From 4aa328d7c1f889c4aa918d8f3a8e7bad62750f7045c0ea89ca85a9e5e907e4ab Mon Sep 17 00:00:00 2001 From: Bruce Rogers Date: Wed, 15 Mar 2017 19:38:55 +0000 Subject: [PATCH] Accepting request 461715 from Virtualization:Staging Update to v2.8.0, including integration of SLE qemu package so we are "Factory First" again for SLE qemu. Includes some spec file tweaks/cleanups as well. A number of post v2.8.0 security fixes are also included. OBS-URL: https://build.opensuse.org/request/show/461715 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=329 --- 0001-XXX-dont-dump-core-on-sigabort.patch | 8 +- ...-qemu-binfmt-conf-Modify-default-pat.patch | 4 +- 0003-qemu-cvs-alsa_bitfield.patch | 6 +- 0004-qemu-cvs-alsa_ioctl.patch | 18 +- 0005-qemu-cvs-alsa_mmap.patch | 8 +- 0006-qemu-cvs-gettimeofday.patch | 6 +- 0007-qemu-cvs-ioctl_debug.patch | 6 +- 0008-qemu-cvs-ioctl_nodirection.patch | 8 +- ...-linux-user-add-binfmt-wrapper-for-a.patch | 18 +- 0010-PPC-KVM-Disable-mmu-notifier-check.patch | 8 +- 0011-linux-user-fix-segfault-deadlock.patch | 4 +- ...-linux-user-binfmt-support-host-bina.patch | 4 +- ...=> 0013-linux-user-Fake-proc-cpuinfo.patch | 8 +- 0013-linux-user-lock-tcg.patch | 157 ---- ...-linux-user-Run-multi-threaded-code-.patch | 40 - ...> 0014-linux-user-XXX-disable-fiemap.patch | 6 +- 0015-linux-user-lock-tb-flushing-too.patch | 122 --- ...going.patch => 0015-slirp-nooutgoing.patch | 20 +- ...-vnc-password-file-and-incoming-conn.patch | 26 +- ...-linux-user-implement-FS_IOC_GETFLAG.patch | 42 - ... => 0017-linux-user-use-target_ulong.patch | 8 +- ...-block-Add-support-for-DictZip-enabl.patch | 10 +- ...-linux-user-implement-FS_IOC_SETFLAG.patch | 41 - ... 0019-block-Add-tar-container-format.patch | 10 +- ...-Legacy-Patch-kvm-qemu-preXX-dictzip.patch | 4 +- ...-console-add-question-mark-escape-op.patch | 6 +- ...-Make-char-muxer-more-robust-wrt-sma.patch | 26 +- ...-linux-user-lseek-explicitly-cast-no.patch | 6 +- ...-virtfs-proxy-helper-Provide-__u64-f.patch | 4 +- ...-configure-Enable-PIE-for-ppc-and-pp.patch | 6 +- ...-AIO-Reduce-number-of-threads-for-32.patch | 4 +- ...27-dictzip-Fix-on-big-endian-systems.patch | 4 +- ...-xen_disk-Add-suse-specific-flush-di.patch | 10 +- ...-qemu-bridge-helper-reduce-security-.patch | 4 +- ...-qemu-binfmt-conf-use-qemu-ARCH-binf.patch | 4 +- ...-configure-Fix-detection-of-seccomp-.patch | 6 +- ...-linux-user-properly-test-for-infini.patch | 6 +- ...-linux-user-remove-all-traces-of-qem.patch | 6 +- ...-dma-rc4030-limit-interval-timer-rel.patch | 4 +- ...-xen-SUSE-xenlinux-unplug-for-emulat.patch | 47 -- ...-net-imx-limit-buffer-descriptor-cou.patch | 4 +- ...-roms-Makefile-pass-a-packaging-time.patch | 10 +- ...-Raise-soft-address-space-limit-to-h.patch | 55 ++ ...-increase-x86_64-physical-bits-to-42.patch | 33 + ...-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch | 32 - ...-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch | 64 ++ 0040-i8254-Fix-migration-from-SLE11-SP2.patch | 43 + ...-acpi_piix4-Fix-migration-from-SLE11.patch | 31 + ...-vmsvga-correct-bitmap-and-pixmap-si.patch | 45 -- 0042-Fix-tigervnc-long-press-issue.patch | 55 ++ ...-scsi-mptconfig-fix-an-assert-expres.patch | 36 - 0043-fix-xen-hvm-direct-kernel-boot.patch | 54 ++ ...-scsi-mptconfig-fix-misuse-of-MPTSAS.patch | 40 - ...-ARM-KVM-Enable-in-kernel-timers-wit.patch | 236 ++++++ ...-scsi-pvscsi-limit-loop-to-fetch-SG-.patch | 64 -- ...-usb-xhci-fix-memory-leak-in-usb_xhc.patch | 32 - ...-virtio-gpu-call-cleanup-mapping-fun.patch | 44 + ...-scsi-mptsas-use-g_new0-to-allocate-.patch | 35 - ...-string-input-visitor-Fix-uint64-par.patch | 133 +++ ...-scsi-pvscsi-limit-process-IO-loop-t.patch | 38 - ...-test-string-input-visitor-Add-int-t.patch | 34 + ...-test-string-input-visitor-Add-uint6.patch | 57 ++ ...-virtio-add-check-for-descriptor-s-m.patch | 38 - ...-net-mcf-limit-buffer-descriptor-cou.patch | 52 -- 0049-tests-Add-QOM-property-unit-tests.patch | 179 +++++ 0050-tests-Add-scsi-disk-test.patch | 142 ++++ ...-usb-ehci-fix-memory-leak-in-ehci_pr.patch | 32 - ...-virtio-gpu-fix-information-leak-in-.patch | 40 + ...-xhci-limit-the-number-of-link-trbs-.patch | 68 -- ...-9pfs-allocate-space-for-guest-origi.patch | 58 -- ...-display-cirrus-ignore-source-pitch-.patch | 72 ++ 0053-9pfs-fix-memory-leak-in-v9fs_link.patch | 32 - ...-s390x-kvm-fix-small-race-reboot-vs..patch | 34 + ...-9pfs-fix-potential-host-memory-leak.patch | 39 - ...-target-s390x-use-qemu-cpu-model-in-.patch | 32 + ...-9pfs-fix-information-leak-in-xattr-.patch | 32 - ...-linux-user-exclude-cpu-model-code-w.patch | 35 + ...-9pfs-fix-memory-leak-in-v9fs_xattrc.patch | 35 - ...-tests-check-path-to-avoid-a-failing.patch | 30 + 0057-9pfs-fix-memory-leak-in-v9fs_write.patch | 33 - ...-display-virtio-gpu-3d-check-virgl-c.patch | 40 + ...-char-serial-check-divider-value-aga.patch | 37 - 0058-watchdog-6300esb-add-exit-function.patch | 46 ++ ...-net-pcnet-check-rx-tx-descriptor-ri.patch | 37 - ...-virtio-gpu-3d-fix-memory-leak-in-re.patch | 41 + ...-net-eepro100-fix-memory-leak-in-dev.patch | 30 - ...-virtio-gpu-fix-memory-leak-in-resou.patch | 35 + ...-net-rocker-set-limit-to-DMA-buffer-.patch | 36 - ...-virtio-fix-vq-inuse-recalc-after-mi.patch | 53 ++ 0062-audio-es1370-add-exit-function.patch | 55 ++ ...-net-vmxnet-initialise-local-tx-desc.patch | 33 - 0063-audio-ac97-add-exit-function.patch | 52 ++ ...-net-rtl8139-limit-processing-of-rin.patch | 34 - ...-audio-intel-hda-check-stream-entry-.patch | 38 - ...-megasas-fix-guest-triggered-memory-.patch | 64 ++ ...-cirrus-handle-negative-pitch-in-cir.patch | 49 ++ ...-virtio-gpu-fix-memory-leak-in-virti.patch | 35 - ...-9pfs-fix-integer-overflow-issue-in-.patch | 92 --- ...-cirrus-fix-blit-address-mask-handli.patch | 103 +++ ...-cirrus-fix-oob-access-issue-CVE-201.patch | 48 ++ 0068-usb-ccid-check-ccid-apdu-length.patch | 35 + ...-sd-sdhci-check-data-length-during-d.patch | 37 + ...-virtio-gpu-fix-resource-leak-in-vir.patch | 48 ++ 0071-cirrus-fix-patterncopy-checks.patch | 103 +++ ...-cirrus-add-blit_is_unsafe-call-to-c.patch | 49 ++ ipxe-use-gcc6-for-more-compact-code.patch | 23 + kvm_stat.1.gz | 3 + qemu-2.7.0.tar.bz2 | 3 - qemu-2.7.0.tar.bz2.sig | Bin 287 -> 0 bytes qemu-2.8.0.tar.bz2 | 3 + qemu-2.8.0.tar.bz2.sig | Bin 0 -> 287 bytes qemu-ga.service | 2 +- qemu-ifup | 18 +- qemu-linux-user.changes | 310 +++++++ qemu-linux-user.spec | 172 ++-- qemu-linux-user.spec.in | 50 +- qemu-testsuite.changes | 350 ++++++++ qemu-testsuite.spec | 382 +++++---- qemu.changes | 350 ++++++++ qemu.spec | 382 +++++---- qemu.spec.in | 261 ++++-- seabios_128kb.patch | 73 +- slof_xhci.patch | 155 ---- supported.arm.txt | 755 ++++++++++++++++++ supported.ppc.txt | 5 + supported.s390.txt | 754 +++++++++++++++++ supported.x86.txt | 755 ++++++++++++++++++ update_git.sh | 4 +- 128 files changed, 6555 insertions(+), 2378 deletions(-) rename 0016-linux-user-Fake-proc-cpuinfo.patch => 0013-linux-user-Fake-proc-cpuinfo.patch (88%) delete mode 100644 0013-linux-user-lock-tcg.patch delete mode 100644 0014-linux-user-Run-multi-threaded-code-.patch rename 0019-linux-user-XXX-disable-fiemap.patch => 0014-linux-user-XXX-disable-fiemap.patch (79%) delete mode 100644 0015-linux-user-lock-tb-flushing-too.patch rename 0020-slirp-nooutgoing.patch => 0015-slirp-nooutgoing.patch (87%) rename 0021-vnc-password-file-and-incoming-conn.patch => 0016-vnc-password-file-and-incoming-conn.patch (80%) delete mode 100644 0017-linux-user-implement-FS_IOC_GETFLAG.patch rename 0022-linux-user-use-target_ulong.patch => 0017-linux-user-use-target_ulong.patch (92%) rename 0023-block-Add-support-for-DictZip-enabl.patch => 0018-block-Add-support-for-DictZip-enabl.patch (99%) delete mode 100644 0018-linux-user-implement-FS_IOC_SETFLAG.patch rename 0024-block-Add-tar-container-format.patch => 0019-block-Add-tar-container-format.patch (98%) rename 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch => 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch (94%) rename 0026-console-add-question-mark-escape-op.patch => 0021-console-add-question-mark-escape-op.patch (86%) rename 0027-Make-char-muxer-more-robust-wrt-sma.patch => 0022-Make-char-muxer-more-robust-wrt-sma.patch (75%) rename 0028-linux-user-lseek-explicitly-cast-no.patch => 0023-linux-user-lseek-explicitly-cast-no.patch (88%) rename 0029-virtfs-proxy-helper-Provide-__u64-f.patch => 0024-virtfs-proxy-helper-Provide-__u64-f.patch (88%) rename 0030-configure-Enable-PIE-for-ppc-and-pp.patch => 0025-configure-Enable-PIE-for-ppc-and-pp.patch (85%) rename 0031-AIO-Reduce-number-of-threads-for-32.patch => 0026-AIO-Reduce-number-of-threads-for-32.patch (92%) rename 0032-dictzip-Fix-on-big-endian-systems.patch => 0027-dictzip-Fix-on-big-endian-systems.patch (98%) rename 0033-xen_disk-Add-suse-specific-flush-di.patch => 0028-xen_disk-Add-suse-specific-flush-di.patch (85%) rename 0035-qemu-bridge-helper-reduce-security-.patch => 0029-qemu-bridge-helper-reduce-security-.patch (96%) rename 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch => 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch (91%) rename 0037-configure-Fix-detection-of-seccomp-.patch => 0031-configure-Fix-detection-of-seccomp-.patch (79%) rename 0038-linux-user-properly-test-for-infini.patch => 0032-linux-user-properly-test-for-infini.patch (84%) rename 0040-linux-user-remove-all-traces-of-qem.patch => 0033-linux-user-remove-all-traces-of-qem.patch (93%) rename 0067-dma-rc4030-limit-interval-timer-rel.patch => 0034-dma-rc4030-limit-interval-timer-rel.patch (91%) delete mode 100644 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch rename 0068-net-imx-limit-buffer-descriptor-cou.patch => 0035-net-imx-limit-buffer-descriptor-cou.patch (93%) rename 0069-roms-Makefile-pass-a-packaging-time.patch => 0036-roms-Makefile-pass-a-packaging-time.patch (90%) create mode 100644 0037-Raise-soft-address-space-limit-to-h.patch create mode 100644 0038-increase-x86_64-physical-bits-to-42.patch delete mode 100644 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch create mode 100644 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch create mode 100644 0040-i8254-Fix-migration-from-SLE11-SP2.patch create mode 100644 0041-acpi_piix4-Fix-migration-from-SLE11.patch delete mode 100644 0041-vmsvga-correct-bitmap-and-pixmap-si.patch create mode 100644 0042-Fix-tigervnc-long-press-issue.patch delete mode 100644 0042-scsi-mptconfig-fix-an-assert-expres.patch create mode 100644 0043-fix-xen-hvm-direct-kernel-boot.patch delete mode 100644 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch create mode 100644 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch delete mode 100644 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch delete mode 100644 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch create mode 100644 0045-virtio-gpu-call-cleanup-mapping-fun.patch delete mode 100644 0046-scsi-mptsas-use-g_new0-to-allocate-.patch create mode 100644 0046-string-input-visitor-Fix-uint64-par.patch delete mode 100644 0047-scsi-pvscsi-limit-process-IO-loop-t.patch create mode 100644 0047-test-string-input-visitor-Add-int-t.patch create mode 100644 0048-test-string-input-visitor-Add-uint6.patch delete mode 100644 0048-virtio-add-check-for-descriptor-s-m.patch delete mode 100644 0049-net-mcf-limit-buffer-descriptor-cou.patch create mode 100644 0049-tests-Add-QOM-property-unit-tests.patch create mode 100644 0050-tests-Add-scsi-disk-test.patch delete mode 100644 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch create mode 100644 0051-virtio-gpu-fix-information-leak-in-.patch delete mode 100644 0051-xhci-limit-the-number-of-link-trbs-.patch delete mode 100644 0052-9pfs-allocate-space-for-guest-origi.patch create mode 100644 0052-display-cirrus-ignore-source-pitch-.patch delete mode 100644 0053-9pfs-fix-memory-leak-in-v9fs_link.patch create mode 100644 0053-s390x-kvm-fix-small-race-reboot-vs..patch delete mode 100644 0054-9pfs-fix-potential-host-memory-leak.patch create mode 100644 0054-target-s390x-use-qemu-cpu-model-in-.patch delete mode 100644 0055-9pfs-fix-information-leak-in-xattr-.patch create mode 100644 0055-linux-user-exclude-cpu-model-code-w.patch delete mode 100644 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch create mode 100644 0056-tests-check-path-to-avoid-a-failing.patch delete mode 100644 0057-9pfs-fix-memory-leak-in-v9fs_write.patch create mode 100644 0057-display-virtio-gpu-3d-check-virgl-c.patch delete mode 100644 0058-char-serial-check-divider-value-aga.patch create mode 100644 0058-watchdog-6300esb-add-exit-function.patch delete mode 100644 0059-net-pcnet-check-rx-tx-descriptor-ri.patch create mode 100644 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch delete mode 100644 0060-net-eepro100-fix-memory-leak-in-dev.patch create mode 100644 0060-virtio-gpu-fix-memory-leak-in-resou.patch delete mode 100644 0061-net-rocker-set-limit-to-DMA-buffer-.patch create mode 100644 0061-virtio-fix-vq-inuse-recalc-after-mi.patch create mode 100644 0062-audio-es1370-add-exit-function.patch delete mode 100644 0062-net-vmxnet-initialise-local-tx-desc.patch create mode 100644 0063-audio-ac97-add-exit-function.patch delete mode 100644 0063-net-rtl8139-limit-processing-of-rin.patch delete mode 100644 0064-audio-intel-hda-check-stream-entry-.patch create mode 100644 0064-megasas-fix-guest-triggered-memory-.patch create mode 100644 0065-cirrus-handle-negative-pitch-in-cir.patch delete mode 100644 0065-virtio-gpu-fix-memory-leak-in-virti.patch delete mode 100644 0066-9pfs-fix-integer-overflow-issue-in-.patch create mode 100644 0066-cirrus-fix-blit-address-mask-handli.patch create mode 100644 0067-cirrus-fix-oob-access-issue-CVE-201.patch create mode 100644 0068-usb-ccid-check-ccid-apdu-length.patch create mode 100644 0069-sd-sdhci-check-data-length-during-d.patch create mode 100644 0070-virtio-gpu-fix-resource-leak-in-vir.patch create mode 100644 0071-cirrus-fix-patterncopy-checks.patch create mode 100644 0072-cirrus-add-blit_is_unsafe-call-to-c.patch create mode 100644 ipxe-use-gcc6-for-more-compact-code.patch create mode 100644 kvm_stat.1.gz delete mode 100644 qemu-2.7.0.tar.bz2 delete mode 100644 qemu-2.7.0.tar.bz2.sig create mode 100644 qemu-2.8.0.tar.bz2 create mode 100644 qemu-2.8.0.tar.bz2.sig delete mode 100644 slof_xhci.patch create mode 100644 supported.arm.txt create mode 100644 supported.ppc.txt create mode 100644 supported.s390.txt create mode 100644 supported.x86.txt diff --git a/0001-XXX-dont-dump-core-on-sigabort.patch b/0001-XXX-dont-dump-core-on-sigabort.patch index d1d657b2..fc19c584 100644 --- a/0001-XXX-dont-dump-core-on-sigabort.patch +++ b/0001-XXX-dont-dump-core-on-sigabort.patch @@ -1,4 +1,4 @@ -From 69e1d0ef9e44d913774efb96b19ad43b037be920 Mon Sep 17 00:00:00 2001 +From cf0874f4e213436a13e06cd650cb6addc2abc3bc Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 21 Nov 2011 23:50:36 +0100 Subject: [PATCH] XXX dont dump core on sigabort @@ -8,10 +8,10 @@ Subject: [PATCH] XXX dont dump core on sigabort 1 file changed, 6 insertions(+) diff --git a/linux-user/signal.c b/linux-user/signal.c -index 9a4d894..2a07043 100644 +index c750053edd..cb3bc8fcb3 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c -@@ -526,6 +526,10 @@ static void QEMU_NORETURN force_sig(int target_sig) +@@ -560,6 +560,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig) trace_user_force_sig(env, target_sig, host_sig); gdb_signalled(env, target_sig); @@ -22,7 +22,7 @@ index 9a4d894..2a07043 100644 /* dump core if supported by target binary format */ if (core_dump_signal(target_sig) && (ts->bprm->core_dump != NULL)) { stop_all_tasks(); -@@ -543,6 +547,8 @@ static void QEMU_NORETURN force_sig(int target_sig) +@@ -577,6 +581,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig) target_sig, strsignal(host_sig), "core dumped" ); } diff --git a/0002-qemu-binfmt-conf-Modify-default-pat.patch b/0002-qemu-binfmt-conf-Modify-default-pat.patch index 0c60de2e..f0df3864 100644 --- a/0002-qemu-binfmt-conf-Modify-default-pat.patch +++ b/0002-qemu-binfmt-conf-Modify-default-pat.patch @@ -1,4 +1,4 @@ -From 92a7da288949c5f96e4aef3281652d5cd8a903bf Mon Sep 17 00:00:00 2001 +From e9b62c0a3fc4fbc6b7feca4ae9e1a336439d9ff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Wed, 10 Aug 2016 19:00:24 +0200 Subject: [PATCH] qemu-binfmt-conf: Modify default path @@ -14,7 +14,7 @@ Signed-off-by: Andreas Färber 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh -index de4d1c1..7640255 100755 +index de4d1c13d4..764025580d 100755 --- a/scripts/qemu-binfmt-conf.sh +++ b/scripts/qemu-binfmt-conf.sh @@ -259,7 +259,7 @@ BINFMT_SET=qemu_register_interpreter diff --git a/0003-qemu-cvs-alsa_bitfield.patch b/0003-qemu-cvs-alsa_bitfield.patch index adc111e4..e6369df8 100644 --- a/0003-qemu-cvs-alsa_bitfield.patch +++ b/0003-qemu-cvs-alsa_bitfield.patch @@ -1,4 +1,4 @@ -From 3861f88d6d47d16a289dc17b94ed7ca8a7955280 Mon Sep 17 00:00:00 2001 +From beff0040fcb19dce316f3e07a0c7711cf8545d63 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 14 Apr 2009 16:20:50 +0200 Subject: [PATCH] qemu-cvs-alsa_bitfield @@ -13,7 +13,7 @@ Signed-off-by: Ulrich Hecht 2 files changed, 24 insertions(+) diff --git a/include/exec/user/thunk.h b/include/exec/user/thunk.h -index f19ef4b..b2659e0 100644 +index f19ef4b230..b2659e0def 100644 --- a/include/exec/user/thunk.h +++ b/include/exec/user/thunk.h @@ -37,6 +37,7 @@ typedef enum argtype { @@ -41,7 +41,7 @@ index f19ef4b..b2659e0 100644 case TYPE_LONGLONG: case TYPE_ULONGLONG: diff --git a/thunk.c b/thunk.c -index 2dac366..0eb7286 100644 +index 2dac36666d..0eb72861fe 100644 --- a/thunk.c +++ b/thunk.c @@ -37,6 +37,7 @@ static inline const argtype *thunk_type_next(const argtype *type_ptr) diff --git a/0004-qemu-cvs-alsa_ioctl.patch b/0004-qemu-cvs-alsa_ioctl.patch index 55496d14..53e2b2ed 100644 --- a/0004-qemu-cvs-alsa_ioctl.patch +++ b/0004-qemu-cvs-alsa_ioctl.patch @@ -1,4 +1,4 @@ -From 219067ccab5735ed9ae70c6079d5676cc6431727 Mon Sep 17 00:00:00 2001 +From 8a4092a66e29d360d3371ac7ab9e5087294640b8 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 14 Apr 2009 16:23:27 +0200 Subject: [PATCH] qemu-cvs-alsa_ioctl @@ -25,10 +25,10 @@ Signed-off-by: Andreas Färber create mode 100644 linux-user/syscall_types_alsa.h diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h -index 7e2c133..cf8851d 100644 +index 1bad701481..f2d9020c79 100644 --- a/linux-user/ioctls.h +++ b/linux-user/ioctls.h -@@ -348,6 +348,11 @@ +@@ -351,6 +351,11 @@ IOCTL(VFAT_IOCTL_READDIR_BOTH, IOC_R, MK_PTR(MK_ARRAY(MK_STRUCT(STRUCT_dirent), 2))) IOCTL(VFAT_IOCTL_READDIR_SHORT, IOC_R, MK_PTR(MK_ARRAY(MK_STRUCT(STRUCT_dirent), 2))) @@ -42,7 +42,7 @@ index 7e2c133..cf8851d 100644 IOCTL(LOOP_SET_STATUS, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info))) diff --git a/linux-user/ioctls_alsa.h b/linux-user/ioctls_alsa.h new file mode 100644 -index 0000000..c2aa542 +index 0000000000..c2aa542c3b --- /dev/null +++ b/linux-user/ioctls_alsa.h @@ -0,0 +1,467 @@ @@ -515,7 +515,7 @@ index 0000000..c2aa542 +IOCTL( SND_SSCAPE_LOAD_MCODE , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sscape_microcode)) ) diff --git a/linux-user/ioctls_alsa_structs.h b/linux-user/ioctls_alsa_structs.h new file mode 100644 -index 0000000..e09a30d +index 0000000000..e09a30defb --- /dev/null +++ b/linux-user/ioctls_alsa_structs.h @@ -0,0 +1,1740 @@ @@ -2260,10 +2260,10 @@ index 0000000..e09a30d + unsigned char *code; +}; diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h -index 7835654..b869b3d 100644 +index 0b15466743..bb3ed3c356 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h -@@ -2591,6 +2591,8 @@ struct target_ucred { +@@ -2640,6 +2640,8 @@ struct target_ucred { uint32_t gid; }; @@ -2273,7 +2273,7 @@ index 7835654..b869b3d 100644 #define TARGET_SIGEV_MAX_SIZE 64 diff --git a/linux-user/syscall_types.h b/linux-user/syscall_types.h -index af79fbf..4d99a9d 100644 +index af79fbf1de..4d99a9dd8b 100644 --- a/linux-user/syscall_types.h +++ b/linux-user/syscall_types.h @@ -83,6 +83,11 @@ STRUCT(buffmem_desc, @@ -2290,7 +2290,7 @@ index af79fbf..4d99a9d 100644 TYPE_INT, /* lo_number */ diff --git a/linux-user/syscall_types_alsa.h b/linux-user/syscall_types_alsa.h new file mode 100644 -index 0000000..72622ae +index 0000000000..72622ae9a2 --- /dev/null +++ b/linux-user/syscall_types_alsa.h @@ -0,0 +1,1336 @@ diff --git a/0005-qemu-cvs-alsa_mmap.patch b/0005-qemu-cvs-alsa_mmap.patch index c2b0e8e7..f2e71510 100644 --- a/0005-qemu-cvs-alsa_mmap.patch +++ b/0005-qemu-cvs-alsa_mmap.patch @@ -1,4 +1,4 @@ -From b62c901c47e3f38336c4aeb1e98a6140b4fe3469 Mon Sep 17 00:00:00 2001 +From 9ef9e8d6c450c2f5332f9ab82c7fc4750c5b7cb4 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 14 Apr 2009 16:24:15 +0200 Subject: [PATCH] qemu-cvs-alsa_mmap @@ -12,10 +12,10 @@ Signed-off-by: Ulrich Hecht 1 file changed, 14 insertions(+) diff --git a/linux-user/mmap.c b/linux-user/mmap.c -index c4371d9..68a655e 100644 +index 61685bf79e..a428eb867f 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c -@@ -357,6 +357,9 @@ abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size) +@@ -360,6 +360,9 @@ abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size) } } @@ -25,7 +25,7 @@ index c4371d9..68a655e 100644 /* NOTE: all the constants are the HOST ones */ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, int flags, int fd, abi_ulong offset) -@@ -391,6 +394,17 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, +@@ -394,6 +397,17 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, } #endif diff --git a/0006-qemu-cvs-gettimeofday.patch b/0006-qemu-cvs-gettimeofday.patch index 1953c985..b759c969 100644 --- a/0006-qemu-cvs-gettimeofday.patch +++ b/0006-qemu-cvs-gettimeofday.patch @@ -1,4 +1,4 @@ -From 4259605f8b9d113ff33c395ad6232f076e4e261d Mon Sep 17 00:00:00 2001 +From e073096e40ec4d1d2b90e9e289190d9098c44dbb Mon Sep 17 00:00:00 2001 From: Ulrich Hecht Date: Tue, 14 Apr 2009 16:25:41 +0200 Subject: [PATCH] qemu-cvs-gettimeofday @@ -9,10 +9,10 @@ No clue what this is for. 1 file changed, 2 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index ca06943..f120665 100644 +index 7b77503f94..e6689466a7 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -8534,6 +8534,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, +@@ -8770,6 +8770,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, case TARGET_NR_gettimeofday: { struct timeval tv; diff --git a/0007-qemu-cvs-ioctl_debug.patch b/0007-qemu-cvs-ioctl_debug.patch index 3dad5644..edc0b1ce 100644 --- a/0007-qemu-cvs-ioctl_debug.patch +++ b/0007-qemu-cvs-ioctl_debug.patch @@ -1,4 +1,4 @@ -From 382d3ca372e660d6961fd6a250d2241c4923ec19 Mon Sep 17 00:00:00 2001 +From 34dcc1febe1a4806f5d2d34fad308f8d2890369a Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 14 Apr 2009 16:26:33 +0200 Subject: [PATCH] qemu-cvs-ioctl_debug @@ -12,10 +12,10 @@ Signed-off-by: Ulrich Hecht 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index f120665..1b3ed97 100644 +index e6689466a7..3479be6cd6 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5334,7 +5334,12 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) +@@ -5471,7 +5471,12 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) ie = ioctl_entries; for(;;) { if (ie->target_cmd == 0) { diff --git a/0008-qemu-cvs-ioctl_nodirection.patch b/0008-qemu-cvs-ioctl_nodirection.patch index defbe3cb..b9e09290 100644 --- a/0008-qemu-cvs-ioctl_nodirection.patch +++ b/0008-qemu-cvs-ioctl_nodirection.patch @@ -1,4 +1,4 @@ -From c0baf4a94377f6d64d632effb3ffe077c5f928e1 Mon Sep 17 00:00:00 2001 +From 380059e6c4e96538576a198fc771b14186e85112 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 14 Apr 2009 16:27:36 +0200 Subject: [PATCH] qemu-cvs-ioctl_nodirection @@ -15,10 +15,10 @@ Signed-off-by: Ulrich Hecht 1 file changed, 6 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 1b3ed97..8e69c15 100644 +index 3479be6cd6..2660a59897 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5367,6 +5367,11 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) +@@ -5504,6 +5504,11 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) arg_type++; target_size = thunk_type_size(arg_type, 0); switch(ie->access) { @@ -30,7 +30,7 @@ index 1b3ed97..8e69c15 100644 case IOC_R: ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp)); if (!is_error(ret)) { -@@ -5385,6 +5390,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) +@@ -5522,6 +5527,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) unlock_user(argptr, arg, 0); ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp)); break; diff --git a/0009-linux-user-add-binfmt-wrapper-for-a.patch b/0009-linux-user-add-binfmt-wrapper-for-a.patch index 68c0ee63..7c348538 100644 --- a/0009-linux-user-add-binfmt-wrapper-for-a.patch +++ b/0009-linux-user-add-binfmt-wrapper-for-a.patch @@ -1,4 +1,4 @@ -From 5a101ff0b5669280fa46d4f6d0f798f4b02bae5f Mon Sep 17 00:00:00 2001 +From fd1e321c4e9f0ed67e559bd830f747c92c60593f Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 30 Sep 2011 19:40:36 +0200 Subject: [PATCH] linux-user: add binfmt wrapper for argv[0] handling @@ -37,7 +37,7 @@ Signed-off-by: Andreas Färber create mode 100644 linux-user/binfmt.c diff --git a/Makefile.target b/Makefile.target -index a440bcb..a65c55f 100644 +index 7a5080e94a..aee2c41040 100644 --- a/Makefile.target +++ b/Makefile.target @@ -36,6 +36,10 @@ endif @@ -51,7 +51,7 @@ index a440bcb..a65c55f 100644 config-target.h: config-target.h-timestamp config-target.h-timestamp: config-target.mak -@@ -115,6 +119,8 @@ QEMU_CFLAGS+=-I$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR) \ +@@ -116,6 +120,8 @@ QEMU_CFLAGS+=-I$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR) \ obj-y += linux-user/ obj-y += gdbstub.o thunk.o user-exec.o @@ -60,7 +60,7 @@ index a440bcb..a65c55f 100644 endif #CONFIG_LINUX_USER ######################################################### -@@ -163,7 +169,11 @@ endif # CONFIG_SOFTMMU +@@ -164,7 +170,11 @@ endif # CONFIG_SOFTMMU # Workaround for http://gcc.gnu.org/PR55489, see configure. %/translate.o: QEMU_CFLAGS += $(TRANSLATE_OPT_CFLAGS) @@ -72,18 +72,18 @@ index a440bcb..a65c55f 100644 all-obj-y := $(obj-y) target-obj-y := -@@ -200,6 +210,9 @@ ifdef CONFIG_DARWIN - $(call quiet-command,SetFile -a C $@," SETFILE $(TARGET_DIR)$@") +@@ -201,6 +211,9 @@ ifdef CONFIG_DARWIN + $(call quiet-command,SetFile -a C $@,"SETFILE","$(TARGET_DIR)$@") endif +$(QEMU_PROG)-binfmt: $(obj-binfmt-y) + $(call LINK,$^) + gdbstub-xml.c: $(TARGET_XML_FILES) $(SRC_PATH)/scripts/feature_to_c.sh - $(call quiet-command,rm -f $@ && $(SHELL) $(SRC_PATH)/scripts/feature_to_c.sh $@ $(TARGET_XML_FILES)," GEN $(TARGET_DIR)$@") + $(call quiet-command,rm -f $@ && $(SHELL) $(SRC_PATH)/scripts/feature_to_c.sh $@ $(TARGET_XML_FILES),"GEN","$(TARGET_DIR)$@") diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs -index 8c93058..607ca2d 100644 +index 8c93058100..607ca2dc92 100644 --- a/linux-user/Makefile.objs +++ b/linux-user/Makefile.objs @@ -6,3 +6,5 @@ obj-$(TARGET_HAS_BFLT) += flatload.o @@ -94,7 +94,7 @@ index 8c93058..607ca2d 100644 +obj-binfmt-y = binfmt.o diff --git a/linux-user/binfmt.c b/linux-user/binfmt.c new file mode 100644 -index 0000000..cd1f513 +index 0000000000..cd1f513b33 --- /dev/null +++ b/linux-user/binfmt.c @@ -0,0 +1,42 @@ diff --git a/0010-PPC-KVM-Disable-mmu-notifier-check.patch b/0010-PPC-KVM-Disable-mmu-notifier-check.patch index b1021f17..ce837dd5 100644 --- a/0010-PPC-KVM-Disable-mmu-notifier-check.patch +++ b/0010-PPC-KVM-Disable-mmu-notifier-check.patch @@ -1,4 +1,4 @@ -From 9f443d183c7658812e0ffb147ae38cdb74ea94b7 Mon Sep 17 00:00:00 2001 +From 74afa369962dfa525f28913e0aaf0678362fc4cf Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 6 Jan 2012 01:05:55 +0100 Subject: [PATCH] PPC: KVM: Disable mmu notifier check @@ -13,12 +13,12 @@ KVM guests work there, even if possibly racy in some odd circumstances. 1 file changed, 2 insertions(+) diff --git a/exec.c b/exec.c -index 8ffde75..3ac8a82 100644 +index 08c558eecf..d55ab5574d 100644 --- a/exec.c +++ b/exec.c -@@ -1230,11 +1230,13 @@ static void *file_ram_alloc(RAMBlock *block, +@@ -1240,11 +1240,13 @@ static void *file_ram_alloc(RAMBlock *block, int fd = -1; - int64_t page_size; + int64_t file_size; +#ifndef TARGET_PPC if (kvm_enabled() && !kvm_has_sync_mmu()) { diff --git a/0011-linux-user-fix-segfault-deadlock.patch b/0011-linux-user-fix-segfault-deadlock.patch index 22028413..f596433d 100644 --- a/0011-linux-user-fix-segfault-deadlock.patch +++ b/0011-linux-user-fix-segfault-deadlock.patch @@ -1,4 +1,4 @@ -From 73678412d11f87834a901fe27d0d9882548be6ca Mon Sep 17 00:00:00 2001 +From 34a749afcf6ad03e116b6cfb59934e0853bda304 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 13 Jan 2012 17:05:41 +0100 Subject: [PATCH] linux-user: fix segfault deadlock @@ -26,7 +26,7 @@ Signed-off-by: Andreas Färber 1 file changed, 4 insertions(+) diff --git a/user-exec.c b/user-exec.c -index 95f9f97..eaeb0b4 100644 +index 6db075884d..a18d626250 100644 --- a/user-exec.c +++ b/user-exec.c @@ -65,6 +65,10 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address, diff --git a/0012-linux-user-binfmt-support-host-bina.patch b/0012-linux-user-binfmt-support-host-bina.patch index 9c31b1c6..00df34d7 100644 --- a/0012-linux-user-binfmt-support-host-bina.patch +++ b/0012-linux-user-binfmt-support-host-bina.patch @@ -1,4 +1,4 @@ -From 25dd5db5e0e1745dab305155db0f739b00e2ec92 Mon Sep 17 00:00:00 2001 +From 21c11182134222d441f5f1c701f776ac14e10eb8 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Thu, 2 Feb 2012 18:02:33 +0100 Subject: [PATCH] linux-user: binfmt: support host binaries @@ -12,7 +12,7 @@ Signed-off-by: Alexander Graf 1 file changed, 26 insertions(+) diff --git a/linux-user/binfmt.c b/linux-user/binfmt.c -index cd1f513..458f136 100644 +index cd1f513b33..458f136fb4 100644 --- a/linux-user/binfmt.c +++ b/linux-user/binfmt.c @@ -5,6 +5,9 @@ diff --git a/0016-linux-user-Fake-proc-cpuinfo.patch b/0013-linux-user-Fake-proc-cpuinfo.patch similarity index 88% rename from 0016-linux-user-Fake-proc-cpuinfo.patch rename to 0013-linux-user-Fake-proc-cpuinfo.patch index 6c823475..bfdc0f83 100644 --- a/0016-linux-user-Fake-proc-cpuinfo.patch +++ b/0013-linux-user-Fake-proc-cpuinfo.patch @@ -1,4 +1,4 @@ -From a5a2c846148a73ab5f060690a489ca6b14b6af4e Mon Sep 17 00:00:00 2001 +From 8af212a8fae1e0cdf32df61e5509799495eaa9e6 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 23 Jul 2012 10:24:14 +0200 Subject: [PATCH] linux-user: Fake /proc/cpuinfo @@ -22,10 +22,10 @@ Signed-off-by: Andreas Färber 1 file changed, 20 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 82195a2..4020ceb 100644 +index 2660a59897..a348927853 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -7142,6 +7142,25 @@ static int open_self_stat(void *cpu_env, int fd) +@@ -7359,6 +7359,25 @@ static int open_self_stat(void *cpu_env, int fd) return 0; } @@ -51,7 +51,7 @@ index 82195a2..4020ceb 100644 static int open_self_auxv(void *cpu_env, int fd) { CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env); -@@ -7256,6 +7275,7 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, +@@ -7473,6 +7492,7 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN) { "/proc/net/route", open_net_route, is_proc }, #endif diff --git a/0013-linux-user-lock-tcg.patch b/0013-linux-user-lock-tcg.patch deleted file mode 100644 index c89a97a3..00000000 --- a/0013-linux-user-lock-tcg.patch +++ /dev/null @@ -1,157 +0,0 @@ -From 9d58ff5695952626bf3fb74d6fe9b5d666c43ce6 Mon Sep 17 00:00:00 2001 -From: Alexander Graf -Date: Thu, 5 Jul 2012 17:31:39 +0200 -Subject: [PATCH] linux-user: lock tcg -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The tcg code generator is not thread safe. Lock its generation between -different threads. - -Signed-off-by: Alexander Graf -[AF: Rebased onto exec.c/translate-all.c split for 1.4] -[AF: Rebased for v2.1.0-rc0] -[AF: Rebased onto tcg_gen_code_common() drop for v2.5.0-rc0] -[AF: Rebased for v2.7.0-rc2] -Signed-off-by: Andreas Färber ---- - linux-user/mmap.c | 3 +++ - tcg/tcg.c | 29 +++++++++++++++++++++++++++++ - tcg/tcg.h | 6 ++++++ - 3 files changed, 38 insertions(+) - -diff --git a/linux-user/mmap.c b/linux-user/mmap.c -index 68a655e..d202e45 100644 ---- a/linux-user/mmap.c -+++ b/linux-user/mmap.c -@@ -22,6 +22,7 @@ - - #include "qemu.h" - #include "qemu-common.h" -+#include "tcg.h" - #include "translate-all.h" - - //#define DEBUG_MMAP -@@ -33,6 +34,7 @@ void mmap_lock(void) - { - if (mmap_lock_count++ == 0) { - pthread_mutex_lock(&mmap_mutex); -+ tcg_lock(); - } - } - -@@ -40,6 +42,7 @@ void mmap_unlock(void) - { - if (--mmap_lock_count == 0) { - pthread_mutex_unlock(&mmap_mutex); -+ tcg_unlock(); - } - } - -diff --git a/tcg/tcg.c b/tcg/tcg.c -index 42417bd..ef6ae10 100644 ---- a/tcg/tcg.c -+++ b/tcg/tcg.c -@@ -33,6 +33,8 @@ - #include "qemu/cutils.h" - #include "qemu/host-utils.h" - #include "qemu/timer.h" -+#include "config-host.h" -+#include "qemu/thread.h" - - /* Note: the long term plan is to reduce the dependencies on the QEMU - CPU definitions. Currently they are used for qemu_ld/st -@@ -120,6 +122,29 @@ static bool tcg_out_tb_finalize(TCGContext *s); - static TCGRegSet tcg_target_available_regs[2]; - static TCGRegSet tcg_target_call_clobber_regs; - -+#ifdef CONFIG_USER_ONLY -+static __thread int tcg_lock_count; -+#endif -+void tcg_lock(void) -+{ -+#ifdef CONFIG_USER_ONLY -+ TCGContext *s = &tcg_ctx; -+ if (tcg_lock_count++ == 0) { -+ qemu_mutex_lock(&s->lock); -+ } -+#endif -+} -+ -+void tcg_unlock(void) -+{ -+#ifdef CONFIG_USER_ONLY -+ TCGContext *s = &tcg_ctx; -+ if (--tcg_lock_count == 0) { -+ qemu_mutex_unlock(&s->lock); -+ } -+#endif -+} -+ - #if TCG_TARGET_INSN_UNIT_SIZE == 1 - static __attribute__((unused)) inline void tcg_out8(TCGContext *s, uint8_t v) - { -@@ -332,6 +357,7 @@ void tcg_context_init(TCGContext *s) - - memset(s, 0, sizeof(*s)); - s->nb_globals = 0; -+ qemu_mutex_init(&s->lock); - - /* Count total number of arguments and allocate the corresponding - space */ -@@ -2551,6 +2577,7 @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb) - qemu_log("\n"); - } - #endif -+ tcg_lock(); - - #ifdef CONFIG_PROFILER - s->opt_time -= profile_getclock(); -@@ -2673,6 +2700,7 @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb) - the buffer completely. Thus we can test for overflow after - generating code without having to check during generation. */ - if (unlikely((void *)s->code_ptr > s->code_gen_highwater)) { -+ tcg_unlock(); - return -1; - } - } -@@ -2686,6 +2714,7 @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb) - - /* flush instruction cache */ - flush_icache_range((uintptr_t)s->code_buf, (uintptr_t)s->code_ptr); -+ tcg_unlock(); - - return tcg_current_code_size(s); - } -diff --git a/tcg/tcg.h b/tcg/tcg.h -index 1bcabca..5c2522e 100644 ---- a/tcg/tcg.h -+++ b/tcg/tcg.h -@@ -29,6 +29,7 @@ - #include "cpu.h" - #include "exec/tb-context.h" - #include "qemu/bitops.h" -+#include "qemu/thread.h" - #include "tcg-target.h" - - /* XXX: make safe guess about sizes */ -@@ -697,6 +698,8 @@ struct TCGContext { - - uint16_t gen_insn_end_off[TCG_MAX_INSNS]; - target_ulong gen_insn_data[TCG_MAX_INSNS][TARGET_INSN_START_WORDS]; -+ -+ QemuMutex lock; - }; - - extern TCGContext tcg_ctx; -@@ -904,6 +907,9 @@ TCGOp *tcg_op_insert_after(TCGContext *s, TCGOp *op, TCGOpcode opc, int narg); - - void tcg_optimize(TCGContext *s); - -+extern void tcg_lock(void); -+extern void tcg_unlock(void); -+ - /* only used for debugging purposes */ - void tcg_dump_ops(TCGContext *s); - diff --git a/0014-linux-user-Run-multi-threaded-code-.patch b/0014-linux-user-Run-multi-threaded-code-.patch deleted file mode 100644 index 94d36b54..00000000 --- a/0014-linux-user-Run-multi-threaded-code-.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 394f7f1470c98525af7ac4aca52862837257e94a Mon Sep 17 00:00:00 2001 -From: Alexander Graf -Date: Tue, 10 Jul 2012 20:40:55 +0200 -Subject: [PATCH] linux-user: Run multi-threaded code on a single core - -Running multi-threaded code can easily expose some of the fundamental -breakages in QEMU's design. It's just not a well supported scenario. - -So if we pin the whole process to a single host CPU, we guarantee that -we will never have concurrent memory access actually happen. We can still -get scheduled away at any time, so it's no complete guarantee, but apparently -it reduces the odds well enough to get my test cases to pass. - -This gets Java 1.7 working for me again on my test box. - -Signed-off-by: Alexander Graf ---- - linux-user/syscall.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 8e69c15..82195a2 100644 ---- a/linux-user/syscall.c -+++ b/linux-user/syscall.c -@@ -6010,6 +6010,15 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, - if (nptl_flags & CLONE_SETTLS) - cpu_set_tls (new_env, newtls); - -+ /* agraf: Pin ourselves to a single CPU when running multi-threaded. -+ This turned out to improve stability for me. */ -+ { -+ cpu_set_t mask; -+ CPU_ZERO(&mask); -+ CPU_SET(0, &mask); -+ sched_setaffinity(0, sizeof(mask), &mask); -+ } -+ - /* Grab a mutex so that thread setup appears atomic. */ - pthread_mutex_lock(&clone_lock); - diff --git a/0019-linux-user-XXX-disable-fiemap.patch b/0014-linux-user-XXX-disable-fiemap.patch similarity index 79% rename from 0019-linux-user-XXX-disable-fiemap.patch rename to 0014-linux-user-XXX-disable-fiemap.patch index 2eda2d14..1327c89a 100644 --- a/0019-linux-user-XXX-disable-fiemap.patch +++ b/0014-linux-user-XXX-disable-fiemap.patch @@ -1,4 +1,4 @@ -From dbab3749b22bb80f92af3b7ce5892fe2b4199323 Mon Sep 17 00:00:00 2001 +From 772c86a0d02d6869d7ef06b666ff26824eb9ca3e Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 21 Aug 2012 14:20:40 +0200 Subject: [PATCH] linux-user: XXX disable fiemap @@ -9,10 +9,10 @@ agraf: fiemap breaks in libarchive. Disable it for now. 1 file changed, 5 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 4020ceb..483efb0 100644 +index a348927853..b04fade80e 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -4806,6 +4806,11 @@ static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp, +@@ -4938,6 +4938,11 @@ static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp, uint32_t outbufsz; int free_fm = 0; diff --git a/0015-linux-user-lock-tb-flushing-too.patch b/0015-linux-user-lock-tb-flushing-too.patch deleted file mode 100644 index 72e2a49e..00000000 --- a/0015-linux-user-lock-tb-flushing-too.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 0f2a2996a00880f39c8654797cd512013983d32a Mon Sep 17 00:00:00 2001 -From: Alexander Graf -Date: Wed, 11 Jul 2012 16:47:42 +0200 -Subject: [PATCH] linux-user: lock tb flushing too -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Alexander Graf -[AF: Rebased onto exec.c/translate-all.c split for 1.4] -[AF: Rebased onto tb_alloc() changes for v2.5.0-rc0] -Signed-off-by: Andreas Färber ---- - translate-all.c | 20 ++++++++++++++++++-- - 1 file changed, 18 insertions(+), 2 deletions(-) - -diff --git a/translate-all.c b/translate-all.c -index 0dd6466..1e7c61b 100644 ---- a/translate-all.c -+++ b/translate-all.c -@@ -767,17 +767,21 @@ static TranslationBlock *tb_alloc(target_ulong pc) - { - TranslationBlock *tb; - -+ tcg_lock(); - if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks) { -+ tcg_unlock(); - return NULL; - } - tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++]; - tb->pc = pc; - tb->cflags = 0; -+ tcg_unlock(); - return tb; - } - - void tb_free(TranslationBlock *tb) - { -+ tcg_lock(); - /* In practice this is mostly used for single use temporary TB - Ignore the hard cases and just back up if this TB happens to - be the last one generated. */ -@@ -786,6 +790,7 @@ void tb_free(TranslationBlock *tb) - tcg_ctx.code_gen_ptr = tb->tc_ptr; - tcg_ctx.tb_ctx.nb_tbs--; - } -+ tcg_unlock(); - } - - static inline void invalidate_page_bitmap(PageDesc *p) -@@ -844,6 +849,7 @@ void tb_flush(CPUState *cpu) - ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) / - tcg_ctx.tb_ctx.nb_tbs : 0); - #endif -+ tcg_lock(); - if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) - > tcg_ctx.code_gen_buffer_size) { - cpu_abort(cpu, "Internal error: code buffer overflow\n"); -@@ -862,6 +868,7 @@ void tb_flush(CPUState *cpu) - /* XXX: flush processor icache at this point if cache flush is - expensive */ - tcg_ctx.tb_ctx.tb_flush_count++; -+ tcg_unlock(); - } - - #ifdef DEBUG_TB_CHECK -@@ -1320,8 +1327,10 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, - uint32_t current_flags = 0; - #endif /* TARGET_HAS_PRECISE_SMC */ - -+ tcg_lock(); - p = page_find(start >> TARGET_PAGE_BITS); - if (!p) { -+ tcg_unlock(); - return; - } - #if defined(TARGET_HAS_PRECISE_SMC) -@@ -1392,6 +1401,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, - cpu_loop_exit_noexc(cpu); - } - #endif -+ tcg_unlock(); - } - - #ifdef CONFIG_SOFTMMU -@@ -1509,13 +1519,16 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) - { - int m_min, m_max, m; - uintptr_t v; -- TranslationBlock *tb; -+ TranslationBlock *tb, *r; - -+ tcg_lock(); - if (tcg_ctx.tb_ctx.nb_tbs <= 0) { -+ tcg_unlock(); - return NULL; - } - if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer || - tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) { -+ tcg_unlock(); - return NULL; - } - /* binary search (cf Knuth) */ -@@ -1526,6 +1539,7 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) - tb = &tcg_ctx.tb_ctx.tbs[m]; - v = (uintptr_t)tb->tc_ptr; - if (v == tc_ptr) { -+ tcg_unlock(); - return tb; - } else if (tc_ptr < v) { - m_max = m - 1; -@@ -1533,7 +1547,9 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) - m_min = m + 1; - } - } -- return &tcg_ctx.tb_ctx.tbs[m_max]; -+ r = &tcg_ctx.tb_ctx.tbs[m_max]; -+ tcg_unlock(); -+ return r; - } - - #if !defined(CONFIG_USER_ONLY) diff --git a/0020-slirp-nooutgoing.patch b/0015-slirp-nooutgoing.patch similarity index 87% rename from 0020-slirp-nooutgoing.patch rename to 0015-slirp-nooutgoing.patch index b411e1e4..72670d4a 100644 --- a/0020-slirp-nooutgoing.patch +++ b/0015-slirp-nooutgoing.patch @@ -1,4 +1,4 @@ -From 4f307877293d621bafe78abeca74db6b949b996d Mon Sep 17 00:00:00 2001 +From e69941d829cfb5d63a2c0f1606a4e58e6f33f9f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Wed, 29 Aug 2012 18:42:56 +0200 Subject: [PATCH] slirp: -nooutgoing @@ -12,10 +12,10 @@ TBD (from SUSE Studio team) 4 files changed, 39 insertions(+) diff --git a/qemu-options.hx b/qemu-options.hx -index a71aaf8..7f32069 100644 +index c534a2f7f9..7e6d6ecc17 100644 --- a/qemu-options.hx +++ b/qemu-options.hx -@@ -3132,6 +3132,16 @@ Store the QEMU process PID in @var{file}. It is useful if you launch QEMU +@@ -3162,6 +3162,16 @@ Store the QEMU process PID in @var{file}. It is useful if you launch QEMU from a script. ETEXI @@ -33,10 +33,10 @@ index a71aaf8..7f32069 100644 "-singlestep always run in singlestep mode\n", QEMU_ARCH_ALL) STEXI diff --git a/slirp/socket.c b/slirp/socket.c -index 280050a..4fe68bb 100644 +index 6c18971368..e39e3a07f0 100644 --- a/slirp/socket.c +++ b/slirp/socket.c -@@ -608,6 +608,8 @@ sorecvfrom(struct socket *so) +@@ -625,6 +625,8 @@ sorecvfrom(struct socket *so) } /* if ping packet */ } @@ -45,7 +45,7 @@ index 280050a..4fe68bb 100644 /* * sendto() a socket */ -@@ -625,6 +627,12 @@ sosendto(struct socket *so, struct mbuf *m) +@@ -642,6 +644,12 @@ sosendto(struct socket *so, struct mbuf *m) DEBUG_CALL(" sendto()ing)"); sotranslate_out(so, &addr); @@ -59,7 +59,7 @@ index 280050a..4fe68bb 100644 ret = sendto(so->s, m->m_data, m->m_len, 0, (struct sockaddr *)&addr, sockaddr_size(&addr)); diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c -index ed16e18..b2c7a8c 100644 +index ed16e1807f..b2c7a8cba0 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -391,6 +391,8 @@ tcp_sockclosed(struct tcpcb *tp) @@ -96,10 +96,10 @@ index ed16e18..b2c7a8c 100644 socket_set_fast_reuse(s); opt = 1; diff --git a/vl.c b/vl.c -index b3c80d5..1b8e591 100644 +index d77dd862f9..4427bf5e1a 100644 --- a/vl.c +++ b/vl.c -@@ -160,6 +160,7 @@ int smp_threads = 1; +@@ -162,6 +162,7 @@ int smp_threads = 1; int acpi_enabled = 1; int no_hpet = 0; int fd_bootchk = 1; @@ -107,7 +107,7 @@ index b3c80d5..1b8e591 100644 static int no_reboot; int no_shutdown = 0; int cursor_hide = 1; -@@ -3363,6 +3364,14 @@ int main(int argc, char **argv, char **envp) +@@ -3437,6 +3438,14 @@ int main(int argc, char **argv, char **envp) case QEMU_OPTION_singlestep: singlestep = 1; break; diff --git a/0021-vnc-password-file-and-incoming-conn.patch b/0016-vnc-password-file-and-incoming-conn.patch similarity index 80% rename from 0021-vnc-password-file-and-incoming-conn.patch rename to 0016-vnc-password-file-and-incoming-conn.patch index 2e7ebe12..7370c2a4 100644 --- a/0021-vnc-password-file-and-incoming-conn.patch +++ b/0016-vnc-password-file-and-incoming-conn.patch @@ -1,4 +1,4 @@ -From 5f1f3f07690386a731ecc7bea74c72ab9cb7d253 Mon Sep 17 00:00:00 2001 +From 4338d0069c38dddf42e1ac1b66414266d6e9dac7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Wed, 29 Aug 2012 20:06:01 +0200 Subject: [PATCH] vnc: password-file= and incoming-connections= @@ -9,7 +9,7 @@ TBD (from SUSE Studio team) 1 file changed, 55 insertions(+) diff --git a/ui/vnc.c b/ui/vnc.c -index d1087c9..7f91d96 100644 +index 2c28a59ff7..8d0c16b23f 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -58,6 +58,8 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; @@ -21,7 +21,7 @@ index d1087c9..7f91d96 100644 static int vnc_cursor_define(VncState *vs); static void vnc_release_modifiers(VncState *vs); -@@ -1197,6 +1199,7 @@ static void vnc_disconnect_start(VncState *vs) +@@ -1201,6 +1203,7 @@ static void vnc_disconnect_start(VncState *vs) void vnc_disconnect_finish(VncState *vs) { int i; @@ -29,7 +29,7 @@ index d1087c9..7f91d96 100644 vnc_jobs_join(vs); /* Wait encoding jobs */ -@@ -1247,6 +1250,13 @@ void vnc_disconnect_finish(VncState *vs) +@@ -1251,6 +1254,13 @@ void vnc_disconnect_finish(VncState *vs) object_unref(OBJECT(vs->sioc)); vs->sioc = NULL; g_free(vs); @@ -43,7 +43,7 @@ index d1087c9..7f91d96 100644 } ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp) -@@ -3245,6 +3255,39 @@ static void vnc_display_print_local_addr(VncDisplay *vs) +@@ -3244,6 +3254,39 @@ static void vnc_display_print_local_addr(VncDisplay *vd) qapi_free_SocketAddress(addr); } @@ -83,7 +83,7 @@ index d1087c9..7f91d96 100644 static QemuOptsList qemu_vnc_opts = { .name = "vnc", .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), -@@ -3276,6 +3319,9 @@ static QemuOptsList qemu_vnc_opts = { +@@ -3275,6 +3318,9 @@ static QemuOptsList qemu_vnc_opts = { .name = "connections", .type = QEMU_OPT_NUMBER, },{ @@ -93,7 +93,7 @@ index d1087c9..7f91d96 100644 .name = "to", .type = QEMU_OPT_NUMBER, },{ -@@ -3288,6 +3334,9 @@ static QemuOptsList qemu_vnc_opts = { +@@ -3287,6 +3333,9 @@ static QemuOptsList qemu_vnc_opts = { .name = "password", .type = QEMU_OPT_BOOL, },{ @@ -103,7 +103,7 @@ index d1087c9..7f91d96 100644 .name = "reverse", .type = QEMU_OPT_BOOL, },{ -@@ -3524,6 +3573,7 @@ void vnc_display_open(const char *id, Error **errp) +@@ -3486,6 +3535,7 @@ void vnc_display_open(const char *id, Error **errp) const char *share, *device_id; QemuConsole *con; bool password = false; @@ -111,7 +111,7 @@ index d1087c9..7f91d96 100644 bool reverse = false; const char *vnc; char *h; -@@ -3652,6 +3702,10 @@ void vnc_display_open(const char *id, Error **errp) +@@ -3615,6 +3665,10 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } } @@ -122,11 +122,11 @@ index d1087c9..7f91d96 100644 reverse = qemu_opt_get_bool(opts, "reverse", false); lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); -@@ -3741,6 +3795,7 @@ void vnc_display_open(const char *id, Error **errp) - vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; +@@ -3704,6 +3758,7 @@ void vnc_display_open(const char *id, Error **errp) + vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; } - vs->connections_limit = qemu_opt_get_number(opts, "connections", 32); + vd->connections_limit = qemu_opt_get_number(opts, "connections", 32); + allowed_connections = qemu_opt_get_number(opts, "allowed-connections", 0); #ifdef CONFIG_VNC_JPEG - vs->lossy = qemu_opt_get_bool(opts, "lossy", false); + vd->lossy = qemu_opt_get_bool(opts, "lossy", false); diff --git a/0017-linux-user-implement-FS_IOC_GETFLAG.patch b/0017-linux-user-implement-FS_IOC_GETFLAG.patch deleted file mode 100644 index 24a51598..00000000 --- a/0017-linux-user-implement-FS_IOC_GETFLAG.patch +++ /dev/null @@ -1,42 +0,0 @@ -From d6a5cfe7d374b8ca661a8f957139689348b26bd6 Mon Sep 17 00:00:00 2001 -From: Alexander Graf -Date: Mon, 20 Aug 2012 00:02:52 +0200 -Subject: [PATCH] linux-user: implement FS_IOC_GETFLAGS ioctl - -Signed-off-by: Alexander Graf - ---- - -v1 -> v2: - - - use TYPE_LONG instead of TYPE_INT ---- - linux-user/ioctls.h | 1 + - linux-user/syscall_defs.h | 2 ++ - 2 files changed, 3 insertions(+) - -diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h -index cf8851d..f858954 100644 ---- a/linux-user/ioctls.h -+++ b/linux-user/ioctls.h -@@ -119,6 +119,7 @@ - IOCTL_SPECIAL(FS_IOC_FIEMAP, IOC_W | IOC_R, do_ioctl_fs_ioc_fiemap, - MK_PTR(MK_STRUCT(STRUCT_fiemap))) - #endif -+ IOCTL(FS_IOC_GETFLAGS, IOC_R, MK_PTR(TYPE_LONG)) - - IOCTL(SIOCATMARK, IOC_R, MK_PTR(TYPE_INT)) - IOCTL(SIOCGIFNAME, IOC_RW, MK_PTR(TYPE_INT)) -diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h -index b869b3d..00a3f30 100644 ---- a/linux-user/syscall_defs.h -+++ b/linux-user/syscall_defs.h -@@ -2502,6 +2502,8 @@ struct target_f_owner_ex { - #define TARGET_MTIOCGET TARGET_IOR('m', 2, struct mtget) - #define TARGET_MTIOCPOS TARGET_IOR('m', 3, struct mtpos) - -+#define TARGET_FS_IOC_GETFLAGS TARGET_IORU('f', 1) -+ - struct target_sysinfo { - abi_long uptime; /* Seconds since boot */ - abi_ulong loads[3]; /* 1, 5, and 15 minute load averages */ diff --git a/0022-linux-user-use-target_ulong.patch b/0017-linux-user-use-target_ulong.patch similarity index 92% rename from 0022-linux-user-use-target_ulong.patch rename to 0017-linux-user-use-target_ulong.patch index 03d75f09..3edb63fe 100644 --- a/0022-linux-user-use-target_ulong.patch +++ b/0017-linux-user-use-target_ulong.patch @@ -1,4 +1,4 @@ -From d84e1f7cb131ca5de1308db7b6682edeab2bfeee Mon Sep 17 00:00:00 2001 +From 725c9b6ff408dc7960242751619caeb27560c3e7 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 9 Oct 2012 09:06:49 +0200 Subject: [PATCH] linux-user: use target_ulong @@ -17,7 +17,7 @@ Signed-off-by: Alexander Graf 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/linux-user/qemu.h b/linux-user/qemu.h -index bef465d..dab3b6a 100644 +index da73a01106..7d2894d7c0 100644 --- a/linux-user/qemu.h +++ b/linux-user/qemu.h @@ -193,10 +193,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src, @@ -36,10 +36,10 @@ index bef465d..dab3b6a 100644 extern THREAD CPUState *thread_cpu; void cpu_loop(CPUArchState *env); diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 483efb0..8ac1281 100644 +index b04fade80e..ab3cf24dbb 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -7349,10 +7349,10 @@ static target_timer_t get_timer_id(abi_long arg) +@@ -7566,10 +7566,10 @@ static target_timer_t get_timer_id(abi_long arg) /* do_syscall() should always have a single exit point at the end so that actions, such as logging of syscall results, can be performed. All errnos that do_syscall() returns must be -TARGET_. */ diff --git a/0023-block-Add-support-for-DictZip-enabl.patch b/0018-block-Add-support-for-DictZip-enabl.patch similarity index 99% rename from 0023-block-Add-support-for-DictZip-enabl.patch rename to 0018-block-Add-support-for-DictZip-enabl.patch index 806aac41..8d01e861 100644 --- a/0023-block-Add-support-for-DictZip-enabl.patch +++ b/0018-block-Add-support-for-DictZip-enabl.patch @@ -1,4 +1,4 @@ -From 975ac1298231bb8ec825d4f1e48638ef13bdc62e Mon Sep 17 00:00:00 2001 +From 2f2838f6f14d8a7a7d3000fc0d61349ddf3f33b0 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 5 Aug 2009 09:49:37 +0200 Subject: [PATCH] block: Add support for DictZip enabled gzip files @@ -47,7 +47,7 @@ Signed-off-by: Andreas Färber create mode 100644 block/dictzip.c diff --git a/block/Makefile.objs b/block/Makefile.objs -index 2593a2f..f3f6f5f 100644 +index 67a036a1df..0417d54e26 100644 --- a/block/Makefile.objs +++ b/block/Makefile.objs @@ -21,6 +21,7 @@ block-obj-$(CONFIG_GLUSTERFS) += gluster.o @@ -56,11 +56,11 @@ index 2593a2f..f3f6f5f 100644 block-obj-y += accounting.o dirty-bitmap.o +block-obj-y += dictzip.o block-obj-y += write-threshold.o - - block-obj-y += crypto.o + block-obj-y += backup.o + block-obj-$(CONFIG_REPLICATION) += replication.o diff --git a/block/dictzip.c b/block/dictzip.c new file mode 100644 -index 0000000..4b7e2db +index 0000000000..4b7e2db817 --- /dev/null +++ b/block/dictzip.c @@ -0,0 +1,580 @@ diff --git a/0018-linux-user-implement-FS_IOC_SETFLAG.patch b/0018-linux-user-implement-FS_IOC_SETFLAG.patch deleted file mode 100644 index 9e5e6fd8..00000000 --- a/0018-linux-user-implement-FS_IOC_SETFLAG.