remove VGABIOS since we're using the SeaBIOS packaged one
|
||||
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
|
||||
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
|
||||
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
|
||||
rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
|
||||
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
|
||||
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||
dosym ../seabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
|
||||
dosym ../seabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
|
||||
dosym ../seabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
|
||||
dosym ../seabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
|
||||
dosym ../seabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
|
||||
fi
|
||||
|
||||
# Remove sgabios since we're using the sgabios packaged one
|
||||
rm "${ED}/usr/share/qemu/sgabios.bin"
|
||||
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
|
||||
fi
|
||||
|
||||
# Remove iPXE since we're using the iPXE packaged one
|
||||
rm "${ED}"/usr/share/qemu/pxe-*.rom
|
||||
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
|
||||
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
|
||||
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
|
||||
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
|
||||
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
|
||||
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
|
||||
fi
|
||||
fi
|
||||
|
||||
qemu_support_kvm && readme.gentoo_create_doc
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
if qemu_support_kvm; then
|
||||
readme.gentoo_print_elog
|
||||
fi
|
||||
|
||||
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
|
||||
udev_reload
|
||||
fi
|
||||
|
||||
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
|
||||
}
|
||||
|
||||
pkg_info() {
|
||||
echo "Using:"
|
||||
echo " $(best_version app-emulation/spice-protocol)"
|
||||
echo " $(best_version sys-firmware/ipxe)"
|
||||
echo " $(best_version sys-firmware/seabios)"
|
||||
if has_version 'sys-firmware/seabios[binary]'; then
|
||||
echo " USE=binary"
|
||||
else
|
||||
echo " USE=''"
|
||||
fi
|
||||
echo " $(best_version sys-firmware/vgabios)"
|
||||
}
|
Loading…
Reference in New Issue
Block a user