From c08c3d8fd2b1208cb8162b8c6414cf64fba1bd030760246fa149ef745b5ee845 Mon Sep 17 00:00:00 2001 From: Bruce Rogers Date: Fri, 11 Jul 2014 16:51:43 +0000 Subject: [PATCH] Accepting request 240239 from home:a_faerber:branches:Virtualization Update to v2.1.0-rc1 OBS-URL: https://build.opensuse.org/request/show/240239 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=216 --- 0001-XXX-dont-dump-core-on-sigabort.patch | 4 +- ...-XXX-work-around-SA_RESTART-race-wit.patch | 26 ++-- 0003-qemu-0.9.0.cvs-binfmt.patch | 2 +- 0004-qemu-cvs-alsa_bitfield.patch | 2 +- 0005-qemu-cvs-alsa_ioctl.patch | 10 +- 0006-qemu-cvs-alsa_mmap.patch | 2 +- 0007-qemu-cvs-gettimeofday.patch | 6 +- 0008-qemu-cvs-ioctl_debug.patch | 6 +- 0009-qemu-cvs-ioctl_nodirection.patch | 8 +- ...-block-vmdk-Support-creation-of-SCSI.patch | 96 +++++-------- ...-linux-user-add-binfmt-wrapper-for-a.patch | 23 +-- 0012-PPC-KVM-Disable-mmu-notifier-check.patch | 9 +- 0013-linux-user-fix-segfault-deadlock.patch | 6 +- ...-linux-user-binfmt-support-host-bina.patch | 2 +- ...-target-arm-linux-user-no-tb_flush-o.patch | 16 ++- ...-linux-user-Ignore-broken-loop-ioctl.patch | 21 +-- 0017-linux-user-lock-tcg.patch | 50 +++---- ...-linux-user-Run-multi-threaded-code-.patch | 6 +- 0019-linux-user-lock-tb-flushing-too.patch | 22 +-- 0020-linux-user-Fake-proc-cpuinfo.patch | 8 +- ...-linux-user-implement-FS_IOC_GETFLAG.patch | 10 +- ...-linux-user-implement-FS_IOC_SETFLAG.patch | 10 +- 0023-linux-user-XXX-disable-fiemap.patch | 6 +- 0024-slirp-nooutgoing.patch | 12 +- ...-vnc-password-file-and-incoming-conn.patch | 16 +-- 0026-linux-user-add-more-blk-ioctls.patch | 10 +- 0027-linux-user-use-target_ulong.patch | 10 +- ...-block-Add-support-for-DictZip-enabl.patch | 7 +- 0029-block-Add-tar-container-format.patch | 7 +- ...-Legacy-Patch-kvm-qemu-preXX-dictzip.patch | 4 +- ...-Legacy-Patch-kvm-qemu-preXX-report-.patch | 8 +- ...-console-add-question-mark-escape-op.patch | 6 +- ...-Make-char-muxer-more-robust-wrt-sma.patch | 10 +- ...-linux-user-lseek-explicitly-cast-no.patch | 6 +- ...-virtfs-proxy-helper-Provide-__u64-f.patch | 4 +- ...-configure-Enable-PIE-for-ppc-and-pp.patch | 6 +- ... 0037-tests-Don-t-run-qom-test-twice.patch | 6 +- 0037-xen_disk-add-discard-support.patch | 133 ------------------ ...> 0038-qtest-Increase-socket-timeout.patch | 8 +- ... => 0039-module-Simplify-module_load.patch | 2 +- ...-qtest-Assure-that-init_socket-s-lis.patch | 27 ---- ...-module-Don-t-complain-when-a-module.patch | 2 +- ...-qtest-Add-error-reporting-to-socket.patch | 27 ---- ...-tests-Fix-unterminated-string-outpu.patch | 50 +++++++ ...-libqos-Fix-PC-PCI-endianness-glitch.patch | 89 ++++++++++++ ...-qtest-Be-paranoid-about-accept-addr.patch | 29 ---- ...-arm-translate.c-Fix-smlald-Instruct.patch | 101 ------------- ...-qtest-fix-vhost-user-test-compilati.patch | 33 +++++ ...-target-arm-A64-fix-unallocated-test.patch | 36 ----- 0045-tcg-ppc64-Support-the-ELFv2-ABI.patch | 58 -------- 0046-vmstate-add-VMS_MUST_EXIST.patch | 61 -------- 0047-vmstate-add-VMSTATE_VALIDATE.patch | 37 ----- ...-virtio-net-fix-buffer-overflow-on-i.patch | 64 --------- ...-virtio-net-out-of-bounds-buffer-wri.patch | 60 -------- ...-virtio-out-of-bounds-buffer-write-o.patch | 57 -------- ...-ahci-fix-buffer-overrun-on-invalid-.patch | 41 ------ ...-hpet-fix-buffer-overrun-on-invalid-.patch | 56 -------- ...-hw-pci-pcie_aer.c-fix-buffer-overru.patch | 60 -------- ...-pl022-fix-buffer-overun-on-invalid-.patch | 55 -------- ...-vmstate-fix-buffer-overflow-in-targ.patch | 57 -------- ...-virtio-avoid-buffer-overrun-on-inco.patch | 45 ------ ...-virtio-validate-num_sg-when-mapping.patch | 46 ------ ...-pxa2xx-avoid-buffer-overrun-on-inco.patch | 56 -------- ...-ssd0323-fix-buffer-overun-on-invali.patch | 82 ----------- ...-tsc210x-fix-buffer-overrun-on-inval.patch | 52 ------- ...-zaurus-fix-buffer-overrun-on-invali.patch | 59 -------- ...-virtio-scsi-fix-buffer-overrun-on-i.patch | 69 --------- ...-vmstate-s-VMSTATE_INT32_LE-VMSTATE_.patch | 69 --------- ...-usb-sanity-check-setup_index-setup_.patch | 43 ------ ...-savevm-Ignore-minimum_version_id_ol.patch | 102 -------------- ...-ssi-sd-fix-buffer-overrun-on-invali.patch | 46 ------ ...-openpic-avoid-buffer-overrun-on-inc.patch | 77 ---------- ...-virtio-net-out-of-bounds-buffer-wri.patch | 60 -------- 0069-virtio-validate-config_len-on-load.patch | 57 -------- ...-virtio-allow-mapping-up-to-max-queu.patch | 36 ----- ...-build-Avoid-strict-aliasing-warning.patch | 29 ---- ipxe-build-Work-around-bug-in-gcc-4.8.patch | 55 -------- ...-zbin-Fix-size-used-for-memset-in-al.patch | 41 ------ qemu-2.0.0.tar.bz2 | 3 - qemu-2.1.0-rc1.tar.bz2 | 3 + qemu-linux-user.changes | 9 ++ qemu-linux-user.spec | 81 ++--------- qemu-linux-user.spec.in | 5 +- qemu.changes | 21 +++ qemu.spec | 96 ++----------- qemu.spec.in | 16 +-- update_git.sh | 4 +- ...e-stdvga_list_modes-doesn-t-overrun-.patch | 29 ---- 88 files changed, 471 insertions(+), 2426 deletions(-) rename 0015-linux-user-arm-no-tb_flush-on-reset.patch => 0015-target-arm-linux-user-no-tb_flush-o.patch (65%) rename 0038-tests-Don-t-run-qom-test-twice.patch => 0037-tests-Don-t-run-qom-test-twice.patch (88%) delete mode 100644 0037-xen_disk-add-discard-support.patch rename 0041-qtest-Increase-socket-timeout.patch => 0038-qtest-Increase-socket-timeout.patch (80%) rename 0071-module-Simplify-module_load.patch => 0039-module-Simplify-module_load.patch (95%) delete mode 100644 0039-qtest-Assure-that-init_socket-s-lis.patch rename 0072-module-Don-t-complain-when-a-module.patch => 0040-module-Don-t-complain-when-a-module.patch (95%) delete mode 100644 0040-qtest-Add-error-reporting-to-socket.patch create mode 100644 0041-tests-Fix-unterminated-string-outpu.patch create mode 100644 0042-libqos-Fix-PC-PCI-endianness-glitch.patch delete mode 100644 0042-qtest-Be-paranoid-about-accept-addr.patch delete mode 100644 0043-arm-translate.c-Fix-smlald-Instruct.patch create mode 100644 0043-qtest-fix-vhost-user-test-compilati.patch delete mode 100644 0044-target-arm-A64-fix-unallocated-test.patch delete mode 100644 0045-tcg-ppc64-Support-the-ELFv2-ABI.patch delete mode 100644 0046-vmstate-add-VMS_MUST_EXIST.patch delete mode 100644 0047-vmstate-add-VMSTATE_VALIDATE.patch delete mode 100644 0048-virtio-net-fix-buffer-overflow-on-i.patch delete mode 100644 0049-virtio-net-out-of-bounds-buffer-wri.patch delete mode 100644 0050-virtio-out-of-bounds-buffer-write-o.patch delete mode 100644 0051-ahci-fix-buffer-overrun-on-invalid-.patch delete mode 100644 0052-hpet-fix-buffer-overrun-on-invalid-.patch delete mode 100644 0053-hw-pci-pcie_aer.c-fix-buffer-overru.patch delete mode 100644 0054-pl022-fix-buffer-overun-on-invalid-.patch delete mode 100644 0055-vmstate-fix-buffer-overflow-in-targ.patch delete mode 100644 0056-virtio-avoid-buffer-overrun-on-inco.patch delete mode 100644 0057-virtio-validate-num_sg-when-mapping.patch delete mode 100644 0058-pxa2xx-avoid-buffer-overrun-on-inco.patch delete mode 100644 0059-ssd0323-fix-buffer-overun-on-invali.patch delete mode 100644 0060-tsc210x-fix-buffer-overrun-on-inval.patch delete mode 100644 0061-zaurus-fix-buffer-overrun-on-invali.patch delete mode 100644 0062-virtio-scsi-fix-buffer-overrun-on-i.patch delete mode 100644 0063-vmstate-s-VMSTATE_INT32_LE-VMSTATE_.patch delete mode 100644 0064-usb-sanity-check-setup_index-setup_.patch delete mode 100644 0065-savevm-Ignore-minimum_version_id_ol.patch delete mode 100644 0066-ssi-sd-fix-buffer-overrun-on-invali.patch delete mode 100644 0067-openpic-avoid-buffer-overrun-on-inc.patch delete mode 100644 0068-virtio-net-out-of-bounds-buffer-wri.patch delete mode 100644 0069-virtio-validate-config_len-on-load.patch delete mode 100644 0070-virtio-allow-mapping-up-to-max-queu.patch delete mode 100644 ipxe-build-Avoid-strict-aliasing-warning.patch delete mode 100644 ipxe-build-Work-around-bug-in-gcc-4.8.patch delete mode 100644 ipxe-zbin-Fix-size-used-for-memset-in-al.patch delete mode 100644 qemu-2.0.0.tar.bz2 create mode 100644 qemu-2.1.0-rc1.tar.bz2 delete mode 100644 vgabios-Make-sure-stdvga_list_modes-doesn-t-overrun-.patch diff --git a/0001-XXX-dont-dump-core-on-sigabort.patch b/0001-XXX-dont-dump-core-on-sigabort.patch index 327b030d..4b402238 100644 --- a/0001-XXX-dont-dump-core-on-sigabort.patch +++ b/0001-XXX-dont-dump-core-on-sigabort.patch @@ -1,4 +1,4 @@ -From afd1df16c2e7b2dd5d4478f2ba6e29a1296c8cfa Mon Sep 17 00:00:00 2001 +From 96d07382a32a794a4aaa56afd3a067fd72cc1158 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 21 Nov 2011 23:50:36 +0100 Subject: [PATCH] XXX dont dump core on sigabort @@ -8,7 +8,7 @@ Subject: [PATCH] XXX dont dump core on sigabort 1 file changed, 6 insertions(+) diff --git a/linux-user/signal.c b/linux-user/signal.c -index 7d6246f..1bcf16f 100644 +index f3b4378..dd21475 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -448,6 +448,10 @@ static void QEMU_NORETURN force_sig(int target_sig) diff --git a/0002-XXX-work-around-SA_RESTART-race-wit.patch b/0002-XXX-work-around-SA_RESTART-race-wit.patch index f9b1fd71..3f3166bb 100644 --- a/0002-XXX-work-around-SA_RESTART-race-wit.patch +++ b/0002-XXX-work-around-SA_RESTART-race-wit.patch @@ -1,4 +1,4 @@ -From e9ce5f593385ed16e456058d1f873e381c9d053d Mon Sep 17 00:00:00 2001 +From 8448fdb25ea828ec1c0359a5ede533b0fab92f99 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Thu, 1 Dec 2011 19:00:01 +0100 Subject: [PATCH] XXX work around SA_RESTART race with boehm-gc (ARM only) @@ -13,10 +13,10 @@ Subject: [PATCH] XXX work around SA_RESTART race with boehm-gc (ARM only) 4 files changed, 130 insertions(+), 10 deletions(-) diff --git a/linux-user/main.c b/linux-user/main.c -index af924dc..c7423e6 100644 +index b453a39..9df92da 100644 --- a/linux-user/main.c +++ b/linux-user/main.c -@@ -814,15 +814,22 @@ void cpu_loop(CPUARMState *env) +@@ -816,15 +816,22 @@ void cpu_loop(CPUARMState *env) break; } } else { @@ -49,10 +49,10 @@ index af924dc..c7423e6 100644 } else { goto error; diff --git a/linux-user/qemu.h b/linux-user/qemu.h -index 36d4a73..a2c4e35 100644 +index 8012cc2..e29c7f3 100644 --- a/linux-user/qemu.h +++ b/linux-user/qemu.h -@@ -134,6 +134,8 @@ typedef struct TaskState { +@@ -135,6 +135,8 @@ typedef struct TaskState { struct sigqueue sigqueue_table[MAX_SIGQUEUE_SIZE]; /* siginfo queue */ struct sigqueue *first_free; /* first free siginfo queue entry */ int signal_pending; /* non zero if a signal may be pending */ @@ -61,7 +61,7 @@ index 36d4a73..a2c4e35 100644 } __attribute__((aligned(16))) TaskState; extern char *exec_path; -@@ -199,6 +201,7 @@ int get_osversion(void); +@@ -200,6 +202,7 @@ int get_osversion(void); void init_qemu_uname_release(void); void fork_start(void); void fork_end(int child); @@ -70,7 +70,7 @@ index 36d4a73..a2c4e35 100644 /* Creates the initial guest address space in the host memory space using * the given host start address hint and size. The guest_start parameter diff --git a/linux-user/signal.c b/linux-user/signal.c -index 1bcf16f..cfaf501 100644 +index dd21475..13affa3 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -25,6 +25,7 @@ @@ -93,7 +93,7 @@ index 1bcf16f..cfaf501 100644 return 1; /* indicates that the signal was queued */ } } -@@ -706,8 +712,24 @@ int do_sigaction(int sig, const struct target_sigaction *act, +@@ -707,8 +713,24 @@ int do_sigaction(int sig, const struct target_sigaction *act, if (host_sig != SIGSEGV && host_sig != SIGBUS) { sigfillset(&act1.sa_mask); act1.sa_flags = SA_SIGINFO; @@ -119,10 +119,10 @@ index 1bcf16f..cfaf501 100644 ignore state to avoid getting unexpected interrupted syscalls */ diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 9864813..1d791a3 100644 +index 5a272d3..00f9165 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5259,6 +5259,87 @@ static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode) +@@ -5311,6 +5311,87 @@ static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode) return get_errno(open(path(pathname), flags, mode)); } @@ -210,7 +210,7 @@ index 9864813..1d791a3 100644 /* do_syscall() should always have a single exit point at the end so that actions, such as logging of syscall results, can be performed. All errnos that do_syscall() returns must be -TARGET_. */ -@@ -5272,6 +5353,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, +@@ -5324,6 +5405,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, struct stat st; struct statfs stfs; void *p; @@ -223,7 +223,7 @@ index 9864813..1d791a3 100644 #ifdef DEBUG gemu_log("syscall %d", num); -@@ -8457,7 +8544,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, +@@ -8575,7 +8662,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, cmd = target_to_host_fcntl_cmd(arg2); if (cmd == -TARGET_EINVAL) { ret = cmd; @@ -232,7 +232,7 @@ index 9864813..1d791a3 100644 } switch(arg2) { -@@ -9395,6 +9482,7 @@ fail: +@@ -9513,6 +9600,7 @@ fail: #endif if(do_strace) print_syscall_ret(num, ret); diff --git a/0003-qemu-0.9.0.cvs-binfmt.patch b/0003-qemu-0.9.0.cvs-binfmt.patch index 986c274d..f6a180b8 100644 --- a/0003-qemu-0.9.0.cvs-binfmt.patch +++ b/0003-qemu-0.9.0.cvs-binfmt.patch @@ -1,4 +1,4 @@ -From b34c0c408d3f08110ccb980d4ca0ef58a1a03c86 Mon Sep 17 00:00:00 2001 +From 503851537efa06d26e32efefd669d26a6f73d4f6 Mon Sep 17 00:00:00 2001 From: Ulrich Hecht Date: Tue, 14 Apr 2009 16:18:44 +0200 Subject: [PATCH] qemu-0.9.0.cvs-binfmt diff --git a/0004-qemu-cvs-alsa_bitfield.patch b/0004-qemu-cvs-alsa_bitfield.patch index ca1b83ec..a70321e9 100644 --- a/0004-qemu-cvs-alsa_bitfield.patch +++ b/0004-qemu-cvs-alsa_bitfield.patch @@ -1,4 +1,4 @@ -From 08da583bd034109d09bfa6fedaa19bd0bdbc6c3a Mon Sep 17 00:00:00 2001 +From c75fb180df47cd5fb2e76452e21f104290569d5e Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 14 Apr 2009 16:20:50 +0200 Subject: [PATCH] qemu-cvs-alsa_bitfield diff --git a/0005-qemu-cvs-alsa_ioctl.patch b/0005-qemu-cvs-alsa_ioctl.patch index b096ebb9..db56d7ad 100644 --- a/0005-qemu-cvs-alsa_ioctl.patch +++ b/0005-qemu-cvs-alsa_ioctl.patch @@ -1,4 +1,4 @@ -From 4820daf43dce7bbafc27ab1102a6eb52a17e4da9 Mon Sep 17 00:00:00 2001 +From 664ebaf05570f05f38b87552d4186294b5d4d442 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 14 Apr 2009 16:23:27 +0200 Subject: [PATCH] qemu-cvs-alsa_ioctl @@ -20,10 +20,10 @@ Signed-off-by: Ulrich Hecht create mode 100644 linux-user/syscall_types_alsa.h diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h -index 309fb21..d35f072 100644 +index 07a00da..762779e 100644 --- a/linux-user/ioctls.h +++ b/linux-user/ioctls.h -@@ -316,6 +316,11 @@ +@@ -318,6 +318,11 @@ IOCTL(VFAT_IOCTL_READDIR_BOTH, IOC_R, MK_PTR(MK_ARRAY(MK_STRUCT(STRUCT_dirent), 2))) IOCTL(VFAT_IOCTL_READDIR_SHORT, IOC_R, MK_PTR(MK_ARRAY(MK_STRUCT(STRUCT_dirent), 2))) @@ -2255,10 +2255,10 @@ index 0000000..e09a30d + unsigned char *code; +}; diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h -index fdf9a47..a2ac23e 100644 +index 8563027..52691fb 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h -@@ -2545,6 +2545,8 @@ struct target_ucred { +@@ -2552,6 +2552,8 @@ struct target_ucred { uint32_t gid; }; diff --git a/0006-qemu-cvs-alsa_mmap.patch b/0006-qemu-cvs-alsa_mmap.patch index 929a6876..154636ea 100644 --- a/0006-qemu-cvs-alsa_mmap.patch +++ b/0006-qemu-cvs-alsa_mmap.patch @@ -1,4 +1,4 @@ -From b1f94337048b56d240420c0d0a37ad061084904c Mon Sep 17 00:00:00 2001 +From c68e95bcf9ccbab4100a565447ac624adca96220 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 14 Apr 2009 16:24:15 +0200 Subject: [PATCH] qemu-cvs-alsa_mmap diff --git a/0007-qemu-cvs-gettimeofday.patch b/0007-qemu-cvs-gettimeofday.patch index 0777a1ed..81364dd1 100644 --- a/0007-qemu-cvs-gettimeofday.patch +++ b/0007-qemu-cvs-gettimeofday.patch @@ -1,4 +1,4 @@ -From 2a9ed81b68696702c3dfab0e3635ca1a7afe1ea4 Mon Sep 17 00:00:00 2001 +From 879e98e20a1010c5067bf0947c6ff788404da5b8 Mon Sep 17 00:00:00 2001 From: Ulrich Hecht Date: Tue, 14 Apr 2009 16:25:41 +0200 Subject: [PATCH] qemu-cvs-gettimeofday @@ -9,10 +9,10 @@ No clue what this is for. 1 file changed, 2 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 1d791a3..206dd12 100644 +index 00f9165..f3b02f0 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -6403,6 +6403,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, +@@ -6486,6 +6486,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, case TARGET_NR_gettimeofday: { struct timeval tv; diff --git a/0008-qemu-cvs-ioctl_debug.patch b/0008-qemu-cvs-ioctl_debug.patch index 3d878351..a6de3890 100644 --- a/0008-qemu-cvs-ioctl_debug.patch +++ b/0008-qemu-cvs-ioctl_debug.patch @@ -1,4 +1,4 @@ -From 9671d1a0e8e53a44513131d105c0f543c181cc0f Mon Sep 17 00:00:00 2001 +From 641ca10f4b28d9012f8a7c2aee9726d6747e4f23 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 14 Apr 2009 16:26:33 +0200 Subject: [PATCH] qemu-cvs-ioctl_debug @@ -12,10 +12,10 @@ Signed-off-by: Ulrich Hecht 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 206dd12..3407fd7 100644 +index f3b02f0..8d96462 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -3654,7 +3654,12 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg) +@@ -3719,7 +3719,12 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg) ie = ioctl_entries; for(;;) { if (ie->target_cmd == 0) { diff --git a/0009-qemu-cvs-ioctl_nodirection.patch b/0009-qemu-cvs-ioctl_nodirection.patch index eab6bc3e..1ed35eba 100644 --- a/0009-qemu-cvs-ioctl_nodirection.patch +++ b/0009-qemu-cvs-ioctl_nodirection.patch @@ -1,4 +1,4 @@ -From a535f471a344608107dce681f66a75b38f9e8441 Mon Sep 17 00:00:00 2001 +From 5487b8e2361b102d668d4e4cf5eba350f0dc5a62 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 14 Apr 2009 16:27:36 +0200 Subject: [PATCH] qemu-cvs-ioctl_nodirection @@ -15,10 +15,10 @@ Signed-off-by: Ulrich Hecht 1 file changed, 6 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 3407fd7..7d7d700 100644 +index 8d96462..576ad77 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -3688,6 +3688,11 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg) +@@ -3753,6 +3753,11 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg) arg_type++; target_size = thunk_type_size(arg_type, 0); switch(ie->access) { @@ -30,7 +30,7 @@ index 3407fd7..7d7d700 100644 case IOC_R: ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp)); if (!is_error(ret)) { -@@ -3706,6 +3711,7 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg) +@@ -3771,6 +3776,7 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg) unlock_user(argptr, arg, 0); ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp)); break; diff --git a/0010-block-vmdk-Support-creation-of-SCSI.patch b/0010-block-vmdk-Support-creation-of-SCSI.patch index 5d0d0a17..b13cc74c 100644 --- a/0010-block-vmdk-Support-creation-of-SCSI.patch +++ b/0010-block-vmdk-Support-creation-of-SCSI.patch @@ -1,4 +1,4 @@ -From a96062c693f9fa9ce4d0dd23c9cfc8816b0eacce Mon Sep 17 00:00:00 2001 +From a95bbe675538b7229a681000c4712e8a67b37c37 Mon Sep 17 00:00:00 2001 From: Ulrich Hecht Date: Tue, 14 Apr 2009 16:37:42 +0200 Subject: [PATCH] block/vmdk: Support creation of SCSI VMDK images in qemu-img @@ -11,71 +11,61 @@ Signed-off-by: Ulrich Hecht [AF: Rebased onto upstream VMDK SCSI support] [AF: Rebased onto skipping of image creation in v1.7] [AF: Simplified in preparation for v1.7.1/v2.0] +[AF: Rebased onto QemuOpts conversion for v2.1] Signed-off-by: Andreas Färber --- - block.c | 6 +++++- - block/vmdk.c | 9 ++++++++- - include/block/block_int.h | 2 ++ - qemu-img.c | 8 +++++++- - 4 files changed, 22 insertions(+), 3 deletions(-) + block.c | 3 +++ + block/vmdk.c | 10 +++++++++- + include/block/block_int.h | 2 ++ + qemu-img.c | 7 +++++++ + 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/block.c b/block.c -index 990a754..40c5c84 100644 +index 8800a6b..a456134 100644 --- a/block.c +++ b/block.c -@@ -5277,7 +5277,7 @@ void bdrv_img_create(const char *filename, const char *fmt, - Error **errp, bool quiet) - { - QEMUOptionParameter *param = NULL, *create_options = NULL; -- QEMUOptionParameter *backing_fmt, *backing_file, *size; -+ QEMUOptionParameter *backing_fmt, *backing_file, *size, *scsi; - BlockDriver *drv, *proto_drv; - BlockDriver *backing_drv = NULL; - Error *local_err = NULL; -@@ -5392,6 +5392,10 @@ void bdrv_img_create(const char *filename, const char *fmt, +@@ -5597,6 +5597,9 @@ void bdrv_img_create(const char *filename, const char *fmt, if (!quiet) { printf("Formatting '%s', fmt=%s ", filename, fmt); - print_option_parameters(param); -+ scsi = get_option_parameter(param, BLOCK_OPT_SCSI); -+ if (scsi && scsi->value.n) { + qemu_opts_print(opts); ++ if (qemu_opt_get_bool(opts, BLOCK_OPT_SCSI, false)) { + printf(", SCSI"); + } puts(""); } - ret = bdrv_create(drv, filename, param, &local_err); + diff --git a/block/vmdk.c b/block/vmdk.c -index b69988d..59c468d 100644 +index 27a78da..b26fdb2 100644 --- a/block/vmdk.c +++ b/block/vmdk.c -@@ -1744,11 +1744,13 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options, - fmt = options->value.s; - } else if (!strcmp(options->name, BLOCK_OPT_ZEROED_GRAIN)) { - zeroed_grain |= options->value.n; -+ } else if (!strcmp(options->name, BLOCK_OPT_SCSI)) { -+ flags |= options->value.n ? BLOCK_FLAG_SCSI: 0; - } - options++; +@@ -1754,9 +1754,12 @@ static int vmdk_create(const char *filename, QemuOpts *opts, Error **errp) + if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ZEROED_GRAIN, false)) { + zeroed_grain = true; } ++ if (qemu_opt_get_bool_del(opts, BLOCK_OPT_SCSI, false)) { ++ flags |= BLOCK_FLAG_SCSI; ++ } + if (!adapter_type) { -- adapter_type = "ide"; -+ adapter_type = flags & BLOCK_FLAG_SCSI ? "lsilogic" : "ide"; +- adapter_type = g_strdup("ide"); ++ adapter_type = g_strdup(flags & BLOCK_FLAG_SCSI ? "lsilogic" : "ide"); } else if (strcmp(adapter_type, "ide") && strcmp(adapter_type, "buslogic") && strcmp(adapter_type, "lsilogic") && -@@ -2096,6 +2098,11 @@ static QEMUOptionParameter vmdk_create_options[] = { - .type = OPT_FLAG, - .help = "Enable efficient zero writes using the zeroed-grain GTE feature" - }, -+ { -+ .name = BLOCK_OPT_SCSI, -+ .type = OPT_FLAG, -+ .help = "SCSI image" -+ }, - { NULL } +@@ -2153,6 +2156,11 @@ static QemuOptsList vmdk_create_opts = { + .help = "Enable efficient zero writes " + "using the zeroed-grain GTE feature" + }, ++ { ++ .name = BLOCK_OPT_SCSI, ++ .type = QEMU_OPT_BOOL, ++ .help = "SCSI image" ++ }, + { /* end of list */ } + } }; - diff --git a/include/block/block_int.h b/include/block/block_int.h -index cd5bc73..0d4208f 100644 +index f6c3bef..138c102 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -40,10 +40,12 @@ @@ -92,23 +82,15 @@ index cd5bc73..0d4208f 100644 #define BLOCK_OPT_BACKING_FMT "backing_fmt" #define BLOCK_OPT_CLUSTER_SIZE "cluster_size" diff --git a/qemu-img.c b/qemu-img.c -index 8455994..a8545b7 100644 +index c98896b..1608434 100644 --- a/qemu-img.c +++ b/qemu-img.c -@@ -1154,7 +1154,7 @@ static int img_convert(int argc, char **argv) - const uint8_t *buf1; - BlockDriverInfo bdi; - QEMUOptionParameter *param = NULL, *create_options = NULL; -- QEMUOptionParameter *out_baseimg_param; -+ QEMUOptionParameter *out_baseimg_param, *scsi; - char *options = NULL; - const char *snapshot_name = NULL; - int min_sparse = 8; /* Need at least 4k of zeros for sparse detection */ -@@ -1398,6 +1398,12 @@ static int img_convert(int argc, char **argv) +@@ -1431,6 +1431,13 @@ static int img_convert(int argc, char **argv) } } -+ if ((scsi = get_option_parameter(param, BLOCK_OPT_SCSI)) && scsi->value.n && strcmp(drv->format_name, "vmdk")) { ++ if (qemu_opt_get_bool(opts, BLOCK_OPT_SCSI, false) ++ && strcmp(drv->format_name, "vmdk")) { + error_report("SCSI devices not supported for this file format"); + ret = -1; + goto out; @@ -116,4 +98,4 @@ index 8455994..a8545b7 100644 + if (!skip_create) { /* Create the new image */ - ret = bdrv_create(drv, out_filename, param, &local_err); + ret = bdrv_create(drv, out_filename, opts, &local_err); diff --git a/0011-linux-user-add-binfmt-wrapper-for-a.patch b/0011-linux-user-add-binfmt-wrapper-for-a.patch index 896cb4b4..23f6398f 100644 --- a/0011-linux-user-add-binfmt-wrapper-for-a.patch +++ b/0011-linux-user-add-binfmt-wrapper-for-a.patch @@ -1,4 +1,4 @@ -From 99a52830916b325a52d7eac1abb979d525229fc4 Mon Sep 17 00:00:00 2001 +From ec805d63aae6d64cca97882a7b6ecb1e29569e18 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 30 Sep 2011 19:40:36 +0200 Subject: [PATCH] linux-user: add binfmt wrapper for argv[0] handling @@ -26,6 +26,7 @@ CC: Reinhard Max Signed-off-by: Alexander Graf [AF: Rebased onto new Makefile infrastructure, twice] [AF: Updated for aarch64 for v2.0.0-rc1] +[AF: Rebased onto Makefile changes for v2.1.0-rc0] Signed-off-by: Andreas Färber --- Makefile.target | 13 +++++++++++++ @@ -36,11 +37,11 @@ Signed-off-by: Andreas Färber create mode 100644 linux-user/binfmt.c diff --git a/Makefile.target b/Makefile.target -index ba12340..87d5724 100644 +index 137d0b0..57181a4 100644 --- a/Makefile.target +++ b/Makefile.target -@@ -31,6 +31,10 @@ PROGS+=$(QEMU_PROGW) - endif +@@ -34,6 +34,10 @@ endif + PROGS=$(QEMU_PROG) $(QEMU_PROGW) STPFILES= +ifdef CONFIG_LINUX_USER @@ -50,7 +51,7 @@ index ba12340..87d5724 100644 config-target.h: config-target.h-timestamp config-target.h-timestamp: config-target.mak -@@ -92,6 +96,8 @@ QEMU_CFLAGS+=-I$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR) -I$(SRC_PATH)/linux-user +@@ -101,6 +105,8 @@ QEMU_CFLAGS+=-I$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR) -I$(SRC_PATH)/linux-user obj-y += linux-user/ obj-y += gdbstub.o thunk.o user-exec.o @@ -59,7 +60,7 @@ index ba12340..87d5724 100644 endif #CONFIG_LINUX_USER ######################################################### -@@ -137,7 +143,11 @@ endif # CONFIG_SOFTMMU +@@ -149,7 +155,11 @@ endif # CONFIG_SOFTMMU # Workaround for http://gcc.gnu.org/PR55489, see configure. %/translate.o: QEMU_CFLAGS += $(TRANSLATE_OPT_CFLAGS) @@ -68,12 +69,12 @@ index ba12340..87d5724 100644 +else dummy := $(call unnest-vars,,obj-y) +endif + all-obj-y := $(obj-y) - # we are making another call to unnest-vars with different vars, protect obj-y, - # it can be overriden in subdir Makefile.objs -@@ -173,6 +183,9 @@ $(QEMU_PROG): $(all-obj-y) ../libqemuutil.a ../libqemustub.a + block-obj-y := +@@ -167,6 +177,9 @@ all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) + $(QEMU_PROG_BUILD): $(all-obj-y) ../libqemuutil.a ../libqemustub.a $(call LINK,$^) - endif +$(QEMU_PROG)-binfmt: $(obj-binfmt-y) + $(call LINK,$^) @@ -82,7 +83,7 @@ index ba12340..87d5724 100644 $(call quiet-command,rm -f $@ && $(SHELL) $(SRC_PATH)/scripts/feature_to_c.sh $@ $(TARGET_XML_FILES)," GEN $(TARGET_DIR)$@") diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs -index 5899d72..18212a2 100644 +index fd50217..446aca7 100644 --- a/linux-user/Makefile.objs +++ b/linux-user/Makefile.objs @@ -5,3 +5,5 @@ obj-$(TARGET_HAS_BFLT) += flatload.o diff --git a/0012-PPC-KVM-Disable-mmu-notifier-check.patch b/0012-PPC-KVM-Disable-mmu-notifier-check.patch index 5ad81ab5..b53e6dbd 100644 --- a/0012-PPC-KVM-Disable-mmu-notifier-check.patch +++ b/0012-PPC-KVM-Disable-mmu-notifier-check.patch @@ -1,4 +1,4 @@ -From 9ceca2f2c25c99e930d31ab11c7ff46dd9d43da6 Mon Sep 17 00:00:00 2001 +From 4c1f25ae27b6c76220ff286b904e34bef6da6f51 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 6 Jan 2012 01:05:55 +0100 Subject: [PATCH] PPC: KVM: Disable mmu notifier check @@ -13,16 +13,17 @@ KVM guests work there, even if possibly racy in some odd circumstances. 1 file changed, 2 insertions(+) diff --git a/exec.c b/exec.c -index 91513c6..36b5ef6 100644 +index 5a2a25e..c942e6a 100644 --- a/exec.c +++ b/exec.c -@@ -1039,10 +1039,12 @@ static void *file_ram_alloc(RAMBlock *block, +@@ -1037,11 +1037,13 @@ static void *file_ram_alloc(RAMBlock *block, return NULL; } +#ifndef TARGET_PPC if (kvm_enabled() && !kvm_has_sync_mmu()) { - fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n"); + error_setg(errp, + "host lacks kvm mmu notifiers, -mem-path unsupported"); goto error; } +#endif diff --git a/0013-linux-user-fix-segfault-deadlock.patch b/0013-linux-user-fix-segfault-deadlock.patch index afde3670..cfd68fee 100644 --- a/0013-linux-user-fix-segfault-deadlock.patch +++ b/0013-linux-user-fix-segfault-deadlock.patch @@ -1,4 +1,4 @@ -From c8bac440eee7d3377d27c676dfa6034ea059451c Mon Sep 17 00:00:00 2001 +From 90a3fe97f57d72fce339c68ee418fe173f3929ab Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 13 Jan 2012 17:05:41 +0100 Subject: [PATCH] linux-user: fix segfault deadlock @@ -52,10 +52,10 @@ index a72edda..e460e12 100644 + #endif diff --git a/user-exec.c b/user-exec.c -index bc58056..63b3b3d 100644 +index 1ff8673..22f9692 100644 --- a/user-exec.c +++ b/user-exec.c -@@ -93,6 +93,10 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address, +@@ -94,6 +94,10 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address, qemu_printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n", pc, address, is_write, *(unsigned long *)old_set); #endif diff --git a/0014-linux-user-binfmt-support-host-bina.patch b/0014-linux-user-binfmt-support-host-bina.patch index 712ff67c..d5647eba 100644 --- a/0014-linux-user-binfmt-support-host-bina.patch +++ b/0014-linux-user-binfmt-support-host-bina.patch @@ -1,4 +1,4 @@ -From ae7b4452a263d662035eb35c14fe84590bfff364 Mon Sep 17 00:00:00 2001 +From d3b6e9bdc03c61bf460b636482080ec11684ba51 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Thu, 2 Feb 2012 18:02:33 +0100 Subject: [PATCH] linux-user: binfmt: support host binaries diff --git a/0015-linux-user-arm-no-tb_flush-on-reset.patch b/0015-target-arm-linux-user-no-tb_flush-o.patch similarity index 65% rename from 0015-linux-user-arm-no-tb_flush-on-reset.patch rename to 0015-target-arm-linux-user-no-tb_flush-o.patch index 6e84651f..78197581 100644 --- a/0015-linux-user-arm-no-tb_flush-on-reset.patch +++ b/0015-target-arm-linux-user-no-tb_flush-o.patch @@ -1,7 +1,7 @@ -From bc949bb060b7f52ee5da9ef34e06bb12ba202726 Mon Sep 17 00:00:00 2001 +From b05fbdf009740d872cc925230c16f4feebc26a19 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 29 May 2012 15:30:01 +0200 -Subject: [PATCH] linux-user: arm: no tb_flush on reset +Subject: [PATCH] target-arm: linux-user: no tb_flush on reset When running automoc4 as linux-user guest program, it segfaults right after it creates a thread. Bisecting pointed to commit a84fac1426 which introduces @@ -9,23 +9,25 @@ tb_flush on reset. So something in our thread creation is broken. But for now, let's revert the change to at least get a working build again. + +[AF: Rebased, fixed typo] --- target-arm/cpu.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/target-arm/cpu.c b/target-arm/cpu.c -index c32d8c4..052f676 100644 +index 05e52e0..96f8cca 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c -@@ -154,7 +154,11 @@ static void arm_cpu_reset(CPUState *s) +@@ -165,7 +165,11 @@ static void arm_cpu_reset(CPUState *s) * bake assumptions about into translated code, so we need to * tb_flush(). */ +#if !defined(CONFIG_USER_ONLY) -+ /* XXX hack alert! automoc4 segaults after spawning a new thread with this -+ flush enabled */ ++ /* XXX hack alert! automoc4 segfaults after spawning a new thread with ++ * this flush enabled */ tb_flush(env); +#endif - } #ifndef CONFIG_USER_ONLY + if (kvm_enabled()) { diff --git a/0016-linux-user-Ignore-broken-loop-ioctl.patch b/0016-linux-user-Ignore-broken-loop-ioctl.patch index 60ca6242..29144aef 100644 --- a/0016-linux-user-Ignore-broken-loop-ioctl.patch +++ b/0016-linux-user-Ignore-broken-loop-ioctl.patch @@ -1,7 +1,10 @@ -From 9414e435edf0bdf2341c8e69e81e6f42cd73aca4 Mon Sep 17 00:00:00 2001 +From 032edaaeb5bd9fdc718820a79c1820592b63ffef Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 12 Jun 2012 04:41:10 +0200 Subject: [PATCH] linux-user: Ignore broken loop ioctl +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit During invocations of losetup, we run into an ioctl that doesn't exist. However, because of that we output an error, which then @@ -10,6 +13,8 @@ screws up the kiwi logic around that call. So let's silently ignore that bogus ioctl. Signed-off-by: Alexander Graf +[AF: Rebased for v2.1.0-rc0] +Signed-off-by: Andreas Färber --- linux-user/ioctls.h | 1 + linux-user/linux_loop.h | 1 + @@ -18,10 +23,10 @@ Signed-off-by: Alexander Graf 4 files changed, 10 insertions(+) diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h -index d35f072..2181ea3 100644 +index 762779e..038a799 100644 --- a/linux-user/ioctls.h +++ b/linux-user/ioctls.h -@@ -328,6 +328,7 @@ +@@ -330,6 +330,7 @@ IOCTL(LOOP_SET_STATUS64, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info64))) IOCTL(LOOP_GET_STATUS64, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info64))) IOCTL(LOOP_CHANGE_FD, 0, TYPE_INT) @@ -41,11 +46,11 @@ index 8974caa..810ae61 100644 #endif diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 7d7d700..4823aa0 100644 +index 576ad77..af0479e 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -3631,6 +3631,13 @@ static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp, - return ret; +@@ -3696,6 +3696,13 @@ static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp, + return get_errno(ioctl(fd, ie->host_cmd, sig)); } +static abi_long do_ioctl_fail(const IOCTLEntry *ie, uint8_t *buf_temp, int fd, @@ -59,10 +64,10 @@ index 7d7d700..4823aa0 100644 #define IOCTL(cmd, access, ...) \ { TARGET_ ## cmd, cmd, #cmd, access, 0, { __VA_ARGS__ } }, diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h -index a2ac23e..dd6d041 100644 +index 52691fb..794215e 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h -@@ -1044,6 +1044,7 @@ struct target_pollfd { +@@ -1051,6 +1051,7 @@ struct target_pollfd { #define TARGET_LOOP_SET_STATUS64 0x4C04 #define TARGET_LOOP_GET_STATUS64 0x4C05 #define TARGET_LOOP_CHANGE_FD 0x4C06 diff --git a/0017-linux-user-lock-tcg.patch b/0017-linux-user-lock-tcg.patch index 055d5d73..dfd269de 100644 --- a/0017-linux-user-lock-tcg.patch +++ b/0017-linux-user-lock-tcg.patch @@ -1,4 +1,4 @@ -From c06014909fc303dffb38e62943d88c4ba9f8da31 Mon Sep 17 00:00:00 2001 +From 56ad45f04c594535e2428ab6efbb2ceb36946e9f Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Thu, 5 Jul 2012 17:31:39 +0200 Subject: [PATCH] linux-user: lock tcg @@ -11,12 +11,13 @@ different threads. Signed-off-by: Alexander Graf [AF: Rebased onto exec.c/translate-all.c split for 1.4] +[AF: Rebased for v2.1.0-rc0] Signed-off-by: Andreas Färber --- linux-user/mmap.c | 3 +++ tcg/tcg.c | 36 ++++++++++++++++++++++++++++++++++-- - tcg/tcg.h | 6 ++++++ - 3 files changed, 43 insertions(+), 2 deletions(-) + tcg/tcg.h | 5 +++++ + 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 34a5615..7ebf953 100644 @@ -47,11 +48,11 @@ index 34a5615..7ebf953 100644 } diff --git a/tcg/tcg.c b/tcg/tcg.c -index f1e0763..4f36b40 100644 +index c068990..e404655 100644 --- a/tcg/tcg.c +++ b/tcg/tcg.c -@@ -40,6 +40,8 @@ - #include "qemu/cache-utils.h" +@@ -39,6 +39,8 @@ + #include "qemu-common.h" #include "qemu/host-utils.h" #include "qemu/timer.h" +#include "config-host.h" @@ -59,7 +60,7 @@ index f1e0763..4f36b40 100644 /* Note: the long term plan is to reduce the dependencies on the QEMU CPU definitions. Currently they are used for qemu_ld/st -@@ -117,6 +119,29 @@ const size_t tcg_op_defs_max = ARRAY_SIZE(tcg_op_defs); +@@ -123,6 +125,29 @@ const size_t tcg_op_defs_max = ARRAY_SIZE(tcg_op_defs); static TCGRegSet tcg_target_available_regs[2]; static TCGRegSet tcg_target_call_clobber_regs; @@ -86,10 +87,10 @@ index f1e0763..4f36b40 100644 +#endif +} + - static inline void tcg_out8(TCGContext *s, uint8_t v) + #if TCG_TARGET_INSN_UNIT_SIZE == 1 + static __attribute__((unused)) inline void tcg_out8(TCGContext *s, uint8_t v) { - *s->code_ptr++ = v; -@@ -295,7 +320,8 @@ void tcg_context_init(TCGContext *s) +@@ -339,7 +364,8 @@ void tcg_context_init(TCGContext *s) memset(s, 0, sizeof(*s)); s->nb_globals = 0; @@ -99,7 +100,7 @@ index f1e0763..4f36b40 100644 /* Count total number of arguments and allocate the corresponding space */ total_args = 0; -@@ -2597,10 +2623,12 @@ int tcg_gen_code(TCGContext *s, uint8_t *gen_code_buf) +@@ -2560,10 +2586,12 @@ int tcg_gen_code(TCGContext *s, tcg_insn_unit *gen_code_buf) } #endif @@ -107,14 +108,14 @@ index f1e0763..4f36b40 100644 tcg_gen_code_common(s, gen_code_buf, -1); /* flush instruction cache */ - flush_icache_range((uintptr_t)gen_code_buf, (uintptr_t)s->code_ptr); + flush_icache_range((uintptr_t)s->code_buf, (uintptr_t)s->code_ptr); + tcg_unlock(); - return s->code_ptr - gen_code_buf; + return tcg_current_code_size(s); } -@@ -2611,7 +2639,11 @@ int tcg_gen_code(TCGContext *s, uint8_t *gen_code_buf) - Return -1 if not found. */ - int tcg_gen_code_search_pc(TCGContext *s, uint8_t *gen_code_buf, long offset) +@@ -2575,7 +2603,11 @@ int tcg_gen_code(TCGContext *s, tcg_insn_unit *gen_code_buf) + int tcg_gen_code_search_pc(TCGContext *s, tcg_insn_unit *gen_code_buf, + long offset) { - return tcg_gen_code_common(s, gen_code_buf, offset); + int r; @@ -126,19 +127,18 @@ index f1e0763..4f36b40 100644 #ifdef CONFIG_PROFILER diff --git a/tcg/tcg.h b/tcg/tcg.h -index f7efcb4..27a72f9 100644 +index 997a704..1815965 100644 --- a/tcg/tcg.h +++ b/tcg/tcg.h -@@ -54,6 +54,8 @@ typedef uint64_t tcg_target_ulong; - #error unsupported - #endif +@@ -27,6 +27,7 @@ -+#include "config-host.h" + #include "qemu-common.h" + #include "qemu/bitops.h" +#include "qemu/thread.h" - #include "tcg-runtime.h" + #include "tcg-target.h" - #if TCG_TARGET_NB_REGS <= 32 -@@ -530,6 +532,7 @@ struct TCGContext { + /* Default target word size to pointer size. */ +@@ -554,6 +555,7 @@ struct TCGContext { /* The TCGBackendData structure is private to tcg-target.c. */ struct TCGBackendData *be; @@ -146,7 +146,7 @@ index f7efcb4..27a72f9 100644 }; extern TCGContext tcg_ctx; -@@ -707,6 +710,9 @@ void tcg_gen_shifti_i64(TCGv_i64 ret, TCGv_i64 arg1, +@@ -732,6 +734,9 @@ void tcg_gen_shifti_i64(TCGv_i64 ret, TCGv_i64 arg1, TCGArg *tcg_optimize(TCGContext *s, uint16_t *tcg_opc_ptr, TCGArg *args, TCGOpDef *tcg_op_def); diff --git a/0018-linux-user-Run-multi-threaded-code-.patch b/0018-linux-user-Run-multi-threaded-code-.patch index fc5105b4..fa86e41f 100644 --- a/0018-linux-user-Run-multi-threaded-code-.patch +++ b/0018-linux-user-Run-multi-threaded-code-.patch @@ -1,4 +1,4 @@ -From ca45f1d446ca88675e85bf80f133d3d8d955dbf0 Mon Sep 17 00:00:00 2001 +From 47197d2a2652f532971bba5fcfa9f51e7611f610 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 10 Jul 2012 20:40:55 +0200 Subject: [PATCH] linux-user: Run multi-threaded code on a single core @@ -19,10 +19,10 @@ Signed-off-by: Alexander Graf 1 file changed, 9 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 4823aa0..ff5ed06 100644 +index af0479e..0e0916d 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -4334,6 +4334,15 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, +@@ -4401,6 +4401,15 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, if (nptl_flags & CLONE_SETTLS) cpu_set_tls (new_env, newtls); diff --git a/0019-linux-user-lock-tb-flushing-too.patch b/0019-linux-user-lock-tb-flushing-too.patch index 3303016f..8412a701 100644 --- a/0019-linux-user-lock-tb-flushing-too.patch +++ b/0019-linux-user-lock-tb-flushing-too.patch @@ -1,4 +1,4 @@ -From cba80a9dc1f00c65320122f6a9afe95cbf12fbab Mon Sep 17 00:00:00 2001 +From 8396dc5e52755421126abb7fd7e39988a4e4947a Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 11 Jul 2012 16:47:42 +0200 Subject: [PATCH] linux-user: lock tb flushing too @@ -14,10 +14,10 @@ Signed-off-by: Andreas Färber 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/translate-all.c b/translate-all.c -index 5759974..1abb87d 100644 +index 8f7e11b..9b46934 100644 --- a/translate-all.c +++ b/translate-all.c -@@ -619,19 +619,23 @@ static TranslationBlock *tb_alloc(target_ulong pc) +@@ -706,19 +706,23 @@ static TranslationBlock *tb_alloc(target_ulong pc) { TranslationBlock *tb; @@ -41,7 +41,7 @@ index 5759974..1abb87d 100644 /* In practice this is mostly used for single use temporary TB Ignore the hard cases and just back up if this TB happens to be the last one generated. */ -@@ -640,6 +644,7 @@ void tb_free(TranslationBlock *tb) +@@ -727,6 +731,7 @@ void tb_free(TranslationBlock *tb) tcg_ctx.code_gen_ptr = tb->tc_ptr; tcg_ctx.tb_ctx.nb_tbs--; } @@ -49,7 +49,7 @@ index 5759974..1abb87d 100644 } static inline void invalidate_page_bitmap(PageDesc *p) -@@ -697,6 +702,7 @@ void tb_flush(CPUArchState *env1) +@@ -784,6 +789,7 @@ void tb_flush(CPUArchState *env1) ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) / tcg_ctx.tb_ctx.nb_tbs : 0); #endif @@ -57,7 +57,7 @@ index 5759974..1abb87d 100644 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) > tcg_ctx.code_gen_buffer_size) { cpu_abort(cpu, "Internal error: code buffer overflow\n"); -@@ -714,6 +720,7 @@ void tb_flush(CPUArchState *env1) +@@ -801,6 +807,7 @@ void tb_flush(CPUArchState *env1) /* XXX: flush processor icache at this point if cache flush is expensive */ tcg_ctx.tb_ctx.tb_flush_count++; @@ -65,7 +65,7 @@ index 5759974..1abb87d 100644 } #ifdef DEBUG_TB_CHECK -@@ -1022,8 +1029,10 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, +@@ -1107,8 +1114,10 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, int current_flags = 0; #endif /* TARGET_HAS_PRECISE_SMC */ @@ -76,7 +76,7 @@ index 5759974..1abb87d 100644 return; } if (!p->code_bitmap && -@@ -1116,6 +1125,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, +@@ -1201,6 +1210,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, cpu_resume_from_signal(cpu, NULL); } #endif @@ -84,7 +84,7 @@ index 5759974..1abb87d 100644 } /* len must be <= 8 and start must be a multiple of len */ -@@ -1327,13 +1337,16 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) +@@ -1412,13 +1422,16 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) { int m_min, m_max, m; uintptr_t v; @@ -102,7 +102,7 @@ index 5759974..1abb87d 100644 return NULL; } /* binary search (cf Knuth) */ -@@ -1344,6 +1357,7 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) +@@ -1429,6 +1442,7 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) tb = &tcg_ctx.tb_ctx.tbs[m]; v = (uintptr_t)tb->tc_ptr; if (v == tc_ptr) { @@ -110,7 +110,7 @@ index 5759974..1abb87d 100644 return tb; } else if (tc_ptr < v) { m_max = m - 1; -@@ -1351,7 +1365,9 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) +@@ -1436,7 +1450,9 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr) m_min = m + 1; } } diff --git a/0020-linux-user-Fake-proc-cpuinfo.patch b/0020-linux-user-Fake-proc-cpuinfo.patch index 447601ec..cbe421ff 100644 --- a/0020-linux-user-Fake-proc-cpuinfo.patch +++ b/0020-linux-user-Fake-proc-cpuinfo.patch @@ -1,4 +1,4 @@ -From 761b115c27a0f900f519422e4a79573da3632f4a Mon Sep 17 00:00:00 2001 +From c9e29d5cb3a6559b4a0b79905cd6c62835d21fdf Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 23 Jul 2012 10:24:14 +0200 Subject: [PATCH] linux-user: Fake /proc/cpuinfo @@ -22,10 +22,10 @@ Signed-off-by: Andreas Färber 1 file changed, 20 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index ff5ed06..8a78348 100644 +index 0e0916d..573ea5f 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5136,6 +5136,25 @@ static int open_self_stat(void *cpu_env, int fd) +@@ -5182,6 +5182,25 @@ static int open_self_stat(void *cpu_env, int fd) return 0; } @@ -51,7 +51,7 @@ index ff5ed06..8a78348 100644 static int open_self_auxv(void *cpu_env, int fd) { CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env); -@@ -5249,6 +5268,7 @@ static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode) +@@ -5296,6 +5315,7 @@ static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode) #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN) { "/proc/net/route", open_net_route, is_proc }, #endif diff --git a/0021-linux-user-implement-FS_IOC_GETFLAG.patch b/0021-linux-user-implement-FS_IOC_GETFLAG.patch index 17bb5dcc..382d510e 100644 --- a/0021-linux-user-implement-FS_IOC_GETFLAG.patch +++ b/0021-linux-user-implement-FS_IOC_GETFLAG.patch @@ -1,4 +1,4 @@ -From 36fc0fea8b44e3993088c6b9cab42db36fe1da76 Mon Sep 17 00:00:00 2001 +From 57f28f99146803cd0c5d388e61889a83ec12b33f Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 20 Aug 2012 00:02:52 +0200 Subject: [PATCH] linux-user: implement FS_IOC_GETFLAGS ioctl @@ -16,10 +16,10 @@ v1 -> v2: 2 files changed, 3 insertions(+) diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h -index 2181ea3..a329fb0 100644 +index 038a799..efbc970 100644 --- a/linux-user/ioctls.h +++ b/linux-user/ioctls.h -@@ -88,6 +88,7 @@ +@@ -89,6 +89,7 @@ IOCTL_SPECIAL(FS_IOC_FIEMAP, IOC_W | IOC_R, do_ioctl_fs_ioc_fiemap, MK_PTR(MK_STRUCT(STRUCT_fiemap))) #endif @@ -28,10 +28,10 @@ index 2181ea3..a329fb0 100644 IOCTL(SIOCATMARK, 0, TYPE_NULL) IOCTL(SIOCGIFNAME, IOC_RW, MK_PTR(TYPE_INT)) diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h -index dd6d041..2456d5b 100644 +index 794215e..6146d79 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h -@@ -2460,6 +2460,8 @@ struct target_f_owner_ex { +@@ -2467,6 +2467,8 @@ struct target_f_owner_ex { #define TARGET_MTIOCGET TARGET_IOR('m', 2, struct mtget) #define TARGET_MTIOCPOS TARGET_IOR('m', 3, struct mtpos) diff --git a/0022-linux-user-implement-FS_IOC_SETFLAG.patch b/0022-linux-user-implement-FS_IOC_SETFLAG.patch index bcf18b27..bb459783 100644 --- a/0022-linux-user-implement-FS_IOC_SETFLAG.patch +++ b/0022-linux-user-implement-FS_IOC_SETFLAG.patch @@ -1,4 +1,4 @@ -From 8c00316b2996d0c2171032e58d7e21fd8af9bee1 Mon Sep 17 00:00:00 2001 +From f89d1f32b6b97db2abda653a72d00a45c512d220 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 20 Aug 2012 00:07:13 +0200 Subject: [PATCH] linux-user: implement FS_IOC_SETFLAGS ioctl @@ -16,10 +16,10 @@ v1 -> v2 2 files changed, 2 insertions(+) diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h -index a329fb0..d76575c 100644 +index efbc970..6be0048 100644 --- a/linux-user/ioctls.h +++ b/linux-user/ioctls.h -@@ -89,6 +89,7 @@ +@@ -90,6 +90,7 @@ MK_PTR(MK_STRUCT(STRUCT_fiemap))) #endif IOCTL(FS_IOC_GETFLAGS, IOC_R, MK_PTR(TYPE_LONG)) @@ -28,10 +28,10 @@ index a329fb0..d76575c 100644 IOCTL(SIOCATMARK, 0, TYPE_NULL) IOCTL(SIOCGIFNAME, IOC_RW, MK_PTR(TYPE_INT)) diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h -index 2456d5b..03863a6 100644 +index 6146d79..fc326dd 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h -@@ -2461,6 +2461,7 @@ struct target_f_owner_ex { +@@ -2468,6 +2468,7 @@ struct target_f_owner_ex { #define TARGET_MTIOCPOS TARGET_IOR('m', 3, struct mtpos) #define TARGET_FS_IOC_GETFLAGS TARGET_IORU('f', 1) diff --git a/0023-linux-user-XXX-disable-fiemap.patch b/0023-linux-user-XXX-disable-fiemap.patch index 2956c3f0..1d65f285 100644 --- a/0023-linux-user-XXX-disable-fiemap.patch +++ b/0023-linux-user-XXX-disable-fiemap.patch @@ -1,4 +1,4 @@ -From fac2c74e7593b04a4fc45e0d40c06036f60ae75d Mon Sep 17 00:00:00 2001 +From 3a9a8a733b3e394ead8a453705ed151e87bb743c Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 21 Aug 2012 14:20:40 +0200 Subject: [PATCH] linux-user: XXX disable fiemap @@ -9,10 +9,10 @@ agraf: fiemap breaks in libarchive. Disable it for now. 1 file changed, 5 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 8a78348..28a3d74 100644 +index 573ea5f..28039c7 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -3188,6 +3188,11 @@ static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp, +@@ -3246,6 +3246,11 @@ static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp, uint32_t outbufsz; int free_fm = 0; diff --git a/0024-slirp-nooutgoing.patch b/0024-slirp-nooutgoing.patch index c56882a5..7fd65fef 100644 --- a/0024-slirp-nooutgoing.patch +++ b/0024-slirp-nooutgoing.patch @@ -1,4 +1,4 @@ -From 871d3d13b54c6ba223b09953c50b762d0404cbec Mon Sep 17 00:00:00 2001 +From 84fe61a504718a0b4dbdd66a9275dcf5b4427026 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Wed, 29 Aug 2012 18:42:56 +0200 Subject: [PATCH] slirp: -nooutgoing @@ -12,10 +12,10 @@ TBD (from SUSE Studio team) 4 files changed, 40 insertions(+) diff --git a/qemu-options.hx b/qemu-options.hx -index 2d33815..62a1cfc 100644 +index 9e54686..0a7247d 100644 --- a/qemu-options.hx +++ b/qemu-options.hx -@@ -2603,6 +2603,16 @@ Store the QEMU process PID in @var{file}. It is useful if you launch QEMU +@@ -2795,6 +2795,16 @@ Store the QEMU process PID in @var{file}. It is useful if you launch QEMU from a script. ETEXI @@ -97,10 +97,10 @@ index 7571c5a..0555e18 100644 socket_set_fast_reuse(s); opt = 1; diff --git a/vl.c b/vl.c -index 9975e5a..b18c815 100644 +index 6e084c2..0e34d53 100644 --- a/vl.c +++ b/vl.c -@@ -162,6 +162,7 @@ const char *vnc_display; +@@ -163,6 +163,7 @@ const char *vnc_display; int acpi_enabled = 1; int no_hpet = 0; int fd_bootchk = 1; @@ -108,7 +108,7 @@ index 9975e5a..b18c815 100644 static int no_reboot; int no_shutdown = 0; int cursor_hide = 1; -@@ -3351,6 +3352,14 @@ int main(int argc, char **argv, char **envp) +@@ -3391,6 +3392,14 @@ int main(int argc, char **argv, char **envp) case QEMU_OPTION_singlestep: singlestep = 1; break; diff --git a/0025-vnc-password-file-and-incoming-conn.patch b/0025-vnc-password-file-and-incoming-conn.patch index 01862905..8f4f559c 100644 --- a/0025-vnc-password-file-and-incoming-conn.patch +++ b/0025-vnc-password-file-and-incoming-conn.patch @@ -1,4 +1,4 @@ -From 955ef0968a268bcb6ef68b8788952546aed3a1dc Mon Sep 17 00:00:00 2001 +From 5ac0412380823745654010b067fbce609efa4aa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Wed, 29 Aug 2012 20:06:01 +0200 Subject: [PATCH] vnc: password-file= and incoming-connections= @@ -9,10 +9,10 @@ TBD (from SUSE Studio team) 1 file changed, 71 insertions(+) diff --git a/ui/vnc.c b/ui/vnc.c -index 5925774..8445dd6 100644 +index 548588a..ab03ee3 100644 --- a/ui/vnc.c +++ b/ui/vnc.c -@@ -45,6 +45,7 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; +@@ -47,6 +47,7 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; #include "d3des.h" static VncDisplay *vnc_display; /* needed for info vnc */ @@ -20,7 +20,7 @@ index 5925774..8445dd6 100644 static int vnc_cursor_define(VncState *vs); static void vnc_release_modifiers(VncState *vs); -@@ -1031,6 +1032,7 @@ static void vnc_disconnect_start(VncState *vs) +@@ -1037,6 +1038,7 @@ static void vnc_disconnect_start(VncState *vs) void vnc_disconnect_finish(VncState *vs) { int i; @@ -28,7 +28,7 @@ index 5925774..8445dd6 100644 vnc_jobs_join(vs); /* Wait encoding jobs */ -@@ -1079,6 +1081,13 @@ void vnc_disconnect_finish(VncState *vs) +@@ -1085,6 +1087,13 @@ void vnc_disconnect_finish(VncState *vs) } g_free(vs->lossy_rect); g_free(vs); @@ -42,7 +42,7 @@ index 5925774..8445dd6 100644 } int vnc_client_io_error(VncState *vs, int ret, int last_errno) -@@ -3041,6 +3050,39 @@ char *vnc_display_local_addr(DisplayState *ds) +@@ -3036,6 +3045,39 @@ char *vnc_display_local_addr(DisplayState *ds) return vnc_socket_local_addr("%s:%s", vs->lsock); } @@ -82,7 +82,7 @@ index 5925774..8445dd6 100644 void vnc_display_open(DisplayState *ds, const char *display, Error **errp) { VncDisplay *vs = vnc_display; -@@ -3074,6 +3116,9 @@ void vnc_display_open(DisplayState *ds, const char *display, Error **errp) +@@ -3069,6 +3111,9 @@ void vnc_display_open(DisplayState *ds, const char *display, Error **errp) while ((options = strchr(options, ','))) { options++; if (strncmp(options, "password", 8) == 0) { @@ -92,7 +92,7 @@ index 5925774..8445dd6 100644 if (fips_get_state()) { error_setg(errp, "VNC password auth disabled due to FIPS mode, " -@@ -3082,6 +3127,32 @@ void vnc_display_open(DisplayState *ds, const char *display, Error **errp) +@@ -3077,6 +3122,32 @@ void vnc_display_open(DisplayState *ds, const char *display, Error **errp) goto fail; } password = 1; /* Require password auth */ diff --git a/0026-linux-user-add-more-blk-ioctls.patch b/0026-linux-user-add-more-blk-ioctls.patch index 1dff93ad..8589465e 100644 --- a/0026-linux-user-add-more-blk-ioctls.patch +++ b/0026-linux-user-add-more-blk-ioctls.patch @@ -1,4 +1,4 @@ -From 6b62214c4bd34a4480814ac47449fab7c34305ed Mon Sep 17 00:00:00 2001 +From 9abeb48be0c332c84f379455bd424f0fd58e79e0 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 10 Oct 2012 10:21:20 +0200 Subject: [PATCH] linux-user: add more blk ioctls @@ -13,10 +13,10 @@ Signed-off-by: Alexander Graf 3 files changed, 27 insertions(+) diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h -index d76575c..ffd6d09 100644 +index 6be0048..369224f 100644 --- a/linux-user/ioctls.h +++ b/linux-user/ioctls.h -@@ -72,6 +72,24 @@ +@@ -73,6 +73,24 @@ #ifdef BLKGETSIZE64 IOCTL(BLKGETSIZE64, IOC_R, MK_PTR(TYPE_ULONGLONG)) #endif @@ -42,10 +42,10 @@ index d76575c..ffd6d09 100644 IOCTL(BLKRASET, 0, TYPE_INT) IOCTL(BLKRAGET, IOC_R, MK_PTR(TYPE_LONG)) diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h -index 03863a6..2271d5f 100644 +index fc326dd..853b903 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h -@@ -913,6 +913,12 @@ struct target_pollfd { +@@ -920,6 +920,12 @@ struct target_pollfd { #define TARGET_BLKGETSIZE64 TARGET_IOR(0x12,114,abi_ulong) /* return device size in bytes (u64 *arg) */ diff --git a/0027-linux-user-use-target_ulong.patch b/0027-linux-user-use-target_ulong.patch index 23c6b44a..61136033 100644 --- a/0027-linux-user-use-target_ulong.patch +++ b/0027-linux-user-use-target_ulong.patch @@ -1,4 +1,4 @@ -From 9f8f18dc792d6c9e3fb661cb8543d0c09b342ac4 Mon Sep 17 00:00:00 2001 +From 48296463c92ea6afe7eaaabc88ba8d75e910afae Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 9 Oct 2012 09:06:49 +0200 Subject: [PATCH] linux-user: use target_ulong @@ -17,10 +17,10 @@ Signed-off-by: Alexander Graf 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/linux-user/qemu.h b/linux-user/qemu.h -index a2c4e35..6fd5e0c 100644 +index e29c7f3..75b6558 100644 --- a/linux-user/qemu.h +++ b/linux-user/qemu.h -@@ -189,10 +189,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src, +@@ -190,10 +190,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src, void target_set_brk(abi_ulong new_brk); abi_long do_brk(abi_ulong new_brk); void syscall_init(void); @@ -36,10 +36,10 @@ index a2c4e35..6fd5e0c 100644 extern THREAD CPUState *thread_cpu; void cpu_loop(CPUArchState *env); diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 28a3d74..a12a722 100644 +index 28039c7..0c49a67 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5395,10 +5395,10 @@ int syscall_restartable(int syscall_nr) +@@ -5447,10 +5447,10 @@ int syscall_restartable(int syscall_nr) /* do_syscall() should always have a single exit point at the end so that actions, such as logging of syscall results, can be performed. All errnos that do_syscall() returns must be -TARGET_. */ diff --git a/0028-block-Add-support-for-DictZip-enabl.patch b/0028-block-Add-support-for-DictZip-enabl.patch index 59eeee43..2f0d5921 100644 --- a/0028-block-Add-support-for-DictZip-enabl.patch +++ b/0028-block-Add-support-for-DictZip-enabl.patch @@ -1,4 +1,4 @@ -From 8b201b80c7957d04876330c37857b1ac4d8df21e Mon Sep 17 00:00:00 2001 +From 6e08bfbccc8263bc5c9b619d19864723760e17dc Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 5 Aug 2009 09:49:37 +0200 Subject: [PATCH] block: Add support for DictZip enabled gzip files @@ -28,6 +28,7 @@ Signed-off-by: Tim Hardeck [AF: Error **errp added for bdrv_file_open, bdrv_delete -> bdrv_unref] [AF: qemu_opts_create_nofail() -> qemu_opts_create(), bdrv_file_open() -> bdrv_open(), based on work by brogers] +[AF: error_is_set() dropped for v2.1.0-rc0] Signed-off-by: Andreas Färber --- block/Makefile.objs | 1 + @@ -49,7 +50,7 @@ index fd88c03..cbdddc0 100644 iscsi.o-libs := $(LIBISCSI_LIBS) diff --git a/block/dictzip.c b/block/dictzip.c new file mode 100644 -index 0000000..a3629ab +index 0000000..36f1df0 --- /dev/null +++ b/block/dictzip.c @@ -0,0 +1,596 @@ @@ -235,7 +236,7 @@ index 0000000..a3629ab + + opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort); + qemu_opts_absorb_qdict(opts, options, &local_err); -+ if (error_is_set(&local_err)) { ++ if (local_err != NULL) { + error_propagate(errp, local_err); + ret = -EINVAL; + goto fail; diff --git a/0029-block-Add-tar-container-format.patch b/0029-block-Add-tar-container-format.patch index a98dc610..f1902ca8 100644 --- a/0029-block-Add-tar-container-format.patch +++ b/0029-block-Add-tar-container-format.patch @@ -1,4 +1,4 @@ -From 9faf6837f5e436c6d2003e64cb4b44b90d234c72 Mon Sep 17 00:00:00 2001 +From 448b9b9a09a26b30cdbc6afd9472ce07efc06e8c Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 5 Aug 2009 17:28:38 +0200 Subject: [PATCH] block: Add tar container format @@ -29,6 +29,7 @@ Signed-off-by: Tim Hardeck [AF: bdrv_file_open got an Error **errp argument, bdrv_delete -> brd_unref] [AF: qemu_opts_create_nofail() -> qemu_opts_create(), bdrv_file_open() -> bdrv_open(), based on work by brogers] +[AF: error_is_set() dropped for v2.1.0-rc0] Signed-off-by: Andreas Färber --- block/Makefile.objs | 1 + @@ -50,7 +51,7 @@ index cbdddc0..e5b0326 100644 iscsi.o-libs := $(LIBISCSI_LIBS) diff --git a/block/tar.c b/block/tar.c new file mode 100644 -index 0000000..a79cf5e +index 0000000..c2ab5fa --- /dev/null +++ b/block/tar.c @@ -0,0 +1,386 @@ @@ -234,7 +235,7 @@ index 0000000..a79cf5e + + opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort); + qemu_opts_absorb_qdict(opts, options, &local_err); -+ if (error_is_set(&local_err)) { ++ if (local_err != NULL) { + error_propagate(errp, local_err); + ret = -EINVAL; + goto fail; diff --git a/0030-Legacy-Patch-kvm-qemu-preXX-dictzip.patch b/0030-Legacy-Patch-kvm-qemu-preXX-dictzip.patch index 374b88c2..a4c818fb 100644 --- a/0030-Legacy-Patch-kvm-qemu-preXX-dictzip.patch +++ b/0030-Legacy-Patch-kvm-qemu-preXX-dictzip.patch @@ -1,4 +1,4 @@ -From e26cff5986190a24dcc53d658da1fc8e7772338c Mon Sep 17 00:00:00 2001 +From ccc7274accdbd66a581777e0dae3865ba86c2eed Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 12 Dec 2012 19:11:30 +0100 Subject: [PATCH] Legacy Patch kvm-qemu-preXX-dictzip3.