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 4d8d32bbd31dc799c1befebef2563db1fbd5949c Mon Sep 17 00:00:00 2001 -From: Alexander Graf -Date: Mon, 20 Aug 2012 00:07:13 +0200 -Subject: [PATCH] linux-user: implement FS_IOC_SETFLAGS ioctl - -Signed-off-by: Alexander Graf - ---- - -v1 -> v2 - - - use TYPE_LONG instead of TYPE_INT ---- - linux-user/ioctls.h | 1 + - linux-user/syscall_defs.h | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h -index f858954..8a5be00 100644 ---- a/linux-user/ioctls.h -+++ b/linux-user/ioctls.h -@@ -120,6 +120,7 @@ - MK_PTR(MK_STRUCT(STRUCT_fiemap))) - #endif - IOCTL(FS_IOC_GETFLAGS, IOC_R, MK_PTR(TYPE_LONG)) -+ IOCTL(FS_IOC_SETFLAGS, IOC_W, MK_PTR(TYPE_LONG)) - - IOCTL(SIOCATMARK, IOC_R, MK_PTR(TYPE_INT)) - IOCTL(SIOCGIFNAME, IOC_RW, MK_PTR(TYPE_INT)) -diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h -index 00a3f30..d31541d 100644 ---- a/linux-user/syscall_defs.h -+++ b/linux-user/syscall_defs.h -@@ -2503,6 +2503,7 @@ struct target_f_owner_ex { - #define TARGET_MTIOCPOS TARGET_IOR('m', 3, struct mtpos) - - #define TARGET_FS_IOC_GETFLAGS TARGET_IORU('f', 1) -+#define TARGET_FS_IOC_SETFLAGS TARGET_IOWU('f', 2) - - struct target_sysinfo { - abi_long uptime; /* Seconds since boot */ diff --git a/0024-block-Add-tar-container-format.patch b/0019-block-Add-tar-container-format.patch similarity index 98% rename from 0024-block-Add-tar-container-format.patch rename to 0019-block-Add-tar-container-format.patch index 5c408621..5ce09b0c 100644 --- a/0024-block-Add-tar-container-format.patch +++ b/0019-block-Add-tar-container-format.patch @@ -1,4 +1,4 @@ -From 7c81e618f5817533392440d8174d8d467886c61f Mon Sep 17 00:00:00 2001 +From dae0d107e021d65a5029c53229543bca37d21da8 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 5 Aug 2009 17:28:38 +0200 Subject: [PATCH] block: Add tar container format @@ -48,7 +48,7 @@ Signed-off-by: Andreas Färber create mode 100644 block/tar.c diff --git a/block/Makefile.objs b/block/Makefile.objs -index f3f6f5f..f049d53 100644 +index 0417d54e26..255b8d7b0f 100644 --- a/block/Makefile.objs +++ b/block/Makefile.objs @@ -22,6 +22,7 @@ block-obj-$(CONFIG_ARCHIPELAGO) += archipelago.o @@ -57,11 +57,11 @@ index f3f6f5f..f049d53 100644 block-obj-y += dictzip.o +block-obj-y += tar.o block-obj-y += write-threshold.o - - block-obj-y += crypto.o + block-obj-y += backup.o + block-obj-$(CONFIG_REPLICATION) += replication.o diff --git a/block/tar.c b/block/tar.c new file mode 100644 -index 0000000..508265e +index 0000000000..508265ed5e --- /dev/null +++ b/block/tar.c @@ -0,0 +1,370 @@ diff --git a/0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch b/0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch similarity index 94% rename from 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch rename to 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch index 9ec27cc6..63ae7804 100644 --- a/0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch +++ b/0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch @@ -1,4 +1,4 @@ -From 674ccdfa8c935b192e553fe5a53607d6f5eb1f43 Mon Sep 17 00:00:00 2001 +From a4e7e274fa2d1fab3e2a4bfa9ca379252c5aa505 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 12 Dec 2012 19:11:30 +0100 Subject: [PATCH] Legacy Patch kvm-qemu-preXX-dictzip3.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Legacy Patch kvm-qemu-preXX-dictzip3.patch 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/block/tar.c b/block/tar.c -index 508265e..734082a 100644 +index 508265ed5e..734082a011 100644 --- a/block/tar.c +++ b/block/tar.c @@ -73,7 +73,8 @@ static int str_ends(char *str, const char *end) diff --git a/0026-console-add-question-mark-escape-op.patch b/0021-console-add-question-mark-escape-op.patch similarity index 86% rename from 0026-console-add-question-mark-escape-op.patch rename to 0021-console-add-question-mark-escape-op.patch index 77b3c8ba..c5b50ba7 100644 --- a/0026-console-add-question-mark-escape-op.patch +++ b/0021-console-add-question-mark-escape-op.patch @@ -1,4 +1,4 @@ -From b00ff88b97ba2ce476534674632e7b5500dbb890 Mon Sep 17 00:00:00 2001 +From b6dbfd4547ac7a9af8e7a4785d53dc087e613d36 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 6 Jun 2011 06:53:52 +0200 Subject: [PATCH] console: add question-mark escape operator @@ -16,10 +16,10 @@ Signed-off-by: Alexander Graf 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/console.c b/ui/console.c -index c24bfe4..44b46fd 100644 +index ed888e55ea..b55d7a5cb3 100644 --- a/ui/console.c +++ b/ui/console.c -@@ -868,7 +868,7 @@ static void console_putchar(QemuConsole *s, int ch) +@@ -869,7 +869,7 @@ static void console_putchar(QemuConsole *s, int ch) } else { if (s->nb_esc_params < MAX_ESC_PARAMS) s->nb_esc_params++; diff --git a/0027-Make-char-muxer-more-robust-wrt-sma.patch b/0022-Make-char-muxer-more-robust-wrt-sma.patch similarity index 75% rename from 0027-Make-char-muxer-more-robust-wrt-sma.patch rename to 0022-Make-char-muxer-more-robust-wrt-sma.patch index b6b874be..f8c43a97 100644 --- a/0027-Make-char-muxer-more-robust-wrt-sma.patch +++ b/0022-Make-char-muxer-more-robust-wrt-sma.patch @@ -1,4 +1,4 @@ -From a6a54eb0ce3cec68f80f72a957bf6e2189118b5e Mon Sep 17 00:00:00 2001 +From 047016003be1f8b58e063551d6e890f2616e931e Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Thu, 1 Apr 2010 17:36:23 +0200 Subject: [PATCH] Make char muxer more robust wrt small FIFOs @@ -24,22 +24,22 @@ This patch fixes input when using -nographic on s390 for me. 1 file changed, 16 insertions(+) diff --git a/qemu-char.c b/qemu-char.c -index 5f82ebb..be8396b 100644 +index 2c9940cea4..b6a9a32bf4 100644 --- a/qemu-char.c +++ b/qemu-char.c -@@ -510,6 +510,9 @@ typedef struct { - IOEventHandler *chr_event[MAX_MUX]; - void *ext_opaque[MAX_MUX]; - CharDriverState *drv; +@@ -531,6 +531,9 @@ static CharDriverState *qemu_chr_open_null(const char *id, + struct MuxDriver { + CharBackend *backends[MAX_MUX]; + CharBackend chr; +#if defined(TARGET_S390X) + QEMUTimer *accept_timer; +#endif int focus; int mux_cnt; int term_got_escape; -@@ -669,6 +672,15 @@ static void mux_chr_accept_input(CharDriverState *chr) - d->chr_read[m](d->ext_opaque[m], - &d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1); +@@ -694,6 +697,15 @@ static void mux_chr_accept_input(CharDriverState *chr) + be->chr_read(be->opaque, + &d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1); } + +#if defined(TARGET_S390X) @@ -53,14 +53,14 @@ index 5f82ebb..be8396b 100644 } static int mux_chr_can_read(void *opaque) -@@ -817,6 +829,10 @@ static CharDriverState *qemu_chr_open_mux(const char *id, +@@ -864,6 +876,10 @@ static CharDriverState *qemu_chr_open_mux(const char *id, + chr->opaque = d; - d->drv = drv; d->focus = -1; +#if defined(TARGET_S390X) + d->accept_timer = qemu_new_timer_ns(vm_clock, + (QEMUTimerCB*)mux_chr_accept_input, chr); +#endif - chr->chr_close = mux_chr_close; + chr->chr_free = mux_chr_free; chr->chr_write = mux_chr_write; - chr->chr_update_read_handler = mux_chr_update_read_handler; + chr->chr_accept_input = mux_chr_accept_input; diff --git a/0028-linux-user-lseek-explicitly-cast-no.patch b/0023-linux-user-lseek-explicitly-cast-no.patch similarity index 88% rename from 0028-linux-user-lseek-explicitly-cast-no.patch rename to 0023-linux-user-lseek-explicitly-cast-no.patch index 5a369a20..168b8cf6 100644 --- a/0028-linux-user-lseek-explicitly-cast-no.patch +++ b/0023-linux-user-lseek-explicitly-cast-no.patch @@ -1,4 +1,4 @@ -From fd4fc533fbd24b003f606d12bd114ff9ba215380 Mon Sep 17 00:00:00 2001 +From 2be621021e70d2b86164c8b5e929bc13eca0e055 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Thu, 13 Dec 2012 14:29:22 +0100 Subject: [PATCH] linux-user: lseek: explicitly cast non-set offsets to signed @@ -16,10 +16,10 @@ Signed-off-by: Alexander Graf 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 8ac1281..51c1091 100644 +index ab3cf24dbb..831d3df19c 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -7710,9 +7710,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1, +@@ -7932,9 +7932,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1, case TARGET_NR_oldstat: goto unimplemented; #endif diff --git a/0029-virtfs-proxy-helper-Provide-__u64-f.patch b/0024-virtfs-proxy-helper-Provide-__u64-f.patch similarity index 88% rename from 0029-virtfs-proxy-helper-Provide-__u64-f.patch rename to 0024-virtfs-proxy-helper-Provide-__u64-f.patch index a5ca6cd4..ef0eb351 100644 --- a/0029-virtfs-proxy-helper-Provide-__u64-f.patch +++ b/0024-virtfs-proxy-helper-Provide-__u64-f.patch @@ -1,4 +1,4 @@ -From 0e73e519a0d99d8fd366f024d768a349fc32e3f6 Mon Sep 17 00:00:00 2001 +From 68cabc26aa994989c71212df1623e159df4e6b01 Mon Sep 17 00:00:00 2001 From: Bruce Rogers Date: Thu, 16 May 2013 12:39:10 +0200 Subject: [PATCH] virtfs-proxy-helper: Provide __u64 for broken @@ -12,7 +12,7 @@ Fixes the build on SLE 11 SP2. 1 file changed, 7 insertions(+) diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c -index 54f7ad1..b4bf2f4 100644 +index 54f7ad1c48..b4bf2f40c9 100644 --- a/fsdev/virtfs-proxy-helper.c +++ b/fsdev/virtfs-proxy-helper.c @@ -9,6 +9,13 @@ diff --git a/0030-configure-Enable-PIE-for-ppc-and-pp.patch b/0025-configure-Enable-PIE-for-ppc-and-pp.patch similarity index 85% rename from 0030-configure-Enable-PIE-for-ppc-and-pp.patch rename to 0025-configure-Enable-PIE-for-ppc-and-pp.patch index 9ecf4b16..dbad0f0e 100644 --- a/0030-configure-Enable-PIE-for-ppc-and-pp.patch +++ b/0025-configure-Enable-PIE-for-ppc-and-pp.patch @@ -1,4 +1,4 @@ -From 42032776551d183f971e0523b0216f9880a88413 Mon Sep 17 00:00:00 2001 +From 1825b6ee2b448261ae1bfde344a8127dbdec1e9a Mon Sep 17 00:00:00 2001 From: Dinar Valeev Date: Wed, 2 Oct 2013 17:56:03 +0200 Subject: [PATCH] configure: Enable PIE for ppc and ppc64 hosts @@ -14,10 +14,10 @@ Signed-off-by: Andreas Färber 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure -index 4b808f9..b882d19 100755 +index 3770d7c263..9fdf7e7abc 100755 --- a/configure +++ b/configure -@@ -1545,7 +1545,7 @@ fi +@@ -1567,7 +1567,7 @@ fi if test "$pie" = ""; then case "$cpu-$targetos" in diff --git a/0031-AIO-Reduce-number-of-threads-for-32.patch b/0026-AIO-Reduce-number-of-threads-for-32.patch similarity index 92% rename from 0031-AIO-Reduce-number-of-threads-for-32.patch rename to 0026-AIO-Reduce-number-of-threads-for-32.patch index a1956479..75e665c3 100644 --- a/0031-AIO-Reduce-number-of-threads-for-32.patch +++ b/0026-AIO-Reduce-number-of-threads-for-32.patch @@ -1,4 +1,4 @@ -From 4aa17b7cf5d35e03c2e563477e920cd7104d5806 Mon Sep 17 00:00:00 2001 +From 9a6dabcb75d6f8d17f3aab2ef4c2c6186e1a8eb1 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 14 Jan 2015 01:32:11 +0100 Subject: [PATCH] AIO: Reduce number of threads for 32bit hosts @@ -21,7 +21,7 @@ Signed-off-by: Alexander Graf 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/thread-pool.c b/thread-pool.c -index 6fba913..ee0b485 100644 +index 6fba913529..ee0b485f07 100644 --- a/thread-pool.c +++ b/thread-pool.c @@ -297,7 +297,12 @@ static void thread_pool_init_one(ThreadPool *pool, AioContext *ctx) diff --git a/0032-dictzip-Fix-on-big-endian-systems.patch b/0027-dictzip-Fix-on-big-endian-systems.patch similarity index 98% rename from 0032-dictzip-Fix-on-big-endian-systems.patch rename to 0027-dictzip-Fix-on-big-endian-systems.patch index 7ed589a1..8dc2e5a5 100644 --- a/0032-dictzip-Fix-on-big-endian-systems.patch +++ b/0027-dictzip-Fix-on-big-endian-systems.patch @@ -1,4 +1,4 @@ -From aacebb4ff80cbd3cf32c3fa1b739f4999c2956ff Mon Sep 17 00:00:00 2001 +From 69fae9cfe2d91c07fece069189debaaf47e7d40b Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 15 Jun 2015 17:36:32 +0200 Subject: [PATCH] dictzip: Fix on big endian systems @@ -21,7 +21,7 @@ Signed-off-by: Andreas Färber 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/block/dictzip.c b/block/dictzip.c -index 4b7e2db..3235337 100644 +index 4b7e2db817..3235337164 100644 --- a/block/dictzip.c +++ b/block/dictzip.c @@ -156,6 +156,7 @@ static int dictzip_open(BlockDriverState *bs, QDict *options, int flags, Error * diff --git a/0033-xen_disk-Add-suse-specific-flush-di.patch b/0028-xen_disk-Add-suse-specific-flush-di.patch similarity index 85% rename from 0033-xen_disk-Add-suse-specific-flush-di.patch rename to 0028-xen_disk-Add-suse-specific-flush-di.patch index 05d23a49..0cf03da4 100644 --- a/0033-xen_disk-Add-suse-specific-flush-di.patch +++ b/0028-xen_disk-Add-suse-specific-flush-di.patch @@ -1,4 +1,4 @@ -From d464395f484a4379ac5b14bde497625e1a0d2a02 Mon Sep 17 00:00:00 2001 +From 1e4469088f98f8ce31044eb89e76228f07d068a2 Mon Sep 17 00:00:00 2001 From: Bruce Rogers Date: Wed, 9 Mar 2016 15:18:11 -0700 Subject: [PATCH] xen_disk: Add suse specific flush disable handling and map to @@ -17,7 +17,7 @@ Signed-off-by: Olaf Hering 1 file changed, 15 insertions(+) diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c -index 3b8ad33..6f37eeb 100644 +index 456a2d5694..94e755d3e8 100644 --- a/hw/block/xen_disk.c +++ b/hw/block/xen_disk.c @@ -111,6 +111,7 @@ struct XenBlkDev { @@ -28,7 +28,7 @@ index 3b8ad33..6f37eeb 100644 /* Persistent grants extension */ gboolean feature_discard; gboolean feature_persistent; -@@ -793,6 +794,16 @@ static void blk_parse_discard(struct XenBlkDev *blkdev) +@@ -960,6 +961,16 @@ static void blk_parse_discard(struct XenBlkDev *blkdev) } } @@ -45,7 +45,7 @@ index 3b8ad33..6f37eeb 100644 static int blk_init(struct XenDevice *xendev) { struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev); -@@ -864,6 +875,7 @@ static int blk_init(struct XenDevice *xendev) +@@ -1031,6 +1042,7 @@ static int blk_init(struct XenDevice *xendev) xenstore_write_be_int(&blkdev->xendev, "info", info); blk_parse_discard(blkdev); @@ -53,7 +53,7 @@ index 3b8ad33..6f37eeb 100644 g_free(directiosafe); return 0; -@@ -906,6 +918,9 @@ static int blk_connect(struct XenDevice *xendev) +@@ -1073,6 +1085,9 @@ static int blk_connect(struct XenDevice *xendev) qflags |= BDRV_O_UNMAP; } diff --git a/0035-qemu-bridge-helper-reduce-security-.patch b/0029-qemu-bridge-helper-reduce-security-.patch similarity index 96% rename from 0035-qemu-bridge-helper-reduce-security-.patch rename to 0029-qemu-bridge-helper-reduce-security-.patch index 014c999e..2361ec32 100644 --- a/0035-qemu-bridge-helper-reduce-security-.patch +++ b/0029-qemu-bridge-helper-reduce-security-.patch @@ -1,4 +1,4 @@ -From 5219d096e17d3623cc0e274f9d9988effb11e9a1 Mon Sep 17 00:00:00 2001 +From b05bd879232bb4ac753d72a9c32c489b109e6555 Mon Sep 17 00:00:00 2001 From: Bruce Rogers Date: Tue, 2 Aug 2016 11:36:02 -0600 Subject: [PATCH] qemu-bridge-helper: reduce security profile @@ -19,7 +19,7 @@ Signed-off-by: Andreas Färber 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c -index 5396fbf..f3710b8 100644 +index 5396fbfbb6..f3710b80a3 100644 --- a/qemu-bridge-helper.c +++ b/qemu-bridge-helper.c @@ -110,7 +110,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list) diff --git a/0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch b/0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch similarity index 91% rename from 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch rename to 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch index e0acf746..531742fc 100644 --- a/0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch +++ b/0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch @@ -1,4 +1,4 @@ -From 3a45e30cfeda81b1c5a311e4bd030165396ab921 Mon Sep 17 00:00:00 2001 +From 36996f68dc156ab64aec4b149c724ce2b2c7f400 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Fri, 12 Aug 2016 18:20:49 +0200 Subject: [PATCH] qemu-binfmt-conf: use qemu-ARCH-binfmt @@ -13,7 +13,7 @@ Signed-off-by: Andreas Färber 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh -index 7640255..3affcdc 100755 +index 764025580d..3affcdca1b 100755 --- a/scripts/qemu-binfmt-conf.sh +++ b/scripts/qemu-binfmt-conf.sh @@ -201,7 +201,7 @@ qemu_check_systemd() { diff --git a/0037-configure-Fix-detection-of-seccomp-.patch b/0031-configure-Fix-detection-of-seccomp-.patch similarity index 79% rename from 0037-configure-Fix-detection-of-seccomp-.patch rename to 0031-configure-Fix-detection-of-seccomp-.patch index 5c334d8d..c1756f8d 100644 --- a/0037-configure-Fix-detection-of-seccomp-.patch +++ b/0031-configure-Fix-detection-of-seccomp-.patch @@ -1,4 +1,4 @@ -From 0b135a5863998d3936302e291e69a0b13596fc6f Mon Sep 17 00:00:00 2001 +From 6163925a8a53570a007a564c2d86746e589d5ea4 Mon Sep 17 00:00:00 2001 From: markkp Date: Thu, 11 Aug 2016 16:28:39 -0400 Subject: [PATCH] configure: Fix detection of seccomp on s390x @@ -13,10 +13,10 @@ Signed-off-by: Andreas Färber 1 file changed, 3 insertions(+) diff --git a/configure b/configure -index b882d19..1954f62 100755 +index 9fdf7e7abc..087d8e2661 100755 --- a/configure +++ b/configure -@@ -1902,6 +1902,9 @@ if test "$seccomp" != "no" ; then +@@ -1928,6 +1928,9 @@ if test "$seccomp" != "no" ; then ppc|ppc64) libseccomp_minver="2.3.0" ;; diff --git a/0038-linux-user-properly-test-for-infini.patch b/0032-linux-user-properly-test-for-infini.patch similarity index 84% rename from 0038-linux-user-properly-test-for-infini.patch rename to 0032-linux-user-properly-test-for-infini.patch index 755ce703..43999645 100644 --- a/0038-linux-user-properly-test-for-infini.patch +++ b/0032-linux-user-properly-test-for-infini.patch @@ -1,4 +1,4 @@ -From 7c9a134065df3deab252918c5172021b5a9e3ab0 Mon Sep 17 00:00:00 2001 +From a420f344cef024cab119609171fb14667666055c Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Thu, 8 Sep 2016 11:21:05 +0200 Subject: [PATCH] linux-user: properly test for infinite timeout in poll (#8) @@ -16,10 +16,10 @@ Signed-off-by: Andreas Schwab 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 51c1091..856e75d 100644 +index 831d3df19c..b5070a0d0e 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -9770,7 +9770,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1, +@@ -10061,7 +10061,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1, { struct timespec ts, *pts; diff --git a/0040-linux-user-remove-all-traces-of-qem.patch b/0033-linux-user-remove-all-traces-of-qem.patch similarity index 93% rename from 0040-linux-user-remove-all-traces-of-qem.patch rename to 0033-linux-user-remove-all-traces-of-qem.patch index 2d522710..31366b0f 100644 --- a/0040-linux-user-remove-all-traces-of-qem.patch +++ b/0033-linux-user-remove-all-traces-of-qem.patch @@ -1,4 +1,4 @@ -From e2e103eaa7e3ba94f3e32184c7fa2c694072b9e1 Mon Sep 17 00:00:00 2001 +From 667601cdfbeada47ff5f00d6bf5a17c865319a7f Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Wed, 28 Sep 2016 16:36:40 +0200 Subject: [PATCH] linux-user: remove all traces of qemu from /proc/self/cmdline @@ -17,10 +17,10 @@ Signed-off-by: Andreas Färber 1 file changed, 7 insertions(+), 40 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 856e75d..31bf618 100644 +index b5070a0d0e..213e8f3c6c 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -7013,52 +7013,19 @@ int host_to_target_waitstatus(int status) +@@ -7230,52 +7230,19 @@ int host_to_target_waitstatus(int status) static int open_self_cmdline(void *cpu_env, int fd) { diff --git a/0067-dma-rc4030-limit-interval-timer-rel.patch b/0034-dma-rc4030-limit-interval-timer-rel.patch similarity index 91% rename from 0067-dma-rc4030-limit-interval-timer-rel.patch rename to 0034-dma-rc4030-limit-interval-timer-rel.patch index bc18d015..927a81eb 100644 --- a/0067-dma-rc4030-limit-interval-timer-rel.patch +++ b/0034-dma-rc4030-limit-interval-timer-rel.patch @@ -1,4 +1,4 @@ -From 491b61b48cef566df12b5b2191111febd95d1a5c Mon Sep 17 00:00:00 2001 +From 920c90f4344b38242bd01b21f8bef55f11d0748c Mon Sep 17 00:00:00 2001 From: P J P Date: Mon, 31 Oct 2016 15:55:14 -0600 Subject: [PATCH] dma: rc4030: limit interval timer reload value @@ -18,7 +18,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c -index 2f2576f..c1b4997 100644 +index 17c8518fea..41fc043464 100644 --- a/hw/dma/rc4030.c +++ b/hw/dma/rc4030.c @@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr, uint64_t data, diff --git a/0034-xen-SUSE-xenlinux-unplug-for-emulat.patch b/0034-xen-SUSE-xenlinux-unplug-for-emulat.patch deleted file mode 100644 index 8c164358..00000000 --- a/0034-xen-SUSE-xenlinux-unplug-for-emulat.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 21e9a3360b1a1845aee3eb501d15cb56f6024057 Mon Sep 17 00:00:00 2001 -From: Olaf Hering -Date: Tue, 21 Jun 2016 18:42:45 +0200 -Subject: [PATCH] xen: SUSE xenlinux unplug for emulated PCI - -Implement SUSE specific unplug protocol for emulated PCI devices -in PVonHVM guests -(bsc#953339, bsc#953362, bsc#953518, bsc#984981) - -Signed-off-by: Olaf Hering ---- - hw/i386/xen/xen_platform.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/hw/i386/xen/xen_platform.c b/hw/i386/xen/xen_platform.c -index aa78393..48800c1 100644 ---- a/hw/i386/xen/xen_platform.c -+++ b/hw/i386/xen/xen_platform.c -@@ -314,6 +314,28 @@ static void xen_platform_ioport_writeb(void *opaque, hwaddr addr, - case 0: /* Platform flags */ - platform_fixed_ioport_writeb(opaque, 0, (uint32_t)val); - break; -+ case 4: -+ if (val == 1 && size == 1) { -+ /* -+ * SUSE unplug for Xenlinux -+ * xen-kmp used this since xen-3.0.4, instead the official protocol from xen-3.3+ -+ * It did an unconditional "outl(1, (ioaddr + 4));" -+ * This approach was used until openSUSE 12.3, up to SLE11SP3 and in SLE10. -+ * Starting with openSUSE 13.1, SLE11SP4 and SLE12 the official protocol is used. -+ * pre VMDP 1.7 made use of 4 and 8 depending on how vmdp was configured. -+ * If VMDP was to control both disk and LAN it would use 4. -+ * If it controlled just disk or just LAN, it would use 8 below. -+ */ -+ PCIDevice *pci_dev = PCI_DEVICE(s); -+ DPRINTF("unplug disks\n"); -+ blk_drain_all(); -+ blk_flush_all(); -+ pci_unplug_disks(pci_dev->bus); -+ DPRINTF("unplug nics\n"); -+ pci_unplug_nics(pci_dev->bus); -+ DPRINTF("done\n"); -+ } -+ break; - case 8: - log_writeb(s, (uint32_t)val); - break; diff --git a/0068-net-imx-limit-buffer-descriptor-cou.patch b/0035-net-imx-limit-buffer-descriptor-cou.patch similarity index 93% rename from 0068-net-imx-limit-buffer-descriptor-cou.patch rename to 0035-net-imx-limit-buffer-descriptor-cou.patch index 4cf26260..4143f994 100644 --- a/0068-net-imx-limit-buffer-descriptor-cou.patch +++ b/0035-net-imx-limit-buffer-descriptor-cou.patch @@ -1,4 +1,4 @@ -From b7f162a68696ea14af398de7584cfaf9f2de4509 Mon Sep 17 00:00:00 2001 +From 101b933ef85a7520984743bbc35cc244304d94c7 Mon Sep 17 00:00:00 2001 From: P J P Date: Mon, 31 Oct 2016 15:58:47 -0600 Subject: [PATCH] net: imx: limit buffer descriptor count @@ -18,7 +18,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c -index 1c415ab..1d74827 100644 +index 50c75642c6..78d641c2a3 100644 --- a/hw/net/imx_fec.c +++ b/hw/net/imx_fec.c @@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = { diff --git a/0069-roms-Makefile-pass-a-packaging-time.patch b/0036-roms-Makefile-pass-a-packaging-time.patch similarity index 90% rename from 0069-roms-Makefile-pass-a-packaging-time.patch rename to 0036-roms-Makefile-pass-a-packaging-time.patch index d0af6fce..bed888cc 100644 --- a/0069-roms-Makefile-pass-a-packaging-time.patch +++ b/0036-roms-Makefile-pass-a-packaging-time.patch @@ -1,4 +1,4 @@ -From 265aa090c4da5686ac3ed77285108606a79e4821 Mon Sep 17 00:00:00 2001 +From 235fbffb3f16857462b5256cc731156322b66072 Mon Sep 17 00:00:00 2001 From: Bruce Rogers Date: Sat, 19 Nov 2016 08:06:30 -0700 Subject: [PATCH] roms/Makefile: pass a packaging timestamp to subpackages with @@ -20,7 +20,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/roms/Makefile b/roms/Makefile -index 88b3709..eb0640f 100644 +index b5e5a69e91..89d69eb350 100644 --- a/roms/Makefile +++ b/roms/Makefile @@ -52,6 +52,12 @@ SEABIOS_EXTRAVERSION="-prebuilt.qemu-project.org" @@ -36,16 +36,16 @@ index 88b3709..eb0640f 100644 default: @echo "nothing is build by default" @echo "available build targets:" -@@ -105,7 +111,7 @@ build-lgplvgabios: +@@ -106,7 +112,7 @@ build-lgplvgabios: - .PHONY: sgabios + .PHONY: sgabios skiboot sgabios: - $(MAKE) -C sgabios + $(MAKE) -C sgabios PACKAGING_TIMESTAMP=$(PACKAGING_TIMESTAMP) cp sgabios/sgabios.bin ../pc-bios -@@ -125,18 +131,22 @@ efi-rom-%: build-pxe-roms build-efi-roms +@@ -126,18 +132,22 @@ efi-rom-%: build-pxe-roms build-efi-roms build-pxe-roms: $(MAKE) -C ipxe/src CONFIG=qemu \ diff --git a/0037-Raise-soft-address-space-limit-to-h.patch b/0037-Raise-soft-address-space-limit-to-h.patch new file mode 100644 index 00000000..1f79445b --- /dev/null +++ b/0037-Raise-soft-address-space-limit-to-h.patch @@ -0,0 +1,55 @@ +From a5f88d11e6d846f117d9a6cc3fbf1fb0b2750047 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Sun, 15 Jan 2012 19:53:49 +0100 +Subject: [PATCH] Raise soft address space limit to hard limit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +For SLES we want users to be able to use large memory configurations +with KVM without fiddling with ulimit -Sv. + +Signed-off-by: Andreas Färber +[BR: add include for sys/resource.h] +Signed-off-by: Bruce Rogers +--- + vl.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/vl.c b/vl.c +index 4427bf5e1a..501cd28363 100644 +--- a/vl.c ++++ b/vl.c +@@ -26,6 +26,7 @@ + #include "qemu/cutils.h" + #include "qemu/help_option.h" + #include "qemu/uuid.h" ++#include + + #ifdef CONFIG_SECCOMP + #include "sysemu/seccomp.h" +@@ -3031,6 +3032,7 @@ int main(int argc, char **argv, char **envp) + Error *main_loop_err = NULL; + Error *err = NULL; + bool list_data_dirs = false; ++ struct rlimit rlimit_as; + + module_call_init(MODULE_INIT_TRACE); + +@@ -3038,6 +3040,16 @@ int main(int argc, char **argv, char **envp) + qemu_init_cpu_loop(); + qemu_mutex_lock_iothread(); + ++ /* ++ * Try to raise the soft address space limit. ++ * Default on SLES 11 SP2 is 80% of physical+swap memory. ++ */ ++ getrlimit(RLIMIT_AS, &rlimit_as); ++ if (rlimit_as.rlim_cur < rlimit_as.rlim_max) { ++ rlimit_as.rlim_cur = rlimit_as.rlim_max; ++ setrlimit(RLIMIT_AS, &rlimit_as); ++ } ++ + atexit(qemu_run_exit_notifiers); + error_set_progname(argv[0]); + qemu_init_exec_dir(argv[0]); diff --git a/0038-increase-x86_64-physical-bits-to-42.patch b/0038-increase-x86_64-physical-bits-to-42.patch new file mode 100644 index 00000000..c8898678 --- /dev/null +++ b/0038-increase-x86_64-physical-bits-to-42.patch @@ -0,0 +1,33 @@ +From 6fef5a1f40ec5dd0c13fabd299929125bafda7d4 Mon Sep 17 00:00:00 2001 +From: Bruce Rogers +Date: Fri, 17 May 2013 16:49:58 -0600 +Subject: [PATCH] increase x86_64 physical bits to 42 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Allow for guests with higher amounts of ram. The current thought +is that 2TB specified on qemu commandline would be an appropriate +limit. Note that this requires the next higher bit value since +the highest address is actually more than 2TB due to the pci +memory hole. + +Signed-off-by: Bruce Rogers +Signed-off-by: Andreas Färber +--- + target-i386/cpu.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target-i386/cpu.h b/target-i386/cpu.h +index c605724022..4c17f17701 100644 +--- a/target-i386/cpu.h ++++ b/target-i386/cpu.h +@@ -1465,7 +1465,7 @@ uint64_t cpu_get_tsc(CPUX86State *env); + /* XXX: This value should match the one returned by CPUID + * and in exec.c */ + # if defined(TARGET_X86_64) +-# define TCG_PHYS_ADDR_BITS 40 ++# define TCG_PHYS_ADDR_BITS 42 + # else + # define TCG_PHYS_ADDR_BITS 36 + # endif diff --git a/0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch b/0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch deleted file mode 100644 index 15a26982..00000000 --- a/0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 803968c258e59d2af30618b736c87b114c2038f1 Mon Sep 17 00:00:00 2001 -From: Benjamin Herrenschmidt -Date: Wed, 3 Aug 2016 13:15:06 +1000 -Subject: [PATCH] Fix tlb_vaddr_to_host with CONFIG_USER_ONLY -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We use the wrong argument name for the g2h() macro ! - -Signed-off-by: Benjamin Herrenschmidt -Reviewed-by: Peter Maydell -Reviewed-by: Laurent Vivier -Tested-by: Laurent Vivier -Signed-off-by: Andreas Färber ---- - include/exec/cpu_ldst.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h -index b573df5..6eb5fe8 100644 ---- a/include/exec/cpu_ldst.h -+++ b/include/exec/cpu_ldst.h -@@ -401,7 +401,7 @@ static inline void *tlb_vaddr_to_host(CPUArchState *env, target_ulong addr, - int access_type, int mmu_idx) - { - #if defined(CONFIG_USER_ONLY) -- return g2h(vaddr); -+ return g2h(addr); - #else - int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); - CPUTLBEntry *tlbentry = &env->tlb_table[mmu_idx][index]; diff --git a/0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch b/0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch new file mode 100644 index 00000000..4f81e0d6 --- /dev/null +++ b/0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch @@ -0,0 +1,64 @@ +From f29449e6c1a79238ed317b4e2307ef699e7612bd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Wed, 12 Jun 2013 19:26:37 +0200 +Subject: [PATCH] vga: Raise VRAM to 16 MiB for pc-0.15 and below +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +qemu-kvm.git commit a7fe0297840908a4fd65a1cf742481ccd45960eb +(Extend vram size to 16MB) deviated from qemu.git since kvm-61, and only +in commit 9e56edcf8dd1d4bc7ba2b1efb3641f36c0fad8ba (vga: raise default +vgamem size) did qemu.git adjust the VRAM size for v1.2. + +Add compatibility properties so that up to and including pc-0.15 we +maintain migration compatibility with qemu-kvm rather than QEMU and +from pc-1.0 on with QEMU (last qemu-kvm release was 1.2). + +Addresses part of BNC#812836. + +Signed-off-by: Andreas Färber +[BR: adjust comma position in list in macro for v2.5.0 compat] +Signed-off-by: Bruce Rogers +--- + hw/i386/pc_piix.c | 27 ++++++++++++++++++++++++++- + 1 file changed, 26 insertions(+), 1 deletion(-) + +diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c +index a54a468c0a..511d438bdb 100644 +--- a/hw/i386/pc_piix.c ++++ b/hw/i386/pc_piix.c +@@ -770,7 +770,32 @@ DEFINE_I440FX_MACHINE(v1_0, "pc-1.0", pc_compat_1_2, + + + #define PC_COMPAT_0_15 \ +- PC_CPU_MODEL_IDS("0.15") ++ PC_CPU_MODEL_IDS("0.15")\ ++ {\ ++ .driver = "VGA",\ ++ .property = "vgamem_mb",\ ++ .value = stringify(16),\ ++ },{\ ++ .driver = "vmware-svga",\ ++ .property = "vgamem_mb",\ ++ .value = stringify(16),\ ++ },{\ ++ .driver = "qxl-vga",\ ++ .property = "vgamem_mb",\ ++ .value = stringify(16),\ ++ },{\ ++ .driver = "qxl",\ ++ .property = "vgamem_mb",\ ++ .value = stringify(16),\ ++ },{\ ++ .driver = "isa-cirrus-vga",\ ++ .property = "vgamem_mb",\ ++ .value = stringify(16),\ ++ },{\ ++ .driver = "cirrus-vga",\ ++ .property = "vgamem_mb",\ ++ .value = stringify(16),\ ++ }, + + static void pc_i440fx_0_15_machine_options(MachineClass *m) + { diff --git a/0040-i8254-Fix-migration-from-SLE11-SP2.patch b/0040-i8254-Fix-migration-from-SLE11-SP2.patch new file mode 100644 index 00000000..f2c7166e --- /dev/null +++ b/0040-i8254-Fix-migration-from-SLE11-SP2.patch @@ -0,0 +1,43 @@ +From de2bd411b216f7fa9aacad1e86cbd9c25db8954a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Wed, 31 Jul 2013 17:05:29 +0200 +Subject: [PATCH] i8254: Fix migration from SLE11 SP2 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +qemu-kvm 0.15 had a VMSTATE_UINT32(flags, PITState) field that +qemu 1.4 does not have. + +Addresses part of BNC#812836. + +Signed-off-by: Andreas Färber +--- + hw/timer/i8254_common.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/hw/timer/i8254_common.c b/hw/timer/i8254_common.c +index e18299a482..bc676c4664 100644 +--- a/hw/timer/i8254_common.c ++++ b/hw/timer/i8254_common.c +@@ -258,6 +258,12 @@ static int pit_dispatch_post_load(void *opaque, int version_id) + return 0; + } + ++static bool is_qemu_kvm(void *opaque, int version_id) ++{ ++ /* HACK: We ignore incoming migration from upstream qemu */ ++ return version_id < 3; ++} ++ + static const VMStateDescription vmstate_pit_common = { + .name = "i8254", + .version_id = 3, +@@ -267,6 +273,7 @@ static const VMStateDescription vmstate_pit_common = { + .pre_save = pit_dispatch_pre_save, + .post_load = pit_dispatch_post_load, + .fields = (VMStateField[]) { ++ VMSTATE_UNUSED_TEST(is_qemu_kvm, 4), + VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3), + VMSTATE_STRUCT_ARRAY(channels, PITCommonState, 3, 2, + vmstate_pit_channel, PITChannelState), diff --git a/0041-acpi_piix4-Fix-migration-from-SLE11.patch b/0041-acpi_piix4-Fix-migration-from-SLE11.patch new file mode 100644 index 00000000..7d5e8aeb --- /dev/null +++ b/0041-acpi_piix4-Fix-migration-from-SLE11.patch @@ -0,0 +1,31 @@ +From 54d95bf6b1053208ce3bf31cad9a9cc8cf29c634 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Wed, 31 Jul 2013 17:32:35 +0200 +Subject: [PATCH] acpi_piix4: Fix migration from SLE11 SP2 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +qemu-kvm 0.15 uses the same GPE format as qemu 1.4, but as version 2 +rather than 3. + +Addresses part of BNC#812836. + +Signed-off-by: Andreas Färber +--- + hw/acpi/piix4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c +index 17d36bd595..f657eb7474 100644 +--- a/hw/acpi/piix4.c ++++ b/hw/acpi/piix4.c +@@ -311,7 +311,7 @@ static const VMStateDescription vmstate_cpuhp_state = { + static const VMStateDescription vmstate_acpi = { + .name = "piix4_pm", + .version_id = 3, +- .minimum_version_id = 3, ++ .minimum_version_id = 2, /* qemu-kvm */ + .minimum_version_id_old = 1, + .load_state_old = acpi_load_old, + .post_load = vmstate_acpi_post_load, diff --git a/0041-vmsvga-correct-bitmap-and-pixmap-si.patch b/0041-vmsvga-correct-bitmap-and-pixmap-si.patch deleted file mode 100644 index aadb8ccb..00000000 --- a/0041-vmsvga-correct-bitmap-and-pixmap-si.patch +++ /dev/null @@ -1,45 +0,0 @@ -From fd5aa800d14fbc8f0a6a75b37ee0e74092dde8cd Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Thu, 8 Sep 2016 18:15:54 +0530 -Subject: [PATCH] vmsvga: correct bitmap and pixmap size checks - -When processing svga command DEFINE_CURSOR in vmsvga_fifo_run, -the computed BITMAP and PIXMAP size are checked against the -'cursor.mask[]' and 'cursor.image[]' array sizes in bytes. -Correct these checks to avoid OOB memory access. - -Reported-by: Qinghao Tang -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Message-id: 1473338754-15430-1-git-send-email-ppandit@redhat.com -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 167d97a3def77ee2dbf6e908b0ecbfe2103977db) -[BR: CVE-2016-7170 BSC#998516] -Signed-off-by: Bruce Rogers ---- - hw/display/vmware_vga.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c -index e51a05e..6599cf0 100644 ---- a/hw/display/vmware_vga.c -+++ b/hw/display/vmware_vga.c -@@ -676,11 +676,13 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s) - cursor.bpp = vmsvga_fifo_read(s); - - args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp); -- if (cursor.width > 256 || -- cursor.height > 256 || -- cursor.bpp > 32 || -- SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || -- SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { -+ if (cursor.width > 256 -+ || cursor.height > 256 -+ || cursor.bpp > 32 -+ || SVGA_BITMAP_SIZE(x, y) -+ > sizeof(cursor.mask) / sizeof(cursor.mask[0]) -+ || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) -+ > sizeof(cursor.image) / sizeof(cursor.image[0])) { - goto badcmd; - } - diff --git a/0042-Fix-tigervnc-long-press-issue.patch b/0042-Fix-tigervnc-long-press-issue.patch new file mode 100644 index 00000000..31d7cf7a --- /dev/null +++ b/0042-Fix-tigervnc-long-press-issue.patch @@ -0,0 +1,55 @@ +From 87164237f308f856e2429044f88f7fe61243f745 Mon Sep 17 00:00:00 2001 +From: Chunyan Liu +Date: Thu, 3 Mar 2016 16:48:17 +0800 +Subject: [PATCH] Fix tigervnc long press issue + +Using xen tools 'xl vncviewer' with tigervnc (default on SLE-12), +found that: the display of the guest is unexpected while keep +pressing a key. We expect the same character multiple times, but +it prints only one time. This happens on a PV guest in text mode. + +After debugging, found that tigervnc sends repeated key down events +in this case, to differentiate from user pressing the same key many +times. Vnc server only prints the character when it finally receives +key up event. + +To solve this issue, this patch tries to add additional key up event +before the next repeated key down event (if the key is not a control +key). + +[CYL: BSC#882405] +Signed-off-by: Chunyan Liu +--- + ui/vnc.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/ui/vnc.c b/ui/vnc.c +index 8d0c16b23f..392c466dad 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -1770,6 +1770,25 @@ static void do_key_event(VncState *vs, int down, int keycode, int sym) + if (down) + vs->modifiers_state[keycode] ^= 1; + break; ++ default: ++ if (qemu_console_is_graphic(NULL)) { ++ /* record key 'down' info. Some client like tigervnc ++ * will send key down repeatedly if user pressing a ++ * a key for long time. In this case, we should add ++ * additional key up event before repeated key down, ++ * so that it can display the key multiple times. ++ */ ++ if (down) { ++ if (vs->modifiers_state[keycode]) { ++ /* add a key up event */ ++ do_key_event(vs, 0, keycode, sym); ++ } ++ vs->modifiers_state[keycode] = 1; ++ } else { ++ vs->modifiers_state[keycode] = 0; ++ } ++ } ++ break; + } + + /* Turn off the lock state sync logic if the client support the led diff --git a/0042-scsi-mptconfig-fix-an-assert-expres.patch b/0042-scsi-mptconfig-fix-an-assert-expres.patch deleted file mode 100644 index 6cce259c..00000000 --- a/0042-scsi-mptconfig-fix-an-assert-expres.patch +++ /dev/null @@ -1,36 +0,0 @@ -From eccd42e2e97bdf76467d48b0cecdd07327c686fd Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Wed, 31 Aug 2016 17:36:07 +0530 -Subject: [PATCH] scsi: mptconfig: fix an assert expression - -When LSI SAS1068 Host Bus emulator builds configuration page -headers, mptsas_config_pack() should assert that the size -fits in a byte. However, the size is expressed in 32-bit -units, so up to 1020 bytes fit. The assertion was only -allowing replies up to 252 bytes, so fix it. - -Suggested-by: Paolo Bonzini -Signed-off-by: Prasad J Pandit -Message-Id: <1472645167-30765-2-git-send-email-ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -(cherry picked from commit cf2bce203a45d7437029d108357fb23fea0967b6) -[BR: CVE-2016-7157 BSC#997860] -Signed-off-by: Bruce Rogers ---- - hw/scsi/mptconfig.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c -index 7071854..3e4f400 100644 ---- a/hw/scsi/mptconfig.c -+++ b/hw/scsi/mptconfig.c -@@ -158,7 +158,7 @@ static size_t mptsas_config_pack(uint8_t **data, const char *fmt, ...) - va_end(ap); - - if (data) { -- assert(ret < 256 && (ret % 4) == 0); -+ assert(ret / 4 < 256 && (ret % 4) == 0); - stb_p(*data + 1, ret / 4); - } - return ret; diff --git a/0043-fix-xen-hvm-direct-kernel-boot.patch b/0043-fix-xen-hvm-direct-kernel-boot.patch new file mode 100644 index 00000000..06a3f89a --- /dev/null +++ b/0043-fix-xen-hvm-direct-kernel-boot.patch @@ -0,0 +1,54 @@ +From be38f2a0ff94c1c60e51b9d82fdf8d4b038a6c7d Mon Sep 17 00:00:00 2001 +From: Chunyan Liu +Date: Fri, 29 Apr 2016 11:17:08 +0800 +Subject: [PATCH] fix xen hvm direct kernel boot + +Since commit a1666142: acpi-build: make ROMs RAM blocks resizeable, +xen HVM direct kernel boot failed. Xen HVM direct kernel boot will +insert a linuxboot.bin or multiboot.bin to /genroms, before this +commit, in acpi_setup, for rom linuxboot.bin/multiboot.bin, it +only needs 0x20000 size; after the commit, it will reserve x16 +size for resize, that is 0x200000 size. It causes xen_ram_alloc +failed due to running out of memory. + +To resolve it, either: +1. keep using original rom size instead of max size, don't reserve x16 size. +2. guest maxmem needs to be increased. (commit c1d322e6 "xen-hvm: increase + maxmem before calling xc_domain_populate_physmap" solved the problem for + a time, by accident. But then it is reverted in commit ffffbb369 due to + other problem.) + +For 2, more discussion is needed about howto. So this patch tries 1, to +use unresizable rom size in xen case in rom_set_mr. + +[CYL: BSC#970791] + +Signed-off-by: Chunyan Liu +--- + hw/core/loader.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/hw/core/loader.c b/hw/core/loader.c +index 45742494e6..306b3ed683 100644 +--- a/hw/core/loader.c ++++ b/hw/core/loader.c +@@ -55,6 +55,7 @@ + #include "exec/address-spaces.h" + #include "hw/boards.h" + #include "qemu/cutils.h" ++#include "hw/xen/xen.h" + + #include + +@@ -858,7 +859,10 @@ static void *rom_set_mr(Rom *rom, Object *owner, const char *name) + void *data; + + rom->mr = g_malloc(sizeof(*rom->mr)); +- memory_region_init_resizeable_ram(rom->mr, owner, name, ++ if (xen_enabled()) ++ memory_region_init_ram(rom->mr, owner, name, rom->datasize, &error_fatal); ++ else ++ memory_region_init_resizeable_ram(rom->mr, owner, name, + rom->datasize, rom->romsize, + fw_cfg_resized, + &error_fatal); diff --git a/0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch b/0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch deleted file mode 100644 index 4785f1f2..00000000 --- a/0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 3e3bf236d5b712cd5861effaf193093779584c80 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Mon, 29 Aug 2016 11:35:37 +0200 -Subject: [PATCH] scsi: mptconfig: fix misuse of MPTSAS_CONFIG_PACK - -These issues cause respectively a QEMU crash and a leak of 2 bytes of -stack. They were discovered by VictorV of 360 Marvel Team. - -Reported-by: Tom Victor -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -(cherry picked from commit 65a8e1f6413a0f6f79894da710b5d6d43361d27d) -[BR: CVE-2016-7157 BSC#997860] -Signed-off-by: Bruce Rogers ---- - hw/scsi/mptconfig.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c -index 3e4f400..87a416a 100644 ---- a/hw/scsi/mptconfig.c -+++ b/hw/scsi/mptconfig.c -@@ -203,7 +203,7 @@ size_t mptsas_config_manufacturing_1(MPTSASState *s, uint8_t **data, int address - { - /* VPD - all zeros */ - return MPTSAS_CONFIG_PACK(1, MPI_CONFIG_PAGETYPE_MANUFACTURING, 0x00, -- "s256"); -+ "*s256"); - } - - static -@@ -328,7 +328,7 @@ size_t mptsas_config_ioc_0(MPTSASState *s, uint8_t **data, int address) - return MPTSAS_CONFIG_PACK(0, MPI_CONFIG_PAGETYPE_IOC, 0x01, - "*l*lwwb*b*b*blww", - pcic->vendor_id, pcic->device_id, pcic->revision, -- pcic->subsystem_vendor_id, -+ pcic->class_id, pcic->subsystem_vendor_id, - pcic->subsystem_id); - } - diff --git a/0044-ARM-KVM-Enable-in-kernel-timers-wit.patch b/0044-ARM-KVM-Enable-in-kernel-timers-wit.patch new file mode 100644 index 00000000..cbbf0256 --- /dev/null +++ b/0044-ARM-KVM-Enable-in-kernel-timers-wit.patch @@ -0,0 +1,236 @@ +From 992fa3653d4f6202269df90e32160baf542f058a Mon Sep 17 00:00:00 2001 +From: Alexander Graf +Date: Mon, 19 Sep 2016 10:02:55 +0200 +Subject: [PATCH] ARM: KVM: Enable in-kernel timers with user space gic + +When running with KVM enabled, you can choose between emulating the +gic in kernel or user space. If the kernel supports in-kernel virtualization +of the interrupt controller, it will default to that. If not, if will +default to user space emulation. + +Unfortunately when running in user mode gic emulation, we miss out on +timer events which are only available from kernel space. This patch leverages +the new kernel/user space notification mechanism for those timer events. + +Signed-off-by: Alexander Graf +--- + hw/arm/virt.c | 18 ++++++++++++++++++ + hw/intc/Makefile.objs | 2 +- + hw/intc/arm_gic.c | 16 ++++++++++++++++ + linux-headers/linux/kvm.h | 14 ++++++++++++++ + target-arm/kvm.c | 29 ++++++++++++++++++++++++++++- + target-arm/kvm_arm.h | 11 +++++++++++ + 6 files changed, 88 insertions(+), 2 deletions(-) + +diff --git a/hw/arm/virt.c b/hw/arm/virt.c +index d04e4acbd9..2fbba49132 100644 +--- a/hw/arm/virt.c ++++ b/hw/arm/virt.c +@@ -623,6 +623,24 @@ static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic, int type, + } else if (type == 2) { + create_v2m(vbi, pic); + } ++ ++#ifdef CONFIG_KVM ++ if (kvm_enabled() && !kvm_irqchip_in_kernel()) { ++ for (i = 0; i < smp_cpus; i++) { ++ CPUState *cs = qemu_get_cpu(i); ++ int ret; ++ ++ ret = kvm_vcpu_enable_cap(cs, KVM_CAP_ARM_TIMER, 0, ++ KVM_ARM_TIMER_VTIMER); ++ ++ if (ret) { ++ error_report("KVM with user space irqchip only works when the " ++ "host kernel supports KVM_CAP_ARM_TIMER"); ++ exit(1); ++ } ++ } ++ } ++#endif + } + + static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic, int uart, +diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs +index 2f44a2da26..73cb694e44 100644 +--- a/hw/intc/Makefile.objs ++++ b/hw/intc/Makefile.objs +@@ -10,7 +10,6 @@ common-obj-$(CONFIG_REALVIEW) += realview_gic.o + common-obj-$(CONFIG_SLAVIO) += slavio_intctl.o + common-obj-$(CONFIG_IOAPIC) += ioapic_common.o + common-obj-$(CONFIG_ARM_GIC) += arm_gic_common.o +-common-obj-$(CONFIG_ARM_GIC) += arm_gic.o + common-obj-$(CONFIG_ARM_GIC) += arm_gicv2m.o + common-obj-$(CONFIG_ARM_GIC) += arm_gicv3_common.o + common-obj-$(CONFIG_ARM_GIC) += arm_gicv3.o +@@ -21,6 +20,7 @@ common-obj-$(CONFIG_OPENPIC) += openpic.o + common-obj-y += intc.o + + obj-$(CONFIG_APIC) += apic.o apic_common.o ++obj-$(CONFIG_ARM_GIC) += arm_gic.o + obj-$(CONFIG_ARM_GIC_KVM) += arm_gic_kvm.o + obj-$(call land,$(CONFIG_ARM_GIC_KVM),$(TARGET_AARCH64)) += arm_gicv3_kvm.o + obj-$(call land,$(CONFIG_ARM_GIC_KVM),$(TARGET_AARCH64)) += arm_gicv3_its_kvm.o +diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c +index 521aac3cc6..21236499f1 100644 +--- a/hw/intc/arm_gic.c ++++ b/hw/intc/arm_gic.c +@@ -25,6 +25,7 @@ + #include "qom/cpu.h" + #include "qemu/log.h" + #include "trace.h" ++#include "kvm_arm.h" + + //#define DEBUG_GIC + +@@ -557,6 +558,11 @@ static void gic_deactivate_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) + return; + } + ++ /* Tell KVM that we want to know about timer IRQs again */ ++ if (kvm_enabled()) { ++ kvm_arm_eoi_notify(cpu); ++ } ++ + GIC_CLEAR_ACTIVE(irq, cm); + } + +@@ -566,6 +572,12 @@ void gic_complete_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs) + int group; + + DPRINTF("EOI %d\n", irq); ++ ++ /* Tell KVM that we want to know about timer IRQs again */ ++ if (kvm_enabled()) { ++ kvm_arm_eoi_notify(cpu); ++ } ++ + if (irq >= s->num_irq) { + /* This handles two cases: + * 1. If software writes the ID of a spurious interrupt [ie 1023] +@@ -915,6 +927,10 @@ static void gic_dist_writeb(void *opaque, hwaddr offset, + trace_gic_enable_irq(irq + i); + } + GIC_SET_ENABLED(irq + i, cm); ++ /* Tell KVM that we want to know about timer IRQs again */ ++ if (kvm_enabled()) { ++ kvm_arm_eoi_notify(cpu); ++ } + /* If a raised level triggered IRQ enabled then mark + is as pending. */ + if (GIC_TEST_LEVEL(irq + i, mask) +diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h +index 4806e069e7..ffcacf8f0c 100644 +--- a/linux-headers/linux/kvm.h ++++ b/linux-headers/linux/kvm.h +@@ -205,6 +205,7 @@ struct kvm_hyperv_exit { + #define KVM_EXIT_S390_STSI 25 + #define KVM_EXIT_IOAPIC_EOI 26 + #define KVM_EXIT_HYPERV 27 ++#define KVM_EXIT_ARM_TIMER 28 + + /* For KVM_EXIT_INTERNAL_ERROR */ + /* Emulate instruction failed. */ +@@ -361,6 +362,10 @@ struct kvm_run { + } eoi; + /* KVM_EXIT_HYPERV */ + struct kvm_hyperv_exit hyperv; ++ /* KVM_EXIT_ARM_TIMER */ ++ struct { ++ __u8 timesource; ++ } arm_timer; + /* Fix the size of the union. */ + char padding[256]; + }; +@@ -870,6 +875,7 @@ struct kvm_ppc_smmu_info { + #define KVM_CAP_S390_USER_INSTR0 130 + #define KVM_CAP_MSI_DEVID 131 + #define KVM_CAP_PPC_HTM 132 ++#define KVM_CAP_ARM_TIMER 133 + + #ifdef KVM_CAP_IRQ_ROUTING + +@@ -1327,4 +1333,12 @@ struct kvm_assigned_msix_entry { + #define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) + #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) + ++/* Available with KVM_CAP_ARM_TIMER */ ++ ++/* Bits for run->request_interrupt_window */ ++#define KVM_IRQWINDOW_VTIMER (1 << 0) ++ ++/* Bits for run->arm_timer.timesource */ ++#define KVM_ARM_TIMER_VTIMER (1 << 0) ++ + #endif /* __LINUX_KVM_H */ +diff --git a/target-arm/kvm.c b/target-arm/kvm.c +index c00b94e42a..a4786a0a0b 100644 +--- a/target-arm/kvm.c ++++ b/target-arm/kvm.c +@@ -530,7 +530,6 @@ MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run) + return MEMTXATTRS_UNSPECIFIED; + } + +- + int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) + { + int ret = 0; +@@ -541,6 +540,23 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) + ret = EXCP_DEBUG; + } /* otherwise return to guest */ + break; ++ case KVM_EXIT_ARM_TIMER: ++ /* We only support the vtimer today */ ++ if (run->arm_timer.timesource != KVM_ARM_TIMER_VTIMER) { ++ return -EINVAL; ++ } ++ ++ /* ++ * We ask the kernel to not tell us about pending virtual timer irqs, ++ * so that we can process the IRQ until we get an EOI for it. Once the ++ * EOI hits, we unset and unmask the interrupt again and if it is still ++ * pending, we set the line high again ++ */ ++ run->request_interrupt_window = KVM_IRQWINDOW_VTIMER; ++ ++ /* Internally trigger virtual timer IRQ */ ++ qemu_set_irq(ARM_CPU(cs)->gt_timer_outputs[GTIMER_VIRT], 1); ++ break; + default: + qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n", + __func__, run->exit_reason); +@@ -638,3 +654,14 @@ int kvm_arch_msi_data_to_gsi(uint32_t data) + { + return (data - 32) & 0xffff; + } ++ ++void kvm_arm_eoi_notify(int cpu) ++{ ++ CPUState *cs; ++ ++ cs = qemu_get_cpu(cpu); ++ ++ /* Disable vtimer - if it's still pending we get notified again */ ++ cs->kvm_run->request_interrupt_window &= ~KVM_ARM_TIMER_VTIMER; ++ qemu_set_irq(ARM_CPU(cs)->gt_timer_outputs[GTIMER_VIRT], 0); ++} +diff --git a/target-arm/kvm_arm.h b/target-arm/kvm_arm.h +index 633d08828a..eeec8c5b20 100644 +--- a/target-arm/kvm_arm.h ++++ b/target-arm/kvm_arm.h +@@ -288,4 +288,15 @@ static inline const char *its_class_name(void) + } + } + ++/** ++ * kvm_arm_eoi_notify: ++ * ++ * @cpu: CPU index the EOI is for ++ * ++ * Notify KVM that we're done processing an interrupt. This is ++ * used to unmask any pending timer interrupts and potentially ++ * learn about the fact that the level is still high. ++ */ ++void kvm_arm_eoi_notify(int cpu); ++ + #endif diff --git a/0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch b/0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch deleted file mode 100644 index 370321f7..00000000 --- a/0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch +++ /dev/null @@ -1,64 +0,0 @@ -From c08b11cce7dce1fc89c71d3c0de4c5706a89009a Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Tue, 6 Sep 2016 02:20:43 +0530 -Subject: [PATCH] scsi: pvscsi: limit loop to fetch SG list - -In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very -long time or go into an infinite loop due to two different bugs: - -1) the request descriptor data length is defined to be 64 bit. While -building SG list from a request descriptor, it gets truncated to 32bit -in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop -situation large 'dataLen' values when data_length is cast to uint32_t and -chunk_size becomes always zero. Fix this by removing the incorrect cast. - -2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the -element has a zero length. Get out of the loop early when this happens, -by introducing an upper limit on the number of SG list elements. - -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Message-Id: <1473108643-12983-1-git-send-email-ppandit@redhat.com> -Signed-off-by: Paolo Bonzini -(cherry picked from commit 49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8) -[BR: CVE-2016-7156 BSC#997859] -Signed-off-by: Bruce Rogers ---- - hw/scsi/vmw_pvscsi.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c -index 5116f4a..73679f8 100644 ---- a/hw/scsi/vmw_pvscsi.c -+++ b/hw/scsi/vmw_pvscsi.c -@@ -40,6 +40,8 @@ - #define PVSCSI_MAX_DEVS (64) - #define PVSCSI_MSIX_NUM_VECTORS (1) - -+#define PVSCSI_MAX_SG_ELEM 2048 -+ - #define PVSCSI_MAX_CMD_DATA_WORDS \ - (sizeof(PVSCSICmdDescSetupRings)/sizeof(uint32_t)) - -@@ -634,17 +636,16 @@ pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d, - static void - pvscsi_convert_sglist(PVSCSIRequest *r) - { -- int chunk_size; -+ uint32_t chunk_size, elmcnt = 0; - uint64_t data_length = r->req.dataLen; - PVSCSISGState sg = r->sg; -- while (data_length) { -- while (!sg.resid) { -+ while (data_length && elmcnt < PVSCSI_MAX_SG_ELEM) { -+ while (!sg.resid && elmcnt++ < PVSCSI_MAX_SG_ELEM) { - pvscsi_get_next_sg_elem(&sg); - trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr, - r->sg.resid); - } -- assert(data_length > 0); -- chunk_size = MIN((unsigned) data_length, sg.resid); -+ chunk_size = MIN(data_length, sg.resid); - if (chunk_size) { - qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size); - } diff --git a/0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch b/0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch deleted file mode 100644 index 6cff7cd2..00000000 --- a/0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c559aa30371dc110e2b13e5006a327aab6503ac7 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Tue, 13 Sep 2016 03:20:03 -0700 -Subject: [PATCH] usb:xhci:fix memory leak in usb_xhci_exit - -If the xhci uses msix, it doesn't free the corresponding -memory, thus leading a memory leak. This patch avoid this. - -Signed-off-by: Li Qiang -Message-id: 57d7d2e0.d4301c0a.d13e9.9a55@mx.google.com -Signed-off-by: Gerd Hoffmann -(cherry picked from commit b53dd4495ced2432a0b652ea895e651d07336f7e) -[BR: CVE-2016-7466 BSC#1000345] -Signed-off-by: Bruce Rogers ---- - hw/usb/hcd-xhci.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c -index 188f954..281a2a5 100644 ---- a/hw/usb/hcd-xhci.c -+++ b/hw/usb/hcd-xhci.c -@@ -3709,8 +3709,7 @@ static void usb_xhci_exit(PCIDevice *dev) - /* destroy msix memory region */ - if (dev->msix_table && dev->msix_pba - && dev->msix_entry_used) { -- memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio); -- memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio); -+ msix_uninit(dev, &xhci->mem, &xhci->mem); - } - - usb_bus_release(&xhci->bus); diff --git a/0045-virtio-gpu-call-cleanup-mapping-fun.patch b/0045-virtio-gpu-call-cleanup-mapping-fun.patch new file mode 100644 index 00000000..0140e7ba --- /dev/null +++ b/0045-virtio-gpu-call-cleanup-mapping-fun.patch @@ -0,0 +1,44 @@ +From 7b6b039ba580ddafdb3a0377f3c39c8d5e57bbc6 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Mon, 28 Nov 2016 21:29:25 -0500 +Subject: [PATCH] virtio-gpu: call cleanup mapping function in resource destroy +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If the guest destroy the resource before detach banking, the 'iov' +and 'addrs' field in resource is not freed thus leading memory +leak issue. This patch avoid this. + +Signed-off-by: Li Qiang +Reviewed-by: Marc-André Lureau +Message-id: 1480386565-10077-1-git-send-email-liq3ea@gmail.com +Signed-off-by: Gerd Hoffmann +(cherry picked from commit b8e23926c568f2e963af39028b71c472e3023793) +BR: CVE-2016-9912 BSC#1014112] +Signed-off-by: Bruce Rogers +--- + hw/display/virtio-gpu.