Accepting request 240239 from home:a_faerber:branches:Virtualization
Update to v2.1.0-rc1 OBS-URL: https://build.opensuse.org/request/show/240239 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=216
This commit is contained in:
parent
9e277be67a
commit
fc42fcf71b
@ -1,4 +1,4 @@
|
||||
From afd1df16c2e7b2dd5d4478f2ba6e29a1296c8cfa Mon Sep 17 00:00:00 2001
|
||||
From 96d07382a32a794a4aaa56afd3a067fd72cc1158 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Mon, 21 Nov 2011 23:50:36 +0100
|
||||
Subject: [PATCH] XXX dont dump core on sigabort
|
||||
@ -8,7 +8,7 @@ Subject: [PATCH] XXX dont dump core on sigabort
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/linux-user/signal.c b/linux-user/signal.c
|
||||
index 7d6246f..1bcf16f 100644
|
||||
index f3b4378..dd21475 100644
|
||||
--- a/linux-user/signal.c
|
||||
+++ b/linux-user/signal.c
|
||||
@@ -448,6 +448,10 @@ static void QEMU_NORETURN force_sig(int target_sig)
|
||||
|
@ -1,4 +1,4 @@
|
||||
From e9ce5f593385ed16e456058d1f873e381c9d053d Mon Sep 17 00:00:00 2001
|
||||
From 8448fdb25ea828ec1c0359a5ede533b0fab92f99 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Thu, 1 Dec 2011 19:00:01 +0100
|
||||
Subject: [PATCH] XXX work around SA_RESTART race with boehm-gc (ARM only)
|
||||
@ -13,10 +13,10 @@ Subject: [PATCH] XXX work around SA_RESTART race with boehm-gc (ARM only)
|
||||
4 files changed, 130 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/linux-user/main.c b/linux-user/main.c
|
||||
index af924dc..c7423e6 100644
|
||||
index b453a39..9df92da 100644
|
||||
--- a/linux-user/main.c
|
||||
+++ b/linux-user/main.c
|
||||
@@ -814,15 +814,22 @@ void cpu_loop(CPUARMState *env)
|
||||
@@ -816,15 +816,22 @@ void cpu_loop(CPUARMState *env)
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
@ -49,10 +49,10 @@ index af924dc..c7423e6 100644
|
||||
} else {
|
||||
goto error;
|
||||
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
|
||||
index 36d4a73..a2c4e35 100644
|
||||
index 8012cc2..e29c7f3 100644
|
||||
--- a/linux-user/qemu.h
|
||||
+++ b/linux-user/qemu.h
|
||||
@@ -134,6 +134,8 @@ typedef struct TaskState {
|
||||
@@ -135,6 +135,8 @@ typedef struct TaskState {
|
||||
struct sigqueue sigqueue_table[MAX_SIGQUEUE_SIZE]; /* siginfo queue */
|
||||
struct sigqueue *first_free; /* first free siginfo queue entry */
|
||||
int signal_pending; /* non zero if a signal may be pending */
|
||||
@ -61,7 +61,7 @@ index 36d4a73..a2c4e35 100644
|
||||
} __attribute__((aligned(16))) TaskState;
|
||||
|
||||
extern char *exec_path;
|
||||
@@ -199,6 +201,7 @@ int get_osversion(void);
|
||||
@@ -200,6 +202,7 @@ int get_osversion(void);
|
||||
void init_qemu_uname_release(void);
|
||||
void fork_start(void);
|
||||
void fork_end(int child);
|
||||
@ -70,7 +70,7 @@ index 36d4a73..a2c4e35 100644
|
||||
/* Creates the initial guest address space in the host memory space using
|
||||
* the given host start address hint and size. The guest_start parameter
|
||||
diff --git a/linux-user/signal.c b/linux-user/signal.c
|
||||
index 1bcf16f..cfaf501 100644
|
||||
index dd21475..13affa3 100644
|
||||
--- a/linux-user/signal.c
|
||||
+++ b/linux-user/signal.c
|
||||
@@ -25,6 +25,7 @@
|
||||
@ -93,7 +93,7 @@ index 1bcf16f..cfaf501 100644
|
||||
return 1; /* indicates that the signal was queued */
|
||||
}
|
||||
}
|
||||
@@ -706,8 +712,24 @@ int do_sigaction(int sig, const struct target_sigaction *act,
|
||||
@@ -707,8 +713,24 @@ int do_sigaction(int sig, const struct target_sigaction *act,
|
||||
if (host_sig != SIGSEGV && host_sig != SIGBUS) {
|
||||
sigfillset(&act1.sa_mask);
|
||||
act1.sa_flags = SA_SIGINFO;
|
||||
@ -119,10 +119,10 @@ index 1bcf16f..cfaf501 100644
|
||||
ignore state to avoid getting unexpected interrupted
|
||||
syscalls */
|
||||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
|
||||
index 9864813..1d791a3 100644
|
||||
index 5a272d3..00f9165 100644
|
||||
--- a/linux-user/syscall.c
|
||||
+++ b/linux-user/syscall.c
|
||||
@@ -5259,6 +5259,87 @@ static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode)
|
||||
@@ -5311,6 +5311,87 @@ static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode)
|
||||
return get_errno(open(path(pathname), flags, mode));
|
||||
}
|
||||
|
||||
@ -210,7 +210,7 @@ index 9864813..1d791a3 100644
|
||||
/* do_syscall() should always have a single exit point at the end so
|
||||
that actions, such as logging of syscall results, can be performed.
|
||||
All errnos that do_syscall() returns must be -TARGET_<errcode>. */
|
||||
@@ -5272,6 +5353,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
|
||||
@@ -5324,6 +5405,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
|
||||
struct stat st;
|
||||
struct statfs stfs;
|
||||
void *p;
|
||||
@ -223,7 +223,7 @@ index 9864813..1d791a3 100644
|
||||
|
||||
#ifdef DEBUG
|
||||
gemu_log("syscall %d", num);
|
||||
@@ -8457,7 +8544,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
|
||||
@@ -8575,7 +8662,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
|
||||
cmd = target_to_host_fcntl_cmd(arg2);
|
||||
if (cmd == -TARGET_EINVAL) {
|
||||
ret = cmd;
|
||||
@ -232,7 +232,7 @@ index 9864813..1d791a3 100644
|
||||
}
|
||||
|
||||
switch(arg2) {
|
||||
@@ -9395,6 +9482,7 @@ fail:
|
||||
@@ -9513,6 +9600,7 @@ fail:
|
||||
#endif
|
||||
if(do_strace)
|
||||
print_syscall_ret(num, ret);
|
||||
|
@ -1,4 +1,4 @@
|
||||
From b34c0c408d3f08110ccb980d4ca0ef58a1a03c86 Mon Sep 17 00:00:00 2001
|
||||
From 503851537efa06d26e32efefd669d26a6f73d4f6 Mon Sep 17 00:00:00 2001
|
||||
From: Ulrich Hecht <uli@suse.de>
|
||||
Date: Tue, 14 Apr 2009 16:18:44 +0200
|
||||
Subject: [PATCH] qemu-0.9.0.cvs-binfmt
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 08da583bd034109d09bfa6fedaa19bd0bdbc6c3a Mon Sep 17 00:00:00 2001
|
||||
From c75fb180df47cd5fb2e76452e21f104290569d5e Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Tue, 14 Apr 2009 16:20:50 +0200
|
||||
Subject: [PATCH] qemu-cvs-alsa_bitfield
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 4820daf43dce7bbafc27ab1102a6eb52a17e4da9 Mon Sep 17 00:00:00 2001
|
||||
From 664ebaf05570f05f38b87552d4186294b5d4d442 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Tue, 14 Apr 2009 16:23:27 +0200
|
||||
Subject: [PATCH] qemu-cvs-alsa_ioctl
|
||||
@ -20,10 +20,10 @@ Signed-off-by: Ulrich Hecht <uli@suse.de>
|
||||
create mode 100644 linux-user/syscall_types_alsa.h
|
||||
|
||||
diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
|
||||
index 309fb21..d35f072 100644
|
||||
index 07a00da..762779e 100644
|
||||
--- a/linux-user/ioctls.h
|
||||
+++ b/linux-user/ioctls.h
|
||||
@@ -316,6 +316,11 @@
|
||||
@@ -318,6 +318,11 @@
|
||||
IOCTL(VFAT_IOCTL_READDIR_BOTH, IOC_R, MK_PTR(MK_ARRAY(MK_STRUCT(STRUCT_dirent), 2)))
|
||||
IOCTL(VFAT_IOCTL_READDIR_SHORT, IOC_R, MK_PTR(MK_ARRAY(MK_STRUCT(STRUCT_dirent), 2)))
|
||||
|
||||
@ -2255,10 +2255,10 @@ index 0000000..e09a30d
|
||||
+ unsigned char *code;
|
||||
+};
|
||||
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
|
||||
index fdf9a47..a2ac23e 100644
|
||||
index 8563027..52691fb 100644
|
||||
--- a/linux-user/syscall_defs.h
|
||||
+++ b/linux-user/syscall_defs.h
|
||||
@@ -2545,6 +2545,8 @@ struct target_ucred {
|
||||
@@ -2552,6 +2552,8 @@ struct target_ucred {
|
||||
uint32_t gid;
|
||||
};
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From b1f94337048b56d240420c0d0a37ad061084904c Mon Sep 17 00:00:00 2001
|
||||
From c68e95bcf9ccbab4100a565447ac624adca96220 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Tue, 14 Apr 2009 16:24:15 +0200
|
||||
Subject: [PATCH] qemu-cvs-alsa_mmap
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 2a9ed81b68696702c3dfab0e3635ca1a7afe1ea4 Mon Sep 17 00:00:00 2001
|
||||
From 879e98e20a1010c5067bf0947c6ff788404da5b8 Mon Sep 17 00:00:00 2001
|
||||
From: Ulrich Hecht <uli@suse.de>
|
||||
Date: Tue, 14 Apr 2009 16:25:41 +0200
|
||||
Subject: [PATCH] qemu-cvs-gettimeofday
|
||||
@ -9,10 +9,10 @@ No clue what this is for.
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
|
||||
index 1d791a3..206dd12 100644
|
||||
index 00f9165..f3b02f0 100644
|
||||
--- a/linux-user/syscall.c
|
||||
+++ b/linux-user/syscall.c
|
||||
@@ -6403,6 +6403,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
|
||||
@@ -6486,6 +6486,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
|
||||
case TARGET_NR_gettimeofday:
|
||||
{
|
||||
struct timeval tv;
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 9671d1a0e8e53a44513131d105c0f543c181cc0f Mon Sep 17 00:00:00 2001
|
||||
From 641ca10f4b28d9012f8a7c2aee9726d6747e4f23 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Tue, 14 Apr 2009 16:26:33 +0200
|
||||
Subject: [PATCH] qemu-cvs-ioctl_debug
|
||||
@ -12,10 +12,10 @@ Signed-off-by: Ulrich Hecht <uli@suse.de>
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
|
||||
index 206dd12..3407fd7 100644
|
||||
index f3b02f0..8d96462 100644
|
||||
--- a/linux-user/syscall.c
|
||||
+++ b/linux-user/syscall.c
|
||||
@@ -3654,7 +3654,12 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
|
||||
@@ -3719,7 +3719,12 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
|
||||
ie = ioctl_entries;
|
||||
for(;;) {
|
||||
if (ie->target_cmd == 0) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
From a535f471a344608107dce681f66a75b38f9e8441 Mon Sep 17 00:00:00 2001
|
||||
From 5487b8e2361b102d668d4e4cf5eba350f0dc5a62 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Tue, 14 Apr 2009 16:27:36 +0200
|
||||
Subject: [PATCH] qemu-cvs-ioctl_nodirection
|
||||
@ -15,10 +15,10 @@ Signed-off-by: Ulrich Hecht <uli@suse.de>
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
|
||||
index 3407fd7..7d7d700 100644
|
||||
index 8d96462..576ad77 100644
|
||||
--- a/linux-user/syscall.c
|
||||
+++ b/linux-user/syscall.c
|
||||
@@ -3688,6 +3688,11 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
|
||||
@@ -3753,6 +3753,11 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
|
||||
arg_type++;
|
||||
target_size = thunk_type_size(arg_type, 0);
|
||||
switch(ie->access) {
|
||||
@ -30,7 +30,7 @@ index 3407fd7..7d7d700 100644
|
||||
case IOC_R:
|
||||
ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp));
|
||||
if (!is_error(ret)) {
|
||||
@@ -3706,6 +3711,7 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
|
||||
@@ -3771,6 +3776,7 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
|
||||
unlock_user(argptr, arg, 0);
|
||||
ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp));
|
||||
break;
|
||||
|
@ -1,4 +1,4 @@
|
||||
From a96062c693f9fa9ce4d0dd23c9cfc8816b0eacce Mon Sep 17 00:00:00 2001
|
||||
From a95bbe675538b7229a681000c4712e8a67b37c37 Mon Sep 17 00:00:00 2001
|
||||
From: Ulrich Hecht <uli@suse.de>
|
||||
Date: Tue, 14 Apr 2009 16:37:42 +0200
|
||||
Subject: [PATCH] block/vmdk: Support creation of SCSI VMDK images in qemu-img
|
||||
@ -11,71 +11,61 @@ Signed-off-by: Ulrich Hecht <uli@suse.de>
|
||||
[AF: Rebased onto upstream VMDK SCSI support]
|
||||
[AF: Rebased onto skipping of image creation in v1.7]
|
||||
[AF: Simplified in preparation for v1.7.1/v2.0]
|
||||
[AF: Rebased onto QemuOpts conversion for v2.1]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
block.c | 6 +++++-
|
||||
block/vmdk.c | 9 ++++++++-
|
||||
include/block/block_int.h | 2 ++
|
||||
qemu-img.c | 8 +++++++-
|
||||
4 files changed, 22 insertions(+), 3 deletions(-)
|
||||
block.c | 3 +++
|
||||
block/vmdk.c | 10 +++++++++-
|
||||
include/block/block_int.h | 2 ++
|
||||
qemu-img.c | 7 +++++++
|
||||
4 files changed, 21 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/block.c b/block.c
|
||||
index 990a754..40c5c84 100644
|
||||
index 8800a6b..a456134 100644
|
||||
--- a/block.c
|
||||
+++ b/block.c
|
||||
@@ -5277,7 +5277,7 @@ void bdrv_img_create(const char *filename, const char *fmt,
|
||||
Error **errp, bool quiet)
|
||||
{
|
||||
QEMUOptionParameter *param = NULL, *create_options = NULL;
|
||||
- QEMUOptionParameter *backing_fmt, *backing_file, *size;
|
||||
+ QEMUOptionParameter *backing_fmt, *backing_file, *size, *scsi;
|
||||
BlockDriver *drv, *proto_drv;
|
||||
BlockDriver *backing_drv = NULL;
|
||||
Error *local_err = NULL;
|
||||
@@ -5392,6 +5392,10 @@ void bdrv_img_create(const char *filename, const char *fmt,
|
||||
@@ -5597,6 +5597,9 @@ void bdrv_img_create(const char *filename, const char *fmt,
|
||||
if (!quiet) {
|
||||
printf("Formatting '%s', fmt=%s ", filename, fmt);
|
||||
print_option_parameters(param);
|
||||
+ scsi = get_option_parameter(param, BLOCK_OPT_SCSI);
|
||||
+ if (scsi && scsi->value.n) {
|
||||
qemu_opts_print(opts);
|
||||
+ if (qemu_opt_get_bool(opts, BLOCK_OPT_SCSI, false)) {
|
||||
+ printf(", SCSI");
|
||||
+ }
|
||||
puts("");
|
||||
}
|
||||
ret = bdrv_create(drv, filename, param, &local_err);
|
||||
|
||||
diff --git a/block/vmdk.c b/block/vmdk.c
|
||||
index b69988d..59c468d 100644
|
||||
index 27a78da..b26fdb2 100644
|
||||
--- a/block/vmdk.c
|
||||
+++ b/block/vmdk.c
|
||||
@@ -1744,11 +1744,13 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options,
|
||||
fmt = options->value.s;
|
||||
} else if (!strcmp(options->name, BLOCK_OPT_ZEROED_GRAIN)) {
|
||||
zeroed_grain |= options->value.n;
|
||||
+ } else if (!strcmp(options->name, BLOCK_OPT_SCSI)) {
|
||||
+ flags |= options->value.n ? BLOCK_FLAG_SCSI: 0;
|
||||
}
|
||||
options++;