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Legacy Patch kvm-qemu-preXX-dictzip3.patch 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/block/tar.c b/block/tar.c -index a79cf5e..09fe1a6 100644 +index c2ab5fa..ea2075d 100644 --- a/block/tar.c +++ b/block/tar.c @@ -83,7 +83,8 @@ static int str_ends(char *str, const char *end) diff --git a/0031-Legacy-Patch-kvm-qemu-preXX-report-.patch b/0031-Legacy-Patch-kvm-qemu-preXX-report-.patch index 6e7deead..27642d71 100644 --- a/0031-Legacy-Patch-kvm-qemu-preXX-report-.patch +++ b/0031-Legacy-Patch-kvm-qemu-preXX-report-.patch @@ -1,4 +1,4 @@ -From e828d54e5b1ef01c620e1c761340cd73af785b6b Mon Sep 17 00:00:00 2001 +From 7a6f8226cb5dd3540c80f852917b118a6b88d791 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 12 Dec 2012 19:11:31 +0100 Subject: [PATCH] Legacy Patch kvm-qemu-preXX-report-default-mac-used.patch @@ -8,10 +8,10 @@ Subject: [PATCH] Legacy Patch kvm-qemu-preXX-report-default-mac-used.patch 1 file changed, 22 insertions(+) diff --git a/net/net.c b/net/net.c -index e3ef1e4..67396e7 100644 +index 6d930ea..9656f3e 100644 --- a/net/net.c +++ b/net/net.c -@@ -141,6 +141,27 @@ void qemu_format_nic_info_str(NetClientState *nc, uint8_t macaddr[6]) +@@ -158,6 +158,27 @@ void qemu_format_nic_info_str(NetClientState *nc, uint8_t macaddr[6]) macaddr[3], macaddr[4], macaddr[5]); } @@ -39,7 +39,7 @@ index e3ef1e4..67396e7 100644 void qemu_macaddr_default_if_unset(MACAddr *macaddr) { static int index = 0; -@@ -1251,6 +1272,7 @@ int net_init_clients(void) +@@ -1276,6 +1297,7 @@ int net_init_clients(void) if (qemu_opts_foreach(net, net_init_client, NULL, 1) == -1) { return -1; } diff --git a/0032-console-add-question-mark-escape-op.patch b/0032-console-add-question-mark-escape-op.patch index 8b11dfb8..ddc66a35 100644 --- a/0032-console-add-question-mark-escape-op.patch +++ b/0032-console-add-question-mark-escape-op.patch @@ -1,4 +1,4 @@ -From 1f6cee23194037e7c2601e7a728b7fa824f4d66f Mon Sep 17 00:00:00 2001 +From a771dcb790eb622c0b023274c1b6b92743e71d0f Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 6 Jun 2011 06:53:52 +0200 Subject: [PATCH] console: add question-mark escape operator @@ -16,10 +16,10 @@ Signed-off-by: Alexander Graf 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/console.c b/ui/console.c -index e057755..24413e8 100644 +index ab84549..5d1f074 100644 --- a/ui/console.c +++ b/ui/console.c -@@ -866,7 +866,7 @@ static void console_putchar(QemuConsole *s, int ch) +@@ -852,7 +852,7 @@ static void console_putchar(QemuConsole *s, int ch) } else { if (s->nb_esc_params < MAX_ESC_PARAMS) s->nb_esc_params++; diff --git a/0033-Make-char-muxer-more-robust-wrt-sma.patch b/0033-Make-char-muxer-more-robust-wrt-sma.patch index 3239622e..bc1c4809 100644 --- a/0033-Make-char-muxer-more-robust-wrt-sma.patch +++ b/0033-Make-char-muxer-more-robust-wrt-sma.patch @@ -1,4 +1,4 @@ -From e30f0e39abb8e5ad453333ac3dd0f6d7b270e045 Mon Sep 17 00:00:00 2001 +From 111abb7150e0eaadfb338c82b86d4b65a171f9c6 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Thu, 1 Apr 2010 17:36:23 +0200 Subject: [PATCH] Make char muxer more robust wrt small FIFOs @@ -22,10 +22,10 @@ This patch fixes input when using -nographic on s390 for me. 1 file changed, 16 insertions(+) diff --git a/qemu-char.c b/qemu-char.c -index 54ed244..cc6bfe8 100644 +index 55e372c..d562dae 100644 --- a/qemu-char.c +++ b/qemu-char.c -@@ -252,6 +252,9 @@ typedef struct { +@@ -311,6 +311,9 @@ typedef struct { IOEventHandler *chr_event[MAX_MUX]; void *ext_opaque[MAX_MUX]; CharDriverState *drv; @@ -35,7 +35,7 @@ index 54ed244..cc6bfe8 100644 int focus; int mux_cnt; int term_got_escape; -@@ -408,6 +411,15 @@ static void mux_chr_accept_input(CharDriverState *chr) +@@ -470,6 +473,15 @@ static void mux_chr_accept_input(CharDriverState *chr) d->chr_read[m](d->ext_opaque[m], &d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1); } @@ -51,7 +51,7 @@ index 54ed244..cc6bfe8 100644 } static int mux_chr_can_read(void *opaque) -@@ -530,6 +542,10 @@ static CharDriverState *qemu_chr_open_mux(CharDriverState *drv) +@@ -598,6 +610,10 @@ static CharDriverState *qemu_chr_open_mux(CharDriverState *drv) chr->opaque = d; d->drv = drv; d->focus = -1; diff --git a/0034-linux-user-lseek-explicitly-cast-no.patch b/0034-linux-user-lseek-explicitly-cast-no.patch index d914cc64..26255cb5 100644 --- a/0034-linux-user-lseek-explicitly-cast-no.patch +++ b/0034-linux-user-lseek-explicitly-cast-no.patch @@ -1,4 +1,4 @@ -From f222ce0d5af1eb8258e84d6fcd8ab89a85131a21 Mon Sep 17 00:00:00 2001 +From d7412d16a40cda2130de7e9b041bff4553ef493a Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Thu, 13 Dec 2012 14:29:22 +0100 Subject: [PATCH] linux-user: lseek: explicitly cast non-set offsets to signed @@ -16,10 +16,10 @@ Signed-off-by: Alexander Graf 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index a12a722..d1f8b3d 100644 +index 0c49a67..c69f724 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5709,9 +5709,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1, +@@ -5761,9 +5761,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1, case TARGET_NR_oldstat: goto unimplemented; #endif diff --git a/0035-virtfs-proxy-helper-Provide-__u64-f.patch b/0035-virtfs-proxy-helper-Provide-__u64-f.patch index fd4bf8fe..082550ad 100644 --- a/0035-virtfs-proxy-helper-Provide-__u64-f.patch +++ b/0035-virtfs-proxy-helper-Provide-__u64-f.patch @@ -1,4 +1,4 @@ -From 52b3782f6ec265abbd8704d4999940e2161819d5 Mon Sep 17 00:00:00 2001 +From e771a11f28c3d6ff68a8d0f804ffeb1d807240b0 Mon Sep 17 00:00:00 2001 From: Bruce Rogers Date: Thu, 16 May 2013 12:39:10 +0200 Subject: [PATCH] virtfs-proxy-helper: Provide __u64 for broken @@ -12,7 +12,7 @@ Fixes the build on SLE 11 SP2. 1 file changed, 7 insertions(+) diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c -index bfecb87..79ab9c8 100644 +index cd291d3..7d7aa67 100644 --- a/fsdev/virtfs-proxy-helper.c +++ b/fsdev/virtfs-proxy-helper.c @@ -9,6 +9,13 @@ diff --git a/0036-configure-Enable-PIE-for-ppc-and-pp.patch b/0036-configure-Enable-PIE-for-ppc-and-pp.patch index 5a0335b1..0f5164cb 100644 --- a/0036-configure-Enable-PIE-for-ppc-and-pp.patch +++ b/0036-configure-Enable-PIE-for-ppc-and-pp.patch @@ -1,4 +1,4 @@ -From c5ce0620bff591f2c344771e75447d602212c6f0 Mon Sep 17 00:00:00 2001 +From 1e35b0409716fd2364ca25889801ea28299eeff1 Mon Sep 17 00:00:00 2001 From: Dinar Valeev Date: Wed, 2 Oct 2013 17:56:03 +0200 Subject: [PATCH] configure: Enable PIE for ppc and ppc64 hosts @@ -14,10 +14,10 @@ Signed-off-by: Andreas Färber 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure -index 69b9f56..21523908 100755 +index 7dd43fd..99f8a37 100755 --- a/configure +++ b/configure -@@ -1487,7 +1487,7 @@ fi +@@ -1531,7 +1531,7 @@ fi if test "$pie" = ""; then case "$cpu-$targetos" in diff --git a/0038-tests-Don-t-run-qom-test-twice.patch b/0037-tests-Don-t-run-qom-test-twice.patch similarity index 88% rename from 0038-tests-Don-t-run-qom-test-twice.patch rename to 0037-tests-Don-t-run-qom-test-twice.patch index 269ef769..48c63560 100644 --- a/0038-tests-Don-t-run-qom-test-twice.patch +++ b/0037-tests-Don-t-run-qom-test-twice.patch @@ -1,4 +1,4 @@ -From 857545e61d741cc4f439f98c5e93210b7fa09577 Mon Sep 17 00:00:00 2001 +From d78b797a58584419bdfabaebe79322a246790dff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Mon, 7 Apr 2014 16:03:08 +0200 Subject: [PATCH] tests: Don't run qom-test twice @@ -19,10 +19,10 @@ Signed-off-by: Andreas Färber 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile -index 88f7105..8f2b018 100644 +index 1fcd633..7c0253b 100644 --- a/tests/Makefile +++ b/tests/Makefile -@@ -162,7 +162,9 @@ check-qtest-microblazeel-y = $(check-qtest-microblaze-y) +@@ -184,7 +184,9 @@ check-qtest-microblazeel-y = $(check-qtest-microblaze-y) check-qtest-xtensaeb-y = $(check-qtest-xtensa-y) # qom-test works for all sysemu architectures: diff --git a/0037-xen_disk-add-discard-support.patch b/0037-xen_disk-add-discard-support.patch deleted file mode 100644 index 5366025a..00000000 --- a/0037-xen_disk-add-discard-support.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 1798372872568aa5d3fd50c8d01ba658082a8711 Mon Sep 17 00:00:00 2001 -From: Olaf Hering -Date: Thu, 30 Jan 2014 16:02:18 +0100 -Subject: [PATCH] xen_disk: add discard support -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Implement discard support for xen_disk. It makes use of the existing -discard code in qemu. - -The discard support is enabled unconditionally. The tool stack may provide a -property "discard-enable" in the backend node to optionally disable discard -support. This is helpful in case the backing file was intentionally created -non-sparse to avoid fragmentation. - -Signed-off-by: Olaf Hering -Signed-off-by: Andreas Färber ---- - hw/block/xen_blkif.h | 12 ++++++++++++ - hw/block/xen_disk.c | 34 ++++++++++++++++++++++++++++++++++ - 2 files changed, 46 insertions(+) - -diff --git a/hw/block/xen_blkif.h b/hw/block/xen_blkif.h -index c0f4136..711b692 100644 ---- a/hw/block/xen_blkif.h -+++ b/hw/block/xen_blkif.h -@@ -79,6 +79,12 @@ static inline void blkif_get_x86_32_req(blkif_request_t *dst, blkif_x86_32_reque - dst->handle = src->handle; - dst->id = src->id; - dst->sector_number = src->sector_number; -+ if (src->operation == BLKIF_OP_DISCARD) { -+ struct blkif_request_discard *s = (void *)src; -+ struct blkif_request_discard *d = (void *)dst; -+ d->nr_sectors = s->nr_sectors; -+ return; -+ } - if (n > src->nr_segments) - n = src->nr_segments; - for (i = 0; i < n; i++) -@@ -94,6 +100,12 @@ static inline void blkif_get_x86_64_req(blkif_request_t *dst, blkif_x86_64_reque - dst->handle = src->handle; - dst->id = src->id; - dst->sector_number = src->sector_number; -+ if (src->operation == BLKIF_OP_DISCARD) { -+ struct blkif_request_discard *s = (void *)src; -+ struct blkif_request_discard *d = (void *)dst; -+ d->nr_sectors = s->nr_sectors; -+ return; -+ } - if (n > src->nr_segments) - n = src->nr_segments; - for (i = 0; i < n; i++) -diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c -index bc061e6..989a90f 100644 ---- a/hw/block/xen_disk.c -+++ b/hw/block/xen_disk.c -@@ -114,6 +114,7 @@ struct XenBlkDev { - int requests_finished; - - /* Persistent grants extension */ -+ gboolean feature_discard; - gboolean feature_persistent; - GTree *persistent_gnts; - unsigned int persistent_gnt_count; -@@ -253,6 +254,8 @@ static int ioreq_parse(struct ioreq *ioreq) - case BLKIF_OP_WRITE: - ioreq->prot = PROT_READ; /* from memory */ - break; -+ case BLKIF_OP_DISCARD: -+ return 0; - default: - xen_be_printf(&blkdev->xendev, 0, "error: unknown operation (%d)\n", - ioreq->req.operation); -@@ -532,6 +535,17 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq) - &ioreq->v, ioreq->v.size / BLOCK_SIZE, - qemu_aio_complete, ioreq); - break; -+ case BLKIF_OP_DISCARD: -+ { -+ struct blkif_request_discard *discard_req = (void *)&ioreq->req; -+ bdrv_acct_start(blkdev->bs, &ioreq->acct, -+ discard_req->nr_sectors * BLOCK_SIZE, BDRV_ACCT_WRITE); -+ ioreq->aio_inflight++; -+ bdrv_aio_discard(blkdev->bs, -+ discard_req->sector_number, discard_req->nr_sectors, -+ qemu_aio_complete, ioreq); -+ break; -+ } - default: - /* unknown operation (shouldn't happen -- parse catches this) */ - goto err; -@@ -710,6 +724,21 @@ static void blk_alloc(struct XenDevice *xendev) - } - } - -+static void blk_parse_discard(struct XenBlkDev *blkdev) -+{ -+ int enable; -+ -+ blkdev->feature_discard = true; -+ -+ if (xenstore_read_be_int(&blkdev->xendev, "discard-enable", &enable) == 0) { -+ blkdev->feature_discard = !!enable; -+ } -+ -+ if (blkdev->feature_discard) { -+ xenstore_write_be_int(&blkdev->xendev, "feature-discard", 1); -+ } -+} -+ - static int blk_init(struct XenDevice *xendev) - { - struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev); -@@ -777,6 +806,8 @@ static int blk_init(struct XenDevice *xendev) - xenstore_write_be_int(&blkdev->xendev, "feature-persistent", 1); - xenstore_write_be_int(&blkdev->xendev, "info", info); - -+ blk_parse_discard(blkdev); -+ - g_free(directiosafe); - return 0; - -@@ -812,6 +843,9 @@ static int blk_connect(struct XenDevice *xendev) - qflags |= BDRV_O_RDWR; - readonly = false; - } -+ if (blkdev->feature_discard) { -+ qflags |= BDRV_O_UNMAP; -+ } - - /* init qemu block driver */ - index = (blkdev->xendev.dev - 202 * 256) / 16; diff --git a/0041-qtest-Increase-socket-timeout.patch b/0038-qtest-Increase-socket-timeout.patch similarity index 80% rename from 0041-qtest-Increase-socket-timeout.patch rename to 0038-qtest-Increase-socket-timeout.patch index cbbb63e4..ccaadbb7 100644 --- a/0041-qtest-Increase-socket-timeout.patch +++ b/0038-qtest-Increase-socket-timeout.patch @@ -1,4 +1,4 @@ -From 1126af0e6664e58a5e6e2280f6d61bb829099444 Mon Sep 17 00:00:00 2001 +From c71486ca826cfb0455aed9df5f298d3ea163cf7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Thu, 17 Apr 2014 18:39:10 +0200 Subject: [PATCH] qtest: Increase socket timeout @@ -14,11 +14,11 @@ Signed-off-by: Andreas Färber 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/libqtest.c b/tests/libqtest.c -index 4b90d91..18efcf2 100644 +index 98e8f4b..393e99e 100644 --- a/tests/libqtest.c +++ b/tests/libqtest.c -@@ -34,7 +34,7 @@ - #include "qapi/qmp/json-parser.h" +@@ -35,7 +35,7 @@ + #include "qapi/qmp/qjson.h" #define MAX_IRQ 256 -#define SOCKET_TIMEOUT 5 diff --git a/0071-module-Simplify-module_load.patch b/0039-module-Simplify-module_load.patch similarity index 95% rename from 0071-module-Simplify-module_load.patch rename to 0039-module-Simplify-module_load.patch index a0b2e611..15728bce 100644 --- a/0071-module-Simplify-module_load.patch +++ b/0039-module-Simplify-module_load.patch @@ -1,4 +1,4 @@ -From 212b80fa19390023a809068c5d282e2994bd98bc Mon Sep 17 00:00:00 2001 +From d0fb6e15c8620851d728e67e1cb3b02b9ba07c1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Fri, 20 Jun 2014 16:46:50 +0200 Subject: [PATCH] module: Simplify module_load() diff --git a/0039-qtest-Assure-that-init_socket-s-lis.patch b/0039-qtest-Assure-that-init_socket-s-lis.patch deleted file mode 100644 index 0fabd572..00000000 --- a/0039-qtest-Assure-that-init_socket-s-lis.patch +++ /dev/null @@ -1,27 +0,0 @@ -From c58810a9fe080ce5358ab670b6d4abe1202e63a2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andreas=20F=C3=A4rber?= -Date: Thu, 17 Apr 2014 18:19:14 +0200 -Subject: [PATCH] qtest: Assure that init_socket()'s listen() does not fail -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Andreas Färber ---- - tests/libqtest.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/tests/libqtest.c b/tests/libqtest.c -index 8155695..232f781 100644 ---- a/tests/libqtest.c -+++ b/tests/libqtest.c -@@ -72,7 +72,8 @@ static int init_socket(const char *socket_path) - ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr)); - } while (ret == -1 && errno == EINTR); - g_assert_no_errno(ret); -- listen(sock, 1); -+ ret = listen(sock, 1); -+ g_assert_no_errno(ret); - - return sock; - } diff --git a/0072-module-Don-t-complain-when-a-module.patch b/0040-module-Don-t-complain-when-a-module.patch similarity index 95% rename from 0072-module-Don-t-complain-when-a-module.patch rename to 0040-module-Don-t-complain-when-a-module.patch index df9a295c..b5410620 100644 --- a/0072-module-Don-t-complain-when-a-module.patch +++ b/0040-module-Don-t-complain-when-a-module.patch @@ -1,4 +1,4 @@ -From 14cd25c73de420d01acd3f0691e1d663dcf3eca9 Mon Sep 17 00:00:00 2001 +From 6b2580c25ef053a053af27b393a128ec552a4081 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Fri, 20 Jun 2014 17:54:51 +0200 Subject: [PATCH] module: Don't complain when a module is absent diff --git a/0040-qtest-Add-error-reporting-to-socket.patch b/0040-qtest-Add-error-reporting-to-socket.patch deleted file mode 100644 index 72a5dcd2..00000000 --- a/0040-qtest-Add-error-reporting-to-socket.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 19fed6c601938b60dafb004f7194ff4e86def6f3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andreas=20F=C3=A4rber?= -Date: Thu, 17 Apr 2014 18:38:25 +0200 -Subject: [PATCH] qtest: Add error reporting to socket_accept() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Andreas Färber ---- - tests/libqtest.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/tests/libqtest.c b/tests/libqtest.c -index 232f781..4b90d91 100644 ---- a/tests/libqtest.c -+++ b/tests/libqtest.c -@@ -93,6 +93,9 @@ static int socket_accept(int sock) - do { - ret = accept(sock, (struct sockaddr *)&addr, &addrlen); - } while (ret == -1 && errno == EINTR); -+ if (ret == -1) { -+ fprintf(stderr, "%s failed: %s\n", __func__, strerror(errno)); -+ } - close(sock); - - return ret; diff --git a/0041-tests-Fix-unterminated-string-outpu.patch b/0041-tests-Fix-unterminated-string-outpu.patch new file mode 100644 index 00000000..fa562ed7 --- /dev/null +++ b/0041-tests-Fix-unterminated-string-outpu.patch @@ -0,0 +1,50 @@ +From 8dea7848783572c41b08817d269305ddec5d0dc7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Wed, 9 Jul 2014 21:21:00 +0200 +Subject: [PATCH] tests: Fix unterminated string output visitor enum human + string +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The buffer was being allocated of size string length plus two. +Around the string two quotes were being added, but no terminating NUL. +It was then compared using g_assert_cmpstr(), resulting in fairly random +assertion failures: + + ERROR:tests/test-string-output-visitor.c:213:test_visitor_out_enum: assertion failed (str == str_human): ("\"value1\"" == "\"value1\"\001EEEEEEEEEEEEEE\0171") + +There is no g_assert_cmpnstr() counterpart, so use g_strdup_printf() +for safely assembling the string in the first place. + +Cc: Hu Tao +Cc: Michael S. Tsirkin +Suggested-by: Eric Blake +Fixes: b4900c0 tests: add human format test for string output visitor +Signed-off-by: Andreas Färber +--- + tests/test-string-output-visitor.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/tests/test-string-output-visitor.c b/tests/test-string-output-visitor.c +index e89e43c..101fb27 100644 +--- a/tests/test-string-output-visitor.c ++++ b/tests/test-string-output-visitor.c +@@ -196,16 +196,11 @@ static void test_visitor_out_enum(TestOutputVisitorData *data, + + for (i = 0; i < ENUM_ONE_MAX; i++) { + char *str_human; +- int len; + + visit_type_EnumOne(data->ov, &i, "unused", &err); + g_assert(!err); + +- len = strlen(EnumOne_lookup[i]) + 2; +- str_human = g_malloc0(len); +- str_human[0] = '"'; +- strncpy(str_human + 1, EnumOne_lookup[i], strlen(EnumOne_lookup[i])); +- str_human[len - 1] = '"'; ++ str_human = g_strdup_printf("\"%s\"", EnumOne_lookup[i]); + + str = string_output_get_string(data->sov); + g_assert(str != NULL); diff --git a/0042-libqos-Fix-PC-PCI-endianness-glitch.patch b/0042-libqos-Fix-PC-PCI-endianness-glitch.patch new file mode 100644 index 00000000..72b35052 --- /dev/null +++ b/0042-libqos-Fix-PC-PCI-endianness-glitch.patch @@ -0,0 +1,89 @@ +From 135f7b84cae0986aa804933f18c4e1f9ab34fe63 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Thu, 10 Jul 2014 15:55:04 +0200 +Subject: [PATCH] libqos: Fix PC PCI endianness glitches +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The libqos implementation of io_read{b,w,l} and io_write{b,w,l} hooks +was relying on qtest_mem{read,write}() respectively. With d81d410 (usb: +improve ehci/uhci test) this resulted in assertion failures on ppc hosts: + + ERROR:tests/usb-hcd-ehci-test.c:78:ehci_port_test: assertion failed: ((value & mask) == (expect & mask)) + + ERROR:tests/usb-hcd-ehci-test.c:128:pci_uhci_port_2: assertion failed: (pcibus != NULL) + + ERROR:tests/usb-hcd-ehci-test.c:150:pci_ehci_port_2: assertion failed: (pcibus != NULL) + +qtest_read{b,w,l,q}() and qtest_write{b,w,l,q}() had been introduced +as endian-safe replacement for qtest_mem{read,write}() in I2C in +872536b (qtest: Add MMIO support). Use them for PCI as well. + +Cc: Anthony Liguori +Cc: Gerd Hoffmann +Fixes: c4efe1c qtest: add libqos including PCI support +Fixes: d81d410 usb: improve ehci/uhci test +Signed-off-by: Andreas Färber +--- + tests/libqos/pci-pc.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/tests/libqos/pci-pc.c b/tests/libqos/pci-pc.c +index bf741a4..4adf400 100644 +--- a/tests/libqos/pci-pc.c ++++ b/tests/libqos/pci-pc.c +@@ -41,7 +41,7 @@ static uint8_t qpci_pc_io_readb(QPCIBus *bus, void *addr) + if (port < 0x10000) { + value = inb(port); + } else { +- memread(port, &value, sizeof(value)); ++ value = readb(port); + } + + return value; +@@ -55,7 +55,7 @@ static uint16_t qpci_pc_io_readw(QPCIBus *bus, void *addr) + if (port < 0x10000) { + value = inw(port); + } else { +- memread(port, &value, sizeof(value)); ++ value = readw(port); + } + + return value; +@@ -69,7 +69,7 @@ static uint32_t qpci_pc_io_readl(QPCIBus *bus, void *addr) + if (port < 0x10000) { + value = inl(port); + } else { +- memread(port, &value, sizeof(value)); ++ value = readl(port); + } + + return value; +@@ -82,7 +82,7 @@ static void qpci_pc_io_writeb(QPCIBus *bus, void *addr, uint8_t value) + if (port < 0x10000) { + outb(port, value); + } else { +- memwrite(port, &value, sizeof(value)); ++ writeb(port, value); + } + } + +@@ -93,7 +93,7 @@ static void qpci_pc_io_writew(QPCIBus *bus, void *addr, uint16_t value) + if (port < 0x10000) { + outw(port, value); + } else { +- memwrite(port, &value, sizeof(value)); ++ writew(port, value); + } + } + +@@ -104,7 +104,7 @@ static void qpci_pc_io_writel(QPCIBus *bus, void *addr, uint32_t value) + if (port < 0x10000) { + outl(port, value); + } else { +- memwrite(port, &value, sizeof(value)); ++ writel(port, value); + } + } + diff --git a/0042-qtest-Be-paranoid-about-accept-addr.patch b/0042-qtest-Be-paranoid-about-accept-addr.patch deleted file mode 100644 index 40ce56f3..00000000 --- a/0042-qtest-Be-paranoid-about-accept-addr.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 9938d82cc9cc5ae82283bea7a24ff45d08690e27 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andreas=20F=C3=A4rber?= -Date: Thu, 17 Apr 2014 19:21:12 +0200 -Subject: [PATCH] qtest: Be paranoid about accept() addrlen argument -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If EINTR occurs, re-initialize our argument. - -Signed-off-by: Andreas Färber ---- - tests/libqtest.