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index 5f32e1aae9..3eafe495ef 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -28,6 +28,8 @@ + static struct virtio_gpu_simple_resource* + virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id); + ++static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res); ++ + #ifdef CONFIG_VIRGL + #include + #define VIRGL(_g, _virgl, _simple, ...) \ +@@ -359,6 +361,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g, + struct virtio_gpu_simple_resource *res) + { + pixman_image_unref(res->image); ++ virtio_gpu_cleanup_mapping(res); + QTAILQ_REMOVE(&g->reslist, res, next); + g_free(res); + } diff --git a/0046-scsi-mptsas-use-g_new0-to-allocate-.patch b/0046-scsi-mptsas-use-g_new0-to-allocate-.patch deleted file mode 100644 index 480fd712..00000000 --- a/0046-scsi-mptsas-use-g_new0-to-allocate-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 9115b36311e918d6ccea499ff5767508b72250e6 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Mon, 12 Sep 2016 18:14:11 +0530 -Subject: [PATCH] scsi: mptsas: use g_new0 to allocate MPTSASRequest object - -When processing IO request in mptsas, it uses g_new to allocate -a 'req' object. If an error occurs before 'req->sreq' is -allocated, It could lead to an OOB write in mptsas_free_request -function. Use g_new0 to avoid it. - -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Message-Id: <1473684251-17476-1-git-send-email-ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -(cherry picked from commit 670e56d3ed2918b3861d9216f2c0540d9e9ae0d5) -[BR: CVE-2016-7423 BSC#1000397] -Signed-off-by: Bruce Rogers ---- - hw/scsi/mptsas.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c -index 0e0a22f..eaae1bb 100644 ---- a/hw/scsi/mptsas.c -+++ b/hw/scsi/mptsas.c -@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s, - goto bad; - } - -- req = g_new(MPTSASRequest, 1); -+ req = g_new0(MPTSASRequest, 1); - QTAILQ_INSERT_TAIL(&s->pending, req, next); - req->scsi_io = *scsi_io; - req->dev = s; diff --git a/0046-string-input-visitor-Fix-uint64-par.patch b/0046-string-input-visitor-Fix-uint64-par.patch new file mode 100644 index 00000000..3d1b41d5 --- /dev/null +++ b/0046-string-input-visitor-Fix-uint64-par.patch @@ -0,0 +1,133 @@ +From 8e642bbb73b0feb46dde13fa960db59efb8c69ed Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Thu, 24 Sep 2015 19:21:11 +0200 +Subject: [PATCH] string-input-visitor: Fix uint64 parsing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +All integers would get parsed by strtoll(), not handling the case of +UINT64 properties with the most significient bit set. + +Implement a .type_uint64 visitor callback, reusing the existing +parse_str() code through a new argument, using strtoull(). + +As this is a bug fix, it intentionally ignores checkpatch warnings to +prefer the use of qemu_strto[u]ll() over strto[u]ll(). + +Cc: qemu-stable@nongnu.org +Signed-off-by: Andreas Färber +--- + qapi/string-input-visitor.c | 63 +++++++++++++++++++++++++++++++++++---------- + 1 file changed, 50 insertions(+), 13 deletions(-) + +diff --git a/qapi/string-input-visitor.c b/qapi/string-input-visitor.c +index 8dfa561252..1fb43909df 100644 +--- a/qapi/string-input-visitor.c ++++ b/qapi/string-input-visitor.c +@@ -43,7 +43,8 @@ static void free_range(void *range, void *dummy) + g_free(range); + } + +-static int parse_str(StringInputVisitor *siv, const char *name, Error **errp) ++static int parse_str(StringInputVisitor *siv, const char *name, bool u64, ++ Error **errp) + { + char *str = (char *) siv->string; + long long start, end; +@@ -56,7 +57,11 @@ static int parse_str(StringInputVisitor *siv, const char *name, Error **errp) + + do { + errno = 0; +- start = strtoll(str, &endptr, 0); ++ if (u64) { ++ start = strtoull(str, &endptr, 0); ++ } else { ++ start = strtoll(str, &endptr, 0); ++ } + if (errno == 0 && endptr > str) { + if (*endptr == '\0') { + cur = g_malloc0(sizeof(*cur)); +@@ -67,7 +72,11 @@ static int parse_str(StringInputVisitor *siv, const char *name, Error **errp) + } else if (*endptr == '-') { + str = endptr + 1; + errno = 0; +- end = strtoll(str, &endptr, 0); ++ if (u64) { ++ end = strtoull(str, &endptr, 0); ++ } else { ++ end = strtoll(str, &endptr, 0); ++ } + if (errno == 0 && endptr > str && start <= end && + (start > INT64_MAX - 65536 || + end < start + 65536)) { +@@ -123,7 +132,7 @@ start_list(Visitor *v, const char *name, GenericList **list, size_t size, + assert(list); + siv->list = list; + +- if (parse_str(siv, name, errp) < 0) { ++ if (parse_str(siv, name, false, errp) < 0) { + *list = NULL; + return; + } +@@ -188,7 +197,7 @@ static void parse_type_int64(Visitor *v, const char *name, int64_t *obj, + return; + } + +- if (parse_str(siv, name, errp) < 0) { ++ if (parse_str(siv, name, false, errp) < 0) { + return; + } + +@@ -224,15 +233,43 @@ error: + static void parse_type_uint64(Visitor *v, const char *name, uint64_t *obj, + Error **errp) + { +- /* FIXME: parse_type_int64 mishandles values over INT64_MAX */ +- int64_t i; +- Error *err = NULL; +- parse_type_int64(v, name, &i, &err); +- if (err) { +- error_propagate(errp, err); +- } else { +- *obj = i; ++ StringInputVisitor *siv = to_siv(v); ++ ++ if (!siv->string) { ++ error_setg(errp, QERR_INVALID_PARAMETER_TYPE, name ? name : "null", ++ "integer"); ++ return; ++ } ++ ++ parse_str(siv, name, true, errp); ++ ++ if (!siv->ranges) { ++ goto error; + } ++ ++ if (!siv->cur_range) { ++ Range *r; ++ ++ siv->cur_range = g_list_first(siv->ranges); ++ if (!siv->cur_range) { ++ goto error; ++ } ++ ++ r = siv->cur_range->data; ++ if (!r) { ++ goto error; ++ } ++ ++ siv->cur = range_lob(r); ++ } ++ ++ *obj = siv->cur; ++ siv->cur++; ++ return; ++ ++error: ++ error_setg(errp, QERR_INVALID_PARAMETER_VALUE, name, ++ "a uint64 value or range"); + } + + static void parse_type_size(Visitor *v, const char *name, uint64_t *obj, diff --git a/0047-scsi-pvscsi-limit-process-IO-loop-t.patch b/0047-scsi-pvscsi-limit-process-IO-loop-t.patch deleted file mode 100644 index c1da85a9..00000000 --- a/0047-scsi-pvscsi-limit-process-IO-loop-t.patch +++ /dev/null @@ -1,38 +0,0 @@ -From a6cfc94b9a325993d6d77022ae8d0fd0cc77d117 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Wed, 14 Sep 2016 15:09:12 +0530 -Subject: [PATCH] scsi: pvscsi: limit process IO loop to ring size - -Vmware Paravirtual SCSI emulator while processing IO requests -could run into an infinite loop if 'pvscsi_ring_pop_req_descr' -always returned positive value. Limit IO loop to the ring size. - -Cc: qemu-stable@nongnu.org -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Message-Id: <1473845952-30785-1-git-send-email-ppandit@redhat.com> -Signed-off-by: Paolo Bonzini -(cherry picked from commit d251157ac1928191af851d199a9ff255d330bec9) -[BR: CVE-2016-7421 BSC#999661] -Signed-off-by: Bruce Rogers ---- - hw/scsi/vmw_pvscsi.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c -index 73679f8..efa5459 100644 ---- a/hw/scsi/vmw_pvscsi.c -+++ b/hw/scsi/vmw_pvscsi.c -@@ -253,8 +253,11 @@ static hwaddr - pvscsi_ring_pop_req_descr(PVSCSIRingInfo *mgr) - { - uint32_t ready_ptr = RS_GET_FIELD(mgr, reqProdIdx); -+ uint32_t ring_size = PVSCSI_MAX_NUM_PAGES_REQ_RING -+ * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE; - -- if (ready_ptr != mgr->consumed_ptr) { -+ if (ready_ptr != mgr->consumed_ptr -+ && ready_ptr - mgr->consumed_ptr < ring_size) { - uint32_t next_ready_ptr = - mgr->consumed_ptr++ & mgr->txr_len_mask; - uint32_t next_ready_page = diff --git a/0047-test-string-input-visitor-Add-int-t.patch b/0047-test-string-input-visitor-Add-int-t.patch new file mode 100644 index 00000000..866bf2e3 --- /dev/null +++ b/0047-test-string-input-visitor-Add-int-t.patch @@ -0,0 +1,34 @@ +From 70f17e51a9347f19c159e84dc39359e762ca224d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Thu, 24 Sep 2015 19:23:50 +0200 +Subject: [PATCH] test-string-input-visitor: Add int test case +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In addition to -42 also parse the maximum int64. + +Signed-off-by: Andreas Färber +--- + tests/test-string-input-visitor.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/tests/test-string-input-visitor.c b/tests/test-string-input-visitor.c +index 7f10e2582f..62ddcb1583 100644 +--- a/tests/test-string-input-visitor.c ++++ b/tests/test-string-input-visitor.c +@@ -56,6 +56,14 @@ static void test_visitor_in_int(TestInputVisitorData *data, + visit_type_int(v, NULL, &res, &err); + g_assert(!err); + g_assert_cmpint(res, ==, value); ++ visitor_input_teardown(data, unused); ++ ++ value = INT64_MAX; ++ v = visitor_input_test_init(data, g_strdup_printf("%" PRId64, value)); ++ ++ visit_type_int(v, NULL, &res, &err); ++ g_assert(!err); ++ g_assert_cmpint(res, ==, value); + + visitor_input_teardown(data, unused); + diff --git a/0048-test-string-input-visitor-Add-uint6.patch b/0048-test-string-input-visitor-Add-uint6.patch new file mode 100644 index 00000000..7be1e081 --- /dev/null +++ b/0048-test-string-input-visitor-Add-uint6.patch @@ -0,0 +1,57 @@ +From 6afc22092786abd94108345c608892317aadb27a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Thu, 24 Sep 2015 19:24:23 +0200 +Subject: [PATCH] test-string-input-visitor: Add uint64 test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Test parsing of decimal and hexadecimal uint64 numbers with most +significant bit set. + +Signed-off-by: Andreas Färber +--- + tests/test-string-input-visitor.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/tests/test-string-input-visitor.c b/tests/test-string-input-visitor.c +index 62ddcb1583..214cce2d3b 100644 +--- a/tests/test-string-input-visitor.c ++++ b/tests/test-string-input-visitor.c +@@ -73,6 +73,27 @@ static void test_visitor_in_int(TestInputVisitorData *data, + error_free_or_abort(&err); + } + ++static void test_visitor_in_uint64(TestInputVisitorData *data, ++ const void *unused) ++{ ++ uint64_t res = 0, value = UINT64_MAX; ++ Error *err = NULL; ++ Visitor *v; ++ ++ v = visitor_input_test_init(data, g_strdup_printf("%" PRIu64, value)); ++ ++ visit_type_uint64(v, NULL, &res, &err); ++ g_assert(!err); ++ g_assert_cmpint(res, ==, value); ++ visitor_input_teardown(data, unused); ++ ++ v = visitor_input_test_init(data, g_strdup_printf("0x%" PRIx64, value)); ++ ++ visit_type_uint64(v, NULL, &res, &err); ++ g_assert(!err); ++ g_assert_cmpint(res, ==, value); ++} ++ + static void test_visitor_in_intList(TestInputVisitorData *data, + const void *unused) + { +@@ -275,6 +296,8 @@ int main(int argc, char **argv) + + input_visitor_test_add("/string-visitor/input/int", + &in_visitor_data, test_visitor_in_int); ++ input_visitor_test_add("/string-visitor/input/uint64", ++ &in_visitor_data, test_visitor_in_uint64); + input_visitor_test_add("/string-visitor/input/intList", + &in_visitor_data, test_visitor_in_intList); + input_visitor_test_add("/string-visitor/input/bool", diff --git a/0048-virtio-add-check-for-descriptor-s-m.patch b/0048-virtio-add-check-for-descriptor-s-m.patch deleted file mode 100644 index 9cc345ee..00000000 --- a/0048-virtio-add-check-for-descriptor-s-m.patch +++ /dev/null @@ -1,38 +0,0 @@ -From db87d12d0e7e3720ebc0283aced8077f43e29963 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Mon, 19 Sep 2016 23:55:45 +0530 -Subject: [PATCH] virtio: add check for descriptor's mapped address - -virtio back end uses set of buffers to facilitate I/O operations. -If its size is too large, 'cpu_physical_memory_map' could return -a null address. This would result in a null dereference while -un-mapping descriptors. Add check to avoid it. - -Reported-by: Qinghao Tang -Signed-off-by: Prasad J Pandit -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Laszlo Ersek -(cherry picked from commit 973e7170dddefb491a48df5cba33b2ae151013a0) -[BR: CVE-2016-7422 BSC#1000346] -Signed-off-by: Bruce Rogers ---- - hw/virtio/virtio.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c -index 74c085c..eabe573 100644 ---- a/hw/virtio/virtio.c -+++ b/hw/virtio/virtio.c -@@ -473,6 +473,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove - } - - iov[num_sg].iov_base = cpu_physical_memory_map(pa, &len, is_write); -+ if (!iov[num_sg].iov_base) { -+ error_report("virtio: bogus descriptor or out of resources"); -+ exit(1); -+ } -+ - iov[num_sg].iov_len = len; - addr[num_sg] = pa; - diff --git a/0049-net-mcf-limit-buffer-descriptor-cou.patch b/0049-net-mcf-limit-buffer-descriptor-cou.patch deleted file mode 100644 index 3970e9e9..00000000 --- a/0049-net-mcf-limit-buffer-descriptor-cou.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 60f6f3204dcfbb6c7518751061abc99ddd9b2c97 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Thu, 22 Sep 2016 16:02:37 +0530 -Subject: [PATCH] net: mcf: limit buffer descriptor count - -ColdFire Fast Ethernet Controller uses buffer descriptors to manage -data flow to/fro receive & transmit queues. While transmitting -packets, it could continue to read buffer descriptors if a buffer -descriptor has length of zero and has crafted values in bd.flags. -Set upper limit to number of buffer descriptors. - -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Reviewed-by: Paolo Bonzini -Signed-off-by: Jason Wang -(cherry picked from commit 070c4b92b8cd5390889716677a0b92444d6e087a) -[BR: CVE-2016-7908 BSC#1002550] -Signed-off-by: Bruce Rogers ---- - hw/net/mcf_fec.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c -index 0ee8ad9..d31fea1 100644 ---- a/hw/net/mcf_fec.c -+++ b/hw/net/mcf_fec.c -@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0) - #define DPRINTF(fmt, ...) do {} while(0) - #endif - -+#define FEC_MAX_DESC 1024 - #define FEC_MAX_FRAME_SIZE 2032 - - typedef struct { -@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s) - uint32_t addr; - mcf_fec_bd bd; - int frame_size; -- int len; -+ int len, descnt = 0; - uint8_t frame[FEC_MAX_FRAME_SIZE]; - uint8_t *ptr; - -@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s) - ptr = frame; - frame_size = 0; - addr = s->tx_descriptor; -- while (1) { -+ while (descnt++ < FEC_MAX_DESC) { - mcf_fec_read_bd(&bd, addr); - DPRINTF("tx_bd %x flags %04x len %d data %08x\n", - addr, bd.flags, bd.length, bd.data); diff --git a/0049-tests-Add-QOM-property-unit-tests.patch b/0049-tests-Add-QOM-property-unit-tests.patch new file mode 100644 index 00000000..0b041273 --- /dev/null +++ b/0049-tests-Add-QOM-property-unit-tests.patch @@ -0,0 +1,179 @@ +From bf1cd7a4b8d686cda17d594edf4739a2a28200b9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Sun, 6 Sep 2015 20:12:42 +0200 +Subject: [PATCH] tests: Add QOM property unit tests +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add a test for parsing and setting a uint64 property. + +Signed-off-by: Andreas Färber +--- + MAINTAINERS | 1 + + tests/Makefile.include | 3 ++ + tests/check-qom-props.c | 122 ++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 126 insertions(+) + create mode 100644 tests/check-qom-props.c + +diff --git a/MAINTAINERS b/MAINTAINERS +index 4a605791fc..f003db2c5c 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -1361,6 +1361,7 @@ F: qom/ + X: qom/cpu.c + F: tests/check-qom-interface.c + F: tests/check-qom-proplist.c ++F: tests/check-qom-props.c + F: tests/qom-test.c + + QMP +diff --git a/tests/Makefile.include b/tests/Makefile.include +index e98d3b6bb3..958f768eba 100644 +--- a/tests/Makefile.include ++++ b/tests/Makefile.include +@@ -86,6 +86,8 @@ check-unit-y += tests/check-qom-interface$(EXESUF) + gcov-files-check-qom-interface-y = qom/object.c + check-unit-y += tests/check-qom-proplist$(EXESUF) + gcov-files-check-qom-proplist-y = qom/object.c ++check-unit-y += tests/check-qom-props$(EXESUF) ++gcov-files-check-qom-props-y = qom/object.c + check-unit-y += tests/test-qemu-opts$(EXESUF) + gcov-files-test-qemu-opts-y = qom/test-qemu-opts.c + check-unit-y += tests/test-write-threshold$(EXESUF) +@@ -487,6 +489,7 @@ tests/check-qnull$(EXESUF): tests/check-qnull.o $(test-util-obj-y) + tests/check-qjson$(EXESUF): tests/check-qjson.o $(test-util-obj-y) + tests/check-qom-interface$(EXESUF): tests/check-qom-interface.o $(test-qom-obj-y) + tests/check-qom-proplist$(EXESUF): tests/check-qom-proplist.o $(test-qom-obj-y) ++tests/check-qom-props$(EXESUF): tests/check-qom-props.o $(test-qom-obj-y) + + tests/test-char$(EXESUF): tests/test-char.o qemu-char.o qemu-timer.o $(test-util-obj-y) $(qtest-obj-y) $(test-io-obj-y) + tests/test-coroutine$(EXESUF): tests/test-coroutine.o $(test-block-obj-y) +diff --git a/tests/check-qom-props.c b/tests/check-qom-props.c +new file mode 100644 +index 0000000000..681e121c07 +--- /dev/null ++++ b/tests/check-qom-props.c +@@ -0,0 +1,122 @@ ++/* ++ * Copyright (C) 2015 Red Hat, Inc. ++ * Copyright (c) 2015 SUSE Linux GmbH ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library. If not, see ++ * . ++ * ++ * Author: Daniel P. Berrange ++ * Andreas Färber ++ */ ++ ++#include "qemu/osdep.h" ++ ++#include ++ ++#include "qapi/visitor.h" ++#include "qom/object.h" ++#include "qemu/module.h" ++ ++ ++#define TYPE_DUMMY "qemu-dummy" ++ ++typedef struct DummyObject DummyObject; ++typedef struct DummyObjectClass DummyObjectClass; ++ ++#define DUMMY_OBJECT(obj) \ ++ OBJECT_CHECK(DummyObject, (obj), TYPE_DUMMY) ++ ++struct DummyObject { ++ Object parent_obj; ++ ++ uint64_t u64val; ++}; ++ ++struct DummyObjectClass { ++ ObjectClass parent_class; ++}; ++ ++static void dummy_set_uint64(Object *obj, Visitor *v, ++ const char *name, void *opaque, ++ Error **errp) ++{ ++ uint64_t *ptr = (uint64_t *)opaque; ++ ++ visit_type_uint64(v, name, ptr, errp); ++} ++ ++static void dummy_get_uint64(Object *obj, Visitor *v, ++ const char *name, void *opaque, ++ Error **errp) ++{ ++ uint64_t value = *(uint64_t *)opaque; ++ ++ visit_type_uint64(v, name, &value, errp); ++} ++ ++static void dummy_init(Object *obj) ++{ ++ DummyObject *dobj = DUMMY_OBJECT(obj); ++ ++ object_property_add(obj, "u64val", "uint64", ++ dummy_get_uint64, ++ dummy_set_uint64, ++ NULL, &dobj->u64val, NULL); ++} ++ ++ ++static const TypeInfo dummy_info = { ++ .name = TYPE_DUMMY, ++ .parent = TYPE_OBJECT, ++ .instance_size = sizeof(DummyObject), ++ .instance_init = dummy_init, ++ .class_size = sizeof(DummyObjectClass), ++}; ++ ++static void test_dummy_uint64(void) ++{ ++ Error *err = NULL; ++ char *str; ++ DummyObject *dobj = DUMMY_OBJECT(object_new(TYPE_DUMMY)); ++ ++ g_assert(dobj->u64val == 0); ++ ++ str = g_strdup_printf("%" PRIu64, UINT64_MAX); ++ object_property_parse(OBJECT(dobj), str, "u64val", &err); ++ g_free(str); ++ g_assert(!err); ++ g_assert_cmpint(dobj->u64val, ==, UINT64_MAX); ++ ++ dobj->u64val = 0; ++ str = g_strdup_printf("0x%" PRIx64, UINT64_MAX); ++ object_property_parse(OBJECT(dobj), str, "u64val", &err); ++ g_free(str); ++ g_assert(!err); ++ g_assert_cmpint(dobj->u64val, ==, UINT64_MAX); ++ ++ object_unref(OBJECT(dobj)); ++} ++ ++ ++int main(int argc, char **argv) ++{ ++ g_test_init(&argc, &argv, NULL); ++ ++ module_call_init(MODULE_INIT_QOM); ++ type_register_static(&dummy_info); ++ ++ g_test_add_func("/qom/props/uint64", test_dummy_uint64); ++ ++ return g_test_run(); ++} diff --git a/0050-tests-Add-scsi-disk-test.patch b/0050-tests-Add-scsi-disk-test.patch new file mode 100644 index 00000000..aa070f0f --- /dev/null +++ b/0050-tests-Add-scsi-disk-test.patch @@ -0,0 +1,142 @@ +From e01538b7559d5560be963fc679f51e7441111fc2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Fri, 25 Sep 2015 12:31:11 +0200 +Subject: [PATCH] tests: Add scsi-disk test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Test scsi-{disk,hd,cd} wwn properties for correct 64-bit parsing. + +For now piggyback on virtio-scsi. + +Cc: Paolo Bonzini +Signed-off-by: Andreas Färber +--- + MAINTAINERS | 1 + + tests/Makefile.include | 3 ++ + tests/scsi-disk-test.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 86 insertions(+) + create mode 100644 tests/scsi-disk-test.c + +diff --git a/MAINTAINERS b/MAINTAINERS +index f003db2c5c..fcf633640e 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -920,6 +920,7 @@ M: Paolo Bonzini + S: Supported + F: include/hw/scsi/* + F: hw/scsi/* ++F: tests/scsi-disk-test.c + F: tests/virtio-scsi-test.c + T: git git://github.com/bonzini/qemu.git scsi-next + +diff --git a/tests/Makefile.include b/tests/Makefile.include +index 958f768eba..5643e8fa64 100644 +--- a/tests/Makefile.include ++++ b/tests/Makefile.include +@@ -148,6 +148,8 @@ check-qtest-virtio-y += tests/virtio-rng-test$(EXESUF) + gcov-files-virtio-y += hw/virtio/virtio-rng.c + check-qtest-virtio-y += tests/virtio-scsi-test$(EXESUF) + gcov-files-virtio-y += i386-softmmu/hw/scsi/virtio-scsi.c ++check-qtest-virtio-y += tests/scsi-disk-test$(EXESUF) ++gcov-files-virtio-y += i386-softmmu/hw/scsi/scsi-disk.c + ifeq ($(CONFIG_VIRTIO)$(CONFIG_VIRTFS)$(CONFIG_PCI),yyy) + check-qtest-virtio-y += tests/virtio-9p-test$(EXESUF) + gcov-files-virtio-y += hw/9pfs/virtio-9p.c +@@ -682,6 +684,7 @@ tests/usb-hcd-xhci-test$(EXESUF): tests/usb-hcd-xhci-test.o $(libqos-usb-obj-y) + tests/pc-cpu-test$(EXESUF): tests/pc-cpu-test.o + tests/postcopy-test$(EXESUF): tests/postcopy-test.o + tests/vhost-user-test$(EXESUF): tests/vhost-user-test.o qemu-char.o qemu-timer.o $(qtest-obj-y) $(test-io-obj-y) $(libqos-virtio-obj-y) $(libqos-pc-obj-y) ++tests/scsi-disk-test$(EXESUF): tests/scsi-disk-test.o + tests/qemu-iotests/socket_scm_helper$(EXESUF): tests/qemu-iotests/socket_scm_helper.o + tests/test-qemu-opts$(EXESUF): tests/test-qemu-opts.o $(test-util-obj-y) + tests/test-write-threshold$(EXESUF): tests/test-write-threshold.o $(test-block-obj-y) +diff --git a/tests/scsi-disk-test.c b/tests/scsi-disk-test.c +new file mode 100644 +index 0000000000..f19f93d97a +--- /dev/null ++++ b/tests/scsi-disk-test.c +@@ -0,0 +1,82 @@ ++/* ++ * QTest testcase for SCSI disks ++ * See virtio-scsi-test for more integrated tests. ++ * ++ * Copyright (c) 2015 SUSE Linux GmbH ++ * ++ * This work is licensed under the terms of the GNU GPL, version 2 or later. ++ * See the COPYING file in the top-level directory. ++ */ ++ ++#include "qemu/osdep.h" ++#include ++#include "libqtest.h" ++#include "qapi/qmp/qint.h" ++ ++static void test_scsi_disk_common(const char *type, const char *id) ++{ ++ char *cmdline, *path; ++ QDict *response; ++ QInt *value; ++ ++ cmdline = g_strdup_printf( ++ "-drive id=drv0,if=none,file=/dev/null,format=raw " ++ "-device virtio-scsi-pci,id=scsi0 " ++ "-device %s,id=%s,bus=scsi0.0,drive=drv0" ++ ",wwn=0x%" PRIx64 ",port_wwn=0x%" PRIx64, ++ type, id, UINT64_MAX, UINT64_C(1) << 63); ++ qtest_start(cmdline); ++ g_free(cmdline); ++ ++ path = g_strdup_printf("/machine/peripheral/%s", id); ++ ++ response = qmp("{ 'execute': 'qom-get'," ++ " 'arguments': { 'path': %s," ++ " 'property': 'wwn' } }", ++ path); ++ g_assert(response); ++ g_assert(qdict_haskey(response, "return")); ++ value = qobject_to_qint(qdict_get(response, "return")); ++ g_assert_cmpint(qint_get_int(value), ==, UINT64_MAX); ++ ++ response = qmp("{ 'execute': 'qom-get'," ++ " 'arguments': { 'path': %s," ++ " 'property': 'port_wwn' } }", ++ path); ++ g_assert(response); ++ g_assert(qdict_haskey(response, "return")); ++ value = qobject_to_qint(qdict_get(response, "return")); ++ g_assert_cmpint(qint_get_int(value), ==, UINT64_C(1) << 63); ++ ++ g_free(path); ++ qtest_end(); ++} ++ ++static void test_scsi_disk(void) ++{ ++ test_scsi_disk_common("scsi-disk", "disk0"); ++} ++ ++static void test_scsi_hd(void) ++{ ++ test_scsi_disk_common("scsi-hd", "hd0"); ++} ++ ++static void test_scsi_cd(void) ++{ ++ test_scsi_disk_common("scsi-cd", "cd0"); ++} ++ ++int main(int argc, char **argv) ++{ ++ int ret; ++ ++ g_test_init(&argc, &argv, NULL); ++ qtest_add_func("/scsi-disk/props", test_scsi_disk); ++ qtest_add_func("/scsi-hd/props", test_scsi_hd); ++ qtest_add_func("/scsi-cd/props", test_scsi_cd); ++ ++ ret = g_test_run(); ++ ++ return ret; ++} diff --git a/0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch b/0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch deleted file mode 100644 index bde1cf3f..00000000 --- a/0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 9d2c9efdb4d8b49689517271db3420c6de75278d Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Sun, 18 Sep 2016 19:48:35 -0700 -Subject: [PATCH] usb: ehci: fix memory leak in ehci_process_itd - -While processing isochronous transfer descriptors(iTD), if the page -select(PG) field value is out of bands it will return. In this -situation the ehci's sg list is not freed thus leading to a memory -leak issue. This patch avoid this. - -Signed-off-by: Li Qiang -Reviewed-by: Thomas Huth -Signed-off-by: Michael Tokarev -(cherry picked from commit b16c129daf0fed91febbb88de23dae8271c8898a) -[BR: CVE-2016-7995 BSC#1003612] -Signed-off-by: Bruce Rogers ---- - hw/usb/hcd-ehci.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c -index b093db7..f4ece9a 100644 ---- a/hw/usb/hcd-ehci.c -+++ b/hw/usb/hcd-ehci.c -@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci, - if (off + len > 4096) { - /* transfer crosses page border */ - if (pg == 6) { -+ qemu_sglist_destroy(&ehci->isgl); - return -1; /* avoid page pg + 1 */ - } - ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK); diff --git a/0051-virtio-gpu-fix-information-leak-in-.patch b/0051-virtio-gpu-fix-information-leak-in-.patch new file mode 100644 index 00000000..7deaff77 --- /dev/null +++ b/0051-virtio-gpu-fix-information-leak-in-.patch @@ -0,0 +1,40 @@ +From 0cfea2b4d63daecfcf05e54e2f1d6755e9158a31 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Tue, 1 Nov 2016 05:37:57 -0700 +Subject: [PATCH] virtio-gpu: fix information leak in capset get dispatch +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In virgl_cmd_get_capset function, it uses g_malloc to allocate +a response struct to the guest. As the 'resp'struct hasn't been full +initialized it will lead the 'resp->padding' field to the guest. +Use g_malloc0 to avoid this. + +Signed-off-by: Li Qiang +Reviewed-by: Marc-André Lureau +Message-id: 58188cae.4a6ec20a.3d2d1.aff2@mx.google.com + +[ kraxel: resolved conflict ] + +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 85d9d044471f93c48c5c396f7e217b4ef12f69f8) +[BR: CVE-2016-9908 BSC#1014514] +Signed-off-by: Bruce Rogers +--- + hw/display/virtio-gpu-3d.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c +index 23f39de94d..d98b1404e1 100644 +--- a/hw/display/virtio-gpu-3d.c ++++ b/hw/display/virtio-gpu-3d.c +@@ -371,7 +371,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g, + + virgl_renderer_get_cap_set(gc.capset_id, &max_ver, + &max_size); +- resp = g_malloc(sizeof(*resp) + max_size); ++ resp = g_malloc0(sizeof(*resp) + max_size); + + resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET; + virgl_renderer_fill_caps(gc.capset_id, diff --git a/0051-xhci-limit-the-number-of-link-trbs-.patch b/0051-xhci-limit-the-number-of-link-trbs-.patch deleted file mode 100644 index 18e0e7a4..00000000 --- a/0051-xhci-limit-the-number-of-link-trbs-.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 8e5cea1968f6fe19792237cb2abeaf6e7ff3244e Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Mon, 10 Oct 2016 12:46:22 +0200 -Subject: [PATCH] xhci: limit the number of link trbs we are willing to process - -Needed to avoid we run in circles forever in case the guest builds -an endless loop with link trbs. - -Reported-by: Li Qiang -Tested-by: P J P -Signed-off-by: Gerd Hoffmann -Message-id: 1476096382-7981-1-git-send-email-kraxel@redhat.com -(cherry picked from commit 05f43d44e4bc26611ce25fd7d726e483f73363ce) -[BR: CVE-2016-8576 BSC#1003878] -Signed-off-by: Bruce Rogers ---- - hw/usb/hcd-xhci.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c -index 281a2a5..8a9a31a 100644 ---- a/hw/usb/hcd-xhci.c -+++ b/hw/usb/hcd-xhci.c -@@ -54,6 +54,8 @@ - * to the specs when it gets them */ - #define ER_FULL_HACK - -+#define TRB_LINK_LIMIT 4 -+ - #define LEN_CAP 0x40 - #define LEN_OPER (0x400 + 0x10 * MAXPORTS) - #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20) -@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, - dma_addr_t *addr) - { - PCIDevice *pci_dev = PCI_DEVICE(xhci); -+ uint32_t link_cnt = 0; - - while (1) { - TRBType type; -@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, - ring->dequeue += TRB_SIZE; - return type; - } else { -+ if (++link_cnt > TRB_LINK_LIMIT) { -+ return 0; -+ } - ring->dequeue = xhci_mask64(trb->parameter); - if (trb->control & TRB_LK_TC) { - ring->ccs = !ring->ccs; -@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) - bool ccs = ring->ccs; - /* hack to bundle together the two/three TDs that make a setup transfer */ - bool control_td_set = 0; -+ uint32_t link_cnt = 0; - - while (1) { - TRBType type; -@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) - type = TRB_TYPE(trb); - - if (type == TR_LINK) { -+ if (++link_cnt > TRB_LINK_LIMIT) { -+ return -length; -+ } - dequeue = xhci_mask64(trb.parameter); - if (trb.control & TRB_LK_TC) { - ccs = !ccs; diff --git a/0052-9pfs-allocate-space-for-guest-origi.patch b/0052-9pfs-allocate-space-for-guest-origi.patch deleted file mode 100644 index e578449f..00000000 --- a/0052-9pfs-allocate-space-for-guest-origi.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 2d4128223e6b5a3dff30e0b07435620f1092c5ae Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Mon, 17 Oct 2016 14:13:58 +0200 -Subject: [PATCH] 9pfs: allocate space for guest originated empty strings - -If a guest sends an empty string paramater to any 9P operation, the current -code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }. - -This is unfortunate because it can cause NULL pointer dereference to happen -at various locations in the 9pfs code. And we don't want to check str->data -everywhere we pass it to strcmp() or any other function which expects a -dereferenceable pointer. - -This patch enforces the allocation of genuine C empty strings instead, so -callers don't have to bother. - -Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if -the returned string is empty. It now uses v9fs_string_size() since -name.data cannot be NULL anymore. - -Signed-off-by: Li Qiang -[groug, rewritten title and changelog, - fix empty string check in v9fs_xattrwalk()] -Signed-off-by: Greg Kurz -(cherry picked from commit ba42ebb863ab7d40adc79298422ed9596df8f73a) -[BR: CVE-2016-8578 BSC#1003894] -Signed-off-by: Bruce Rogers ---- - fsdev/9p-iov-marshal.c | 2 +- - hw/9pfs/9p.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c -index 663cad5..1d16f8d 100644 ---- a/fsdev/9p-iov-marshal.c -+++ b/fsdev/9p-iov-marshal.c -@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset, - str->data = g_malloc(str->size + 1); - copied = v9fs_unpack(str->data, out_sg, out_num, offset, - str->size); -- if (copied > 0) { -+ if (copied >= 0) { - str->data[str->size] = 0; - } else { - v9fs_string_free(str); -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index dfe293d..a345fe3 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -3160,7 +3160,7 @@ static void v9fs_xattrwalk(void *opaque) - goto out; - } - v9fs_path_copy(&xattr_fidp->path, &file_fidp->path); -- if (name.data == NULL) { -+ if (!v9fs_string_size(&name)) { - /* - * listxattr request. Get the size first - */ diff --git a/0052-display-cirrus-ignore-source-pitch-.patch b/0052-display-cirrus-ignore-source-pitch-.patch new file mode 100644 index 00000000..fe5b74f8 --- /dev/null +++ b/0052-display-cirrus-ignore-source-pitch-.patch @@ -0,0 +1,72 @@ +From 3b4bf7e1b33e254709c6a3948891f7da4aac63e3 Mon Sep 17 00:00:00 2001 +From: Bruce Rogers +Date: Mon, 9 Jan 2017 13:35:20 -0700 +Subject: [PATCH] display: cirrus: ignore source pitch value as needed in + blit_is_unsafe + +Commit 4299b90 added a check which is too broad, given that the source +pitch value is not required to be initialized for solid fill operations. +This patch refines the blit_is_unsafe() check to ignore source pitch in +that case. After applying the above commit as a security patch, we +noticed the SLES 11 SP4 guest gui failed to initialize properly. + +Signed-off-by: Bruce Rogers +Message-id: 20170109203520.5619-1-brogers@suse.com +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 913a87885f589d263e682c2eb6637c6e14538061) +[BR: BSC#1016779] +Signed-off-by: Bruce Rogers +--- + hw/display/cirrus_vga.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index bdb092ee9d..379910db2d 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -294,7 +294,7 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, + return false; + } + +-static bool blit_is_unsafe(struct CirrusVGAState *s) ++static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only) + { + /* should be the case, see cirrus_bitblt_start */ + assert(s->cirrus_blt_width > 0); +@@ -308,6 +308,9 @@ static bool blit_is_unsafe(struct CirrusVGAState *s) + s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) { + return true; + } ++ if (dst_only) { ++ return false; ++ } + if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch, + s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) { + return true; +@@ -673,7 +676,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s, + + dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask); + +- if (blit_is_unsafe(s)) ++ if (blit_is_unsafe(s, false)) + return 0; + + (*s->cirrus_rop) (s, dst, src, +@@ -691,7 +694,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop) + { + cirrus_fill_t rop_func; + +- if (blit_is_unsafe(s)) { ++ if (blit_is_unsafe(s, true)) { + return 0; + } + rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; +@@ -795,7 +798,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h) + + static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s) + { +- if (blit_is_unsafe(s)) ++ if (blit_is_unsafe(s, false)) + return 0; + + return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr, diff --git a/0053-9pfs-fix-memory-leak-in-v9fs_link.patch b/0053-9pfs-fix-memory-leak-in-v9fs_link.patch deleted file mode 100644 index fb6e314c..00000000 --- a/0053-9pfs-fix-memory-leak-in-v9fs_link.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 9f7f59799ea714c512ecfc0e224df66095abf9c0 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Mon, 17 Oct 2016 14:13:58 +0200 -Subject: [PATCH] 9pfs: fix memory leak in v9fs_link - -The v9fs_link() function keeps a reference on the source fid object. This -causes a memory leak since the reference never goes down to 0. This patch -fixes the issue. - -Signed-off-by: Li Qiang -Reviewed-by: Greg Kurz -[groug, rephrased the changelog] -Signed-off-by: Greg Kurz -(cherry picked from commit 4c1586787ff43c9acd18a56c12d720e3e6be9f7c) -[BR: CVE-2016-9105 BSC#1007494] -Signed-off-by: Bruce Rogers ---- - hw/9pfs/9p.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index a345fe3..239aef4 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -2402,6 +2402,7 @@ static void v9fs_link(void *opaque) - if (!err) { - err = offset; - } -+ put_fid(pdu, oldfidp); - out: - put_fid(pdu, dfidp); - out_nofid: diff --git a/0053-s390x-kvm-fix-small-race-reboot-vs..patch b/0053-s390x-kvm-fix-small-race-reboot-vs..patch new file mode 100644 index 00000000..f119bb5f --- /dev/null +++ b/0053-s390x-kvm-fix-small-race-reboot-vs..patch @@ -0,0 +1,34 @@ +From 65cef1a069623a0cede6b0bbb6ddeaec0fb023b3 Mon Sep 17 00:00:00 2001 +From: Christian Borntraeger +Date: Tue, 24 Jan 2017 22:17:47 +0100 +Subject: [PATCH] s390x/kvm: fix small race reboot vs. cmma + +Right now we reset all devices before we reset the cmma states. This +can result in the host kernel discarding guest pages that were +previously in the unused state but already contain a bios or a -kernel +file before the cmma reset has finished. This race results in random +guest crashes or hangs during very early reboot. + +Fixes: 1cd4e0f6f0a6 ("s390x/cmma: clean up cmma reset") +Cc: qemu-stable@nongnu.org +Signed-off-by: Christian Borntraeger +(cherry picked from commit 1a0e4c8b02ea510508970c333ee610a90b921cbb) +Signed-off-by: Bruce Rogers +--- + hw/s390x/s390-virtio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/s390x/s390-virtio.c b/hw/s390x/s390-virtio.c +index 0a963473ad..7a3a7fe5fd 100644 +--- a/hw/s390x/s390-virtio.c ++++ b/hw/s390x/s390-virtio.c +@@ -204,8 +204,8 @@ void s390_machine_reset(void) + { + S390CPU *ipl_cpu = S390_CPU(qemu_get_cpu(0)); + +- qemu_devices_reset(); + s390_cmma_reset(); ++ qemu_devices_reset(); + s390_crypto_reset(); + + /* all cpus are stopped - configure and start the ipl cpu only */ diff --git a/0054-9pfs-fix-potential-host-memory-leak.patch b/0054-9pfs-fix-potential-host-memory-leak.patch deleted file mode 100644 index f9218b6f..00000000 --- a/0054-9pfs-fix-potential-host-memory-leak.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 5f29f9ab1d097cf326dfa477f75d30117f668b49 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Mon, 17 Oct 2016 14:13:58 +0200 -Subject: [PATCH] 9pfs: fix potential host memory leak in v9fs_read - -In 9pfs read dispatch function, it doesn't free two QEMUIOVector -object thus causing potential memory leak. This patch avoid this. - -Signed-off-by: Li Qiang -Signed-off-by: Greg Kurz -(cherry picked from commit e95c9a493a5a8d6f969e86c9f19f80ffe6587e19) -[BR: CVE-2016-8577 BSC#1003893] -Signed-off-by: Bruce Rogers ---- - hw/9pfs/9p.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 239aef4..4a71cff 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -1812,14 +1812,15 @@ static void v9fs_read(void *opaque) - if (len < 0) { - /* IO error return the error */ - err = len; -- goto out; -+ goto out_free_iovec; - } - } while (count < max_count && len > 0); - err = pdu_marshal(pdu, offset, "d", count); - if (err < 0) { -- goto out; -+ goto out_free_iovec; - } - err += offset + count; -+out_free_iovec: - qemu_iovec_destroy(&qiov); - qemu_iovec_destroy(&qiov_full); - } else if (fidp->fid_type == P9_FID_XATTR) { diff --git a/0054-target-s390x-use-qemu-cpu-model-in-.patch b/0054-target-s390x-use-qemu-cpu-model-in-.patch new file mode 100644 index 00000000..19af2458 --- /dev/null +++ b/0054-target-s390x-use-qemu-cpu-model-in-.patch @@ -0,0 +1,32 @@ +From 52f9cd6fd4943ff0202133646da31788447a2209 Mon Sep 17 00:00:00 2001 +From: David Hildenbrand +Date: Mon, 30 Jan 2017 15:50:25 +0100 +Subject: [PATCH] target/s390x: use "qemu" cpu model in user mode + +"any" does not exist, therefore resulting in a misleading error message. + +Reported-by: Stefan Weil +Signed-off-by: David Hildenbrand +Message-Id: <20170130145025.26475-1-david@redhat.com> +Reviewed-by: Stefan Weil +Reviewed-by: Alexander Graf +Cc: qemu-stable@nongnu.org +(cherry picked from commit d8923bc75479cd3fdcc72b7647f4877f91950b01) +Signed-off-by: Bruce Rogers +--- + linux-user/main.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/linux-user/main.c b/linux-user/main.c +index 75b199f274..cc77ec4713 100644 +--- a/linux-user/main.c ++++ b/linux-user/main.c +@@ -4045,6 +4045,8 @@ int main(int argc, char **argv, char **envp) + # endif + #elif defined TARGET_SH4 + cpu_model = TYPE_SH7785_CPU; ++#elif defined TARGET_S390X ++ cpu_model = "qemu"; + #else + cpu_model = "any"; + #endif diff --git a/0055-9pfs-fix-information-leak-in-xattr-.patch b/0055-9pfs-fix-information-leak-in-xattr-.patch deleted file mode 100644 index 8303065e..00000000 --- a/0055-9pfs-fix-information-leak-in-xattr-.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 9f8a42e3f35479353ad9b9b5af78e136fd59b509 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Mon, 17 Oct 2016 14:13:58 +0200 -Subject: [PATCH] 9pfs: fix information leak in xattr read - -9pfs uses g_malloc() to allocate the xattr memory space, if the guest -reads this memory before writing to it, this will leak host heap memory -to the guest. This patch avoid this. - -Signed-off-by: Li Qiang -Reviewed-by: Greg Kurz -Signed-off-by: Greg Kurz -(cherry picked from commit eb687602853b4ae656e9236ee4222609f3a6887d) -[BR: CVE-2016-9103 BSC#1007454] -Signed-off-by: Bruce Rogers ---- - hw/9pfs/9p.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 4a71cff..af32464 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -3270,7 +3270,7 @@ static void v9fs_xattrcreate(void *opaque) - xattr_fidp->fs.xattr.flags = flags; - v9fs_string_init(&xattr_fidp->fs.xattr.name); - v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name); -- xattr_fidp->fs.xattr.value = g_malloc(size); -+ xattr_fidp->fs.xattr.value = g_malloc0(size); - err = offset; - put_fid(pdu, file_fidp); - out_nofid: diff --git a/0055-linux-user-exclude-cpu-model-code-w.patch b/0055-linux-user-exclude-cpu-model-code-w.patch new file mode 100644 index 00000000..414ef97d --- /dev/null +++ b/0055-linux-user-exclude-cpu-model-code-w.patch @@ -0,0 +1,35 @@ +From a31edb2865923f478830a2f05e64259ae9841f3c Mon Sep 17 00:00:00 2001 +From: Bruce Rogers +Date: Tue, 14 Feb 2017 10:37:59 -0700 +Subject: [PATCH] linux-user: exclude cpu model code when building linux-user + +A section of s390_realize_cpu_model() needed to be guarded by +CONFIG_USER_ONLY. This omission was causing a segfault when +testing the executable being built for the s390x qemu-linux-user +package. + +Signed-off-by: Bruce Rogers +--- + target-s390x/cpu_models.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/target-s390x/cpu_models.c b/target-s390x/cpu_models.c +index c1e729df5e..f2eadd2cfb 100644 +--- a/target-s390x/cpu_models.c ++++ b/target-s390x/cpu_models.c +@@ -738,6 +738,7 @@ void s390_realize_cpu_model(CPUState *cs, Error **errp) + return; + } + ++#ifndef CONFIG_USER_ONLY + /* copy over properties that can vary */ + cpu->model->lowest_ibc = max_model->lowest_ibc; + cpu->model->cpu_id = max_model->cpu_id; +@@ -750,6 +751,7 @@ void s390_realize_cpu_model(CPUState *cs, Error **errp) + } + + apply_cpu_model(cpu->model, errp); ++#endif + } + + static void get_feature(Object *obj, Visitor *v, const char *name, diff --git a/0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch b/0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch deleted file mode 100644 index 90e16546..00000000 --- a/0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 61eb543d366088cebecaf8fead80d1bd32db7cb2 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Mon, 17 Oct 2016 14:13:58 +0200 -Subject: [PATCH] 9pfs: fix memory leak in v9fs_xattrcreate - -The 'fs.xattr.value' field in V9fsFidState object doesn't consider the -situation that this field has been allocated previously. Every time, it -will be allocated directly. This leads to a host memory leak issue if -the client sends another Txattrcreate message with the same fid number -before the fid from the previous time got clunked. - -Signed-off-by: Li Qiang -Reviewed-by: Greg Kurz -[groug, updated the changelog to indicate how the leak can occur] -Signed-off-by: Greg Kurz - -(cherry picked from commit ff55e94d23ae94c8628b0115320157c763eb3e06) -[BR: CVE-2016-9102 BSC#1007450] -Signed-off-by: Bruce Rogers ---- - hw/9pfs/9p.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index af32464..aa2b8c0 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -3270,6 +3270,7 @@ static void v9fs_xattrcreate(void *opaque) - xattr_fidp->fs.xattr.flags = flags; - v9fs_string_init(&xattr_fidp->fs.xattr.name); - v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name); -+ g_free(xattr_fidp->fs.xattr.value); - xattr_fidp->fs.xattr.value = g_malloc0(size); - err = offset; - put_fid(pdu, file_fidp); diff --git a/0056-tests-check-path-to-avoid-a-failing.patch b/0056-tests-check-path-to-avoid-a-failing.patch new file mode 100644 index 00000000..10e783d5 --- /dev/null +++ b/0056-tests-check-path-to-avoid-a-failing.patch @@ -0,0 +1,30 @@ +From 5525a02cb6f16bf4bd4ba111012457be80e99418 Mon Sep 17 00:00:00 2001 +From: Bruce Rogers +Date: Fri, 17 Feb 2017 14:59:49 -0700 +Subject: [PATCH] tests: check path to avoid a failing qga/get-vcpus test + +The qga/get-vcpus test fails in a simple chroot environment, as +used in an openSUSE Build Service local build, so first check +that the sysfs based path exists in order to avoid calling this +test in an environment where it won't work right. + +Signed-off-by: Bruce Rogers +--- + tests/test-qga.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/test-qga.c b/tests/test-qga.c +index 868b02a40f..9e6d19a6e1 100644 +--- a/tests/test-qga.c ++++ b/tests/test-qga.c +@@ -924,7 +924,9 @@ int main(int argc, char **argv) + g_test_add_data_func("/qga/info", &fix, test_qga_info); + g_test_add_data_func("/qga/network-get-interfaces", &fix, + test_qga_network_get_interfaces); +- g_test_add_data_func("/qga/get-vcpus", &fix, test_qga_get_vcpus); ++ if (!access("/sys/devices/system/cpu/cpu0", F_OK)) { ++ g_test_add_data_func("/qga/get-vcpus", &fix, test_qga_get_vcpus); ++ } + g_test_add_data_func("/qga/get-fsinfo", &fix, test_qga_get_fsinfo); + g_test_add_data_func("/qga/get-memory-block-info", &fix, + test_qga_get_memory_block_info); diff --git a/0057-9pfs-fix-memory-leak-in-v9fs_write.patch b/0057-9pfs-fix-memory-leak-in-v9fs_write.patch deleted file mode 100644 index 66d3e86e..00000000 --- a/0057-9pfs-fix-memory-leak-in-v9fs_write.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 1dd9e4b00e2f7eb60436a5a3017042eb7b93a8ff Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Mon, 17 Oct 2016 14:13:58 +0200 -Subject: [PATCH] 9pfs: fix memory leak in v9fs_write - -If an error occurs when marshalling the transfer length to the guest, the -v9fs_write() function doesn't free an IO vector, thus leading to a memory -leak. This patch fixes the issue. - -Signed-off-by: Li Qiang -Reviewed-by: Greg Kurz -[groug, rephrased the changelog] -Signed-off-by: Greg Kurz -(cherry picked from commit fdfcc9aeea1492f4b819a24c94dfb678145b1bf9) -[BR: CVE-2016-9106 BSC#1007495] -Signed-off-by: Bruce Rogers ---- - hw/9pfs/9p.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index aa2b8c0..af07846 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -2080,7 +2080,7 @@ static void v9fs_write(void *opaque) - offset = 7; - err = pdu_marshal(pdu, offset, "d", total); - if (err < 0) { -- goto out; -+ goto out_qiov; - } - err += offset; - trace_v9fs_write_return(pdu->tag, pdu->id, total, err); diff --git a/0057-display-virtio-gpu-3d-check-virgl-c.patch b/0057-display-virtio-gpu-3d-check-virgl-c.patch new file mode 100644 index 00000000..945b631c --- /dev/null +++ b/0057-display-virtio-gpu-3d-check-virgl-c.patch @@ -0,0 +1,40 @@ +From 818182d6045bb5a052b3fd53b995df6510084e83 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit +Date: Wed, 14 Dec 2016 12:31:56 +0530 +Subject: [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size + +Virtio GPU device while processing 'VIRTIO_GPU_CMD_GET_CAPSET' +command, retrieves the maximum capabilities size to fill in the +response object. It continues to fill in capabilities even if +retrieved 'max_size' is zero(0), thus resulting in OOB access. +Add check to avoid it. + +Reported-by: Zhenhao Hong +Signed-off-by: Prasad J Pandit +Message-id: 20161214070156.23368-1-ppandit@redhat.com +Signed-off-by: Gerd Hoffmann +(cherry picked from commit abd7f08b2353f43274b785db8c7224f082ef4d31) +[BR: CVE-2016-10028 BSC#1017084 BSC#1016503] +Signed-off-by: Bruce Rogers +--- + hw/display/virtio-gpu-3d.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c +index d98b1404e1..cdd03a47bd 100644 +--- a/hw/display/virtio-gpu-3d.c ++++ b/hw/display/virtio-gpu-3d.c +@@ -371,8 +371,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g, + + virgl_renderer_get_cap_set(gc.capset_id, &max_ver, + &max_size); +- resp = g_malloc0(sizeof(*resp) + max_size); ++ if (!max_size) { ++ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; ++ return; ++ } + ++ resp = g_malloc0(sizeof(*resp) + max_size); + resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET; + virgl_renderer_fill_caps(gc.capset_id, + gc.capset_version, diff --git a/0058-char-serial-check-divider-value-aga.patch b/0058-char-serial-check-divider-value-aga.patch deleted file mode 100644 index 54a83603..00000000 --- a/0058-char-serial-check-divider-value-aga.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 5a472227730f7f2465baf36716d755ced0300611 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Wed, 12 Oct 2016 11:28:08 +0530 -Subject: [PATCH] char: serial: check divider value against baud base - -16550A UART device uses an oscillator to generate frequencies -(baud base), which decide communication speed. This speed could -be changed by dividing it by a divider. If the divider is -greater than the baud base, speed is set to zero, leading to a -divide by zero error. Add check to avoid it. - -Reported-by: Huawei PSIRT -Signed-off-by: Prasad J Pandit -Message-Id: <1476251888-20238-1-git-send-email-ppandit@redhat.com> -Signed-off-by: Paolo Bonzini -(cherry picked from commit 3592fe0c919cf27a81d8e9f9b4f269553418bb01) -[BR: CVE-2016-8669 BSC#1004707] -Signed-off-by: Bruce Rogers ---- - hw/char/serial.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/hw/char/serial.c b/hw/char/serial.c -index 3442f47..eec72b7 100644 ---- a/hw/char/serial.c -+++ b/hw/char/serial.c -@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s) - int speed, parity, data_bits, stop_bits, frame_size; - QEMUSerialSetParams ssp; - -- if (s->divider == 0) -+ if (s->divider == 0 || s->divider > s->baudbase) { - return; -+ } - - /* Start bit. */ - frame_size = 1; diff --git a/0058-watchdog-6300esb-add-exit-function.patch b/0058-watchdog-6300esb-add-exit-function.patch new file mode 100644 index 00000000..f4645f18 --- /dev/null +++ b/0058-watchdog-6300esb-add-exit-function.patch @@ -0,0 +1,46 @@ +From 56fb083af9f432ec4ab438f016e26025981f3136 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Mon, 28 Nov 2016 17:49:04 -0800 +Subject: [PATCH] watchdog: 6300esb: add exit function + +When the Intel 6300ESB watchdog is hot unplug. The timer allocated +in realize isn't freed thus leaking memory leak. This patch avoid +this through adding the exit function. + +Signed-off-by: Li Qiang +Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com> +Signed-off-by: Paolo Bonzini +(cherry picked from commit eb7a20a3616085d46aa6b4b4224e15587ec67e6e) +[BR: CVE-2016-10155 BSC#1021129] +Signed-off-by: Bruce Rogers +--- + hw/watchdog/wdt_i6300esb.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c +index a83d951213..49b3cd188a 100644 +--- a/hw/watchdog/wdt_i6300esb.c ++++ b/hw/watchdog/wdt_i6300esb.c +@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp) + /* qemu_register_coalesced_mmio (addr, 0x10); ? */ + } + ++static void i6300esb_exit(PCIDevice *dev) ++{ ++ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev); ++ ++ timer_del(d->timer); ++ timer_free(d->timer); ++} ++ + static WatchdogTimerModel model = { + .wdt_name = "i6300esb", + .wdt_description = "Intel 6300ESB", +@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data) + k->config_read = i6300esb_config_read; + k->config_write = i6300esb_config_write; + k->realize = i6300esb_realize; ++ k->exit = i6300esb_exit; + k->vendor_id = PCI_VENDOR_ID_INTEL; + k->device_id = PCI_DEVICE_ID_INTEL_ESB_9; + k->class_id = PCI_CLASS_SYSTEM_OTHER; diff --git a/0059-net-pcnet-check-rx-tx-descriptor-ri.patch b/0059-net-pcnet-check-rx-tx-descriptor-ri.patch deleted file mode 100644 index 9ea0c601..00000000 --- a/0059-net-pcnet-check-rx-tx-descriptor-ri.patch +++ /dev/null @@ -1,37 +0,0 @@ -From ac4e97299905661397882b588d6d2c08e5df65b0 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Fri, 30 Sep 2016 00:27:33 +0530 -Subject: [PATCH] net: pcnet: check rx/tx descriptor ring length - -The AMD PC-Net II emulator has set of control and status(CSR) -registers. Of these, CSR76 and CSR78 hold receive and transmit -descriptor ring length respectively. This ring length could range -from 1 to 65535. Setting ring length to zero leads to an infinite -loop in pcnet_rdra_addr() or pcnet_transmit(). Add check to avoid it. - -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Signed-off-by: Jason Wang -(cherry picked from commit 34e29ce754c02bb6b3bdd244fbb85033460feaff) -[BR: CVE-2016-7909 BSC#1002557] -Signed-off-by: Bruce Rogers ---- - hw/net/pcnet.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c -index 198a01f..3078de8 100644 ---- a/hw/net/pcnet.c -+++ b/hw/net/pcnet.c -@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value) - case 47: /* POLLINT */ - case 72: - case 74: -+ break; - case 76: /* RCVRL */ - case 78: /* XMTRL */ -+ val = (val > 0) ? val : 512; -+ break; - case 112: - if (CSR_STOP(s) || CSR_SPND(s)) - break; diff --git a/0059-virtio-gpu-3d-fix-memory-leak-in-re.patch b/0059-virtio-gpu-3d-fix-memory-leak-in-re.patch new file mode 100644 index 00000000..b3368bbd --- /dev/null +++ b/0059-virtio-gpu-3d-fix-memory-leak-in-re.patch @@ -0,0 +1,41 @@ +From 07cbf6021a6ab8bf3756692379a9942bdfeb7e00 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Thu, 29 Dec 2016 03:11:26 -0500 +Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If the virgl_renderer_resource_attach_iov function fails the +'res_iovs' will be leaked. Add check of the return value to +free the 'res_iovs' when failing. + +Signed-off-by: Li Qiang +Reviewed-by: Marc-André Lureau +Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 33243031dad02d161225ba99d782616da133f689) +[BR: CVE-2017-5552 BSC#1021195] +Signed-off-by: Bruce Rogers +--- + hw/display/virtio-gpu-3d.