|
||||
@@ -1754,9 +1754,12 @@ static int vmdk_create(const char *filename, QemuOpts *opts, Error **errp)
|
||||
if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ZEROED_GRAIN, false)) {
|
||||
zeroed_grain = true;
|
||||
}
|
||||
+ if (qemu_opt_get_bool_del(opts, BLOCK_OPT_SCSI, false)) {
|
||||
+ flags |= BLOCK_FLAG_SCSI;
|
||||
+ }
|
||||
|
||||
if (!adapter_type) {
|
||||
- adapter_type = "ide";
|
||||
+ adapter_type = flags & BLOCK_FLAG_SCSI ? "lsilogic" : "ide";
|
||||
- adapter_type = g_strdup("ide");
|
||||
+ adapter_type = g_strdup(flags & BLOCK_FLAG_SCSI ? "lsilogic" : "ide");
|
||||
} else if (strcmp(adapter_type, "ide") &&
|
||||
strcmp(adapter_type, "buslogic") &&
|
||||
strcmp(adapter_type, "lsilogic") &&
|
||||
@@ -2096,6 +2098,11 @@ static QEMUOptionParameter vmdk_create_options[] = {
|
||||
.type = OPT_FLAG,
|
||||
.help = "Enable efficient zero writes using the zeroed-grain GTE feature"
|
||||
},
|
||||
+ {
|
||||
+ .name = BLOCK_OPT_SCSI,
|
||||
+ .type = OPT_FLAG,
|
||||
+ .help = "SCSI image"
|
||||
+ },
|
||||
{ NULL }
|
||||
@@ -2153,6 +2156,11 @@ static QemuOptsList vmdk_create_opts = {
|
||||
.help = "Enable efficient zero writes "
|
||||
"using the zeroed-grain GTE feature"
|
||||
},
|
||||
+ {
|
||||
+ .name = BLOCK_OPT_SCSI,
|
||||
+ .type = QEMU_OPT_BOOL,
|
||||
+ .help = "SCSI image"
|
||||
+ },
|
||||
{ /* end of list */ }
|
||||
}
|
||||
};
|
||||
|
||||
diff --git a/include/block/block_int.h b/include/block/block_int.h
|
||||
index cd5bc73..0d4208f 100644
|
||||
index f6c3bef..138c102 100644
|
||||
--- a/include/block/block_int.h
|
||||
+++ b/include/block/block_int.h
|
||||
@@ -40,10 +40,12 @@
|
||||
@ -92,23 +82,15 @@ index cd5bc73..0d4208f 100644
|
||||
#define BLOCK_OPT_BACKING_FMT "backing_fmt"
|
||||
#define BLOCK_OPT_CLUSTER_SIZE "cluster_size"
|
||||
diff --git a/qemu-img.c b/qemu-img.c
|
||||
index 8455994..a8545b7 100644
|
||||
index c98896b..1608434 100644
|
||||
--- a/qemu-img.c
|
||||
+++ b/qemu-img.c
|
||||
@@ -1154,7 +1154,7 @@ static int img_convert(int argc, char **argv)
|
||||
const uint8_t *buf1;
|
||||
BlockDriverInfo bdi;
|
||||
QEMUOptionParameter *param = NULL, *create_options = NULL;
|
||||
- QEMUOptionParameter *out_baseimg_param;
|
||||
+ QEMUOptionParameter *out_baseimg_param, *scsi;
|
||||
char *options = NULL;
|
||||
const char *snapshot_name = NULL;
|
||||
int min_sparse = 8; /* Need at least 4k of zeros for sparse detection */
|
||||
@@ -1398,6 +1398,12 @@ static int img_convert(int argc, char **argv)
|
||||
@@ -1431,6 +1431,13 @@ static int img_convert(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
+ if ((scsi = get_option_parameter(param, BLOCK_OPT_SCSI)) && scsi->value.n && strcmp(drv->format_name, "vmdk")) {
|
||||
+ if (qemu_opt_get_bool(opts, BLOCK_OPT_SCSI, false)
|
||||
+ && strcmp(drv->format_name, "vmdk")) {
|
||||
+ error_report("SCSI devices not supported for this file format");
|
||||
+ ret = -1;
|
||||
+ goto out;
|
||||
@ -116,4 +98,4 @@ index 8455994..a8545b7 100644
|
||||
+
|
||||
if (!skip_create) {
|
||||
/* Create the new image */
|
||||
ret = bdrv_create(drv, out_filename, param, &local_err);
|
||||
ret = bdrv_create(drv, out_filename, opts, &local_err);
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 99a52830916b325a52d7eac1abb979d525229fc4 Mon Sep 17 00:00:00 2001
|
||||
From ec805d63aae6d64cca97882a7b6ecb1e29569e18 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Fri, 30 Sep 2011 19:40:36 +0200
|
||||
Subject: [PATCH] linux-user: add binfmt wrapper for argv[0] handling
|
||||
@ -26,6 +26,7 @@ CC: Reinhard Max <max@suse.de>
|
||||
Signed-off-by: Alexander Graf <agraf@suse.de>
|
||||
[AF: Rebased onto new Makefile infrastructure, twice]
|
||||
[AF: Updated for aarch64 for v2.0.0-rc1]
|
||||
[AF: Rebased onto Makefile changes for v2.1.0-rc0]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
Makefile.target | 13 +++++++++++++
|
||||
@ -36,11 +37,11 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
create mode 100644 linux-user/binfmt.c
|
||||
|
||||
diff --git a/Makefile.target b/Makefile.target
|
||||
index ba12340..87d5724 100644
|
||||
index 137d0b0..57181a4 100644
|
||||
--- a/Makefile.target
|
||||
+++ b/Makefile.target
|
||||
@@ -31,6 +31,10 @@ PROGS+=$(QEMU_PROGW)
|
||||
endif
|
||||
@@ -34,6 +34,10 @@ endif
|
||||
PROGS=$(QEMU_PROG) $(QEMU_PROGW)
|
||||
STPFILES=
|
||||
|
||||
+ifdef CONFIG_LINUX_USER
|
||||
@ -50,7 +51,7 @@ index ba12340..87d5724 100644
|
||||
config-target.h: config-target.h-timestamp
|
||||
config-target.h-timestamp: config-target.mak
|
||||
|
||||
@@ -92,6 +96,8 @@ QEMU_CFLAGS+=-I$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR) -I$(SRC_PATH)/linux-user
|
||||
@@ -101,6 +105,8 @@ QEMU_CFLAGS+=-I$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR) -I$(SRC_PATH)/linux-user
|
||||
obj-y += linux-user/
|
||||
obj-y += gdbstub.o thunk.o user-exec.o
|
||||
|
||||
@ -59,7 +60,7 @@ index ba12340..87d5724 100644
|
||||
endif #CONFIG_LINUX_USER
|
||||
|
||||
#########################################################
|
||||
@@ -137,7 +143,11 @@ endif # CONFIG_SOFTMMU
|
||||
@@ -149,7 +155,11 @@ endif # CONFIG_SOFTMMU
|
||||
# Workaround for http://gcc.gnu.org/PR55489, see configure.
|
||||
%/translate.o: QEMU_CFLAGS += $(TRANSLATE_OPT_CFLAGS)
|
||||
|
||||
@ -68,12 +69,12 @@ index ba12340..87d5724 100644
|
||||
+else
|
||||
dummy := $(call unnest-vars,,obj-y)
|
||||
+endif
|
||||
all-obj-y := $(obj-y)
|
||||
|
||||
# we are making another call to unnest-vars with different vars, protect obj-y,
|
||||
# it can be overriden in subdir Makefile.objs
|
||||
@@ -173,6 +183,9 @@ $(QEMU_PROG): $(all-obj-y) ../libqemuutil.a ../libqemustub.a
|
||||
block-obj-y :=
|
||||
@@ -167,6 +177,9 @@ all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y)
|
||||
$(QEMU_PROG_BUILD): $(all-obj-y) ../libqemuutil.a ../libqemustub.a
|
||||
$(call LINK,$^)
|
||||
endif
|
||||
|
||||
+$(QEMU_PROG)-binfmt: $(obj-binfmt-y)
|
||||
+ $(call LINK,$^)
|
||||
@ -82,7 +83,7 @@ index ba12340..87d5724 100644
|
||||
$(call quiet-command,rm -f $@ && $(SHELL) $(SRC_PATH)/scripts/feature_to_c.sh $@ $(TARGET_XML_FILES)," GEN $(TARGET_DIR)$@")
|
||||
|
||||
diff --git a/linux-user/Makefile.objs b/linux-user/Makefile.objs
|
||||
index 5899d72..18212a2 100644
|
||||
index fd50217..446aca7 100644
|
||||
--- a/linux-user/Makefile.objs
|
||||
+++ b/linux-user/Makefile.objs
|
||||
@@ -5,3 +5,5 @@ obj-$(TARGET_HAS_BFLT) += flatload.o
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 9ceca2f2c25c99e930d31ab11c7ff46dd9d43da6 Mon Sep 17 00:00:00 2001
|
||||
From 4c1f25ae27b6c76220ff286b904e34bef6da6f51 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Fri, 6 Jan 2012 01:05:55 +0100
|
||||
Subject: [PATCH] PPC: KVM: Disable mmu notifier check
|
||||
@ -13,16 +13,17 @@ KVM guests work there, even if possibly racy in some odd circumstances.
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/exec.c b/exec.c
|
||||
index 91513c6..36b5ef6 100644
|
||||
index 5a2a25e..c942e6a 100644
|
||||
--- a/exec.c
|
||||
+++ b/exec.c
|
||||
@@ -1039,10 +1039,12 @@ static void *file_ram_alloc(RAMBlock *block,
|
||||
@@ -1037,11 +1037,13 @@ static void *file_ram_alloc(RAMBlock *block,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+#ifndef TARGET_PPC
|
||||
if (kvm_enabled() && !kvm_has_sync_mmu()) {
|
||||
fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
|
||||
error_setg(errp,
|
||||
"host lacks kvm mmu notifiers, -mem-path unsupported");
|
||||
goto error;
|
||||
}
|
||||
+#endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
From c8bac440eee7d3377d27c676dfa6034ea059451c Mon Sep 17 00:00:00 2001
|
||||
From 90a3fe97f57d72fce339c68ee418fe173f3929ab Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Fri, 13 Jan 2012 17:05:41 +0100
|
||||
Subject: [PATCH] linux-user: fix segfault deadlock
|
||||
@ -52,10 +52,10 @@ index a72edda..e460e12 100644
|
||||
+
|
||||
#endif
|
||||
diff --git a/user-exec.c b/user-exec.c
|
||||
index bc58056..63b3b3d 100644
|
||||
index 1ff8673..22f9692 100644
|
||||
--- a/user-exec.c
|
||||
+++ b/user-exec.c
|
||||
@@ -93,6 +93,10 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
|
||||
@@ -94,6 +94,10 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
|
||||
qemu_printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
|
||||
pc, address, is_write, *(unsigned long *)old_set);
|
||||
#endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
From ae7b4452a263d662035eb35c14fe84590bfff364 Mon Sep 17 00:00:00 2001
|
||||
From d3b6e9bdc03c61bf460b636482080ec11684ba51 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Thu, 2 Feb 2012 18:02:33 +0100
|
||||
Subject: [PATCH] linux-user: binfmt: support host binaries
|
||||
|
@ -1,7 +1,7 @@
|
||||
From bc949bb060b7f52ee5da9ef34e06bb12ba202726 Mon Sep 17 00:00:00 2001
|
||||
From b05fbdf009740d872cc925230c16f4feebc26a19 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Tue, 29 May 2012 15:30:01 +0200
|
||||
Subject: [PATCH] linux-user: arm: no tb_flush on reset
|
||||
Subject: [PATCH] target-arm: linux-user: no tb_flush on reset
|
||||
|
||||
When running automoc4 as linux-user guest program, it segfaults right after
|
||||
it creates a thread. Bisecting pointed to commit a84fac1426 which introduces
|
||||
@ -9,23 +9,25 @@ tb_flush on reset.
|
||||
|
||||
So something in our thread creation is broken. But for now, let's revert the
|
||||
change to at least get a working build again.
|
||||
|
||||
[AF: Rebased, fixed typo]
|
||||
---
|
||||
target-arm/cpu.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
|
||||
index c32d8c4..052f676 100644
|
||||
index 05e52e0..96f8cca 100644
|
||||
--- a/target-arm/cpu.c
|
||||
+++ b/target-arm/cpu.c
|
||||
@@ -154,7 +154,11 @@ static void arm_cpu_reset(CPUState *s)
|
||||
@@ -165,7 +165,11 @@ static void arm_cpu_reset(CPUState *s)
|
||||
* bake assumptions about into translated code, so we need to
|
||||
* tb_flush().
|
||||
*/
|
||||
+#if !defined(CONFIG_USER_ONLY)
|
||||
+ /* XXX hack alert! automoc4 segaults after spawning a new thread with this
|
||||
+ flush enabled */
|
||||
+ /* XXX hack alert! automoc4 segfaults after spawning a new thread with
|
||||
+ * this flush enabled */
|
||||
tb_flush(env);
|
||||
+#endif
|
||||
}
|
||||
|
||||
#ifndef CONFIG_USER_ONLY
|
||||
if (kvm_enabled()) {
|
@ -1,7 +1,10 @@
|
||||
From 9414e435edf0bdf2341c8e69e81e6f42cd73aca4 Mon Sep 17 00:00:00 2001
|
||||
From 032edaaeb5bd9fdc718820a79c1820592b63ffef Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Tue, 12 Jun 2012 04:41:10 +0200
|
||||
Subject: [PATCH] linux-user: Ignore broken loop ioctl
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
During invocations of losetup, we run into an ioctl that doesn't
|
||||
exist. However, because of that we output an error, which then
|
||||
@ -10,6 +13,8 @@ screws up the kiwi logic around that call.
|
||||
So let's silently ignore that bogus ioctl.
|
||||
|
||||
Signed-off-by: Alexander Graf <agraf@suse.de>
|
||||
[AF: Rebased for v2.1.0-rc0]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
linux-user/ioctls.h | 1 +
|
||||
linux-user/linux_loop.h | 1 +
|
||||
@ -18,10 +23,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
|
||||
4 files changed, 10 insertions(+)
|
||||
|
||||
diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
|
||||
index d35f072..2181ea3 100644
|
||||
index 762779e..038a799 100644
|
||||
--- a/linux-user/ioctls.h
|
||||
+++ b/linux-user/ioctls.h
|
||||
@@ -328,6 +328,7 @@
|
||||
@@ -330,6 +330,7 @@
|
||||
IOCTL(LOOP_SET_STATUS64, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info64)))
|
||||
IOCTL(LOOP_GET_STATUS64, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info64)))
|
||||
IOCTL(LOOP_CHANGE_FD, 0, TYPE_INT)
|
||||
@ -41,11 +46,11 @@ index 8974caa..810ae61 100644
|
||||
|
||||
#endif
|
||||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
|
||||
index 7d7d700..4823aa0 100644
|
||||
index 576ad77..af0479e 100644
|
||||
--- a/linux-user/syscall.c
|
||||
+++ b/linux-user/syscall.c
|
||||
@@ -3631,6 +3631,13 @@ static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
|
||||
return ret;
|
||||
@@ -3696,6 +3696,13 @@ static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp,
|
||||
return get_errno(ioctl(fd, ie->host_cmd, sig));
|
||||
}
|
||||
|
||||
+static abi_long do_ioctl_fail(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
|
||||
@ -59,10 +64,10 @@ index 7d7d700..4823aa0 100644
|
||||
#define IOCTL(cmd, access, ...) \
|
||||
{ TARGET_ ## cmd, cmd, #cmd, access, 0, { __VA_ARGS__ } },
|
||||
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
|
||||
index a2ac23e..dd6d041 100644
|
||||
index 52691fb..794215e 100644
|
||||
--- a/linux-user/syscall_defs.h
|
||||
+++ b/linux-user/syscall_defs.h
|
||||
@@ -1044,6 +1044,7 @@ struct target_pollfd {
|
||||
@@ -1051,6 +1051,7 @@ struct target_pollfd {
|
||||
#define TARGET_LOOP_SET_STATUS64 0x4C04
|
||||
#define TARGET_LOOP_GET_STATUS64 0x4C05
|
||||
#define TARGET_LOOP_CHANGE_FD 0x4C06
|
||||
|
@ -1,4 +1,4 @@
|
||||
From c06014909fc303dffb38e62943d88c4ba9f8da31 Mon Sep 17 00:00:00 2001
|
||||
From 56ad45f04c594535e2428ab6efbb2ceb36946e9f Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Thu, 5 Jul 2012 17:31:39 +0200
|
||||
Subject: [PATCH] linux-user: lock tcg
|
||||
@ -11,12 +11,13 @@ different threads.