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/libqtest.c b/tests/libqtest.c -index 18efcf2..1eb9db6 100644 ---- a/tests/libqtest.c -+++ b/tests/libqtest.c -@@ -89,8 +89,8 @@ static int socket_accept(int sock) - setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (void *)&timeout, - sizeof(timeout)); - -- addrlen = sizeof(addr); - do { -+ addrlen = sizeof(addr); - ret = accept(sock, (struct sockaddr *)&addr, &addrlen); - } while (ret == -1 && errno == EINTR); - if (ret == -1) { diff --git a/0043-arm-translate.c-Fix-smlald-Instruct.patch b/0043-arm-translate.c-Fix-smlald-Instruct.patch deleted file mode 100644 index bc55f175..00000000 --- a/0043-arm-translate.c-Fix-smlald-Instruct.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 0fb8a7de8e8013362922d802db7eda5f9bf37766 Mon Sep 17 00:00:00 2001 -From: Peter Crosthwaite -Date: Wed, 16 Apr 2014 20:20:52 -0700 -Subject: [PATCH] arm: translate.c: Fix smlald Instruction -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The smlald (and probably smlsld) instruction was doing incorrect sign -extensions of the operands amongst 64bit result calculation. The -instruction psuedo-code is: - - operand2 = if m_swap then ROR(R[m],16) else R[m]; - product1 = SInt(R[n]<15:0>) * SInt(operand2<15:0>); - product2 = SInt(R[n]<31:16>) * SInt(operand2<31:16>); - result = product1 + product2 + SInt(R[dHi]:R[dLo]); - R[dHi] = result<63:32>; - R[dLo] = result<31:0>; - -The result calculation should be done in 64 bit arithmetic, and hence -product1 and product2 should be sign extended to 64b before calculation. - -The current implementation was adding product1 and product2 together -then sign-extending the intermediate result leading to false negatives. - -E.G. if product1 = product2 = 0x4000000, their sum = 0x80000000, which -will be incorrectly interpreted as -ve on sign extension. - -We fix by doing the 64b extensions on both product1 and product2 before -any addition/subtraction happens. - -We also fix where we were possibly incorrectly setting the Q saturation -flag for SMLSLD, which the ARM ARM specifically says is not set. - -Reported-by: Christina Smith -Signed-off-by: Peter Crosthwaite -Reviewed-by: Peter Maydell -Message-id: 2cddb6f5a15be4ab8d2160f3499d128ae93d304d.1397704570.git.peter.crosthwaite@xilinx.com -Cc: qemu-stable@nongnu.org -Signed-off-by: Peter Maydell -(cherry picked from commit 33bbd75a7c3321432fe40a8cbacd64619c56138c) -Signed-off-by: Andreas Färber ---- - target-arm/translate.c | 34 +++++++++++++++++++++++----------- - 1 file changed, 23 insertions(+), 11 deletions(-) - -diff --git a/target-arm/translate.c b/target-arm/translate.c -index 56e3b4b..0335f10 100644 ---- a/target-arm/translate.c -+++ b/target-arm/translate.c -@@ -8328,27 +8328,39 @@ static void disas_arm_insn(CPUARMState * env, DisasContext *s) - if (insn & (1 << 5)) - gen_swap_half(tmp2); - gen_smul_dual(tmp, tmp2); -- if (insn & (1 << 6)) { -- /* This subtraction cannot overflow. */ -- tcg_gen_sub_i32(tmp, tmp, tmp2); -- } else { -- /* This addition cannot overflow 32 bits; -- * however it may overflow considered as a signed -- * operation, in which case we must set the Q flag. -- */ -- gen_helper_add_setq(tmp, cpu_env, tmp, tmp2); -- } -- tcg_temp_free_i32(tmp2); - if (insn & (1 << 22)) { - /* smlald, smlsld */ -+ TCGv_i64 tmp64_2; -+ - tmp64 = tcg_temp_new_i64(); -+ tmp64_2 = tcg_temp_new_i64(); - tcg_gen_ext_i32_i64(tmp64, tmp); -+ tcg_gen_ext_i32_i64(tmp64_2, tmp2); - tcg_temp_free_i32(tmp); -+ tcg_temp_free_i32(tmp2); -+ if (insn & (1 << 6)) { -+ tcg_gen_sub_i64(tmp64, tmp64, tmp64_2); -+ } else { -+ tcg_gen_add_i64(tmp64, tmp64, tmp64_2); -+ } -+ tcg_temp_free_i64(tmp64_2); - gen_addq(s, tmp64, rd, rn); - gen_storeq_reg(s, rd, rn, tmp64); - tcg_temp_free_i64(tmp64); - } else { - /* smuad, smusd, smlad, smlsd */ -+ if (insn & (1 << 6)) { -+ /* This subtraction cannot overflow. */ -+ tcg_gen_sub_i32(tmp, tmp, tmp2); -+ } else { -+ /* This addition cannot overflow 32 bits; -+ * however it may overflow considered as a -+ * signed operation, in which case we must set -+ * the Q flag. -+ */ -+ gen_helper_add_setq(tmp, cpu_env, tmp, tmp2); -+ } -+ tcg_temp_free_i32(tmp2); - if (rd != 15) - { - tmp2 = load_reg(s, rd); diff --git a/0043-qtest-fix-vhost-user-test-compilati.patch b/0043-qtest-fix-vhost-user-test-compilati.patch new file mode 100644 index 00000000..3a3ce023 --- /dev/null +++ b/0043-qtest-fix-vhost-user-test-compilati.patch @@ -0,0 +1,33 @@ +From 97f277e21ed2aa01d23a960ec499f3b12ec18ed5 Mon Sep 17 00:00:00 2001 +From: Nikolay Nikolaev +Date: Wed, 9 Jul 2014 18:06:32 +0300 +Subject: [PATCH] qtest: fix vhost-user-test compilation with old GLib +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Mising G_TIME_SPAN_SECOND definition breaks the RHEL6 compilation as GLib +version before 2.26 does not have it. In such case just define it. + +Reported-by: Kevin Wolf +Signed-off-by: Nikolay Nikolaev +Signed-off-by: Andreas Färber +--- + tests/vhost-user-test.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c +index 2af2381..406ba70 100644 +--- a/tests/vhost-user-test.c ++++ b/tests/vhost-user-test.c +@@ -22,6 +22,10 @@ + #include + + /* GLIB version compatibility flags */ ++#if !GLIB_CHECK_VERSION(2, 26, 0) ++#define G_TIME_SPAN_SECOND (G_GINT64_CONSTANT(1000000)) ++#endif ++ + #if GLIB_CHECK_VERSION(2, 28, 0) + #define HAVE_MONOTONIC_TIME + #endif diff --git a/0044-target-arm-A64-fix-unallocated-test.patch b/0044-target-arm-A64-fix-unallocated-test.patch deleted file mode 100644 index aecc6819..00000000 --- a/0044-target-arm-A64-fix-unallocated-test.patch +++ /dev/null @@ -1,36 +0,0 @@ -From de439482d4ed1db0f0f5837c98abc46f0a579ba0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Alex=20Benn=C3=A9e?= -Date: Wed, 16 Apr 2014 12:29:39 +0100 -Subject: [PATCH] target-arm: A64: fix unallocated test of scalar SQXTUN -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The test for the U bit was incorrectly inverted in the scalar case of SQXTUN. -This doesn't affect the vector case as the U bit is used to select XTN(2). - -Reported-by: Hao Liu -Signed-off-by: Alex Bennée -Reviewed-by: Claudio Fontana -Reviewed-by: Peter Maydell -Cc: qemu-stable@nongnu.org -Signed-off-by: Peter Maydell -(cherry picked from commit e44a90c59697cf98e05619fbb6f77a403d347495) -Signed-off-by: Andreas Färber ---- - target-arm/translate-a64.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c -index 9175e48..a780366 100644 ---- a/target-arm/translate-a64.c -+++ b/target-arm/translate-a64.c -@@ -7455,7 +7455,7 @@ static void disas_simd_scalar_two_reg_misc(DisasContext *s, uint32_t insn) - } - break; - case 0x12: /* SQXTUN */ -- if (u) { -+ if (!u) { - unallocated_encoding(s); - return; - } diff --git a/0045-tcg-ppc64-Support-the-ELFv2-ABI.patch b/0045-tcg-ppc64-Support-the-ELFv2-ABI.patch deleted file mode 100644 index 7d7b2f35..00000000 --- a/0045-tcg-ppc64-Support-the-ELFv2-ABI.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 243f0e345cce28c1f93444de33fe7981efdac6dd Mon Sep 17 00:00:00 2001 -From: Ulrich Weigand -Date: Tue, 22 Apr 2014 18:26:15 +0200 -Subject: [PATCH] tcg-ppc64: Support the ELFv2 ABI -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The new ELFv2 ABI, used by default on powerpc64le-linux hosts, -introduced some changes that are incompatible with code currently -generated by the ppc64 TGC target. In particular, we no longer -use function descriptors. - -This patch adds support for the ELFv2 ABI in the ppc64 TGC -function call and function prologue sequences. - -Signed-off-by: Ulrich Weigand -Signed-off-by: Andreas Färber ---- - tcg/ppc64/tcg-target.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/tcg/ppc64/tcg-target.c b/tcg/ppc64/tcg-target.c -index 06e440f..4ef4838 100644 ---- a/tcg/ppc64/tcg-target.c -+++ b/tcg/ppc64/tcg-target.c -@@ -717,6 +717,22 @@ static void tcg_out_call(TCGContext *s, tcg_target_long arg, int const_arg) - tcg_out32(s, MTSPR | RS(arg) | LR); - tcg_out32(s, BCLR | BO_ALWAYS | LK); - } -+#elif _CALL_ELF == 2 -+ /* In the ELFv2 ABI, we do not need to set up the TOC pointer in r2, -+ but instead we have to set up r12 to contain the destination address -+ when performing an indirect call. */ -+ TCGReg reg = arg; -+ if (const_arg) { -+ /* FIXME: we could use bl if we knew that the destination uses -+ the same TOC, and what its local entry point offset is. -+ For now, always perform an indirect call. */ -+ tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_R12, arg); -+ reg = TCG_REG_R12; -+ } else { -+ tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_R12, arg); -+ } -+ tcg_out32(s, MTSPR | RS(reg) | CTR); -+ tcg_out32(s, BCCTR | BO_ALWAYS | LK); - #else - TCGReg reg = arg; - int ofs = 0; -@@ -1112,7 +1128,7 @@ static void tcg_target_qemu_prologue(TCGContext *s) - REG_SAVE_BOT - CPU_TEMP_BUF_NLONGS * sizeof(long), - CPU_TEMP_BUF_NLONGS * sizeof(long)); - --#ifndef __APPLE__ -+#if !defined(__APPLE__) && _CALL_ELF != 2 - /* First emit adhoc function descriptor */ - tcg_out64(s, (uint64_t)s->code_ptr + 24); /* entry point */ - s->code_ptr += 16; /* skip TOC and environment pointer */ diff --git a/0046-vmstate-add-VMS_MUST_EXIST.patch b/0046-vmstate-add-VMS_MUST_EXIST.patch deleted file mode 100644 index c45ed4be..00000000 --- a/0046-vmstate-add-VMS_MUST_EXIST.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 52c324d64cd57ad37b25ebc5f4df31b33901d03b Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:50:31 +0300 -Subject: [PATCH] vmstate: add VMS_MUST_EXIST -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Can be used to verify a required field exists or validate -state in some other way. - -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Dr. David Alan Gilbert -Signed-off-by: Juan Quintela -(cherry picked from commit 5bf81c8d63db0216a4d29dc87f9ce530bb791dd1) -Signed-off-by: Andreas Färber ---- - include/migration/vmstate.h | 1 + - vmstate.c | 10 ++++++++++ - 2 files changed, 11 insertions(+) - -diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h -index e7e1705..de970ab 100644 ---- a/include/migration/vmstate.h -+++ b/include/migration/vmstate.h -@@ -100,6 +100,7 @@ enum VMStateFlags { - VMS_MULTIPLY = 0x200, /* multiply "size" field by field_size */ - VMS_VARRAY_UINT8 = 0x400, /* Array with size in uint8_t field*/ - VMS_VARRAY_UINT32 = 0x800, /* Array with size in uint32_t field*/ -+ VMS_MUST_EXIST = 0x1000, /* Field must exist in input */ - }; - - typedef struct { -diff --git a/vmstate.c b/vmstate.c -index b689f2f..d856319 100644 ---- a/vmstate.c -+++ b/vmstate.c -@@ -78,6 +78,10 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd, - return ret; - } - } -+ } else if (field->flags & VMS_MUST_EXIST) { -+ fprintf(stderr, "Input validation failed: %s/%s\n", -+ vmsd->name, field->name); -+ return -1; - } - field++; - } -@@ -138,6 +142,12 @@ void vmstate_save_state(QEMUFile *f, const VMStateDescription *vmsd, - field->info->put(f, addr, size); - } - } -+ } else { -+ if (field->flags & VMS_MUST_EXIST) { -+ fprintf(stderr, "Output state validation failed: %s/%s\n", -+ vmsd->name, field->name); -+ assert(!(field->flags & VMS_MUST_EXIST)); -+ } - } - field++; - } diff --git a/0047-vmstate-add-VMSTATE_VALIDATE.patch b/0047-vmstate-add-VMSTATE_VALIDATE.patch deleted file mode 100644 index ce3a83ac..00000000 --- a/0047-vmstate-add-VMSTATE_VALIDATE.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e258560116c8413cd5c52af69ab73dc82142dae9 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:50:35 +0300 -Subject: [PATCH] vmstate: add VMSTATE_VALIDATE -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Validate state using VMS_ARRAY with num = 0 and VMS_MUST_EXIST - -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela -(cherry picked from commit 4082f0889ba04678fc14816c53e1b9251ea9207e) -Signed-off-by: Andreas Färber ---- - include/migration/vmstate.h | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h -index de970ab..5b71370 100644 ---- a/include/migration/vmstate.h -+++ b/include/migration/vmstate.h -@@ -204,6 +204,14 @@ extern const VMStateInfo vmstate_info_bitmap; - .offset = vmstate_offset_value(_state, _field, _type), \ - } - -+/* Validate state using a boolean predicate. */ -+#define VMSTATE_VALIDATE(_name, _test) { \ -+ .name = (_name), \ -+ .field_exists = (_test), \ -+ .flags = VMS_ARRAY | VMS_MUST_EXIST, \ -+ .num = 0, /* 0 elements: no data, only run _test */ \ -+} -+ - #define VMSTATE_POINTER(_field, _state, _version, _info, _type) { \ - .name = (stringify(_field)), \ - .version_id = (_version), \ diff --git a/0048-virtio-net-fix-buffer-overflow-on-i.patch b/0048-virtio-net-fix-buffer-overflow-on-i.patch deleted file mode 100644 index a4a288a4..00000000 --- a/0048-virtio-net-fix-buffer-overflow-on-i.patch +++ /dev/null @@ -1,64 +0,0 @@ -From e3f320a759052a77b4da97618a94f8adcb0a6490 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:50:39 +0300 -Subject: [PATCH] virtio-net: fix buffer overflow on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4148 QEMU 1.0 integer conversion in -virtio_net_load()@hw/net/virtio-net.c - -Deals with loading a corrupted savevm image. - -> n->mac_table.in_use = qemu_get_be32(f); - -in_use is int so it can get negative when assigned 32bit unsigned value. - -> /* MAC_TABLE_ENTRIES may be different from the saved image */ -> if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) { - -passing this check ^^^ - -> qemu_get_buffer(f, n->mac_table.macs, -> n->mac_table.in_use * ETH_ALEN); - -with good in_use value, "n->mac_table.in_use * ETH_ALEN" can get -positive and bigger than mac_table.macs. For example 0x81000000 -satisfies this condition when ETH_ALEN is 6. - -Fix it by making the value unsigned. -For consistency, change first_multi as well. - -Note: all call sites were audited to confirm that -making them unsigned didn't cause any issues: -it turns out we actually never do math on them, -so it's easy to validate because both values are -always <= MAC_TABLE_ENTRIES. - -Reviewed-by: Michael Roth -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Laszlo Ersek -Signed-off-by: Juan Quintela -(cherry picked from commit 71f7fe48e10a8437c9d42d859389f37157f59980) -[AF: BNC#864812] -Signed-off-by: Andreas Färber ---- - include/hw/virtio/virtio-net.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h -index df60f16..4b32440 100644 ---- a/include/hw/virtio/virtio-net.h -+++ b/include/hw/virtio/virtio-net.h -@@ -176,8 +176,8 @@ typedef struct VirtIONet { - uint8_t nobcast; - uint8_t vhost_started; - struct { -- int in_use; -- int first_multi; -+ uint32_t in_use; -+ uint32_t first_multi; - uint8_t multi_overflow; - uint8_t uni_overflow; - uint8_t *macs; diff --git a/0049-virtio-net-out-of-bounds-buffer-wri.patch b/0049-virtio-net-out-of-bounds-buffer-wri.patch deleted file mode 100644 index 22c49a6f..00000000 --- a/0049-virtio-net-out-of-bounds-buffer-wri.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 0c0a6b53c543e4095da9243eb5299e03d2c88c06 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:50:56 +0300 -Subject: [PATCH] virtio-net: out-of-bounds buffer write on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4150 QEMU 1.5.0 out-of-bounds buffer write in -virtio_net_load()@hw/net/virtio-net.c - -This code is in hw/net/virtio-net.c: - - if (n->max_queues > 1) { - if (n->max_queues != qemu_get_be16(f)) { - error_report("virtio-net: different max_queues "); - return -1; - } - - n->curr_queues = qemu_get_be16(f); - for (i = 1; i < n->curr_queues; i++) { - n->vqs[i].tx_waiting = qemu_get_be32(f); - } - } - -Number of vqs is max_queues, so if we get invalid input here, -for example if max_queues = 2, curr_queues = 3, we get -write beyond end of the buffer, with data that comes from -wire. - -This might be used to corrupt qemu memory in hard to predict ways. -Since we have lots of function pointers around, RCE might be possible. - -Signed-off-by: Michael S. Tsirkin -Acked-by: Jason Wang -Reviewed-by: Michael Roth -Signed-off-by: Juan Quintela -(cherry picked from commit eea750a5623ddac7a61982eec8f1c93481857578) -[AF: BNC#864650] -Signed-off-by: Andreas Färber ---- - hw/net/virtio-net.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c -index 33bd233..0a8cb40 100644 ---- a/hw/net/virtio-net.c -+++ b/hw/net/virtio-net.c -@@ -1407,6 +1407,11 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) - } - - n->curr_queues = qemu_get_be16(f); -+ if (n->curr_queues > n->max_queues) { -+ error_report("virtio-net: curr_queues %x > max_queues %x", -+ n->curr_queues, n->max_queues); -+ return -1; -+ } - for (i = 1; i < n->curr_queues; i++) { - n->vqs[i].tx_waiting = qemu_get_be32(f); - } diff --git a/0050-virtio-out-of-bounds-buffer-write-o.patch b/0050-virtio-out-of-bounds-buffer-write-o.patch deleted file mode 100644 index 84459435..00000000 --- a/0050-virtio-out-of-bounds-buffer-write-o.patch +++ /dev/null @@ -1,57 +0,0 @@ -From a76b7609802937bfc6f35a75cf0809c8f7197f76 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:51:14 +0300 -Subject: [PATCH] virtio: out-of-bounds buffer write on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4151 QEMU 1.0 out-of-bounds buffer write in -virtio_load@hw/virtio/virtio.c - -So we have this code since way back when: - - num = qemu_get_be32(f); - - for (i = 0; i < num; i++) { - vdev->vq[i].vring.num = qemu_get_be32(f); - -array of vqs has size VIRTIO_PCI_QUEUE_MAX, so -on invalid input this will write beyond end of buffer. - -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Michael Roth -Signed-off-by: Juan Quintela -(cherry picked from commit cc45995294b92d95319b4782750a3580cabdbc0c) -[AF: BNC#864653] -Signed-off-by: Andreas Färber ---- - hw/virtio/virtio.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c -index aeabf3a..05f05e7 100644 ---- a/hw/virtio/virtio.c -+++ b/hw/virtio/virtio.c -@@ -891,7 +891,8 @@ int virtio_set_features(VirtIODevice *vdev, uint32_t val) - - int virtio_load(VirtIODevice *vdev, QEMUFile *f) - { -- int num, i, ret; -+ int i, ret; -+ uint32_t num; - uint32_t features; - uint32_t supported_features; - BusState *qbus = qdev_get_parent_bus(DEVICE(vdev)); -@@ -919,6 +920,11 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f) - - num = qemu_get_be32(f); - -+ if (num > VIRTIO_PCI_QUEUE_MAX) { -+ error_report("Invalid number of PCI queues: 0x%x", num); -+ return -1; -+ } -+ - for (i = 0; i < num; i++) { - vdev->vq[i].vring.num = qemu_get_be32(f); - if (k->has_variable_vring_alignment) { diff --git a/0051-ahci-fix-buffer-overrun-on-invalid-.patch b/0051-ahci-fix-buffer-overrun-on-invalid-.patch deleted file mode 100644 index 749e38bd..00000000 --- a/0051-ahci-fix-buffer-overrun-on-invalid-.patch +++ /dev/null @@ -1,41 +0,0 @@ -From b591a65b23630ee3707647d61fc69b3f0ff16665 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:51:18 +0300 -Subject: [PATCH] ahci: fix buffer overrun on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4526 - -Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So -we use the old version of ports to read the array but then allow any -value for ports. This can cause the code to overflow. - -There's no reason to migrate ports - it never changes. -So just make sure it matches. - -Reported-by: Anthony Liguori -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Peter Maydell -Signed-off-by: Juan Quintela -(cherry picked from commit ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5) -[AF: BNC#864671] -Signed-off-by: Andreas Färber ---- - hw/ide/ahci.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c -index bfe633f..457a7a1 100644 ---- a/hw/ide/ahci.c -+++ b/hw/ide/ahci.c -@@ -1293,7 +1293,7 @@ const VMStateDescription vmstate_ahci = { - VMSTATE_UINT32(control_regs.impl, AHCIState), - VMSTATE_UINT32(control_regs.version, AHCIState), - VMSTATE_UINT32(idp_index, AHCIState), -- VMSTATE_INT32(ports, AHCIState), -+ VMSTATE_INT32_EQUAL(ports, AHCIState), - VMSTATE_END_OF_LIST() - }, - }; diff --git a/0052-hpet-fix-buffer-overrun-on-invalid-.patch b/0052-hpet-fix-buffer-overrun-on-invalid-.patch deleted file mode 100644 index cd27ee29..00000000 --- a/0052-hpet-fix-buffer-overrun-on-invalid-.