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c +index cdd03a47bd..f96a0c2e59 100644 +--- a/hw/display/virtio-gpu-3d.c ++++ b/hw/display/virtio-gpu-3d.c +@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g, + return; + } + +- virgl_renderer_resource_attach_iov(att_rb.resource_id, +- res_iovs, att_rb.nr_entries); ++ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id, ++ res_iovs, att_rb.nr_entries); ++ ++ if (ret != 0) ++ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries); + } + + static void virgl_resource_detach_backing(VirtIOGPU *g, diff --git a/0060-net-eepro100-fix-memory-leak-in-dev.patch b/0060-net-eepro100-fix-memory-leak-in-dev.patch deleted file mode 100644 index 0622c216..00000000 --- a/0060-net-eepro100-fix-memory-leak-in-dev.patch +++ /dev/null @@ -1,30 +0,0 @@ -From c266d999085e07c2cbb9b59b9cf4e39c0c7e2ae0 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Sat, 8 Oct 2016 05:07:25 -0700 -Subject: [PATCH] net: eepro100: fix memory leak in device uninit - -The exit dispatch of eepro100 network card device doesn't free -the 's->vmstate' field which was allocated in device realize thus -leading a host memory leak. This patch avoid this. - -Signed-off-by: Li Qiang -Signed-off-by: Jason Wang -(cherry picked from commit 2634ab7fe29b3f75d0865b719caf8f310d634aae) -[BR: CVE-2016-9101 BSC#1007391] -Signed-off-by: Bruce Rogers ---- - hw/net/eepro100.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c -index bab4dbf..4bf71f2 100644 ---- a/hw/net/eepro100.c -+++ b/hw/net/eepro100.c -@@ -1843,6 +1843,7 @@ static void pci_nic_uninit(PCIDevice *pci_dev) - EEPRO100State *s = DO_UPCAST(EEPRO100State, dev, pci_dev); - - vmstate_unregister(&pci_dev->qdev, s->vmstate, s); -+ g_free(s->vmstate); - eeprom93xx_free(&pci_dev->qdev, s->eeprom); - qemu_del_nic(s->nic); - } diff --git a/0060-virtio-gpu-fix-memory-leak-in-resou.patch b/0060-virtio-gpu-fix-memory-leak-in-resou.patch new file mode 100644 index 00000000..03bd1012 --- /dev/null +++ b/0060-virtio-gpu-fix-memory-leak-in-resou.patch @@ -0,0 +1,35 @@ +From 536ae1665b9302a31932113b1ec7d52cbd7af752 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Thu, 29 Dec 2016 04:28:41 -0500 +Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing + +In the resource attach backing function, everytime it will +allocate 'res->iov' thus can leading a memory leak. This +patch avoid this. + +Signed-off-by: Li Qiang +Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 204f01b30975923c64006f8067f0937b91eea68b) +[BR: CVE-2017-5578 BSC#1021481] +Signed-off-by: Bruce Rogers +--- + hw/display/virtio-gpu.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index 3eafe495ef..edd8ddaf78 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -708,6 +708,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g, + return; + } + ++ if (res->iov) { ++ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; ++ return; ++ } ++ + ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov); + if (ret != 0) { + cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; diff --git a/0061-net-rocker-set-limit-to-DMA-buffer-.patch b/0061-net-rocker-set-limit-to-DMA-buffer-.patch deleted file mode 100644 index 9849d564..00000000 --- a/0061-net-rocker-set-limit-to-DMA-buffer-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 9999bb270b68c8bfb82d37a52515cbbfdc7d900f Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Wed, 12 Oct 2016 14:40:55 +0530 -Subject: [PATCH] net: rocker: set limit to DMA buffer size - -Rocker network switch emulator has test registers to help debug -DMA operations. While testing host DMA access, a buffer address -is written to register 'TEST_DMA_ADDR' and its size is written to -register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT -test, if DMA buffer size was greater than 'INT_MAX', it leads to -an invalid buffer access. Limit the DMA buffer size to avoid it. - -Reported-by: Huawei PSIRT -Signed-off-by: Prasad J Pandit -Reviewed-by: Jiri Pirko -Signed-off-by: Jason Wang -(cherry picked from commit 8caed3d564672e8bc6d2e4c6a35228afd01f4723) -[BR: CVE-2016-8668 BSC#1004706] -Signed-off-by: Bruce Rogers ---- - hw/net/rocker/rocker.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c -index 30f2ce4..e9d215a 100644 ---- a/hw/net/rocker/rocker.c -+++ b/hw/net/rocker/rocker.c -@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val) - rocker_msix_irq(r, val); - break; - case ROCKER_TEST_DMA_SIZE: -- r->test_dma_size = val; -+ r->test_dma_size = val & 0xFFFF; - break; - case ROCKER_TEST_DMA_ADDR + 4: - r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32; diff --git a/0061-virtio-fix-vq-inuse-recalc-after-mi.patch b/0061-virtio-fix-vq-inuse-recalc-after-mi.patch new file mode 100644 index 00000000..eb9b8e1e --- /dev/null +++ b/0061-virtio-fix-vq-inuse-recalc-after-mi.patch @@ -0,0 +1,53 @@ +From d1d06f7db5b44371db5dc1c559c5d8c1bda9d731 Mon Sep 17 00:00:00 2001 +From: Halil Pasic +Date: Mon, 19 Dec 2016 16:44:44 +0100 +Subject: [PATCH] virtio: fix vq->inuse recalc after migr + +Correct recalculation of vq->inuse after migration for the corner case +where the avail_idx has already wrapped but used_idx not yet. + +Also change the type of the VirtQueue.inuse to unsigned int. This is +done to be consistent with other members representing sizes (VRing.num), +and because C99 guarantees max ring size < UINT_MAX but does not +guarantee max ring size < INT_MAX. + +Signed-off-by: Halil Pasic +Fixes: bccdef6b ("virtio: recalculate vq->inuse after migration") +CC: qemu-stable@nongnu.org +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Stefan Hajnoczi +(cherry picked from commit e66bcc408146730958d1a840bda85d7ad51e0cd7) +[BR: BSC#1020928] +Signed-off-by: Bruce Rogers +--- + hw/virtio/virtio.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c +index 1af2de2714..e37641a9c9 100644 +--- a/hw/virtio/virtio.c ++++ b/hw/virtio/virtio.c +@@ -92,7 +92,7 @@ struct VirtQueue + + uint16_t queue_index; + +- int inuse; ++ unsigned int inuse; + + uint16_t vector; + VirtIOHandleOutput handle_output; +@@ -1855,9 +1855,11 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id) + /* + * Some devices migrate VirtQueueElements that have been popped + * from the avail ring but not yet returned to the used ring. ++ * Since max ring size < UINT16_MAX it's safe to use modulo ++ * UINT16_MAX + 1 subtraction. + */ +- vdev->vq[i].inuse = vdev->vq[i].last_avail_idx - +- vdev->vq[i].used_idx; ++ vdev->vq[i].inuse = (uint16_t)(vdev->vq[i].last_avail_idx - ++ vdev->vq[i].used_idx); + if (vdev->vq[i].inuse > vdev->vq[i].vring.num) { + error_report("VQ %d size 0x%x < last_avail_idx 0x%x - " + "used_idx 0x%x", diff --git a/0062-audio-es1370-add-exit-function.patch b/0062-audio-es1370-add-exit-function.patch new file mode 100644 index 00000000..61112623 --- /dev/null +++ b/0062-audio-es1370-add-exit-function.patch @@ -0,0 +1,55 @@ +From 6a847bb812fe7946a2d3c457d75ca3db0fe962b0 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Wed, 14 Dec 2016 18:32:22 -0800 +Subject: [PATCH] audio: es1370: add exit function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Currently the es1370 device emulation doesn't have a exit function, +hot unplug this device will leak some memory. Add a exit function to +avoid this. + +Signed-off-by: Li Qiang +Reviewed-by: Marc-André Lureau +Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da) +[BR: CVE-2017-5526 BSC#1020589] +Signed-off-by: Bruce Rogers +--- + hw/audio/es1370.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c +index 8449b5f436..883ec69b30 100644 +--- a/hw/audio/es1370.c ++++ b/hw/audio/es1370.c +@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp) + es1370_reset (s); + } + ++static void es1370_exit(PCIDevice *dev) ++{ ++ ES1370State *s = ES1370(dev); ++ int i; ++ ++ for (i = 0; i < 2; ++i) { ++ AUD_close_out(&s->card, s->dac_voice[i]); ++ } ++ ++ AUD_close_in(&s->card, s->adc_voice); ++ AUD_remove_card(&s->card); ++} ++ + static int es1370_init (PCIBus *bus) + { + pci_create_simple (bus, -1, TYPE_ES1370); +@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data) + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); + + k->realize = es1370_realize; ++ k->exit = es1370_exit; + k->vendor_id = PCI_VENDOR_ID_ENSONIQ; + k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370; + k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO; diff --git a/0062-net-vmxnet-initialise-local-tx-desc.patch b/0062-net-vmxnet-initialise-local-tx-desc.patch deleted file mode 100644 index 7117c06d..00000000 --- a/0062-net-vmxnet-initialise-local-tx-desc.patch +++ /dev/null @@ -1,33 +0,0 @@ -From d77a9e7e19bf1f4697445513df7b67a865bb6d8e Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Thu, 11 Aug 2016 00:42:20 +0530 -Subject: [PATCH] net: vmxnet: initialise local tx descriptor - -In Vmxnet3 device emulator while processing transmit(tx) queue, -when it reaches end of packet, it calls vmxnet3_complete_packet. -In that local 'txcq_descr' object is not initialised, which could -leak host memory bytes a guest. - -Reported-by: Li Qiang -Signed-off-by: Prasad J Pandit -Reviewed-by: Dmitry Fleytman -Signed-off-by: Jason Wang -(cherry picked from commit fdda170e50b8af062cf5741e12c4fb5e57a2eacf) -[BR: CVE-2016-6836 BSC#994760] -Signed-off-by: Bruce Rogers ---- - hw/net/vmxnet3.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c -index 90f6943..92f6af9 100644 ---- a/hw/net/vmxnet3.c -+++ b/hw/net/vmxnet3.c -@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int qidx, uint32_t tx_ridx) - - VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring); - -+ memset(&txcq_descr, 0, sizeof(txcq_descr)); - txcq_descr.txdIdx = tx_ridx; - txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring); - diff --git a/0063-audio-ac97-add-exit-function.patch b/0063-audio-ac97-add-exit-function.patch new file mode 100644 index 00000000..c0a2d468 --- /dev/null +++ b/0063-audio-ac97-add-exit-function.patch @@ -0,0 +1,52 @@ +From ebc039becfc5a4506ae0d4962cd87ce1bf5163bc Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Wed, 14 Dec 2016 18:30:21 -0800 +Subject: [PATCH] audio: ac97: add exit function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Currently the ac97 device emulation doesn't have a exit function, +hot unplug this device will leak some memory. Add a exit function to +avoid this. + +Signed-off-by: Li Qiang +Reviewed-by: Marc-André Lureau +Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 12351a91da97b414eec8cdb09f1d9f41e535a401) +[BR: CVE-2017-5525 BSC#1020491] +Signed-off-by: Bruce Rogers +--- + hw/audio/ac97.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c +index cbd959e0bd..c30657501c 100644 +--- a/hw/audio/ac97.c ++++ b/hw/audio/ac97.c +@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp) + ac97_on_reset (&s->dev.qdev); + } + ++static void ac97_exit(PCIDevice *dev) ++{ ++ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev); ++ ++ AUD_close_in(&s->card, s->voice_pi); ++ AUD_close_out(&s->card, s->voice_po); ++ AUD_close_in(&s->card, s->voice_mc); ++ AUD_remove_card(&s->card); ++} ++ + static int ac97_init (PCIBus *bus) + { + pci_create_simple (bus, -1, "AC97"); +@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data) + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); + + k->realize = ac97_realize; ++ k->exit = ac97_exit; + k->vendor_id = PCI_VENDOR_ID_INTEL; + k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5; + k->revision = 0x01; diff --git a/0063-net-rtl8139-limit-processing-of-rin.patch b/0063-net-rtl8139-limit-processing-of-rin.patch deleted file mode 100644 index 088cb933..00000000 --- a/0063-net-rtl8139-limit-processing-of-rin.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 854b5adf363ebfb07ad0134079401d62cdf25b77 Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Fri, 21 Oct 2016 17:39:29 +0530 -Subject: [PATCH] net: rtl8139: limit processing of ring descriptors - -RTL8139 ethernet controller in C+ mode supports multiple -descriptor rings, each with maximum of 64 descriptors. While -processing transmit descriptor ring in 'rtl8139_cplus_transmit', -it does not limit the descriptor count and runs forever. Add -check to avoid it. - -Reported-by: Andrew Henderson -Signed-off-by: Prasad J Pandit -Signed-off-by: Jason Wang -(cherry picked from commit c7c35916692fe010fef25ac338443d3fe40be225) -[BR: CVE-2016-8910 BSC#1006538] -Signed-off-by: Bruce Rogers ---- - hw/net/rtl8139.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c -index 3345bc6..f05e59c 100644 ---- a/hw/net/rtl8139.c -+++ b/hw/net/rtl8139.c -@@ -2350,7 +2350,7 @@ static void rtl8139_cplus_transmit(RTL8139State *s) - { - int txcount = 0; - -- while (rtl8139_cplus_transmit_one(s)) -+ while (txcount < 64 && rtl8139_cplus_transmit_one(s)) - { - ++txcount; - } diff --git a/0064-audio-intel-hda-check-stream-entry-.patch b/0064-audio-intel-hda-check-stream-entry-.patch deleted file mode 100644 index b17502bd..00000000 --- a/0064-audio-intel-hda-check-stream-entry-.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 1f01b4d6f3d3acc6d0fd5e809b0de4547f4815cc Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit -Date: Thu, 20 Oct 2016 13:10:24 +0530 -Subject: [PATCH] audio: intel-hda: check stream entry count during transfer - -Intel HDA emulator uses stream of buffers during DMA data -transfers. Each entry has buffer length and buffer pointer -position, which are used to derive bytes to 'copy'. If this -length and buffer pointer were to be same, 'copy' could be -set to zero(0), leading to an infinite loop. Add check to -avoid it. - -Reported-by: Huawei PSIRT -Signed-off-by: Prasad J Pandit -Reviewed-by: Stefan Hajnoczi -Message-id: 1476949224-6865-1-git-send-email-ppandit@redhat.com -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 0c0fc2b5fd534786051889459848764edd798050) -[BR: CVE-2016-8909 BSC#1006536] -Signed-off-by: Bruce Rogers ---- - hw/audio/intel-hda.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c -index cd95340..537face 100644 ---- a/hw/audio/intel-hda.c -+++ b/hw/audio/intel-hda.c -@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output, - } - - left = len; -- while (left > 0) { -+ s = st->bentries; -+ while (left > 0 && s-- > 0) { - copy = left; - if (copy > st->bsize - st->lpib) - copy = st->bsize - st->lpib; diff --git a/0064-megasas-fix-guest-triggered-memory-.patch b/0064-megasas-fix-guest-triggered-memory-.patch new file mode 100644 index 00000000..864ab9b9 --- /dev/null +++ b/0064-megasas-fix-guest-triggered-memory-.patch @@ -0,0 +1,64 @@ +From 27db53c8bdbb318eef77b9ac01ea02e6b0cd0b02 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 2 Jan 2017 11:03:33 +0100 +Subject: [PATCH] megasas: fix guest-triggered memory leak + +If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd +will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory. +Avoid this by returning only the status from map_dcmd, and loading +cmd->iov_size in the caller. + +Reported-by: Li Qiang +Signed-off-by: Paolo Bonzini +(cherry picked from commit 765a707000e838c30b18d712fe6cb3dd8e0435f3) +[BR: CVE-2017-5856 BSC#1023053] +Signed-off-by: Bruce Rogers +--- + hw/scsi/megasas.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 67fc1e7893..6233865494 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd) + trace_megasas_dcmd_invalid_sge(cmd->index, + cmd->frame->header.sge_count); + cmd->iov_size = 0; +- return -1; ++ return -EINVAL; + } + iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl); + iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl); + pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1); + qemu_sglist_add(&cmd->qsg, iov_pa, iov_size); + cmd->iov_size = iov_size; +- return cmd->iov_size; ++ return 0; + } + + static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size) +@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t { + + static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) + { +- int opcode, len; ++ int opcode; + int retval = 0; ++ size_t len; + const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; + + opcode = le32_to_cpu(cmd->frame->dcmd.opcode); + trace_megasas_handle_dcmd(cmd->index, opcode); +- len = megasas_map_dcmd(s, cmd); +- if (len < 0) { ++ if (megasas_map_dcmd(s, cmd) < 0) { + return MFI_STAT_MEMORY_NOT_AVAILABLE; + } + while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { + cmdptr++; + } ++ len = cmd->iov_size; + if (cmdptr->opcode == -1) { + trace_megasas_dcmd_unhandled(cmd->index, opcode, len); + retval = megasas_dcmd_dummy(s, cmd); diff --git a/0065-cirrus-handle-negative-pitch-in-cir.patch b/0065-cirrus-handle-negative-pitch-in-cir.patch new file mode 100644 index 00000000..b45da758 --- /dev/null +++ b/0065-cirrus-handle-negative-pitch-in-cir.patch @@ -0,0 +1,49 @@ +From 3f442b06232be126e08d9207e4cac3e3afe0e62d Mon Sep 17 00:00:00 2001 +From: Wolfgang Bumiller +Date: Wed, 25 Jan 2017 14:48:57 +0100 +Subject: [PATCH] cirrus: handle negative pitch in cirrus_invalidate_region() + +cirrus_invalidate_region() calls memory_region_set_dirty() +on a per-line basis, always ranging from off_begin to +off_begin+bytesperline. With a negative pitch off_begin +marks the top most used address and thus we need to do an +initial shift backwards by a line for negative pitches of +backward blits, otherwise the first iteration covers the +line going from the start offset forwards instead of +backwards. +Additionally since the start address is inclusive, if we +shift by a full `bytesperline` we move to the first address +*not* included in the blit, so we only shift by one less +than bytesperline. + +Signed-off-by: Wolfgang Bumiller +Message-id: 1485352137-29367-1-git-send-email-w.bumiller@proxmox.com + +[ kraxel: codestyle fixes ] + +Signed-off-by: Gerd Hoffmann +(cherry picked from commit f153b563f8cf121aebf5a2fff5f0110faf58ccb3) +Signed-off-by: Bruce Rogers +--- + hw/display/cirrus_vga.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index 379910db2d..0f05e4596e 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -661,9 +661,14 @@ static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin, + int off_cur; + int off_cur_end; + ++ if (off_pitch < 0) { ++ off_begin -= bytesperline - 1; ++ } ++ + for (y = 0; y < lines; y++) { + off_cur = off_begin; + off_cur_end = (off_cur + bytesperline) & s->cirrus_addr_mask; ++ assert(off_cur_end >= off_cur); + memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - off_cur); + off_begin += off_pitch; + } diff --git a/0065-virtio-gpu-fix-memory-leak-in-virti.patch b/0065-virtio-gpu-fix-memory-leak-in-virti.patch deleted file mode 100644 index f625395d..00000000 --- a/0065-virtio-gpu-fix-memory-leak-in-virti.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 6562305928517bbc5b2a4525b8baddb58a510666 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Sun, 18 Sep 2016 19:07:11 -0700 -Subject: [PATCH] virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In virtio gpu resource create dispatch, if the pixman format is zero -it doesn't free the resource object allocated previously. Thus leading -a host memory leak issue. This patch avoid this. - -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-id: 57df486e.8379240a.c3620.ff81@mx.google.com -Signed-off-by: Gerd Hoffmann -(cherry picked from commit cb3a0522b694cc5bb6424497b3f828ccd28fd1dd) -[BR: CVE-2016-7994 BSC#1003613] -Signed-off-by: Bruce Rogers ---- - hw/display/virtio-gpu.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c -index 7fe6ed8..5b6d17b 100644 ---- a/hw/display/virtio-gpu.c -+++ b/hw/display/virtio-gpu.c -@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g, - qemu_log_mask(LOG_GUEST_ERROR, - "%s: host couldn't handle guest format %d\n", - __func__, c2d.format); -+ g_free(res); - cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; - return; - } diff --git a/0066-9pfs-fix-integer-overflow-issue-in-.patch b/0066-9pfs-fix-integer-overflow-issue-in-.patch deleted file mode 100644 index b8fe18ac..00000000 --- a/0066-9pfs-fix-integer-overflow-issue-in-.patch +++ /dev/null @@ -1,92 +0,0 @@ -From a3ada2d4bae5bd45ca8751f47fe59f71cf7355e7 Mon Sep 17 00:00:00 2001 -From: Li Qiang -Date: Tue, 1 Nov 2016 12:00:40 +0100 -Subject: [PATCH] 9pfs: fix integer overflow issue in xattr read/write -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest -originated offset: they must ensure this offset does not go beyond -the size of the extended attribute that was set in v9fs_xattrcreate(). -Unfortunately, the current code implement these checks with unsafe -calculations on 32 and 64 bit values, which may allow a malicious -guest to cause OOB access anyway. - -Fix this by comparing the offset and the xattr size, which are -both uint64_t, before trying to compute the effective number of bytes -to read or write. - -Suggested-by: Greg Kurz -Signed-off-by: Li Qiang -Reviewed-by: Greg Kurz -Reviewed-By: Guido Günther -Signed-off-by: Greg Kurz -(cherry picked from commit 7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6) -[BR: CVE-2016-9104 BSC#1007493] -Signed-off-by: Bruce Rogers ---- - hw/9pfs/9p.c | 32 ++++++++++++-------------------- - 1 file changed, 12 insertions(+), 20 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index af07846..fc4f2cd 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -1628,20 +1628,17 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, - { - ssize_t err; - size_t offset = 7; -- int read_count; -- int64_t xattr_len; -+ uint64_t read_count; - V9fsVirtioState *v = container_of(s, V9fsVirtioState, state); - VirtQueueElement *elem = v->elems[pdu->idx]; - -- xattr_len = fidp->fs.xattr.len; -- read_count = xattr_len - off; -+ if (fidp->fs.xattr.len < off) { -+ read_count = 0; -+ } else { -+ read_count = fidp->fs.xattr.len - off; -+ } - if (read_count > max_count) { - read_count = max_count; -- } else if (read_count < 0) { -- /* -- * read beyond XATTR value -- */ -- read_count = 0; - } - err = pdu_marshal(pdu, offset, "d", read_count); - if (err < 0) { -@@ -1969,23 +1966,18 @@ static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, - { - int i, to_copy; - ssize_t err = 0; -- int write_count; -- int64_t xattr_len; -+ uint64_t write_count; - size_t offset = 7; - - -- xattr_len = fidp->fs.xattr.len; -- write_count = xattr_len - off; -- if (write_count > count) { -- write_count = count; -- } else if (write_count < 0) { -- /* -- * write beyond XATTR value len specified in -- * xattrcreate -- */ -+ if (fidp->fs.xattr.len < off) { - err = -ENOSPC; - goto out; - } -+ write_count = fidp->fs.xattr.len - off; -+ if (write_count > count) { -+ write_count = count; -+ } - err = pdu_marshal(pdu, offset, "d", write_count); - if (err < 0) { - return err; diff --git a/0066-cirrus-fix-blit-address-mask-handli.patch b/0066-cirrus-fix-blit-address-mask-handli.patch new file mode 100644 index 00000000..6229b334 --- /dev/null +++ b/0066-cirrus-fix-blit-address-mask-handli.patch @@ -0,0 +1,103 @@ +From 2d9d5517299f47f6cbc208de10cb54d6e0e3971e Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Wed, 25 Jan 2017 11:09:56 +0100 +Subject: [PATCH] cirrus: fix blit address mask handling + +Apply the cirrus_addr_mask to cirrus_blt_dstaddr and cirrus_blt_srcaddr +right after assigning them, in cirrus_bitblt_start(), instead of having +this all over the place in the cirrus code, and missing a few places. + +Reported-by: Wolfgang Bumiller +Signed-off-by: Gerd Hoffmann +Message-id: 1485338996-17095-1-git-send-email-kraxel@redhat.com +(cherry picked from commit 60cd23e85151525ab26591394c4e7e06fa07d216) +Signed-off-by: Bruce Rogers +--- + hw/display/cirrus_vga.c | 26 +++++++++++++------------- + 1 file changed, 13 insertions(+), 13 deletions(-) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index 0f05e4596e..ef5da7acf7 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -305,14 +305,15 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only) + } + + if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch, +- s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) { ++ s->cirrus_blt_dstaddr)) { + return true; + } + if (dst_only) { + return false; + } ++ + if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch, +- s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) { ++ s->cirrus_blt_srcaddr)) { + return true; + } + +@@ -679,7 +680,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s, + { + uint8_t *dst; + +- dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask); ++ dst = s->vga.vram_ptr + s->cirrus_blt_dstaddr; + + if (blit_is_unsafe(s, false)) + return 0; +@@ -703,7 +704,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop) + return 0; + } + rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; +- rop_func(s, s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), ++ rop_func(s, s->vga.vram_ptr + s->cirrus_blt_dstaddr, + s->cirrus_blt_dstpitch, + s->cirrus_blt_width, s->cirrus_blt_height); + cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, +@@ -721,9 +722,8 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop) + + static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s) + { +- return cirrus_bitblt_common_patterncopy(s, +- s->vga.vram_ptr + ((s->cirrus_blt_srcaddr & ~7) & +- s->cirrus_addr_mask)); ++ return cirrus_bitblt_common_patterncopy(s, s->vga.vram_ptr + ++ (s->cirrus_blt_srcaddr & ~7)); + } + + static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h) +@@ -777,10 +777,8 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h) + if (notify) + graphic_hw_update(s->vga.con); + +- (*s->cirrus_rop) (s, s->vga.vram_ptr + +- (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), +- s->vga.vram_ptr + +- (s->cirrus_blt_srcaddr & s->cirrus_addr_mask), ++ (*s->cirrus_rop) (s, s->vga.vram_ptr + s->cirrus_blt_dstaddr, ++ s->vga.vram_ptr + s->cirrus_blt_srcaddr, + s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch, + s->cirrus_blt_width, s->cirrus_blt_height); + +@@ -831,8 +829,7 @@ static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s) + } else { + /* at least one scan line */ + do { +- (*s->cirrus_rop)(s, s->vga.vram_ptr + +- (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), ++ (*s->cirrus_rop)(s, s->vga.vram_ptr + s->cirrus_blt_dstaddr, + s->cirrus_bltbuf, 0, 0, s->cirrus_blt_width, 1); + cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, 0, + s->cirrus_blt_width, 1); +@@ -951,6 +948,9 @@ static void cirrus_bitblt_start(CirrusVGAState * s) + s->cirrus_blt_modeext = s->vga.gr[0x33]; + blt_rop = s->vga.gr[0x32]; + ++ s->cirrus_blt_dstaddr &= s->cirrus_addr_mask; ++ s->cirrus_blt_srcaddr &= s->cirrus_addr_mask; ++ + #ifdef DEBUG_BITBLT + printf("rop=0x%02x mode=0x%02x modeext=0x%02x w=%d h=%d dpitch=%d spitch=%d daddr=0x%08x saddr=0x%08x writemask=0x%02x\n", + blt_rop, diff --git a/0067-cirrus-fix-oob-access-issue-CVE-201.patch b/0067-cirrus-fix-oob-access-issue-CVE-201.patch new file mode 100644 index 00000000..c02187db --- /dev/null +++ b/0067-cirrus-fix-oob-access-issue-CVE-201.patch @@ -0,0 +1,48 @@ +From 5ac15a00c17d95a440ce99c8154d41a263f96032 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Wed, 1 Feb 2017 09:35:01 +0100 +Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615) + +When doing bitblt copy in backward mode, we should minus the +blt width first just like the adding in the forward mode. This +can avoid the oob access of the front of vga's vram. + +Signed-off-by: Li Qiang + +{ kraxel: with backward blits (negative pitch) addr is the topmost + address, so check it as-is against vram size ] + +Cc: qemu-stable@nongnu.org +Cc: P J P +Cc: Laszlo Ersek +Cc: Paolo Bonzini +Cc: Wolfgang Bumiller +Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106) +Signed-off-by: Gerd Hoffmann +Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com +Reviewed-by: Laszlo Ersek +(cherry picked from commit 62d4c6bd5263bb8413a06c80144fc678df6dfb64) +[BR: CVE-2017-2615 BSC#1023004] +Signed-off-by: Bruce Rogers +--- + hw/display/cirrus_vga.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index ef5da7acf7..aaa46abea4 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -277,10 +277,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, + } + if (pitch < 0) { + int64_t min = addr +- + ((int64_t)s->cirrus_blt_height-1) * pitch; +- int32_t max = addr +- + s->cirrus_blt_width; +- if (min < 0 || max > s->vga.vram_size) { ++ + ((int64_t)s->cirrus_blt_height - 1) * pitch ++ - s->cirrus_blt_width; ++ if (min < -1 || addr >= s->vga.vram_size) { + return true; + } + } else { diff --git a/0068-usb-ccid-check-ccid-apdu-length.patch b/0068-usb-ccid-check-ccid-apdu-length.patch new file mode 100644 index 00000000..68637cd4 --- /dev/null +++ b/0068-usb-ccid-check-ccid-apdu-length.patch @@ -0,0 +1,35 @@ +From 424bd9dd9c5d6959304faead9e81a0f81435b7d4 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit +Date: Fri, 3 Feb 2017 00:52:28 +0530 +Subject: [PATCH] usb: ccid: check ccid apdu length + +CCID device emulator uses Application Protocol Data Units(APDU) +to exchange command and responses to and from the host. +The length in these units couldn't be greater than 65536. Add +check to ensure the same. It'd also avoid potential integer +overflow in emulated_apdu_from_guest. + +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +Message-id: 20170202192228.10847-1-ppandit@redhat.com +Signed-off-by: Gerd Hoffmann +(cherry picked from commit c7dfbf322595ded4e70b626bf83158a9f3807c6a) +[BR: CVE-2017-5898 BSC#1023907] +Signed-off-by: Bruce Rogers +--- + hw/usb/dev-smartcard-reader.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c +index 89e11b68c4..1325ea1659 100644 +--- a/hw/usb/dev-smartcard-reader.c ++++ b/hw/usb/dev-smartcard-reader.c +@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv) + DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__, + recv->hdr.bSeq, len); + ccid_add_pending_answer(s, (CCID_Header *)recv); +- if (s->card) { ++ if (s->card && len <= BULK_OUT_DATA_SIZE) { + ccid_card_apdu_from_guest(s->card, recv->abData, len); + } else { + DPRINTF(s, D_WARN, "warning: discarded apdu\n"); diff --git a/0069-sd-sdhci-check-data-length-during-d.patch b/0069-sd-sdhci-check-data-length-during-d.patch new file mode 100644 index 00000000..a6d35cfa --- /dev/null +++ b/0069-sd-sdhci-check-data-length-during-d.patch @@ -0,0 +1,37 @@ +From f774e0e5e658fb9387c10634e2b880a1657ce2ac Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit +Date: Tue, 7 Feb 2017 18:29:59 +0000 +Subject: [PATCH] sd: sdhci: check data length during dma_memory_read + +While doing multi block SDMA transfer in routine +'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting +index 'begin' and data length 's->data_count' could end up to be same. +This could lead to an OOB access issue. Correct transfer data length +to avoid it. + +Cc: qemu-stable@nongnu.org +Reported-by: Jiang Xin +Signed-off-by: Prasad J Pandit +Reviewed-by: Peter Maydell +Message-id: 20170130064736.9236-1-ppandit@redhat.com +Signed-off-by: Peter Maydell +(cherry picked from commit 42922105beb14c2fc58185ea022b9f72fb5465e9) +[BR: CVE-2017-5667 BSC#1022541] +Signed-off-by: Bruce Rogers +--- + hw/sd/sdhci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index 01fbf228be..5bd5ab6319 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) + boundary_count -= block_size - begin; + } + dma_memory_read(&address_space_memory, s->sdmasysad, +- &s->fifo_buffer[begin], s->data_count); ++ &s->fifo_buffer[begin], s->data_count - begin); + s->sdmasysad += s->data_count - begin; + if (s->data_count == block_size) { + for (n = 0; n < block_size; n++) { diff --git a/0070-virtio-gpu-fix-resource-leak-in-vir.patch b/0070-virtio-gpu-fix-resource-leak-in-vir.patch new file mode 100644 index 00000000..52ed051a --- /dev/null +++ b/0070-virtio-gpu-fix-resource-leak-in-vir.patch @@ -0,0 +1,48 @@ +From cb184e87cf205d6570e5cd34e85dd9a8a72a0afc Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Mon, 23 Jan 2017 11:26:50 +0100 +Subject: [PATCH] virtio-gpu: fix resource leak in virgl_cmd_resource_unref +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the +backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING) +we'll leak memory. + +This patch fixes it for 3d mode, simliar to the 2d mode fix in commit +"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy". + +Reported-by: 李强 +Signed-off-by: Gerd Hoffmann +Message-id: 1485167210-4757-1-git-send-email-kraxel@redhat.com +(cherry picked from commit 5e8e3c4c75c199aa1017db816fca02be2a9f8798) +[BR: CVE-2017-5857 BSC#1023073] +Signed-off-by: Bruce Rogers +--- + hw/display/virtio-gpu-3d.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c +index f96a0c2e59..ecb09d17a1 100644 +--- a/hw/display/virtio-gpu-3d.c ++++ b/hw/display/virtio-gpu-3d.c +@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g, + struct virtio_gpu_ctrl_command *cmd) + { + struct virtio_gpu_resource_unref unref; ++ struct iovec *res_iovs = NULL; ++ int num_iovs = 0; + + VIRTIO_GPU_FILL_CMD(unref); + trace_virtio_gpu_cmd_res_unref(unref.resource_id); + ++ virgl_renderer_resource_detach_iov(unref.resource_id, ++ &res_iovs, ++ &num_iovs); ++ if (res_iovs != NULL && num_iovs != 0) { ++ virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs); ++ } + virgl_renderer_resource_unref(unref.resource_id); + } + diff --git a/0071-cirrus-fix-patterncopy-checks.patch b/0071-cirrus-fix-patterncopy-checks.patch new file mode 100644 index 00000000..6e07fa58 --- /dev/null +++ b/0071-cirrus-fix-patterncopy-checks.patch @@ -0,0 +1,103 @@ +From f369059a4fcc285174c50981fc3fc0b513301aab Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Thu, 9 Feb 2017 14:02:20 +0100 +Subject: [PATCH] cirrus: fix patterncopy checks + +The blit_region_is_unsafe checks don't work correctly for the +patterncopy source. It's a fixed-sized region, which doesn't +depend on cirrus_blt_{width,height}. So go do the check in +cirrus_bitblt_common_patterncopy instead, then tell blit_is_unsafe that +it doesn't need to verify the source. Also handle the case where we +blit from cirrus_bitbuf correctly. + +This patch replaces 5858dd1801883309bdd208d72ddb81c4e9fee30c. + +Security impact: I think for the most part error on the safe side this +time, refusing blits which should have been allowed. + +Only exception is placing the blit source at the end of the video ram, +so cirrus_blt_srcaddr + 256 goes beyond the end of video memory. But +even in that case I'm not fully sure this actually allows read access to +host memory. To trick the commit 5858dd18 security checks one has to +pick very small cirrus_blt_{width,height} values, which in turn implies +only a fraction of the blit source will actually be used. + +Cc: Wolfgang Bumiller +Cc: Dr. David Alan Gilbert +Signed-off-by: Gerd Hoffmann +Reviewed-by: Dr. David Alan Gilbert +Reviewed-by: Wolfgang Bumiller +Reviewed-by: Laurent Vivier +Message-id: 1486645341-5010-1-git-send-email-kraxel@redhat.com +(cherry picked from commit 95280c31cda79bb1d0968afc7b19a220b3a9d986) +Signed-off-by: Bruce Rogers +--- + hw/display/cirrus_vga.c | 36 ++++++++++++++++++++++++++++++------ + 1 file changed, 30 insertions(+), 6 deletions(-) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index aaa46abea4..d214ef74f9 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -674,14 +674,39 @@ static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin, + } + } + +-static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s, +- const uint8_t * src) ++static int cirrus_bitblt_common_patterncopy(CirrusVGAState *s, bool videosrc) + { ++ uint32_t patternsize; + uint8_t *dst; ++ uint8_t *src; + + dst = s->vga.vram_ptr + s->cirrus_blt_dstaddr; + +- if (blit_is_unsafe(s, false)) ++ if (videosrc) { ++ switch (s->vga.get_bpp(&s->vga)) { ++ case 8: ++ patternsize = 64; ++ break; ++ case 15: ++ case 16: ++ patternsize = 128; ++ break; ++ case 24: ++ case 32: ++ default: ++ patternsize = 256; ++ break; ++ } ++ s->cirrus_blt_srcaddr &= ~(patternsize - 1); ++ if (s->cirrus_blt_srcaddr + patternsize > s->vga.vram_size) { ++ return 0; ++ } ++ src = s->vga.vram_ptr + s->cirrus_blt_srcaddr; ++ } else { ++ src = s->cirrus_bltbuf; ++ } ++ ++ if (blit_is_unsafe(s, true)) + return 0; + + (*s->cirrus_rop) (s, dst, src, +@@ -721,8 +746,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop) + + static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s) + { +- return cirrus_bitblt_common_patterncopy(s, s->vga.vram_ptr + +- (s->cirrus_blt_srcaddr & ~7)); ++ return cirrus_bitblt_common_patterncopy(s, true); + } + + static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h) +@@ -821,7 +845,7 @@ static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s) + + if (s->cirrus_srccounter > 0) { + if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) { +- cirrus_bitblt_common_patterncopy(s, s->cirrus_bltbuf); ++ cirrus_bitblt_common_patterncopy(s, false); + the_end: + s->cirrus_srccounter = 0; + cirrus_bitblt_reset(s); diff --git a/0072-cirrus-add-blit_is_unsafe-call-to-c.patch b/0072-cirrus-add-blit_is_unsafe-call-to-c.patch new file mode 100644 index 00000000..406a701d --- /dev/null +++ b/0072-cirrus-add-blit_is_unsafe-call-to-c.patch @@ -0,0 +1,49 @@ +From bd4f41a27f8e53e8c8bf958f44afda915b8fec5c Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Wed, 8 Feb 2017 11:18:36 +0100 +Subject: [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo + (CVE-2017-2620) + +CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination +and blit width, at all. Oops. Fix it. + +Security impact: high. + +The missing blit destination check allows to write to host memory. +Basically same as CVE-2014-8106 for the other blit variants. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 92f2b88cea48c6aeba8de568a45f2ed958f3c298) +[BR: BSC#1024972] +Signed-off-by: Bruce Rogers +--- + hw/display/cirrus_vga.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index d214ef74f9..8bf057de82 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -899,6 +899,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s) + { + int w; + ++ if (blit_is_unsafe(s, true)) { ++ return 0; ++ } ++ + s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC; + s->cirrus_srcptr = &s->cirrus_bltbuf[0]; + s->cirrus_srcptr_end = &s->cirrus_bltbuf[0]; +@@ -924,6 +928,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s) + } + s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height; + } ++ ++ /* the blit_is_unsafe call above should catch this */ ++ assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE); ++ + s->cirrus_srcptr = s->cirrus_bltbuf; + s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch; + cirrus_update_memory_access(s); diff --git a/ipxe-use-gcc6-for-more-compact-code.patch b/ipxe-use-gcc6-for-more-compact-code.patch new file mode 100644 index 00000000..9804ac20 --- /dev/null +++ b/ipxe-use-gcc6-for-more-compact-code.patch @@ -0,0 +1,23 @@ +ipxe: use gcc6 for more compact code + +We have a strict size limit of 64K which needs to be enforced for +pxe-virtio.rom for migration compatibility. The v4.8 gcc compiler +used in SLE12 doesn't produce as compact code as does more recent +gcc compilers, and the pxe-virtio.rom produced with it doesn't fit +in 64K anymore without taking extraordinary efforts. I was unable +to find enough opportunities in the ipxe code and data to reduce +its size, and found that using a more recent compiler would be the +best solution to keeping the rom size within the 64K size limit. + +Signed-Off-By: Bruce Rogers +--- a/src/Makefile ++++ b/src/Makefile +@@ -24,7 +24,7 @@ ECHO := echo + PRINTF := printf + PERL := perl + TRUE := true +-CC := $(CROSS_COMPILE)gcc ++CC := $(CROSS_COMPILE)gcc-6 + CPP := $(CC) -E + AS := $(CROSS_COMPILE)as + LD := $(CROSS_COMPILE)ld diff --git a/kvm_stat.1.gz b/kvm_stat.1.gz new file mode 100644 index 00000000..d09c4a48 --- /dev/null +++ b/kvm_stat.1.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f4fb7d67e248dce8a078518028946473143c7267debe19d9f03ebbe2b3334423 +size 1709 diff --git a/qemu-2.7.0.tar.bz2 b/qemu-2.7.0.tar.bz2 deleted file mode 100644 index 5ce76f93..00000000 --- a/qemu-2.7.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:326e739506ba690daf69fc17bd3913a6c313d9928d743bd8eddb82f403f81e53 -size 26867760 diff --git a/qemu-2.7.0.tar.bz2.sig b/qemu-2.7.0.tar.bz2.sig deleted file mode 100644 index aa7db39c79a744d64725415e56885df5975ed3a0c59e8ad33d621eb7b3961d12..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0RjL91p-&eor3@h2@o?=$bthC5? zujflNjV$bx=pQXkdGY79`M+16&uIplC*O39{YyrB8<0*lqOoTRz|GS{p@D>sW#F;f zWB8M`keUg>U$?@>G-@UAXQ)O zSu%xnfm0k#WuHTs9m672Gmh?yM(ke^x$5rPE3#lMqE!cw77$-b68NKQdY+EbOiYl@ z?izf(L&l^suq)U;wBU+t95PCK?*Yf@11uh~MRhD=ya?5lvT9mxJ|~9D)b0iWyjYCkH1?pa8a0jW&qo4FT*&rip35``>4M>J6BTy`j*ohh5i5l diff --git a/qemu-2.8.0.tar.bz2 b/qemu-2.8.0.tar.bz2 new file mode 100644 index 00000000..c08cee16 --- /dev/null +++ b/qemu-2.8.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dafd5d7f649907b6b617b822692f4c82e60cf29bc0fc58bc2036219b591e5e62 +size 28368517 diff --git a/qemu-2.8.0.tar.bz2.sig b/qemu-2.8.0.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..ed54bb6719980efe4035861b3ae3b13c08cb0fbed3901b2691ec102fba06f5fd GIT binary patch literal 287 zcmV+)0pR|L0UQJX0RjL91p-)EllK4$2@o?=$~?2mplp87gE(gGhUP-Jfd0 zUpAuPet{gYilnxuI8lXwo@unDB`u-|i6x;5&;bL14&VfsTT2zI{aG9HYVAta(*NrT z_p!H2lPE$(PGY~`|H~-}w=~`CYC|D)L!!8bw5N*amW1D&^|;Jh%+W^`SDwog-o%Iq z^BjB4@v+B&sgM&J#n<|u2AD{Z127%i&6Zg5j*yleL6{IXbOK&Whj`A_W+)BMNzMnh zVmaRWL>B4a7mm>YE>}Dp*>z)=EG?v(DJm-UBfqc!bevDg^+S 0013-linux-user-Fake-proc-cpuinfo.patch + 0019-linux-user-XXX-disable-fiemap.patch -> 0014-linux-user-XXX-disable-fiemap.patch + 0020-slirp-nooutgoing.patch -> 0015-slirp-nooutgoing.patch + 0021-vnc-password-file-and-incoming-conn.patch -> 0016-vnc-password-file-and-incoming-conn.patch + 0022-linux-user-use-target_ulong.patch -> 0017-linux-user-use-target_ulong.patch + 0023-block-Add-support-for-DictZip-enabl.patch -> 0018-block-Add-support-for-DictZip-enabl.patch + 0024-block-Add-tar-container-format.patch -> 0019-block-Add-tar-container-format.patch + 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch + 0026-console-add-question-mark-escape-op.patch -> 0021-console-add-question-mark-escape-op.patch + 0027-Make-char-muxer-more-robust-wrt-sma.patch -> 0022-Make-char-muxer-more-robust-wrt-sma.patch + 0028-linux-user-lseek-explicitly-cast-no.patch -> 0023-linux-user-lseek-explicitly-cast-no.patch + 0029-virtfs-proxy-helper-Provide-__u64-f.patch -> 0024-virtfs-proxy-helper-Provide-__u64-f.patch + 0030-configure-Enable-PIE-for-ppc-and-pp.patch -> 0025-configure-Enable-PIE-for-ppc-and-pp.patch + 0031-AIO-Reduce-number-of-threads-for-32.patch -> 0026-AIO-Reduce-number-of-threads-for-32.patch + 0032-dictzip-Fix-on-big-endian-systems.patch -> 0027-dictzip-Fix-on-big-endian-systems.patch + 0033-xen_disk-Add-suse-specific-flush-di.patch -> 0028-xen_disk-Add-suse-specific-flush-di.patch + 0035-qemu-bridge-helper-reduce-security-.patch -> 0029-qemu-bridge-helper-reduce-security-.patch + 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch + 0037-configure-Fix-detection-of-seccomp-.patch -> 0031-configure-Fix-detection-of-seccomp-.patch + 0038-linux-user-properly-test-for-infini.patch -> 0032-linux-user-properly-test-for-infini.patch + 0040-linux-user-remove-all-traces-of-qem.patch -> 0033-linux-user-remove-all-traces-of-qem.patch + 0067-dma-rc4030-limit-interval-timer-rel.patch -> 0034-dma-rc4030-limit-interval-timer-rel.patch + 0068-net-imx-limit-buffer-descriptor-cou.patch -> 0035-net-imx-limit-buffer-descriptor-cou.patch + 0069-roms-Makefile-pass-a-packaging-time.patch -> 0036-roms-Makefile-pass-a-packaging-time.patch +* Patches added: + 0037-Raise-soft-address-space-limit-to-h.patch + 0038-increase-x86_64-physical-bits-to-42.patch + 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch + 0040-i8254-Fix-migration-from-SLE11-SP2.patch + 0041-acpi_piix4-Fix-migration-from-SLE11.patch + 0042-Fix-tigervnc-long-press-issue.patch + 0043-fix-xen-hvm-direct-kernel-boot.patch + 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch + 0045-virtio-gpu-call-cleanup-mapping-fun.patch + 0046-string-input-visitor-Fix-uint64-par.patch + 0047-test-string-input-visitor-Add-int-t.patch + 0048-test-string-input-visitor-Add-uint6.patch + 0049-tests-Add-QOM-property-unit-tests.patch + 0050-tests-Add-scsi-disk-test.patch + 0051-virtio-gpu-fix-information-leak-in-.patch + 0052-display-cirrus-ignore-source-pitch-.patch + ipxe-use-gcc6-for-more-compact-code.patch +* SLE patches dropped (accounted for in above listed changes): + 0002-qemu-0.9.0.cvs-binfmt.patch + 0009-block-vmdk-Support-creation-of-SCSI.patch + 0010-linux-user-add-binfmt-wrapper-for-a.patch + 0011-PPC-KVM-Disable-mmu-notifier-check.patch + 0012-linux-user-fix-segfault-deadlock.patch + 0013-linux-user-binfmt-support-host-bina.patch + 0014-linux-user-Ignore-broken-loop-ioctl.patch + 0015-linux-user-lock-tcg.patch + 0016-linux-user-Run-multi-threaded-code-.patch + 0017-linux-user-lock-tb-flushing-too.patch + 0018-linux-user-Fake-proc-cpuinfo.patch + 0019-linux-user-implement-FS_IOC_GETFLAG.patch + 0020-linux-user-implement-FS_IOC_SETFLAG.patch + 0021-linux-user-XXX-disable-fiemap.patch + 0022-slirp-nooutgoing.patch + 0023-vnc-password-file-and-incoming-conn.patch + 0024-linux-user-add-more-blk-ioctls.patch + 0025-linux-user-use-target_ulong.patch + 0026-block-Add-support-for-DictZip-enabl.patch + 0027-block-Add-tar-container-format.patch + 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch + 0029-console-add-question-mark-escape-op.patch + 0030-Make-char-muxer-more-robust-wrt-sma.patch + 0031-linux-user-lseek-explicitly-cast-no.patch + 0032-virtfs-proxy-helper-Provide-_u64-f.patch + 0033-configure-Enable-PIE-for-ppc-and-pp.patch + 0034-Raise-soft-address-space-limit-to-h.patch + 0035-increase-x86_64-physical-bits-to-42.patch + 0036-vnc-provide-fake-color-map.patch + 0037-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch + 0038-i8254-Fix-migration-from-SLE11-SP2.patch + 0039-acpi_piix4-Fix-migration-from-SLE11.patch + 0040-qtest-Increase-socket-timeout-to-ac.patch + 0041-dictzip-Fix-on-big-endian-systems.patch + 0043-xen_disk-Add-suse-specific-flush-di.patch + 0044-Split-large-discard-requests-from-b.patch + 0045-fix-xen-hvm-direct-kernel-boot.patch + 0046-xen-introduce-dummy-system-device.patch + 0047-xen-write-information-about-support.patch + 0048-xen-add-pvUSB-backend.patch + 0049-xen-move-xen_sysdev-to-xen_backend..patch + 0050-vnc-add-configurable-keyboard-delay.patch + 0051-xen-SUSE-xenlinux-unplug-for-emulat.patch + 0052-configure-add-echo_version-helper.patch + 0053-configure-support-vte-2.91.patch + 0054-scsi-esp-fix-migration.patch + 0055-hw-arm-virt-mark-the-PCIe-host-cont.patch + 0056-xen-when-removing-a-backend-don-t-r.patch + 0057-xen-drain-submit-queue-in-xen-usb-b.patch + 0058-qcow2-avoid-extra-flushes-in-qcow2.patch + 0059-qemu-bridge-helper-reduce-security-.patch + 0060-xen-use-a-common-function-for-pv-an.patch + 0061-xen_platform-unplug-also-SCSI-disks.patch + 0062-virtio-check-vring-descriptor-buffe.patch + 0063-net-vmxnet3-check-for-device_active.patch + 0064-net-vmxnet-initialise-local-tx-desc.patch + 0065-scsi-pvscsi-avoid-infinite-loop-whi.patch + 0066-ARM-KVM-Enable-in-kernel-timers-wit.patch + 0067-hw-net-Fix-a-heap-overflow-in-xlnx..patch + 0068-vmsvga-correct-bitmap-and-pixmap-si.patch + 0069-usb-xhci-fix-memory-leak-in-usb_xhc.patch + 0070-virtio-add-check-for-descriptor-s-m.patch + 0071-net-mcf-limit-buffer-descriptor-cou.patch + 0072-usb-ehci-fix-memory-leak-in-ehci_pr.patch + 0073-xhci-limit-the-number-of-link-trbs-.patch + 0074-9pfs-allocate-space-for-guest-origi.patch + 0075-9pfs-fix-memory-leak-in-v9fs_link.patch + 0076-9pfs-fix-potential-host-memory-leak.patch + 0077-9pfs-fix-memory-leak-in-v9fs_write.patch + 0078-char-serial-check-divider-value-aga.patch + 0079-net-pcnet-check-rx-tx-descriptor-ri.patch + 0080-net-eepro100-fix-memory-leak-in-dev.patch + 0081-net-rocker-set-limit-to-DMA-buffer-.patch + 0082-net-rtl8139-limit-processing-of-rin.patch + 0083-audio-intel-hda-check-stream-entry-.patch + 0084-virtio-gpu-fix-memory-leak-in-virti.patch + 0085-9pfs-fix-integer-overflow-issue-in-.patch + 0086-dma-rc4030-limit-interval-timer-rel.patch + 0087-net-imx-limit-buffer-descriptor-cou.patch + 0088-target-i386-Implement-CPUID-0xB-Ext.patch + 0089-target-i386-present-virtual-L3-cach.patch + 0090-migration-fix-inability-to-save-VM-.patch + 0091-ui-gtk-Fix-a-runtime-warning-on-vte.patch + 0092-gtk-don-t-leak-the-GtkBorder-with-V.patch + 0093-xen-fix-ioreq-handling.patch + 0094-macio-Use-blk_drain-instead-of-blk_.patch + 0095-rbd-Switch-rbd_start_aio-to-byte-ba.patch + 0096-virtio-blk-Release-s-rq-queue-at-sy.patch + 0097-virtio-blk-Remove-stale-comment-abo.patch + 0098-block-reintroduce-bdrv_flush_all.patch + 0099-qemu-use-bdrv_flush_all-for-vm_stop.patch + 0100-block-backend-remove-blkflush_all.patch + 0101-char-fix-missing-return-in-error-pa.patch + 0102-rbd-shift-byte-count-as-a-64-bit-va.patch + 0103-mirror-use-bdrv_drained_begin-bdrv_.patch + 0104-block-curl-Use-BDRV_SECTOR_SIZE.patch + 0105-block-curl-Fix-return-value-from-cu.patch + 0106-block-curl-Remember-all-sockets.patch + 0107-block-curl-Do-not-wait-for-data-bey.patch + 0108-virtio-allow-per-device-class-legac.patch + 0109-virtio-net-mark-VIRTIO_NET_F_GSO-as.patch + 0110-vhost-adapt-vhost_verify_ring_mappi.patch + 0111-ivshmem-Fix-64-bit-memory-bar-confi.patch + 0112-intel_iommu-fix-incorrect-device-in.patch + 0113-9pfs-fix-information-leak-in-xattr-.patch + 0114-9pfs-fix-memory-leak-in-v9fs_xattrc.patch + 0115-net-mcf-check-receive-buffer-size-r.patch + 0116-virtio-gpu-fix-memory-leak-in-updat.patch + 0117-virtio-gpu-fix-information-leak-in-.patch + 0118-9pfs-adjust-the-order-of-resource-c.patch + 0119-9pfs-add-cleanup-operation-in-FileO.patch + 0120-9pfs-add-cleanup-operation-for-hand.patch + 0121-9pfs-add-cleanup-operation-for-prox.patch + 0122-virtio-gpu-call-cleanup-mapping-fun.patch + 0123-string-input-visitor-Fix-uint64-par.patch + 0124-test-string-input-visitor-Add-int-t.patch + 0125-test-string-input-visitor-Add-uint6.patch + 0126-tests-Add-QOM-property-unit-tests.patch + 0127-tests-Add-scsi-disk-test.patch + 0128-usb-ehci-fix-memory-leak-in-ehci_in.patch + 0129-usbredir-free-vm_change_state_handl.patch + 0130-virtio-gpu-fix-information-leak-in-.patch + ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch + ipxe-ath-Fix-building-with-GCC-6.patch + ipxe-efi-fix-garbage-bytes-in-device-path.patch + ipxe-efi-fix-uninitialised-data-in-HII.patch + ipxe-legacy-Fix-building-with-GCC-6.patch + ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch + ipxe-sis190-Fix-building-with-GCC-6.patch + ipxe-skge-Fix-building-with-GCC-6.patch + ipxe-util-v5.24-perl-errors-on-redeclare.patch +- SLE CVE, FATE, and bugzilla references not otherwise listed in + this changelog file. The intent of this list is to indicate that + the fix or feature continues the line of inheritance in the + development stream of this package. The list is intended to + satisfy searches only - refer to the SLE-12-SP2 changelog file + for additional details. +* fate#314468 fate#314497 fate#315125 fate#315467 fate#317015 + fate#317741 fate#317763 fate#318349 fate#319660 fate#319979 + fate#321010 +* bnc#812983 bnc#869026 bnc#869746 bnc#874413 bnc#875582 bnc#875870 + bnc#877642 bnc#877645 bnc#878541 bsc#882405 bsc#886378 bnc#893339 + bnc#893892 bnc#895369 bnc#896726 bnc#897654 bnc#905097 bnc#907805 + bnc#908380 bnc#914521 bsc#924018 bsc#929339 bsc#932267 bsc#932770 + bsc#933981 bsc#936537 bsc#937125 bsc#938344 bsc#940929 bsc#942845 + bsc#943446 bsc#944697 bsc#945404 bsc#945987 bsc#945989 bsc#946020 + bsc#947159 bnc#953518 bsc#954864 bsc#956829 bsc#957162 bsc#958491 + bsc#958917 bsc#959005 bsc#959386 bsc#960334 bsc#960708 bsc#960725 + bsc#960835 bsc#961333 bsc#961556 bsc#961691 bsc#962320 bsc#963782 + bsc#964413 bsc#970791 bsc#974141 bsc#978158 bsc#979473 bsc#982365 + bsc#989655 bsc#991466 bsc#994771 bsc#994774 bsc#996441 bsc#997858 + bsc#999212 + bsc#1001151 bsc#1002116 bsc#1005353 boo#1007263 bsc#1007769 + bsc#1008519 bsc#1009109 bsc#1013285 bsc#1013341 bsc#1013764 + bsc#1013767 bsc#1014109 bsc#1014110 bsc#1014111 bsc#1014112 + bsc#1014256 bsc#1014514 bsc#1014702 bsc#1015169 bsc#1016779 +* CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 + CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-4037 CVE-2015-5154 + CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 + CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 + CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 + CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 + CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 + CVE-2016-6490 CVE-2016-6833 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 + CVE-2016-7161 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 + CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 + CVE-2016-9921 CVE-2016-9922 + ------------------------------------------------------------------- Sat Nov 19 15:24:08 UTC 2016 - brogers@suse.com diff --git a/qemu-linux-user.spec b/qemu-linux-user.spec index aaa6f42a..28f1c729 100644 --- a/qemu-linux-user.spec +++ b/qemu-linux-user.spec @@ -21,9 +21,10 @@ Url: http://www.qemu.org/ Summary: Universal CPU emulator License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT Group: System/Emulators/PC -Version: 2.7.0 +Version: 2.8.0 Release: 0 -Source: http://wiki.qemu.org/download/qemu-2.7.0.tar.bz2 +Source: qemu-2.8.0.tar.bz2 +# Upstream First -- http://wiki.qemu-project.org/Contribute/SubmitAPatch # This patch queue is auto-generated from https://github.com/openSUSE/qemu Patch0001: 0001-XXX-dont-dump-core-on-sigabort.patch Patch0002: 0002-qemu-binfmt-conf-Modify-default-pat.patch @@ -37,68 +38,72 @@ Patch0009: 0009-linux-user-add-binfmt-wrapper-for-a.patch