|
||||
|
||||
Signed-off-by: Alexander Graf <agraf@suse.de>
|
||||
[AF: Rebased onto exec.c/translate-all.c split for 1.4]
|
||||
[AF: Rebased for v2.1.0-rc0]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
linux-user/mmap.c | 3 +++
|
||||
tcg/tcg.c | 36 ++++++++++++++++++++++++++++++++++--
|
||||
tcg/tcg.h | 6 ++++++
|
||||
3 files changed, 43 insertions(+), 2 deletions(-)
|
||||
tcg/tcg.h | 5 +++++
|
||||
3 files changed, 42 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
|
||||
index 34a5615..7ebf953 100644
|
||||
@ -47,11 +48,11 @@ index 34a5615..7ebf953 100644
|
||||
}
|
||||
|
||||
diff --git a/tcg/tcg.c b/tcg/tcg.c
|
||||
index f1e0763..4f36b40 100644
|
||||
index c068990..e404655 100644
|
||||
--- a/tcg/tcg.c
|
||||
+++ b/tcg/tcg.c
|
||||
@@ -40,6 +40,8 @@
|
||||
#include "qemu/cache-utils.h"
|
||||
@@ -39,6 +39,8 @@
|
||||
#include "qemu-common.h"
|
||||
#include "qemu/host-utils.h"
|
||||
#include "qemu/timer.h"
|
||||
+#include "config-host.h"
|
||||
@ -59,7 +60,7 @@ index f1e0763..4f36b40 100644
|
||||
|
||||
/* Note: the long term plan is to reduce the dependencies on the QEMU
|
||||
CPU definitions. Currently they are used for qemu_ld/st
|
||||
@@ -117,6 +119,29 @@ const size_t tcg_op_defs_max = ARRAY_SIZE(tcg_op_defs);
|
||||
@@ -123,6 +125,29 @@ const size_t tcg_op_defs_max = ARRAY_SIZE(tcg_op_defs);
|
||||
static TCGRegSet tcg_target_available_regs[2];
|
||||
static TCGRegSet tcg_target_call_clobber_regs;
|
||||
|
||||
@ -86,10 +87,10 @@ index f1e0763..4f36b40 100644
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
static inline void tcg_out8(TCGContext *s, uint8_t v)
|
||||
#if TCG_TARGET_INSN_UNIT_SIZE == 1
|
||||
static __attribute__((unused)) inline void tcg_out8(TCGContext *s, uint8_t v)
|
||||
{
|
||||
*s->code_ptr++ = v;
|
||||
@@ -295,7 +320,8 @@ void tcg_context_init(TCGContext *s)
|
||||
@@ -339,7 +364,8 @@ void tcg_context_init(TCGContext *s)
|
||||
|
||||
memset(s, 0, sizeof(*s));
|
||||
s->nb_globals = 0;
|
||||
@ -99,7 +100,7 @@ index f1e0763..4f36b40 100644
|
||||
/* Count total number of arguments and allocate the corresponding
|
||||
space */
|
||||
total_args = 0;
|
||||
@@ -2597,10 +2623,12 @@ int tcg_gen_code(TCGContext *s, uint8_t *gen_code_buf)
|
||||
@@ -2560,10 +2586,12 @@ int tcg_gen_code(TCGContext *s, tcg_insn_unit *gen_code_buf)
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -107,14 +108,14 @@ index f1e0763..4f36b40 100644
|
||||
tcg_gen_code_common(s, gen_code_buf, -1);
|
||||
|
||||
/* flush instruction cache */
|
||||
flush_icache_range((uintptr_t)gen_code_buf, (uintptr_t)s->code_ptr);
|
||||
flush_icache_range((uintptr_t)s->code_buf, (uintptr_t)s->code_ptr);
|
||||
+ tcg_unlock();
|
||||
|
||||
return s->code_ptr - gen_code_buf;
|
||||
return tcg_current_code_size(s);
|
||||
}
|
||||
@@ -2611,7 +2639,11 @@ int tcg_gen_code(TCGContext *s, uint8_t *gen_code_buf)
|
||||
Return -1 if not found. */
|
||||
int tcg_gen_code_search_pc(TCGContext *s, uint8_t *gen_code_buf, long offset)
|
||||
@@ -2575,7 +2603,11 @@ int tcg_gen_code(TCGContext *s, tcg_insn_unit *gen_code_buf)
|
||||
int tcg_gen_code_search_pc(TCGContext *s, tcg_insn_unit *gen_code_buf,
|
||||
long offset)
|
||||
{
|
||||
- return tcg_gen_code_common(s, gen_code_buf, offset);
|
||||
+ int r;
|
||||
@ -126,19 +127,18 @@ index f1e0763..4f36b40 100644
|
||||
|
||||
#ifdef CONFIG_PROFILER
|
||||
diff --git a/tcg/tcg.h b/tcg/tcg.h
|
||||
index f7efcb4..27a72f9 100644
|
||||
index 997a704..1815965 100644
|
||||
--- a/tcg/tcg.h
|
||||
+++ b/tcg/tcg.h
|
||||
@@ -54,6 +54,8 @@ typedef uint64_t tcg_target_ulong;
|
||||
#error unsupported
|
||||
#endif
|
||||
@@ -27,6 +27,7 @@
|
||||
|
||||
+#include "config-host.h"
|
||||
#include "qemu-common.h"
|
||||
#include "qemu/bitops.h"
|
||||
+#include "qemu/thread.h"
|
||||
#include "tcg-runtime.h"
|
||||
#include "tcg-target.h"
|
||||
|
||||
#if TCG_TARGET_NB_REGS <= 32
|
||||
@@ -530,6 +532,7 @@ struct TCGContext {
|
||||
/* Default target word size to pointer size. */
|
||||
@@ -554,6 +555,7 @@ struct TCGContext {
|
||||
|
||||
/* The TCGBackendData structure is private to tcg-target.c. */
|
||||
struct TCGBackendData *be;
|
||||
@ -146,7 +146,7 @@ index f7efcb4..27a72f9 100644
|
||||
};
|
||||
|
||||
extern TCGContext tcg_ctx;
|
||||
@@ -707,6 +710,9 @@ void tcg_gen_shifti_i64(TCGv_i64 ret, TCGv_i64 arg1,
|
||||
@@ -732,6 +734,9 @@ void tcg_gen_shifti_i64(TCGv_i64 ret, TCGv_i64 arg1,
|
||||
TCGArg *tcg_optimize(TCGContext *s, uint16_t *tcg_opc_ptr, TCGArg *args,
|
||||
TCGOpDef *tcg_op_def);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From ca45f1d446ca88675e85bf80f133d3d8d955dbf0 Mon Sep 17 00:00:00 2001
|
||||
From 47197d2a2652f532971bba5fcfa9f51e7611f610 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Tue, 10 Jul 2012 20:40:55 +0200
|
||||
Subject: [PATCH] linux-user: Run multi-threaded code on a single core
|
||||
@ -19,10 +19,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
|
||||
index 4823aa0..ff5ed06 100644
|
||||
index af0479e..0e0916d 100644
|
||||
--- a/linux-user/syscall.c
|
||||
+++ b/linux-user/syscall.c
|
||||
@@ -4334,6 +4334,15 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
|
||||
@@ -4401,6 +4401,15 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
|
||||
if (nptl_flags & CLONE_SETTLS)
|
||||
cpu_set_tls (new_env, newtls);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From cba80a9dc1f00c65320122f6a9afe95cbf12fbab Mon Sep 17 00:00:00 2001
|
||||
From 8396dc5e52755421126abb7fd7e39988a4e4947a Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Wed, 11 Jul 2012 16:47:42 +0200
|
||||
Subject: [PATCH] linux-user: lock tb flushing too
|
||||
@ -14,10 +14,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
1 file changed, 18 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/translate-all.c b/translate-all.c
|
||||
index 5759974..1abb87d 100644
|
||||
index 8f7e11b..9b46934 100644
|
||||
--- a/translate-all.c
|
||||
+++ b/translate-all.c
|
||||
@@ -619,19 +619,23 @@ static TranslationBlock *tb_alloc(target_ulong pc)
|
||||
@@ -706,19 +706,23 @@ static TranslationBlock *tb_alloc(target_ulong pc)
|
||||
{
|
||||
TranslationBlock *tb;
|
||||
|
||||
@ -41,7 +41,7 @@ index 5759974..1abb87d 100644
|
||||
/* In practice this is mostly used for single use temporary TB
|
||||
Ignore the hard cases and just back up if this TB happens to
|
||||
be the last one generated. */
|
||||
@@ -640,6 +644,7 @@ void tb_free(TranslationBlock *tb)
|
||||
@@ -727,6 +731,7 @@ void tb_free(TranslationBlock *tb)
|
||||
tcg_ctx.code_gen_ptr = tb->tc_ptr;
|
||||
tcg_ctx.tb_ctx.nb_tbs--;
|
||||
}
|
||||
@ -49,7 +49,7 @@ index 5759974..1abb87d 100644
|
||||
}
|
||||
|
||||
static inline void invalidate_page_bitmap(PageDesc *p)
|
||||
@@ -697,6 +702,7 @@ void tb_flush(CPUArchState *env1)
|
||||
@@ -784,6 +789,7 @@ void tb_flush(CPUArchState *env1)
|
||||
((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
|
||||
tcg_ctx.tb_ctx.nb_tbs : 0);
|
||||
#endif
|
||||
@ -57,7 +57,7 @@ index 5759974..1abb87d 100644
|
||||
if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
|
||||
> tcg_ctx.code_gen_buffer_size) {
|
||||
cpu_abort(cpu, "Internal error: code buffer overflow\n");
|
||||
@@ -714,6 +720,7 @@ void tb_flush(CPUArchState *env1)
|
||||
@@ -801,6 +807,7 @@ void tb_flush(CPUArchState *env1)
|
||||
/* XXX: flush processor icache at this point if cache flush is
|
||||
expensive */
|
||||
tcg_ctx.tb_ctx.tb_flush_count++;
|
||||
@ -65,7 +65,7 @@ index 5759974..1abb87d 100644
|
||||
}
|
||||
|
||||
#ifdef DEBUG_TB_CHECK
|
||||
@@ -1022,8 +1029,10 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
|
||||
@@ -1107,8 +1114,10 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
|
||||
int current_flags = 0;
|
||||
#endif /* TARGET_HAS_PRECISE_SMC */
|
||||
|
||||
@ -76,7 +76,7 @@ index 5759974..1abb87d 100644
|
||||
return;
|
||||
}
|
||||
if (!p->code_bitmap &&
|
||||
@@ -1116,6 +1125,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
|
||||
@@ -1201,6 +1210,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
|
||||
cpu_resume_from_signal(cpu, NULL);
|
||||
}
|
||||
#endif
|
||||
@ -84,7 +84,7 @@ index 5759974..1abb87d 100644
|
||||
}
|
||||
|
||||
/* len must be <= 8 and start must be a multiple of len */
|
||||
@@ -1327,13 +1337,16 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
|
||||
@@ -1412,13 +1422,16 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
|
||||
{
|
||||
int m_min, m_max, m;
|
||||
uintptr_t v;
|
||||
@ -102,7 +102,7 @@ index 5759974..1abb87d 100644
|
||||
return NULL;
|
||||
}
|
||||
/* binary search (cf Knuth) */
|
||||
@@ -1344,6 +1357,7 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
|
||||
@@ -1429,6 +1442,7 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
|
||||
tb = &tcg_ctx.tb_ctx.tbs[m];
|
||||
v = (uintptr_t)tb->tc_ptr;
|
||||
if (v == tc_ptr) {
|
||||
@ -110,7 +110,7 @@ index 5759974..1abb87d 100644
|
||||
return tb;
|
||||
} else if (tc_ptr < v) {
|
||||
m_max = m - 1;
|
||||
@@ -1351,7 +1365,9 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
|
||||
@@ -1436,7 +1450,9 @@ static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
|
||||
m_min = m + 1;
|
||||
}
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 761b115c27a0f900f519422e4a79573da3632f4a Mon Sep 17 00:00:00 2001
|
||||
From c9e29d5cb3a6559b4a0b79905cd6c62835d21fdf Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Mon, 23 Jul 2012 10:24:14 +0200
|
||||
Subject: [PATCH] linux-user: Fake /proc/cpuinfo
|
||||
@ -22,10 +22,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
1 file changed, 20 insertions(+)
|
||||
|
||||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
|
||||
index ff5ed06..8a78348 100644
|
||||
index 0e0916d..573ea5f 100644
|
||||
--- a/linux-user/syscall.c
|
||||
+++ b/linux-user/syscall.c
|
||||
@@ -5136,6 +5136,25 @@ static int open_self_stat(void *cpu_env, int fd)
|
||||
@@ -5182,6 +5182,25 @@ static int open_self_stat(void *cpu_env, int fd)
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -51,7 +51,7 @@ index ff5ed06..8a78348 100644
|
||||
static int open_self_auxv(void *cpu_env, int fd)
|
||||
{
|
||||
CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
|
||||
@@ -5249,6 +5268,7 @@ static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode)
|
||||
@@ -5296,6 +5315,7 @@ static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode)
|
||||
#if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
|
||||
{ "/proc/net/route", open_net_route, is_proc },
|
||||
#endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 36fc0fea8b44e3993088c6b9cab42db36fe1da76 Mon Sep 17 00:00:00 2001
|
||||
From 57f28f99146803cd0c5d388e61889a83ec12b33f Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Mon, 20 Aug 2012 00:02:52 +0200
|
||||
Subject: [PATCH] linux-user: implement FS_IOC_GETFLAGS ioctl
|
||||
@ -16,10 +16,10 @@ v1 -> v2:
|
||||
2 files changed, 3 insertions(+)
|
||||
|
||||
diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
|
||||
index 2181ea3..a329fb0 100644
|
||||
index 038a799..efbc970 100644
|
||||
--- a/linux-user/ioctls.h
|
||||
+++ b/linux-user/ioctls.h
|
||||
@@ -88,6 +88,7 @@
|
||||
@@ -89,6 +89,7 @@
|
||||
IOCTL_SPECIAL(FS_IOC_FIEMAP, IOC_W | IOC_R, do_ioctl_fs_ioc_fiemap,
|
||||
MK_PTR(MK_STRUCT(STRUCT_fiemap)))
|
||||
#endif
|
||||
@ -28,10 +28,10 @@ index 2181ea3..a329fb0 100644
|
||||
IOCTL(SIOCATMARK, 0, TYPE_NULL)
|
||||
IOCTL(SIOCGIFNAME, IOC_RW, MK_PTR(TYPE_INT))
|
||||
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
|
||||
index dd6d041..2456d5b 100644
|
||||
index 794215e..6146d79 100644
|
||||
--- a/linux-user/syscall_defs.h
|
||||
+++ b/linux-user/syscall_defs.h
|
||||
@@ -2460,6 +2460,8 @@ struct target_f_owner_ex {
|
||||
@@ -2467,6 +2467,8 @@ struct target_f_owner_ex {
|
||||
#define TARGET_MTIOCGET TARGET_IOR('m', 2, struct mtget)
|
||||
#define TARGET_MTIOCPOS TARGET_IOR('m', 3, struct mtpos)
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 8c00316b2996d0c2171032e58d7e21fd8af9bee1 Mon Sep 17 00:00:00 2001
|
||||
From f89d1f32b6b97db2abda653a72d00a45c512d220 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Mon, 20 Aug 2012 00:07:13 +0200
|
||||
Subject: [PATCH] linux-user: implement FS_IOC_SETFLAGS ioctl
|
||||
@ -16,10 +16,10 @@ v1 -> v2
|
||||
2 files changed, 2 insertions(+)
|
||||
|
||||
diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
|
||||
index a329fb0..d76575c 100644
|
||||
index efbc970..6be0048 100644
|
||||
--- a/linux-user/ioctls.h
|
||||
+++ b/linux-user/ioctls.h
|
||||
@@ -89,6 +89,7 @@
|
||||
@@ -90,6 +90,7 @@
|
||||
MK_PTR(MK_STRUCT(STRUCT_fiemap)))
|
||||
#endif
|
||||
IOCTL(FS_IOC_GETFLAGS, IOC_R, MK_PTR(TYPE_LONG))
|
||||
@ -28,10 +28,10 @@ index a329fb0..d76575c 100644
|
||||
IOCTL(SIOCATMARK, 0, TYPE_NULL)
|
||||
IOCTL(SIOCGIFNAME, IOC_RW, MK_PTR(TYPE_INT))
|
||||
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
|
||||
index 2456d5b..03863a6 100644
|
||||
index 6146d79..fc326dd 100644
|
||||
--- a/linux-user/syscall_defs.h
|
||||
+++ b/linux-user/syscall_defs.h
|
||||
@@ -2461,6 +2461,7 @@ struct target_f_owner_ex {
|
||||
@@ -2468,6 +2468,7 @@ struct target_f_owner_ex {
|
||||
#define TARGET_MTIOCPOS TARGET_IOR('m', 3, struct mtpos)
|
||||
|
||||
#define TARGET_FS_IOC_GETFLAGS TARGET_IORU('f', 1)
|
||||
|
@ -1,4 +1,4 @@
|
||||
From fac2c74e7593b04a4fc45e0d40c06036f60ae75d Mon Sep 17 00:00:00 2001
|
||||
From 3a9a8a733b3e394ead8a453705ed151e87bb743c Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Tue, 21 Aug 2012 14:20:40 +0200
|
||||
Subject: [PATCH] linux-user: XXX disable fiemap
|
||||
@ -9,10 +9,10 @@ agraf: fiemap breaks in libarchive. Disable it for now.