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 085771b0f84bc9e3a9d868ff67c229e83b8431a2 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:51:23 +0300 -Subject: [PATCH] hpet: fix buffer overrun on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4527 hw/timer/hpet.c buffer overrun - -hpet is a VARRAY with a uint8 size but static array of 32 - -To fix, make sure num_timers is valid using VMSTATE_VALID hook. - -Reported-by: Anthony Liguori -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Dr. David Alan Gilbert -Signed-off-by: Juan Quintela -(cherry picked from commit 3f1c49e2136fa08ab1ef3183fd55def308829584) -[AF: BNC#864673] -Signed-off-by: Andreas Färber ---- - hw/timer/hpet.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c -index e15d6bc..2792f89 100644 ---- a/hw/timer/hpet.c -+++ b/hw/timer/hpet.c -@@ -239,6 +239,18 @@ static int hpet_pre_load(void *opaque) - return 0; - } - -+static bool hpet_validate_num_timers(void *opaque, int version_id) -+{ -+ HPETState *s = opaque; -+ -+ if (s->num_timers < HPET_MIN_TIMERS) { -+ return false; -+ } else if (s->num_timers > HPET_MAX_TIMERS) { -+ return false; -+ } -+ return true; -+} -+ - static int hpet_post_load(void *opaque, int version_id) - { - HPETState *s = opaque; -@@ -307,6 +319,7 @@ static const VMStateDescription vmstate_hpet = { - VMSTATE_UINT64(isr, HPETState), - VMSTATE_UINT64(hpet_counter, HPETState), - VMSTATE_UINT8_V(num_timers, HPETState, 2), -+ VMSTATE_VALIDATE("num_timers in range", hpet_validate_num_timers), - VMSTATE_STRUCT_VARRAY_UINT8(timer, HPETState, num_timers, 0, - vmstate_hpet_timer, HPETTimer), - VMSTATE_END_OF_LIST() diff --git a/0053-hw-pci-pcie_aer.c-fix-buffer-overru.patch b/0053-hw-pci-pcie_aer.c-fix-buffer-overru.patch deleted file mode 100644 index 9cd36d20..00000000 --- a/0053-hw-pci-pcie_aer.c-fix-buffer-overru.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 3f2e8a7a3af50578270a058e658ce70680891bd8 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:51:31 +0300 -Subject: [PATCH] hw/pci/pcie_aer.c: fix buffer overruns on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -4) CVE-2013-4529 -hw/pci/pcie_aer.c pcie aer log can overrun the buffer if log_num is - too large - -There are two issues in this file: -1. log_max from remote can be larger than on local -then buffer will overrun with data coming from state file. -2. log_num can be larger then we get data corruption -again with an overflow but not adversary controlled. - -Fix both issues. - -Reported-by: Anthony Liguori -Reported-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Dr. David Alan Gilbert -Signed-off-by: Juan Quintela -(cherry picked from commit 5f691ff91d323b6f97c6600405a7f9dc115a0ad1) -[AF: BNC#864678] -Signed-off-by: Andreas Färber ---- - hw/pci/pcie_aer.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c -index 991502e..535be2c 100644 ---- a/hw/pci/pcie_aer.c -+++ b/hw/pci/pcie_aer.c -@@ -795,6 +795,13 @@ static const VMStateDescription vmstate_pcie_aer_err = { - } - }; - -+static bool pcie_aer_state_log_num_valid(void *opaque, int version_id) -+{ -+ PCIEAERLog *s = opaque; -+ -+ return s->log_num <= s->log_max; -+} -+ - const VMStateDescription vmstate_pcie_aer_log = { - .name = "PCIE_AER_ERROR_LOG", - .version_id = 1, -@@ -802,7 +809,8 @@ const VMStateDescription vmstate_pcie_aer_log = { - .minimum_version_id_old = 1, - .fields = (VMStateField[]) { - VMSTATE_UINT16(log_num, PCIEAERLog), -- VMSTATE_UINT16(log_max, PCIEAERLog), -+ VMSTATE_UINT16_EQUAL(log_max, PCIEAERLog), -+ VMSTATE_VALIDATE("log_num <= log_max", pcie_aer_state_log_num_valid), - VMSTATE_STRUCT_VARRAY_POINTER_UINT16(log, PCIEAERLog, log_num, - vmstate_pcie_aer_err, PCIEAERErr), - VMSTATE_END_OF_LIST() diff --git a/0054-pl022-fix-buffer-overun-on-invalid-.patch b/0054-pl022-fix-buffer-overun-on-invalid-.patch deleted file mode 100644 index 19fd528b..00000000 --- a/0054-pl022-fix-buffer-overun-on-invalid-.patch +++ /dev/null @@ -1,55 +0,0 @@ -From d4e6359ea7c11e7ae6b8ff3c03394db96a2a6932 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:51:35 +0300 -Subject: [PATCH] pl022: fix buffer overun on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4530 - -pl022.c did not bounds check tx_fifo_head and -rx_fifo_head after loading them from file and -before they are used to dereference array. - -Reported-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela -(cherry picked from commit d8d0a0bc7e194300e53a346d25fe5724fd588387) -[AF: BNC#864682] -Signed-off-by: Andreas Färber ---- - hw/ssi/pl022.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/hw/ssi/pl022.c b/hw/ssi/pl022.c -index fd479ef..b19bc71 100644 ---- a/hw/ssi/pl022.c -+++ b/hw/ssi/pl022.c -@@ -240,11 +240,25 @@ static const MemoryRegionOps pl022_ops = { - .endianness = DEVICE_NATIVE_ENDIAN, - }; - -+static int pl022_post_load(void *opaque, int version_id) -+{ -+ PL022State *s = opaque; -+ -+ if (s->tx_fifo_head < 0 || -+ s->tx_fifo_head >= ARRAY_SIZE(s->tx_fifo) || -+ s->rx_fifo_head < 0 || -+ s->rx_fifo_head >= ARRAY_SIZE(s->rx_fifo)) { -+ return -1; -+ } -+ return 0; -+} -+ - static const VMStateDescription vmstate_pl022 = { - .name = "pl022_ssp", - .version_id = 1, - .minimum_version_id = 1, - .minimum_version_id_old = 1, -+ .post_load = pl022_post_load, - .fields = (VMStateField[]) { - VMSTATE_UINT32(cr0, PL022State), - VMSTATE_UINT32(cr1, PL022State), diff --git a/0055-vmstate-fix-buffer-overflow-in-targ.patch b/0055-vmstate-fix-buffer-overflow-in-targ.patch deleted file mode 100644 index 8ffc9b5f..00000000 --- a/0055-vmstate-fix-buffer-overflow-in-targ.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 5c94e6582aaf791f603afbf4b1d8d86652d87f93 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:51:42 +0300 -Subject: [PATCH] vmstate: fix buffer overflow in target-arm/machine.c -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4531 - -cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for -cpreg_vmstate_array_len will cause a buffer overflow. - -VMSTATE_INT32_LE was supposed to protect against this -but doesn't because it doesn't validate that input is -non-negative. - -Fix this macro to valide the value appropriately. - -The only other user of VMSTATE_INT32_LE doesn't -ever use negative numbers so it doesn't care. - -Reported-by: Anthony Liguori -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela -(cherry picked from commit d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62) -[AF: BNC#864796] -Signed-off-by: Andreas Färber ---- - vmstate.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/vmstate.c b/vmstate.c -index d856319..105f184 100644 ---- a/vmstate.c -+++ b/vmstate.c -@@ -333,8 +333,9 @@ const VMStateInfo vmstate_info_int32_equal = { - .put = put_int32, - }; - --/* 32 bit int. Check that the received value is less than or equal to -- the one in the field */ -+/* 32 bit int. Check that the received value is non-negative -+ * and less than or equal to the one in the field. -+ */ - - static int get_int32_le(QEMUFile *f, void *pv, size_t size) - { -@@ -342,7 +343,7 @@ static int get_int32_le(QEMUFile *f, void *pv, size_t size) - int32_t loaded; - qemu_get_sbe32s(f, &loaded); - -- if (loaded <= *cur) { -+ if (loaded >= 0 && loaded <= *cur) { - *cur = loaded; - return 0; - } diff --git a/0056-virtio-avoid-buffer-overrun-on-inco.patch b/0056-virtio-avoid-buffer-overrun-on-inco.patch deleted file mode 100644 index bc2858fb..00000000 --- a/0056-virtio-avoid-buffer-overrun-on-inco.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 49af37a1dfdb6e7a54ae4ab9fd1c7816763bf6c1 Mon Sep 17 00:00:00 2001 -From: Michael Roth -Date: Thu, 3 Apr 2014 19:51:46 +0300 -Subject: [PATCH] virtio: avoid buffer overrun on incoming migration -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-6399 - -vdev->queue_sel is read from the wire, and later used in the -emulation code as an index into vdev->vq[]. If the value of -vdev->queue_sel exceeds the length of vdev->vq[], currently -allocated to be VIRTIO_PCI_QUEUE_MAX elements, subsequent PIO -operations such as VIRTIO_PCI_QUEUE_PFN can be used to overrun -the buffer with arbitrary data originating from the source. - -Fix this by failing migration if the value from the wire exceeds -VIRTIO_PCI_QUEUE_MAX. - -Signed-off-by: Michael Roth -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Peter Maydell -Signed-off-by: Juan Quintela -(cherry picked from commit 4b53c2c72cb5541cf394033b528a6fe2a86c0ac1) -[AF: BNC#864814] -Signed-off-by: Andreas Färber ---- - hw/virtio/virtio.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c -index 05f05e7..0072542 100644 ---- a/hw/virtio/virtio.c -+++ b/hw/virtio/virtio.c -@@ -907,6 +907,9 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f) - qemu_get_8s(f, &vdev->status); - qemu_get_8s(f, &vdev->isr); - qemu_get_be16s(f, &vdev->queue_sel); -+ if (vdev->queue_sel >= VIRTIO_PCI_QUEUE_MAX) { -+ return -1; -+ } - qemu_get_be32s(f, &features); - - if (virtio_set_features(vdev, features) < 0) { diff --git a/0057-virtio-validate-num_sg-when-mapping.patch b/0057-virtio-validate-num_sg-when-mapping.patch deleted file mode 100644 index dc62f156..00000000 --- a/0057-virtio-validate-num_sg-when-mapping.patch +++ /dev/null @@ -1,46 +0,0 @@ -From c5b839d16efe607af264cd6c2d99124b2a10bc02 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:51:53 +0300 -Subject: [PATCH] virtio: validate num_sg when mapping -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4535 -CVE-2013-4536 - -Both virtio-block and virtio-serial read, -VirtQueueElements are read in as buffers, and passed to -virtqueue_map_sg(), where num_sg is taken from the wire and can force -writes to indicies beyond VIRTQUEUE_MAX_SIZE. - -To fix, validate num_sg. - -Reported-by: Michael Roth -Signed-off-by: Michael S. Tsirkin -Cc: Amit Shah -Signed-off-by: Juan Quintela -(cherry picked from commit 36cf2a37132c7f01fa9adb5f95f5312b27742fd4) -[AF: BNC#864665] -Signed-off-by: Andreas Färber ---- - hw/virtio/virtio.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c -index 0072542..a70169a 100644 ---- a/hw/virtio/virtio.c -+++ b/hw/virtio/virtio.c -@@ -430,6 +430,12 @@ void virtqueue_map_sg(struct iovec *sg, hwaddr *addr, - unsigned int i; - hwaddr len; - -+ if (num_sg >= VIRTQUEUE_MAX_SIZE) { -+ error_report("virtio: map attempt out of bounds: %zd > %d", -+ num_sg, VIRTQUEUE_MAX_SIZE); -+ exit(1); -+ } -+ - for (i = 0; i < num_sg; i++) { - len = sg[i].iov_len; - sg[i].iov_base = cpu_physical_memory_map(addr[i], &len, is_write); diff --git a/0058-pxa2xx-avoid-buffer-overrun-on-inco.patch b/0058-pxa2xx-avoid-buffer-overrun-on-inco.patch deleted file mode 100644 index 2eba917f..00000000 --- a/0058-pxa2xx-avoid-buffer-overrun-on-inco.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f1cebceb572956ff820ecc29362c6ade0020d570 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:51:57 +0300 -Subject: [PATCH] pxa2xx: avoid buffer overrun on incoming migration -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4533 - -s->rx_level is read from the wire and used to determine how many bytes -to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the -length of s->rx_fifo[] the buffer can be overrun with arbitrary data -from the wire. - -Fix this by validating rx_level against the size of s->rx_fifo. - -Cc: Don Koch -Reported-by: Michael Roth -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Peter Maydell -Reviewed-by: Don Koch -Signed-off-by: Juan Quintela -(cherry picked from commit caa881abe0e01f9931125a0977ec33c5343e4aa7) -[AF: BNC#864655] -Signed-off-by: Andreas Färber ---- - hw/arm/pxa2xx.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c -index 0429148..e0cd847 100644 ---- a/hw/arm/pxa2xx.c -+++ b/hw/arm/pxa2xx.c -@@ -732,7 +732,7 @@ static void pxa2xx_ssp_save(QEMUFile *f, void *opaque) - static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id) - { - PXA2xxSSPState *s = (PXA2xxSSPState *) opaque; -- int i; -+ int i, v; - - s->enable = qemu_get_be32(f); - -@@ -746,7 +746,11 @@ static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id) - qemu_get_8s(f, &s->ssrsa); - qemu_get_8s(f, &s->ssacd); - -- s->rx_level = qemu_get_byte(f); -+ v = qemu_get_byte(f); -+ if (v < 0 || v > ARRAY_SIZE(s->rx_fifo)) { -+ return -EINVAL; -+ } -+ s->rx_level = v; - s->rx_start = 0; - for (i = 0; i < s->rx_level; i ++) - s->rx_fifo[i] = qemu_get_byte(f); diff --git a/0059-ssd0323-fix-buffer-overun-on-invali.patch b/0059-ssd0323-fix-buffer-overun-on-invali.patch deleted file mode 100644 index 2e31a824..00000000 --- a/0059-ssd0323-fix-buffer-overun-on-invali.patch +++ /dev/null @@ -1,82 +0,0 @@ -From fb4795c3470c9258f96324a7e49fabf33ae1b98b Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:52:05 +0300 -Subject: [PATCH] ssd0323: fix buffer overun on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4538 - -s->cmd_len used as index in ssd0323_transfer() to store 32-bit field. -Possible this field might then be supplied by guest to overwrite a -return addr somewhere. Same for row/col fields, which are indicies into -framebuffer array. - -To fix validate after load. - -Additionally, validate that the row/col_start/end are within bounds; -otherwise the guest can provoke an overrun by either setting the _end -field so large that the row++ increments just walk off the end of the -array, or by setting the _start value to something bogus and then -letting the "we hit end of row" logic reset row to row_start. - -For completeness, validate mode as well. - -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Peter Maydell -Signed-off-by: Juan Quintela -(cherry picked from commit ead7a57df37d2187813a121308213f41591bd811) -[AF: BNC#864769] -Signed-off-by: Andreas Färber ---- - hw/display/ssd0323.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/hw/display/ssd0323.c b/hw/display/ssd0323.c -index 971152e..9727007 100644 ---- a/hw/display/ssd0323.c -+++ b/hw/display/ssd0323.c -@@ -312,18 +312,42 @@ static int ssd0323_load(QEMUFile *f, void *opaque, int version_id) - return -EINVAL; - - s->cmd_len = qemu_get_be32(f); -+ if (s->cmd_len < 0 || s->cmd_len > ARRAY_SIZE(s->cmd_data)) { -+ return -EINVAL; -+ } - s->cmd = qemu_get_be32(f); - for (i = 0; i < 8; i++) - s->cmd_data[i] = qemu_get_be32(f); - s->row = qemu_get_be32(f); -+ if (s->row < 0 || s->row >= 80) { -+ return -EINVAL; -+ } - s->row_start = qemu_get_be32(f); -+ if (s->row_start < 0 || s->row_start >= 80) { -+ return -EINVAL; -+ } - s->row_end = qemu_get_be32(f); -+ if (s->row_end < 0 || s->row_end >= 80) { -+ return -EINVAL; -+ } - s->col = qemu_get_be32(f); -+ if (s->col < 0 || s->col >= 64) { -+ return -EINVAL; -+ } - s->col_start = qemu_get_be32(f); -+ if (s->col_start < 0 || s->col_start >= 64) { -+ return -EINVAL; -+ } - s->col_end = qemu_get_be32(f); -+ if (s->col_end < 0 || s->col_end >= 64) { -+ return -EINVAL; -+ } - s->redraw = qemu_get_be32(f); - s->remap = qemu_get_be32(f); - s->mode = qemu_get_be32(f); -+ if (s->mode != SSD0323_CMD && s->mode != SSD0323_DATA) { -+ return -EINVAL; -+ } - qemu_get_buffer(f, s->framebuffer, sizeof(s->framebuffer)); - - ss->cs = qemu_get_be32(f); diff --git a/0060-tsc210x-fix-buffer-overrun-on-inval.patch b/0060-tsc210x-fix-buffer-overrun-on-inval.patch deleted file mode 100644 index 2ca48221..00000000 --- a/0060-tsc210x-fix-buffer-overrun-on-inval.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 9258d36c4392e02156a986a03a0d8ee8fb0c4284 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:52:09 +0300 -Subject: [PATCH] tsc210x: fix buffer overrun on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4539 - -s->precision, nextprecision, function and nextfunction -come from wire and are used -as idx into resolution[] in TSC_CUT_RESOLUTION. - -Validate after load to avoid buffer overrun. - -Cc: Andreas Färber -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela -(cherry picked from commit 5193be3be35f29a35bc465036cd64ad60d43385f) -[AF: BNC#864805] -Signed-off-by: Andreas Färber ---- - hw/input/tsc210x.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/hw/input/tsc210x.c b/hw/input/tsc210x.c -index 485c9e5..aa5b688 100644 ---- a/hw/input/tsc210x.c -+++ b/hw/input/tsc210x.c -@@ -1070,9 +1070,21 @@ static int tsc210x_load(QEMUFile *f, void *opaque, int version_id) - s->enabled = qemu_get_byte(f); - s->host_mode = qemu_get_byte(f); - s->function = qemu_get_byte(f); -+ if (s->function < 0 || s->function >= ARRAY_SIZE(mode_regs)) { -+ return -EINVAL; -+ } - s->nextfunction = qemu_get_byte(f); -+ if (s->nextfunction < 0 || s->nextfunction >= ARRAY_SIZE(mode_regs)) { -+ return -EINVAL; -+ } - s->precision = qemu_get_byte(f); -+ if (s->precision < 0 || s->precision >= ARRAY_SIZE(resolution)) { -+ return -EINVAL; -+ } - s->nextprecision = qemu_get_byte(f); -+ if (s->nextprecision < 0 || s->nextprecision >= ARRAY_SIZE(resolution)) { -+ return -EINVAL; -+ } - s->filter = qemu_get_byte(f); - s->pin_func = qemu_get_byte(f); - s->ref = qemu_get_byte(f); diff --git a/0061-zaurus-fix-buffer-overrun-on-invali.patch b/0061-zaurus-fix-buffer-overrun-on-invali.patch deleted file mode 100644 index 84afb38d..00000000 --- a/0061-zaurus-fix-buffer-overrun-on-invali.patch +++ /dev/null @@ -1,59 +0,0 @@ -From a075e63d02fed4153136742624696b376918a820 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:52:13 +0300 -Subject: [PATCH] zaurus: fix buffer overrun on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4540 - -Within scoop_gpio_handler_update, if prev_level has a high bit set, then -we get bit > 16 and that causes a buffer overrun. - -Since prev_level comes from wire indirectly, this can -happen on invalid state load. - -Similarly for gpio_level and gpio_dir. - -To fix, limit to 16 bit. - -Reported-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Dr. David Alan Gilbert -Signed-off-by: Juan Quintela -(cherry picked from commit 52f91c3723932f8340fe36c8ec8b18a757c37b2b) -[AF: BNC#864801] -Signed-off-by: Andreas Färber ---- - hw/gpio/zaurus.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/hw/gpio/zaurus.c b/hw/gpio/zaurus.c -index dc79a8b..8e2ce04 100644 ---- a/hw/gpio/zaurus.c -+++ b/hw/gpio/zaurus.c -@@ -203,6 +203,15 @@ static bool is_version_0 (void *opaque, int version_id) - return version_id == 0; - } - -+static bool vmstate_scoop_validate(void *opaque, int version_id) -+{ -+ ScoopInfo *s = opaque; -+ -+ return !(s->prev_level & 0xffff0000) && -+ !(s->gpio_level & 0xffff0000) && -+ !(s->gpio_dir & 0xffff0000); -+} -+ - static const VMStateDescription vmstate_scoop_regs = { - .name = "scoop", - .version_id = 1, -@@ -215,6 +224,7 @@ static const VMStateDescription vmstate_scoop_regs = { - VMSTATE_UINT32(gpio_level, ScoopInfo), - VMSTATE_UINT32(gpio_dir, ScoopInfo), - VMSTATE_UINT32(prev_level, ScoopInfo), -+ VMSTATE_VALIDATE("irq levels are 16 bit", vmstate_scoop_validate), - VMSTATE_UINT16(mcr, ScoopInfo), - VMSTATE_UINT16(cdr, ScoopInfo), - VMSTATE_UINT16(ccr, ScoopInfo), diff --git a/0062-virtio-scsi-fix-buffer-overrun-on-i.patch b/0062-virtio-scsi-fix-buffer-overrun-on-i.patch deleted file mode 100644 index 1d1d55f8..00000000 --- a/0062-virtio-scsi-fix-buffer-overrun-on-i.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 2f55ce6ce26c16796443a7765a7d5fad157340ed Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:52:17 +0300 -Subject: [PATCH] virtio-scsi: fix buffer overrun on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4542 - -hw/scsi/scsi-bus.c invokes load_request. - - virtio_scsi_load_request does: - qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem)); - -this probably can make elem invalid, for example, -make in_num or out_num huge, then: - - virtio_scsi_parse_req(s, vs->cmd_vqs[n], req); - -will do: - - if (req->elem.out_num > 1) { - qemu_sgl_init_external(req, &req->elem.out_sg[1], - &req->elem.out_addr[1], - req->elem.out_num - 1); - } else { - qemu_sgl_init_external(req, &req->elem.in_sg[1], - &req->elem.in_addr[1], - req->elem.in_num - 1); - } - -and this will access out of array bounds. - -Note: this adds security checks within assert calls since -SCSIBusInfo's load_request cannot fail. -For now simply disable builds with NDEBUG - there seems -to be little value in supporting these. - -Cc: Andreas Färber -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela -(cherry picked from commit 3c3ce981423e0d6c18af82ee62f1850c2cda5976) -[AF: BNC#864804] -Signed-off-by: Andreas Färber ---- - hw/scsi/virtio-scsi.