Patch0010: 0010-PPC-KVM-Disable-mmu-notifier-check.patch Patch0011: 0011-linux-user-fix-segfault-deadlock.patch Patch0012: 0012-linux-user-binfmt-support-host-bina.patch -Patch0013: 0013-linux-user-lock-tcg.patch -Patch0014: 0014-linux-user-Run-multi-threaded-code-.patch -Patch0015: 0015-linux-user-lock-tb-flushing-too.patch -Patch0016: 0016-linux-user-Fake-proc-cpuinfo.patch -Patch0017: 0017-linux-user-implement-FS_IOC_GETFLAG.patch -Patch0018: 0018-linux-user-implement-FS_IOC_SETFLAG.patch -Patch0019: 0019-linux-user-XXX-disable-fiemap.patch -Patch0020: 0020-slirp-nooutgoing.patch -Patch0021: 0021-vnc-password-file-and-incoming-conn.patch -Patch0022: 0022-linux-user-use-target_ulong.patch -Patch0023: 0023-block-Add-support-for-DictZip-enabl.patch -Patch0024: 0024-block-Add-tar-container-format.patch -Patch0025: 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -Patch0026: 0026-console-add-question-mark-escape-op.patch -Patch0027: 0027-Make-char-muxer-more-robust-wrt-sma.patch -Patch0028: 0028-linux-user-lseek-explicitly-cast-no.patch -Patch0029: 0029-virtfs-proxy-helper-Provide-__u64-f.patch -Patch0030: 0030-configure-Enable-PIE-for-ppc-and-pp.patch -Patch0031: 0031-AIO-Reduce-number-of-threads-for-32.patch -Patch0032: 0032-dictzip-Fix-on-big-endian-systems.patch -Patch0033: 0033-xen_disk-Add-suse-specific-flush-di.patch -Patch0034: 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch -Patch0035: 0035-qemu-bridge-helper-reduce-security-.patch -Patch0036: 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -Patch0037: 0037-configure-Fix-detection-of-seccomp-.patch -Patch0038: 0038-linux-user-properly-test-for-infini.patch -Patch0039: 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch -Patch0040: 0040-linux-user-remove-all-traces-of-qem.patch -Patch0041: 0041-vmsvga-correct-bitmap-and-pixmap-si.patch -Patch0042: 0042-scsi-mptconfig-fix-an-assert-expres.patch -Patch0043: 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch -Patch0044: 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch -Patch0045: 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch -Patch0046: 0046-scsi-mptsas-use-g_new0-to-allocate-.patch -Patch0047: 0047-scsi-pvscsi-limit-process-IO-loop-t.patch -Patch0048: 0048-virtio-add-check-for-descriptor-s-m.patch -Patch0049: 0049-net-mcf-limit-buffer-descriptor-cou.patch -Patch0050: 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch -Patch0051: 0051-xhci-limit-the-number-of-link-trbs-.patch -Patch0052: 0052-9pfs-allocate-space-for-guest-origi.patch -Patch0053: 0053-9pfs-fix-memory-leak-in-v9fs_link.patch -Patch0054: 0054-9pfs-fix-potential-host-memory-leak.patch -Patch0055: 0055-9pfs-fix-information-leak-in-xattr-.patch -Patch0056: 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch -Patch0057: 0057-9pfs-fix-memory-leak-in-v9fs_write.patch -Patch0058: 0058-char-serial-check-divider-value-aga.patch -Patch0059: 0059-net-pcnet-check-rx-tx-descriptor-ri.patch -Patch0060: 0060-net-eepro100-fix-memory-leak-in-dev.patch -Patch0061: 0061-net-rocker-set-limit-to-DMA-buffer-.patch -Patch0062: 0062-net-vmxnet-initialise-local-tx-desc.patch -Patch0063: 0063-net-rtl8139-limit-processing-of-rin.patch -Patch0064: 0064-audio-intel-hda-check-stream-entry-.patch -Patch0065: 0065-virtio-gpu-fix-memory-leak-in-virti.patch -Patch0066: 0066-9pfs-fix-integer-overflow-issue-in-.patch -Patch0067: 0067-dma-rc4030-limit-interval-timer-rel.patch -Patch0068: 0068-net-imx-limit-buffer-descriptor-cou.patch -Patch0069: 0069-roms-Makefile-pass-a-packaging-time.patch -# Please do not add patches manually here, run update_git.sh. -# this is to make lint happy -Source300: qemu-rpmlintrc +Patch0013: 0013-linux-user-Fake-proc-cpuinfo.patch +Patch0014: 0014-linux-user-XXX-disable-fiemap.patch +Patch0015: 0015-slirp-nooutgoing.patch +Patch0016: 0016-vnc-password-file-and-incoming-conn.patch +Patch0017: 0017-linux-user-use-target_ulong.patch +Patch0018: 0018-block-Add-support-for-DictZip-enabl.patch +Patch0019: 0019-block-Add-tar-container-format.patch +Patch0020: 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch +Patch0021: 0021-console-add-question-mark-escape-op.patch +Patch0022: 0022-Make-char-muxer-more-robust-wrt-sma.patch +Patch0023: 0023-linux-user-lseek-explicitly-cast-no.patch +Patch0024: 0024-virtfs-proxy-helper-Provide-__u64-f.patch +Patch0025: 0025-configure-Enable-PIE-for-ppc-and-pp.patch +Patch0026: 0026-AIO-Reduce-number-of-threads-for-32.patch +Patch0027: 0027-dictzip-Fix-on-big-endian-systems.patch +Patch0028: 0028-xen_disk-Add-suse-specific-flush-di.patch +Patch0029: 0029-qemu-bridge-helper-reduce-security-.patch +Patch0030: 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch +Patch0031: 0031-configure-Fix-detection-of-seccomp-.patch +Patch0032: 0032-linux-user-properly-test-for-infini.patch +Patch0033: 0033-linux-user-remove-all-traces-of-qem.patch +Patch0034: 0034-dma-rc4030-limit-interval-timer-rel.patch +Patch0035: 0035-net-imx-limit-buffer-descriptor-cou.patch +Patch0036: 0036-roms-Makefile-pass-a-packaging-time.patch +Patch0037: 0037-Raise-soft-address-space-limit-to-h.patch +Patch0038: 0038-increase-x86_64-physical-bits-to-42.patch +Patch0039: 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch +Patch0040: 0040-i8254-Fix-migration-from-SLE11-SP2.patch +Patch0041: 0041-acpi_piix4-Fix-migration-from-SLE11.patch +Patch0042: 0042-Fix-tigervnc-long-press-issue.patch +Patch0043: 0043-fix-xen-hvm-direct-kernel-boot.patch +Patch0044: 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch +Patch0045: 0045-virtio-gpu-call-cleanup-mapping-fun.patch +Patch0046: 0046-string-input-visitor-Fix-uint64-par.patch +Patch0047: 0047-test-string-input-visitor-Add-int-t.patch +Patch0048: 0048-test-string-input-visitor-Add-uint6.patch +Patch0049: 0049-tests-Add-QOM-property-unit-tests.patch +Patch0050: 0050-tests-Add-scsi-disk-test.patch +Patch0051: 0051-virtio-gpu-fix-information-leak-in-.patch +Patch0052: 0052-display-cirrus-ignore-source-pitch-.patch +Patch0053: 0053-s390x-kvm-fix-small-race-reboot-vs..patch +Patch0054: 0054-target-s390x-use-qemu-cpu-model-in-.patch +Patch0055: 0055-linux-user-exclude-cpu-model-code-w.patch +Patch0056: 0056-tests-check-path-to-avoid-a-failing.patch +Patch0057: 0057-display-virtio-gpu-3d-check-virgl-c.patch +Patch0058: 0058-watchdog-6300esb-add-exit-function.patch +Patch0059: 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch +Patch0060: 0060-virtio-gpu-fix-memory-leak-in-resou.patch +Patch0061: 0061-virtio-fix-vq-inuse-recalc-after-mi.patch +Patch0062: 0062-audio-es1370-add-exit-function.patch +Patch0063: 0063-audio-ac97-add-exit-function.patch +Patch0064: 0064-megasas-fix-guest-triggered-memory-.patch +Patch0065: 0065-cirrus-handle-negative-pitch-in-cir.patch +Patch0066: 0066-cirrus-fix-blit-address-mask-handli.patch +Patch0067: 0067-cirrus-fix-oob-access-issue-CVE-201.patch +Patch0068: 0068-usb-ccid-check-ccid-apdu-length.patch +Patch0069: 0069-sd-sdhci-check-data-length-during-d.patch +Patch0070: 0070-virtio-gpu-fix-resource-leak-in-vir.patch +Patch0071: 0071-cirrus-fix-patterncopy-checks.patch +Patch0072: 0072-cirrus-add-blit_is_unsafe-call-to-c.patch +# Please do not add QEMU patches manually here. +# Run update_git.sh to regenerate this queue. Source400: update_git.sh +ExcludeArch: s390 BuildRoot: %{_tmppath}/%{name}-%{version}-build +#!BuildIgnore: gcc-PIE BuildRequires: e2fsprogs-devel BuildRequires: fdupes BuildRequires: gcc-c++ @@ -146,7 +151,7 @@ emulations. This can be used together with the OBS build script to run cross-architecture builds. %prep -%setup -q -n qemu-2.7.0 +%setup -q -n qemu-2.8.0 %patch0001 -p1 %patch0002 -p1 %patch0003 -p1 @@ -216,11 +221,15 @@ run cross-architecture builds. %patch0067 -p1 %patch0068 -p1 %patch0069 -p1 +%patch0070 -p1 +%patch0071 -p1 +%patch0072 -p1 %build ./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \ --libexecdir=%_libexecdir \ --enable-linux-user \ + --disable-stack-protector \ --disable-system \ --disable-tools \ --disable-guest-agent \ @@ -229,7 +238,7 @@ run cross-architecture builds. --without-pixman \ --disable-blobs \ --disable-strip \ - --extra-cflags="$QEMU_OPT_FLAGS" + --extra-cflags="%{optflags}" %if 0%{?suse_version} == 1140 # -lrt needs to come after -lglib-2.0 to avoid undefined clock_gettime sed -i "s/-lglib-2.0/-lglib-2.0 -lrt/" config-host.mak @@ -269,27 +278,27 @@ make %{?_smp_mflags} V=1 %endif %install -make install DESTDIR=$RPM_BUILD_ROOT -rm -fr $RPM_BUILD_ROOT/%_datadir/doc -rm -f $RPM_BUILD_ROOT/%_mandir/man1/qemu.1 -rm -f $RPM_BUILD_ROOT/%_mandir/man1/qemu-img.1 -rm -f $RPM_BUILD_ROOT/%_mandir/man8/qemu-nbd.8 -rm -rf $RPM_BUILD_ROOT/%_datadir/qemu/keymaps -rm -f $RPM_BUILD_ROOT/%_datadir/qemu/trace-events-all -rm -f $RPM_BUILD_ROOT/%_sysconfdir/qemu/target-x86_64.conf -rm -f $RPM_BUILD_ROOT/%_libexecdir/qemu-bridge-helper -install -d -m 755 $RPM_BUILD_ROOT/%_sbindir -install -m 755 scripts/qemu-binfmt-conf.sh $RPM_BUILD_ROOT/%_sbindir +make install DESTDIR=%{buildroot} +%{__rm} -rf %{buildroot}%_datadir/doc +%{__rm} -rf %{buildroot}%_mandir/man1/qemu.1 +%{__rm} -rf %{buildroot}%_mandir/man1/qemu-img.1 +%{__rm} -rf %{buildroot}%_mandir/man8/qemu-nbd.8 +%{__rm} -rf %{buildroot}%_datadir/qemu/keymaps +%{__rm} -rf %{buildroot}%_datadir/qemu/trace-events-all +%{__rm} -rf %{buildroot}%_sysconfdir/qemu/target-x86_64.conf +%{__rm} -rf %{buildroot}%_libexecdir/qemu-bridge-helper +%{__install} -d -m 755 %{buildroot}%_sbindir +%{__install} -m 755 scripts/qemu-binfmt-conf.sh %{buildroot}%_sbindir %ifnarch %ix86 x86_64 -ln -sf ../../../emul/ia32-linux $RPM_BUILD_ROOT/usr/share/qemu/qemu-i386 +ln -sf ../../../emul/ia32-linux %{buildroot}%_datadir/qemu/qemu-i386 %endif %ifnarch ia64 -mkdir -p $RPM_BUILD_ROOT/emul/ia32-linux +%{__mkdir} -p %{buildroot}/emul/ia32-linux %endif -%fdupes -s $RPM_BUILD_ROOT +%fdupes -s %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} +%{__rm} -rf %{buildroot} %files %defattr(-, root, root) @@ -320,7 +329,6 @@ rm -rf ${RPM_BUILD_ROOT} %_bindir/qemu-sparc64 %_bindir/qemu-sparc %_bindir/qemu-tilegx -%_bindir/qemu-unicore32 %_bindir/qemu-x86_64 %_bindir/qemu-*-binfmt %_sbindir/qemu-binfmt-conf.sh @@ -328,8 +336,8 @@ rm -rf ${RPM_BUILD_ROOT} %dir /emul/ia32-linux %endif %ifnarch %ix86 x86_64 -%dir /usr/share/qemu -/usr/share/qemu/qemu-i386 +%dir %_datadir/qemu +%_datadir/qemu/qemu-i386 %endif %changelog diff --git a/qemu-linux-user.spec.in b/qemu-linux-user.spec.in index 3fd87482..2a18b38c 100644 --- a/qemu-linux-user.spec.in +++ b/qemu-linux-user.spec.in @@ -23,14 +23,16 @@ License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT Group: System/Emulators/PC QEMU_VERSION Release: 0 -Source: http://wiki.qemu.org/download/qemu-2.7.0.tar.bz2 +Source: qemu-2.8.0.tar.bz2 +# Upstream First -- http://wiki.qemu-project.org/Contribute/SubmitAPatch # This patch queue is auto-generated from https://github.com/openSUSE/qemu PATCH_FILES -# Please do not add patches manually here, run update_git.sh. -# this is to make lint happy -Source300: qemu-rpmlintrc +# Please do not add QEMU patches manually here. +# Run update_git.sh to regenerate this queue. Source400: update_git.sh +ExcludeArch: s390 BuildRoot: %{_tmppath}/%{name}-%{version}-build +#!BuildIgnore: gcc-PIE BuildRequires: e2fsprogs-devel BuildRequires: fdupes BuildRequires: gcc-c++ @@ -78,13 +80,14 @@ emulations. This can be used together with the OBS build script to run cross-architecture builds. %prep -%setup -q -n qemu-2.7.0 +%setup -q -n qemu-2.8.0 PATCH_EXEC %build ./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \ --libexecdir=%_libexecdir \ --enable-linux-user \ + --disable-stack-protector \ --disable-system \ --disable-tools \ --disable-guest-agent \ @@ -93,7 +96,7 @@ PATCH_EXEC --without-pixman \ --disable-blobs \ --disable-strip \ - --extra-cflags="$QEMU_OPT_FLAGS" + --extra-cflags="%{optflags}" %if 0%{?suse_version} == 1140 # -lrt needs to come after -lglib-2.0 to avoid undefined clock_gettime sed -i "s/-lglib-2.0/-lglib-2.0 -lrt/" config-host.mak @@ -133,27 +136,27 @@ make %{?_smp_mflags} V=1 %endif %install -make install DESTDIR=$RPM_BUILD_ROOT -rm -fr $RPM_BUILD_ROOT/%_datadir/doc -rm -f $RPM_BUILD_ROOT/%_mandir/man1/qemu.1 -rm -f $RPM_BUILD_ROOT/%_mandir/man1/qemu-img.1 -rm -f $RPM_BUILD_ROOT/%_mandir/man8/qemu-nbd.8 -rm -rf $RPM_BUILD_ROOT/%_datadir/qemu/keymaps -rm -f $RPM_BUILD_ROOT/%_datadir/qemu/trace-events-all -rm -f $RPM_BUILD_ROOT/%_sysconfdir/qemu/target-x86_64.conf -rm -f $RPM_BUILD_ROOT/%_libexecdir/qemu-bridge-helper -install -d -m 755 $RPM_BUILD_ROOT/%_sbindir -install -m 755 scripts/qemu-binfmt-conf.sh $RPM_BUILD_ROOT/%_sbindir +make install DESTDIR=%{buildroot} +%{__rm} -rf %{buildroot}%_datadir/doc +%{__rm} -rf %{buildroot}%_mandir/man1/qemu.1 +%{__rm} -rf %{buildroot}%_mandir/man1/qemu-img.1 +%{__rm} -rf %{buildroot}%_mandir/man8/qemu-nbd.8 +%{__rm} -rf %{buildroot}%_datadir/qemu/keymaps +%{__rm} -rf %{buildroot}%_datadir/qemu/trace-events-all +%{__rm} -rf %{buildroot}%_sysconfdir/qemu/target-x86_64.conf +%{__rm} -rf %{buildroot}%_libexecdir/qemu-bridge-helper +%{__install} -d -m 755 %{buildroot}%_sbindir +%{__install} -m 755 scripts/qemu-binfmt-conf.sh %{buildroot}%_sbindir %ifnarch %ix86 x86_64 -ln -sf ../../../emul/ia32-linux $RPM_BUILD_ROOT/usr/share/qemu/qemu-i386 +ln -sf ../../../emul/ia32-linux %{buildroot}%_datadir/qemu/qemu-i386 %endif %ifnarch ia64 -mkdir -p $RPM_BUILD_ROOT/emul/ia32-linux +%{__mkdir} -p %{buildroot}/emul/ia32-linux %endif -%fdupes -s $RPM_BUILD_ROOT +%fdupes -s %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} +%{__rm} -rf %{buildroot} %files %defattr(-, root, root) @@ -184,7 +187,6 @@ rm -rf ${RPM_BUILD_ROOT} %_bindir/qemu-sparc64 %_bindir/qemu-sparc %_bindir/qemu-tilegx -%_bindir/qemu-unicore32 %_bindir/qemu-x86_64 %_bindir/qemu-*-binfmt %_sbindir/qemu-binfmt-conf.sh @@ -192,8 +194,8 @@ rm -rf ${RPM_BUILD_ROOT} %dir /emul/ia32-linux %endif %ifnarch %ix86 x86_64 -%dir /usr/share/qemu -/usr/share/qemu/qemu-i386 +%dir %_datadir/qemu +%_datadir/qemu/qemu-i386 %endif %changelog diff --git a/qemu-testsuite.changes b/qemu-testsuite.changes index 95b923a4..9dafc3fc 100644 --- a/qemu-testsuite.changes +++ b/qemu-testsuite.changes @@ -1,3 +1,353 @@ +------------------------------------------------------------------- +Wed Mar 1 12:26:56 UTC 2017 - brogers@suse.com + +- Buildignore for the global gcc-PIE, as this package enables PIE + on its own and has troubles if all use it. (meissner@suse.com) + +------------------------------------------------------------------- +Wed Mar 1 03:08:27 UTC 2017 - brogers@suse.com + +- Address various security/stability issues +* Fix OOB access in virito-gpu-3d (CVE-2016-10028 bsc#1017084 + bsc#1016503) + 0057-display-virtio-gpu-3d-check-virgl-c.patch +* Fix DOS in Intel 6300ESB device emulation (CVE-2016-10155 bsc#1021129) + 0058-watchdog-6300esb-add-exit-function.patch +* Fix DOS in virtio-gpu-3d (CVE-2017-5552 bsc#1021195) + 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch +* Fix DOS in virtio-gpu (CVE-2017-5578 bsc#1021481) + 0060-virtio-gpu-fix-memory-leak-in-resou.patch +* Fix cause of infrequent migration failures from bad virtio device + state. (bsc#1020928) + 0061-virtio-fix-vq-inuse-recalc-after-mi.patch +* Fix DOS in es1370 emulated audio device (CVE-2017-5526 bsc#1020589) + 0062-audio-es1370-add-exit-function.patch +* Fix DOS in ac97 emulated audio device (CVE-2017-5525 bsc#1020491) + 0063-audio-ac97-add-exit-function.patch +* Fix DOS in megasas device emulation (CVE-2017-5856 bsc#1023053) + 0064-megasas-fix-guest-triggered-memory-.patch +* Fix various inaccuracies in cirrus vga device emulation + 0065-cirrus-handle-negative-pitch-in-cir.patch + 0066-cirrus-fix-blit-address-mask-handli.patch +* Fix OOB access in cirrus vga emulation (CVE-2017-2615 bsc#1023004) + 0067-cirrus-fix-oob-access-issue-CVE-201.patch +* Fix DOS in usb CCID card device emulator (CVE-2017-5898 bsc#1023907) + 0068-usb-ccid-check-ccid-apdu-length.patch +* Fix OOB access in SDHCI device emulation (CVE-2017-5667 bsc#1022541) + 0069-sd-sdhci-check-data-length-during-d.patch +* Fix DOS in virtio-gpu-3d (CVE-2017-5857 bsc#1023073) + 0070-virtio-gpu-fix-resource-leak-in-vir.patch +* Fix cirrus patterncopy checks + 0071-cirrus-fix-patterncopy-checks.patch +* Fix OOB access in cirrus vga emulation (CVE-2017-2620 bsc#1024972) + 0072-cirrus-add-blit_is_unsafe-call-to-c.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 + +------------------------------------------------------------------- +Thu Feb 23 18:27:35 UTC 2017 - brogers@suse.com + +- Fix name of s390x specific sysctl configuration file to end with + .conf (bsc#1026583) + +------------------------------------------------------------------- +Fri Feb 17 22:05:51 UTC 2017 - brogers@suse.com + +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 +* Check that sysfs path exists before running test which requires + it. This allows qemu-testsuite to succeed in local build service + chroot based package build. + 0056-tests-check-path-to-avoid-a-failing.patch + +------------------------------------------------------------------- +Wed Feb 15 18:31:11 UTC 2017 - brogers@suse.com + +- Factory and SLE12-SP3 got a name change in the dtc devel package: + libfdt1-devel -> libfdt-devel. Adjust our spec file accordingly. + +------------------------------------------------------------------- +Tue Feb 14 17:39:00 UTC 2017 - brogers@suse.com + +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 +* Patches added: + 0055-linux-user-exclude-cpu-model-code-w.patch + +------------------------------------------------------------------- +Thu Feb 2 16:41:55 UTC 2017 - brogers@suse.com + +- Make sure qemu guest agent is usable as soon as qemu-guest-agent + package is installed. The previous post script was still not + doing the job. +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 +* Fix potential hang/crash rebooting s390x guest + 0053-s390x-kvm-fix-small-race-reboot-vs..patch +* Fix s390x linux-user failure since v2.8.0 update + 0054-target-s390x-use-qemu-cpu-model-in-.patch + +------------------------------------------------------------------- +Wed Jan 25 20:57:29 UTC 2017 - brogers@suse.com + +- Merge qemu packages from openSUSE and SUSE SLE releases together + for the v2.8 qemu update. The qemu.changes file is the openSUSE + version with this entry providing CVE, FATE, and bugzilla + references from the SUSE SLE qemu package to date (see below) +- Updated to v2.8.0: See http://wiki.qemu-project.org/ChangeLog/2.8 +* For SUSE SLE-12-SP3, update relates to fate#319684, fate#321331, + fate#321335, fate#321339, fate#321349, fate#321857 +* For best compatibility, qemu-ifup and kvm_stat scripts now owned + by qemu package +* Build ipxe roms with gcc6 to maintain SLE legacy migration + compatibility requirements +* qmp-commands.txt file removed, to resurface in future doc reorganization +* qemu-tech.html file merged into other existing doc +* trace-events renamed to trace-events-all +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 +* Patches dropped (upstream): + 0013-linux-user-lock-tcg.patch + 0014-linux-user-Run-multi-threaded-code-.patch + 0015-linux-user-lock-tb-flushing-too.patch + 0017-linux-user-implement-FS_IOC_GETFLAG.patch + 0018-linux-user-implement-FS_IOC_SETFLAG.patch + 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch + 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch + 0041-vmsvga-correct-bitmap-and-pixmap-si.patch + 0042-scsi-mptconfig-fix-an-assert-expres.patch + 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch + 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch + 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch + 0046-scsi-mptsas-use-g_new0-to-allocate-.patch + 0047-scsi-pvscsi-limit-process-IO-loop-t.patch + 0048-virtio-add-check-for-descriptor-s-m.patch + 0049-net-mcf-limit-buffer-descriptor-cou.patch + 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch + 0051-xhci-limit-the-number-of-link-trbs-.patch + 0052-9pfs-allocate-space-for-guest-origi.patch + 0053-9pfs-fix-memory-leak-in-v9fs_link.patch + 0054-9pfs-fix-potential-host-memory-leak.patch + 0055-9pfs-fix-information-leak-in-xattr-.patch + 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch + 0057-9pfs-fix-memory-leak-in-v9fs_write.patch + 0058-char-serial-check-divider-value-aga.patch + 0059-net-pcnet-check-rx-tx-descriptor-ri.patch + 0060-net-eepro100-fix-memory-leak-in-dev.patch + 0061-net-rocker-set-limit-to-DMA-buffer-.patch + 0062-net-vmxnet-initialise-local-tx-desc.patch + 0063-net-rtl8139-limit-processing-of-rin.patch + 0064-audio-intel-hda-check-stream-entry-.patch + 0065-virtio-gpu-fix-memory-leak-in-virti.patch + 0066-9pfs-fix-integer-overflow-issue-in-.patch + slof_xhci.patch +* Patches renamed: + 0016-linux-user-Fake-proc-cpuinfo.patch -> 0013-linux-user-Fake-proc-cpuinfo.patch + 0019-linux-user-XXX-disable-fiemap.patch -> 0014-linux-user-XXX-disable-fiemap.patch + 0020-slirp-nooutgoing.patch -> 0015-slirp-nooutgoing.patch + 0021-vnc-password-file-and-incoming-conn.patch -> 0016-vnc-password-file-and-incoming-conn.patch + 0022-linux-user-use-target_ulong.patch -> 0017-linux-user-use-target_ulong.patch + 0023-block-Add-support-for-DictZip-enabl.patch -> 0018-block-Add-support-for-DictZip-enabl.patch + 0024-block-Add-tar-container-format.patch -> 0019-block-Add-tar-container-format.patch + 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch + 0026-console-add-question-mark-escape-op.patch -> 0021-console-add-question-mark-escape-op.patch + 0027-Make-char-muxer-more-robust-wrt-sma.patch -> 0022-Make-char-muxer-more-robust-wrt-sma.patch + 0028-linux-user-lseek-explicitly-cast-no.patch -> 0023-linux-user-lseek-explicitly-cast-no.patch + 0029-virtfs-proxy-helper-Provide-__u64-f.patch -> 0024-virtfs-proxy-helper-Provide-__u64-f.patch + 0030-configure-Enable-PIE-for-ppc-and-pp.patch -> 0025-configure-Enable-PIE-for-ppc-and-pp.patch + 0031-AIO-Reduce-number-of-threads-for-32.patch -> 0026-AIO-Reduce-number-of-threads-for-32.patch + 0032-dictzip-Fix-on-big-endian-systems.patch -> 0027-dictzip-Fix-on-big-endian-systems.patch + 0033-xen_disk-Add-suse-specific-flush-di.patch -> 0028-xen_disk-Add-suse-specific-flush-di.patch + 0035-qemu-bridge-helper-reduce-security-.patch -> 0029-qemu-bridge-helper-reduce-security-.patch + 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch + 0037-configure-Fix-detection-of-seccomp-.patch -> 0031-configure-Fix-detection-of-seccomp-.patch + 0038-linux-user-properly-test-for-infini.patch -> 0032-linux-user-properly-test-for-infini.patch + 0040-linux-user-remove-all-traces-of-qem.patch -> 0033-linux-user-remove-all-traces-of-qem.patch + 0067-dma-rc4030-limit-interval-timer-rel.patch -> 0034-dma-rc4030-limit-interval-timer-rel.patch + 0068-net-imx-limit-buffer-descriptor-cou.patch -> 0035-net-imx-limit-buffer-descriptor-cou.patch + 0069-roms-Makefile-pass-a-packaging-time.patch -> 0036-roms-Makefile-pass-a-packaging-time.patch +* Patches added: + 0037-Raise-soft-address-space-limit-to-h.patch + 0038-increase-x86_64-physical-bits-to-42.patch + 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch + 0040-i8254-Fix-migration-from-SLE11-SP2.patch + 0041-acpi_piix4-Fix-migration-from-SLE11.patch + 0042-Fix-tigervnc-long-press-issue.patch + 0043-fix-xen-hvm-direct-kernel-boot.patch + 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch + 0045-virtio-gpu-call-cleanup-mapping-fun.patch + 0046-string-input-visitor-Fix-uint64-par.patch + 0047-test-string-input-visitor-Add-int-t.patch + 0048-test-string-input-visitor-Add-uint6.patch + 0049-tests-Add-QOM-property-unit-tests.patch + 0050-tests-Add-scsi-disk-test.patch + 0051-virtio-gpu-fix-information-leak-in-.patch + 0052-display-cirrus-ignore-source-pitch-.patch + ipxe-use-gcc6-for-more-compact-code.patch +* SLE patches dropped (accounted for in above listed changes): + 0002-qemu-0.9.0.cvs-binfmt.patch + 0009-block-vmdk-Support-creation-of-SCSI.patch + 0010-linux-user-add-binfmt-wrapper-for-a.patch + 0011-PPC-KVM-Disable-mmu-notifier-check.patch + 0012-linux-user-fix-segfault-deadlock.patch + 0013-linux-user-binfmt-support-host-bina.patch + 0014-linux-user-Ignore-broken-loop-ioctl.patch + 0015-linux-user-lock-tcg.patch + 0016-linux-user-Run-multi-threaded-code-.patch + 0017-linux-user-lock-tb-flushing-too.patch + 0018-linux-user-Fake-proc-cpuinfo.patch + 0019-linux-user-implement-FS_IOC_GETFLAG.patch + 0020-linux-user-implement-FS_IOC_SETFLAG.patch + 0021-linux-user-XXX-disable-fiemap.patch + 0022-slirp-nooutgoing.patch + 0023-vnc-password-file-and-incoming-conn.patch + 0024-linux-user-add-more-blk-ioctls.patch + 0025-linux-user-use-target_ulong.patch + 0026-block-Add-support-for-DictZip-enabl.patch + 0027-block-Add-tar-container-format.patch + 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch + 0029-console-add-question-mark-escape-op.patch + 0030-Make-char-muxer-more-robust-wrt-sma.patch + 0031-linux-user-lseek-explicitly-cast-no.patch + 0032-virtfs-proxy-helper-Provide-_u64-f.patch + 0033-configure-Enable-PIE-for-ppc-and-pp.patch + 0034-Raise-soft-address-space-limit-to-h.patch + 0035-increase-x86_64-physical-bits-to-42.patch + 0036-vnc-provide-fake-color-map.patch + 0037-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch + 0038-i8254-Fix-migration-from-SLE11-SP2.patch + 0039-acpi_piix4-Fix-migration-from-SLE11.patch + 0040-qtest-Increase-socket-timeout-to-ac.patch + 0041-dictzip-Fix-on-big-endian-systems.patch + 0043-xen_disk-Add-suse-specific-flush-di.patch + 0044-Split-large-discard-requests-from-b.patch + 0045-fix-xen-hvm-direct-kernel-boot.patch + 0046-xen-introduce-dummy-system-device.patch + 0047-xen-write-information-about-support.patch + 0048-xen-add-pvUSB-backend.patch + 0049-xen-move-xen_sysdev-to-xen_backend..patch + 0050-vnc-add-configurable-keyboard-delay.patch + 0051-xen-SUSE-xenlinux-unplug-for-emulat.patch + 0052-configure-add-echo_version-helper.patch + 0053-configure-support-vte-2.91.patch + 0054-scsi-esp-fix-migration.patch + 0055-hw-arm-virt-mark-the-PCIe-host-cont.patch + 0056-xen-when-removing-a-backend-don-t-r.patch + 0057-xen-drain-submit-queue-in-xen-usb-b.patch + 0058-qcow2-avoid-extra-flushes-in-qcow2.patch + 0059-qemu-bridge-helper-reduce-security-.patch + 0060-xen-use-a-common-function-for-pv-an.patch + 0061-xen_platform-unplug-also-SCSI-disks.patch + 0062-virtio-check-vring-descriptor-buffe.patch + 0063-net-vmxnet3-check-for-device_active.patch + 0064-net-vmxnet-initialise-local-tx-desc.patch + 0065-scsi-pvscsi-avoid-infinite-loop-whi.patch + 0066-ARM-KVM-Enable-in-kernel-timers-wit.patch + 0067-hw-net-Fix-a-heap-overflow-in-xlnx..patch + 0068-vmsvga-correct-bitmap-and-pixmap-si.patch + 0069-usb-xhci-fix-memory-leak-in-usb_xhc.patch + 0070-virtio-add-check-for-descriptor-s-m.patch + 0071-net-mcf-limit-buffer-descriptor-cou.patch + 0072-usb-ehci-fix-memory-leak-in-ehci_pr.patch + 0073-xhci-limit-the-number-of-link-trbs-.patch + 0074-9pfs-allocate-space-for-guest-origi.patch + 0075-9pfs-fix-memory-leak-in-v9fs_link.patch + 0076-9pfs-fix-potential-host-memory-leak.patch + 0077-9pfs-fix-memory-leak-in-v9fs_write.patch + 0078-char-serial-check-divider-value-aga.patch + 0079-net-pcnet-check-rx-tx-descriptor-ri.patch + 0080-net-eepro100-fix-memory-leak-in-dev.patch + 0081-net-rocker-set-limit-to-DMA-buffer-.patch + 0082-net-rtl8139-limit-processing-of-rin.patch + 0083-audio-intel-hda-check-stream-entry-.patch + 0084-virtio-gpu-fix-memory-leak-in-virti.patch + 0085-9pfs-fix-integer-overflow-issue-in-.patch + 0086-dma-rc4030-limit-interval-timer-rel.patch + 0087-net-imx-limit-buffer-descriptor-cou.patch + 0088-target-i386-Implement-CPUID-0xB-Ext.patch + 0089-target-i386-present-virtual-L3-cach.patch + 0090-migration-fix-inability-to-save-VM-.patch + 0091-ui-gtk-Fix-a-runtime-warning-on-vte.patch + 0092-gtk-don-t-leak-the-GtkBorder-with-V.patch + 0093-xen-fix-ioreq-handling.patch + 0094-macio-Use-blk_drain-instead-of-blk_.patch + 0095-rbd-Switch-rbd_start_aio-to-byte-ba.patch + 0096-virtio-blk-Release-s-rq-queue-at-sy.patch + 0097-virtio-blk-Remove-stale-comment-abo.patch + 0098-block-reintroduce-bdrv_flush_all.patch + 0099-qemu-use-bdrv_flush_all-for-vm_stop.patch + 0100-block-backend-remove-blkflush_all.patch + 0101-char-fix-missing-return-in-error-pa.patch + 0102-rbd-shift-byte-count-as-a-64-bit-va.patch + 0103-mirror-use-bdrv_drained_begin-bdrv_.patch + 0104-block-curl-Use-BDRV_SECTOR_SIZE.patch + 0105-block-curl-Fix-return-value-from-cu.patch + 0106-block-curl-Remember-all-sockets.patch + 0107-block-curl-Do-not-wait-for-data-bey.patch + 0108-virtio-allow-per-device-class-legac.patch + 0109-virtio-net-mark-VIRTIO_NET_F_GSO-as.patch + 0110-vhost-adapt-vhost_verify_ring_mappi.patch + 0111-ivshmem-Fix-64-bit-memory-bar-confi.patch + 0112-intel_iommu-fix-incorrect-device-in.patch + 0113-9pfs-fix-information-leak-in-xattr-.patch + 0114-9pfs-fix-memory-leak-in-v9fs_xattrc.patch + 0115-net-mcf-check-receive-buffer-size-r.patch + 0116-virtio-gpu-fix-memory-leak-in-updat.patch + 0117-virtio-gpu-fix-information-leak-in-.patch + 0118-9pfs-adjust-the-order-of-resource-c.patch + 0119-9pfs-add-cleanup-operation-in-FileO.patch + 0120-9pfs-add-cleanup-operation-for-hand.patch + 0121-9pfs-add-cleanup-operation-for-prox.patch + 0122-virtio-gpu-call-cleanup-mapping-fun.patch + 0123-string-input-visitor-Fix-uint64-par.patch + 0124-test-string-input-visitor-Add-int-t.patch + 0125-test-string-input-visitor-Add-uint6.patch + 0126-tests-Add-QOM-property-unit-tests.patch + 0127-tests-Add-scsi-disk-test.patch + 0128-usb-ehci-fix-memory-leak-in-ehci_in.patch + 0129-usbredir-free-vm_change_state_handl.patch + 0130-virtio-gpu-fix-information-leak-in-.patch + ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch + ipxe-ath-Fix-building-with-GCC-6.patch + ipxe-efi-fix-garbage-bytes-in-device-path.patch + ipxe-efi-fix-uninitialised-data-in-HII.patch + ipxe-legacy-Fix-building-with-GCC-6.patch + ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch + ipxe-sis190-Fix-building-with-GCC-6.patch + ipxe-skge-Fix-building-with-GCC-6.patch + ipxe-util-v5.24-perl-errors-on-redeclare.patch +- SLE CVE, FATE, and bugzilla references not otherwise listed in + this changelog file. The intent of this list is to indicate that + the fix or feature continues the line of inheritance in the + development stream of this package. The list is intended to + satisfy searches only - refer to the SLE-12-SP2 changelog file + for additional details. +* fate#314468 fate#314497 fate#315125 fate#315467 fate#317015 + fate#317741 fate#317763 fate#318349 fate#319660 fate#319979 + fate#321010 +* bnc#812983 bnc#869026 bnc#869746 bnc#874413 bnc#875582 bnc#875870 + bnc#877642 bnc#877645 bnc#878541 bsc#882405 bsc#886378 bnc#893339 + bnc#893892 bnc#895369 bnc#896726 bnc#897654 bnc#905097 bnc#907805 + bnc#908380 bnc#914521 bsc#924018 bsc#929339 bsc#932267 bsc#932770 + bsc#933981 bsc#936537 bsc#937125 bsc#938344 bsc#940929 bsc#942845 + bsc#943446 bsc#944697 bsc#945404 bsc#945987 bsc#945989 bsc#946020 + bsc#947159 bnc#953518 bsc#954864 bsc#956829 bsc#957162 bsc#958491 + bsc#958917 bsc#959005 bsc#959386 bsc#960334 bsc#960708 bsc#960725 + bsc#960835 bsc#961333 bsc#961556 bsc#961691 bsc#962320 bsc#963782 + bsc#964413 bsc#970791 bsc#974141 bsc#978158 bsc#979473 bsc#982365 + bsc#989655 bsc#991466 bsc#994771 bsc#994774 bsc#996441 bsc#997858 + bsc#999212 + bsc#1001151 bsc#1002116 bsc#1005353 boo#1007263 bsc#1007769 + bsc#1008519 bsc#1009109 bsc#1013285 bsc#1013341 bsc#1013764 + bsc#1013767 bsc#1014109 bsc#1014110 bsc#1014111 bsc#1014112 + bsc#1014256 bsc#1014514 bsc#1014702 bsc#1015169 bsc#1016779 +* CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 + CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-4037 CVE-2015-5154 + CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 + CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 + CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 + CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 + CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 + CVE-2016-6490 CVE-2016-6833 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 + CVE-2016-7161 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 + CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 + CVE-2016-9921 CVE-2016-9922 + ------------------------------------------------------------------- Fri Jan 13 17:21:25 UTC 2017 - brogers@suse.com diff --git a/qemu-testsuite.spec b/qemu-testsuite.spec index 9b31f2fb..3d08b875 100644 --- a/qemu-testsuite.spec +++ b/qemu-testsuite.spec @@ -16,33 +16,41 @@ # +%define noarch_supported 1110 + %define build_x86_fw_from_source 0 %define build_slof_from_source 0 +%define kvm_available 0 +%define legacy_qemu_kvm 0 + %ifarch %ix86 x86_64 # choice of building all from source or using provided binary x86 blobs %if 0%{?suse_version} >= 1310 %define build_x86_fw_from_source 1 %endif %endif + %ifarch ppc64 %define build_slof_from_source 1 %endif + %ifarch ppc64le %if 0%{?suse_version} > 1320 || 0%{?suse_version} == 1315 %define build_slof_from_source 1 %endif %endif + %ifarch %ix86 x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64 %define kvm_available 1 -%else -%define kvm_available 0 %endif + %ifarch %ix86 x86_64 s390x %define legacy_qemu_kvm 1 -%else -%define legacy_qemu_kvm 0 %endif -%define noarch_supported 1110 + +%if 0%{?suse_version} >= 1210 +%define with_systemd 1 +%endif %ifarch x86_64 %if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && ( 0%{?is_opensuse} == 0 || 0%{?sle_version} > 120100 ) ) @@ -66,6 +74,16 @@ %if 0%{?suse_version} >= 1140 %define with_spice 1 +%else +%ifarch %ix86 x86_64 +%define with_spice 1 +%endif +%endif + +%if 0%( pkg-config --exists 'udev > 190' && echo '1' ) == 01 +%define _udevrulesdir /usr/lib/udev/rules.d +%else +%define _udevrulesdir /lib/udev/rules.d %endif Name: qemu-testsuite @@ -73,10 +91,10 @@ Url: http://www.qemu.org/ Summary: Universal CPU emulator License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT Group: System/Emulators/PC -Version: 2.7.0 +Version: 2.8.0 Release: 0 -Source: http://wiki.qemu.org/download/qemu-2.7.0.tar.bz2 -Source99: http://wiki.qemu.org/download/qemu-2.7.0.tar.bz2.sig +Source: http://wiki.qemu.org/download/qemu-2.8.0.tar.bz2 +Source99: http://wiki.qemu.org/download/qemu-2.8.0.tar.bz2.sig Source1: 80-kvm.rules Source2: qemu-ifup Source3: kvm_stat @@ -87,6 +105,11 @@ Source7: 60-kvm.x86.rules Source8: 80-qemu-ga.rules Source9: qemu-ga.service Source10: kvm.conf +Source11: kvm_stat.1.gz +Source12: supported.x86.txt +Source13: supported.s390.txt +Source14: supported.arm.txt +Source15: supported.ppc.txt # Upstream First -- http://wiki.qemu-project.org/Contribute/SubmitAPatch # This patch queue is auto-generated from https://github.com/openSUSE/qemu Patch0001: 0001-XXX-dont-dump-core-on-sigabort.patch @@ -101,63 +124,66 @@ Patch0009: 0009-linux-user-add-binfmt-wrapper-for-a.patch Patch0010: 0010-PPC-KVM-Disable-mmu-notifier-check.patch Patch0011: 0011-linux-user-fix-segfault-deadlock.patch Patch0012: 0012-linux-user-binfmt-support-host-bina.patch -Patch0013: 0013-linux-user-lock-tcg.patch -Patch0014: 0014-linux-user-Run-multi-threaded-code-.patch -Patch0015: 0015-linux-user-lock-tb-flushing-too.patch -Patch0016: 0016-linux-user-Fake-proc-cpuinfo.patch -Patch0017: 0017-linux-user-implement-FS_IOC_GETFLAG.patch -Patch0018: 0018-linux-user-implement-FS_IOC_SETFLAG.patch -Patch0019: 0019-linux-user-XXX-disable-fiemap.patch -Patch0020: 0020-slirp-nooutgoing.patch -Patch0021: 0021-vnc-password-file-and-incoming-conn.patch -Patch0022: 0022-linux-user-use-target_ulong.patch -Patch0023: 0023-block-Add-support-for-DictZip-enabl.patch -Patch0024: 0024-block-Add-tar-container-format.patch -Patch0025: 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -Patch0026: 0026-console-add-question-mark-escape-op.patch -Patch0027: 0027-Make-char-muxer-more-robust-wrt-sma.patch -Patch0028: 0028-linux-user-lseek-explicitly-cast-no.patch -Patch0029: 0029-virtfs-proxy-helper-Provide-__u64-f.patch -Patch0030: 0030-configure-Enable-PIE-for-ppc-and-pp.patch -Patch0031: 0031-AIO-Reduce-number-of-threads-for-32.patch -Patch0032: 0032-dictzip-Fix-on-big-endian-systems.patch -Patch0033: 0033-xen_disk-Add-suse-specific-flush-di.patch -Patch0034: 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch -Patch0035: 0035-qemu-bridge-helper-reduce-security-.patch -Patch0036: 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -Patch0037: 0037-configure-Fix-detection-of-seccomp-.patch -Patch0038: 0038-linux-user-properly-test-for-infini.patch -Patch0039: 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch -Patch0040: 0040-linux-user-remove-all-traces-of-qem.patch -Patch0041: 0041-vmsvga-correct-bitmap-and-pixmap-si.patch -Patch0042: 0042-scsi-mptconfig-fix-an-assert-expres.patch -Patch0043: 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch -Patch0044: 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch -Patch0045: 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch -Patch0046: 0046-scsi-mptsas-use-g_new0-to-allocate-.patch -Patch0047: 0047-scsi-pvscsi-limit-process-IO-loop-t.patch -Patch0048: 0048-virtio-add-check-for-descriptor-s-m.patch -Patch0049: 0049-net-mcf-limit-buffer-descriptor-cou.patch -Patch0050: 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch -Patch0051: 0051-xhci-limit-the-number-of-link-trbs-.patch -Patch0052: 0052-9pfs-allocate-space-for-guest-origi.patch -Patch0053: 0053-9pfs-fix-memory-leak-in-v9fs_link.patch -Patch0054: 0054-9pfs-fix-potential-host-memory-leak.patch -Patch0055: 0055-9pfs-fix-information-leak-in-xattr-.patch -Patch0056: 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch -Patch0057: 0057-9pfs-fix-memory-leak-in-v9fs_write.patch -Patch0058: 0058-char-serial-check-divider-value-aga.patch -Patch0059: 0059-net-pcnet-check-rx-tx-descriptor-ri.patch -Patch0060: 0060-net-eepro100-fix-memory-leak-in-dev.patch -Patch0061: 0061-net-rocker-set-limit-to-DMA-buffer-.patch -Patch0062: 0062-net-vmxnet-initialise-local-tx-desc.patch -Patch0063: 0063-net-rtl8139-limit-processing-of-rin.patch -Patch0064: 0064-audio-intel-hda-check-stream-entry-.patch -Patch0065: 0065-virtio-gpu-fix-memory-leak-in-virti.patch -Patch0066: 0066-9pfs-fix-integer-overflow-issue-in-.patch -Patch0067: 0067-dma-rc4030-limit-interval-timer-rel.patch -Patch0068: 0068-net-imx-limit-buffer-descriptor-cou.patch -Patch0069: 0069-roms-Makefile-pass-a-packaging-time.patch +Patch0013: 0013-linux-user-Fake-proc-cpuinfo.patch +Patch0014: 0014-linux-user-XXX-disable-fiemap.patch +Patch0015: 0015-slirp-nooutgoing.patch +Patch0016: 0016-vnc-password-file-and-incoming-conn.patch +Patch0017: 0017-linux-user-use-target_ulong.patch +Patch0018: 0018-block-Add-support-for-DictZip-enabl.patch +Patch0019: 0019-block-Add-tar-container-format.patch +Patch0020: 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch +Patch0021: 0021-console-add-question-mark-escape-op.patch +Patch0022: 0022-Make-char-muxer-more-robust-wrt-sma.patch +Patch0023: 0023-linux-user-lseek-explicitly-cast-no.patch +Patch0024: 0024-virtfs-proxy-helper-Provide-__u64-f.patch +Patch0025: 0025-configure-Enable-PIE-for-ppc-and-pp.patch +Patch0026: 0026-AIO-Reduce-number-of-threads-for-32.patch +Patch0027: 0027-dictzip-Fix-on-big-endian-systems.patch +Patch0028: 0028-xen_disk-Add-suse-specific-flush-di.patch +Patch0029: 0029-qemu-bridge-helper-reduce-security-.patch +Patch0030: 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch +Patch0031: 0031-configure-Fix-detection-of-seccomp-.patch +Patch0032: 0032-linux-user-properly-test-for-infini.patch +Patch0033: 0033-linux-user-remove-all-traces-of-qem.patch +Patch0034: 0034-dma-rc4030-limit-interval-timer-rel.patch +Patch0035: 0035-net-imx-limit-buffer-descriptor-cou.patch +Patch0036: 0036-roms-Makefile-pass-a-packaging-time.patch +Patch0037: 0037-Raise-soft-address-space-limit-to-h.patch +Patch0038: 0038-increase-x86_64-physical-bits-to-42.patch +Patch0039: 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch +Patch0040: 0040-i8254-Fix-migration-from-SLE11-SP2.patch +Patch0041: 0041-acpi_piix4-Fix-migration-from-SLE11.patch +Patch0042: 0042-Fix-tigervnc-long-press-issue.patch +Patch0043: 0043-fix-xen-hvm-direct-kernel-boot.patch +Patch0044: 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch +Patch0045: 0045-virtio-gpu-call-cleanup-mapping-fun.patch +Patch0046: 0046-string-input-visitor-Fix-uint64-par.patch +Patch0047: 0047-test-string-input-visitor-Add-int-t.patch +Patch0048: 0048-test-string-input-visitor-Add-uint6.patch +Patch0049: 0049-tests-Add-QOM-property-unit-tests.patch +Patch0050: 0050-tests-Add-scsi-disk-test.patch +Patch0051: 0051-virtio-gpu-fix-information-leak-in-.patch +Patch0052: 0052-display-cirrus-ignore-source-pitch-.patch +Patch0053: 0053-s390x-kvm-fix-small-race-reboot-vs..patch +Patch0054: 0054-target-s390x-use-qemu-cpu-model-in-.patch +Patch0055: 0055-linux-user-exclude-cpu-model-code-w.patch +Patch0056: 0056-tests-check-path-to-avoid-a-failing.patch +Patch0057: 0057-display-virtio-gpu-3d-check-virgl-c.patch +Patch0058: 0058-watchdog-6300esb-add-exit-function.patch +Patch0059: 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch +Patch0060: 0060-virtio-gpu-fix-memory-leak-in-resou.patch +Patch0061: 0061-virtio-fix-vq-inuse-recalc-after-mi.patch +Patch0062: 0062-audio-es1370-add-exit-function.patch +Patch0063: 0063-audio-ac97-add-exit-function.patch +Patch0064: 0064-megasas-fix-guest-triggered-memory-.patch +Patch0065: 0065-cirrus-handle-negative-pitch-in-cir.patch +Patch0066: 0066-cirrus-fix-blit-address-mask-handli.patch +Patch0067: 0067-cirrus-fix-oob-access-issue-CVE-201.patch +Patch0068: 0068-usb-ccid-check-ccid-apdu-length.patch +Patch0069: 0069-sd-sdhci-check-data-length-during-d.patch +Patch0070: 0070-virtio-gpu-fix-resource-leak-in-vir.patch +Patch0071: 0071-cirrus-fix-patterncopy-checks.patch +Patch0072: 0072-cirrus-add-blit_is_unsafe-call-to-c.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -169,6 +195,7 @@ Patch1000: seabios_128kb.patch # ipxe # PATCH-FIX-OPENSUSE ipxe-stable-buildid.patch brogers@suse.com -- reproducible builds Patch1100: ipxe-stable-buildid.patch +Patch1101: ipxe-use-gcc6-for-more-compact-code.patch # sgabios # PATCH-FIX-OPENSUSE sgabios-stable-buildid.patch brogers@suse.com -- reproducible builds @@ -176,22 +203,25 @@ Patch1200: sgabios-stable-buildid.patch %endif %if %{build_slof_from_source} -# SLOF -# PATCH-FIX-UPSTREAM slof_xhci.patch afaerber@suse.de -- XHCI fixes -Patch1300: slof_xhci.patch +# SLOF (Currently no patches) %endif # this is to make lint happy Source300: qemu-rpmlintrc Source302: bridge.conf Source400: update_git.sh +ExcludeArch: s390 +%if "%{name}" == "qemu-testsuite" +ExcludeArch: s390x +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build +#!BuildIgnore: gcc-PIE BuildRequires: SDL-devel %if 0%{?suse_version} >= 1320 BuildRequires: SDL2-devel %endif BuildRequires: alsa-devel -%if 0%{?build_x86_fw_from_source} +%if %{?build_x86_fw_from_source} BuildRequires: binutils-devel %endif BuildRequires: bluez-devel @@ -206,6 +236,9 @@ BuildRequires: iasl BuildRequires: e2fsprogs-devel BuildRequires: fdupes BuildRequires: gcc-c++ +%if %{build_x86_fw_from_source} +BuildRequires: gcc6 +%endif BuildRequires: glib2-devel %if 0%{?suse_version} >= 1310 && 0%{?suse_version} != 1315 BuildRequires: glusterfs-devel @@ -219,7 +252,9 @@ BuildRequires: libaio BuildRequires: libaio-devel BuildRequires: libattr-devel BuildRequires: libbz2-devel +%if 0%{?is_opensuse} BuildRequires: libcacard-devel +%endif BuildRequires: libcap-devel BuildRequires: libcap-ng-devel BuildRequires: libdrm-devel @@ -228,8 +263,12 @@ BuildRequires: libepoxy-devel %endif %if 0%{?suse_version} >= 1310 # 12.3 and earlier don't ship a compatible libfdt; use the bundled one there +%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} > 120200 ) +BuildRequires: libfdt-devel +%else BuildRequires: libfdt1-devel %endif +%endif BuildRequires: libgbm-devel BuildRequires: libgcrypt-devel BuildRequires: libgnutls-devel @@ -237,7 +276,7 @@ BuildRequires: libgnutls-devel BuildRequires: libibverbs-devel %endif %if 0%{?with_rbd} -%if 0%{?is_opensuse} +%if 0%{?is_opensuse} || 0%{?sle_version} > 120100 BuildRequires: librbd-devel %else BuildRequires: ceph-devel @@ -251,7 +290,7 @@ BuildRequires: libjpeg-devel BuildRequires: libnettle-devel %endif %ifarch %ix86 aarch64 -%if 0%{?suse_version} > 1320 +%if 0%{?suse_version} > 1320 || 0%{?suse_version} == 1315 BuildRequires: libnuma-devel %endif %else @@ -284,9 +323,8 @@ BuildRequires: lzo-devel BuildRequires: makeinfo %endif BuildRequires: Mesa-devel -BuildRequires: mozilla-nss-devel BuildRequires: ncurses-devel -%if 0%{?build_x86_fw_from_source} +%if %{?build_x86_fw_from_source} BuildRequires: ovmf-tools %endif BuildRequires: pkgconfig @@ -298,18 +336,12 @@ BuildRequires: snappy-devel %if 0%{?with_spice} BuildRequires: spice-protocol-devel %endif -%if 0%{?suse_version} >= 1210 +%if 0%{?with_systemd} BuildRequires: systemd %{?systemd_requires} -%define with_systemd 1 %endif %if %{kvm_available} BuildRequires: pkgconfig(udev) -%if 0%( pkg-config --exists 'udev > 190' && echo '1' ) == 01 -%define _udevrulesdir /usr/lib/udev/rules.d -%else -%define _udevrulesdir /lib/udev/rules.d -%endif %endif %if 0%{?sles_version} != 11 BuildRequires: usbredir-devel @@ -342,18 +374,17 @@ BuildRequires: qemu-s390 = %version BuildRequires: qemu-tools = %version BuildRequires: qemu-x86 = %version %endif -Requires: /usr/sbin/groupadd -Requires: pwdutils -Requires: timezone +Requires(pre): pwdutils +Requires(post): coreutils %if %{kvm_available} Requires(post): udev %ifarch s390x Requires(post): procps %endif -%if ! %{legacy_qemu_kvm} %if 0%{?suse_version} > 1320 Recommends: kvm_stat -%endif +%else +Recommends: python-curses %endif %endif Recommends: qemu-block-curl @@ -389,7 +420,7 @@ Suggests: qemu-block-ssh %endif Suggests: qemu-extra Suggests: qemu-lang -%if 0%{?with_systemd} +%if 0%{?with_systemd} && 0%{?is_opensuse} Recommends: qemu-ksm = %{version} %endif @@ -399,9 +430,10 @@ efi-pcnet.rom efi-ne2k_pci.rom efi-rtl8139.rom efi-virtio.rom efi-vmxnet3.rom} %endif %define built_firmware_files {bios.bin bios-256k.bin sgabios.bin vgabios.bin \ vgabios-cirrus.bin vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \ -vgabios-qxl.bin optionrom/linuxboot.bin optionrom/multiboot.bin \ -optionrom/kvmvapic.bin pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom \ -pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}} +vgabios-qxl.bin optionrom/linuxboot.bin optionrom/linuxboot_dma.bin \ +optionrom/multiboot.bin optionrom/kvmvapic.bin pxe-e1000.rom pxe-pcnet.rom \ +pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom \ +%{?x86_64_only_b_f_f}} %description QEMU is an extremely well-performing CPU emulator that allows you to @@ -505,10 +537,6 @@ Requires: qemu-s390 = %version %endif Provides: kvm = %version Obsoletes: kvm < %version -%if 0%{?suse_version} > 1320 -Requires: kvm_stat -%endif -Recommends: python-curses %description kvm KVM (Kernel-based Virtual Machine) is virtualization software for Linux. @@ -683,7 +711,7 @@ This sub-package contains the guest agent. %package seabios Summary: X86 BIOS for QEMU Group: System/Emulators/PC -Version: 1.9.3 +Version: 1.10.1 Release: 0 %if 0%{?suse_version} > %{noarch_supported} BuildArch: noarch @@ -697,7 +725,7 @@ is the default BIOS for QEMU. %package vgabios Summary: VGA BIOSes for QEMU Group: System/Emulators/PC -Version: 1.9.3 +Version: 1.10.1 Release: 0 %if 0%{?suse_version} > %{noarch_supported} BuildArch: noarch @@ -739,7 +767,7 @@ Preboot Execution Environment (PXE) ROM support for various emulated network adapters available with QEMU. %endif -%if 0%{?with_systemd} +%if 0%{?with_systemd} && 0%{?is_opensuse} %package ksm Summary: Kernel Samepage Merging services Group: System/Emulators/PC @@ -754,7 +782,7 @@ This package provides a service file for starting and stopping KSM. %endif # !qemu-testsuite %prep -%setup -q -n qemu-2.7.0 +%setup -q -n qemu-2.8.0 %patch0001 -p1 %patch0002 -p1 %patch0003 -p1 @@ -824,6 +852,9 @@ This package provides a service file for starting and stopping KSM. %patch0067 -p1 %patch0068 -p1 %patch0069 -p1 +%patch0070 -p1 +%patch0071 -p1 +%patch0072 -p1 %if %{build_x86_fw_from_source} pushd roms/seabios @@ -831,6 +862,7 @@ pushd roms/seabios popd pushd roms/ipxe %patch1100 -p1 +%patch1101 -p1 popd pushd roms/sgabios %patch1200 -p1 @@ -845,7 +877,6 @@ done %if %{build_slof_from_source} pushd roms/SLOF -%patch1300 -p1 popd rm -f pc-bios/slof.bin %endif @@ -878,6 +909,7 @@ echo '%{version}' > roms/seabios/.version %endif --enable-bzip2 \ --enable-cap-ng \ + --disable-colo \ --enable-coroutine-pool \ --enable-curl \ --enable-curses \ @@ -925,7 +957,7 @@ echo '%{version}' > roms/seabios/.version --enable-lzo \ --disable-netmap \ %ifarch %ix86 aarch64 -%if 0%{?suse_version} > 1320 +%if 0%{?suse_version} > 1320 || 0%{?suse_version} == 1315 --enable-numa \ %else --disable-numa \ @@ -950,6 +982,7 @@ echo '%{version}' > roms/seabios/.version %else --disable-rdma \ %endif + --disable-replication \ --enable-sdl \ %if 0%{?suse_version} >= 1320 --with-sdlabi=2.0 \ @@ -961,7 +994,11 @@ echo '%{version}' > roms/seabios/.version %else --disable-seccomp \ %endif +%if 0%{?is_opensuse} --enable-smartcard \ +%else + --disable-smartcard \ +%endif %if 0%{?suse_version} >= 1310 --enable-snappy \ %else @@ -974,14 +1011,12 @@ echo '%{version}' > roms/seabios/.version %endif --disable-tcmalloc \ --enable-tpm \ -%if 0%{?sles_version} != 11 - --enable-usb-redir \ -%else +%if 0%{?sles_version} == 11 --disable-usb-redir \ +%else + --enable-usb-redir \ %endif - --enable-uuid \ --enable-vde \ - --enable-vhdx \ --enable-vhost-net \ %if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} > 120100 ) --enable-virglrenderer \ @@ -1018,6 +1053,32 @@ make %{?_smp_mflags} -C roms pxerom make %{?_smp_mflags} -C roms efirom %endif make -C roms sgabios +# enforce pxe rom sizes for migration compatability from SLE 11 SP3 forward +# the following need to be > 64K +%define supported_nics_large {e1000 rtl8139} +# the following need to be <= 64K +%define supported_nics_small {virtio} +# Though not required, make unsupported pxe roms migration compatable as well +%define unsupported_nics {eepro100 ne2k_pci pcnet} + +for i in %supported_nics_large %unsupported_nics + do + if test "`stat -c '%s' pc-bios/pxe-$i.rom`" -gt "131072" ; then + echo "pxe rom is too large" + exit 1 + fi + if test "`stat -c '%s' pc-bios/pxe-$i.rom`" -le "65536" ; then + ./roms/ipxe/src/util/padimg.pl pc-bios/pxe-$i.rom -s 65536 -b 255 + echo -ne "SEGMENT OVERAGE\0" >> pc-bios/pxe-$i.rom + fi +done +for i in %supported_nics_small + do + if test "`stat -c '%s' pc-bios/pxe-$i.rom`" -gt "65536" ; then + echo "pxe rom is too large" + exit 1 + fi +done %endif %if %{build_slof_from_source} make %{?_smp_mflags} -C roms slof @@ -1048,7 +1109,6 @@ make tests/qom-test %{?_smp_mflags} V=1 # ... make comes in fresh and has lots of address space (needed for 32bit, bsc#957379) %if 0%{?suse_version} >= 1310 make check-report.html V=1 -install -D -m 644 check-report.html %{buildroot}%{_datadir}/qemu/check-report.html %else make check-report.xml V=1 %endif @@ -1092,18 +1152,26 @@ format=`qemu-img info test.tar | grep "file format:" | cut -d ':' -f 2 | tr -d ' %install %if "%{name}" != "qemu-testsuite" -make install DESTDIR=$RPM_BUILD_ROOT -rm -fr $RPM_BUILD_ROOT/%_datadir/doc +make install DESTDIR=%{buildroot} +rm -fr %{buildroot}%{_datadir}/doc %if ! %{build_x86_fw_from_source} for f in acpi-dsdt.aml bios-256k.bin bios.bin efi-*.rom pxe-*.rom sgabios.bin \ vgabios-cirrus.bin vgabios-qxl.bin vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \ vgabios.bin; do - rm $RPM_BUILD_ROOT/%_datadir/%name/$f + rm %{buildroot}%{_datadir}/%name/$f done %endif # rm -f %{buildroot}%{_datadir}/%{name}/u-boot.e500 -install -D -m 644 %{SOURCE302} $RPM_BUILD_ROOT/%{_sysconfdir}/qemu/bridge.conf %find_lang %name +install -D -m 644 %{SOURCE302} %{buildroot}%{_sysconfdir}/qemu/bridge.conf +install -D -m 755 %{SOURCE2} %{buildroot}/usr/share/qemu/qemu-ifup +install -D -p -m 0644 %{SOURCE8} %{buildroot}%{_udevrulesdir}/80-qemu-ga.rules +%if 0%{?is_opensuse} == 0 +install -D -m 0644 %{SOURCE12} %{buildroot}%{_docdir}/qemu-x86/supported.txt +install -D -m 0644 %{SOURCE13} %{buildroot}%{_docdir}/qemu-s390/supported.txt +install -D -m 0644 %{SOURCE14} %{buildroot}%{_docdir}/qemu-arm/supported.txt +install -D -m 0644 %{SOURCE15} %{buildroot}%{_docdir}/qemu-ppc/supported.txt +%endif %if %{legacy_qemu_kvm} cat > %{buildroot}%{_bindir}/qemu-kvm << 'EOF' #!