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
|
||||
index 8a78348..28a3d74 100644
|
||||
index 573ea5f..28039c7 100644
|
||||
--- a/linux-user/syscall.c
|
||||
+++ b/linux-user/syscall.c
|
||||
@@ -3188,6 +3188,11 @@ static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp,
|
||||
@@ -3246,6 +3246,11 @@ static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp,
|
||||
uint32_t outbufsz;
|
||||
int free_fm = 0;
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 871d3d13b54c6ba223b09953c50b762d0404cbec Mon Sep 17 00:00:00 2001
|
||||
From 84fe61a504718a0b4dbdd66a9275dcf5b4427026 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Wed, 29 Aug 2012 18:42:56 +0200
|
||||
Subject: [PATCH] slirp: -nooutgoing
|
||||
@ -12,10 +12,10 @@ TBD (from SUSE Studio team)
|
||||
4 files changed, 40 insertions(+)
|
||||
|
||||
diff --git a/qemu-options.hx b/qemu-options.hx
|
||||
index 2d33815..62a1cfc 100644
|
||||
index 9e54686..0a7247d 100644
|
||||
--- a/qemu-options.hx
|
||||
+++ b/qemu-options.hx
|
||||
@@ -2603,6 +2603,16 @@ Store the QEMU process PID in @var{file}. It is useful if you launch QEMU
|
||||
@@ -2795,6 +2795,16 @@ Store the QEMU process PID in @var{file}. It is useful if you launch QEMU
|
||||
from a script.
|
||||
ETEXI
|
||||
|
||||
@ -97,10 +97,10 @@ index 7571c5a..0555e18 100644
|
||||
socket_set_fast_reuse(s);
|
||||
opt = 1;
|
||||
diff --git a/vl.c b/vl.c
|
||||
index 9975e5a..b18c815 100644
|
||||
index 6e084c2..0e34d53 100644
|
||||
--- a/vl.c
|
||||
+++ b/vl.c
|
||||
@@ -162,6 +162,7 @@ const char *vnc_display;
|
||||
@@ -163,6 +163,7 @@ const char *vnc_display;
|
||||
int acpi_enabled = 1;
|
||||
int no_hpet = 0;
|
||||
int fd_bootchk = 1;
|
||||
@ -108,7 +108,7 @@ index 9975e5a..b18c815 100644
|
||||
static int no_reboot;
|
||||
int no_shutdown = 0;
|
||||
int cursor_hide = 1;
|
||||
@@ -3351,6 +3352,14 @@ int main(int argc, char **argv, char **envp)
|
||||
@@ -3391,6 +3392,14 @@ int main(int argc, char **argv, char **envp)
|
||||
case QEMU_OPTION_singlestep:
|
||||
singlestep = 1;
|
||||
break;
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 955ef0968a268bcb6ef68b8788952546aed3a1dc Mon Sep 17 00:00:00 2001
|
||||
From 5ac0412380823745654010b067fbce609efa4aa7 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Wed, 29 Aug 2012 20:06:01 +0200
|
||||
Subject: [PATCH] vnc: password-file= and incoming-connections=
|
||||
@ -9,10 +9,10 @@ TBD (from SUSE Studio team)
|
||||
1 file changed, 71 insertions(+)
|
||||
|
||||
diff --git a/ui/vnc.c b/ui/vnc.c
|
||||
index 5925774..8445dd6 100644
|
||||
index 548588a..ab03ee3 100644
|
||||
--- a/ui/vnc.c
|
||||
+++ b/ui/vnc.c
|
||||
@@ -45,6 +45,7 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
|
||||
@@ -47,6 +47,7 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
|
||||
#include "d3des.h"
|
||||
|
||||
static VncDisplay *vnc_display; /* needed for info vnc */
|
||||
@ -20,7 +20,7 @@ index 5925774..8445dd6 100644
|
||||
|
||||
static int vnc_cursor_define(VncState *vs);
|
||||
static void vnc_release_modifiers(VncState *vs);
|
||||
@@ -1031,6 +1032,7 @@ static void vnc_disconnect_start(VncState *vs)
|
||||
@@ -1037,6 +1038,7 @@ static void vnc_disconnect_start(VncState *vs)
|
||||
void vnc_disconnect_finish(VncState *vs)
|
||||
{
|
||||
int i;
|
||||
@ -28,7 +28,7 @@ index 5925774..8445dd6 100644
|
||||
|
||||
vnc_jobs_join(vs); /* Wait encoding jobs */
|
||||
|
||||
@@ -1079,6 +1081,13 @@ void vnc_disconnect_finish(VncState *vs)
|
||||
@@ -1085,6 +1087,13 @@ void vnc_disconnect_finish(VncState *vs)
|
||||
}
|
||||
g_free(vs->lossy_rect);
|
||||
g_free(vs);
|
||||
@ -42,7 +42,7 @@ index 5925774..8445dd6 100644
|
||||
}
|
||||
|
||||
int vnc_client_io_error(VncState *vs, int ret, int last_errno)
|
||||
@@ -3041,6 +3050,39 @@ char *vnc_display_local_addr(DisplayState *ds)
|
||||
@@ -3036,6 +3045,39 @@ char *vnc_display_local_addr(DisplayState *ds)
|
||||
return vnc_socket_local_addr("%s:%s", vs->lsock);
|
||||
}
|
||||
|
||||
@ -82,7 +82,7 @@ index 5925774..8445dd6 100644
|
||||
void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
|
||||
{
|
||||
VncDisplay *vs = vnc_display;
|
||||
@@ -3074,6 +3116,9 @@ void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
|
||||
@@ -3069,6 +3111,9 @@ void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
|
||||
while ((options = strchr(options, ','))) {
|
||||
options++;
|
||||
if (strncmp(options, "password", 8) == 0) {
|
||||
@ -92,7 +92,7 @@ index 5925774..8445dd6 100644
|
||||
if (fips_get_state()) {
|
||||
error_setg(errp,
|
||||
"VNC password auth disabled due to FIPS mode, "
|
||||
@@ -3082,6 +3127,32 @@ void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
|
||||
@@ -3077,6 +3122,32 @@ void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
|
||||
goto fail;
|
||||
}
|
||||
password = 1; /* Require password auth */
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 6b62214c4bd34a4480814ac47449fab7c34305ed Mon Sep 17 00:00:00 2001
|
||||
From 9abeb48be0c332c84f379455bd424f0fd58e79e0 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Wed, 10 Oct 2012 10:21:20 +0200
|
||||
Subject: [PATCH] linux-user: add more blk ioctls
|
||||
@ -13,10 +13,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
|
||||
3 files changed, 27 insertions(+)
|
||||
|
||||
diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
|
||||
index d76575c..ffd6d09 100644
|
||||
index 6be0048..369224f 100644
|
||||
--- a/linux-user/ioctls.h
|
||||
+++ b/linux-user/ioctls.h
|
||||
@@ -72,6 +72,24 @@
|
||||
@@ -73,6 +73,24 @@
|
||||
#ifdef BLKGETSIZE64
|
||||
IOCTL(BLKGETSIZE64, IOC_R, MK_PTR(TYPE_ULONGLONG))
|
||||
#endif
|
||||
@ -42,10 +42,10 @@ index d76575c..ffd6d09 100644
|
||||
IOCTL(BLKRASET, 0, TYPE_INT)
|
||||
IOCTL(BLKRAGET, IOC_R, MK_PTR(TYPE_LONG))
|
||||
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
|
||||
index 03863a6..2271d5f 100644
|
||||
index fc326dd..853b903 100644
|
||||
--- a/linux-user/syscall_defs.h
|
||||
+++ b/linux-user/syscall_defs.h
|
||||
@@ -913,6 +913,12 @@ struct target_pollfd {
|
||||
@@ -920,6 +920,12 @@ struct target_pollfd {
|
||||
#define TARGET_BLKGETSIZE64 TARGET_IOR(0x12,114,abi_ulong)
|
||||
/* return device size in bytes
|
||||
(u64 *arg) */
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 9f8f18dc792d6c9e3fb661cb8543d0c09b342ac4 Mon Sep 17 00:00:00 2001
|
||||
From 48296463c92ea6afe7eaaabc88ba8d75e910afae Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Tue, 9 Oct 2012 09:06:49 +0200
|
||||
Subject: [PATCH] linux-user: use target_ulong
|
||||
@ -17,10 +17,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
|
||||
2 files changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
|
||||
index a2c4e35..6fd5e0c 100644
|
||||
index e29c7f3..75b6558 100644
|
||||
--- a/linux-user/qemu.h
|
||||
+++ b/linux-user/qemu.h
|
||||
@@ -189,10 +189,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src,
|
||||
@@ -190,10 +190,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src,
|
||||
void target_set_brk(abi_ulong new_brk);
|
||||
abi_long do_brk(abi_ulong new_brk);
|
||||
void syscall_init(void);
|
||||
@ -36,10 +36,10 @@ index a2c4e35..6fd5e0c 100644
|
||||
extern THREAD CPUState *thread_cpu;
|
||||
void cpu_loop(CPUArchState *env);
|
||||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
|
||||
index 28a3d74..a12a722 100644
|
||||
index 28039c7..0c49a67 100644
|
||||
--- a/linux-user/syscall.c
|
||||
+++ b/linux-user/syscall.c
|
||||
@@ -5395,10 +5395,10 @@ int syscall_restartable(int syscall_nr)
|
||||
@@ -5447,10 +5447,10 @@ int syscall_restartable(int syscall_nr)
|
||||
/* do_syscall() should always have a single exit point at the end so
|
||||
that actions, such as logging of syscall results, can be performed.
|
||||
All errnos that do_syscall() returns must be -TARGET_<errcode>. */
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 8b201b80c7957d04876330c37857b1ac4d8df21e Mon Sep 17 00:00:00 2001
|
||||
From 6e08bfbccc8263bc5c9b619d19864723760e17dc Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Wed, 5 Aug 2009 09:49:37 +0200
|
||||
Subject: [PATCH] block: Add support for DictZip enabled gzip files
|
||||
@ -28,6 +28,7 @@ Signed-off-by: Tim Hardeck <thardeck@suse.de>
|
||||
[AF: Error **errp added for bdrv_file_open, bdrv_delete -> bdrv_unref]
|
||||
[AF: qemu_opts_create_nofail() -> qemu_opts_create(),
|
||||
bdrv_file_open() -> bdrv_open(), based on work by brogers]
|
||||
[AF: error_is_set() dropped for v2.1.0-rc0]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
block/Makefile.objs | 1 +
|
||||
@ -49,7 +50,7 @@ index fd88c03..cbdddc0 100644
|
||||
iscsi.o-libs := $(LIBISCSI_LIBS)
|
||||
diff --git a/block/dictzip.c b/block/dictzip.c
|
||||
new file mode 100644
|
||||
index 0000000..a3629ab
|
||||
index 0000000..36f1df0
|
||||
--- /dev/null
|
||||
+++ b/block/dictzip.c
|
||||
@@ -0,0 +1,596 @@
|
||||
@ -235,7 +236,7 @@ index 0000000..a3629ab
|
||||
+
|
||||
+ opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort);
|
||||
+ qemu_opts_absorb_qdict(opts, options, &local_err);
|
||||
+ if (error_is_set(&local_err)) {
|
||||
+ if (local_err != NULL) {
|
||||
+ error_propagate(errp, local_err);
|
||||
+ ret = -EINVAL;
|
||||
+ goto fail;
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 9faf6837f5e436c6d2003e64cb4b44b90d234c72 Mon Sep 17 00:00:00 2001
|
||||
From 448b9b9a09a26b30cdbc6afd9472ce07efc06e8c Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Wed, 5 Aug 2009 17:28:38 +0200
|
||||
Subject: [PATCH] block: Add tar container format
|
||||
@ -29,6 +29,7 @@ Signed-off-by: Tim Hardeck <thardeck@suse.de>
|
||||
[AF: bdrv_file_open got an Error **errp argument, bdrv_delete -> brd_unref]
|
||||
[AF: qemu_opts_create_nofail() -> qemu_opts_create(),
|
||||
bdrv_file_open() -> bdrv_open(), based on work by brogers]
|
||||
[AF: error_is_set() dropped for v2.1.0-rc0]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
block/Makefile.objs | 1 +
|
||||
@ -50,7 +51,7 @@ index cbdddc0..e5b0326 100644
|
||||
iscsi.o-libs := $(LIBISCSI_LIBS)
|
||||
diff --git a/block/tar.c b/block/tar.c
|
||||
new file mode 100644
|
||||
index 0000000..a79cf5e
|
||||
index 0000000..c2ab5fa
|
||||
--- /dev/null
|
||||
+++ b/block/tar.c
|
||||
@@ -0,0 +1,386 @@
|
||||
@ -234,7 +235,7 @@ index 0000000..a79cf5e
|
||||
+
|
||||
+ opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort);
|
||||
+ qemu_opts_absorb_qdict(opts, options, &local_err);
|
||||
+ if (error_is_set(&local_err)) {
|
||||
+ if (local_err != NULL) {
|
||||
+ error_propagate(errp, local_err);
|
||||
+ ret = -EINVAL;
|
||||
+ goto fail;
|
||||
|
@ -1,4 +1,4 @@
|
||||
From e26cff5986190a24dcc53d658da1fc8e7772338c Mon Sep 17 00:00:00 2001
|
||||
From ccc7274accdbd66a581777e0dae3865ba86c2eed Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Wed, 12 Dec 2012 19:11:30 +0100
|
||||
Subject: [PATCH] Legacy Patch kvm-qemu-preXX-dictzip3.patch
|
||||
@ -8,7 +8,7 @@ Subject: [PATCH] Legacy Patch kvm-qemu-preXX-dictzip3.patch
|
||||
1 file changed, 11 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/block/tar.c b/block/tar.c
|
||||
index a79cf5e..09fe1a6 100644
|
||||
index c2ab5fa..ea2075d 100644
|
||||
--- a/block/tar.c
|
||||
+++ b/block/tar.c
|
||||
@@ -83,7 +83,8 @@ static int str_ends(char *str, const char *end)
|
||||
|
@ -1,4 +1,4 @@
|
||||
From e828d54e5b1ef01c620e1c761340cd73af785b6b Mon Sep 17 00:00:00 2001
|
||||
From 7a6f8226cb5dd3540c80f852917b118a6b88d791 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Wed, 12 Dec 2012 19:11:31 +0100
|
||||
Subject: [PATCH] Legacy Patch kvm-qemu-preXX-report-default-mac-used.patch
|
||||
@ -8,10 +8,10 @@ Subject: [PATCH] Legacy Patch kvm-qemu-preXX-report-default-mac-used.patch
|
||||
1 file changed, 22 insertions(+)
|
||||
|
||||
diff --git a/net/net.c b/net/net.c
|
||||
index e3ef1e4..67396e7 100644
|
||||
index 6d930ea..9656f3e 100644
|
||||
--- a/net/net.c
|
||||
+++ b/net/net.c
|
||||
@@ -141,6 +141,27 @@ void qemu_format_nic_info_str(NetClientState *nc, uint8_t macaddr[6])
|
||||
@@ -158,6 +158,27 @@ void qemu_format_nic_info_str(NetClientState *nc, uint8_t macaddr[6])
|
||||
macaddr[3], macaddr[4], macaddr[5]);
|
||||
}
|
||||
|
||||
@ -39,7 +39,7 @@ index e3ef1e4..67396e7 100644
|
||||
void qemu_macaddr_default_if_unset(MACAddr *macaddr)
|
||||
{
|
||||
static int index = 0;
|
||||
@@ -1251,6 +1272,7 @@ int net_init_clients(void)
|
||||
@@ -1276,6 +1297,7 @@ int net_init_clients(void)
|
||||
if (qemu_opts_foreach(net, net_init_client, NULL, 1) == -1) {
|
||||
return -1;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 1f6cee23194037e7c2601e7a728b7fa824f4d66f Mon Sep 17 00:00:00 2001
|
||||
From a771dcb790eb622c0b023274c1b6b92743e71d0f Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Mon, 6 Jun 2011 06:53:52 +0200
|
||||
Subject: [PATCH] console: add question-mark escape operator
|
||||
@ -16,10 +16,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ui/console.c b/ui/console.c
|
||||
index e057755..24413e8 100644
|
||||
index ab84549..5d1f074 100644
|
||||
--- a/ui/console.c
|
||||
+++ b/ui/console.c
|
||||
@@ -866,7 +866,7 @@ static void console_putchar(QemuConsole *s, int ch)
|
||||
@@ -852,7 +852,7 @@ static void console_putchar(QemuConsole *s, int ch)
|
||||
} else {
|
||||
if (s->nb_esc_params < MAX_ESC_PARAMS)
|
||||
s->nb_esc_params++;
|
||||
|
@ -1,4 +1,4 @@
|
||||
From e30f0e39abb8e5ad453333ac3dd0f6d7b270e045 Mon Sep 17 00:00:00 2001
|
||||
From 111abb7150e0eaadfb338c82b86d4b65a171f9c6 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Thu, 1 Apr 2010 17:36:23 +0200
|
||||
Subject: [PATCH] Make char muxer more robust wrt small FIFOs
|
||||
@ -22,10 +22,10 @@ This patch fixes input when using -nographic on s390 for me.