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c -index b0d7517..1752193 100644 ---- a/hw/scsi/virtio-scsi.c -+++ b/hw/scsi/virtio-scsi.c -@@ -147,6 +147,15 @@ static void *virtio_scsi_load_request(QEMUFile *f, SCSIRequest *sreq) - qemu_get_be32s(f, &n); - assert(n < vs->conf.num_queues); - qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem)); -+ /* TODO: add a way for SCSIBusInfo's load_request to fail, -+ * and fail migration instead of asserting here. -+ * When we do, we might be able to re-enable NDEBUG below. -+ */ -+#ifdef NDEBUG -+#error building with NDEBUG is not supported -+#endif -+ assert(req->elem.in_num <= ARRAY_SIZE(req->elem.in_sg)); -+ assert(req->elem.out_num <= ARRAY_SIZE(req->elem.out_sg)); - virtio_scsi_parse_req(s, vs->cmd_vqs[n], req); - - scsi_req_ref(sreq); diff --git a/0063-vmstate-s-VMSTATE_INT32_LE-VMSTATE_.patch b/0063-vmstate-s-VMSTATE_INT32_LE-VMSTATE_.patch deleted file mode 100644 index b563678a..00000000 --- a/0063-vmstate-s-VMSTATE_INT32_LE-VMSTATE_.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 075764d38e7916de4f2621c329d3b7d810a76500 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:52:21 +0300 -Subject: [PATCH] vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/ -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -As the macro verifies the value is positive, rename it -to make the function clearer. - -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela -(cherry picked from commit 3476436a44c29725efef0cabf5b3ea4e70054d57) -Signed-off-by: Andreas Färber ---- - hw/pci/pci.c | 4 ++-- - include/migration/vmstate.h | 2 +- - target-arm/machine.c | 2 +- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/hw/pci/pci.c b/hw/pci/pci.c -index 2a9f08e..517ff2a 100644 ---- a/hw/pci/pci.c -+++ b/hw/pci/pci.c -@@ -475,7 +475,7 @@ const VMStateDescription vmstate_pci_device = { - .minimum_version_id = 1, - .minimum_version_id_old = 1, - .fields = (VMStateField []) { -- VMSTATE_INT32_LE(version_id, PCIDevice), -+ VMSTATE_INT32_POSITIVE_LE(version_id, PCIDevice), - VMSTATE_BUFFER_UNSAFE_INFO(config, PCIDevice, 0, - vmstate_info_pci_config, - PCI_CONFIG_SPACE_SIZE), -@@ -492,7 +492,7 @@ const VMStateDescription vmstate_pcie_device = { - .minimum_version_id = 1, - .minimum_version_id_old = 1, - .fields = (VMStateField []) { -- VMSTATE_INT32_LE(version_id, PCIDevice), -+ VMSTATE_INT32_POSITIVE_LE(version_id, PCIDevice), - VMSTATE_BUFFER_UNSAFE_INFO(config, PCIDevice, 0, - vmstate_info_pci_config, - PCIE_CONFIG_SPACE_SIZE), -diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h -index 5b71370..7e45048 100644 ---- a/include/migration/vmstate.h -+++ b/include/migration/vmstate.h -@@ -601,7 +601,7 @@ extern const VMStateInfo vmstate_info_bitmap; - #define VMSTATE_UINT64_EQUAL(_f, _s) \ - VMSTATE_UINT64_EQUAL_V(_f, _s, 0) - --#define VMSTATE_INT32_LE(_f, _s) \ -+#define VMSTATE_INT32_POSITIVE_LE(_f, _s) \ - VMSTATE_SINGLE(_f, _s, 0, vmstate_info_int32_le, int32_t) - - #define VMSTATE_UINT8_TEST(_f, _s, _t) \ -diff --git a/target-arm/machine.c b/target-arm/machine.c -index 7ced87a..5746ffd 100644 ---- a/target-arm/machine.c -+++ b/target-arm/machine.c -@@ -246,7 +246,7 @@ const VMStateDescription vmstate_arm_cpu = { - /* The length-check must come before the arrays to avoid - * incoming data possibly overflowing the array. - */ -- VMSTATE_INT32_LE(cpreg_vmstate_array_len, ARMCPU), -+ VMSTATE_INT32_POSITIVE_LE(cpreg_vmstate_array_len, ARMCPU), - VMSTATE_VARRAY_INT32(cpreg_vmstate_indexes, ARMCPU, - cpreg_vmstate_array_len, - 0, vmstate_info_uint64, uint64_t), diff --git a/0064-usb-sanity-check-setup_index-setup_.patch b/0064-usb-sanity-check-setup_index-setup_.patch deleted file mode 100644 index 52101926..00000000 --- a/0064-usb-sanity-check-setup_index-setup_.patch +++ /dev/null @@ -1,43 +0,0 @@ -From b94f504fbb4910705803236ec84805ac4ac9139e Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Thu, 3 Apr 2014 19:52:25 +0300 -Subject: [PATCH] usb: sanity check setup_index+setup_len in post_load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4541 - -s->setup_len and s->setup_index are fed into usb_packet_copy as -size/offset into s->data_buf, it's possible for invalid state to exploit -this to load arbitrary data. - -setup_len and setup_index should be checked to make sure -they are not negative. - -Cc: Gerd Hoffmann -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Gerd Hoffmann -Signed-off-by: Juan Quintela -(cherry picked from commit 9f8e9895c504149d7048e9fc5eb5cbb34b16e49a) -[AF: BNC#864802] -Signed-off-by: Andreas Färber ---- - hw/usb/bus.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hw/usb/bus.c b/hw/usb/bus.c -index fe70429..e48b19f 100644 ---- a/hw/usb/bus.c -+++ b/hw/usb/bus.c -@@ -49,7 +49,9 @@ static int usb_device_post_load(void *opaque, int version_id) - } else { - dev->attached = 1; - } -- if (dev->setup_index >= sizeof(dev->data_buf) || -+ if (dev->setup_index < 0 || -+ dev->setup_len < 0 || -+ dev->setup_index >= sizeof(dev->data_buf) || - dev->setup_len >= sizeof(dev->data_buf)) { - return -EINVAL; - } diff --git a/0065-savevm-Ignore-minimum_version_id_ol.patch b/0065-savevm-Ignore-minimum_version_id_ol.patch deleted file mode 100644 index 9d7de215..00000000 --- a/0065-savevm-Ignore-minimum_version_id_ol.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 9ad9afb2ff3fa91c1315bd198e0118f8025b8805 Mon Sep 17 00:00:00 2001 -From: Peter Maydell -Date: Thu, 3 Apr 2014 19:52:28 +0300 -Subject: [PATCH] savevm: Ignore minimum_version_id_old if there is no - load_state_old -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -At the moment we require vmstate definitions to set minimum_version_id_old -to the same value as minimum_version_id if they do not provide a -load_state_old handler. Since the load_state_old functionality is -required only for a handful of devices that need to retain migration -compatibility with a pre-vmstate implementation, this means the bulk -of devices have pointless boilerplate. Relax the definition so that -minimum_version_id_old is ignored if there is no load_state_old handler. - -Note that under the old scheme we would segfault if the vmstate -specified a minimum_version_id_old that was less than minimum_version_id -but did not provide a load_state_old function, and the incoming state -specified a version number between minimum_version_id_old and -minimum_version_id. Under the new scheme this will just result in -our failing the migration. - -Signed-off-by: Peter Maydell -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela -(cherry picked from commit 767adce2d9cd397de3418caa16be35ea18d56f22) -Signed-off-by: Andreas Färber ---- - docs/migration.txt | 12 +++++------- - vmstate.c | 9 +++++---- - 2 files changed, 10 insertions(+), 11 deletions(-) - -diff --git a/docs/migration.txt b/docs/migration.txt -index 0e0a1d4..fe1f2bb 100644 ---- a/docs/migration.txt -+++ b/docs/migration.txt -@@ -139,7 +139,6 @@ static const VMStateDescription vmstate_kbd = { - .name = "pckbd", - .version_id = 3, - .minimum_version_id = 3, -- .minimum_version_id_old = 3, - .fields = (VMStateField []) { - VMSTATE_UINT8(write_cmd, KBDState), - VMSTATE_UINT8(status, KBDState), -@@ -168,12 +167,13 @@ You can see that there are several version fields: - - minimum_version_id: the minimum version_id that VMState is able to understand - for that device. - - minimum_version_id_old: For devices that were not able to port to vmstate, we can -- assign a function that knows how to read this old state. -+ assign a function that knows how to read this old state. This field is -+ ignored if there is no load_state_old handler. - - So, VMState is able to read versions from minimum_version_id to --version_id. And the function load_state_old() is able to load state --from minimum_version_id_old to minimum_version_id. This function is --deprecated and will be removed when no more users are left. -+version_id. And the function load_state_old() (if present) is able to -+load state from minimum_version_id_old to minimum_version_id. This -+function is deprecated and will be removed when no more users are left. - - === Massaging functions === - -@@ -255,7 +255,6 @@ const VMStateDescription vmstate_ide_drive_pio_state = { - .name = "ide_drive/pio_state", - .version_id = 1, - .minimum_version_id = 1, -- .minimum_version_id_old = 1, - .pre_save = ide_drive_pio_pre_save, - .post_load = ide_drive_pio_post_load, - .fields = (VMStateField []) { -@@ -275,7 +274,6 @@ const VMStateDescription vmstate_ide_drive = { - .name = "ide_drive", - .version_id = 3, - .minimum_version_id = 0, -- .minimum_version_id_old = 0, - .post_load = ide_drive_post_load, - .fields = (VMStateField []) { - .... several fields .... -diff --git a/vmstate.c b/vmstate.c -index 105f184..582c321 100644 ---- a/vmstate.c -+++ b/vmstate.c -@@ -19,11 +19,12 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd, - if (version_id > vmsd->version_id) { - return -EINVAL; - } -- if (version_id < vmsd->minimum_version_id_old) { -- return -EINVAL; -- } - if (version_id < vmsd->minimum_version_id) { -- return vmsd->load_state_old(f, opaque, version_id); -+ if (vmsd->load_state_old && -+ version_id >= vmsd->minimum_version_id_old) { -+ return vmsd->load_state_old(f, opaque, version_id); -+ } -+ return -EINVAL; - } - if (vmsd->pre_load) { - int ret = vmsd->pre_load(opaque); diff --git a/0066-ssi-sd-fix-buffer-overrun-on-invali.patch b/0066-ssi-sd-fix-buffer-overrun-on-invali.patch deleted file mode 100644 index 2d6117ae..00000000 --- a/0066-ssi-sd-fix-buffer-overrun-on-invali.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9ec43fe48680cf5917eb3d41ad85201d4137871f Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Mon, 28 Apr 2014 16:08:14 +0300 -Subject: [PATCH] ssi-sd: fix buffer overrun on invalid state load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4537 - -s->arglen is taken from wire and used as idx -in ssi_sd_transfer(). - -Validate it before access. - -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela -(cherry picked from commit a9c380db3b8c6af19546a68145c8d1438a09c92b) -[AF: BNC#864391] -Signed-off-by: Andreas Färber ---- - hw/sd/ssi-sd.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c -index 3273c8a..b012e57 100644 ---- a/hw/sd/ssi-sd.c -+++ b/hw/sd/ssi-sd.c -@@ -230,8 +230,17 @@ static int ssi_sd_load(QEMUFile *f, void *opaque, int version_id) - for (i = 0; i < 5; i++) - s->response[i] = qemu_get_be32(f); - s->arglen = qemu_get_be32(f); -+ if (s->mode == SSI_SD_CMDARG && -+ (s->arglen < 0 || s->arglen >= ARRAY_SIZE(s->cmdarg))) { -+ return -EINVAL; -+ } - s->response_pos = qemu_get_be32(f); - s->stopping = qemu_get_be32(f); -+ if (s->mode == SSI_SD_RESPONSE && -+ (s->response_pos < 0 || s->response_pos >= ARRAY_SIZE(s->response) || -+ (!s->stopping && s->arglen > ARRAY_SIZE(s->response)))) { -+ return -EINVAL; -+ } - - ss->cs = qemu_get_be32(f); - diff --git a/0067-openpic-avoid-buffer-overrun-on-inc.patch b/0067-openpic-avoid-buffer-overrun-on-inc.patch deleted file mode 100644 index c84e3ba2..00000000 --- a/0067-openpic-avoid-buffer-overrun-on-inc.patch +++ /dev/null @@ -1,77 +0,0 @@ -From e70b97747393a4d5544bdb9eb64a7f5b69b0bb91 Mon Sep 17 00:00:00 2001 -From: Michael Roth -Date: Mon, 28 Apr 2014 16:08:17 +0300 -Subject: [PATCH] openpic: avoid buffer overrun on incoming migration -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4534 - -opp->nb_cpus is read from the wire and used to determine how many -IRQDest elements to read into opp->dst[]. If the value exceeds the -length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary -data from the wire. - -Fix this by failing migration if the value read from the wire exceeds -MAX_CPU. - -Signed-off-by: Michael Roth -Reviewed-by: Alexander Graf -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela -(cherry picked from commit 73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e) -[AF: BNC#864811] -Signed-off-by: Andreas Färber ---- - hw/intc/openpic.c | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - -diff --git a/hw/intc/openpic.c b/hw/intc/openpic.c -index be76fbd..17136c9 100644 ---- a/hw/intc/openpic.c -+++ b/hw/intc/openpic.c -@@ -41,6 +41,7 @@ - #include "hw/sysbus.h" - #include "hw/pci/msi.h" - #include "qemu/bitops.h" -+#include "qapi/qmp/qerror.h" - - //#define DEBUG_OPENPIC - -@@ -1416,7 +1417,7 @@ static void openpic_load_IRQ_queue(QEMUFile* f, IRQQueue *q) - static int openpic_load(QEMUFile* f, void *opaque, int version_id) - { - OpenPICState *opp = (OpenPICState *)opaque; -- unsigned int i; -+ unsigned int i, nb_cpus; - - if (version_id != 1) { - return -EINVAL; -@@ -1428,7 +1429,11 @@ static int openpic_load(QEMUFile* f, void *opaque, int version_id) - qemu_get_be32s(f, &opp->spve); - qemu_get_be32s(f, &opp->tfrr); - -- qemu_get_be32s(f, &opp->nb_cpus); -+ qemu_get_be32s(f, &nb_cpus); -+ if (opp->nb_cpus != nb_cpus) { -+ return -EINVAL; -+ } -+ assert(nb_cpus > 0 && nb_cpus <= MAX_CPU); - - for (i = 0; i < opp->nb_cpus; i++) { - qemu_get_sbe32s(f, &opp->dst[i].ctpr); -@@ -1567,6 +1572,13 @@ static void openpic_realize(DeviceState *dev, Error **errp) - {NULL} - }; - -+ if (opp->nb_cpus > MAX_CPU) { -+ error_set(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, -+ TYPE_OPENPIC, "nb_cpus", (uint64_t)opp->nb_cpus, -+ (uint64_t)0, (uint64_t)MAX_CPU); -+ return; -+ } -+ - switch (opp->model) { - case OPENPIC_MODEL_FSL_MPIC_20: - default: diff --git a/0068-virtio-net-out-of-bounds-buffer-wri.patch b/0068-virtio-net-out-of-bounds-buffer-wri.patch deleted file mode 100644 index 266ccf8f..00000000 --- a/0068-virtio-net-out-of-bounds-buffer-wri.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 2eae80d0ad4c9d0de849fbe8ad6d7d5fa788fdfb Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Mon, 28 Apr 2014 16:08:21 +0300 -Subject: [PATCH] virtio-net: out-of-bounds buffer write on load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -CVE-2013-4149 QEMU 1.3.0 out-of-bounds buffer write in -virtio_net_load()@hw/net/virtio-net.c - -> } else if (n->mac_table.in_use) { -> uint8_t *buf = g_malloc0(n->mac_table.in_use); - -We are allocating buffer of size n->mac_table.in_use - -> qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN); - -and read to the n->mac_table.in_use size buffer n->mac_table.in_use * -ETH_ALEN bytes, corrupting memory. - -If adversary controls state then memory written there is controlled -by adversary. - -Reviewed-by: Michael Roth -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela -(cherry picked from commit 98f93ddd84800f207889491e0b5d851386b459cf) -[AF: BNC#864649] -Signed-off-by: Andreas Färber ---- - hw/net/virtio-net.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c -index 0a8cb40..940a7cf 100644 ---- a/hw/net/virtio-net.c -+++ b/hw/net/virtio-net.c -@@ -1362,10 +1362,17 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) - if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) { - qemu_get_buffer(f, n->mac_table.macs, - n->mac_table.in_use * ETH_ALEN); -- } else if (n->mac_table.in_use) { -- uint8_t *buf = g_malloc0(n->mac_table.in_use); -- qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN); -- g_free(buf); -+ } else { -+ int64_t i; -+ -+ /* Overflow detected - can happen if source has a larger MAC table. -+ * We simply set overflow flag so there's no need to maintain the -+ * table of addresses, discard them all. -+ * Note: 64 bit math to avoid integer overflow. -+ */ -+ for (i = 0; i < (int64_t)n->mac_table.in_use * ETH_ALEN; ++i) { -+ qemu_get_byte(f); -+ } - n->mac_table.multi_overflow = n->mac_table.uni_overflow = 1; - n->mac_table.in_use = 0; - } diff --git a/0069-virtio-validate-config_len-on-load.patch b/0069-virtio-validate-config_len-on-load.patch deleted file mode 100644 index 9632a118..00000000 --- a/0069-virtio-validate-config_len-on-load.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 5d2ec830b492cc18205d3a10d9ed3595559cd831 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Mon, 28 Apr 2014 16:08:23 +0300 -Subject: [PATCH] virtio: validate config_len on load -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Malformed input can have config_len in migration stream -exceed the array size allocated on destination, the -result will be heap overflow. - -To fix, that config_len matches on both sides. - -CVE-2014-0182 - -Reported-by: "Dr. David Alan Gilbert" -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Juan Quintela - --- - -v2: use %ix and %zx to print config_len values -Signed-off-by: Juan Quintela -(cherry picked from commit a890a2f9137ac3cf5b607649e66a6f3a5512d8dc) -[AF: BNC#874788] -Signed-off-by: Andreas Färber ---- - hw/virtio/virtio.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c -index a70169a..7f4e7ec 100644 ---- a/hw/virtio/virtio.c -+++ b/hw/virtio/virtio.c -@@ -898,6 +898,7 @@ int virtio_set_features(VirtIODevice *vdev, uint32_t val) - int virtio_load(VirtIODevice *vdev, QEMUFile *f) - { - int i, ret; -+ int32_t config_len; - uint32_t num; - uint32_t features; - uint32_t supported_features; -@@ -924,7 +925,12 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f) - features, supported_features); - return -1; - } -- vdev->config_len = qemu_get_be32(f); -+ config_len = qemu_get_be32(f); -+ if (config_len != vdev->config_len) { -+ error_report("Unexpected config length 0x%x. Expected 0x%zx", -+ config_len, vdev->config_len); -+ return -1; -+ } - qemu_get_buffer(f, vdev->config, vdev->config_len); - - num = qemu_get_be32(f); diff --git a/0070-virtio-allow-mapping-up-to-max-queu.patch b/0070-virtio-allow-mapping-up-to-max-queu.patch deleted file mode 100644 index f060994f..00000000 --- a/0070-virtio-allow-mapping-up-to-max-queu.patch +++ /dev/null @@ -1,36 +0,0 @@ -From f609ef91bccd8b1637575516a94a5dc0af804b40 Mon Sep 17 00:00:00 2001 -From: "Michael S. Tsirkin" -Date: Mon, 12 May 2014 12:04:20 +0300 -Subject: [PATCH] virtio: allow mapping up to max queue size -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so -it's OK if the value read is VIRTQUEUE_MAX_SIZE. - -Not a big problem in practice as people don't use -such big queues, but it's inelegant. - -Reported-by: "Dr. David Alan Gilbert" -Cc: qemu-stable@nongnu.org -Signed-off-by: Michael S. Tsirkin -(cherry picked from commit 937251408051e0489f78e4db3c92e045b147b38b) -Signed-off-by: Andreas Färber ---- - hw/virtio/virtio.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c -index 7f4e7ec..3557c17 100644 ---- a/hw/virtio/virtio.c -+++ b/hw/virtio/virtio.c -@@ -430,7 +430,7 @@ void virtqueue_map_sg(struct iovec *sg, hwaddr *addr, - unsigned int i; - hwaddr len; - -- if (num_sg >= VIRTQUEUE_MAX_SIZE) { -+ if (num_sg > VIRTQUEUE_MAX_SIZE) { - error_report("virtio: map attempt out of bounds: %zd > %d", - num_sg, VIRTQUEUE_MAX_SIZE); - exit(1); diff --git a/ipxe-build-Avoid-strict-aliasing-warning.patch b/ipxe-build-Avoid-strict-aliasing-warning.patch deleted file mode 100644 index 41684998..00000000 --- a/ipxe-build-Avoid-strict-aliasing-warning.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 11ad0bafbf137a874f88ac810520acb90fa9a990 Mon Sep 17 00:00:00 2001 -From: Bo Yang -Date: Wed, 20 Mar 2013 16:34:17 +0800 -Subject: [PATCH] [build] Avoid strict-aliasing warning for gcc 4.3 - -Signed-off-by: Bo Yang -Signed-off-by: Michael Brown ---- - src/arch/i386/include/bits/byteswap.h | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/roms/ipxe/src/arch/i386/include/bits/byteswap.h b/roms/ipxe/src/arch/i386/include/bits/byteswap.h -index f3d30a2..0d9cb96 100644 ---- a/roms/ipxe/src/arch/i386/include/bits/byteswap.h -+++ b/roms/ipxe/src/arch/i386/include/bits/byteswap.h -@@ -53,8 +53,8 @@ __bswap_variable_64 ( uint64_t x ) { - static inline __attribute__ (( always_inline )) void - __bswap_64s ( uint64_t *x ) { - struct { -- uint32_t low; -- uint32_t high; -+ uint32_t __attribute__ (( may_alias )) low; -+ uint32_t __attribute__ (( may_alias )) high; - } __attribute__ (( may_alias )) *dwords = ( ( void * ) x ); - uint32_t discard; - --- -1.7.7 - diff --git a/ipxe-build-Work-around-bug-in-gcc-4.8.patch b/ipxe-build-Work-around-bug-in-gcc-4.8.patch deleted file mode 100644 index 8b40973e..00000000 --- a/ipxe-build-Work-around-bug-in-gcc-4.8.