/bin/sh @@ -1115,21 +1183,30 @@ exec %{_bindir}/qemu-system-x86_64 -machine accel=kvm "$@" %endif EOF chmod 755 %{buildroot}%{_bindir}/qemu-kvm +install -D -m 644 %{SOURCE4} %{buildroot}%{_mandir}/man1/qemu-kvm.1.gz %ifarch s390x mkdir -p %{buildroot}%{_sysconfdir}/sysctl.d -cat > %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x <<- 'EOF' +cat > %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x.conf <<- 'EOF' # To allow KVM to run on s390x, we need to set the sysctl below vm.allocate_pgste = 1 EOF -chmod 644 %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x +chmod 644 %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x.conf +%if 0%{?is_opensuse} == 0 +install -d %{buildroot}%{_docdir}/qemu-kvm +ln -s ../qemu-s390/supported.txt %{buildroot}%{_docdir}/qemu-kvm/kvm-supported.txt +%endif +%else +%if 0%{?is_opensuse} == 0 +install -d %{buildroot}%{_docdir}/qemu-kvm +ln -s ../qemu-x86/supported.txt %{buildroot}%{_docdir}/qemu-kvm/kvm-supported.txt %endif -install -D -m 755 %{SOURCE2} %{buildroot}/usr/share/qemu/qemu-ifup -%if 0%{?suse_version} <= 1320 -install -D -m 755 %{SOURCE3} %{buildroot}%{_bindir}/kvm_stat %endif -install -D -m 644 %{SOURCE4} %{buildroot}%{_mandir}/man1/qemu-kvm.1.gz %endif %if %{kvm_available} +%if 0%{?suse_version} <= 1320 +install -D -m 755 %{SOURCE3} %{buildroot}%{_bindir}/kvm_stat +install -D -m 644 %{SOURCE11} %{buildroot}%{_mandir}/man1/kvm_stat.1.gz +%endif %if 0%{?suse_version} >= 1230 install -D -m 644 %{SOURCE1} %{buildroot}%{_udevrulesdir}/80-kvm.rules %else @@ -1140,15 +1217,16 @@ install -D -m 644 %{SOURCE5} %{buildroot}%{_udevrulesdir}/60-kvm.rules %endif %endif %endif -install -D -p -m 0644 %{SOURCE8} %{buildroot}%{_udevrulesdir}/80-qemu-ga.rules %if 0%{?with_systemd} -install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/ksm.service install -D -p -m 0644 %{SOURCE9} %{buildroot}%{_unitdir}/qemu-ga.service +%if 0%{?is_opensuse} +install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/ksm.service +%endif %ifarch s390x install -D -m 0644 %{SOURCE10} %{buildroot}%{_libexecdir}/modules-load.d/kvm.conf %endif %endif -%fdupes -s $RPM_BUILD_ROOT +%fdupes -s %{buildroot} %else # qemu-testsuite @@ -1174,11 +1252,17 @@ install -D -m 644 check-report.xml %{buildroot}%{_datadir}/qemu/check-report.xml if [ $(stat -L -c "%i" /proc/1/root/) = $(stat -L -c "%i" /) ]; then setfacl --remove-all /dev/kvm &> /dev/null || : %if 0%{?with_systemd} +%ifarch s390x + if [ -c /dev/kvm ]; then + %{_bindir}/chmod 666 /dev/kvm + %{_bindir}/chgrp kvm /dev/kvm + fi +%endif %udev_rules_update - %_bindir/udevadm trigger || : + %_bindir/udevadm trigger -y kvm || : %else /sbin/udevadm control --reload-rules || : - /sbin/udevadm trigger || : + /sbin/udevadm trigger -y kvm || : %endif %ifarch s390x sysctl vm.allocate_pgste=1 || : @@ -1203,15 +1287,15 @@ fi %service_del_preun qemu-ga.service %post guest-agent -if [ "$(readlink -f /proc/1/root)" = "/" ]; then - /sbin/udevadm control --reload-rules || : - /sbin/udevadm trigger || : -fi %service_add_post qemu-ga.service +if [ -e /dev/virtio-ports/org.qemu.guest_agent.0 ]; then + /usr/bin/systemctl start qemu-ga.service || : +fi %postun guest-agent %service_del_postun qemu-ga.service +%if 0%{?is_opensuse} %pre ksm %service_add_pre ksm.service @@ -1224,13 +1308,14 @@ fi %postun ksm %service_del_postun ksm.service %endif +%endif %endif # !qemu-testsuite %files %defattr(-, root, root) %if "%{name}" != "qemu-testsuite" -%doc COPYING COPYING.LIB Changelog README VERSION qemu-doc.html qemu-tech.html +%doc COPYING COPYING.LIB Changelog README VERSION qemu-doc.html %doc %_mandir/man1/qemu.1.gz %dir %_datadir/%name %_datadir/%name/keymaps @@ -1238,15 +1323,19 @@ fi %_datadir/%name/qemu-icon.bmp %_datadir/%name/qemu_logo_no_text.svg %dir %_sysconfdir/%name -%dir %_libdir/%name +%_datadir/%name/qemu-ifup %if %{kvm_available} +%if 0%{?suse_version} <= 1320 +%_bindir/kvm_stat +%doc %_mandir/man1/kvm_stat.1.gz +%endif %if 0%{?suse_version} >= 1230 %{_udevrulesdir}/80-kvm.rules %else %{_udevrulesdir}/60-kvm.rules %endif %ifarch s390x -%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x +%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x.conf %if 0%{?with_systemd} %_libexecdir/modules-load.d/kvm.conf %endif @@ -1261,6 +1350,10 @@ fi %_datadir/%name/linuxboot.bin %_datadir/%name/linuxboot_dma.bin %_datadir/%name/multiboot.bin +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-x86 +%_docdir/qemu-x86/supported.txt +%endif %files ppc %defattr(-, root, root) @@ -1274,16 +1367,29 @@ fi %_datadir/%name/u-boot.e500 %_datadir/%name/bamboo.dtb %_datadir/%name/petalogix-ml605.dtb +%_datadir/%name/skiboot.lid +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-ppc +%_docdir/qemu-ppc/supported.txt +%endif %files s390 %defattr(-, root, root) %_bindir/qemu-system-s390x %_datadir/%name/s390-ccw.img +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-s390 +%_docdir/qemu-s390/supported.txt +%endif %files arm %defattr(-, root, root) %_bindir/qemu-system-arm %_bindir/qemu-system-aarch64 +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-arm +%_docdir/qemu-arm/supported.txt +%endif %files extra %defattr(-, root, root) @@ -1318,30 +1424,34 @@ fi %files kvm %defattr(-,root,root) %_bindir/qemu-kvm -%if 0%{?suse_version} <= 1320 -%_bindir/kvm_stat +%doc %_mandir/man1/qemu-kvm.1.gz +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-kvm +%_docdir/qemu-kvm/kvm-supported.txt %endif -%_datadir/qemu/qemu-ifup -%_mandir/man1/qemu-kvm.1.gz %endif %files block-curl %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-curl.so %files block-dmg %defattr(-, root, root) -%_libdir/%name/block-dmg.so +%dir %_libdir/%name +%_libdir/%name/block-dmg-bz2.so %if 0%{?suse_version} >= 1310 && 0%{?suse_version} != 1315 %files block-gluster %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-gluster.so %endif %if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} > 120100 ) %files block-iscsi %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-iscsi.so %endif @@ -1355,6 +1465,7 @@ fi %if 0%{?suse_version} > 1140 %files block-ssh %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-ssh.so %endif @@ -1364,12 +1475,14 @@ fi %if %{build_x86_fw_from_source} %files seabios %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/bios.bin %_datadir/%name/bios-256k.bin %_datadir/%name/acpi-dsdt.aml %files vgabios %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/vgabios.bin %_datadir/%name/vgabios-cirrus.bin %_datadir/%name/vgabios-qxl.bin @@ -1379,10 +1492,12 @@ fi %files sgabios %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/sgabios.bin %files ipxe %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/pxe-e1000.rom %_datadir/%name/pxe-eepro100.rom %_datadir/%name/pxe-pcnet.rom @@ -1414,7 +1529,6 @@ fi %verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper %dir %_sysconfdir/%name %config %_sysconfdir/%name/bridge.conf -%dir %_libdir/%name %files guest-agent %defattr(-, root, root) @@ -1425,7 +1539,7 @@ fi %endif %{_udevrulesdir}/80-qemu-ga.rules -%if 0%{?with_systemd} +%if 0%{?with_systemd} && 0%{?is_opensuse} %files ksm %defattr(-, root, root) %{_unitdir}/ksm.service diff --git a/qemu.changes b/qemu.changes index 95b923a4..9dafc3fc 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,353 @@ +------------------------------------------------------------------- +Wed Mar 1 12:26:56 UTC 2017 - brogers@suse.com + +- Buildignore for the global gcc-PIE, as this package enables PIE + on its own and has troubles if all use it. (meissner@suse.com) + +------------------------------------------------------------------- +Wed Mar 1 03:08:27 UTC 2017 - brogers@suse.com + +- Address various security/stability issues +* Fix OOB access in virito-gpu-3d (CVE-2016-10028 bsc#1017084 + bsc#1016503) + 0057-display-virtio-gpu-3d-check-virgl-c.patch +* Fix DOS in Intel 6300ESB device emulation (CVE-2016-10155 bsc#1021129) + 0058-watchdog-6300esb-add-exit-function.patch +* Fix DOS in virtio-gpu-3d (CVE-2017-5552 bsc#1021195) + 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch +* Fix DOS in virtio-gpu (CVE-2017-5578 bsc#1021481) + 0060-virtio-gpu-fix-memory-leak-in-resou.patch +* Fix cause of infrequent migration failures from bad virtio device + state. (bsc#1020928) + 0061-virtio-fix-vq-inuse-recalc-after-mi.patch +* Fix DOS in es1370 emulated audio device (CVE-2017-5526 bsc#1020589) + 0062-audio-es1370-add-exit-function.patch +* Fix DOS in ac97 emulated audio device (CVE-2017-5525 bsc#1020491) + 0063-audio-ac97-add-exit-function.patch +* Fix DOS in megasas device emulation (CVE-2017-5856 bsc#1023053) + 0064-megasas-fix-guest-triggered-memory-.patch +* Fix various inaccuracies in cirrus vga device emulation + 0065-cirrus-handle-negative-pitch-in-cir.patch + 0066-cirrus-fix-blit-address-mask-handli.patch +* Fix OOB access in cirrus vga emulation (CVE-2017-2615 bsc#1023004) + 0067-cirrus-fix-oob-access-issue-CVE-201.patch +* Fix DOS in usb CCID card device emulator (CVE-2017-5898 bsc#1023907) + 0068-usb-ccid-check-ccid-apdu-length.patch +* Fix OOB access in SDHCI device emulation (CVE-2017-5667 bsc#1022541) + 0069-sd-sdhci-check-data-length-during-d.patch +* Fix DOS in virtio-gpu-3d (CVE-2017-5857 bsc#1023073) + 0070-virtio-gpu-fix-resource-leak-in-vir.patch +* Fix cirrus patterncopy checks + 0071-cirrus-fix-patterncopy-checks.patch +* Fix OOB access in cirrus vga emulation (CVE-2017-2620 bsc#1024972) + 0072-cirrus-add-blit_is_unsafe-call-to-c.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 + +------------------------------------------------------------------- +Thu Feb 23 18:27:35 UTC 2017 - brogers@suse.com + +- Fix name of s390x specific sysctl configuration file to end with + .conf (bsc#1026583) + +------------------------------------------------------------------- +Fri Feb 17 22:05:51 UTC 2017 - brogers@suse.com + +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 +* Check that sysfs path exists before running test which requires + it. This allows qemu-testsuite to succeed in local build service + chroot based package build. + 0056-tests-check-path-to-avoid-a-failing.patch + +------------------------------------------------------------------- +Wed Feb 15 18:31:11 UTC 2017 - brogers@suse.com + +- Factory and SLE12-SP3 got a name change in the dtc devel package: + libfdt1-devel -> libfdt-devel. Adjust our spec file accordingly. + +------------------------------------------------------------------- +Tue Feb 14 17:39:00 UTC 2017 - brogers@suse.com + +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 +* Patches added: + 0055-linux-user-exclude-cpu-model-code-w.patch + +------------------------------------------------------------------- +Thu Feb 2 16:41:55 UTC 2017 - brogers@suse.com + +- Make sure qemu guest agent is usable as soon as qemu-guest-agent + package is installed. The previous post script was still not + doing the job. +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 +* Fix potential hang/crash rebooting s390x guest + 0053-s390x-kvm-fix-small-race-reboot-vs..patch +* Fix s390x linux-user failure since v2.8.0 update + 0054-target-s390x-use-qemu-cpu-model-in-.patch + +------------------------------------------------------------------- +Wed Jan 25 20:57:29 UTC 2017 - brogers@suse.com + +- Merge qemu packages from openSUSE and SUSE SLE releases together + for the v2.8 qemu update. The qemu.changes file is the openSUSE + version with this entry providing CVE, FATE, and bugzilla + references from the SUSE SLE qemu package to date (see below) +- Updated to v2.8.0: See http://wiki.qemu-project.org/ChangeLog/2.8 +* For SUSE SLE-12-SP3, update relates to fate#319684, fate#321331, + fate#321335, fate#321339, fate#321349, fate#321857 +* For best compatibility, qemu-ifup and kvm_stat scripts now owned + by qemu package +* Build ipxe roms with gcc6 to maintain SLE legacy migration + compatibility requirements +* qmp-commands.txt file removed, to resurface in future doc reorganization +* qemu-tech.html file merged into other existing doc +* trace-events renamed to trace-events-all +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 +* Patches dropped (upstream): + 0013-linux-user-lock-tcg.patch + 0014-linux-user-Run-multi-threaded-code-.patch + 0015-linux-user-lock-tb-flushing-too.patch + 0017-linux-user-implement-FS_IOC_GETFLAG.patch + 0018-linux-user-implement-FS_IOC_SETFLAG.patch + 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch + 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch + 0041-vmsvga-correct-bitmap-and-pixmap-si.patch + 0042-scsi-mptconfig-fix-an-assert-expres.patch + 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch + 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch + 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch + 0046-scsi-mptsas-use-g_new0-to-allocate-.patch + 0047-scsi-pvscsi-limit-process-IO-loop-t.patch + 0048-virtio-add-check-for-descriptor-s-m.patch + 0049-net-mcf-limit-buffer-descriptor-cou.patch + 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch + 0051-xhci-limit-the-number-of-link-trbs-.patch + 0052-9pfs-allocate-space-for-guest-origi.patch + 0053-9pfs-fix-memory-leak-in-v9fs_link.patch + 0054-9pfs-fix-potential-host-memory-leak.patch + 0055-9pfs-fix-information-leak-in-xattr-.patch + 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch + 0057-9pfs-fix-memory-leak-in-v9fs_write.patch + 0058-char-serial-check-divider-value-aga.patch + 0059-net-pcnet-check-rx-tx-descriptor-ri.patch + 0060-net-eepro100-fix-memory-leak-in-dev.patch + 0061-net-rocker-set-limit-to-DMA-buffer-.patch + 0062-net-vmxnet-initialise-local-tx-desc.patch + 0063-net-rtl8139-limit-processing-of-rin.patch + 0064-audio-intel-hda-check-stream-entry-.patch + 0065-virtio-gpu-fix-memory-leak-in-virti.patch + 0066-9pfs-fix-integer-overflow-issue-in-.patch + slof_xhci.patch +* Patches renamed: + 0016-linux-user-Fake-proc-cpuinfo.patch -> 0013-linux-user-Fake-proc-cpuinfo.patch + 0019-linux-user-XXX-disable-fiemap.patch -> 0014-linux-user-XXX-disable-fiemap.patch + 0020-slirp-nooutgoing.patch -> 0015-slirp-nooutgoing.patch + 0021-vnc-password-file-and-incoming-conn.patch -> 0016-vnc-password-file-and-incoming-conn.patch + 0022-linux-user-use-target_ulong.patch -> 0017-linux-user-use-target_ulong.patch + 0023-block-Add-support-for-DictZip-enabl.patch -> 0018-block-Add-support-for-DictZip-enabl.patch + 0024-block-Add-tar-container-format.patch -> 0019-block-Add-tar-container-format.patch + 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch + 0026-console-add-question-mark-escape-op.patch -> 0021-console-add-question-mark-escape-op.patch + 0027-Make-char-muxer-more-robust-wrt-sma.patch -> 0022-Make-char-muxer-more-robust-wrt-sma.patch + 0028-linux-user-lseek-explicitly-cast-no.patch -> 0023-linux-user-lseek-explicitly-cast-no.patch + 0029-virtfs-proxy-helper-Provide-__u64-f.patch -> 0024-virtfs-proxy-helper-Provide-__u64-f.patch + 0030-configure-Enable-PIE-for-ppc-and-pp.patch -> 0025-configure-Enable-PIE-for-ppc-and-pp.patch + 0031-AIO-Reduce-number-of-threads-for-32.patch -> 0026-AIO-Reduce-number-of-threads-for-32.patch + 0032-dictzip-Fix-on-big-endian-systems.patch -> 0027-dictzip-Fix-on-big-endian-systems.patch + 0033-xen_disk-Add-suse-specific-flush-di.patch -> 0028-xen_disk-Add-suse-specific-flush-di.patch + 0035-qemu-bridge-helper-reduce-security-.patch -> 0029-qemu-bridge-helper-reduce-security-.patch + 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch + 0037-configure-Fix-detection-of-seccomp-.patch -> 0031-configure-Fix-detection-of-seccomp-.patch + 0038-linux-user-properly-test-for-infini.patch -> 0032-linux-user-properly-test-for-infini.patch + 0040-linux-user-remove-all-traces-of-qem.patch -> 0033-linux-user-remove-all-traces-of-qem.patch + 0067-dma-rc4030-limit-interval-timer-rel.patch -> 0034-dma-rc4030-limit-interval-timer-rel.patch + 0068-net-imx-limit-buffer-descriptor-cou.patch -> 0035-net-imx-limit-buffer-descriptor-cou.patch + 0069-roms-Makefile-pass-a-packaging-time.patch -> 0036-roms-Makefile-pass-a-packaging-time.patch +* Patches added: + 0037-Raise-soft-address-space-limit-to-h.patch + 0038-increase-x86_64-physical-bits-to-42.patch + 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch + 0040-i8254-Fix-migration-from-SLE11-SP2.patch + 0041-acpi_piix4-Fix-migration-from-SLE11.patch + 0042-Fix-tigervnc-long-press-issue.patch + 0043-fix-xen-hvm-direct-kernel-boot.patch + 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch + 0045-virtio-gpu-call-cleanup-mapping-fun.patch + 0046-string-input-visitor-Fix-uint64-par.patch + 0047-test-string-input-visitor-Add-int-t.patch + 0048-test-string-input-visitor-Add-uint6.patch + 0049-tests-Add-QOM-property-unit-tests.patch + 0050-tests-Add-scsi-disk-test.patch + 0051-virtio-gpu-fix-information-leak-in-.patch + 0052-display-cirrus-ignore-source-pitch-.patch + ipxe-use-gcc6-for-more-compact-code.patch +* SLE patches dropped (accounted for in above listed changes): + 0002-qemu-0.9.0.cvs-binfmt.patch + 0009-block-vmdk-Support-creation-of-SCSI.patch + 0010-linux-user-add-binfmt-wrapper-for-a.patch + 0011-PPC-KVM-Disable-mmu-notifier-check.patch + 0012-linux-user-fix-segfault-deadlock.patch + 0013-linux-user-binfmt-support-host-bina.patch + 0014-linux-user-Ignore-broken-loop-ioctl.patch + 0015-linux-user-lock-tcg.patch + 0016-linux-user-Run-multi-threaded-code-.patch + 0017-linux-user-lock-tb-flushing-too.patch + 0018-linux-user-Fake-proc-cpuinfo.patch + 0019-linux-user-implement-FS_IOC_GETFLAG.patch + 0020-linux-user-implement-FS_IOC_SETFLAG.patch + 0021-linux-user-XXX-disable-fiemap.patch + 0022-slirp-nooutgoing.patch + 0023-vnc-password-file-and-incoming-conn.patch + 0024-linux-user-add-more-blk-ioctls.patch + 0025-linux-user-use-target_ulong.patch + 0026-block-Add-support-for-DictZip-enabl.patch + 0027-block-Add-tar-container-format.patch + 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch + 0029-console-add-question-mark-escape-op.patch + 0030-Make-char-muxer-more-robust-wrt-sma.patch + 0031-linux-user-lseek-explicitly-cast-no.patch + 0032-virtfs-proxy-helper-Provide-_u64-f.patch + 0033-configure-Enable-PIE-for-ppc-and-pp.patch + 0034-Raise-soft-address-space-limit-to-h.patch + 0035-increase-x86_64-physical-bits-to-42.patch + 0036-vnc-provide-fake-color-map.patch + 0037-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch + 0038-i8254-Fix-migration-from-SLE11-SP2.patch + 0039-acpi_piix4-Fix-migration-from-SLE11.patch + 0040-qtest-Increase-socket-timeout-to-ac.patch + 0041-dictzip-Fix-on-big-endian-systems.patch + 0043-xen_disk-Add-suse-specific-flush-di.patch + 0044-Split-large-discard-requests-from-b.patch + 0045-fix-xen-hvm-direct-kernel-boot.patch + 0046-xen-introduce-dummy-system-device.patch + 0047-xen-write-information-about-support.patch + 0048-xen-add-pvUSB-backend.patch + 0049-xen-move-xen_sysdev-to-xen_backend..patch + 0050-vnc-add-configurable-keyboard-delay.patch + 0051-xen-SUSE-xenlinux-unplug-for-emulat.patch + 0052-configure-add-echo_version-helper.patch + 0053-configure-support-vte-2.91.patch + 0054-scsi-esp-fix-migration.patch + 0055-hw-arm-virt-mark-the-PCIe-host-cont.patch + 0056-xen-when-removing-a-backend-don-t-r.patch + 0057-xen-drain-submit-queue-in-xen-usb-b.patch + 0058-qcow2-avoid-extra-flushes-in-qcow2.patch + 0059-qemu-bridge-helper-reduce-security-.patch + 0060-xen-use-a-common-function-for-pv-an.patch + 0061-xen_platform-unplug-also-SCSI-disks.patch + 0062-virtio-check-vring-descriptor-buffe.patch + 0063-net-vmxnet3-check-for-device_active.patch + 0064-net-vmxnet-initialise-local-tx-desc.patch + 0065-scsi-pvscsi-avoid-infinite-loop-whi.patch + 0066-ARM-KVM-Enable-in-kernel-timers-wit.patch + 0067-hw-net-Fix-a-heap-overflow-in-xlnx..patch + 0068-vmsvga-correct-bitmap-and-pixmap-si.patch + 0069-usb-xhci-fix-memory-leak-in-usb_xhc.patch + 0070-virtio-add-check-for-descriptor-s-m.patch + 0071-net-mcf-limit-buffer-descriptor-cou.patch + 0072-usb-ehci-fix-memory-leak-in-ehci_pr.patch + 0073-xhci-limit-the-number-of-link-trbs-.patch + 0074-9pfs-allocate-space-for-guest-origi.patch + 0075-9pfs-fix-memory-leak-in-v9fs_link.patch + 0076-9pfs-fix-potential-host-memory-leak.patch + 0077-9pfs-fix-memory-leak-in-v9fs_write.patch + 0078-char-serial-check-divider-value-aga.patch + 0079-net-pcnet-check-rx-tx-descriptor-ri.patch + 0080-net-eepro100-fix-memory-leak-in-dev.patch + 0081-net-rocker-set-limit-to-DMA-buffer-.patch + 0082-net-rtl8139-limit-processing-of-rin.patch + 0083-audio-intel-hda-check-stream-entry-.patch + 0084-virtio-gpu-fix-memory-leak-in-virti.patch + 0085-9pfs-fix-integer-overflow-issue-in-.patch + 0086-dma-rc4030-limit-interval-timer-rel.patch + 0087-net-imx-limit-buffer-descriptor-cou.patch + 0088-target-i386-Implement-CPUID-0xB-Ext.patch + 0089-target-i386-present-virtual-L3-cach.patch + 0090-migration-fix-inability-to-save-VM-.patch + 0091-ui-gtk-Fix-a-runtime-warning-on-vte.patch + 0092-gtk-don-t-leak-the-GtkBorder-with-V.patch + 0093-xen-fix-ioreq-handling.patch + 0094-macio-Use-blk_drain-instead-of-blk_.patch + 0095-rbd-Switch-rbd_start_aio-to-byte-ba.patch + 0096-virtio-blk-Release-s-rq-queue-at-sy.patch + 0097-virtio-blk-Remove-stale-comment-abo.patch + 0098-block-reintroduce-bdrv_flush_all.patch + 0099-qemu-use-bdrv_flush_all-for-vm_stop.patch + 0100-block-backend-remove-blkflush_all.patch + 0101-char-fix-missing-return-in-error-pa.patch + 0102-rbd-shift-byte-count-as-a-64-bit-va.patch + 0103-mirror-use-bdrv_drained_begin-bdrv_.patch + 0104-block-curl-Use-BDRV_SECTOR_SIZE.patch + 0105-block-curl-Fix-return-value-from-cu.patch + 0106-block-curl-Remember-all-sockets.patch + 0107-block-curl-Do-not-wait-for-data-bey.patch + 0108-virtio-allow-per-device-class-legac.patch + 0109-virtio-net-mark-VIRTIO_NET_F_GSO-as.patch + 0110-vhost-adapt-vhost_verify_ring_mappi.patch + 0111-ivshmem-Fix-64-bit-memory-bar-confi.patch + 0112-intel_iommu-fix-incorrect-device-in.patch + 0113-9pfs-fix-information-leak-in-xattr-.patch + 0114-9pfs-fix-memory-leak-in-v9fs_xattrc.patch + 0115-net-mcf-check-receive-buffer-size-r.patch + 0116-virtio-gpu-fix-memory-leak-in-updat.patch + 0117-virtio-gpu-fix-information-leak-in-.patch + 0118-9pfs-adjust-the-order-of-resource-c.patch + 0119-9pfs-add-cleanup-operation-in-FileO.patch + 0120-9pfs-add-cleanup-operation-for-hand.patch + 0121-9pfs-add-cleanup-operation-for-prox.patch + 0122-virtio-gpu-call-cleanup-mapping-fun.patch + 0123-string-input-visitor-Fix-uint64-par.patch + 0124-test-string-input-visitor-Add-int-t.patch + 0125-test-string-input-visitor-Add-uint6.patch + 0126-tests-Add-QOM-property-unit-tests.patch + 0127-tests-Add-scsi-disk-test.patch + 0128-usb-ehci-fix-memory-leak-in-ehci_in.patch + 0129-usbredir-free-vm_change_state_handl.patch + 0130-virtio-gpu-fix-information-leak-in-.patch + ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch + ipxe-ath-Fix-building-with-GCC-6.patch + ipxe-efi-fix-garbage-bytes-in-device-path.patch + ipxe-efi-fix-uninitialised-data-in-HII.patch + ipxe-legacy-Fix-building-with-GCC-6.patch + ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch + ipxe-sis190-Fix-building-with-GCC-6.patch + ipxe-skge-Fix-building-with-GCC-6.patch + ipxe-util-v5.24-perl-errors-on-redeclare.patch +- SLE CVE, FATE, and bugzilla references not otherwise listed in + this changelog file. The intent of this list is to indicate that + the fix or feature continues the line of inheritance in the + development stream of this package. The list is intended to + satisfy searches only - refer to the SLE-12-SP2 changelog file + for additional details. +* fate#314468 fate#314497 fate#315125 fate#315467 fate#317015 + fate#317741 fate#317763 fate#318349 fate#319660 fate#319979 + fate#321010 +* bnc#812983 bnc#869026 bnc#869746 bnc#874413 bnc#875582 bnc#875870 + bnc#877642 bnc#877645 bnc#878541 bsc#882405 bsc#886378 bnc#893339 + bnc#893892 bnc#895369 bnc#896726 bnc#897654 bnc#905097 bnc#907805 + bnc#908380 bnc#914521 bsc#924018 bsc#929339 bsc#932267 bsc#932770 + bsc#933981 bsc#936537 bsc#937125 bsc#938344 bsc#940929 bsc#942845 + bsc#943446 bsc#944697 bsc#945404 bsc#945987 bsc#945989 bsc#946020 + bsc#947159 bnc#953518 bsc#954864 bsc#956829 bsc#957162 bsc#958491 + bsc#958917 bsc#959005 bsc#959386 bsc#960334 bsc#960708 bsc#960725 + bsc#960835 bsc#961333 bsc#961556 bsc#961691 bsc#962320 bsc#963782 + bsc#964413 bsc#970791 bsc#974141 bsc#978158 bsc#979473 bsc#982365 + bsc#989655 bsc#991466 bsc#994771 bsc#994774 bsc#996441 bsc#997858 + bsc#999212 + bsc#1001151 bsc#1002116 bsc#1005353 boo#1007263 bsc#1007769 + bsc#1008519 bsc#1009109 bsc#1013285 bsc#1013341 bsc#1013764 + bsc#1013767 bsc#1014109 bsc#1014110 bsc#1014111 bsc#1014112 + bsc#1014256 bsc#1014514 bsc#1014702 bsc#1015169 bsc#1016779 +* CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 + CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-4037 CVE-2015-5154 + CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 + CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 + CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 + CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 + CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 + CVE-2016-6490 CVE-2016-6833 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 + CVE-2016-7161 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 + CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 + CVE-2016-9921 CVE-2016-9922 + ------------------------------------------------------------------- Fri Jan 13 17:21:25 UTC 2017 - brogers@suse.com diff --git a/qemu.spec b/qemu.spec index e6b1fe81..8923cdcc 100644 --- a/qemu.spec +++ b/qemu.spec @@ -16,33 +16,41 @@ # +%define noarch_supported 1110 + %define build_x86_fw_from_source 0 %define build_slof_from_source 0 +%define kvm_available 0 +%define legacy_qemu_kvm 0 + %ifarch %ix86 x86_64 # choice of building all from source or using provided binary x86 blobs %if 0%{?suse_version} >= 1310 %define build_x86_fw_from_source 1 %endif %endif + %ifarch ppc64 %define build_slof_from_source 1 %endif + %ifarch ppc64le %if 0%{?suse_version} > 1320 || 0%{?suse_version} == 1315 %define build_slof_from_source 1 %endif %endif + %ifarch %ix86 x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64 %define kvm_available 1 -%else -%define kvm_available 0 %endif + %ifarch %ix86 x86_64 s390x %define legacy_qemu_kvm 1 -%else -%define legacy_qemu_kvm 0 %endif -%define noarch_supported 1110 + +%if 0%{?suse_version} >= 1210 +%define with_systemd 1 +%endif %ifarch x86_64 %if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && ( 0%{?is_opensuse} == 0 || 0%{?sle_version} > 120100 ) ) @@ -66,6 +74,16 @@ %if 0%{?suse_version} >= 1140 %define with_spice 1 +%else +%ifarch %ix86 x86_64 +%define with_spice 1 +%endif +%endif + +%if 0%( pkg-config --exists 'udev > 190' && echo '1' ) == 01 +%define _udevrulesdir /usr/lib/udev/rules.d +%else +%define _udevrulesdir /lib/udev/rules.d %endif Name: qemu @@ -73,10 +91,10 @@ Url: http://www.qemu.org/ Summary: Universal CPU emulator License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT Group: System/Emulators/PC -Version: 2.7.0 +Version: 2.8.0 Release: 0 -Source: http://wiki.qemu.org/download/qemu-2.7.0.tar.bz2 -Source99: http://wiki.qemu.org/download/qemu-2.7.0.tar.bz2.sig +Source: http://wiki.qemu.org/download/qemu-2.8.0.tar.bz2 +Source99: http://wiki.qemu.org/download/qemu-2.8.0.tar.bz2.sig Source1: 80-kvm.rules Source2: qemu-ifup Source3: kvm_stat @@ -87,6 +105,11 @@ Source7: 60-kvm.x86.rules Source8: 80-qemu-ga.rules Source9: qemu-ga.service Source10: kvm.conf +Source11: kvm_stat.1.gz +Source12: supported.x86.txt +Source13: supported.s390.txt +Source14: supported.arm.txt +Source15: supported.ppc.txt # Upstream First -- http://wiki.qemu-project.org/Contribute/SubmitAPatch # This patch queue is auto-generated from https://github.com/openSUSE/qemu Patch0001: 0001-XXX-dont-dump-core-on-sigabort.patch @@ -101,63 +124,66 @@ Patch0009: 0009-linux-user-add-binfmt-wrapper-for-a.patch Patch0010: 0010-PPC-KVM-Disable-mmu-notifier-check.patch Patch0011: 0011-linux-user-fix-segfault-deadlock.patch Patch0012: 0012-linux-user-binfmt-support-host-bina.patch -Patch0013: 0013-linux-user-lock-tcg.patch -Patch0014: 0014-linux-user-Run-multi-threaded-code-.patch -Patch0015: 0015-linux-user-lock-tb-flushing-too.patch -Patch0016: 0016-linux-user-Fake-proc-cpuinfo.patch -Patch0017: 0017-linux-user-implement-FS_IOC_GETFLAG.patch -Patch0018: 0018-linux-user-implement-FS_IOC_SETFLAG.patch -Patch0019: 0019-linux-user-XXX-disable-fiemap.patch -Patch0020: 0020-slirp-nooutgoing.patch -Patch0021: 0021-vnc-password-file-and-incoming-conn.patch -Patch0022: 0022-linux-user-use-target_ulong.patch -Patch0023: 0023-block-Add-support-for-DictZip-enabl.patch -Patch0024: 0024-block-Add-tar-container-format.patch -Patch0025: 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -Patch0026: 0026-console-add-question-mark-escape-op.patch -Patch0027: 0027-Make-char-muxer-more-robust-wrt-sma.patch -Patch0028: 0028-linux-user-lseek-explicitly-cast-no.patch -Patch0029: 0029-virtfs-proxy-helper-Provide-__u64-f.patch -Patch0030: 0030-configure-Enable-PIE-for-ppc-and-pp.patch -Patch0031: 0031-AIO-Reduce-number-of-threads-for-32.patch -Patch0032: 0032-dictzip-Fix-on-big-endian-systems.patch -Patch0033: 0033-xen_disk-Add-suse-specific-flush-di.patch -Patch0034: 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch -Patch0035: 0035-qemu-bridge-helper-reduce-security-.patch -Patch0036: 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -Patch0037: 0037-configure-Fix-detection-of-seccomp-.patch -Patch0038: 0038-linux-user-properly-test-for-infini.patch -Patch0039: 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch -Patch0040: 0040-linux-user-remove-all-traces-of-qem.patch -Patch0041: 0041-vmsvga-correct-bitmap-and-pixmap-si.patch -Patch0042: 0042-scsi-mptconfig-fix-an-assert-expres.patch -Patch0043: 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch -Patch0044: 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch -Patch0045: 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch -Patch0046: 0046-scsi-mptsas-use-g_new0-to-allocate-.patch -Patch0047: 0047-scsi-pvscsi-limit-process-IO-loop-t.patch -Patch0048: 0048-virtio-add-check-for-descriptor-s-m.patch -Patch0049: 0049-net-mcf-limit-buffer-descriptor-cou.patch -Patch0050: 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch -Patch0051: 0051-xhci-limit-the-number-of-link-trbs-.patch -Patch0052: 0052-9pfs-allocate-space-for-guest-origi.patch -Patch0053: 0053-9pfs-fix-memory-leak-in-v9fs_link.patch -Patch0054: 0054-9pfs-fix-potential-host-memory-leak.patch -Patch0055: 0055-9pfs-fix-information-leak-in-xattr-.patch -Patch0056: 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch -Patch0057: 0057-9pfs-fix-memory-leak-in-v9fs_write.patch -Patch0058: 0058-char-serial-check-divider-value-aga.patch -Patch0059: 0059-net-pcnet-check-rx-tx-descriptor-ri.patch -Patch0060: 0060-net-eepro100-fix-memory-leak-in-dev.patch -Patch0061: 0061-net-rocker-set-limit-to-DMA-buffer-.patch -Patch0062: 0062-net-vmxnet-initialise-local-tx-desc.patch -Patch0063: 0063-net-rtl8139-limit-processing-of-rin.patch -Patch0064: 0064-audio-intel-hda-check-stream-entry-.patch -Patch0065: 0065-virtio-gpu-fix-memory-leak-in-virti.patch -Patch0066: 0066-9pfs-fix-integer-overflow-issue-in-.patch -Patch0067: 0067-dma-rc4030-limit-interval-timer-rel.patch -Patch0068: 0068-net-imx-limit-buffer-descriptor-cou.patch -Patch0069: 0069-roms-Makefile-pass-a-packaging-time.patch +Patch0013: 0013-linux-user-Fake-proc-cpuinfo.patch +Patch0014: 0014-linux-user-XXX-disable-fiemap.patch +Patch0015: 0015-slirp-nooutgoing.patch +Patch0016: 0016-vnc-password-file-and-incoming-conn.patch +Patch0017: 0017-linux-user-use-target_ulong.patch +Patch0018: 0018-block-Add-support-for-DictZip-enabl.patch +Patch0019: 0019-block-Add-tar-container-format.patch +Patch0020: 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch +Patch0021: 0021-console-add-question-mark-escape-op.patch +Patch0022: 0022-Make-char-muxer-more-robust-wrt-sma.patch +Patch0023: 0023-linux-user-lseek-explicitly-cast-no.patch +Patch0024: 0024-virtfs-proxy-helper-Provide-__u64-f.patch +Patch0025: 0025-configure-Enable-PIE-for-ppc-and-pp.patch +Patch0026: 0026-AIO-Reduce-number-of-threads-for-32.patch +Patch0027: 0027-dictzip-Fix-on-big-endian-systems.patch +Patch0028: 0028-xen_disk-Add-suse-specific-flush-di.patch +Patch0029: 0029-qemu-bridge-helper-reduce-security-.patch +Patch0030: 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch +Patch0031: 0031-configure-Fix-detection-of-seccomp-.patch +Patch0032: 0032-linux-user-properly-test-for-infini.patch +Patch0033: 0033-linux-user-remove-all-traces-of-qem.patch +Patch0034: 0034-dma-rc4030-limit-interval-timer-rel.patch +Patch0035: 0035-net-imx-limit-buffer-descriptor-cou.patch +Patch0036: 0036-roms-Makefile-pass-a-packaging-time.patch +Patch0037: 0037-Raise-soft-address-space-limit-to-h.patch +Patch0038: 0038-increase-x86_64-physical-bits-to-42.patch +Patch0039: 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch +Patch0040: 0040-i8254-Fix-migration-from-SLE11-SP2.patch +Patch0041: 0041-acpi_piix4-Fix-migration-from-SLE11.patch +Patch0042: 0042-Fix-tigervnc-long-press-issue.patch +Patch0043: 0043-fix-xen-hvm-direct-kernel-boot.patch +Patch0044: 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch +Patch0045: 0045-virtio-gpu-call-cleanup-mapping-fun.patch +Patch0046: 0046-string-input-visitor-Fix-uint64-par.patch +Patch0047: 0047-test-string-input-visitor-Add-int-t.patch +Patch0048: 0048-test-string-input-visitor-Add-uint6.patch +Patch0049: 0049-tests-Add-QOM-property-unit-tests.patch +Patch0050: 0050-tests-Add-scsi-disk-test.patch +Patch0051: 0051-virtio-gpu-fix-information-leak-in-.patch +Patch0052: 0052-display-cirrus-ignore-source-pitch-.patch +Patch0053: 0053-s390x-kvm-fix-small-race-reboot-vs..patch +Patch0054: 0054-target-s390x-use-qemu-cpu-model-in-.patch +Patch0055: 0055-linux-user-exclude-cpu-model-code-w.patch +Patch0056: 0056-tests-check-path-to-avoid-a-failing.patch +Patch0057: 0057-display-virtio-gpu-3d-check-virgl-c.patch +Patch0058: 0058-watchdog-6300esb-add-exit-function.patch +Patch0059: 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch +Patch0060: 0060-virtio-gpu-fix-memory-leak-in-resou.patch +Patch0061: 0061-virtio-fix-vq-inuse-recalc-after-mi.patch +Patch0062: 0062-audio-es1370-add-exit-function.patch +Patch0063: 0063-audio-ac97-add-exit-function.patch +Patch0064: 0064-megasas-fix-guest-triggered-memory-.patch +Patch0065: 0065-cirrus-handle-negative-pitch-in-cir.patch +Patch0066: 0066-cirrus-fix-blit-address-mask-handli.patch +Patch0067: 0067-cirrus-fix-oob-access-issue-CVE-201.patch +Patch0068: 0068-usb-ccid-check-ccid-apdu-length.patch +Patch0069: 0069-sd-sdhci-check-data-length-during-d.patch +Patch0070: 0070-virtio-gpu-fix-resource-leak-in-vir.patch +Patch0071: 0071-cirrus-fix-patterncopy-checks.patch +Patch0072: 0072-cirrus-add-blit_is_unsafe-call-to-c.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -169,6 +195,7 @@ Patch1000: seabios_128kb.patch # ipxe # PATCH-FIX-OPENSUSE ipxe-stable-buildid.patch brogers@suse.com -- reproducible builds Patch1100: ipxe-stable-buildid.patch +Patch1101: ipxe-use-gcc6-for-more-compact-code.patch # sgabios # PATCH-FIX-OPENSUSE sgabios-stable-buildid.patch brogers@suse.com -- reproducible builds @@ -176,22 +203,25 @@ Patch1200: sgabios-stable-buildid.patch %endif %if %{build_slof_from_source} -# SLOF -# PATCH-FIX-UPSTREAM slof_xhci.patch afaerber@suse.de -- XHCI fixes -Patch1300: slof_xhci.patch +# SLOF (Currently no patches) %endif # this is to make lint happy Source300: qemu-rpmlintrc Source302: bridge.conf Source400: update_git.sh +ExcludeArch: s390 +%if "%{name}" == "qemu-testsuite" +ExcludeArch: s390x +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build +#!BuildIgnore: gcc-PIE BuildRequires: SDL-devel %if 0%{?suse_version} >= 1320 BuildRequires: SDL2-devel %endif BuildRequires: alsa-devel -%if 0%{?build_x86_fw_from_source} +%if %{?build_x86_fw_from_source} BuildRequires: binutils-devel %endif BuildRequires: bluez-devel @@ -206,6 +236,9 @@ BuildRequires: iasl BuildRequires: e2fsprogs-devel BuildRequires: fdupes BuildRequires: gcc-c++ +%if %{build_x86_fw_from_source} +BuildRequires: gcc6 +%endif BuildRequires: glib2-devel %if 0%{?suse_version} >= 1310 && 0%{?suse_version} != 1315 BuildRequires: glusterfs-devel @@ -219,7 +252,9 @@ BuildRequires: libaio BuildRequires: libaio-devel BuildRequires: libattr-devel BuildRequires: libbz2-devel +%if 0%{?is_opensuse} BuildRequires: libcacard-devel +%endif BuildRequires: libcap-devel BuildRequires: libcap-ng-devel BuildRequires: libdrm-devel @@ -228,8 +263,12 @@ BuildRequires: libepoxy-devel %endif %if 0%{?suse_version} >= 1310 # 12.3 and earlier don't ship a compatible libfdt; use the bundled one there +%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} > 120200 ) +BuildRequires: libfdt-devel +%else BuildRequires: libfdt1-devel %endif +%endif BuildRequires: libgbm-devel BuildRequires: libgcrypt-devel BuildRequires: libgnutls-devel @@ -237,7 +276,7 @@ BuildRequires: libgnutls-devel BuildRequires: libibverbs-devel %endif %if 0%{?with_rbd} -%if 0%{?is_opensuse} +%if 0%{?is_opensuse} || 0%{?sle_version} > 120100 BuildRequires: librbd-devel %else BuildRequires: ceph-devel @@ -251,7 +290,7 @@ BuildRequires: libjpeg-devel BuildRequires: libnettle-devel %endif %ifarch %ix86 aarch64 -%if 0%{?suse_version} > 1320 +%if 0%{?suse_version} > 1320 || 0%{?suse_version} == 1315 BuildRequires: libnuma-devel %endif %else @@ -284,9 +323,8 @@ BuildRequires: lzo-devel BuildRequires: makeinfo %endif BuildRequires: Mesa-devel -BuildRequires: mozilla-nss-devel BuildRequires: ncurses-devel -%if 0%{?build_x86_fw_from_source} +%if %{?build_x86_fw_from_source} BuildRequires: ovmf-tools %endif BuildRequires: pkgconfig @@ -298,18 +336,12 @@ BuildRequires: snappy-devel %if 0%{?with_spice} BuildRequires: spice-protocol-devel %endif -%if 0%{?suse_version} >= 1210 +%if 0%{?with_systemd} BuildRequires: systemd %{?systemd_requires} -%define with_systemd 1 %endif %if %{kvm_available} BuildRequires: pkgconfig(udev) -%if 0%( pkg-config --exists 'udev > 190' && echo '1' ) == 01 -%define _udevrulesdir /usr/lib/udev/rules.d -%else -%define _udevrulesdir /lib/udev/rules.d -%endif %endif %if 0%{?sles_version} != 11 BuildRequires: usbredir-devel @@ -342,18 +374,17 @@ BuildRequires: qemu-s390 = %version BuildRequires: qemu-tools = %version BuildRequires: qemu-x86 = %version %endif -Requires: /usr/sbin/groupadd -Requires: pwdutils -Requires: timezone +Requires(pre): pwdutils +Requires(post): coreutils %if %{kvm_available} Requires(post): udev %ifarch s390x Requires(post): procps %endif -%if ! %{legacy_qemu_kvm} %if 0%{?suse_version} > 1320 Recommends: kvm_stat -%endif +%else +Recommends: python-curses %endif %endif Recommends: qemu-block-curl @@ -389,7 +420,7 @@ Suggests: qemu-block-ssh %endif Suggests: qemu-extra Suggests: qemu-lang -%if 0%{?with_systemd} +%if 0%{?with_systemd} && 0%{?is_opensuse} Recommends: qemu-ksm = %{version} %endif @@ -399,9 +430,10 @@ efi-pcnet.rom efi-ne2k_pci.rom efi-rtl8139.rom efi-virtio.rom efi-vmxnet3.rom} %endif %define built_firmware_files {bios.bin bios-256k.bin sgabios.bin vgabios.bin \ vgabios-cirrus.bin vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \ -vgabios-qxl.bin optionrom/linuxboot.bin optionrom/multiboot.bin \ -optionrom/kvmvapic.bin pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom \ -pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}} +vgabios-qxl.bin optionrom/linuxboot.bin optionrom/linuxboot_dma.bin \ +optionrom/multiboot.bin optionrom/kvmvapic.bin pxe-e1000.rom pxe-pcnet.rom \ +pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom \ +%{?x86_64_only_b_f_f}} %description QEMU is an extremely well-performing CPU emulator that allows you to @@ -505,10 +537,6 @@ Requires: qemu-s390 = %version %endif Provides: kvm = %version Obsoletes: kvm < %version -%if 0%{?suse_version} > 1320 -Requires: kvm_stat -%endif -Recommends: python-curses %description kvm KVM (Kernel-based Virtual Machine) is virtualization software for Linux. @@ -683,7 +711,7 @@ This sub-package contains the guest agent. %package seabios Summary: X86 BIOS for QEMU Group: System/Emulators/PC -Version: 1.9.3 +Version: 1.10.1 Release: 0 %if 0%{?suse_version} > %{noarch_supported} BuildArch: noarch @@ -697,7 +725,7 @@ is the default BIOS for QEMU. %package vgabios Summary: VGA BIOSes for QEMU Group: System/Emulators/PC -Version: 1.9.3 +Version: 1.10.1 Release: 0 %if 0%{?suse_version} > %{noarch_supported} BuildArch: noarch @@ -739,7 +767,7 @@ Preboot Execution Environment (PXE) ROM support for various emulated network adapters available with QEMU. %endif -%if 0%{?with_systemd} +%if 0%{?with_systemd} && 0%{?is_opensuse} %package ksm Summary: Kernel Samepage Merging services Group: System/Emulators/PC @@ -754,7 +782,7 @@ This package provides a service file for starting and stopping KSM. %endif # !qemu-testsuite %prep -%setup -q -n qemu-2.7.0 +%setup -q -n qemu-2.8.0 %patch0001 -p1 %patch0002 -p1 %patch0003 -p1 @@ -824,6 +852,9 @@ This package provides a service file for starting and stopping KSM. %patch0067 -p1 %patch0068 -p1 %patch0069 -p1 +%patch0070 -p1 +%patch0071 -p1 +%patch0072 -p1 %if %{build_x86_fw_from_source} pushd roms/seabios @@ -831,6 +862,7 @@ pushd roms/seabios popd pushd roms/ipxe %patch1100 -p1 +%patch1101 -p1 popd pushd roms/sgabios %patch1200 -p1 @@ -845,7 +877,6 @@ done %if %{build_slof_from_source} pushd roms/SLOF -%patch1300 -p1 popd rm -f pc-bios/slof.bin %endif @@ -878,6 +909,7 @@ echo '%{version}' > roms/seabios/.version %endif --enable-bzip2 \ --enable-cap-ng \ + --disable-colo \ --enable-coroutine-pool \ --enable-curl \ --enable-curses \ @@ -925,7 +957,7 @@ echo '%{version}' > roms/seabios/.version --enable-lzo \ --disable-netmap \ %ifarch %ix86 aarch64 -%if 0%{?suse_version} > 1320 +%if 0%{?suse_version} > 1320 || 0%{?suse_version} == 1315 --enable-numa \ %else --disable-numa \ @@ -950,6 +982,7 @@ echo '%{version}' > roms/seabios/.version %else --disable-rdma \ %endif + --disable-replication \ --enable-sdl \ %if 0%{?suse_version} >= 1320 --with-sdlabi=2.0 \ @@ -961,7 +994,11 @@ echo '%{version}' > roms/seabios/.version %else --disable-seccomp \ %endif +%if 0%{?is_opensuse} --enable-smartcard \ +%else + --disable-smartcard \ +%endif %if 0%{?suse_version} >= 1310 --enable-snappy \ %else @@ -974,14 +1011,12 @@ echo '%{version}' > roms/seabios/.version %endif --disable-tcmalloc \ --enable-tpm \ -%if 0%{?sles_version} != 11 - --enable-usb-redir \ -%else +%if 0%{?sles_version} == 11 --disable-usb-redir \ +%else + --enable-usb-redir \ %endif - --enable-uuid \ --enable-vde \ - --enable-vhdx \ --enable-vhost-net \ %if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} > 120100 ) --enable-virglrenderer \ @@ -1018,6 +1053,32 @@ make %{?_smp_mflags} -C roms pxerom make %{?_smp_mflags} -C roms efirom %endif make -C roms sgabios +# enforce pxe rom sizes for migration compatability from SLE 11 SP3 forward +# the following need to be > 64K +%define supported_nics_large {e1000 rtl8139} +# the following need to be <= 64K +%define supported_nics_small {virtio} +# Though not required, make unsupported pxe roms migration compatable as well +%define unsupported_nics {eepro100 ne2k_pci pcnet} + +for i in %supported_nics_large %unsupported_nics + do + if test "`stat -c '%s' pc-bios/pxe-$i.rom`" -gt "131072" ; then + echo "pxe rom is too large" + exit 1 + fi + if test "`stat -c '%s' pc-bios/pxe-$i.rom`" -le "65536" ; then + ./roms/ipxe/src/util/padimg.pl pc-bios/pxe-$i.rom -s 65536 -b 255 + echo -ne "SEGMENT OVERAGE\0" >> pc-bios/pxe-$i.rom + fi +done +for i in %supported_nics_small + do + if test "`stat -c '%s' pc-bios/pxe-$i.rom`" -gt "65536" ; then + echo "pxe rom is too large" + exit 1 + fi +done %endif %if %{build_slof_from_source} make %{?_smp_mflags} -C roms slof @@ -1048,7 +1109,6 @@ make tests/qom-test %{?_smp_mflags} V=1 # ... make comes in fresh and has lots of address space (needed for 32bit, bsc#957379) %if 0%{?suse_version} >= 1310 make check-report.html V=1 -install -D -m 644 check-report.html %{buildroot}%{_datadir}/qemu/check-report.html %else make check-report.xml V=1 %endif @@ -1092,18 +1152,26 @@ format=`qemu-img info test.tar | grep "file format:" | cut -d ':' -f 2 | tr -d ' %install %if "%{name}" != "qemu-testsuite" -make install DESTDIR=$RPM_BUILD_ROOT -rm -fr $RPM_BUILD_ROOT/%_datadir/doc +make install DESTDIR=%{buildroot} +rm -fr %{buildroot}%{_datadir}/doc %if ! %{build_x86_fw_from_source} for f in acpi-dsdt.aml bios-256k.bin bios.bin efi-*.rom pxe-*.rom sgabios.bin \ vgabios-cirrus.bin vgabios-qxl.bin vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \ vgabios.bin; do - rm $RPM_BUILD_ROOT/%_datadir/%name/$f + rm %{buildroot}%{_datadir}/%name/$f done %endif # rm -f %{buildroot}%{_datadir}/%{name}/u-boot.e500 -install -D -m 644 %{SOURCE302} $RPM_BUILD_ROOT/%{_sysconfdir}/qemu/bridge.conf %find_lang %name +install -D -m 644 %{SOURCE302} %{buildroot}%{_sysconfdir}/qemu/bridge.conf +install -D -m 755 %{SOURCE2} %{buildroot}/usr/share/qemu/qemu-ifup +install -D -p -m 0644 %{SOURCE8} %{buildroot}%{_udevrulesdir}/80-qemu-ga.rules +%if 0%{?is_opensuse} == 0 +install -D -m 0644 %{SOURCE12} %{buildroot}%{_docdir}/qemu-x86/supported.txt +install -D -m 0644 %{SOURCE13} %{buildroot}%{_docdir}/qemu-s390/supported.txt +install -D -m 0644 %{SOURCE14} %{buildroot}%{_docdir}/qemu-arm/supported.txt +install -D -m 0644 %{SOURCE15} %{buildroot}%{_docdir}/qemu-ppc/supported.txt +%endif %if %{legacy_qemu_kvm} cat > %{buildroot}%{_bindir}/qemu-kvm << 'EOF' #!/bin/sh @@ -1115,21 +1183,30 @@ exec %{_bindir}/qemu-system-x86_64 -machine accel=kvm "$@" %endif EOF chmod 755 %{buildroot}%{_bindir}/qemu-kvm +install -D -m 644 %{SOURCE4} %{buildroot}%{_mandir}/man1/qemu-kvm.1.gz %ifarch s390x mkdir -p %{buildroot}%{_sysconfdir}/sysctl.d -cat > %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x <<- 'EOF' +cat > %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x.conf <<- 'EOF' # To allow KVM to run on s390x, we need to set the sysctl below vm.allocate_pgste = 1 EOF -chmod 644 %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x +chmod 644 %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x.conf +%if 0%{?is_opensuse} == 0 +install -d %{buildroot}%{_docdir}/qemu-kvm +ln -s ../qemu-s390/supported.txt %{buildroot}%{_docdir}/qemu-kvm/kvm-supported.txt +%endif +%else +%if 0%{?is_opensuse} == 0 +install -d %{buildroot}%{_docdir}/qemu-kvm +ln -s ../qemu-x86/supported.txt %{buildroot}%{_docdir}/qemu-kvm/kvm-supported.txt %endif -install -D -m 755 %{SOURCE2} %{buildroot}/usr/share/qemu/qemu-ifup -%if 0%{?suse_version} <= 1320 -install -D -m 755 %{SOURCE3} %{buildroot}%{_bindir}/kvm_stat %endif -install -D -m 644 %{SOURCE4} %{buildroot}%{_mandir}/man1/qemu-kvm.1.gz %endif %if %{kvm_available} +%if 0%{?suse_version} <= 1320 +install -D -m 755 %{SOURCE3} %{buildroot}%{_bindir}/kvm_stat +install -D -m 644 %{SOURCE11} %{buildroot}%{_mandir}/man1/kvm_stat.1.gz +%endif %if 0%{?suse_version} >= 1230 install -D -m 644 %{SOURCE1} %{buildroot}%{_udevrulesdir}/80-kvm.rules %else @@ -1140,15 +1217,16 @@ install -D -m 644 %{SOURCE5} %{buildroot}%{_udevrulesdir}/60-kvm.rules %endif %endif %endif -install -D -p -m 0644 %{SOURCE8} %{buildroot}%{_udevrulesdir}/80-qemu-ga.rules %if 0%{?with_systemd} -install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/ksm.service install -D -p -m 0644 %{SOURCE9} %{buildroot}%{_unitdir}/qemu-ga.service +%if 0%{?is_opensuse} +install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/ksm.service +%endif %ifarch s390x install -D -m 0644 %{SOURCE10} %{buildroot}%{_libexecdir}/modules-load.d/kvm.conf %endif %endif -%fdupes -s $RPM_BUILD_ROOT +%fdupes -s %{buildroot} %else # qemu-testsuite @@ -1174,11 +1252,17 @@ install -D -m 644 check-report.xml %{buildroot}%{_datadir}/qemu/check-report.xml if [ $(stat -L -c "%i" /proc/1/root/) = $(stat -L -c "%i" /) ]; then setfacl --remove-all /dev/kvm &> /dev/null || : %if 0%{?with_systemd} +%ifarch s390x + if [ -c /dev/kvm ]; then + %{_bindir}/chmod 666 /dev/kvm + %{_bindir}/chgrp kvm /dev/kvm + fi +%endif %udev_rules_update - %_bindir/udevadm trigger || : + %_bindir/udevadm trigger -y kvm || : %else /sbin/udevadm control --reload-rules || : - /sbin/udevadm trigger || : + /sbin/udevadm trigger -y kvm || : %endif %ifarch s390x sysctl vm.allocate_pgste=1 || : @@ -1203,15 +1287,15 @@ fi %service_del_preun qemu-ga.service %post guest-agent -if [ "$(readlink -f /proc/1/root)" = "/" ]; then - /sbin/udevadm control --reload-rules || : - /sbin/udevadm trigger || : -fi %service_add_post qemu-ga.service +if [ -e /dev/virtio-ports/org.qemu.guest_agent.0 ]; then + /usr/bin/systemctl start qemu-ga.service || : +fi %postun guest-agent %service_del_postun qemu-ga.service +%if 0%{?is_opensuse} %pre ksm %service_add_pre ksm.service @@ -1224,13 +1308,14 @@ fi %postun ksm %service_del_postun ksm.service %endif +%endif %endif # !qemu-testsuite %files %defattr(-, root, root) %if "%{name}" != "qemu-testsuite" -%doc COPYING COPYING.LIB Changelog README VERSION qemu-doc.html qemu-tech.html +%doc COPYING COPYING.LIB Changelog README VERSION qemu-doc.html %doc %_mandir/man1/qemu.1.gz %dir %_datadir/%name %_datadir/%name/keymaps @@ -1238,15 +1323,19 @@ fi %_datadir/%name/qemu-icon.bmp %_datadir/%name/qemu_logo_no_text.svg %dir %_sysconfdir/%name -%dir %_libdir/%name +%_datadir/%name/qemu-ifup %if %{kvm_available} +%if 0%{?suse_version} <= 1320 +%_bindir/kvm_stat +%doc %_mandir/man1/kvm_stat.1.gz +%endif %if 0%{?suse_version} >= 1230 %{_udevrulesdir}/80-kvm.rules %else %{_udevrulesdir}/60-kvm.rules %endif %ifarch s390x -%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x +%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x.conf %if 0%{?with_systemd} %_libexecdir/modules-load.d/kvm.conf %endif @@ -1261,6 +1350,10 @@ fi %_datadir/%name/linuxboot.bin %_datadir/%name/linuxboot_dma.bin %_datadir/%name/multiboot.bin +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-x86 +%_docdir/qemu-x86/supported.txt +%endif %files ppc %defattr(-, root, root) @@ -1274,16 +1367,29 @@ fi %_datadir/%name/u-boot.e500 %_datadir/%name/bamboo.dtb %_datadir/%name/petalogix-ml605.dtb +%_datadir/%name/skiboot.lid +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-ppc +%_docdir/qemu-ppc/supported.txt +%endif %files s390 %defattr(-, root, root) %_bindir/qemu-system-s390x %_datadir/%name/s390-ccw.img +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-s390 +%_docdir/qemu-s390/supported.txt +%endif %files arm %defattr(-, root, root) %_bindir/qemu-system-arm %_bindir/qemu-system-aarch64 +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-arm +%_docdir/qemu-arm/supported.txt +%endif %files extra %defattr(-, root, root) @@ -1318,30 +1424,34 @@ fi %files kvm %defattr(-,root,root) %_bindir/qemu-kvm -%if 0%{?suse_version} <= 1320 -%_bindir/kvm_stat +%doc %_mandir/man1/qemu-kvm.1.gz +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-kvm +%_docdir/qemu-kvm/kvm-supported.txt %endif -%_datadir/qemu/qemu-ifup -%_mandir/man1/qemu-kvm.1.gz %endif %files block-curl %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-curl.so %files block-dmg %defattr(-, root, root) -%_libdir/%name/block-dmg.so +%dir %_libdir/%name +%_libdir/%name/block-dmg-bz2.so %if 0%{?suse_version} >= 1310 && 0%{?suse_version} != 1315 %files block-gluster %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-gluster.so %endif %if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} > 120100 ) %files block-iscsi %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-iscsi.so %endif @@ -1355,6 +1465,7 @@ fi %if 0%{?suse_version} > 1140 %files block-ssh %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-ssh.so %endif @@ -1364,12 +1475,14 @@ fi %if %{build_x86_fw_from_source} %files seabios %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/bios.bin %_datadir/%name/bios-256k.bin %_datadir/%name/acpi-dsdt.aml %files vgabios %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/vgabios.bin %_datadir/%name/vgabios-cirrus.bin %_datadir/%name/vgabios-qxl.bin @@ -1379,10 +1492,12 @@ fi %files sgabios %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/sgabios.bin %files ipxe %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/pxe-e1000.rom %_datadir/%name/pxe-eepro100.rom %_datadir/%name/pxe-pcnet.rom @@ -1414,7 +1529,6 @@ fi %verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper %dir %_sysconfdir/%name %config %_sysconfdir/%name/bridge.conf -%dir %_libdir/%name %files guest-agent %defattr(-, root, root) @@ -1425,7 +1539,7 @@ fi %endif %{_udevrulesdir}/80-qemu-ga.rules -%if 0%{?with_systemd} +%if 0%{?with_systemd} && 0%{?is_opensuse} %files ksm %defattr(-, root, root) %{_unitdir}/ksm.service diff --git a/qemu.spec.in b/qemu.spec.in index 01ec66d4..4834f782 100644 --- a/qemu.spec.in +++ b/qemu.spec.in @@ -1,7 +1,7 @@ # # spec file for package qemu # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,34 +15,41 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +%define noarch_supported 1110 %define build_x86_fw_from_source 0 %define build_slof_from_source 0 +%define kvm_available 0 +%define legacy_qemu_kvm 0 + %ifarch %ix86 x86_64 # choice of building all from source or using provided binary x86 blobs %if 0%{?suse_version} >= 1310 %define build_x86_fw_from_source 1 %endif %endif + %ifarch ppc64 %define build_slof_from_source 1 %endif + %ifarch ppc64le %if 0%{?suse_version} > 1320 || 0%{?suse_version} == 1315 %define build_slof_from_source 1 %endif %endif + %ifarch %ix86 x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64 %define kvm_available 1 -%else -%define kvm_available 0 %endif + %ifarch %ix86 x86_64 s390x %define legacy_qemu_kvm 1 -%else -%define legacy_qemu_kvm 0 %endif -%define noarch_supported 1110 + +%if 0%{?suse_version} >= 1210 +%define with_systemd 1 +%endif %ifarch x86_64 %if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && ( 0%{?is_opensuse} == 0 || 0%{?sle_version} > 120100 ) ) @@ -66,6 +73,16 @@ %if 0%{?suse_version} >= 1140 %define with_spice 1 +%else +%ifarch %ix86 x86_64 +%define with_spice 1 +%endif +%endif + +%if 0%( pkg-config --exists 'udev > 190' && echo '1' ) == 01 +%define _udevrulesdir /usr/lib/udev/rules.d +%else +%define _udevrulesdir /lib/udev/rules.d %endif Name: qemu @@ -75,8 +92,8 @@ License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT Group: System/Emulators/PC QEMU_VERSION Release: 0 -Source: http://wiki.qemu.org/download/qemu-2.7.0.tar.bz2 -Source99: http://wiki.qemu.org/download/qemu-2.7.0.tar.bz2.sig +Source: http://wiki.qemu.org/download/qemu-2.8.0.tar.bz2 +Source99: http://wiki.qemu.org/download/qemu-2.8.0.tar.bz2.sig Source1: 80-kvm.rules Source2: qemu-ifup Source3: kvm_stat @@ -87,6 +104,11 @@ Source7: 60-kvm.x86.rules Source8: 80-qemu-ga.rules Source9: qemu-ga.service Source10: kvm.conf +Source11: kvm_stat.1.gz +Source12: supported.x86.txt +Source13: supported.s390.txt +Source14: supported.arm.txt +Source15: supported.ppc.txt # Upstream First -- http://wiki.qemu-project.org/Contribute/SubmitAPatch # This patch queue is auto-generated from https://github.com/openSUSE/qemu PATCH_FILES @@ -101,6 +123,7 @@ Patch1000: seabios_128kb.patch # ipxe # PATCH-FIX-OPENSUSE ipxe-stable-buildid.patch brogers@suse.com -- reproducible builds Patch1100: ipxe-stable-buildid.patch +Patch1101: ipxe-use-gcc6-for-more-compact-code.patch # sgabios # PATCH-FIX-OPENSUSE sgabios-stable-buildid.patch brogers@suse.com -- reproducible builds @@ -108,22 +131,25 @@ Patch1200: sgabios-stable-buildid.patch %endif %if %{build_slof_from_source} -# SLOF -# PATCH-FIX-UPSTREAM slof_xhci.patch afaerber@suse.de -- XHCI fixes -Patch1300: slof_xhci.patch +# SLOF (Currently no patches) %endif # this is to make lint happy Source300: qemu-rpmlintrc Source302: bridge.conf Source400: update_git.sh +ExcludeArch: s390 +%if "%{name}" == "qemu-testsuite" +ExcludeArch: s390x +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build +#!BuildIgnore: gcc-PIE BuildRequires: SDL-devel %if 0%{?suse_version} >= 1320 BuildRequires: SDL2-devel %endif BuildRequires: alsa-devel -%if 0%{?build_x86_fw_from_source} +%if %{?build_x86_fw_from_source} BuildRequires: binutils-devel %endif BuildRequires: bluez-devel @@ -138,6 +164,9 @@ BuildRequires: iasl BuildRequires: e2fsprogs-devel BuildRequires: fdupes BuildRequires: gcc-c++ +%if %{build_x86_fw_from_source} +BuildRequires: gcc6 +%endif BuildRequires: glib2-devel %if 0%{?suse_version} >= 1310 && 0%{?suse_version} != 1315 BuildRequires: glusterfs-devel @@ -151,7 +180,9 @@ BuildRequires: libaio BuildRequires: libaio-devel BuildRequires: libattr-devel BuildRequires: libbz2-devel +%if 0%{?is_opensuse} BuildRequires: libcacard-devel +%endif BuildRequires: libcap-devel BuildRequires: libcap-ng-devel BuildRequires: libdrm-devel @@ -160,8 +191,12 @@ BuildRequires: libepoxy-devel %endif %if 0%{?suse_version} >= 1310 # 12.3 and earlier don't ship a compatible libfdt; use the bundled one there +%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} > 120200 ) +BuildRequires: libfdt-devel +%else BuildRequires: libfdt1-devel %endif +%endif BuildRequires: libgbm-devel BuildRequires: libgcrypt-devel BuildRequires: libgnutls-devel @@ -169,7 +204,7 @@ BuildRequires: libgnutls-devel BuildRequires: libibverbs-devel %endif %if 0%{?with_rbd} -%if 0%{?is_opensuse} +%if 0%{?is_opensuse} || 0%{?sle_version} > 120100 BuildRequires: librbd-devel %else BuildRequires: ceph-devel @@ -183,7 +218,7 @@ BuildRequires: libjpeg-devel BuildRequires: libnettle-devel %endif %ifarch %ix86 aarch64 -%if 0%{?suse_version} > 1320 +%if 0%{?suse_version} > 1320 || 0%{?suse_version} == 1315 BuildRequires: libnuma-devel %endif %else @@ -216,9 +251,8 @@ BuildRequires: lzo-devel BuildRequires: makeinfo %endif BuildRequires: Mesa-devel -BuildRequires: mozilla-nss-devel BuildRequires: ncurses-devel -%if 0%{?build_x86_fw_from_source} +%if %{?build_x86_fw_from_source} BuildRequires: ovmf-tools %endif BuildRequires: pkgconfig @@ -230,18 +264,12 @@ BuildRequires: snappy-devel %if 0%{?with_spice} BuildRequires: spice-protocol-devel %endif -%if 0%{?suse_version} >= 1210 +%if 0%{?with_systemd} BuildRequires: systemd %{?systemd_requires} -%define with_systemd 1 %endif %if %{kvm_available} BuildRequires: pkgconfig(udev) -%if 0%( pkg-config --exists 'udev > 190' && echo '1' ) == 01 -%define _udevrulesdir /usr/lib/udev/rules.d -%else -%define _udevrulesdir /lib/udev/rules.d -%endif %endif %if 0%{?sles_version} != 11 BuildRequires: usbredir-devel @@ -274,18 +302,17 @@ BuildRequires: qemu-s390 = %version BuildRequires: qemu-tools = %version BuildRequires: qemu-x86 = %version %endif -Requires: /usr/sbin/groupadd -Requires: pwdutils -Requires: timezone +Requires(pre): pwdutils +Requires(post): coreutils %if %{kvm_available} Requires(post): udev %ifarch s390x Requires(post): procps %endif -%if ! %{legacy_qemu_kvm} %if 0%{?suse_version} > 1320 -Recommends: kvm_stat -%endif +Recommends: kvm_stat +%else +Recommends: python-curses %endif %endif Recommends: qemu-block-curl @@ -321,7 +348,7 @@ Suggests: qemu-block-ssh %endif Suggests: qemu-extra Suggests: qemu-lang -%if 0%{?with_systemd} +%if 0%{?with_systemd} && 0%{?is_opensuse} Recommends: qemu-ksm = %{version} %endif @@ -331,9 +358,10 @@ efi-pcnet.rom efi-ne2k_pci.rom efi-rtl8139.rom efi-virtio.rom efi-vmxnet3.rom} %endif %define built_firmware_files {bios.bin bios-256k.bin sgabios.bin vgabios.bin \ vgabios-cirrus.bin vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \ -vgabios-qxl.bin optionrom/linuxboot.bin optionrom/multiboot.bin \ -optionrom/kvmvapic.bin pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom \ -pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}} +vgabios-qxl.bin optionrom/linuxboot.bin optionrom/linuxboot_dma.bin \ +optionrom/multiboot.bin optionrom/kvmvapic.bin pxe-e1000.rom pxe-pcnet.rom \ +pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom \ +%{?x86_64_only_b_f_f}} %description QEMU is an extremely well-performing CPU emulator that allows you to @@ -437,10 +465,6 @@ Requires: qemu-s390 = %version %endif Provides: kvm = %version Obsoletes: kvm < %version -%if 0%{?suse_version} > 1320 -Requires: kvm_stat -%endif -Recommends: python-curses %description kvm KVM (Kernel-based Virtual Machine) is virtualization software for Linux. @@ -671,7 +695,7 @@ Preboot Execution Environment (PXE) ROM support for various emulated network adapters available with QEMU. %endif -%if 0%{?with_systemd} +%if 0%{?with_systemd} && 0%{?is_opensuse} %package ksm Summary: Kernel Samepage Merging services Group: System/Emulators/PC @@ -686,7 +710,7 @@ This package provides a service file for starting and stopping KSM. %endif # !qemu-testsuite %prep -%setup -q -n qemu-2.7.0 +%setup -q -n qemu-2.8.0 PATCH_EXEC %if %{build_x86_fw_from_source} @@ -695,6 +719,7 @@ pushd roms/seabios popd pushd roms/ipxe %patch1100 -p1 +%patch1101 -p1 popd pushd roms/sgabios %patch1200 -p1 @@ -709,7 +734,6 @@ done %if %{build_slof_from_source} pushd roms/SLOF -%patch1300 -p1 popd rm -f pc-bios/slof.bin %endif @@ -742,6 +766,7 @@ echo '%{version}' > roms/seabios/.version %endif --enable-bzip2 \ --enable-cap-ng \ + --disable-colo \ --enable-coroutine-pool \ --enable-curl \ --enable-curses \ @@ -789,7 +814,7 @@ echo '%{version}' > roms/seabios/.version --enable-lzo \ --disable-netmap \ %ifarch %ix86 aarch64 -%if 0%{?suse_version} > 1320 +%if 0%{?suse_version} > 1320 || 0%{?suse_version} == 1315 --enable-numa \ %else --disable-numa \ @@ -814,6 +839,7 @@ echo '%{version}' > roms/seabios/.version %else --disable-rdma \ %endif + --disable-replication \ --enable-sdl \ %if 0%{?suse_version} >= 1320 --with-sdlabi=2.0 \ @@ -825,7 +851,11 @@ echo '%{version}' > roms/seabios/.version %else --disable-seccomp \ %endif +%if 0%{?is_opensuse} --enable-smartcard \ +%else + --disable-smartcard \ +%endif %if 0%{?suse_version} >= 1310 --enable-snappy \ %else @@ -838,14 +868,12 @@ echo '%{version}' > roms/seabios/.version %endif --disable-tcmalloc \ --enable-tpm \ -%if 0%{?sles_version} != 11 - --enable-usb-redir \ -%else +%if 0%{?sles_version} == 11 --disable-usb-redir \ +%else + --enable-usb-redir \ %endif - --enable-uuid \ --enable-vde \ - --enable-vhdx \ --enable-vhost-net \ %if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} > 120100 ) --enable-virglrenderer \ @@ -869,7 +897,6 @@ echo '%{version}' > roms/seabios/.version %endif --enable-xfsctl \ - %if "%{name}" != "qemu-testsuite" make %{?