|
||||
1 file changed, 16 insertions(+)
|
||||
|
||||
diff --git a/qemu-char.c b/qemu-char.c
|
||||
index 54ed244..cc6bfe8 100644
|
||||
index 55e372c..d562dae 100644
|
||||
--- a/qemu-char.c
|
||||
+++ b/qemu-char.c
|
||||
@@ -252,6 +252,9 @@ typedef struct {
|
||||
@@ -311,6 +311,9 @@ typedef struct {
|
||||
IOEventHandler *chr_event[MAX_MUX];
|
||||
void *ext_opaque[MAX_MUX];
|
||||
CharDriverState *drv;
|
||||
@ -35,7 +35,7 @@ index 54ed244..cc6bfe8 100644
|
||||
int focus;
|
||||
int mux_cnt;
|
||||
int term_got_escape;
|
||||
@@ -408,6 +411,15 @@ static void mux_chr_accept_input(CharDriverState *chr)
|
||||
@@ -470,6 +473,15 @@ static void mux_chr_accept_input(CharDriverState *chr)
|
||||
d->chr_read[m](d->ext_opaque[m],
|
||||
&d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1);
|
||||
}
|
||||
@ -51,7 +51,7 @@ index 54ed244..cc6bfe8 100644
|
||||
}
|
||||
|
||||
static int mux_chr_can_read(void *opaque)
|
||||
@@ -530,6 +542,10 @@ static CharDriverState *qemu_chr_open_mux(CharDriverState *drv)
|
||||
@@ -598,6 +610,10 @@ static CharDriverState *qemu_chr_open_mux(CharDriverState *drv)
|
||||
chr->opaque = d;
|
||||
d->drv = drv;
|
||||
d->focus = -1;
|
||||
|
@ -1,4 +1,4 @@
|
||||
From f222ce0d5af1eb8258e84d6fcd8ab89a85131a21 Mon Sep 17 00:00:00 2001
|
||||
From d7412d16a40cda2130de7e9b041bff4553ef493a Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Graf <agraf@suse.de>
|
||||
Date: Thu, 13 Dec 2012 14:29:22 +0100
|
||||
Subject: [PATCH] linux-user: lseek: explicitly cast non-set offsets to signed
|
||||
@ -16,10 +16,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
|
||||
index a12a722..d1f8b3d 100644
|
||||
index 0c49a67..c69f724 100644
|
||||
--- a/linux-user/syscall.c
|
||||
+++ b/linux-user/syscall.c
|
||||
@@ -5709,9 +5709,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
|
||||
@@ -5761,9 +5761,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
|
||||
case TARGET_NR_oldstat:
|
||||
goto unimplemented;
|
||||
#endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 52b3782f6ec265abbd8704d4999940e2161819d5 Mon Sep 17 00:00:00 2001
|
||||
From e771a11f28c3d6ff68a8d0f804ffeb1d807240b0 Mon Sep 17 00:00:00 2001
|
||||
From: Bruce Rogers <brogers@suse.com>
|
||||
Date: Thu, 16 May 2013 12:39:10 +0200
|
||||
Subject: [PATCH] virtfs-proxy-helper: Provide __u64 for broken
|
||||
@ -12,7 +12,7 @@ Fixes the build on SLE 11 SP2.
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
|
||||
index bfecb87..79ab9c8 100644
|
||||
index cd291d3..7d7aa67 100644
|
||||
--- a/fsdev/virtfs-proxy-helper.c
|
||||
+++ b/fsdev/virtfs-proxy-helper.c
|
||||
@@ -9,6 +9,13 @@
|
||||
|
@ -1,4 +1,4 @@
|
||||
From c5ce0620bff591f2c344771e75447d602212c6f0 Mon Sep 17 00:00:00 2001
|
||||
From 1e35b0409716fd2364ca25889801ea28299eeff1 Mon Sep 17 00:00:00 2001
|
||||
From: Dinar Valeev <k0da@opensuse.org>
|
||||
Date: Wed, 2 Oct 2013 17:56:03 +0200
|
||||
Subject: [PATCH] configure: Enable PIE for ppc and ppc64 hosts
|
||||
@ -14,10 +14,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/configure b/configure
|
||||
index 69b9f56..21523908 100755
|
||||
index 7dd43fd..99f8a37 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -1487,7 +1487,7 @@ fi
|
||||
@@ -1531,7 +1531,7 @@ fi
|
||||
|
||||
if test "$pie" = ""; then
|
||||
case "$cpu-$targetos" in
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 857545e61d741cc4f439f98c5e93210b7fa09577 Mon Sep 17 00:00:00 2001
|
||||
From d78b797a58584419bdfabaebe79322a246790dff Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Mon, 7 Apr 2014 16:03:08 +0200
|
||||
Subject: [PATCH] tests: Don't run qom-test twice
|
||||
@ -19,10 +19,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/Makefile b/tests/Makefile
|
||||
index 88f7105..8f2b018 100644
|
||||
index 1fcd633..7c0253b 100644
|
||||
--- a/tests/Makefile
|
||||
+++ b/tests/Makefile
|
||||
@@ -162,7 +162,9 @@ check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
|
||||
@@ -184,7 +184,9 @@ check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
|
||||
check-qtest-xtensaeb-y = $(check-qtest-xtensa-y)
|
||||
|
||||
# qom-test works for all sysemu architectures:
|
@ -1,133 +0,0 @@
|
||||
From 1798372872568aa5d3fd50c8d01ba658082a8711 Mon Sep 17 00:00:00 2001
|
||||
From: Olaf Hering <olaf@aepfle.de>
|
||||
Date: Thu, 30 Jan 2014 16:02:18 +0100
|
||||
Subject: [PATCH] xen_disk: add discard support
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Implement discard support for xen_disk. It makes use of the existing
|
||||
discard code in qemu.
|
||||
|
||||
The discard support is enabled unconditionally. The tool stack may provide a
|
||||
property "discard-enable" in the backend node to optionally disable discard
|
||||
support. This is helpful in case the backing file was intentionally created
|
||||
non-sparse to avoid fragmentation.
|
||||
|
||||
Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/block/xen_blkif.h | 12 ++++++++++++
|
||||
hw/block/xen_disk.c | 34 ++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 46 insertions(+)
|
||||
|
||||
diff --git a/hw/block/xen_blkif.h b/hw/block/xen_blkif.h
|
||||
index c0f4136..711b692 100644
|
||||
--- a/hw/block/xen_blkif.h
|
||||
+++ b/hw/block/xen_blkif.h
|
||||
@@ -79,6 +79,12 @@ static inline void blkif_get_x86_32_req(blkif_request_t *dst, blkif_x86_32_reque
|
||||
dst->handle = src->handle;
|
||||
dst->id = src->id;
|
||||
dst->sector_number = src->sector_number;
|
||||
+ if (src->operation == BLKIF_OP_DISCARD) {
|
||||
+ struct blkif_request_discard *s = (void *)src;
|
||||
+ struct blkif_request_discard *d = (void *)dst;
|
||||
+ d->nr_sectors = s->nr_sectors;
|
||||
+ return;
|
||||
+ }
|
||||
if (n > src->nr_segments)
|
||||
n = src->nr_segments;
|
||||
for (i = 0; i < n; i++)
|
||||
@@ -94,6 +100,12 @@ static inline void blkif_get_x86_64_req(blkif_request_t *dst, blkif_x86_64_reque
|
||||
dst->handle = src->handle;
|
||||
dst->id = src->id;
|
||||
dst->sector_number = src->sector_number;
|
||||
+ if (src->operation == BLKIF_OP_DISCARD) {
|
||||
+ struct blkif_request_discard *s = (void *)src;
|
||||
+ struct blkif_request_discard *d = (void *)dst;
|
||||
+ d->nr_sectors = s->nr_sectors;
|
||||
+ return;
|
||||
+ }
|
||||
if (n > src->nr_segments)
|
||||
n = src->nr_segments;
|
||||
for (i = 0; i < n; i++)
|
||||
diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
|
||||
index bc061e6..989a90f 100644
|
||||
--- a/hw/block/xen_disk.c
|
||||
+++ b/hw/block/xen_disk.c
|
||||
@@ -114,6 +114,7 @@ struct XenBlkDev {
|
||||
int requests_finished;
|
||||
|
||||
/* Persistent grants extension */
|
||||
+ gboolean feature_discard;
|
||||
gboolean feature_persistent;
|
||||
GTree *persistent_gnts;
|
||||
unsigned int persistent_gnt_count;
|
||||
@@ -253,6 +254,8 @@ static int ioreq_parse(struct ioreq *ioreq)
|
||||
case BLKIF_OP_WRITE:
|
||||
ioreq->prot = PROT_READ; /* from memory */
|
||||
break;
|
||||
+ case BLKIF_OP_DISCARD:
|
||||
+ return 0;
|
||||
default:
|
||||
xen_be_printf(&blkdev->xendev, 0, "error: unknown operation (%d)\n",
|
||||
ioreq->req.operation);
|
||||
@@ -532,6 +535,17 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq)
|
||||
&ioreq->v, ioreq->v.size / BLOCK_SIZE,
|
||||
qemu_aio_complete, ioreq);
|
||||
break;
|
||||
+ case BLKIF_OP_DISCARD:
|
||||
+ {
|
||||
+ struct blkif_request_discard *discard_req = (void *)&ioreq->req;
|
||||
+ bdrv_acct_start(blkdev->bs, &ioreq->acct,
|
||||
+ discard_req->nr_sectors * BLOCK_SIZE, BDRV_ACCT_WRITE);
|
||||
+ ioreq->aio_inflight++;
|
||||
+ bdrv_aio_discard(blkdev->bs,
|
||||
+ discard_req->sector_number, discard_req->nr_sectors,
|
||||
+ qemu_aio_complete, ioreq);
|
||||
+ break;
|
||||
+ }
|
||||
default:
|
||||
/* unknown operation (shouldn't happen -- parse catches this) */
|
||||
goto err;
|
||||
@@ -710,6 +724,21 @@ static void blk_alloc(struct XenDevice *xendev)
|
||||
}
|
||||
}
|
||||
|
||||
+static void blk_parse_discard(struct XenBlkDev *blkdev)
|
||||
+{
|
||||
+ int enable;
|
||||
+
|
||||
+ blkdev->feature_discard = true;
|
||||
+
|
||||
+ if (xenstore_read_be_int(&blkdev->xendev, "discard-enable", &enable) == 0) {
|
||||
+ blkdev->feature_discard = !!enable;
|
||||
+ }
|
||||
+
|
||||
+ if (blkdev->feature_discard) {
|
||||
+ xenstore_write_be_int(&blkdev->xendev, "feature-discard", 1);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static int blk_init(struct XenDevice *xendev)
|
||||
{
|
||||
struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev);
|
||||
@@ -777,6 +806,8 @@ static int blk_init(struct XenDevice *xendev)
|
||||
xenstore_write_be_int(&blkdev->xendev, "feature-persistent", 1);
|
||||
xenstore_write_be_int(&blkdev->xendev, "info", info);
|
||||
|
||||
+ blk_parse_discard(blkdev);
|
||||
+
|
||||
g_free(directiosafe);
|
||||
return 0;
|
||||
|
||||
@@ -812,6 +843,9 @@ static int blk_connect(struct XenDevice *xendev)
|
||||
qflags |= BDRV_O_RDWR;
|
||||
readonly = false;
|
||||
}
|
||||
+ if (blkdev->feature_discard) {
|
||||
+ qflags |= BDRV_O_UNMAP;
|
||||
+ }
|
||||
|
||||
/* init qemu block driver */
|
||||
index = (blkdev->xendev.dev - 202 * 256) / 16;
|
@ -1,4 +1,4 @@
|
||||
From 1126af0e6664e58a5e6e2280f6d61bb829099444 Mon Sep 17 00:00:00 2001
|
||||
From c71486ca826cfb0455aed9df5f298d3ea163cf7d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Thu, 17 Apr 2014 18:39:10 +0200
|
||||
Subject: [PATCH] qtest: Increase socket timeout
|
||||
@ -14,11 +14,11 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/libqtest.c b/tests/libqtest.c
|
||||
index 4b90d91..18efcf2 100644
|
||||
index 98e8f4b..393e99e 100644
|
||||
--- a/tests/libqtest.c
|
||||
+++ b/tests/libqtest.c
|
||||
@@ -34,7 +34,7 @@
|
||||
#include "qapi/qmp/json-parser.h"
|
||||
@@ -35,7 +35,7 @@
|
||||
#include "qapi/qmp/qjson.h"
|
||||
|
||||
#define MAX_IRQ 256
|
||||
-#define SOCKET_TIMEOUT 5
|
@ -1,4 +1,4 @@
|
||||
From 212b80fa19390023a809068c5d282e2994bd98bc Mon Sep 17 00:00:00 2001
|
||||
From d0fb6e15c8620851d728e67e1cb3b02b9ba07c1e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Fri, 20 Jun 2014 16:46:50 +0200
|
||||
Subject: [PATCH] module: Simplify module_load()
|
@ -1,27 +0,0 @@
|
||||
From c58810a9fe080ce5358ab670b6d4abe1202e63a2 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Thu, 17 Apr 2014 18:19:14 +0200
|
||||
Subject: [PATCH] qtest: Assure that init_socket()'s listen() does not fail
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
tests/libqtest.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/libqtest.c b/tests/libqtest.c
|
||||
index 8155695..232f781 100644
|
||||
--- a/tests/libqtest.c
|
||||
+++ b/tests/libqtest.c
|
||||
@@ -72,7 +72,8 @@ static int init_socket(const char *socket_path)
|
||||
ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr));
|
||||
} while (ret == -1 && errno == EINTR);
|
||||
g_assert_no_errno(ret);
|
||||
- listen(sock, 1);
|
||||
+ ret = listen(sock, 1);
|
||||
+ g_assert_no_errno(ret);
|
||||
|
||||
return sock;
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
From 14cd25c73de420d01acd3f0691e1d663dcf3eca9 Mon Sep 17 00:00:00 2001
|
||||
From 6b2580c25ef053a053af27b393a128ec552a4081 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Fri, 20 Jun 2014 17:54:51 +0200
|
||||
Subject: [PATCH] module: Don't complain when a module is absent
|
@ -1,27 +0,0 @@
|
||||
From 19fed6c601938b60dafb004f7194ff4e86def6f3 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Thu, 17 Apr 2014 18:38:25 +0200
|
||||
Subject: [PATCH] qtest: Add error reporting to socket_accept()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
tests/libqtest.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/tests/libqtest.c b/tests/libqtest.c
|
||||
index 232f781..4b90d91 100644
|
||||
--- a/tests/libqtest.c
|
||||
+++ b/tests/libqtest.c
|
||||
@@ -93,6 +93,9 @@ static int socket_accept(int sock)
|
||||
do {
|
||||
ret = accept(sock, (struct sockaddr *)&addr, &addrlen);
|
||||
} while (ret == -1 && errno == EINTR);
|
||||
+ if (ret == -1) {
|
||||
+ fprintf(stderr, "%s failed: %s\n", __func__, strerror(errno));
|
||||
+ }
|
||||
close(sock);
|
||||
|
||||
return ret;
|
50
0041-tests-Fix-unterminated-string-outpu.patch
Normal file
50
0041-tests-Fix-unterminated-string-outpu.patch
Normal file
@ -0,0 +1,50 @@
|
||||
From 8dea7848783572c41b08817d269305ddec5d0dc7 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Wed, 9 Jul 2014 21:21:00 +0200
|
||||
Subject: [PATCH] tests: Fix unterminated string output visitor enum human
|
||||
string
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The buffer was being allocated of size string length plus two.
|
||||
Around the string two quotes were being added, but no terminating NUL.
|
||||
It was then compared using g_assert_cmpstr(), resulting in fairly random
|
||||
assertion failures:
|
||||
|
||||
ERROR:tests/test-string-output-visitor.c:213:test_visitor_out_enum: assertion failed (str == str_human): ("\"value1\"" == "\"value1\"\001EEEEEEEEEEEEEE\0171")
|
||||
|
||||
There is no g_assert_cmpnstr() counterpart, so use g_strdup_printf()
|
||||
for safely assembling the string in the first place.