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 238050dfd46e3c4a87329da1d48b4d8dde5af8a1 Mon Sep 17 00:00:00 2001 -From: Michael Brown -Date: Fri, 7 Jun 2013 13:46:27 +0100 -Subject: [PATCH] [build] Work around bug in gcc >= 4.8 - -gcc 4.8 and 4.9 fail to compile pxe_call.c with the error "bp cannot -be used in asm here". Other points in the codebase which use "ebp" in -the asm clobber list do not seem to be affected. - -Unfortunately gcc provides no way to specify %ebp as an output -register, so we cannot use this as a workaround. The only viable -solution is to explicitly push/pop %ebp within the asm itself. This -is ugly for two reasons: firstly, it may be unnecessary; secondly, it -may cause gcc to generate invalid %esp-relative addresses if the asm -happens to use memory operands. This specific block of asm uses no -memory operands and so will not generate invalid code. - -Reported-by: Daniel P. Berrange -Reported-by: Christian Hesse -Originally-fixed-by: Christian Hesse -Signed-off-by: Michael Brown ---- - roms/ipxe/src/arch/i386/interface/pxe/pxe_call.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -Index: b/roms/ipxe/src/arch/i386/interface/pxe/pxe_call.c -=================================================================== ---- a/roms/ipxe/src/arch/i386/interface/pxe/pxe_call.c -+++ b/roms/ipxe/src/arch/i386/interface/pxe/pxe_call.c -@@ -265,12 +265,14 @@ int pxe_start_nbp ( void ) { - DBG ( "Restarting NBP (%x)\n", jmp ); - - /* Far call to PXE NBP */ -- __asm__ __volatile__ ( REAL_CODE ( "movw %%cx, %%es\n\t" -+ __asm__ __volatile__ ( REAL_CODE ( "pushl %%ebp\n\t" /* gcc bug */ -+ "movw %%cx, %%es\n\t" - "pushw %%es\n\t" - "pushw %%di\n\t" - "sti\n\t" - "lcall $0, $0x7c00\n\t" -- "addw $4, %%sp\n\t" ) -+ "popl %%ebp\n\t" /* discard */ -+ "popl %%ebp\n\t" /* gcc bug */ ) - : "=a" ( rc ), "=b" ( discard_b ), - "=c" ( discard_c ), "=d" ( discard_d ), - "=D" ( discard_D ) -@@ -278,7 +280,7 @@ int pxe_start_nbp ( void ) { - "c" ( rm_cs ), - "d" ( virt_to_phys ( &pxenv ) ), - "D" ( __from_text16 ( &ppxe ) ) -- : "esi", "ebp", "memory" ); -+ : "esi", "memory" ); - - return rc; - } diff --git a/ipxe-zbin-Fix-size-used-for-memset-in-al.patch b/ipxe-zbin-Fix-size-used-for-memset-in-al.patch deleted file mode 100644 index ee67d2b7..00000000 --- a/ipxe-zbin-Fix-size-used-for-memset-in-al.patch +++ /dev/null @@ -1,41 +0,0 @@ -From eb5a2ba5962579e514b377f5fdab7292be0fb2a7 Mon Sep 17 00:00:00 2001 -From: "Daniel P. Berrange" -Date: Tue, 5 Mar 2013 15:18:20 +0000 -Subject: [PATCH] [zbin] Fix size used for memset in alloc_output_file -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The output->buf field is a pointer, not an array, so sizeof() is not -applicable. We must use the allocated string length instead. - -Identified by gcc: - - util/zbin.c: In function ‘alloc_output_file’: - util/zbin.c:146:37: warning: argument to ‘sizeof’ in ‘memset’ call - is the same expression as the destination; did you mean to - dereference it? [-Wsizeof-pointer-memaccess] - memset ( output->buf, 0xff, sizeof ( output->buf ) ); - -Signed-off-by: Daniel P. Berrange -Signed-off-by: Michael Brown ---- - src/util/zbin.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/roms/ipxe/src/util/zbin.c b/roms/ipxe/src/util/zbin.c -index 0dabaf1..3b7cf95 100644 ---- a/roms/ipxe/src/util/zbin.c -+++ b/roms/ipxe/src/util/zbin.c -@@ -143,7 +143,7 @@ static int alloc_output_file ( size_t max_len, struct output_file *output ) { - max_len ); - return -1; - } -- memset ( output->buf, 0xff, sizeof ( output->buf ) ); -+ memset ( output->buf, 0xff, max_len ); - return 0; - } - --- -1.7.7 - diff --git a/qemu-2.0.0.tar.bz2 b/qemu-2.0.0.tar.bz2 deleted file mode 100644 index 44548322..00000000 --- a/qemu-2.0.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:058db8ef29b53a4a9bfcfad59193bec18d39a16790765f0a4db6b12963ced6df -size 12948827 diff --git a/qemu-2.1.0-rc1.tar.bz2 b/qemu-2.1.0-rc1.tar.bz2 new file mode 100644 index 00000000..9f712a59 --- /dev/null +++ b/qemu-2.1.0-rc1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ebac4b3ebea59e3ebbc6f1674a60285c608ef9c0f19715ea592e162c682aee6b +size 23541925 diff --git a/qemu-linux-user.changes b/qemu-linux-user.changes index dc4e4010..8e5ef36a 100644 --- a/qemu-linux-user.changes +++ b/qemu-linux-user.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Jul 9 17:34:55 UTC 2014 - afaerber@suse.de + +- Update to v2.1.0-rc0: http://wiki.qemu-project.org/ChangeLog/2.1 +* Package qemu-ppc64le binary +* Modified update_git.sh accordingly +- Update to v2.1.0-rc1: http://wiki.qemu-project.org/ChangeLog/2.1 +* Modified update_git.sh accordingly + ------------------------------------------------------------------- Tue May 13 08:17:18 UTC 2014 - afaerber@suse.de diff --git a/qemu-linux-user.spec b/qemu-linux-user.spec index c50250a7..967d7c0d 100644 --- a/qemu-linux-user.spec +++ b/qemu-linux-user.spec @@ -21,9 +21,9 @@ Url: http://www.qemu.org/ Summary: Universal CPU emulator License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT Group: System/Emulators/PC -Version: 2.0.0 +Version: 2.0.91 Release: 0 -Source: qemu-2.0.0.tar.bz2 +Source: qemu-2.1.0-rc1.tar.bz2 # This patch queue is auto-generated from https://github.com/openSUSE/qemu Patch0001: 0001-XXX-dont-dump-core-on-sigabort.patch Patch0002: 0002-XXX-work-around-SA_RESTART-race-wit.patch @@ -39,7 +39,7 @@ Patch0011: 0011-linux-user-add-binfmt-wrapper-for-a.patch Patch0012: 0012-PPC-KVM-Disable-mmu-notifier-check.patch Patch0013: 0013-linux-user-fix-segfault-deadlock.patch Patch0014: 0014-linux-user-binfmt-support-host-bina.patch -Patch0015: 0015-linux-user-arm-no-tb_flush-on-reset.patch +Patch0015: 0015-target-arm-linux-user-no-tb_flush-o.patch Patch0016: 0016-linux-user-Ignore-broken-loop-ioctl.patch Patch0017: 0017-linux-user-lock-tcg.patch Patch0018: 0018-linux-user-Run-multi-threaded-code-.patch @@ -61,42 +61,13 @@ Patch0033: 0033-Make-char-muxer-more-robust-wrt-sma.patch Patch0034: 0034-linux-user-lseek-explicitly-cast-no.patch Patch0035: 0035-virtfs-proxy-helper-Provide-__u64-f.patch Patch0036: 0036-configure-Enable-PIE-for-ppc-and-pp.patch -Patch0037: 0037-xen_disk-add-discard-support.patch -Patch0038: 0038-tests-Don-t-run-qom-test-twice.patch -Patch0039: 0039-qtest-Assure-that-init_socket-s-lis.patch -Patch0040: 0040-qtest-Add-error-reporting-to-socket.patch -Patch0041: 0041-qtest-Increase-socket-timeout.patch -Patch0042: 0042-qtest-Be-paranoid-about-accept-addr.patch -Patch0043: 0043-arm-translate.c-Fix-smlald-Instruct.patch -Patch0044: 0044-target-arm-A64-fix-unallocated-test.patch -Patch0045: 0045-tcg-ppc64-Support-the-ELFv2-ABI.patch -Patch0046: 0046-vmstate-add-VMS_MUST_EXIST.patch -Patch0047: 0047-vmstate-add-VMSTATE_VALIDATE.patch -Patch0048: 0048-virtio-net-fix-buffer-overflow-on-i.patch -Patch0049: 0049-virtio-net-out-of-bounds-buffer-wri.patch -Patch0050: 0050-virtio-out-of-bounds-buffer-write-o.patch -Patch0051: 0051-ahci-fix-buffer-overrun-on-invalid-.patch -Patch0052: 0052-hpet-fix-buffer-overrun-on-invalid-.patch -Patch0053: 0053-hw-pci-pcie_aer.c-fix-buffer-overru.patch -Patch0054: 0054-pl022-fix-buffer-overun-on-invalid-.patch -Patch0055: 0055-vmstate-fix-buffer-overflow-in-targ.patch -Patch0056: 0056-virtio-avoid-buffer-overrun-on-inco.patch -Patch0057: 0057-virtio-validate-num_sg-when-mapping.patch -Patch0058: 0058-pxa2xx-avoid-buffer-overrun-on-inco.patch -Patch0059: 0059-ssd0323-fix-buffer-overun-on-invali.patch -Patch0060: 0060-tsc210x-fix-buffer-overrun-on-inval.patch -Patch0061: 0061-zaurus-fix-buffer-overrun-on-invali.patch -Patch0062: 0062-virtio-scsi-fix-buffer-overrun-on-i.patch -Patch0063: 0063-vmstate-s-VMSTATE_INT32_LE-VMSTATE_.patch -Patch0064: 0064-usb-sanity-check-setup_index-setup_.patch -Patch0065: 0065-savevm-Ignore-minimum_version_id_ol.patch -Patch0066: 0066-ssi-sd-fix-buffer-overrun-on-invali.patch -Patch0067: 0067-openpic-avoid-buffer-overrun-on-inc.patch -Patch0068: 0068-virtio-net-out-of-bounds-buffer-wri.patch -Patch0069: 0069-virtio-validate-config_len-on-load.patch -Patch0070: 0070-virtio-allow-mapping-up-to-max-queu.patch -Patch0071: 0071-module-Simplify-module_load.patch -Patch0072: 0072-module-Don-t-complain-when-a-module.patch +Patch0037: 0037-tests-Don-t-run-qom-test-twice.patch +Patch0038: 0038-qtest-Increase-socket-timeout.patch +Patch0039: 0039-module-Simplify-module_load.patch +Patch0040: 0040-module-Don-t-complain-when-a-module.patch +Patch0041: 0041-tests-Fix-unterminated-string-outpu.patch +Patch0042: 0042-libqos-Fix-PC-PCI-endianness-glitch.patch +Patch0043: 0043-qtest-fix-vhost-user-test-compilati.patch # Please do not add patches manually here, run update_git.sh. # this is to make lint happy Source300: rpmlintrc @@ -149,7 +120,7 @@ emulations. This can be used together with the OBS build script to run cross-architecture builds. %prep -%setup -q -n qemu-2.0.0 +%setup -q -n qemu-2.1.0-rc1 %patch0001 -p1 %patch0002 -p1 %patch0003 -p1 @@ -193,35 +164,6 @@ run cross-architecture builds. %patch0041 -p1 %patch0042 -p1 %patch0043 -p1 -%patch0044 -p1 -%patch0045 -p1 -%patch0046 -p1 -%patch0047 -p1 -%patch0048 -p1 -%patch0049 -p1 -%patch0050 -p1 -%patch0051 -p1 -%patch0052 -p1 -%patch0053 -p1 -%patch0054 -p1 -%patch0055 -p1 -%patch0056 -p1 -%patch0057 -p1 -%patch0058 -p1 -%patch0059 -p1 -%patch0060 -p1 -%patch0061 -p1 -%patch0062 -p1 -%patch0063 -p1 -%patch0064 -p1 -%patch0065 -p1 -%patch0066 -p1 -%patch0067 -p1 -%patch0068 -p1 -%patch0069 -p1 -%patch0070 -p1 -%patch0071 -p1 -%patch0072 -p1 %build ./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \ @@ -284,6 +226,7 @@ rm -rf ${RPM_BUILD_ROOT} %_bindir/qemu-or32 %_bindir/qemu-ppc64abi32 %_bindir/qemu-ppc64 +%_bindir/qemu-ppc64le %_bindir/qemu-ppc %_bindir/qemu-s390x %_bindir/qemu-sh4 diff --git a/qemu-linux-user.spec.in b/qemu-linux-user.spec.in index 26d55186..78ed92ae 100644 --- a/qemu-linux-user.spec.in +++ b/qemu-linux-user.spec.in @@ -23,7 +23,7 @@ License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT Group: System/Emulators/PC QEMU_VERSION Release: 0 -Source: qemu-2.0.0.tar.bz2 +Source: qemu-2.1.0-rc1.tar.bz2 # This patch queue is auto-generated from https://github.com/openSUSE/qemu PATCH_FILES # Please do not add patches manually here, run update_git.sh. @@ -78,7 +78,7 @@ emulations. This can be used together with the OBS build script to run cross-architecture builds. %prep -%setup -q -n qemu-2.0.0 +%setup -q -n qemu-2.1.0-rc1 PATCH_EXEC %build @@ -142,6 +142,7 @@ rm -rf ${RPM_BUILD_ROOT} %_bindir/qemu-or32 %_bindir/qemu-ppc64abi32 %_bindir/qemu-ppc64 +%_bindir/qemu-ppc64le %_bindir/qemu-ppc %_bindir/qemu-s390x %_bindir/qemu-sh4 diff --git a/qemu.changes b/qemu.changes index 4e9bbf48..3cd02011 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Wed Jul 9 17:34:55 UTC 2014 - afaerber@suse.de + +- Update to v2.1.0-rc0: http://wiki.qemu-project.org/ChangeLog/2.1 +* xen_disk discard support now upstream + 0037-xen_disk-add-discard-support.patch dropped +* PowerPC ELF v2 support now upstream + 0045-tcg-ppc64-Support-the-ELFv2-ABI.patch dropped +* iPXE fixes now included + ipxe-build-Work-around-bug-in-gcc-4.8.patch dropped + ipxe-build-Avoid-strict-aliasing-warning.patch dropped + ipxe-zbin-Fix-size-used-for-memset-in-al.patch dropped +* SeaVGABIOS fix now included + vgabios-Make-sure-stdvga_list_modes-doesn-t-overrun-.patch dropped +* Modified update_git.sh accordingly +- Update to v2.1.0-rc1: http://wiki.qemu-project.org/ChangeLog/2.1 +* 0041-tests-Fix-unterminated-string-outpu.patch: Test fix +* 0042-libqos-Fix-PC-PCI-endianness-glitch.patch: Test fix for ppc +* 0043-qtest-fix-vhost-user-test-compilati.patch: Test fix for SP3 +* Modified update_git.sh accordingly + ------------------------------------------------------------------- Wed Jun 23 21:42:31 UTC 2014 - afaerber@suse.de diff --git a/qemu.spec b/qemu.spec index 328010d0..060fcbed 100644 --- a/qemu.spec +++ b/qemu.spec @@ -43,9 +43,9 @@ Url: http://www.qemu.org/ Summary: Universal CPU emulator License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT Group: System/Emulators/PC -Version: 2.0.0 +Version: 2.0.91 Release: 0 -Source: %name-2.0.0.tar.bz2 +Source: %name-2.1.0-rc1.tar.bz2 Source1: 80-kvm.rules Source2: qemu-ifup Source3: kvm_stat @@ -68,7 +68,7 @@ Patch0011: 0011-linux-user-add-binfmt-wrapper-for-a.patch Patch0012: 0012-PPC-KVM-Disable-mmu-notifier-check.patch Patch0013: 0013-linux-user-fix-segfault-deadlock.patch Patch0014: 0014-linux-user-binfmt-support-host-bina.patch -Patch0015: 0015-linux-user-arm-no-tb_flush-on-reset.patch +Patch0015: 0015-target-arm-linux-user-no-tb_flush-o.patch Patch0016: 0016-linux-user-Ignore-broken-loop-ioctl.patch Patch0017: 0017-linux-user-lock-tcg.patch Patch0018: 0018-linux-user-Run-multi-threaded-code-.patch @@ -90,51 +90,15 @@ Patch0033: 0033-Make-char-muxer-more-robust-wrt-sma.patch Patch0034: 0034-linux-user-lseek-explicitly-cast-no.patch Patch0035: 0035-virtfs-proxy-helper-Provide-__u64-f.patch Patch0036: 0036-configure-Enable-PIE-for-ppc-and-pp.patch -Patch0037: 0037-xen_disk-add-discard-support.patch -Patch0038: 0038-tests-Don-t-run-qom-test-twice.patch -Patch0039: 0039-qtest-Assure-that-init_socket-s-lis.patch -Patch0040: 0040-qtest-Add-error-reporting-to-socket.patch -Patch0041: 0041-qtest-Increase-socket-timeout.patch -Patch0042: 0042-qtest-Be-paranoid-about-accept-addr.patch -Patch0043: 0043-arm-translate.c-Fix-smlald-Instruct.patch -Patch0044: 0044-target-arm-A64-fix-unallocated-test.patch -Patch0045: 0045-tcg-ppc64-Support-the-ELFv2-ABI.patch -Patch0046: 0046-vmstate-add-VMS_MUST_EXIST.patch -Patch0047: 0047-vmstate-add-VMSTATE_VALIDATE.patch -Patch0048: 0048-virtio-net-fix-buffer-overflow-on-i.patch -Patch0049: 0049-virtio-net-out-of-bounds-buffer-wri.patch -Patch0050: 0050-virtio-out-of-bounds-buffer-write-o.patch -Patch0051: 0051-ahci-fix-buffer-overrun-on-invalid-.patch -Patch0052: 0052-hpet-fix-buffer-overrun-on-invalid-.patch -Patch0053: 0053-hw-pci-pcie_aer.c-fix-buffer-overru.patch -Patch0054: 0054-pl022-fix-buffer-overun-on-invalid-.patch -Patch0055: 0055-vmstate-fix-buffer-overflow-in-targ.patch -Patch0056: 0056-virtio-avoid-buffer-overrun-on-inco.patch -Patch0057: 0057-virtio-validate-num_sg-when-mapping.patch -Patch0058: 0058-pxa2xx-avoid-buffer-overrun-on-inco.patch -Patch0059: 0059-ssd0323-fix-buffer-overun-on-invali.patch -Patch0060: 0060-tsc210x-fix-buffer-overrun-on-inval.patch -Patch0061: 0061-zaurus-fix-buffer-overrun-on-invali.patch -Patch0062: 0062-virtio-scsi-fix-buffer-overrun-on-i.patch -Patch0063: 0063-vmstate-s-VMSTATE_INT32_LE-VMSTATE_.patch -Patch0064: 0064-usb-sanity-check-setup_index-setup_.patch -Patch0065: 0065-savevm-Ignore-minimum_version_id_ol.patch -Patch0066: 0066-ssi-sd-fix-buffer-overrun-on-invali.patch -Patch0067: 0067-openpic-avoid-buffer-overrun-on-inc.patch -Patch0068: 0068-virtio-net-out-of-bounds-buffer-wri.patch -Patch0069: 0069-virtio-validate-config_len-on-load.patch -Patch0070: 0070-virtio-allow-mapping-up-to-max-queu.patch -Patch0071: 0071-module-Simplify-module_load.patch -Patch0072: 0072-module-Don-t-complain-when-a-module.patch +Patch0037: 0037-tests-Don-t-run-qom-test-twice.patch +Patch0038: 0038-qtest-Increase-socket-timeout.patch +Patch0039: 0039-module-Simplify-module_load.patch +Patch0040: 0040-module-Don-t-complain-when-a-module.patch +Patch0041: 0041-tests-Fix-unterminated-string-outpu.patch +Patch0042: 0042-libqos-Fix-PC-PCI-endianness-glitch.patch +Patch0043: 0043-qtest-fix-vhost-user-test-compilati.patch # Please do not add patches manually here, run update_git.sh. -# roms/ipxe patches -Patch1000: ipxe-build-Work-around-bug-in-gcc-4.8.patch -Patch1001: ipxe-zbin-Fix-size-used-for-memset-in-al.patch -Patch1002: ipxe-build-Avoid-strict-aliasing-warning.patch -Patch1003: vgabios-Make-sure-stdvga_list_modes-doesn-t-overrun-.patch -# end roms/ipxe patches - # this is to make lint happy Source300: rpmlintrc Source302: bridge.conf @@ -457,7 +421,7 @@ This sub-package contains the guest agent. %package seabios Summary: X86 BIOS for QEMU Group: System/Emulators/PC -Version: 1.7.4 +Version: 1.7.5 Release: 0 %if 0%{?suse_version} > %{noarch_supported} BuildArch: noarch @@ -471,7 +435,7 @@ is the default BIOS for QEMU. %package vgabios Summary: VGA BIOSes for QEMU Group: System/Emulators/PC -Version: 1.7.4 +Version: 1.7.5 Release: 0 %if 0%{?suse_version} > %{noarch_supported} BuildArch: noarch @@ -526,7 +490,7 @@ This package provides a service file for starting and stopping KSM. %endif %prep -%setup -q #-n %name-2.0.0-rc3 +%setup -q -n %name-2.1.0-rc1 %patch0001 -p1 %patch0002 -p1 %patch0003 -p1 @@ -570,40 +534,6 @@ This package provides a service file for starting and stopping KSM. %patch0041 -p1 %patch0042 -p1 %patch0043 -p1 -%patch0044 -p1 -%patch0045 -p1 -%patch0046 -p1 -%patch0047 -p1 -%patch0048 -p1 -%patch0049 -p1 -%patch0050 -p1 -%patch0051 -p1 -%patch0052 -p1 -%patch0053 -p1 -%patch0054 -p1 -%patch0055 -p1 -%patch0056 -p1 -%patch0057 -p1 -%patch0058 -p1 -%patch0059 -p1 -%patch0060 -p1 -%patch0061 -p1 -%patch0062 -p1 -%patch0063 -p1 -%patch0064 -p1 -%patch0065 -p1 -%patch0066 -p1 -%patch0067 -p1 -%patch0068 -p1 -%patch0069 -p1 -%patch0070 -p1 -%patch0071 -p1 -%patch0072 -p1 - -%patch1000 -p1 -%patch1001 -p1 -%patch1002 -p1 -%patch1003 -p1 %if %{build_x86_fw_from_source} # as a safeguard, delete the firmware files that we intend to build diff --git a/qemu.spec.in b/qemu.spec.in index 4a4378bf..c351433c 100644 --- a/qemu.spec.in +++ b/qemu.spec.in @@ -45,7 +45,7 @@ License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT Group: System/Emulators/PC QEMU_VERSION Release: 0 -Source: %name-2.0.0.tar.bz2 +Source: %name-2.1.0-rc1.tar.bz2 Source1: 80-kvm.rules Source2: qemu-ifup Source3: kvm_stat @@ -57,13 +57,6 @@ Source7: 60-kvm.x86.rules PATCH_FILES # Please do not add patches manually here, run update_git.sh. -# roms/ipxe patches -Patch1000: ipxe-build-Work-around-bug-in-gcc-4.8.patch -Patch1001: ipxe-zbin-Fix-size-used-for-memset-in-al.patch -Patch1002: ipxe-build-Avoid-strict-aliasing-warning.patch -Patch1003: vgabios-Make-sure-stdvga_list_modes-doesn-t-overrun-.patch -# end roms/ipxe patches - # this is to make lint happy Source300: rpmlintrc Source302: bridge.conf @@ -455,14 +448,9 @@ This package provides a service file for starting and stopping KSM. %endif %prep -%setup -q #-n %name-2.0.0-rc3 +%setup -q -n %name-2.1.0-rc1 PATCH_EXEC -%patch1000 -p1 -%patch1001 -p1 -%patch1002 -p1 -%patch1003 -p1 - %if %{build_x86_fw_from_source} # as a safeguard, delete the firmware files that we intend to build for i in %built_firmware_files diff --git a/update_git.sh b/update_git.sh index aa427055..02cca8de 100644 --- a/update_git.sh +++ b/update_git.sh @@ -11,8 +11,8 @@ GIT_TREE=git://github.com/openSUSE/qemu.git GIT_LOCAL_TREE=~/git/qemu-opensuse -GIT_BRANCH=opensuse-2.0 -GIT_UPSTREAM_TAG=v2.0.0 +GIT_BRANCH=opensuse-2.1 +GIT_UPSTREAM_TAG=v2.1.0-rc1 GIT_DIR=/dev/shm/qemu-factory-git-dir CMP_DIR=/dev/shm/qemu-factory-cmp-dir diff --git a/vgabios-Make-sure-stdvga_list_modes-doesn-t-overrun-.patch b/vgabios-Make-sure-stdvga_list_modes-doesn-t-overrun-.patch deleted file mode 100644 index b4e36b1e..00000000 --- a/vgabios-Make-sure-stdvga_list_modes-doesn-t-overrun-.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 2620984b42fd2a374e94c75f04982c60edf179cb Mon Sep 17 00:00:00 2001 -From: Kevin O'Connor -Date: Tue, 11 Feb 2014 17:36:56 -0500 -Subject: [PATCH] vgabios: Make sure stdvga_list_modes() doesn't overrun the - buffer. -References: bnc#880625 - -Signed-off-by: Kevin O'Connor -Signed-off-by: Bruce Rogers ---- - vgasrc/stdvgamodes.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/roms/seabios/vgasrc/stdvgamodes.c b/roms/seabios/vgasrc/stdvgamodes.c -index a97c85f..8436729 100644 ---- a/roms/seabios/vgasrc/stdvgamodes.c -+++ b/roms/seabios/vgasrc/stdvgamodes.c -@@ -336,7 +336,7 @@ void - stdvga_list_modes(u16 seg, u16 *dest, u16 *last) - { - int i; -- for (i = 0; i < ARRAY_SIZE(vga_modes); i++) { -+ for (i = 0; i < ARRAY_SIZE(vga_modes) && dest < last; i++) { - struct stdvga_mode_s *stdmode_g = &vga_modes[i]; - u16 mode = GET_GLOBAL(stdmode_g->mode); - if (mode == 0xffff) --- -1.9.0 -