_smp_mflags} V=1 @@ -883,6 +910,32 @@ make %{?_smp_mflags} -C roms pxerom make %{?_smp_mflags} -C roms efirom %endif make -C roms sgabios +# enforce pxe rom sizes for migration compatability from SLE 11 SP3 forward +# the following need to be > 64K +%define supported_nics_large {e1000 rtl8139} +# the following need to be <= 64K +%define supported_nics_small {virtio} +# Though not required, make unsupported pxe roms migration compatable as well +%define unsupported_nics {eepro100 ne2k_pci pcnet} + +for i in %supported_nics_large %unsupported_nics + do + if test "`stat -c '%s' pc-bios/pxe-$i.rom`" -gt "131072" ; then + echo "pxe rom is too large" + exit 1 + fi + if test "`stat -c '%s' pc-bios/pxe-$i.rom`" -le "65536" ; then + ./roms/ipxe/src/util/padimg.pl pc-bios/pxe-$i.rom -s 65536 -b 255 + echo -ne "SEGMENT OVERAGE\0" >> pc-bios/pxe-$i.rom + fi +done +for i in %supported_nics_small + do + if test "`stat -c '%s' pc-bios/pxe-$i.rom`" -gt "65536" ; then + echo "pxe rom is too large" + exit 1 + fi +done %endif %if %{build_slof_from_source} make %{?_smp_mflags} -C roms slof @@ -913,7 +966,6 @@ make tests/qom-test %{?_smp_mflags} V=1 # ... make comes in fresh and has lots of address space (needed for 32bit, bsc#957379) %if 0%{?suse_version} >= 1310 make check-report.html V=1 -install -D -m 644 check-report.html %{buildroot}%{_datadir}/qemu/check-report.html %else make check-report.xml V=1 %endif @@ -957,18 +1009,26 @@ format=`qemu-img info test.tar | grep "file format:" | cut -d ':' -f 2 | tr -d ' %install %if "%{name}" != "qemu-testsuite" -make install DESTDIR=$RPM_BUILD_ROOT -rm -fr $RPM_BUILD_ROOT/%_datadir/doc +make install DESTDIR=%{buildroot} +rm -fr %{buildroot}%{_datadir}/doc %if ! %{build_x86_fw_from_source} for f in acpi-dsdt.aml bios-256k.bin bios.bin efi-*.rom pxe-*.rom sgabios.bin \ vgabios-cirrus.bin vgabios-qxl.bin vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \ vgabios.bin; do - rm $RPM_BUILD_ROOT/%_datadir/%name/$f + rm %{buildroot}%{_datadir}/%name/$f done %endif # rm -f %{buildroot}%{_datadir}/%{name}/u-boot.e500 -install -D -m 644 %{SOURCE302} $RPM_BUILD_ROOT/%{_sysconfdir}/qemu/bridge.conf %find_lang %name +install -D -m 644 %{SOURCE302} %{buildroot}%{_sysconfdir}/qemu/bridge.conf +install -D -m 755 %{SOURCE2} %{buildroot}/usr/share/qemu/qemu-ifup +install -D -p -m 0644 %{SOURCE8} %{buildroot}%{_udevrulesdir}/80-qemu-ga.rules +%if 0%{?is_opensuse} == 0 +install -D -m 0644 %{SOURCE12} %{buildroot}%{_docdir}/qemu-x86/supported.txt +install -D -m 0644 %{SOURCE13} %{buildroot}%{_docdir}/qemu-s390/supported.txt +install -D -m 0644 %{SOURCE14} %{buildroot}%{_docdir}/qemu-arm/supported.txt +install -D -m 0644 %{SOURCE15} %{buildroot}%{_docdir}/qemu-ppc/supported.txt +%endif %if %{legacy_qemu_kvm} cat > %{buildroot}%{_bindir}/qemu-kvm << 'EOF' #!/bin/sh @@ -980,21 +1040,30 @@ exec %{_bindir}/qemu-system-x86_64 -machine accel=kvm "$@" %endif EOF chmod 755 %{buildroot}%{_bindir}/qemu-kvm +install -D -m 644 %{SOURCE4} %{buildroot}%{_mandir}/man1/qemu-kvm.1.gz %ifarch s390x mkdir -p %{buildroot}%{_sysconfdir}/sysctl.d -cat > %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x <<- 'EOF' +cat > %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x.conf <<- 'EOF' # To allow KVM to run on s390x, we need to set the sysctl below vm.allocate_pgste = 1 EOF -chmod 644 %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x +chmod 644 %{buildroot}%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x.conf +%if 0%{?is_opensuse} == 0 +install -d %{buildroot}%{_docdir}/qemu-kvm +ln -s ../qemu-s390/supported.txt %{buildroot}%{_docdir}/qemu-kvm/kvm-supported.txt +%endif +%else +%if 0%{?is_opensuse} == 0 +install -d %{buildroot}%{_docdir}/qemu-kvm +ln -s ../qemu-x86/supported.txt %{buildroot}%{_docdir}/qemu-kvm/kvm-supported.txt %endif -install -D -m 755 %{SOURCE2} %{buildroot}/usr/share/qemu/qemu-ifup -%if 0%{?suse_version} <= 1320 -install -D -m 755 %{SOURCE3} %{buildroot}%{_bindir}/kvm_stat %endif -install -D -m 644 %{SOURCE4} %{buildroot}%{_mandir}/man1/qemu-kvm.1.gz %endif %if %{kvm_available} +%if 0%{?suse_version} <= 1320 +install -D -m 755 %{SOURCE3} %{buildroot}%{_bindir}/kvm_stat +install -D -m 644 %{SOURCE11} %{buildroot}%{_mandir}/man1/kvm_stat.1.gz +%endif %if 0%{?suse_version} >= 1230 install -D -m 644 %{SOURCE1} %{buildroot}%{_udevrulesdir}/80-kvm.rules %else @@ -1005,15 +1074,16 @@ install -D -m 644 %{SOURCE5} %{buildroot}%{_udevrulesdir}/60-kvm.rules %endif %endif %endif -install -D -p -m 0644 %{SOURCE8} %{buildroot}%{_udevrulesdir}/80-qemu-ga.rules %if 0%{?with_systemd} -install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/ksm.service install -D -p -m 0644 %{SOURCE9} %{buildroot}%{_unitdir}/qemu-ga.service +%if 0%{?is_opensuse} +install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/ksm.service +%endif %ifarch s390x install -D -m 0644 %{SOURCE10} %{buildroot}%{_libexecdir}/modules-load.d/kvm.conf %endif %endif -%fdupes -s $RPM_BUILD_ROOT +%fdupes -s %{buildroot} %else # qemu-testsuite @@ -1033,18 +1103,23 @@ install -D -m 644 check-report.xml %{buildroot}%{_datadir}/qemu/check-report.xml %{_sbindir}/useradd -r -g qemu -G kvm -d / -s /sbin/nologin \ -c "qemu user" qemu - %if %{kvm_available} %post # Do not execute operations affecting host devices while running in a chroot if [ $(stat -L -c "%i" /proc/1/root/) = $(stat -L -c "%i" /) ]; then setfacl --remove-all /dev/kvm &> /dev/null || : %if 0%{?with_systemd} +%ifarch s390x + if [ -c /dev/kvm ]; then + %{_bindir}/chmod 666 /dev/kvm + %{_bindir}/chgrp kvm /dev/kvm + fi +%endif %udev_rules_update - %_bindir/udevadm trigger || : + %_bindir/udevadm trigger -y kvm || : %else /sbin/udevadm control --reload-rules || : - /sbin/udevadm trigger || : + /sbin/udevadm trigger -y kvm || : %endif %ifarch s390x sysctl vm.allocate_pgste=1 || : @@ -1069,15 +1144,15 @@ fi %service_del_preun qemu-ga.service %post guest-agent -if [ "$(readlink -f /proc/1/root)" = "/" ]; then - /sbin/udevadm control --reload-rules || : - /sbin/udevadm trigger || : -fi %service_add_post qemu-ga.service +if [ -e /dev/virtio-ports/org.qemu.guest_agent.0 ]; then + /usr/bin/systemctl start qemu-ga.service || : +fi %postun guest-agent %service_del_postun qemu-ga.service +%if 0%{?is_opensuse} %pre ksm %service_add_pre ksm.service @@ -1090,13 +1165,14 @@ fi %postun ksm %service_del_postun ksm.service %endif +%endif %endif # !qemu-testsuite %files %defattr(-, root, root) %if "%{name}" != "qemu-testsuite" -%doc COPYING COPYING.LIB Changelog README VERSION qemu-doc.html qemu-tech.html +%doc COPYING COPYING.LIB Changelog README VERSION qemu-doc.html %doc %_mandir/man1/qemu.1.gz %dir %_datadir/%name %_datadir/%name/keymaps @@ -1104,15 +1180,19 @@ fi %_datadir/%name/qemu-icon.bmp %_datadir/%name/qemu_logo_no_text.svg %dir %_sysconfdir/%name -%dir %_libdir/%name +%_datadir/%name/qemu-ifup %if %{kvm_available} +%if 0%{?suse_version} <= 1320 +%_bindir/kvm_stat +%doc %_mandir/man1/kvm_stat.1.gz +%endif %if 0%{?suse_version} >= 1230 %{_udevrulesdir}/80-kvm.rules %else %{_udevrulesdir}/60-kvm.rules %endif %ifarch s390x -%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x +%{_sysconfdir}/sysctl.d/50-allow-kvm-on-s390x.conf %if 0%{?with_systemd} %_libexecdir/modules-load.d/kvm.conf %endif @@ -1127,6 +1207,10 @@ fi %_datadir/%name/linuxboot.bin %_datadir/%name/linuxboot_dma.bin %_datadir/%name/multiboot.bin +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-x86 +%_docdir/qemu-x86/supported.txt +%endif %files ppc %defattr(-, root, root) @@ -1140,16 +1224,29 @@ fi %_datadir/%name/u-boot.e500 %_datadir/%name/bamboo.dtb %_datadir/%name/petalogix-ml605.dtb +%_datadir/%name/skiboot.lid +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-ppc +%_docdir/qemu-ppc/supported.txt +%endif %files s390 %defattr(-, root, root) %_bindir/qemu-system-s390x %_datadir/%name/s390-ccw.img +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-s390 +%_docdir/qemu-s390/supported.txt +%endif %files arm %defattr(-, root, root) %_bindir/qemu-system-arm %_bindir/qemu-system-aarch64 +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-arm +%_docdir/qemu-arm/supported.txt +%endif %files extra %defattr(-, root, root) @@ -1184,30 +1281,34 @@ fi %files kvm %defattr(-,root,root) %_bindir/qemu-kvm -%if 0%{?suse_version} <= 1320 -%_bindir/kvm_stat +%doc %_mandir/man1/qemu-kvm.1.gz +%if 0%{?is_opensuse} == 0 +%dir %_docdir/qemu-kvm +%_docdir/qemu-kvm/kvm-supported.txt %endif -%_datadir/qemu/qemu-ifup -%_mandir/man1/qemu-kvm.1.gz %endif %files block-curl %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-curl.so %files block-dmg %defattr(-, root, root) -%_libdir/%name/block-dmg.so +%dir %_libdir/%name +%_libdir/%name/block-dmg-bz2.so %if 0%{?suse_version} >= 1310 && 0%{?suse_version} != 1315 %files block-gluster %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-gluster.so %endif %if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?sle_version} > 120100 ) %files block-iscsi %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-iscsi.so %endif @@ -1221,6 +1322,7 @@ fi %if 0%{?suse_version} > 1140 %files block-ssh %defattr(-, root, root) +%dir %_libdir/%name %_libdir/%name/block-ssh.so %endif @@ -1230,12 +1332,14 @@ fi %if %{build_x86_fw_from_source} %files seabios %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/bios.bin %_datadir/%name/bios-256k.bin %_datadir/%name/acpi-dsdt.aml %files vgabios %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/vgabios.bin %_datadir/%name/vgabios-cirrus.bin %_datadir/%name/vgabios-qxl.bin @@ -1245,10 +1349,12 @@ fi %files sgabios %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/sgabios.bin %files ipxe %defattr(-, root, root) +%dir %_datadir/%name %_datadir/%name/pxe-e1000.rom %_datadir/%name/pxe-eepro100.rom %_datadir/%name/pxe-pcnet.rom @@ -1280,7 +1386,6 @@ fi %verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper %dir %_sysconfdir/%name %config %_sysconfdir/%name/bridge.conf -%dir %_libdir/%name %files guest-agent %defattr(-, root, root) @@ -1291,7 +1396,7 @@ fi %endif %{_udevrulesdir}/80-qemu-ga.rules -%if 0%{?with_systemd} +%if 0%{?with_systemd} && 0%{?is_opensuse} %files ksm %defattr(-, root, root) %{_unitdir}/ksm.service diff --git a/seabios_128kb.patch b/seabios_128kb.patch index ee832405..a05c5435 100644 --- a/seabios_128kb.patch +++ b/seabios_128kb.patch @@ -11,19 +11,17 @@ with a %s specifier, resulting in the needed space savings. Signed-off-by: Bruce Rogers --- - src/boot.c | 20 +++++++++++--------- - src/bootsplash.c | 5 +++-- - src/fw/paravirt.c | 8 +++++--- - src/fw/pciinit.c | 19 ++++++++++--------- - src/hw/usb-hub.c | 9 +++++---- - src/hw/usb-msc.c | 6 ++++-- + src/boot.c | 20 +++++++++++--------- + src/bootsplash.c | 5 +++-- + src/fw/paravirt.c | 8 +++++--- + src/fw/pciinit.c | 19 ++++++++++--------- + src/hw/usb-hub.c | 9 +++++---- + src/hw/usb-msc.c | 6 ++++-- 6 files changed, 38 insertions(+), 29 deletions(-) -diff --git a/src/boot.c b/src/boot.c -index d6b1fb7..de37041 100644 --- a/src/boot.c +++ b/src/boot.c -@@ -25,6 +25,8 @@ +@@ -27,6 +27,8 @@ * Boot priority ordering ****************************************************************/ @@ -32,7 +30,7 @@ index d6b1fb7..de37041 100644 static char **Bootorder VARVERIFY32INIT; static int BootorderCount; -@@ -587,7 +589,7 @@ bcv_prepboot(void) +@@ -596,7 +598,7 @@ bcv_prepboot(void) static void call_boot_entry(struct segoff_s bootsegip, u8 bootdrv) { @@ -41,7 +39,7 @@ index d6b1fb7..de37041 100644 struct bregs br; memset(&br, 0, sizeof(br)); br.flags = F_IF; -@@ -641,7 +643,7 @@ boot_cdrom(struct drive_s *drive_g) +@@ -652,7 +654,7 @@ boot_cdrom(struct drive_s *drive_g) { if (! CONFIG_CDROM_BOOT) return; @@ -50,7 +48,7 @@ index d6b1fb7..de37041 100644 int status = cdrom_boot(drive_g); if (status) { -@@ -664,7 +666,7 @@ boot_cbfs(struct cbfs_file *file) +@@ -678,7 +680,7 @@ boot_cbfs(struct cbfs_file *file) { if (!CONFIG_COREBOOT_FLASH) return; @@ -59,7 +57,7 @@ index d6b1fb7..de37041 100644 cbfs_run_payload(file); } -@@ -672,7 +674,7 @@ boot_cbfs(struct cbfs_file *file) +@@ -686,7 +688,7 @@ boot_cbfs(struct cbfs_file *file) static void boot_rom(u32 vector) { @@ -68,7 +66,7 @@ index d6b1fb7..de37041 100644 struct segoff_s so; so.segoff = vector; call_boot_entry(so, 0); -@@ -683,10 +685,10 @@ static void +@@ -697,10 +699,10 @@ static void boot_fail(void) { if (BootRetryTime == (u32)-1) @@ -82,7 +80,7 @@ index d6b1fb7..de37041 100644 // Wait for 'BootRetryTime' milliseconds and then reboot. u32 end = irqtimer_calc(BootRetryTime); for (;;) { -@@ -712,11 +714,11 @@ do_boot(int seq_nr) +@@ -726,11 +728,11 @@ do_boot(int seq_nr) struct bev_s *ie = &BEV[seq_nr]; switch (ie->type) { case IPL_TYPE_FLOPPY: @@ -96,8 +94,6 @@ index d6b1fb7..de37041 100644 boot_disk(0x80, 1); break; case IPL_TYPE_CDROM: -diff --git a/src/bootsplash.c b/src/bootsplash.c -index c572685..e28d264 100644 --- a/src/bootsplash.c +++ b/src/bootsplash.c @@ -16,6 +16,7 @@ @@ -108,7 +104,7 @@ index c572685..e28d264 100644 /**************************************************************** * Helper functions -@@ -154,7 +155,7 @@ enable_bootsplash(void) +@@ -155,7 +156,7 @@ enable_bootsplash(void) dprintf(5, "Decoding bootsplash.jpg\n"); ret = jpeg_decode(jpeg, filedata); if (ret) { @@ -117,7 +113,7 @@ index c572685..e28d264 100644 goto done; } jpeg_get_size(jpeg, &width, &height); -@@ -168,7 +169,7 @@ enable_bootsplash(void) +@@ -169,7 +170,7 @@ enable_bootsplash(void) dprintf(5, "Decoding bootsplash.bmp\n"); ret = bmp_decode(bmp, filedata, filesize); if (ret) { @@ -126,11 +122,9 @@ index c572685..e28d264 100644 goto done; } bmp_get_size(bmp, &width, &height); -diff --git a/src/fw/paravirt.c b/src/fw/paravirt.c -index db22ae8..868435a 100644 --- a/src/fw/paravirt.c +++ b/src/fw/paravirt.c -@@ -36,6 +36,8 @@ int PlatformRunningOn VARFSEG; +@@ -45,6 +45,8 @@ inline int qemu_cfg_dma_enabled(void) */ #define KVM_CPUID_SIGNATURE 0x40000000 @@ -139,7 +133,7 @@ index db22ae8..868435a 100644 static void kvm_detect(void) { unsigned int eax, ebx, ecx, edx; -@@ -73,13 +75,13 @@ static void qemu_detect(void) +@@ -82,13 +84,13 @@ static void qemu_detect(void) PlatformRunningOn |= PF_QEMU; switch (d) { case 0x1237: @@ -156,13 +150,11 @@ index db22ae8..868435a 100644 break; } kvm_detect(); -diff --git a/src/fw/pciinit.c b/src/fw/pciinit.c -index ac39d23..63018e4 100644 --- a/src/fw/pciinit.c +++ b/src/fw/pciinit.c -@@ -27,6 +27,10 @@ - #define PCI_BRIDGE_MEM_MIN (1<<21) // 2M == hugepage size - #define PCI_BRIDGE_IO_MIN 0x1000 // mandated by pci bridge spec +@@ -39,6 +39,10 @@ enum pci_region_type { + PCI_REGION_TYPE_COUNT, + }; +static const char *pri_bus_str = "PCI: primary bus = "; +static const char *sec_bus_str = "PCI: secondary bus = "; @@ -171,7 +163,7 @@ index ac39d23..63018e4 100644 static const char *region_type_name[] = { [ PCI_REGION_TYPE_IO ] = "io", [ PCI_REGION_TYPE_MEM ] = "mem", -@@ -425,7 +429,6 @@ static void pci_bios_init_platform(void) +@@ -522,7 +526,6 @@ static void pci_bios_init_platform(void) } } @@ -179,7 +171,7 @@ index ac39d23..63018e4 100644 /**************************************************************** * Bus initialization ****************************************************************/ -@@ -456,21 +459,20 @@ pci_bios_init_bus_rec(int bus, u8 *pci_bus) +@@ -553,21 +556,20 @@ pci_bios_init_bus_rec(int bus, u8 *pci_b u8 pribus = pci_config_readb(bdf, PCI_PRIMARY_BUS); if (pribus != bus) { @@ -205,7 +197,7 @@ index ac39d23..63018e4 100644 } /* set to max for access to all subordinate buses. -@@ -481,11 +483,10 @@ pci_bios_init_bus_rec(int bus, u8 *pci_bus) +@@ -578,11 +580,10 @@ pci_bios_init_bus_rec(int bus, u8 *pci_b pci_bios_init_bus_rec(secbus, pci_bus); if (subbus != *pci_bus) { @@ -219,8 +211,6 @@ index ac39d23..63018e4 100644 } pci_config_writeb(bdf, PCI_SUBORDINATE_BUS, subbus); } -diff --git a/src/hw/usb-hub.c b/src/hw/usb-hub.c -index 54e341b..337385d 100644 --- a/src/hw/usb-hub.c +++ b/src/hw/usb-hub.c @@ -11,6 +11,8 @@ @@ -232,7 +222,7 @@ index 54e341b..337385d 100644 static int get_hub_desc(struct usb_pipe *pipe, struct usb_hub_descriptor *desc) { -@@ -82,7 +84,6 @@ get_port_status(struct usbhub_s *hub, int port, struct usb_port_status *sts) +@@ -82,7 +84,6 @@ get_port_status(struct usbhub_s *hub, in mutex_unlock(&hub->lock); return ret; } @@ -240,7 +230,7 @@ index 54e341b..337385d 100644 // Check if device attached to port static int usb_hub_detect(struct usbhub_s *hub, u32 port) -@@ -90,7 +91,7 @@ usb_hub_detect(struct usbhub_s *hub, u32 port) +@@ -90,7 +91,7 @@ usb_hub_detect(struct usbhub_s *hub, u32 struct usb_port_status sts; int ret = get_port_status(hub, port, &sts); if (ret) { @@ -249,7 +239,7 @@ index 54e341b..337385d 100644 return -1; } return (sts.wPortStatus & USB_PORT_STAT_CONNECTION) ? 1 : 0; -@@ -102,7 +103,7 @@ usb_hub_disconnect(struct usbhub_s *hub, u32 port) +@@ -102,7 +103,7 @@ usb_hub_disconnect(struct usbhub_s *hub, { int ret = clear_port_feature(hub, port, USB_PORT_FEAT_ENABLE); if (ret) @@ -258,7 +248,7 @@ index 54e341b..337385d 100644 } // Reset device on port -@@ -142,7 +143,7 @@ usb_hub_reset(struct usbhub_s *hub, u32 port) +@@ -142,7 +143,7 @@ usb_hub_reset(struct usbhub_s *hub, u32 >> USB_PORT_STAT_SPEED_SHIFT); fail: @@ -267,8 +257,6 @@ index 54e341b..337385d 100644 usb_hub_disconnect(hub, port); return -1; } -diff --git a/src/hw/usb-msc.c b/src/hw/usb-msc.c -index d90319f..9c6b3e2 100644 --- a/src/hw/usb-msc.c +++ b/src/hw/usb-msc.c @@ -50,6 +50,8 @@ struct csw_s { @@ -280,7 +268,7 @@ index d90319f..9c6b3e2 100644 static int usb_msc_send(struct usbdrive_s *udrive_gf, int dir, void *buf, u32 bytes) { -@@ -158,7 +160,7 @@ usb_msc_lun_setup(struct usb_pipe *inpipe, struct usb_pipe *outpipe, +@@ -160,7 +162,7 @@ usb_msc_lun_setup(struct usb_pipe *inpip int prio = bootprio_find_usb(usbdev, lun); int ret = scsi_drive_setup(&drive->drive, "USB MSC", prio); if (ret) { @@ -289,7 +277,7 @@ index d90319f..9c6b3e2 100644 free(drive); return -1; } -@@ -213,7 +215,7 @@ usb_msc_setup(struct usbdevice_s *usbdev) +@@ -215,7 +217,7 @@ usb_msc_setup(struct usbdevice_s *usbdev return 0; fail: @@ -298,6 +286,3 @@ index d90319f..9c6b3e2 100644 usb_free_pipe(usbdev, inpipe); usb_free_pipe(usbdev, outpipe); return -1; --- -1.9.0 - diff --git a/slof_xhci.patch b/slof_xhci.patch deleted file mode 100644 index f04e3888..00000000 --- a/slof_xhci.patch +++ /dev/null @@ -1,155 +0,0 @@ -From ca8fb51e05feca057721d72cb194cd0636c73847 Mon Sep 17 00:00:00 2001 -From: Nikunj A Dadhania -Date: Mon, 2 May 2016 10:16:44 +0530 -Subject: [PATCH] xhci: fix missing keys from keyboard - -Current handling of the keyboard polling was very slow and -keys were getting dropped. Done following for fixing this: - -* Use multiple buffers per TRB -* Allocate buffers in xhci according to the number of TRBS. - -This reduces the delay of key? processing by getting rid of wait in -the polling routine. - -Reported-by: Dinar Valeev -Signed-off-by: Nikunj A Dadhania -Tested-by: Dinar Valeev -Tested-by: Thomas Huth -Signed-off-by: Alexey Kardashevskiy ---- - lib/libusb/usb-xhci.c | 51 +++++++++++++++++++++++++++++++++++++----------- - lib/libusb/usb-xhci.h | 2 + - 2 files changed, 41 insertions(+), 12 deletions(-) - -diff --git a/lib/libusb/usb-xhci.c b/lib/libusb/usb-xhci.c -index 070c2ef..3bbc9af 100644 ---- a/lib/libusb/usb-xhci.c -+++ b/lib/libusb/usb-xhci.c -@@ -238,7 +238,7 @@ static uint64_t xhci_poll_event(struct xhci_hcd *xhcd, - flags = le32_to_cpu(event->flags); - - dprintf("Reading from event ptr %p %08x\n", event, flags); -- time = SLOF_GetTimer() + USB_TIMEOUT; -+ time = SLOF_GetTimer() + ((event_type == XHCI_POLL_NO_WAIT)? 0: USB_TIMEOUT); - - while ((flags & TRB_CYCLE_STATE) != xhcd->ering.cycle_state) { - mb(); -@@ -1148,11 +1148,36 @@ static inline void *xhci_get_trb(struct xhci_seg *seg) - return (void *)enq; - } - -+static inline void *xhci_get_trb_deq(struct xhci_seg *seg) -+{ -+ uint64_t deq_next, deq; -+ int index; -+ -+ deq = seg->deq; -+ deq_next = deq + XHCI_TRB_SIZE; -+ index = (deq - (uint64_t)seg->trbs) / XHCI_TRB_SIZE + 1; -+ dprintf("%s: deq %llx, deq_next %llx index %x\n", __func__, deq, deq_next, index); -+ /* TRBs being a cyclic buffer, here we cycle back to beginning. */ -+ if (index == (seg->size - 1)) { -+ dprintf("%s: rounding \n", __func__); -+ seg->deq = (uint64_t)seg->trbs; -+ } -+ else { -+ seg->deq = deq_next; -+ } -+ return (void *)deq; -+} -+ - static uint64_t xhci_get_trb_phys(struct xhci_seg *seg, uint64_t trb) - { - return seg->trbs_dma + (trb - (uint64_t)seg->trbs); - } - -+static uint32_t xhci_trb_get_index(struct xhci_seg *seg, struct xhci_transfer_trb *trb) -+{ -+ return trb - (struct xhci_transfer_trb *)seg->trbs; -+} -+ - static int usb_kb = false; - static int xhci_transfer_bulk(struct usb_pipe *pipe, void *td, void *td_phys, - void *data, int datalen) -@@ -1332,9 +1357,9 @@ static int xhci_get_pipe_intr(struct usb_pipe *pipe, - xhci_init_seg(seg, XHCI_EVENT_TRBS_SIZE, TYPE_BULK); - } - -- xpipe->buf = buf; -- xpipe->buf_phys = SLOF_dma_map_in(buf, len, false); -- xpipe->buflen = len; -+ xpipe->buflen = pipe->mps * XHCI_INTR_TRBS_SIZE/(sizeof(struct xhci_transfer_trb)); -+ xpipe->buf = SLOF_dma_alloc(xpipe->buflen); -+ xpipe->buf_phys = SLOF_dma_map_in(xpipe->buf, xpipe->buflen, false); - - ctrl = xhci_get_control_ctx(&xdev->in_ctx); - x_epno = xhci_get_epno(pipe); -@@ -1350,7 +1375,8 @@ static int xhci_get_pipe_intr(struct usb_pipe *pipe, - xpipe->seg = seg; - - trb = xhci_get_trb(seg); -- fill_normal_trb(trb, (void *)xpipe->buf_phys, pipe->mps); -+ buf = (char *)(xpipe->buf_phys + xhci_trb_get_index(seg, trb) * pipe->mps); -+ fill_normal_trb(trb, (void *)buf, pipe->mps); - return true; - } - -@@ -1412,6 +1438,7 @@ static void xhci_put_pipe(struct usb_pipe *pipe) - } else if (pipe->type == USB_EP_TYPE_INTR) { - xpipe = xhci_pipe_get_xpipe(pipe); - SLOF_dma_map_out(xpipe->buf_phys, xpipe->buf, xpipe->buflen); -+ SLOF_dma_free(xpipe->buf, xpipe->buflen); - xpipe->seg = NULL; - } - if (xhcd->end) -@@ -1449,26 +1476,26 @@ static int xhci_poll_intr(struct usb_pipe *pipe, uint8_t *data) - if (usb_kb == true) { - /* This event was consumed by bulk transfer */ - usb_kb = false; -+ xhci_get_trb_deq(seg); - goto skip_poll; - } -- buf = xpipe->buf; -- memset(buf, 0, 8); - -- mb(); - /* Ring the doorbell - x_epno */ - dbr = xhcd->db_regs; - write_reg32(&dbr->db[xdev->slot_id], x_epno); -- if (!xhci_poll_event(xhcd, 0)) { -- printf("poll intr failed\n"); -+ if (!xhci_poll_event(xhcd, XHCI_POLL_NO_WAIT)) { - return 0; - } - mb(); -+ trb = xhci_get_trb_deq(seg); -+ buf = xpipe->buf + xhci_trb_get_index(seg, trb) * pipe->mps; - memcpy(data, buf, 8); -+ memset(buf, 0, 8); - - skip_poll: - trb = xhci_get_trb(seg); -- fill_normal_trb(trb, (void *)xpipe->buf_phys, pipe->mps); -- mb(); -+ buf = (uint8_t *)(xpipe->buf_phys + xhci_trb_get_index(seg, trb) * pipe->mps); -+ fill_normal_trb(trb, (void *)buf, pipe->mps); - return ret; - } - -diff --git a/lib/libusb/usb-xhci.h b/lib/libusb/usb-xhci.h -index 3fc7e78..8172a37 100644 ---- a/lib/libusb/usb-xhci.h -+++ b/lib/libusb/usb-xhci.h -@@ -269,6 +269,8 @@ struct xhci_seg { - #define XHCI_INTR_TRBS_SIZE 4096 - #define XHCI_ERST_NUM_SEGS 1 - -+#define XHCI_POLL_NO_WAIT 1 -+ - #define XHCI_MAX_BULK_SIZE 0xF000 - - struct xhci_erst_entry { --- -1.7.0.4 - diff --git a/supported.arm.txt b/supported.arm.txt new file mode 100644 index 00000000..27d6c1b6 --- /dev/null +++ b/supported.arm.txt @@ -0,0 +1,755 @@ +[qemu-arm package document] + +SLES 12 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS + +Overview +-------- + + The QEMU based packages included with SLES 12 SP3 provide a large variety of + features, from the very latest customer requests to features of questionable + quality or value. The linux kernel includes components which contribute KVM + virtualization features as well. This document was created to assist the user + in deciding which features can be relied upon to build enterprise class + virtualization solutions. KVM based virtualization for x86 (Intel 64/AMD64) + is offered at the L3 (full support) level. KVM on the IBM System z (s390x) + is in technology preview, and KVM for the ARM64 architecture (AArch64) is L3 + supported for certain partner-specific use cases. The bulk of this document + deals with L3 supported features and is primarily x86 centric. This document + should be considered a companion to the standard virtualization documentation + delivered with the product. + + KVM is implemented in linux kernel modules which enable the linux kernel to + function as an integral part of the KVM hypervisor. The hypervisor-guest + interaction is managed by QEMU through the /dev/kvm ioctl interface. The linux + host assists in the virtualization of storage, networking and display + resources as well as allowing direct hardware passthrough of PCI and USB + devices. Linux memory and cpu management features are used by QEMU/KVM to + enable guests to share those host resources as efficiently as possible. + + QEMU is a primary component of KVM based virtualization. The legacy qemu-kvm + program is provided for continuity with pre SLES 12 usage, including in + libvirt domain xml references. The QEMU emulator binaries qemu-system-x86_64 + and qemu-system-i386 (x86 host), qemu-system-s390x (System z host), and + qemu-system-aarch64 (ARM64 host) are now the primary programs to use to access + KVM virtualization. When using these programs, the -machine option accel=kvm + (or its alias -enable-kvm) must be specified for KVM acceleration to be + used by the guest. Although Xen uses QEMU for virtualization as well, this + document does not identify Xen supported features. + + Libvirt is the preferred means of accessing QEMU/KVM functionality and is + documented elsewhere. This document focuses on the features and direct usage + of QEMU/KVM as provided by the QEMU based packages. + + +Major QEMU/KVM Supported Features +--------------------------------- + +- KVM virtualization is accomplished by using the QEMU program in KVM + acceleration mode. KVM acceleration requires that both guest and host have + the same fundamental architecture. + +- Guest images created under previous QEMU versions are supported by machine + version compatibilities built into more recent QEMU versions. + +- For ease of use, the QEMU program has defaults which represent traditional + usage patterns. + +- Guest virtual machine characteristics are specified by a combination of + internal defaults, options provided on the QEMU program command-line, runtime + configurations set via the monitor interfaces and optional config files. The + runtime control of a VM is effected either through the Human Monitor + "Protocol" (HMP), or the JSON based programmatical QEMU Monitor Protocol (QMP) + interface. For QMP details, see /usr/share/doc/packages/qemu/qmp-commands.txt. + Since a KVM guest runs in the context of a normal linux process, some types + of execution controls are managed with linux tools. + +- Various standard vCPU types are available, along with the ability to specify + individual CPU features visible to the guest. + +- QEMU incorporates a SEABIOS based system BIOS and iPXE based PXE ROMs, which + allow boot options common to physical systems along with other features + tailored to virtualization. Various VGABIOS ROMs, also from the SEABIOS + project, are also included. A UEFI based guest boot environment is also + now possible by using the firmware provided by the qemu-ovmf-x86_64 package. + +- Some QEMU messages have been localized to various languages. This is provided + by the optional qemu-lang package. Keyboard mappings for various nationalities + is also provided. + +- Virtual machine lifecycle controls include startup through the system BIOS or + kernel boot, ACPI or legacy based shutdown, execution pausing, the saving and + restoring of machine state or disk state, VM migration to another host, and + miscellaneous controls available through the "monitors" mentioned above. + +- Guest execution state may be "moved" in both time (save/restore) and space + (static and live migration). These migrations or save/restore operations can + take place either from certain prior SLES versioned hosts to a SLES 12 SP3 + or between hosts of the same version. Certain other restrictions also apply. + +- Security considerations include secccomp2 based sandboxing, vTPM, privileged + helpers and a security model which allows running guests as a non-root user. + +- QEMU/KVM supports a wide range of operating systems within the VMs. See the + online SUSE documentation for supported OS's. Windows guests can optionally be + accelerated with QEMU/KVM provided Hyper-V hypercalls, or with paravirtual + drivers from the SUSE Virtual Machine Driver Pack. Linux includes a number of + paravirtual drivers as well. + +- QEMU provides best effort reuse of existing disk images, including those with + systems installed, through geometry probing. Also disk images produced by + other popular virtualization technologies may be imported into QEMU supported + storage formats. These QEMU formats include features which exploit the + benefits of virtualization. + +- Memory, cpu and disk space overcommit are possible and can be beneficial when + done responsibly. Additional management of these resources comes in the form + of memory ballooning or hotplug, host KSM, vcpu hot-add, online disk resizing, + trim, discard and hole punching. + +- Guest performance is enhanced through the use of virtio devices, various disk + caching modes, network acceleration via the vhost-net kernel module, multi- + queue network transmit capabilities, host transparent huge pages (THP) and + direct hugetlb usage. Physical PCI and USB devices may also be passed through + to the guest, including SR-IOV VF's. + +- The guest UI is accessable via GTK, SDL, VNC, Spice, and serial (including + curses TUI) interfaces. + +- Guest timekeeping is supported in a variety of ways, including a paravirtual + clocksource, and options for the various guest clocks for how to handle the + timeslicing of the guest's execution on the host. + +- Guest OS's interact with virtualized hardware including a choice of either + older or more recent x86 system chipsets, system devices and buses, and a + variety of common storage and networking emulated devices. SMBIOS and ACPI + table details can be customized. + +- In addition to the para-virtualized devices already mentioned, other devices + and infrastructure designed to avoid virtualization "problem areas" are + available such as SPICE graphics, vmmouse emulation, tablet style pointer + interfaces and virtio based UI interfaces. + +- A built-in user-mode network (SLIRP) stack is available. + +- Portions of the host file system may be shared with a guest by using virtFS. + +- A guest "agent" is available for SLES 12 KVM guests via the qemu-guest-agent + package. This allows some introspection and control of the guest OS + environment from the host. + +QEMU/KVM Technology Previews +---------------------------- + +- KVM on System z using the qemu-system-s390x system emulator is not yet fully + supported. KVM on ARM64 (AArch64) usage outside of the supported partner + specific use cases is being evaluated and not yet L3 supported. + +- Specifying and placing PCI devices on a PCI bridge allows for a greater number + of devices. + +- Nested VMX and SVM virtualization is possible. + +- All features indicated as not being supported in this document fall under the + Technology Preview definition contained in the main product's release notes. + +Noteworthy QEMU/KVM Unsupported Features +---------------------------------------- + +- Note that some features are unsupported simply due to lack of validation. If + an existing feature is desired, but not marked supported, let SUSE know about + your requirements. + +- The TCG "acceleration" mode may be helpful for problem isolation, but + otherwise presents insufficient benefit and stability. + +- Use of -cpu host is not supported in all host/guest configurations. + +- GlusterFS integration is not enabled. + + +Deprecated, Superseded, Modified and Dropped Features +----------------------------------------------------- + +- When no video adapter is specified, the default used is stdvga. This differs + from the default of prior releases which was cirrus. The cirrus adapter was + considered too outdated to continue to use as the default. + +- The deprecated windows drivers (win-virtio-drivers.iso) are no longer provided. + The Virtual Machine Driver Pack is the supported way to get virtio drivers for + Windows guests. + +- The use of ",boot=on" for virtio disks is no longer needed since the bios used + supports the virtio block interface directly. In fact, its usage may cause + problems, and is now considered deprecated. + +- The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M", + "-machine", "-d", and "-clock" is now considered deprecated. Use "help" + instead. + +- The use of "if=scsi" as a parameter to "-drive" does not work anymore with PC + machine types, as it created an obsolete SCSI controller model. + +- Passthrough of a host floppy device is now considered deprecated. + +- Use of aio=native without direct cache mode also being specified (cache=none, + cache=directsync, or cache.direct=on) is no longer allowed. + +- The use of image encryption in qcow and qcow2 formats is now considered + deprecated. + Analysis has shown it to be weak encryption, in addition to suffering from + poor design. Images can easily be converted to a non-encrypted format. + +- Use of acpi, boot-opts, and smp-opts in a -readconfig config file are now + considered deprecated. In the future those names will be standardized to + acpitable, boot, and smp respectively. + +- When only a partial SMP topology is provided (ie only some of sockets, cores, + threads) the derived guest ABI is not guaranteed to be equivalent in future + versions. + +- These previously supported command line options are now considered deprecated: + -device ivshmem (use ivshmem-doorbell or ivshmem-plain instead) + +- These previously supported command line options are no longer supported: + -device pci-assign, -device kvm-pci-assign (use -device vfio-pci instead) + +- These previously supported command line options are no longer recognized: + -device pc-sysfw (no longer needed) + +- Specifying a CPUID feature with both "+feature/-feature" and "feature=on/off" + will now cause a warning. The current behavior for this combination where + "+feature/-feature" wins over "feature=on/off", will be changed going forward + so that "+feature" and "-feature" will be synonyms for "feature=on" and + "feature=off" respectively. + +- The previously supported blkdev-add QMP command has been flagged as lacking + and could possibly change syntax in the future. + +- These previously unsupported command line options are now deprecated: + -no-kvm-irqchip (use -machine kernel_irqchip=off instead) + -no-kvm-pit + -no-kvm-pit-reinjection + -tdf + +- The case of specified sockets, cores, and threads not matching the vcpu count + is no longer silently ignored. QEMU now requires that the topology match the + vcpu count. + +- These previously unsupported command line options are no longer recognized: + -device ccid-card-passthru + -device cfi.pflash01 + -device esp + -device exynos4210-ehci-usb + -device fusbh200-ehci-usb + -device icc-bridge + -device q35-pcihost + -device mch + -device smbus-eeprom + -device SUNW,fdtwo + -device sysbus-ahci + -device sysbus-fdc + -device sysbus-ohci + -device tegra2-ehci-usb + -device testdev (use -device pc-testdev instead) + -device virtio-mmio + -device xln,ps7-usb + -enable-nesting + -kvm-shadow-memory (use -machine kvm_shadow_mem= instead) + -M mac + -nvram + -old-param + -osk + -pcidevice (use -device vfio-pci instead) + -qtest + -semihosting + +- These previously supported monitor commands are no longer recognized: + cpu_set + pci_add (use device_add instead) + pci_del (use device_del instead) + +- This previously unsupported QMP command is now supported under a new name: + x-input-send-event (use input-send-event instead) + +- Due to the lack of migration support (mainly due to ahci interface issues) + and other unstable interface issues, earlier versions of the q35 machine type + are not supported in this release. The current q35 machine type is however now + fully supported. + +QEMU Command-Line and Monitor Syntax and Support +------------------------------------------------ + +- The QEMU program command-line syntax is as follows: + qemu-system-aarch64 [options] + qemu-system-i386 [options] [disk_image] + qemu-system-s390x [options] + qemu-system-x86_64 [options] [disk_image] + + Where 'options' are taken from the options listed below, and 'disk_image' is + the file system reference to the the x86 guest's primary IDE based hard disk + image. This image as well as those used with -drive or -cdrom, may be in the + raw (no format), qcow2 or qed storage formats, and may be located in files + within the host filesystem, logical volumes, host physical disks, or network + based storage. Read only media may also be accessed via URL style protocol + specifiers. + + Note that as a general rule, as new command line options are added which serve + to replace an older option or interface, you are strongly encouraged to adapt + your usage to the new option. The new option is being introduced to provide + better functionality and usability going forward. In some cases existing + problems or even bugs in older interfaces cannot be fixed due to functional + expectations, but are resolved in the newer interface or option. + This advice includes moving to the most recent machine type (eg pc-i440fx-2.8 + instead of pc-i440fx-2.6) if possible. + +- The following command line options are supported: + -add-fd ... + -alt-grab + -append ... + -audio-help + -balloon ... + -bios ... + -boot ... + -cdrom ... + -chardev .. + -clock + -cpu ... (all except host) + -ctrl-grab + -d ... + -daemonize + -debugcon ... + -device [isa-serial|isa-parallel|isa-fdc|ide-drive|ide-hd|ide-cd| + VGA|cirrus-vga|rtl8139|virtio-net-pci|virtio-blk-pci| + virtio-balloon-pci|virtio-9p-pci|usb-hub|usb-ehci|usb-tablet| + usb-storage|usb-mouse|usb-kbd|virtserialport|virtconsole| + virtio-serial-pci|sga|i82559er|virtio-scsi-pci|scsi-cd|scsi-hd| + scsi-generic|scsi-disk|scsi-block|pci-serial|pci-serial-2x| + pci-serial-4x|ich9-ahci|piix-usb-uhci|usb-host|usb-serial| + usb-wacom-tablet|usb_braille|usb-net|pci-ohci|piix4-usb-uhci| + virtio-rng-pci|i6300esb|ib700|qxl|qxl-vga|pvpanic|vfio-pci|ivshmem| + ivshmem-doorbell|ivshmem-plain|pci-bridge|megasas-gen2|pc-dimm| + floppy|e1000e|ccid-card-emulated|ccid-card-passthrough|xen-backend| + loader] + (the following are aliases of these supported devices: ahci| + virtio-blk|virtio-net|virtio-serial|virtio-balloon| virtio-9p| + virtio-scsi|virtio-rng|e1000) + -dfilter range, ... + -display ... + -drive ... (if specified if=[floppy|ide|virtio] and format=[qcow2|qed|raw] and + snapshot=off only) + -echr ... + -enable-fips + -enable-kvm + -fda/-fdb ... + -fsdev ... + -full-screen + -fw_cfg ... + -gdb ... + -global ... + -h + -hda/-hdb/-hdc/-hdd ... + -help + -incoming ... + -initrd ... + -iscsi ... + -k ... + -kernel ... + -loadvm ... + -m ... + -M [help|?|none|pc|pc-0.12|pc-0.14|pc-0.15|pc-i440fx-1.4|pc-i440fx-1.7| + pc-i440fx-2.0|pc-i440fx-2.3|pc-i440fx-2.6|pc-i440fx-2.8|q35|pc-q35-2.6| + pc-q35-2.8|xenfv|xenpv] + -machine [help|?