|
||||
|
||||
Cc: Hu Tao <hutao@cn.fujitsu.com>
|
||||
Cc: Michael S. Tsirkin <mst@redhat.com>
|
||||
Suggested-by: Eric Blake <eblake@redhat.com>
|
||||
Fixes: b4900c0 tests: add human format test for string output visitor
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
tests/test-string-output-visitor.c | 7 +------
|
||||
1 file changed, 1 insertion(+), 6 deletions(-)
|
||||
|
||||
diff --git a/tests/test-string-output-visitor.c b/tests/test-string-output-visitor.c
|
||||
index e89e43c..101fb27 100644
|
||||
--- a/tests/test-string-output-visitor.c
|
||||
+++ b/tests/test-string-output-visitor.c
|
||||
@@ -196,16 +196,11 @@ static void test_visitor_out_enum(TestOutputVisitorData *data,
|
||||
|
||||
for (i = 0; i < ENUM_ONE_MAX; i++) {
|
||||
char *str_human;
|
||||
- int len;
|
||||
|
||||
visit_type_EnumOne(data->ov, &i, "unused", &err);
|
||||
g_assert(!err);
|
||||
|
||||
- len = strlen(EnumOne_lookup[i]) + 2;
|
||||
- str_human = g_malloc0(len);
|
||||
- str_human[0] = '"';
|
||||
- strncpy(str_human + 1, EnumOne_lookup[i], strlen(EnumOne_lookup[i]));
|
||||
- str_human[len - 1] = '"';
|
||||
+ str_human = g_strdup_printf("\"%s\"", EnumOne_lookup[i]);
|
||||
|
||||
str = string_output_get_string(data->sov);
|
||||
g_assert(str != NULL);
|
89
0042-libqos-Fix-PC-PCI-endianness-glitch.patch
Normal file
89
0042-libqos-Fix-PC-PCI-endianness-glitch.patch
Normal file
@ -0,0 +1,89 @@
|
||||
From 135f7b84cae0986aa804933f18c4e1f9ab34fe63 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Thu, 10 Jul 2014 15:55:04 +0200
|
||||
Subject: [PATCH] libqos: Fix PC PCI endianness glitches
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The libqos implementation of io_read{b,w,l} and io_write{b,w,l} hooks
|
||||
was relying on qtest_mem{read,write}() respectively. With d81d410 (usb:
|
||||
improve ehci/uhci test) this resulted in assertion failures on ppc hosts:
|
||||
|
||||
ERROR:tests/usb-hcd-ehci-test.c:78:ehci_port_test: assertion failed: ((value & mask) == (expect & mask))
|
||||
|
||||
ERROR:tests/usb-hcd-ehci-test.c:128:pci_uhci_port_2: assertion failed: (pcibus != NULL)
|
||||
|
||||
ERROR:tests/usb-hcd-ehci-test.c:150:pci_ehci_port_2: assertion failed: (pcibus != NULL)
|
||||
|
||||
qtest_read{b,w,l,q}() and qtest_write{b,w,l,q}() had been introduced
|
||||
as endian-safe replacement for qtest_mem{read,write}() in I2C in
|
||||
872536b (qtest: Add MMIO support). Use them for PCI as well.
|
||||
|
||||
Cc: Anthony Liguori <aliguori@amazon.com>
|
||||
Cc: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Fixes: c4efe1c qtest: add libqos including PCI support
|
||||
Fixes: d81d410 usb: improve ehci/uhci test
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
tests/libqos/pci-pc.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/tests/libqos/pci-pc.c b/tests/libqos/pci-pc.c
|
||||
index bf741a4..4adf400 100644
|
||||
--- a/tests/libqos/pci-pc.c
|
||||
+++ b/tests/libqos/pci-pc.c
|
||||
@@ -41,7 +41,7 @@ static uint8_t qpci_pc_io_readb(QPCIBus *bus, void *addr)
|
||||
if (port < 0x10000) {
|
||||
value = inb(port);
|
||||
} else {
|
||||
- memread(port, &value, sizeof(value));
|
||||
+ value = readb(port);
|
||||
}
|
||||
|
||||
return value;
|
||||
@@ -55,7 +55,7 @@ static uint16_t qpci_pc_io_readw(QPCIBus *bus, void *addr)
|
||||
if (port < 0x10000) {
|
||||
value = inw(port);
|
||||
} else {
|
||||
- memread(port, &value, sizeof(value));
|
||||
+ value = readw(port);
|
||||
}
|
||||
|
||||
return value;
|
||||
@@ -69,7 +69,7 @@ static uint32_t qpci_pc_io_readl(QPCIBus *bus, void *addr)
|
||||
if (port < 0x10000) {
|
||||
value = inl(port);
|
||||
} else {
|
||||
- memread(port, &value, sizeof(value));
|
||||
+ value = readl(port);
|
||||
}
|
||||
|
||||
return value;
|
||||
@@ -82,7 +82,7 @@ static void qpci_pc_io_writeb(QPCIBus *bus, void *addr, uint8_t value)
|
||||
if (port < 0x10000) {
|
||||
outb(port, value);
|
||||
} else {
|
||||
- memwrite(port, &value, sizeof(value));
|
||||
+ writeb(port, value);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -93,7 +93,7 @@ static void qpci_pc_io_writew(QPCIBus *bus, void *addr, uint16_t value)
|
||||
if (port < 0x10000) {
|
||||
outw(port, value);
|
||||
} else {
|
||||
- memwrite(port, &value, sizeof(value));
|
||||
+ writew(port, value);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -104,7 +104,7 @@ static void qpci_pc_io_writel(QPCIBus *bus, void *addr, uint32_t value)
|
||||
if (port < 0x10000) {
|
||||
outl(port, value);
|
||||
} else {
|
||||
- memwrite(port, &value, sizeof(value));
|
||||
+ writel(port, value);
|
||||
}
|
||||
}
|
||||
|
@ -1,29 +0,0 @@
|
||||
From 9938d82cc9cc5ae82283bea7a24ff45d08690e27 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
|
||||
Date: Thu, 17 Apr 2014 19:21:12 +0200
|
||||
Subject: [PATCH] qtest: Be paranoid about accept() addrlen argument
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
If EINTR occurs, re-initialize our argument.
|
||||
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
tests/libqtest.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/libqtest.c b/tests/libqtest.c
|
||||
index 18efcf2..1eb9db6 100644
|
||||
--- a/tests/libqtest.c
|
||||
+++ b/tests/libqtest.c
|
||||
@@ -89,8 +89,8 @@ static int socket_accept(int sock)
|
||||
setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (void *)&timeout,
|
||||
sizeof(timeout));
|
||||
|
||||
- addrlen = sizeof(addr);
|
||||
do {
|
||||
+ addrlen = sizeof(addr);
|
||||
ret = accept(sock, (struct sockaddr *)&addr, &addrlen);
|
||||
} while (ret == -1 && errno == EINTR);
|
||||
if (ret == -1) {
|
@ -1,101 +0,0 @@
|
||||
From 0fb8a7de8e8013362922d802db7eda5f9bf37766 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
|
||||
Date: Wed, 16 Apr 2014 20:20:52 -0700
|
||||
Subject: [PATCH] arm: translate.c: Fix smlald Instruction
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The smlald (and probably smlsld) instruction was doing incorrect sign
|
||||
extensions of the operands amongst 64bit result calculation. The
|
||||
instruction psuedo-code is:
|
||||
|
||||
operand2 = if m_swap then ROR(R[m],16) else R[m];
|
||||
product1 = SInt(R[n]<15:0>) * SInt(operand2<15:0>);
|
||||
product2 = SInt(R[n]<31:16>) * SInt(operand2<31:16>);
|
||||
result = product1 + product2 + SInt(R[dHi]:R[dLo]);
|
||||
R[dHi] = result<63:32>;
|
||||
R[dLo] = result<31:0>;
|
||||
|
||||
The result calculation should be done in 64 bit arithmetic, and hence
|
||||
product1 and product2 should be sign extended to 64b before calculation.
|
||||
|
||||
The current implementation was adding product1 and product2 together
|
||||
then sign-extending the intermediate result leading to false negatives.
|
||||
|
||||
E.G. if product1 = product2 = 0x4000000, their sum = 0x80000000, which
|
||||
will be incorrectly interpreted as -ve on sign extension.
|
||||
|
||||
We fix by doing the 64b extensions on both product1 and product2 before
|
||||
any addition/subtraction happens.
|
||||
|
||||
We also fix where we were possibly incorrectly setting the Q saturation
|
||||
flag for SMLSLD, which the ARM ARM specifically says is not set.
|
||||
|
||||
Reported-by: Christina Smith <christina.smith@xilinx.com>
|
||||
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
|
||||
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Message-id: 2cddb6f5a15be4ab8d2160f3499d128ae93d304d.1397704570.git.peter.crosthwaite@xilinx.com
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
(cherry picked from commit 33bbd75a7c3321432fe40a8cbacd64619c56138c)
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
target-arm/translate.c | 34 +++++++++++++++++++++++-----------
|
||||
1 file changed, 23 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/target-arm/translate.c b/target-arm/translate.c
|
||||
index 56e3b4b..0335f10 100644
|
||||
--- a/target-arm/translate.c
|
||||
+++ b/target-arm/translate.c
|
||||
@@ -8328,27 +8328,39 @@ static void disas_arm_insn(CPUARMState * env, DisasContext *s)
|
||||
if (insn & (1 << 5))
|
||||
gen_swap_half(tmp2);
|
||||
gen_smul_dual(tmp, tmp2);
|
||||
- if (insn & (1 << 6)) {
|
||||
- /* This subtraction cannot overflow. */
|
||||
- tcg_gen_sub_i32(tmp, tmp, tmp2);
|
||||
- } else {
|
||||
- /* This addition cannot overflow 32 bits;
|
||||
- * however it may overflow considered as a signed
|
||||
- * operation, in which case we must set the Q flag.
|
||||
- */
|
||||
- gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
|
||||
- }
|
||||
- tcg_temp_free_i32(tmp2);
|
||||
if (insn & (1 << 22)) {
|
||||
/* smlald, smlsld */
|
||||
+ TCGv_i64 tmp64_2;
|
||||
+
|
||||
tmp64 = tcg_temp_new_i64();
|
||||
+ tmp64_2 = tcg_temp_new_i64();
|
||||
tcg_gen_ext_i32_i64(tmp64, tmp);
|
||||
+ tcg_gen_ext_i32_i64(tmp64_2, tmp2);
|
||||
tcg_temp_free_i32(tmp);
|
||||
+ tcg_temp_free_i32(tmp2);
|
||||
+ if (insn & (1 << 6)) {
|
||||
+ tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
|
||||
+ } else {
|
||||
+ tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
|
||||
+ }
|
||||
+ tcg_temp_free_i64(tmp64_2);
|
||||
gen_addq(s, tmp64, rd, rn);
|
||||
gen_storeq_reg(s, rd, rn, tmp64);
|
||||
tcg_temp_free_i64(tmp64);
|
||||
} else {
|
||||
/* smuad, smusd, smlad, smlsd */
|
||||
+ if (insn & (1 << 6)) {
|
||||
+ /* This subtraction cannot overflow. */
|
||||
+ tcg_gen_sub_i32(tmp, tmp, tmp2);
|
||||
+ } else {
|
||||
+ /* This addition cannot overflow 32 bits;
|
||||
+ * however it may overflow considered as a
|
||||
+ * signed operation, in which case we must set
|
||||
+ * the Q flag.
|
||||
+ */
|
||||
+ gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
|
||||
+ }
|
||||
+ tcg_temp_free_i32(tmp2);
|
||||
if (rd != 15)
|
||||
{
|
||||
tmp2 = load_reg(s, rd);
|
33
0043-qtest-fix-vhost-user-test-compilati.patch
Normal file
33
0043-qtest-fix-vhost-user-test-compilati.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 97f277e21ed2aa01d23a960ec499f3b12ec18ed5 Mon Sep 17 00:00:00 2001
|
||||
From: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
|
||||
Date: Wed, 9 Jul 2014 18:06:32 +0300
|
||||
Subject: [PATCH] qtest: fix vhost-user-test compilation with old GLib
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Mising G_TIME_SPAN_SECOND definition breaks the RHEL6 compilation as GLib
|
||||
version before 2.26 does not have it. In such case just define it.
|
||||
|
||||
Reported-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com>
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
tests/vhost-user-test.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
|
||||
index 2af2381..406ba70 100644
|
||||
--- a/tests/vhost-user-test.c
|
||||
+++ b/tests/vhost-user-test.c
|
||||
@@ -22,6 +22,10 @@
|
||||
#include <qemu/sockets.h>
|
||||
|
||||
/* GLIB version compatibility flags */
|
||||
+#if !GLIB_CHECK_VERSION(2, 26, 0)
|
||||
+#define G_TIME_SPAN_SECOND (G_GINT64_CONSTANT(1000000))
|
||||
+#endif
|
||||
+
|
||||
#if GLIB_CHECK_VERSION(2, 28, 0)
|
||||
#define HAVE_MONOTONIC_TIME
|
||||
#endif
|
@ -1,36 +0,0 @@
|
||||
From de439482d4ed1db0f0f5837c98abc46f0a579ba0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>
|
||||
Date: Wed, 16 Apr 2014 12:29:39 +0100
|
||||
Subject: [PATCH] target-arm: A64: fix unallocated test of scalar SQXTUN
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The test for the U bit was incorrectly inverted in the scalar case of SQXTUN.
|
||||
This doesn't affect the vector case as the U bit is used to select XTN(2).
|
||||
|
||||
Reported-by: Hao Liu <hao.liu@arm.com>
|
||||
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
|
||||
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
|
||||
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
(cherry picked from commit e44a90c59697cf98e05619fbb6f77a403d347495)
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
target-arm/translate-a64.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
|
||||
index 9175e48..a780366 100644
|
||||
--- a/target-arm/translate-a64.c
|
||||
+++ b/target-arm/translate-a64.c
|
||||
@@ -7455,7 +7455,7 @@ static void disas_simd_scalar_two_reg_misc(DisasContext *s, uint32_t insn)
|
||||
}
|
||||
break;
|
||||
case 0x12: /* SQXTUN */
|
||||
- if (u) {
|
||||
+ if (!u) {
|
||||
unallocated_encoding(s);
|
||||
return;
|
||||
}
|
@ -1,58 +0,0 @@
|
||||
From 243f0e345cce28c1f93444de33fe7981efdac6dd Mon Sep 17 00:00:00 2001
|
||||
From: Ulrich Weigand <uweigand@de.ibm.com>
|
||||
Date: Tue, 22 Apr 2014 18:26:15 +0200
|
||||
Subject: [PATCH] tcg-ppc64: Support the ELFv2 ABI
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The new ELFv2 ABI, used by default on powerpc64le-linux hosts,
|
||||
introduced some changes that are incompatible with code currently
|
||||
generated by the ppc64 TGC target. In particular, we no longer
|
||||
use function descriptors.
|
||||
|
||||
This patch adds support for the ELFv2 ABI in the ppc64 TGC
|
||||
function call and function prologue sequences.
|
||||
|
||||
Signed-off-by: Ulrich Weigand <ulrich.weigand@de.ibm.com>
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
tcg/ppc64/tcg-target.c | 18 +++++++++++++++++-
|
||||
1 file changed, 17 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tcg/ppc64/tcg-target.c b/tcg/ppc64/tcg-target.c
|
||||
index 06e440f..4ef4838 100644
|
||||
--- a/tcg/ppc64/tcg-target.c
|
||||
+++ b/tcg/ppc64/tcg-target.c
|
||||
@@ -717,6 +717,22 @@ static void tcg_out_call(TCGContext *s, tcg_target_long arg, int const_arg)
|
||||
tcg_out32(s, MTSPR | RS(arg) | LR);
|
||||
tcg_out32(s, BCLR | BO_ALWAYS | LK);
|
||||
}
|
||||
+#elif _CALL_ELF == 2
|
||||
+ /* In the ELFv2 ABI, we do not need to set up the TOC pointer in r2,
|
||||
+ but instead we have to set up r12 to contain the destination address
|
||||
+ when performing an indirect call. */
|
||||
+ TCGReg reg = arg;
|
||||
+ if (const_arg) {
|
||||
+ /* FIXME: we could use bl if we knew that the destination uses
|
||||
+ the same TOC, and what its local entry point offset is.
|
||||
+ For now, always perform an indirect call. */
|
||||
+ tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_R12, arg);
|
||||
+ reg = TCG_REG_R12;
|
||||
+ } else {
|
||||
+ tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_R12, arg);
|
||||
+ }
|
||||
+ tcg_out32(s, MTSPR | RS(reg) | CTR);
|
||||
+ tcg_out32(s, BCCTR | BO_ALWAYS | LK);
|
||||
#else
|
||||
TCGReg reg = arg;
|
||||
int ofs = 0;
|
||||
@@ -1112,7 +1128,7 @@ static void tcg_target_qemu_prologue(TCGContext *s)
|
||||
REG_SAVE_BOT - CPU_TEMP_BUF_NLONGS * sizeof(long),
|
||||
CPU_TEMP_BUF_NLONGS * sizeof(long));
|
||||
|
||||
-#ifndef __APPLE__
|
||||
+#if !defined(__APPLE__) && _CALL_ELF != 2
|
||||
/* First emit adhoc function descriptor */
|
||||
tcg_out64(s, (uint64_t)s->code_ptr + 24); /* entry point */
|
||||
s->code_ptr += 16; /* skip TOC and environment pointer */
|
@ -1,61 +0,0 @@
|
||||
From 52c324d64cd57ad37b25ebc5f4df31b33901d03b Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:50:31 +0300
|
||||
Subject: [PATCH] vmstate: add VMS_MUST_EXIST
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Can be used to verify a required field exists or validate
|
||||
state in some other way.
|
||||
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 5bf81c8d63db0216a4d29dc87f9ce530bb791dd1)
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
include/migration/vmstate.h | 1 +
|
||||
vmstate.c | 10 ++++++++++
|
||||
2 files changed, 11 insertions(+)
|
||||
|
||||
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
|
||||
index e7e1705..de970ab 100644
|
||||
--- a/include/migration/vmstate.h
|
||||
+++ b/include/migration/vmstate.h
|
||||
@@ -100,6 +100,7 @@ enum VMStateFlags {
|
||||
VMS_MULTIPLY = 0x200, /* multiply "size" field by field_size */
|
||||
VMS_VARRAY_UINT8 = 0x400, /* Array with size in uint8_t field*/
|
||||
VMS_VARRAY_UINT32 = 0x800, /* Array with size in uint32_t field*/
|
||||
+ VMS_MUST_EXIST = 0x1000, /* Field must exist in input */
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
diff --git a/vmstate.c b/vmstate.c
|
||||
index b689f2f..d856319 100644
|
||||
--- a/vmstate.c
|
||||
+++ b/vmstate.c
|
||||
@@ -78,6 +78,10 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
+ } else if (field->flags & VMS_MUST_EXIST) {
|
||||
+ fprintf(stderr, "Input validation failed: %s/%s\n",
|
||||
+ vmsd->name, field->name);
|
||||
+ return -1;
|
||||
}
|
||||
field++;
|
||||
}
|
||||
@@ -138,6 +142,12 @@ void vmstate_save_state(QEMUFile *f, const VMStateDescription *vmsd,
|
||||
field->info->put(f, addr, size);
|
||||
}
|
||||
}
|
||||
+ } else {
|
||||
+ if (field->flags & VMS_MUST_EXIST) {
|
||||
+ fprintf(stderr, "Output state validation failed: %s/%s\n",
|
||||
+ vmsd->name, field->name);
|
||||
+ assert(!(field->flags & VMS_MUST_EXIST));
|
||||
+ }
|
||||
}
|
||||
field++;
|
||||
}
|
@ -1,37 +0,0 @@
|
||||
From e258560116c8413cd5c52af69ab73dc82142dae9 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:50:35 +0300
|
||||
Subject: [PATCH] vmstate: add VMSTATE_VALIDATE
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Validate state using VMS_ARRAY with num = 0 and VMS_MUST_EXIST
|
||||
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 4082f0889ba04678fc14816c53e1b9251ea9207e)
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
include/migration/vmstate.h | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
|
||||
index de970ab..5b71370 100644
|
||||
--- a/include/migration/vmstate.h
|
||||
+++ b/include/migration/vmstate.h
|
||||
@@ -204,6 +204,14 @@ extern const VMStateInfo vmstate_info_bitmap;
|
||||
.offset = vmstate_offset_value(_state, _field, _type), \
|
||||
}
|
||||
|
||||
+/* Validate state using a boolean predicate. */
|
||||
+#define VMSTATE_VALIDATE(_name, _test) { \
|
||||
+ .name = (_name), \
|
||||
+ .field_exists = (_test), \
|
||||
+ .flags = VMS_ARRAY | VMS_MUST_EXIST, \
|
||||
+ .num = 0, /* 0 elements: no data, only run _test */ \
|
||||
+}
|
||||
+
|
||||
#define VMSTATE_POINTER(_field, _state, _version, _info, _type) { \
|
||||
.name = (stringify(_field)), \
|
||||
.version_id = (_version), \
|
@ -1,64 +0,0 @@
|
||||
From e3f320a759052a77b4da97618a94f8adcb0a6490 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:50:39 +0300
|
||||
Subject: [PATCH] virtio-net: fix buffer overflow on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4148 QEMU 1.0 integer conversion in
|
||||
virtio_net_load()@hw/net/virtio-net.c
|
||||
|
||||
Deals with loading a corrupted savevm image.
|
||||
|
||||
> n->mac_table.in_use = qemu_get_be32(f);
|
||||
|
||||
in_use is int so it can get negative when assigned 32bit unsigned value.
|
||||
|
||||
> /* MAC_TABLE_ENTRIES may be different from the saved image */
|
||||
> if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) {
|
||||
|
||||
passing this check ^^^
|
||||
|
||||
> qemu_get_buffer(f, n->mac_table.macs,
|
||||
> n->mac_table.in_use * ETH_ALEN);
|
||||
|
||||
with good in_use value, "n->mac_table.in_use * ETH_ALEN" can get
|
||||
positive and bigger than mac_table.macs. For example 0x81000000
|
||||
satisfies this condition when ETH_ALEN is 6.
|
||||
|
||||
Fix it by making the value unsigned.
|
||||
For consistency, change first_multi as well.
|
||||
|
||||
Note: all call sites were audited to confirm that
|
||||
making them unsigned didn't cause any issues:
|
||||
it turns out we actually never do math on them,
|
||||
so it's easy to validate because both values are
|
||||
always <= MAC_TABLE_ENTRIES.
|
||||
|
||||
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 71f7fe48e10a8437c9d42d859389f37157f59980)
|
||||
[AF: BNC#864812]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
include/hw/virtio/virtio-net.h | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h
|
||||
index df60f16..4b32440 100644
|
||||
--- a/include/hw/virtio/virtio-net.h
|
||||
+++ b/include/hw/virtio/virtio-net.h
|
||||
@@ -176,8 +176,8 @@ typedef struct VirtIONet {
|
||||
uint8_t nobcast;
|
||||
uint8_t vhost_started;
|
||||
struct {
|
||||
- int in_use;
|
||||
- int first_multi;
|
||||
+ uint32_t in_use;
|
||||
+ uint32_t first_multi;
|
||||
uint8_t multi_overflow;
|
||||
uint8_t uni_overflow;
|
||||
uint8_t *macs;
|
@ -1,60 +0,0 @@
|
||||
From 0c0a6b53c543e4095da9243eb5299e03d2c88c06 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:50:56 +0300
|
||||
Subject: [PATCH] virtio-net: out-of-bounds buffer write on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4150 QEMU 1.5.0 out-of-bounds buffer write in
|
||||
virtio_net_load()@hw/net/virtio-net.c
|
||||
|
||||
This code is in hw/net/virtio-net.c:
|
||||
|
||||
if (n->max_queues > 1) {
|
||||
if (n->max_queues != qemu_get_be16(f)) {
|
||||
error_report("virtio-net: different max_queues ");
|
||||
return -1;
|
||||
}
|
||||
|
||||
n->curr_queues = qemu_get_be16(f);
|
||||
for (i = 1; i < n->curr_queues; i++) {
|
||||
n->vqs[i].tx_waiting = qemu_get_be32(f);
|
||||
}
|
||||
}
|
||||
|
||||
Number of vqs is max_queues, so if we get invalid input here,
|
||||
for example if max_queues = 2, curr_queues = 3, we get
|
||||
write beyond end of the buffer, with data that comes from
|
||||
wire.
|
||||
|
||||
This might be used to corrupt qemu memory in hard to predict ways.
|
||||
Since we have lots of function pointers around, RCE might be possible.
|
||||
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Acked-by: Jason Wang <jasowang@redhat.com>
|
||||
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit eea750a5623ddac7a61982eec8f1c93481857578)
|
||||
[AF: BNC#864650]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/net/virtio-net.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
|
||||
index 33bd233..0a8cb40 100644
|
||||
--- a/hw/net/virtio-net.c
|
||||
+++ b/hw/net/virtio-net.c
|
||||
@@ -1407,6 +1407,11 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id)
|
||||
}
|
||||
|
||||
n->curr_queues = qemu_get_be16(f);
|
||||
+ if (n->curr_queues > n->max_queues) {
|
||||
+ error_report("virtio-net: curr_queues %x > max_queues %x",
|
||||
+ n->curr_queues, n->max_queues);
|
||||
+ return -1;
|
||||
+ }
|
||||
for (i = 1; i < n->curr_queues; i++) {
|
||||
n->vqs[i].tx_waiting = qemu_get_be32(f);
|
||||
}
|
@ -1,57 +0,0 @@
|
||||
From a76b7609802937bfc6f35a75cf0809c8f7197f76 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:51:14 +0300
|
||||
Subject: [PATCH] virtio: out-of-bounds buffer write on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4151 QEMU 1.0 out-of-bounds buffer write in
|
||||
virtio_load@hw/virtio/virtio.c
|
||||
|
||||
So we have this code since way back when:
|
||||
|
||||
num = qemu_get_be32(f);
|
||||
|
||||
for (i = 0; i < num; i++) {
|
||||
vdev->vq[i].vring.num = qemu_get_be32(f);
|
||||
|
||||
array of vqs has size VIRTIO_PCI_QUEUE_MAX, so
|
||||
on invalid input this will write beyond end of buffer.
|
||||
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit cc45995294b92d95319b4782750a3580cabdbc0c)
|
||||
[AF: BNC#864653]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/virtio/virtio.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
|
||||
index aeabf3a..05f05e7 100644
|
||||
--- a/hw/virtio/virtio.c
|
||||
+++ b/hw/virtio/virtio.c
|
||||
@@ -891,7 +891,8 @@ int virtio_set_features(VirtIODevice *vdev, uint32_t val)
|
||||
|
||||
int virtio_load(VirtIODevice *vdev, QEMUFile *f)
|
||||
{
|
||||
- int num, i, ret;
|
||||
+ int i, ret;
|
||||
+ uint32_t num;
|
||||
uint32_t features;
|
||||
uint32_t supported_features;
|
||||
BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
|
||||
@@ -919,6 +920,11 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f)
|
||||
|
||||
num = qemu_get_be32(f);
|
||||
|
||||
+ if (num > VIRTIO_PCI_QUEUE_MAX) {
|
||||
+ error_report("Invalid number of PCI queues: 0x%x", num);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
for (i = 0; i < num; i++) {
|
||||
vdev->vq[i].vring.num = qemu_get_be32(f);
|
||||
if (k->has_variable_vring_alignment) {
|
@ -1,41 +0,0 @@
|
||||
From b591a65b23630ee3707647d61fc69b3f0ff16665 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:51:18 +0300
|
||||
Subject: [PATCH] ahci: fix buffer overrun on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4526
|
||||
|
||||
Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So
|
||||
we use the old version of ports to read the array but then allow any
|
||||
value for ports. This can cause the code to overflow.
|
||||
|
||||
There's no reason to migrate ports - it never changes.
|
||||
So just make sure it matches.
|
||||
|
||||
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5)
|
||||
[AF: BNC#864671]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/ide/ahci.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
|
||||
index bfe633f..457a7a1 100644
|
||||
--- a/hw/ide/ahci.c
|
||||
+++ b/hw/ide/ahci.c
|
||||
@@ -1293,7 +1293,7 @@ const VMStateDescription vmstate_ahci = {
|
||||
VMSTATE_UINT32(control_regs.impl, AHCIState),
|
||||
VMSTATE_UINT32(control_regs.version, AHCIState),
|
||||
VMSTATE_UINT32(idp_index, AHCIState),
|
||||
- VMSTATE_INT32(ports, AHCIState),
|
||||
+ VMSTATE_INT32_EQUAL(ports, AHCIState),
|
||||
VMSTATE_END_OF_LIST()
|
||||
},
|
||||
};
|
@ -1,56 +0,0 @@
|
||||
From 085771b0f84bc9e3a9d868ff67c229e83b8431a2 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:51:23 +0300
|
||||
Subject: [PATCH] hpet: fix buffer overrun on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4527 hw/timer/hpet.c buffer overrun
|
||||
|
||||
hpet is a VARRAY with a uint8 size but static array of 32
|
||||
|
||||
To fix, make sure num_timers is valid using VMSTATE_VALID hook.
|
||||
|
||||
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 3f1c49e2136fa08ab1ef3183fd55def308829584)
|
||||
[AF: BNC#864673]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/timer/hpet.c | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c
|
||||
index e15d6bc..2792f89 100644
|
||||
--- a/hw/timer/hpet.c
|
||||
+++ b/hw/timer/hpet.c
|
||||
@@ -239,6 +239,18 @@ static int hpet_pre_load(void *opaque)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static bool hpet_validate_num_timers(void *opaque, int version_id)
|
||||
+{
|
||||
+ HPETState *s = opaque;
|
||||
+
|
||||
+ if (s->num_timers < HPET_MIN_TIMERS) {
|
||||
+ return false;
|
||||
+ } else if (s->num_timers > HPET_MAX_TIMERS) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
static int hpet_post_load(void *opaque, int version_id)
|
||||
{
|
||||
HPETState *s = opaque;
|
||||
@@ -307,6 +319,7 @@ static const VMStateDescription vmstate_hpet = {
|
||||
VMSTATE_UINT64(isr, HPETState),
|
||||
VMSTATE_UINT64(hpet_counter, HPETState),
|
||||
VMSTATE_UINT8_V(num_timers, HPETState, 2),
|
||||
+ VMSTATE_VALIDATE("num_timers in range", hpet_validate_num_timers),
|
||||
VMSTATE_STRUCT_VARRAY_UINT8(timer, HPETState, num_timers, 0,
|
||||
vmstate_hpet_timer, HPETTimer),
|
||||
VMSTATE_END_OF_LIST()
|
@ -1,60 +0,0 @@
|
||||
From 3f2e8a7a3af50578270a058e658ce70680891bd8 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:51:31 +0300
|
||||
Subject: [PATCH] hw/pci/pcie_aer.c: fix buffer overruns on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
4) CVE-2013-4529
|
||||
hw/pci/pcie_aer.c pcie aer log can overrun the buffer if log_num is
|
||||
too large
|
||||
|
||||
There are two issues in this file:
|
||||
1. log_max from remote can be larger than on local
|
||||
then buffer will overrun with data coming from state file.
|
||||
2. log_num can be larger then we get data corruption
|
||||
again with an overflow but not adversary controlled.
|
||||
|
||||
Fix both issues.
|
||||
|
||||
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
|
||||
Reported-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 5f691ff91d323b6f97c6600405a7f9dc115a0ad1)
|
||||
[AF: BNC#864678]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/pci/pcie_aer.c | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
|
||||
index 991502e..535be2c 100644
|
||||
--- a/hw/pci/pcie_aer.c
|
||||
+++ b/hw/pci/pcie_aer.c
|
||||
@@ -795,6 +795,13 @@ static const VMStateDescription vmstate_pcie_aer_err = {
|
||||
}
|
||||
};
|
||||
|
||||
+static bool pcie_aer_state_log_num_valid(void *opaque, int version_id)
|
||||
+{
|
||||
+ PCIEAERLog *s = opaque;
|
||||
+
|
||||
+ return s->log_num <= s->log_max;
|
||||
+}
|
||||
+
|
||||
const VMStateDescription vmstate_pcie_aer_log = {
|
||||
.name = "PCIE_AER_ERROR_LOG",
|
||||
.version_id = 1,
|
||||
@@ -802,7 +809,8 @@ const VMStateDescription vmstate_pcie_aer_log = {
|
||||
.minimum_version_id_old = 1,
|
||||
.fields = (VMStateField[]) {
|
||||
VMSTATE_UINT16(log_num, PCIEAERLog),
|
||||
- VMSTATE_UINT16(log_max, PCIEAERLog),
|
||||
+ VMSTATE_UINT16_EQUAL(log_max, PCIEAERLog),
|
||||
+ VMSTATE_VALIDATE("log_num <= log_max", pcie_aer_state_log_num_valid),
|
||||
VMSTATE_STRUCT_VARRAY_POINTER_UINT16(log, PCIEAERLog, log_num,
|
||||
vmstate_pcie_aer_err, PCIEAERErr),
|
||||
VMSTATE_END_OF_LIST()
|
@ -1,55 +0,0 @@
|
||||
From d4e6359ea7c11e7ae6b8ff3c03394db96a2a6932 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:51:35 +0300
|
||||
Subject: [PATCH] pl022: fix buffer overun on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4530
|
||||
|
||||
pl022.c did not bounds check tx_fifo_head and
|
||||
rx_fifo_head after loading them from file and
|
||||
before they are used to dereference array.