|none|pc|pc-0.12|pc-0.14|pc-0.15|pc-i440fx-1.4|pc-i440fx-1.7| + pc-i440fx-2.0|pc-i440fx-2.3|pc-440fx-2.6|pc-i440fx-2.8|q35| + pc-q35-2.6|pc-q35-2.8|xenfv|xenpv] + -mem-path ... + -mem-prealloc + -mon ... + -monitor ... + -msg ... + -name ... + -net [bridge|l2tpv3|nic|none|tap|user] ... (for model= only e1000, rtl8139, + and virtio are supported) + -netdev [bridge|tap|user] ... + -no-acpi + -nodefaults + -nodefconfig + -no-fd-bootchk + -no-frame + -nographic + -no-hpet + -no-quit + -no-reboot + -no-shutdown + -no-user-config + -object ... + -parallel ... + -pidfile ... + -qmp ... + -qmp-pretty ... + -readconfig ... + -realtime ... + -rtc ... + -runas ... + -s + -S + -sandbox ... + -sdl + -serial ... + -show-cursor + -smbios ... + -smp ... + -spice + -tdf + -tpmdev passthrough ... + -trace ... + -usb + -usbdevice [braile|disk|host|mouse|net|serial|tablet] + -uuid .. + -version + -vga [cirrus|none|qxl|std|xenfb] + -virtfs ... + -virtioconsole ... + -vnc ... + -watchdog ... + -watchdog-action ... + -writeconfig ... + -xen-attach ... + -xen-domid ... + +- The following monitor commands are supported: + ? + balloon target ... + block_resize ... + boot_set ... + c + change device ... + chardev-add ... + chardev-remove ... + client_migrate_info ... + closefd ... + cont + cpu ... + cpu-add ... + delvm ... + device_add ... + device_del ... + drive_add ... + drive_backup ... + drive_del ... + dump_guest_memory ... + eject ... + gdbserver ... + help + i ... + info ... + loadvm ... + logfile ... + logitem ... + mce ... + memsave ... + migrate ... + migrate_cancel + migrate_incoming + migrate_set_cache_size ... + migrate_set_capability ... + migrate_set_downtime ... + migrate_set_parameter ... + migrate_set_speed ... + migrate_start_post_copy + mouse_button ... + mouse_move ... + mouse_set ... + nmi ... + o ... + object_add ... + object_del ... + p ... + pci_add ... + pci_del... + pmemsave ... + print ... + q + qemu-io ... + qom-list + qom-set + ringbuf_read ... + ringbuf_write ... + savevm ... + screendump ... + sendkey ... + snapshot_blkdev_internal ... + snapshot_delete_blkdev_internal ... + stop + sum ... + system_powerdown + system_reset + system_wakeup + trace-event ... + usb_add ... + usb_del ... + watchdog_action ... + x ... + xp ... + +- The following QMP commands are supported: + add_client + add-fd + balloon + blockdev-change-medium + blockdev-close-tray + blockdev-mirror + blockdev-open-tray + blockdev-snapshot + blockdev-snapshot-delete-internal-sync + blockdev-snapshot-internal-sync + blockdev-snapshot-sync + block-commit + block-dirty-bitmap-add + block-dirty-bitmap-clear + block-dirty-bitmap-remove + block_passwd + block_resize + block_set_io_throttle + block-set-write-threshold + block_stream + change + change-vnc-password + chardev-add + chardev-remove + client_migrate_info + closefd + cont + cpu + cpu-add + device_add + device_del + device-list-properties + dump-guest-memory + eject + expire_password + getfd + human-monitor-command + inject-nmi + input-send-event + memsave + migrate + migrate_cancel + migrate-incoming + migrate-set-cache-size + migrate-set-capabilities + migrate_set_downtime + migrate_set_speed + migrate-set-parameters + migrate-start-postcopy + object-add + object-del + pmemsave + qmp_capabilities + qom-get + qom-list + qom-list-types + qom-set + query-acpi-ospm-status + query-balloon + query-block + query-block-jobs + query-blockstats + query-chardev + query-chardev-backends + query-command-line-options + query-commands + query-cpu-definitions + query-cpu-model-baseline + query-cpu-model-comparison + query-cpu-model-expansion + query-cpus + query-dump + query-dump-guest-memory-capability + query-events + query-fdsets + query-gic-capabilities + query-hotpluggable-cpus + query-iothreads + query-kvm + query-machines + query-memdev + query-memory-devices + query-mice + query-migrate + query-migrate-cache-size + query-migrate-capabilities + query-migrate-parameters + query-name + query-named-block-nodes + query-pci + query-qmp-schema + query-rocker + query-rocker-of-dpa-flows + query-rocker-of-dpa-groups + query-rocker-ports + query-rx-filter + query-spice + query-status + query-target + query-tpm + query-tpm-models + query-tpm-types + query-uuid + query-version + query-vnc + query-vnc-servers + quit + remove-fd + ringbuf-read + ringbuf-write + rtc-reset-reinjection + screendump + send-key + set_link + set_password + stop + system_powerdown + system_reset + system_wakeup + trace-event-get-state + trace-event-set-state + transaction + xen-load-devices-state + xen-save-devices-state + xen-set-global-dirty-log + +- The following command line options are unsupported: + -acpitable ... + -bt ... + -chroot ... + -cpu host + -curses + -device [ipoctal232|i82562|nec-usb-xhci|hda-duplex|hda-output|usb-bot| + lsi53c810a|ich9-usb-uhci2|ich9-usb-uhci6|ich9-usb-uhci5| + ich9-usb-uhci3|isa-debug-exit|ne2k_pci|usb-uas|ich9-usb-uhci4|ioh3420| + isa-ide|usb-ccid|ich9-usb-ehci2|pcnet|ich9-intel-hda|dc390| + ich9-usb-ehci1|hda-micro|x3130-upstream|isa-cirrus-vga|ich9-usb-uhci1| + pc-testdev|ne2k_isa|isa-vga|cs4231a|gus|vmware-svga|i82801b11-bridge| + i82557a|i82557c|i82557b|i82801|AC97|am53c974|intel-hda|i82558a| + i82558b|usb-audio|i82550|isa-debugcon|sb16|megasas|i82551| + xio3130-downstream|vt82c686b-usb-uhci|tpci200|i82559a|i82559b|i82559c| + isa-applesmc|usb-bt-dongle|adlib|ES1370|lsi53c810|nvme|pci-testdev| + pvscsi|vhost-scsi|vhost-scsi-pci|virtio-9p-device| + virtio-balloon-device|virtio-blk-device|virtio-net-device| + virtio-rng-device|virtio-scsi-device|virtio-serial-device|vmxnet3| + xen-pci-passthrough|xen-platform|xen-pvdevice|piix3-ide|piix3-ide-xen| + piix3-ide|i8042|sdhci-pci|generic-sdhci|secondary-vga|edu|fw_cfg_io| + fw_cfg_mem|intel_iommu|usb-mtp|e1000-82540em|e1000-82544gc| + e1000-82545em|virtio-input-host-pci|virtio-keyboard-pci| + virtio-mouse-pci|virtio-tablet-pci|virtio-gpu-pci|pci-bridge-seat|pxb| + pxb-pcie|allwinner-ahci|sdhci-pci|rocker|virtio-input-host-device| + virtio-keyboard-device|virtio-mouse-device|virtio-tablet-device| + virtio-vga|hyperv-testdev|vfio-amd-xgbe|vfio-calxeda-xgmac| + generic-sdhci|igd-passthrough-isa-bridge|ipmi-bmc-extern| + ipmi-bmc-sim|isa-ipmi-bt|isa-ipmi-kcs|mptsas1068|nvdimm|pxb-host| + sd-card|virtio-gpu-device|kvm-pci-assign|xen-sysdev|or-irq|amd-iommu| + AMDVI-PCI|vhost-vsock-device|vhost-vsock-pci|virtio-crypto-device| + virtio-crypto-pci|qemu,register|vfio-pci-igd-lpc-bridge|*-i386-cpu| + *-x86_64-cpu] + (the following are aliases of these unsupported devices: lsi| + virtio-input-host|virtio-keyboard|virtio-mouse|virtio-tablet| + virtio-gpu|pci-assign) + (note that some of these device names represent supported devices and + are used internally, but are not specifyable via -device even though + they appear in the list of devices) + -drive ,if=[scsi|mtd|pflash], snapshot=on, format=[anything besides qcow2, qed + or raw] + -dtb file + -g ... + -icount ... + -L ... + -M [isapc|pc-0.10|pc-0.11|pc-0.13|pc-1.0|pc-1.1|pc-1.2|pc-1.3|pc-i440fx-1.5| + pc-i440fx-1.6|pc-i440fx-2.1|pc-i440fx-2.2|pc-i440fx-2.4|pc-i440fx-2.5| + pc-i440fx-2.7|pc-q35-1.4|pc-q35-1.5|pc-q35-1.6|pc-q35-1.7|pc-q35-2.0| + pc-q35-2.1|pc-q35-2.2|pc-q35-2.3|pc-q35-2.4|pc-q35-2.5|pc-q35-2.7] + -machine [isapc|pc-0.10|pc-0.11|pc-0.13|pc-1.0|pc-1.1|pc-1.2|pc-1.3| + pc-i440fx-1.5|pc-i440fx-1.6|pc-i440fx-2.1|pc-i440fx-2.2| + pc-i440fx-2.4|pc-i440fx-2.5|pc-i440fx-2.7|pc-q35-1.4|pc-q35-1.5| + pc-q35-1.6|pc-q35-1.7|pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3| + pc-q35-2.4|pc-q35-2.5|pc-q35-2.7] + -mtdblock file + -net [dump|socket|vde] ... + -netdev [dump|hubport|l2tpv3|socket|vde] ... + -no-kvm + -no-kvm-irqchip + -no-kvm-pit + -no-kvm-pit-reinjection + -numa ... + -option-rom ... + -pflash file + -portrait + -prom-env ... + -qtest ... + -qtest-log ... + -rotate + -sd file + -set ... + -singlestep + -snapshot + -soundhw ... + -tb-size ... + -vga [cg3|tcx|virtio|vmware] + -win2k-hack + -xen-create + +- The following monitor commands are unsupported: + acl_add ... + acl_policy ... + acl_remove ... + acl_reset ... + acl_show ... + block_job_cancel ... + block_job_complete ... + block_job_pause ... + block_job_resume ... + block_job_set_speed ... + block_passwd ... + commit ... + drive_mirror ... + expire_password ... + hostfwd_add ... + hostfwd_remove ... + host_net_add ... + host_net_remove ... + nbd_server_add ... + nbd server_start ... + nbd_server_stop ... + netdev_add + netdev_del ... + pcie_aer_inject_error ... + set_link ... + set_password ... + singlestep ... + snapshot_blkdev ... + stopcapture ... + wavcapture ... + x_colo_lost_heartbeat + +- The following QMP commands are unsupported: + blockdev-add + blockdev-backup + block-job-cancel + block-job-complete + block-job-pause + block-job-resume + block-job-set-speed + change-backing-file + drive-backup + drive-mirror + dump-skeys + netdev_add + netdev_del + nbd-server-add + nbd-server-start + nbd-server-stop + x-blockdev-change + x-blockdev-del + x-blockdev-insert-medium + x-blockdev-remove-medium + x-colo-lost-heartbeat diff --git a/supported.ppc.txt b/supported.ppc.txt new file mode 100644 index 00000000..3df3a99d --- /dev/null +++ b/supported.ppc.txt @@ -0,0 +1,5 @@ +[qemu-ppc package document] + +SLES 12 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS + +QEMU/KVM on ppc is not supported. diff --git a/supported.s390.txt b/supported.s390.txt new file mode 100644 index 00000000..ac2da0f1 --- /dev/null +++ b/supported.s390.txt @@ -0,0 +1,754 @@ +[qemu-s390 package document] + +SLES 12 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS + +Overview +-------- + + The QEMU based packages included with SLES 12 SP3 provide a large variety of + features, from the very latest customer requests to features of questionable + quality or value. The linux kernel includes components which contribute KVM + virtualization features as well. This document was created to assist the user + in deciding which features can be relied upon to build enterprise class + virtualization solutions. KVM based virtualization for x86 (Intel 64/AMD64) + is offered at the L3 (full support) level. KVM on the IBM System z (s390x) + is in technology preview, and KVM for the ARM64 architecture (AArch64) is L3 + supported for certain partner-specific use cases. The bulk of this document + deals with L3 supported features and is primarily x86 centric. This document + should be considered a companion to the standard virtualization documentation + delivered with the product. + + KVM is implemented in linux kernel modules which enable the linux kernel to + function as an integral part of the KVM hypervisor. The hypervisor-guest + interaction is managed by QEMU through the /dev/kvm ioctl interface. The linux + host assists in the virtualization of storage, networking and display + resources as well as allowing direct hardware passthrough of PCI and USB + devices. Linux memory and cpu management features are used by QEMU/KVM to + enable guests to share those host resources as efficiently as possible. + + QEMU is a primary component of KVM based virtualization. The legacy qemu-kvm + program is provided for continuity with pre SLES 12 usage, including in + libvirt domain xml references. The QEMU emulator binaries qemu-system-x86_64 + and qemu-system-i386 (x86 host), qemu-system-s390x (System z host), and + qemu-system-aarch64 (ARM64 host) are now the primary programs to use to access + KVM virtualization. When using these programs, the -machine option accel=kvm + (or its alias -enable-kvm) must be specified for KVM acceleration to be + used by the guest. Although Xen uses QEMU for virtualization as well, this + document does not identify Xen supported features. + + Libvirt is the preferred means of accessing QEMU/KVM functionality and is + documented elsewhere. This document focuses on the features and direct usage + of QEMU/KVM as provided by the QEMU based packages. + + +Major QEMU/KVM Supported Features +--------------------------------- + +- KVM virtualization is accomplished by using the QEMU program in KVM + acceleration mode. KVM acceleration requires that both guest and host have + the same fundamental architecture. + +- Guest images created under previous QEMU versions are supported by machine + version compatibilities built into more recent QEMU versions. + +- For ease of use, the QEMU program has defaults which represent traditional + usage patterns. + +- Guest virtual machine characteristics are specified by a combination of + internal defaults, options provided on the QEMU program command-line, runtime + configurations set via the monitor interfaces and optional config files. The + runtime control of a VM is effected either through the Human Monitor + "Protocol" (HMP), or the JSON based programmatical QEMU Monitor Protocol (QMP) + interface. For QMP details, see /usr/share/doc/packages/qemu/qmp-commands.txt. + Since a KVM guest runs in the context of a normal linux process, some types + of execution controls are managed with linux tools. + +- Various standard vCPU types are available, along with the ability to specify + individual CPU features visible to the guest. + +- QEMU incorporates a SEABIOS based system BIOS and iPXE based PXE ROMs, which + allow boot options common to physical systems along with other features + tailored to virtualization. Various VGABIOS ROMs, also from the SEABIOS + project, are also included. A UEFI based guest boot environment is also + now possible by using the firmware provided by the qemu-ovmf-x86_64 package. + +- Some QEMU messages have been localized to various languages. This is provided + by the optional qemu-lang package. Keyboard mappings for various nationalities + is also provided. + +- Virtual machine lifecycle controls include startup through the system BIOS or + kernel boot, ACPI or legacy based shutdown, execution pausing, the saving and + restoring of machine state or disk state, VM migration to another host, and + miscellaneous controls available through the "monitors" mentioned above. + +- Guest execution state may be "moved" in both time (save/restore) and space + (static and live migration). These migrations or save/restore operations can + take place either from certain prior SLES versioned hosts to a SLES 12 SP3 + or between hosts of the same version. Certain other restrictions also apply. + +- Security considerations include secccomp2 based sandboxing, vTPM, privileged + helpers and a security model which allows running guests as a non-root user. + +- QEMU/KVM supports a wide range of operating systems within the VMs. See the + online SUSE documentation for supported OS's. Windows guests can optionally be + accelerated with QEMU/KVM provided Hyper-V hypercalls, or with paravirtual + drivers from the SUSE Virtual Machine Driver Pack. Linux includes a number of + paravirtual drivers as well. + +- QEMU provides best effort reuse of existing disk images, including those with + systems installed, through geometry probing. Also disk images produced by + other popular virtualization technologies may be imported into QEMU supported + storage formats. These QEMU formats include features which exploit the + benefits of virtualization. + +- Memory, cpu and disk space overcommit are possible and can be beneficial when + done responsibly. Additional management of these resources comes in the form + of memory ballooning or hotplug, host KSM, vcpu hot-add, online disk resizing, + trim, discard and hole punching. + +- Guest performance is enhanced through the use of virtio devices, various disk + caching modes, network acceleration via the vhost-net kernel module, multi- + queue network transmit capabilities, host transparent huge pages (THP) and + direct hugetlb usage. Physical PCI and USB devices may also be passed through + to the guest, including SR-IOV VF's. + +- The guest UI is accessable via GTK, SDL, VNC, Spice, and serial (including + curses TUI) interfaces. + +- Guest timekeeping is supported in a variety of ways, including a paravirtual + clocksource, and options for the various guest clocks for how to handle the + timeslicing of the guest's execution on the host. + +- Guest OS's interact with virtualized hardware including a choice of either + older or more recent x86 system chipsets, system devices and buses, and a + variety of common storage and networking emulated devices. SMBIOS and ACPI + table details can be customized. + +- In addition to the para-virtualized devices already mentioned, other devices + and infrastructure designed to avoid virtualization "problem areas" are + available such as SPICE graphics, vmmouse emulation, tablet style pointer + interfaces and virtio based UI interfaces. + +- A built-in user-mode network (SLIRP) stack is available. + +- Portions of the host file system may be shared with a guest by using virtFS. + +- A guest "agent" is available for SLES 12 KVM guests via the qemu-guest-agent + package. This allows some introspection and control of the guest OS + environment from the host. + +QEMU/KVM Technology Previews +---------------------------- + +- KVM on System z using the qemu-system-s390x system emulator is not yet fully + supported. KVM on ARM64 (AArch64) usage outside of the supported partner + specific use cases is being evaluated and not yet L3 supported. + +- Specifying and placing PCI devices on a PCI bridge allows for a greater number + of devices. + +- Nested VMX and SVM virtualization is possible. + +- All features indicated as not being supported in this document fall under the + Technology Preview definition contained in the main product's release notes. + +Noteworthy QEMU/KVM Unsupported Features +---------------------------------------- + +- Note that some features are unsupported simply due to lack of validation. If + an existing feature is desired, but not marked supported, let SUSE know about + your requirements. + +- The TCG "acceleration" mode may be helpful for problem isolation, but + otherwise presents insufficient benefit and stability. + +- Use of -cpu host is not supported in all host/guest configurations. + +- GlusterFS integration is not enabled. + + +Deprecated, Superseded, Modified and Dropped Features +----------------------------------------------------- + +- When no video adapter is specified, the default used is stdvga. This differs + from the default of prior releases which was cirrus. The cirrus adapter was + considered too outdated to continue to use as the default. + +- The deprecated windows drivers (win-virtio-drivers.iso) are no longer provided. + The Virtual Machine Driver Pack is the supported way to get virtio drivers for + Windows guests. + +- The use of ",boot=on" for virtio disks is no longer needed since the bios used + supports the virtio block interface directly. In fact, its usage may cause + problems, and is now considered deprecated. + +- The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M", + "-machine", "-d", and "-clock" is now considered deprecated. Use "help" + instead. + +- The use of "if=scsi" as a parameter to "-drive" does not work anymore with PC + machine types, as it created an obsolete SCSI controller model. + +- Passthrough of a host floppy device is now considered deprecated. + +- Use of aio=native without direct cache mode also being specified (cache=none, + cache=directsync, or cache.direct=on) is no longer allowed. + +- The use of image encryption in qcow and qcow2 formats is now considered + deprecated. + Analysis has shown it to be weak encryption, in addition to suffering from + poor design. Images can easily be converted to a non-encrypted format. + +- Use of acpi, boot-opts, and smp-opts in a -readconfig config file are now + considered deprecated. In the future those names will be standardized to + acpitable, boot, and smp respectively. + +- When only a partial SMP topology is provided (ie only some of sockets, cores, + threads) the derived guest ABI is not guaranteed to be equivalent in future + versions. + +- These previously supported command line options are now considered deprecated: + -device ivshmem (use ivshmem-doorbell or ivshmem-plain instead) + +- These previously supported command line options are no longer supported: + -device pci-assign, -device kvm-pci-assign (use -device vfio-pci instead) + +- These previously supported command line options are no longer recognized: + -device pc-sysfw (no longer needed) + +- Specifying a CPUID feature with both "+feature/-feature" and "feature=on/off" + will now cause a warning. The current behavior for this combination where + "+feature/-feature" wins over "feature=on/off", will be changed going forward + so that "+feature" and "-feature" will be synonyms for "feature=on" and + "feature=off" respectively. + +- The previously supported blkdev-add QMP command has been flagged as lacking + and could possibly change syntax in the future. + +- These previously unsupported command line options are now deprecated: + -no-kvm-irqchip (use -machine kernel_irqchip=off instead) + -no-kvm-pit + -no-kvm-pit-reinjection + -tdf + +- The case of specified sockets, cores, and threads not matching the vcpu count + is no longer silently ignored. QEMU now requires that the topology match the + vcpu count. + +- These previously unsupported command line options are no longer recognized: + -device ccid-card-passthru + -device cfi.pflash01 + -device esp + -device exynos4210-ehci-usb + -device fusbh200-ehci-usb + -device icc-bridge + -device q35-pcihost + -device mch + -device smbus-eeprom + -device SUNW,fdtwo + -device sysbus-ahci + -device sysbus-fdc + -device sysbus-ohci + -device tegra2-ehci-usb + -device testdev (use -device pc-testdev instead) + -device virtio-mmio + -device xln,ps7-usb + -enable-nesting + -kvm-shadow-memory (use -machine kvm_shadow_mem= instead) + -M mac + -nvram + -old-param + -osk + -pcidevice (use -device vfio-pci instead) + -qtest + -semihosting + +- These previously supported monitor commands are no longer recognized: + cpu_set + pci_add (use device_add instead) + pci_del (use device_del instead) + +- This previously unsupported QMP command is now supported under a new name: + x-input-send-event (use input-send-event instead) + +- Due to the lack of migration support (mainly due to ahci interface issues) + and other unstable interface issues, earlier versions of the q35 machine type + are not supported in this release. The current q35 machine type is however now + fully supported. + +QEMU Command-Line and Monitor Syntax and Support +------------------------------------------------ + +- The QEMU program command-line syntax is as follows: + qemu-system-aarch64 [options] + qemu-system-i386 [options] [disk_image] + qemu-system-s390x [options] + qemu-system-x86_64 [options] [disk_image] + + Where 'options' are taken from the options listed below, and 'disk_image' is + the file system reference to the the x86 guest's primary IDE based hard disk + image. This image as well as those used with -drive or -cdrom, may be in the + raw (no format), qcow2 or qed storage formats, and may be located in files + within the host filesystem, logical volumes, host physical disks, or network + based storage. Read only media may also be accessed via URL style protocol + specifiers. + + Note that as a general rule, as new command line options are added which serve + to replace an older option or interface, you are strongly encouraged to adapt + your usage to the new option. The new option is being introduced to provide + better functionality and usability going forward. In some cases existing + problems or even bugs in older interfaces cannot be fixed due to functional + expectations, but are resolved in the newer interface or option. + This advice includes moving to the most recent machine type (eg pc-i440fx-2.8 + instead of pc-i440fx-2.6) if possible. + +- The following command line options are supported: + -add-fd ... + -alt-grab + -append ... + -audio-help + -balloon ... + -bios ... + -boot ... + -cdrom ... + -chardev .. + -clock + -cpu ... (all except host) + -ctrl-grab + -d ... + -daemonize + -debugcon ... + -device [isa-serial|isa-parallel|isa-fdc|ide-drive|ide-hd|ide-cd| + VGA|cirrus-vga|rtl8139|virtio-net-pci|virtio-blk-pci| + virtio-balloon-pci|virtio-9p-pci|usb-hub|usb-ehci|usb-tablet| + usb-storage|usb-mouse|usb-kbd|virtserialport|virtconsole| + virtio-serial-pci|sga|i82559er|virtio-scsi-pci|scsi-cd|scsi-hd| + scsi-generic|scsi-disk|scsi-block|pci-serial|pci-serial-2x| + pci-serial-4x|ich9-ahci|piix-usb-uhci|usb-host|usb-serial| + usb-wacom-tablet|usb_braille|usb-net|pci-ohci|piix4-usb-uhci| + virtio-rng-pci|i6300esb|ib700|qxl|qxl-vga|pvpanic|vfio-pci|ivshmem| + ivshmem-doorbell|ivshmem-plain|pci-bridge|megasas-gen2|pc-dimm| + floppy|e1000e|ccid-card-emulated|ccid-card-passthrough|xen-backend| + loader] + (the following are aliases of these supported devices: ahci| + virtio-blk|virtio-net|virtio-serial|virtio-balloon| virtio-9p| + virtio-scsi|virtio-rng|e1000) + -dfilter range, ... + -display ... + -drive ... (if specified if=[floppy|ide|virtio] and format=[qcow2|qed|raw] and + snapshot=off only) + -echr ... + -enable-fips + -enable-kvm + -fda/-fdb ... + -fsdev ... + -full-screen + -fw_cfg ... + -gdb ... + -global ... + -h + -hda/-hdb/-hdc/-hdd ... + -help + -incoming ... + -initrd ... + -iscsi ... + -k ... + -kernel ... + -loadvm ... + -m ... + -M [help|?|none|pc|pc-0.12|pc-0.14|pc-0.15|pc-i440fx-1.4|pc-i440fx-1.7| + pc-i440fx-2.0|pc-i440fx-2.3|pc-i440fx-2.6|pc-i440fx-2.8|q35|pc-q35-2.6| + pc-q35-2.8|xenfv|xenpv] + -machine [help|?|none|pc|pc-0.12|pc-0.14|pc-0.15|pc-i440fx-1.4|pc-i440fx-1.7| + pc-i440fx-2.0|pc-i440fx-2.3|pc-440fx-2.6|pc-i440fx-2.8|q35| + pc-q35-2.6|pc-q35-2.8|xenfv|xenpv] + -mem-path ... + -mem-prealloc + -mon ... + -monitor ... + -msg ... + -name ... + -net [bridge|l2tpv3|nic|none|tap|user] ... (for model= only e1000, rtl8139, + and virtio are supported) + -netdev [bridge|tap|user] ... + -no-acpi + -nodefaults + -nodefconfig + -no-fd-bootchk + -no-frame + -nographic + -no-hpet + -no-quit + -no-reboot + -no-shutdown + -no-user-config + -object ... + -parallel ... + -pidfile ... + -qmp ... + -qmp-pretty ... + -readconfig ... + -realtime ... + -rtc ... + -runas ... + -s + -S + -sandbox ... + -sdl + -serial ... + -show-cursor + -smbios ... + -smp ... + -spice + -tdf + -tpmdev passthrough ... + -trace ... + -usb + -usbdevice [braile|disk|host|mouse|net|serial|tablet] + -uuid .. + -version + -vga [cirrus|none|qxl|std|xenfb] + -virtfs ... + -virtioconsole ... + -vnc ... + -watchdog ... + -watchdog-action ... + -writeconfig ... + -xen-attach ... + -xen-domid ... + +- The following monitor commands are supported: + ? + balloon target ... + block_resize ... + boot_set ... + c + change device ... + chardev-add ... + chardev-remove ... + client_migrate_info ... + closefd ... + cont + cpu ... + cpu-add ... + delvm ... + device_add ... + device_del ... + drive_add ... + drive_backup ... + drive_del ... + dump_guest_memory ... + eject ... + gdbserver ... + help + i ... + info ... + loadvm ... + logfile ... + logitem ... + mce ... + memsave ... + migrate ... + migrate_cancel + migrate_incoming + migrate_set_cache_size ... + migrate_set_capability ... + migrate_set_downtime ... + migrate_set_parameter ... + migrate_set_speed ... + migrate_start_post_copy + mouse_button ... + mouse_move ... + mouse_set ... + nmi ... + o ... + object_add ... + object_del ... + p ... + pci_add ... + pci_del... + pmemsave ... + print ... + q + qemu-io ... + qom-list + qom-set + ringbuf_read ... + ringbuf_write ... + savevm ... + screendump ... + sendkey ... + snapshot_blkdev_internal ... + snapshot_delete_blkdev_internal ... + stop + sum ... + system_powerdown + system_reset + system_wakeup + trace-event ... + usb_add ... + usb_del ... + watchdog_action ... + x ... + xp ... + +- The following QMP commands are supported: + add_client + add-fd + balloon + blockdev-change-medium + blockdev-close-tray + blockdev-mirror + blockdev-open-tray + blockdev-snapshot + blockdev-snapshot-delete-internal-sync + blockdev-snapshot-internal-sync + blockdev-snapshot-sync + block-commit + block-dirty-bitmap-add + block-dirty-bitmap-clear + block-dirty-bitmap-remove + block_passwd + block_resize + block_set_io_throttle + block-set-write-threshold + block_stream + change + change-vnc-password + chardev-add + chardev-remove + client_migrate_info + closefd + cont + cpu + cpu-add + device_add + device_del + device-list-properties + dump-guest-memory + eject + expire_password + getfd + human-monitor-command + inject-nmi + input-send-event + memsave + migrate + migrate_cancel + migrate-incoming + migrate-set-cache-size + migrate-set-capabilities + migrate_set_downtime + migrate_set_speed + migrate-set-parameters + migrate-start-postcopy + object-add + object-del + pmemsave + qmp_capabilities + qom-get + qom-list + qom-list-types + qom-set + query-acpi-ospm-status + query-balloon + query-block + query-block-jobs + query-blockstats + query-chardev + query-chardev-backends + query-command-line-options + query-commands + query-cpu-definitions + query-cpu-model-baseline + query-cpu-model-comparison + query-cpu-model-expansion + query-cpus + query-dump + query-dump-guest-memory-capability + query-events + query-fdsets + query-gic-capabilities + query-hotpluggable-cpus + query-iothreads + query-kvm + query-machines + query-memdev + query-memory-devices + query-mice + query-migrate + query-migrate-cache-size + query-migrate-capabilities + query-migrate-parameters + query-name + query-named-block-nodes + query-pci + query-qmp-schema + query-rocker + query-rocker-of-dpa-flows + query-rocker-of-dpa-groups + query-rocker-ports + query-rx-filter + query-spice + query-status + query-target + query-tpm + query-tpm-models + query-tpm-types + query-uuid + query-version + query-vnc + query-vnc-servers + quit + remove-fd + ringbuf-read + ringbuf-write + rtc-reset-reinjection + screendump + send-key + set_link + set_password + stop + system_powerdown + system_reset + system_wakeup + trace-event-get-state + trace-event-set-state + transaction + xen-load-devices-state + xen-save-devices-state + xen-set-global-dirty-log + +- The following command line options are unsupported: + -acpitable ... + -bt ... + -chroot ... + -cpu host + -curses + -device [ipoctal232|i82562|nec-usb-xhci|hda-duplex|hda-output|usb-bot| + lsi53c810a|ich9-usb-uhci2|ich9-usb-uhci6|ich9-usb-uhci5| + ich9-usb-uhci3|isa-debug-exit|ne2k_pci|usb-uas|ich9-usb-uhci4|ioh3420| + isa-ide|usb-ccid|ich9-usb-ehci2|pcnet|ich9-intel-hda|dc390| + ich9-usb-ehci1|hda-micro|x3130-upstream|isa-cirrus-vga|ich9-usb-uhci1| + pc-testdev|ne2k_isa|isa-vga|cs4231a|gus|vmware-svga|i82801b11-bridge| + i82557a|i82557c|i82557b|i82801|AC97|am53c974|intel-hda|i82558a| + i82558b|usb-audio|i82550|isa-debugcon|sb16|megasas|i82551| + xio3130-downstream|vt82c686b-usb-uhci|tpci200|i82559a|i82559b|i82559c| + isa-applesmc|usb-bt-dongle|adlib|ES1370|lsi53c810|nvme|pci-testdev| + pvscsi|vhost-scsi|vhost-scsi-pci|virtio-9p-device| + virtio-balloon-device|virtio-blk-device|virtio-net-device| + virtio-rng-device|virtio-scsi-device|virtio-serial-device|vmxnet3| + xen-pci-passthrough|xen-platform|xen-pvdevice|piix3-ide|piix3-ide-xen| + piix3-ide|i8042|sdhci-pci|generic-sdhci|secondary-vga|edu|fw_cfg_io| + fw_cfg_mem|intel_iommu|usb-mtp|e1000-82540em|e1000-82544gc| + e1000-82545em|virtio-input-host-pci|virtio-keyboard-pci| + virtio-mouse-pci|virtio-tablet-pci|virtio-gpu-pci|pci-bridge-seat|pxb| + pxb-pcie|allwinner-ahci|sdhci-pci|rocker|virtio-input-host-device| + virtio-keyboard-device|virtio-mouse-device|virtio-tablet-device| + virtio-vga|hyperv-testdev|vfio-amd-xgbe|vfio-calxeda-xgmac| + generic-sdhci|igd-passthrough-isa-bridge|ipmi-bmc-extern| + ipmi-bmc-sim|isa-ipmi-bt|isa-ipmi-kcs|mptsas1068|nvdimm|pxb-host| + sd-card|virtio-gpu-device|kvm-pci-assign|xen-sysdev|or-irq|amd-iommu| + AMDVI-PCI|vhost-vsock-device|vhost-vsock-pci|virtio-crypto-device| + virtio-crypto-pci|qemu,register|vfio-pci-igd-lpc-bridge|*-i386-cpu|\ *-x86_64-cpu] + (the following are aliases of these unsupported devices: lsi| + virtio-input-host|virtio-keyboard|virtio-mouse|virtio-tablet| + virtio-gpu|pci-assign) + (note that some of these device names represent supported devices and + are used internally, but are not specifyable via -device even though + they appear in the list of devices) + -drive ,if=[scsi|mtd|pflash], snapshot=on, format=[anything besides qcow2, qed + or raw] + -dtb file + -g ... + -icount ... + -L ... + -M [isapc|pc-0.10|pc-0.11|pc-0.13|pc-1.0|pc-1.1|pc-1.2|pc-1.3|pc-i440fx-1.5| + pc-i440fx-1.6|pc-i440fx-2.1|pc-i440fx-2.2|pc-i440fx-2.4|pc-i440fx-2.5| + pc-i440fx-2.7|pc-q35-1.4|pc-q35-1.5|pc-q35-1.6|pc-q35-1.7|pc-q35-2.0| + pc-q35-2.1|pc-q35-2.2|pc-q35-2.3|pc-q35-2.4|pc-q35-2.5|pc-q35-2.7] + -machine [isapc|pc-0.10|pc-0.11|pc-0.13|pc-1.0|pc-1.1|pc-1.2|pc-1.3| + pc-i440fx-1.5|pc-i440fx-1.6|pc-i440fx-2.1|pc-i440fx-2.2| + pc-i440fx-2.4|pc-i440fx-2.5|pc-i440fx-2.7|pc-q35-1.4|pc-q35-1.5| + pc-q35-1.6|pc-q35-1.7|pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3| + pc-q35-2.4|pc-q35-2.5|pc-q35-2.7] + -mtdblock file + -net [dump|socket|vde] ... + -netdev [dump|hubport|l2tpv3|socket|vde] ... + -no-kvm + -no-kvm-irqchip + -no-kvm-pit + -no-kvm-pit-reinjection + -numa ... + -option-rom ... + -pflash file + -portrait + -prom-env ... + -qtest ... + -qtest-log ... + -rotate + -sd file + -set ... + -singlestep + -snapshot + -soundhw ... + -tb-size ... + -vga [cg3|tcx|virtio|vmware] + -win2k-hack + -xen-create + +- The following monitor commands are unsupported: + acl_add ... + acl_policy ... + acl_remove ... + acl_reset ... + acl_show ... + block_job_cancel ... + block_job_complete ... + block_job_pause ... + block_job_resume ... + block_job_set_speed ... + block_passwd ... + commit ... + drive_mirror ... + expire_password ... + hostfwd_add ... + hostfwd_remove ... + host_net_add ... + host_net_remove ... + nbd_server_add ... + nbd server_start ... + nbd_server_stop ... + netdev_add + netdev_del ... + pcie_aer_inject_error ... + set_link ... + set_password ... + singlestep ... + snapshot_blkdev ... + stopcapture ... + wavcapture ... + x_colo_lost_heartbeat + +- The following QMP commands are unsupported: + blockdev-add + blockdev-backup + block-job-cancel + block-job-complete + block-job-pause + block-job-resume + block-job-set-speed + change-backing-file + drive-backup + drive-mirror + dump-skeys + netdev_add + netdev_del + nbd-server-add + nbd-server-start + nbd-server-stop + x-blockdev-change + x-blockdev-del + x-blockdev-insert-medium + x-blockdev-remove-medium + x-colo-lost-heartbeat diff --git a/supported.x86.txt b/supported.x86.txt new file mode 100644 index 00000000..08abe0f9 --- /dev/null +++ b/supported.x86.txt @@ -0,0 +1,755 @@ +[qemu-x86 package document] + +SLES 12 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS + +Overview +-------- + + The QEMU based packages included with SLES 12 SP3 provide a large variety of + features, from the very latest customer requests to features of questionable + quality or value. The linux kernel includes components which contribute KVM + virtualization features as well. This document was created to assist the user + in deciding which features can be relied upon to build enterprise class + virtualization solutions. KVM based virtualization for x86 (Intel 64/AMD64) + is offered at the L3 (full support) level. KVM on the IBM System z (s390x) + is in technology preview, and KVM for the ARM64 architecture (AArch64) is L3 + supported for certain partner-specific use cases. The bulk of this document + deals with L3 supported features and is primarily x86 centric. This document + should be considered a companion to the standard virtualization documentation + delivered with the product. + + KVM is implemented in linux kernel modules which enable the linux kernel to + function as an integral part of the KVM hypervisor. The hypervisor-guest + interaction is managed by QEMU through the /dev/kvm ioctl interface. The linux + host assists in the virtualization of storage, networking and display + resources as well as allowing direct hardware passthrough of PCI and USB + devices. Linux memory and cpu management features are used by QEMU/KVM to + enable guests to share those host resources as efficiently as possible. + + QEMU is a primary component of KVM based virtualization. The legacy qemu-kvm + program is provided for continuity with pre SLES 12 usage, including in + libvirt domain xml references. The QEMU emulator binaries qemu-system-x86_64 + and qemu-system-i386 (x86 host), qemu-system-s390x (System z host), and + qemu-system-aarch64 (ARM64 host) are now the primary programs to use to access + KVM virtualization. When using these programs, the -machine option accel=kvm + (or its alias -enable-kvm) must be specified for KVM acceleration to be + used by the guest. Although Xen uses QEMU for virtualization as well, this + document does not identify Xen supported features. + + Libvirt is the preferred means of accessing QEMU/KVM functionality and is + documented elsewhere. This document focuses on the features and direct usage + of QEMU/KVM as provided by the QEMU based packages. + + +Major QEMU/KVM Supported Features +--------------------------------- + +- KVM virtualization is accomplished by using the QEMU program in KVM + acceleration mode. KVM acceleration requires that both guest and host have + the same fundamental architecture. + +- Guest images created under previous QEMU versions are supported by machine + version compatibilities built into more recent QEMU versions. + +- For ease of use, the QEMU program has defaults which represent traditional + usage patterns. + +- Guest virtual machine characteristics are specified by a combination of + internal defaults, options provided on the QEMU program command-line, runtime + configurations set via the monitor interfaces and optional config files. The + runtime control of a VM is effected either through the Human Monitor + "Protocol" (HMP), or the JSON based programmatical QEMU Monitor Protocol (QMP) + interface. For QMP details, see /usr/share/doc/packages/qemu/qmp-commands.txt. + Since a KVM guest runs in the context of a normal linux process, some types + of execution controls are managed with linux tools. + +- Various standard vCPU types are available, along with the ability to specify + individual CPU features visible to the guest. + +- QEMU incorporates a SEABIOS based system BIOS and iPXE based PXE ROMs, which + allow boot options common to physical systems along with other features + tailored to virtualization. Various VGABIOS ROMs, also from the SEABIOS + project, are also included. A UEFI based guest boot environment is also + now possible by using the firmware provided by the qemu-ovmf-x86_64 package. + +- Some QEMU messages have been localized to various languages. This is provided + by the optional qemu-lang package. Keyboard mappings for various nationalities + is also provided. + +- Virtual machine lifecycle controls include startup through the system BIOS or + kernel boot, ACPI or legacy based shutdown, execution pausing, the saving and + restoring of machine state or disk state, VM migration to another host, and + miscellaneous controls available through the "monitors" mentioned above. + +- Guest execution state may be "moved" in both time (save/restore) and space + (static and live migration). These migrations or save/restore operations can + take place either from certain prior SLES versioned hosts to a SLES 12 SP3 + or between hosts of the same version. Certain other restrictions also apply. + +- Security considerations include secccomp2 based sandboxing, vTPM, privileged + helpers and a security model which allows running guests as a non-root user. + +- QEMU/KVM supports a wide range of operating systems within the VMs. See the + online SUSE documentation for supported OS's. Windows guests can optionally be + accelerated with QEMU/KVM provided Hyper-V hypercalls, or with paravirtual + drivers from the SUSE Virtual Machine Driver Pack. Linux includes a number of + paravirtual drivers as well. + +- QEMU provides best effort reuse of existing disk images, including those with + systems installed, through geometry probing. Also disk images produced by + other popular virtualization technologies may be imported into QEMU supported + storage formats. These QEMU formats include features which exploit the + benefits of virtualization. + +- Memory, cpu and disk space overcommit are possible and can be beneficial when + done responsibly. Additional management of these resources comes in the form + of memory ballooning or hotplug, host KSM, vcpu hot-add, online disk resizing, + trim, discard and hole punching. + +- Guest performance is enhanced through the use of virtio devices, various disk + caching modes, network acceleration via the vhost-net kernel module, multi- + queue network transmit capabilities, host transparent huge pages (THP) and + direct hugetlb usage. Physical PCI and USB devices may also be passed through + to the guest, including SR-IOV VF's. + +- The guest UI is accessable via GTK, SDL, VNC, Spice, and serial (including + curses TUI) interfaces. + +- Guest timekeeping is supported in a variety of ways, including a paravirtual + clocksource, and options for the various guest clocks for how to handle the + timeslicing of the guest's execution on the host. + +- Guest OS's interact with virtualized hardware including a choice of either + older or more recent x86 system chipsets, system devices and buses, and a + variety of common storage and networking emulated devices. SMBIOS and ACPI + table details can be customized. + +- In addition to the para-virtualized devices already mentioned, other devices + and infrastructure designed to avoid virtualization "problem areas" are + available such as SPICE graphics, vmmouse emulation, tablet style pointer + interfaces and virtio based UI interfaces. + +- A built-in user-mode network (SLIRP) stack is available. + +- Portions of the host file system may be shared with a guest by using virtFS. + +- A guest "agent" is available for SLES 12 KVM guests via the qemu-guest-agent + package. This allows some introspection and control of the guest OS + environment from the host. + +QEMU/KVM Technology Previews +---------------------------- + +- KVM on System z using the qemu-system-s390x system emulator is not yet fully + supported. KVM on ARM64 (AArch64) usage outside of the supported partner + specific use cases is being evaluated and not yet L3 supported. + +- Specifying and placing PCI devices on a PCI bridge allows for a greater number + of devices. + +- Nested VMX and SVM virtualization is possible. + +- All features indicated as not being supported in this document fall under the + Technology Preview definition contained in the main product's release notes. + +Noteworthy QEMU/KVM Unsupported Features +---------------------------------------- + +- Note that some features are unsupported simply due to lack of validation. If + an existing feature is desired, but not marked supported, let SUSE know about + your requirements. + +- The TCG "acceleration" mode may be helpful for problem isolation, but + otherwise presents insufficient benefit and stability. + +- Use of -cpu host is not supported in all host/guest configurations. + +- GlusterFS integration is not enabled. + + +Deprecated, Superseded, Modified and Dropped Features +----------------------------------------------------- + +- When no video adapter is specified, the default used is stdvga. This differs + from the default of prior releases which was cirrus. The cirrus adapter was + considered too outdated to continue to use as the default. + +- The deprecated windows drivers (win-virtio-drivers.iso) are no longer provided. + The Virtual Machine Driver Pack is the supported way to get virtio drivers for + Windows guests. + +- The use of ",boot=on" for virtio disks is no longer needed since the bios used + supports the virtio block interface directly. In fact, its usage may cause + problems, and is now considered deprecated. + +- The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M", + "-machine", "-d", and "-clock" is now considered deprecated. Use "help" + instead. + +- The use of "if=scsi" as a parameter to "-drive" does not work anymore with PC + machine types, as it created an obsolete SCSI controller model. + +- Passthrough of a host floppy device is now considered deprecated. + +- Use of aio=native without direct cache mode also being specified (cache=none, + cache=directsync, or cache.direct=on) is no longer allowed. + +- The use of image encryption in qcow and qcow2 formats is now considered + deprecated. + Analysis has shown it to be weak encryption, in addition to suffering from + poor design. Images can easily be converted to a non-encrypted format. + +- Use of acpi, boot-opts, and smp-opts in a -readconfig config file are now + considered deprecated. In the future those names will be standardized to + acpitable, boot, and smp respectively. + +- When only a partial SMP topology is provided (ie only some of sockets, cores, + threads) the derived guest ABI is not guaranteed to be equivalent in future + versions. + +- These previously supported command line options are now considered deprecated: + -device ivshmem (use ivshmem-doorbell or ivshmem-plain instead) + +- These previously supported command line options are no longer supported: + -device pci-assign, -device kvm-pci-assign (use -device vfio-pci instead) + +- These previously supported command line options are no longer recognized: + -device pc-sysfw (no longer needed) + +- Specifying a CPUID feature with both "+feature/-feature" and "feature=on/off" + will now cause a warning. The current behavior for this combination where + "+feature/-feature" wins over "feature=on/off", will be changed going forward + so that "+feature" and "-feature" will be synonyms for "feature=on" and + "feature=off" respectively. + +- The previously supported blkdev-add QMP command has been flagged as lacking + and could possibly change syntax in the future. + +- These previously unsupported command line options are now deprecated: + -no-kvm-irqchip (use -machine kernel_irqchip=off instead) + -no-kvm-pit + -no-kvm-pit-reinjection + -tdf + +- The case of specified sockets, cores, and threads not matching the vcpu count + is no longer silently ignored. QEMU now requires that the topology match the + vcpu count. + +- These previously unsupported command line options are no longer recognized: + -device ccid-card-passthru + -device cfi.pflash01 + -device esp + -device exynos4210-ehci-usb + -device fusbh200-ehci-usb + -device icc-bridge + -device q35-pcihost + -device mch + -device smbus-eeprom + -device SUNW,fdtwo + -device sysbus-ahci + -device sysbus-fdc + -device sysbus-ohci + -device tegra2-ehci-usb + -device testdev (use -device pc-testdev instead) + -device virtio-mmio + -device xln,ps7-usb + -enable-nesting + -kvm-shadow-memory (use -machine kvm_shadow_mem= instead) + -M mac + -nvram + -old-param + -osk + -pcidevice (use -device vfio-pci instead) + -qtest + -semihosting + +- These previously supported monitor commands are no longer recognized: + cpu_set + pci_add (use device_add instead) + pci_del (use device_del instead) + +- This previously unsupported QMP command is now supported under a new name: + x-input-send-event (use input-send-event instead) + +- Due to the lack of migration support (mainly due to ahci interface issues) + and other unstable interface issues, earlier versions of the q35 machine type + are not supported in this release. The current q35 machine type is however now + fully supported. + +QEMU Command-Line and Monitor Syntax and Support +------------------------------------------------ + +- The QEMU program command-line syntax is as follows: + qemu-system-aarch64 [options] + qemu-system-i386 [options] [disk_image] + qemu-system-s390x [options] + qemu-system-x86_64 [options] [disk_image] + + Where 'options' are taken from the options listed below, and 'disk_image' is + the file system reference to the the x86 guest's primary IDE based hard disk + image. This image as well as those used with -drive or -cdrom, may be in the + raw (no format), qcow2 or qed storage formats, and may be located in files + within the host filesystem, logical volumes, host physical disks, or network + based storage. Read only media may also be accessed via URL style protocol + specifiers. + + Note that as a general rule, as new command line options are added which serve + to replace an older option or interface, you are strongly encouraged to adapt + your usage to the new option. The new option is being introduced to provide + better functionality and usability going forward. In some cases existing + problems or even bugs in older interfaces cannot be fixed due to functional + expectations, but are resolved in the newer interface or option. + This advice includes moving to the most recent machine type (eg pc-i440fx-2.8 + instead of pc-i440fx-2.6) if possible. + +- The following command line options are supported: + -add-fd ... + -alt-grab + -append ... + -audio-help + -balloon ... + -bios ... + -boot ... + -cdrom ... + -chardev .. + -clock + -cpu ... (all except host) + -ctrl-grab + -d ... + -daemonize + -debugcon ... + -device [isa-serial|isa-parallel|isa-fdc|ide-drive|ide-hd|ide-cd| + VGA|cirrus-vga|rtl8139|virtio-net-pci|virtio-blk-pci| + virtio-balloon-pci|virtio-9p-pci|usb-hub|usb-ehci|usb-tablet| + usb-storage|usb-mouse|usb-kbd|virtserialport|virtconsole| + virtio-serial-pci|sga|i82559er|virtio-scsi-pci|scsi-cd|scsi-hd| + scsi-generic|scsi-disk|scsi-block|pci-serial|pci-serial-2x| + pci-serial-4x|ich9-ahci|piix-usb-uhci|usb-host|usb-serial| + usb-wacom-tablet|usb_braille|usb-net|pci-ohci|piix4-usb-uhci| + virtio-rng-pci|i6300esb|ib700|qxl|qxl-vga|pvpanic|vfio-pci|ivshmem| + ivshmem-doorbell|ivshmem-plain|pci-bridge|megasas-gen2|pc-dimm| + floppy|e1000e|ccid-card-emulated|ccid-card-passthrough|xen-backend| + loader] + (the following are aliases of these supported devices: ahci| + virtio-blk|virtio-net|virtio-serial|virtio-balloon| virtio-9p| + virtio-scsi|virtio-rng|e1000) + -dfilter range, ... + -display ... + -drive ... (if specified if=[floppy|ide|virtio] and format=[qcow2|qed|raw] and + snapshot=off only) + -echr ... + -enable-fips + -enable-kvm + -fda/-fdb ... + -fsdev ... + -full-screen + -fw_cfg ... + -gdb ... + -global ... + -h + -hda/-hdb/-hdc/-hdd ... + -help + -incoming ... + -initrd ... + -iscsi ... + -k ... + -kernel ... + -loadvm ... + -m ... + -M [help|?|none|pc|pc-0.12|pc-0.14|pc-0.15|pc-i440fx-1.4|pc-i440fx-1.7| + pc-i440fx-2.0|pc-i440fx-2.3|pc-i440fx-2.6|pc-i440fx-2.8|q35|pc-q35-2.6| + pc-q35-2.8|xenfv|xenpv] + -machine [help|?|none|pc|pc-0.12|pc-0.14|pc-0.15|pc-i440fx-1.4|pc-i440fx-1.7| + pc-i440fx-2.0|pc-i440fx-2.3|pc-440fx-2.6|pc-i440fx-2.8|q35| + pc-q35-2.6|pc-q35-2.8|xenfv|xenpv] + -mem-path ... + -mem-prealloc + -mon ... + -monitor ... + -msg ... + -name ... + -net [bridge|l2tpv3|nic|none|tap|user] ... (for model= only e1000, rtl8139, + and virtio are supported) + -netdev [bridge|tap|user] ... + -no-acpi + -nodefaults + -nodefconfig + -no-fd-bootchk + -no-frame + -nographic + -no-hpet + -no-quit + -no-reboot + -no-shutdown + -no-user-config + -object ... + -parallel ... + -pidfile ... + -qmp ... + -qmp-pretty ... + -readconfig ... + -realtime ... + -rtc ... + -runas ... + -s + -S + -sandbox ... + -sdl + -serial ... + -show-cursor + -smbios ... + -smp ... + -spice + -tdf + -tpmdev passthrough ... + -trace ... + -usb + -usbdevice [braile|disk|host|mouse|net|serial|tablet] + -uuid .. + -version + -vga [cirrus|none|qxl|std|xenfb] + -virtfs ... + -virtioconsole ... + -vnc ... + -watchdog ... + -watchdog-action ... + -writeconfig ... + -xen-attach ... + -xen-domid ... + +- The following monitor commands are supported: + ? + balloon target ... + block_resize ... + boot_set ... + c + change device ... + chardev-add ... + chardev-remove ... + client_migrate_info ... + closefd ... + cont + cpu ... + cpu-add ... + delvm ... + device_add ... + device_del ... + drive_add ... + drive_backup ... + drive_del ... + dump_guest_memory ... + eject ... + gdbserver ... + help + i ... + info ... + loadvm ... + logfile ... + logitem ... + mce ... + memsave ... + migrate ... + migrate_cancel + migrate_incoming + migrate_set_cache_size ... + migrate_set_capability ... + migrate_set_downtime ... + migrate_set_parameter ... + migrate_set_speed ... + migrate_start_post_copy + mouse_button ... + mouse_move ... + mouse_set ... + nmi ... + o ... + object_add ... + object_del ... + p ... + pci_add ... + pci_del... + pmemsave ... + print ... + q + qemu-io ... + qom-list + qom-set + ringbuf_read ... + ringbuf_write ... + savevm ... + screendump ... + sendkey ... + snapshot_blkdev_internal ... + snapshot_delete_blkdev_internal ... + stop + sum ... + system_powerdown + system_reset + system_wakeup + trace-event ... + usb_add ... + usb_del ... + watchdog_action ... + x ... + xp ... + +- The following QMP commands are supported: + add_client + add-fd + balloon + blockdev-change-medium + blockdev-close-tray + blockdev-mirror + blockdev-open-tray + blockdev-snapshot + blockdev-snapshot-delete-internal-sync + blockdev-snapshot-internal-sync + blockdev-snapshot-sync + block-commit + block-dirty-bitmap-add + block-dirty-bitmap-clear + block-dirty-bitmap-remove + block_passwd + block_resize + block_set_io_throttle + block-set-write-threshold + block_stream + change + change-vnc-password + chardev-add + chardev-remove + client_migrate_info + closefd + cont + cpu + cpu-add + device_add + device_del + device-list-properties + dump-guest-memory + eject + expire_password + getfd + human-monitor-command + inject-nmi + input-send-event + memsave + migrate + migrate_cancel + migrate-incoming + migrate-set-cache-size + migrate-set-capabilities + migrate_set_downtime + migrate_set_speed + migrate-set-parameters + migrate-start-postcopy + object-add + object-del + pmemsave + qmp_capabilities + qom-get + qom-list + qom-list-types + qom-set + query-acpi-ospm-status + query-balloon + query-block + query-block-jobs + query-blockstats + query-chardev + query-chardev-backends + query-command-line-options + query-commands + query-cpu-definitions + query-cpu-model-baseline + query-cpu-model-comparison + query-cpu-model-expansion + query-cpus + query-dump + query-dump-guest-memory-capability + query-events + query-fdsets + query-gic-capabilities + query-hotpluggable-cpus + query-iothreads + query-kvm + query-machines + query-memdev + query-memory-devices + query-mice + query-migrate + query-migrate-cache-size + query-migrate-capabilities + query-migrate-parameters + query-name + query-named-block-nodes + query-pci + query-qmp-schema + query-rocker + query-rocker-of-dpa-flows + query-rocker-of-dpa-groups + query-rocker-ports + query-rx-filter + query-spice + query-status + query-target + query-tpm + query-tpm-models + query-tpm-types + query-uuid + query-version + query-vnc + query-vnc-servers + quit + remove-fd + ringbuf-read + ringbuf-write + rtc-reset-reinjection + screendump + send-key + set_link + set_password + stop + system_powerdown + system_reset + system_wakeup + trace-event-get-state + trace-event-set-state + transaction + xen-load-devices-state + xen-save-devices-state + xen-set-global-dirty-log + +- The following command line options are unsupported: + -acpitable ... + -bt ... + -chroot ... + -cpu host + -curses + -device [ipoctal232|i82562|nec-usb-xhci|hda-duplex|hda-output|usb-bot| + lsi53c810a|ich9-usb-uhci2|ich9-usb-uhci6|ich9-usb-uhci5| + ich9-usb-uhci3|isa-debug-exit|ne2k_pci|usb-uas|ich9-usb-uhci4|ioh3420| + isa-ide|usb-ccid|ich9-usb-ehci2|pcnet|ich9-intel-hda|dc390| + ich9-usb-ehci1|hda-micro|x3130-upstream|isa-cirrus-vga|ich9-usb-uhci1| + pc-testdev|ne2k_isa|isa-vga|cs4231a|gus|vmware-svga|i82801b11-bridge| + i82557a|i82557c|i82557b|i82801|AC97|am53c974|intel-hda|i82558a| + i82558b|usb-audio|i82550|isa-debugcon|sb16|megasas|i82551| + xio3130-downstream|vt82c686b-usb-uhci|tpci200|i82559a|i82559b|i82559c| + isa-applesmc|usb-bt-dongle|adlib|ES1370|lsi53c810|nvme|pci-testdev| + pvscsi|vhost-scsi|vhost-scsi-pci|virtio-9p-device| + virtio-balloon-device|virtio-blk-device|virtio-net-device| + virtio-rng-device|virtio-scsi-device|virtio-serial-device|vmxnet3| + xen-pci-passthrough|xen-platform|xen-pvdevice|piix3-ide|piix3-ide-xen| + piix3-ide|i8042|sdhci-pci|generic-sdhci|secondary-vga|edu|fw_cfg_io| + fw_cfg_mem|intel_iommu|usb-mtp|e1000-82540em|e1000-82544gc| + e1000-82545em|virtio-input-host-pci|virtio-keyboard-pci| + virtio-mouse-pci|virtio-tablet-pci|virtio-gpu-pci|pci-bridge-seat|pxb| + pxb-pcie|allwinner-ahci|sdhci-pci|rocker|virtio-input-host-device| + virtio-keyboard-device|virtio-mouse-device|virtio-tablet-device| + virtio-vga|hyperv-testdev|vfio-amd-xgbe|vfio-calxeda-xgmac| + generic-sdhci|igd-passthrough-isa-bridge|ipmi-bmc-extern| + ipmi-bmc-sim|isa-ipmi-bt|isa-ipmi-kcs|mptsas1068|nvdimm|pxb-host| + sd-card|virtio-gpu-device|kvm-pci-assign|xen-sysdev|or-irq|amd-iommu| + AMDVI-PCI|vhost-vsock-device|vhost-vsock-pci|virtio-crypto-device| + virtio-crypto-pci|qemu,register|vfio-pci-igd-lpc-bridge|*-i386-cpu| + *-x86_64-cpu] + (the following are aliases of these unsupported devices: lsi| + virtio-input-host|virtio-keyboard|virtio-mouse|virtio-tablet| + virtio-gpu|pci-assign) + (note that some of these device names represent supported devices and + are used internally, but are not specifyable via -device even though + they appear in the list of devices) + -drive ,if=[scsi|mtd|pflash], snapshot=on, format=[anything besides qcow2, qed + or raw] + -dtb file + -g ... + -icount ... + -L ... + -M [isapc|pc-0.10|pc-0.11|pc-0.13|pc-1.0|pc-1.1|pc-1.2|pc-1.3|pc-i440fx-1.5| + pc-i440fx-1.6|pc-i440fx-2.1|pc-i440fx-2.2|pc-i440fx-2.4|pc-i440fx-2.5| + pc-i440fx-2.7|pc-q35-1.4|pc-q35-1.5|pc-q35-1.6|pc-q35-1.7|pc-q35-2.0| + pc-q35-2.1|pc-q35-2.2|pc-q35-2.3|pc-q35-2.4|pc-q35-2.5|pc-q35-2.7] + -machine [isapc|pc-0.10|pc-0.11|pc-0.13|pc-1.0|pc-1.1|pc-1.2|pc-1.3| + pc-i440fx-1.5|pc-i440fx-1.6|pc-i440fx-2.1|pc-i440fx-2.2| + pc-i440fx-2.4|pc-i440fx-2.5|pc-i440fx-2.7|pc-q35-1.4|pc-q35-1.5| + pc-q35-1.6|pc-q35-1.7|pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3| + pc-q35-2.4|pc-q35-2.5|pc-q35-2.7] + -mtdblock file + -net [dump|socket|vde] ... + -netdev [dump|hubport|l2tpv3|socket|vde] ... + -no-kvm + -no-kvm-irqchip + -no-kvm-pit + -no-kvm-pit-reinjection + -numa ... + -option-rom ... + -pflash file + -portrait + -prom-env ... + -qtest ... + -qtest-log ... + -rotate + -sd file + -set ... + -singlestep + -snapshot + -soundhw ... + -tb-size ... + -vga [cg3|tcx|virtio|vmware] + -win2k-hack + -xen-create + +- The following monitor commands are unsupported: + acl_add ... + acl_policy ... + acl_remove ... + acl_reset ... + acl_show ... + block_job_cancel ... + block_job_complete ... + block_job_pause ... + block_job_resume ... + block_job_set_speed ... + block_passwd ... + commit ... + drive_mirror ... + expire_password ... + hostfwd_add ... + hostfwd_remove ... + host_net_add ... + host_net_remove ... + nbd_server_add ... + nbd server_start ... + nbd_server_stop ... + netdev_add + netdev_del ... + pcie_aer_inject_error ... + set_link ... + set_password ... + singlestep ... + snapshot_blkdev ... + stopcapture ... + wavcapture ... + x_colo_lost_heartbeat + +- The following QMP commands are unsupported: + blockdev-add + blockdev-backup + block-job-cancel + block-job-complete + block-job-pause + block-job-resume + block-job-set-speed + change-backing-file + drive-backup + drive-mirror + dump-skeys + netdev_add + netdev_del + nbd-server-add + nbd-server-start + nbd-server-stop + x-blockdev-change + x-blockdev-del + x-blockdev-insert-medium + x-blockdev-remove-medium + x-colo-lost-heartbeat diff --git a/update_git.sh b/update_git.sh index c27f0104..c684007f 100644 --- a/update_git.sh +++ b/update_git.sh @@ -13,8 +13,8 @@ set -e GIT_TREE=git://github.com/openSUSE/qemu.git GIT_LOCAL_TREE=~/git/qemu-opensuse -GIT_BRANCH=opensuse-2.7 -GIT_UPSTREAM_TAG=v2.7.0 +GIT_BRANCH=opensuse-2.8 +GIT_UPSTREAM_TAG=v2.8.0 GIT_DIR=/dev/shm/qemu-factory-git-dir CMP_DIR=/dev/shm/qemu-factory-cmp-dir