|
||||
|
||||
Reported-by: Michael S. Tsirkin <mst@redhat.com
|
||||
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit d8d0a0bc7e194300e53a346d25fe5724fd588387)
|
||||
[AF: BNC#864682]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/ssi/pl022.c | 14 ++++++++++++++
|
||||
1 file changed, 14 insertions(+)
|
||||
|
||||
diff --git a/hw/ssi/pl022.c b/hw/ssi/pl022.c
|
||||
index fd479ef..b19bc71 100644
|
||||
--- a/hw/ssi/pl022.c
|
||||
+++ b/hw/ssi/pl022.c
|
||||
@@ -240,11 +240,25 @@ static const MemoryRegionOps pl022_ops = {
|
||||
.endianness = DEVICE_NATIVE_ENDIAN,
|
||||
};
|
||||
|
||||
+static int pl022_post_load(void *opaque, int version_id)
|
||||
+{
|
||||
+ PL022State *s = opaque;
|
||||
+
|
||||
+ if (s->tx_fifo_head < 0 ||
|
||||
+ s->tx_fifo_head >= ARRAY_SIZE(s->tx_fifo) ||
|
||||
+ s->rx_fifo_head < 0 ||
|
||||
+ s->rx_fifo_head >= ARRAY_SIZE(s->rx_fifo)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static const VMStateDescription vmstate_pl022 = {
|
||||
.name = "pl022_ssp",
|
||||
.version_id = 1,
|
||||
.minimum_version_id = 1,
|
||||
.minimum_version_id_old = 1,
|
||||
+ .post_load = pl022_post_load,
|
||||
.fields = (VMStateField[]) {
|
||||
VMSTATE_UINT32(cr0, PL022State),
|
||||
VMSTATE_UINT32(cr1, PL022State),
|
@ -1,57 +0,0 @@
|
||||
From 5c94e6582aaf791f603afbf4b1d8d86652d87f93 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:51:42 +0300
|
||||
Subject: [PATCH] vmstate: fix buffer overflow in target-arm/machine.c
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4531
|
||||
|
||||
cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for
|
||||
cpreg_vmstate_array_len will cause a buffer overflow.
|
||||
|
||||
VMSTATE_INT32_LE was supposed to protect against this
|
||||
but doesn't because it doesn't validate that input is
|
||||
non-negative.
|
||||
|
||||
Fix this macro to valide the value appropriately.
|
||||
|
||||
The only other user of VMSTATE_INT32_LE doesn't
|
||||
ever use negative numbers so it doesn't care.
|
||||
|
||||
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62)
|
||||
[AF: BNC#864796]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
vmstate.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/vmstate.c b/vmstate.c
|
||||
index d856319..105f184 100644
|
||||
--- a/vmstate.c
|
||||
+++ b/vmstate.c
|
||||
@@ -333,8 +333,9 @@ const VMStateInfo vmstate_info_int32_equal = {
|
||||
.put = put_int32,
|
||||
};
|
||||
|
||||
-/* 32 bit int. Check that the received value is less than or equal to
|
||||
- the one in the field */
|
||||
+/* 32 bit int. Check that the received value is non-negative
|
||||
+ * and less than or equal to the one in the field.
|
||||
+ */
|
||||
|
||||
static int get_int32_le(QEMUFile *f, void *pv, size_t size)
|
||||
{
|
||||
@@ -342,7 +343,7 @@ static int get_int32_le(QEMUFile *f, void *pv, size_t size)
|
||||
int32_t loaded;
|
||||
qemu_get_sbe32s(f, &loaded);
|
||||
|
||||
- if (loaded <= *cur) {
|
||||
+ if (loaded >= 0 && loaded <= *cur) {
|
||||
*cur = loaded;
|
||||
return 0;
|
||||
}
|
@ -1,45 +0,0 @@
|
||||
From 49af37a1dfdb6e7a54ae4ab9fd1c7816763bf6c1 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Roth <mdroth@linux.vnet.ibm.com>
|
||||
Date: Thu, 3 Apr 2014 19:51:46 +0300
|
||||
Subject: [PATCH] virtio: avoid buffer overrun on incoming migration
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-6399
|
||||
|
||||
vdev->queue_sel is read from the wire, and later used in the
|
||||
emulation code as an index into vdev->vq[]. If the value of
|
||||
vdev->queue_sel exceeds the length of vdev->vq[], currently
|
||||
allocated to be VIRTIO_PCI_QUEUE_MAX elements, subsequent PIO
|
||||
operations such as VIRTIO_PCI_QUEUE_PFN can be used to overrun
|
||||
the buffer with arbitrary data originating from the source.
|
||||
|
||||
Fix this by failing migration if the value from the wire exceeds
|
||||
VIRTIO_PCI_QUEUE_MAX.
|
||||
|
||||
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 4b53c2c72cb5541cf394033b528a6fe2a86c0ac1)
|
||||
[AF: BNC#864814]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/virtio/virtio.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
|
||||
index 05f05e7..0072542 100644
|
||||
--- a/hw/virtio/virtio.c
|
||||
+++ b/hw/virtio/virtio.c
|
||||
@@ -907,6 +907,9 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f)
|
||||
qemu_get_8s(f, &vdev->status);
|
||||
qemu_get_8s(f, &vdev->isr);
|
||||
qemu_get_be16s(f, &vdev->queue_sel);
|
||||
+ if (vdev->queue_sel >= VIRTIO_PCI_QUEUE_MAX) {
|
||||
+ return -1;
|
||||
+ }
|
||||
qemu_get_be32s(f, &features);
|
||||
|
||||
if (virtio_set_features(vdev, features) < 0) {
|
@ -1,46 +0,0 @@
|
||||
From c5b839d16efe607af264cd6c2d99124b2a10bc02 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:51:53 +0300
|
||||
Subject: [PATCH] virtio: validate num_sg when mapping
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4535
|
||||
CVE-2013-4536
|
||||
|
||||
Both virtio-block and virtio-serial read,
|
||||
VirtQueueElements are read in as buffers, and passed to
|
||||
virtqueue_map_sg(), where num_sg is taken from the wire and can force
|
||||
writes to indicies beyond VIRTQUEUE_MAX_SIZE.
|
||||
|
||||
To fix, validate num_sg.
|
||||
|
||||
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Cc: Amit Shah <amit.shah@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 36cf2a37132c7f01fa9adb5f95f5312b27742fd4)
|
||||
[AF: BNC#864665]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/virtio/virtio.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
|
||||
index 0072542..a70169a 100644
|
||||
--- a/hw/virtio/virtio.c
|
||||
+++ b/hw/virtio/virtio.c
|
||||
@@ -430,6 +430,12 @@ void virtqueue_map_sg(struct iovec *sg, hwaddr *addr,
|
||||
unsigned int i;
|
||||
hwaddr len;
|
||||
|
||||
+ if (num_sg >= VIRTQUEUE_MAX_SIZE) {
|
||||
+ error_report("virtio: map attempt out of bounds: %zd > %d",
|
||||
+ num_sg, VIRTQUEUE_MAX_SIZE);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
for (i = 0; i < num_sg; i++) {
|
||||
len = sg[i].iov_len;
|
||||
sg[i].iov_base = cpu_physical_memory_map(addr[i], &len, is_write);
|
@ -1,56 +0,0 @@
|
||||
From f1cebceb572956ff820ecc29362c6ade0020d570 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:51:57 +0300
|
||||
Subject: [PATCH] pxa2xx: avoid buffer overrun on incoming migration
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4533
|
||||
|
||||
s->rx_level is read from the wire and used to determine how many bytes
|
||||
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
|
||||
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
|
||||
from the wire.
|
||||
|
||||
Fix this by validating rx_level against the size of s->rx_fifo.
|
||||
|
||||
Cc: Don Koch <dkoch@verizon.com>
|
||||
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Reviewed-by: Don Koch <dkoch@verizon.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit caa881abe0e01f9931125a0977ec33c5343e4aa7)
|
||||
[AF: BNC#864655]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/arm/pxa2xx.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
|
||||
index 0429148..e0cd847 100644
|
||||
--- a/hw/arm/pxa2xx.c
|
||||
+++ b/hw/arm/pxa2xx.c
|
||||
@@ -732,7 +732,7 @@ static void pxa2xx_ssp_save(QEMUFile *f, void *opaque)
|
||||
static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id)
|
||||
{
|
||||
PXA2xxSSPState *s = (PXA2xxSSPState *) opaque;
|
||||
- int i;
|
||||
+ int i, v;
|
||||
|
||||
s->enable = qemu_get_be32(f);
|
||||
|
||||
@@ -746,7 +746,11 @@ static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id)
|
||||
qemu_get_8s(f, &s->ssrsa);
|
||||
qemu_get_8s(f, &s->ssacd);
|
||||
|
||||
- s->rx_level = qemu_get_byte(f);
|
||||
+ v = qemu_get_byte(f);
|
||||
+ if (v < 0 || v > ARRAY_SIZE(s->rx_fifo)) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ s->rx_level = v;
|
||||
s->rx_start = 0;
|
||||
for (i = 0; i < s->rx_level; i ++)
|
||||
s->rx_fifo[i] = qemu_get_byte(f);
|
@ -1,82 +0,0 @@
|
||||
From fb4795c3470c9258f96324a7e49fabf33ae1b98b Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:52:05 +0300
|
||||
Subject: [PATCH] ssd0323: fix buffer overun on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4538
|
||||
|
||||
s->cmd_len used as index in ssd0323_transfer() to store 32-bit field.
|
||||
Possible this field might then be supplied by guest to overwrite a
|
||||
return addr somewhere. Same for row/col fields, which are indicies into
|
||||
framebuffer array.
|
||||
|
||||
To fix validate after load.
|
||||
|
||||
Additionally, validate that the row/col_start/end are within bounds;
|
||||
otherwise the guest can provoke an overrun by either setting the _end
|
||||
field so large that the row++ increments just walk off the end of the
|
||||
array, or by setting the _start value to something bogus and then
|
||||
letting the "we hit end of row" logic reset row to row_start.
|
||||
|
||||
For completeness, validate mode as well.
|
||||
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit ead7a57df37d2187813a121308213f41591bd811)
|
||||
[AF: BNC#864769]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/display/ssd0323.c | 24 ++++++++++++++++++++++++
|
||||
1 file changed, 24 insertions(+)
|
||||
|
||||
diff --git a/hw/display/ssd0323.c b/hw/display/ssd0323.c
|
||||
index 971152e..9727007 100644
|
||||
--- a/hw/display/ssd0323.c
|
||||
+++ b/hw/display/ssd0323.c
|
||||
@@ -312,18 +312,42 @@ static int ssd0323_load(QEMUFile *f, void *opaque, int version_id)
|
||||
return -EINVAL;
|
||||
|
||||
s->cmd_len = qemu_get_be32(f);
|
||||
+ if (s->cmd_len < 0 || s->cmd_len > ARRAY_SIZE(s->cmd_data)) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->cmd = qemu_get_be32(f);
|
||||
for (i = 0; i < 8; i++)
|
||||
s->cmd_data[i] = qemu_get_be32(f);
|
||||
s->row = qemu_get_be32(f);
|
||||
+ if (s->row < 0 || s->row >= 80) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->row_start = qemu_get_be32(f);
|
||||
+ if (s->row_start < 0 || s->row_start >= 80) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->row_end = qemu_get_be32(f);
|
||||
+ if (s->row_end < 0 || s->row_end >= 80) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->col = qemu_get_be32(f);
|
||||
+ if (s->col < 0 || s->col >= 64) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->col_start = qemu_get_be32(f);
|
||||
+ if (s->col_start < 0 || s->col_start >= 64) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->col_end = qemu_get_be32(f);
|
||||
+ if (s->col_end < 0 || s->col_end >= 64) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->redraw = qemu_get_be32(f);
|
||||
s->remap = qemu_get_be32(f);
|
||||
s->mode = qemu_get_be32(f);
|
||||
+ if (s->mode != SSD0323_CMD && s->mode != SSD0323_DATA) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
qemu_get_buffer(f, s->framebuffer, sizeof(s->framebuffer));
|
||||
|
||||
ss->cs = qemu_get_be32(f);
|
@ -1,52 +0,0 @@
|
||||
From 9258d36c4392e02156a986a03a0d8ee8fb0c4284 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:52:09 +0300
|
||||
Subject: [PATCH] tsc210x: fix buffer overrun on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4539
|
||||
|
||||
s->precision, nextprecision, function and nextfunction
|
||||
come from wire and are used
|
||||
as idx into resolution[] in TSC_CUT_RESOLUTION.
|
||||
|
||||
Validate after load to avoid buffer overrun.
|
||||
|
||||
Cc: Andreas Färber <afaerber@suse.de>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 5193be3be35f29a35bc465036cd64ad60d43385f)
|
||||
[AF: BNC#864805]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/input/tsc210x.c | 12 ++++++++++++
|
||||
1 file changed, 12 insertions(+)
|
||||
|
||||
diff --git a/hw/input/tsc210x.c b/hw/input/tsc210x.c
|
||||
index 485c9e5..aa5b688 100644
|
||||
--- a/hw/input/tsc210x.c
|
||||
+++ b/hw/input/tsc210x.c
|
||||
@@ -1070,9 +1070,21 @@ static int tsc210x_load(QEMUFile *f, void *opaque, int version_id)
|
||||
s->enabled = qemu_get_byte(f);
|
||||
s->host_mode = qemu_get_byte(f);
|
||||
s->function = qemu_get_byte(f);
|
||||
+ if (s->function < 0 || s->function >= ARRAY_SIZE(mode_regs)) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->nextfunction = qemu_get_byte(f);
|
||||
+ if (s->nextfunction < 0 || s->nextfunction >= ARRAY_SIZE(mode_regs)) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->precision = qemu_get_byte(f);
|
||||
+ if (s->precision < 0 || s->precision >= ARRAY_SIZE(resolution)) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->nextprecision = qemu_get_byte(f);
|
||||
+ if (s->nextprecision < 0 || s->nextprecision >= ARRAY_SIZE(resolution)) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->filter = qemu_get_byte(f);
|
||||
s->pin_func = qemu_get_byte(f);
|
||||
s->ref = qemu_get_byte(f);
|
@ -1,59 +0,0 @@
|
||||
From a075e63d02fed4153136742624696b376918a820 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:52:13 +0300
|
||||
Subject: [PATCH] zaurus: fix buffer overrun on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4540
|
||||
|
||||
Within scoop_gpio_handler_update, if prev_level has a high bit set, then
|
||||
we get bit > 16 and that causes a buffer overrun.
|
||||
|
||||
Since prev_level comes from wire indirectly, this can
|
||||
happen on invalid state load.
|
||||
|
||||
Similarly for gpio_level and gpio_dir.
|
||||
|
||||
To fix, limit to 16 bit.
|
||||
|
||||
Reported-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 52f91c3723932f8340fe36c8ec8b18a757c37b2b)
|
||||
[AF: BNC#864801]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/gpio/zaurus.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/hw/gpio/zaurus.c b/hw/gpio/zaurus.c
|
||||
index dc79a8b..8e2ce04 100644
|
||||
--- a/hw/gpio/zaurus.c
|
||||
+++ b/hw/gpio/zaurus.c
|
||||
@@ -203,6 +203,15 @@ static bool is_version_0 (void *opaque, int version_id)
|
||||
return version_id == 0;
|
||||
}
|
||||
|
||||
+static bool vmstate_scoop_validate(void *opaque, int version_id)
|
||||
+{
|
||||
+ ScoopInfo *s = opaque;
|
||||
+
|
||||
+ return !(s->prev_level & 0xffff0000) &&
|
||||
+ !(s->gpio_level & 0xffff0000) &&
|
||||
+ !(s->gpio_dir & 0xffff0000);
|
||||
+}
|
||||
+
|
||||
static const VMStateDescription vmstate_scoop_regs = {
|
||||
.name = "scoop",
|
||||
.version_id = 1,
|
||||
@@ -215,6 +224,7 @@ static const VMStateDescription vmstate_scoop_regs = {
|
||||
VMSTATE_UINT32(gpio_level, ScoopInfo),
|
||||
VMSTATE_UINT32(gpio_dir, ScoopInfo),
|
||||
VMSTATE_UINT32(prev_level, ScoopInfo),
|
||||
+ VMSTATE_VALIDATE("irq levels are 16 bit", vmstate_scoop_validate),
|
||||
VMSTATE_UINT16(mcr, ScoopInfo),
|
||||
VMSTATE_UINT16(cdr, ScoopInfo),
|
||||
VMSTATE_UINT16(ccr, ScoopInfo),
|
@ -1,69 +0,0 @@
|
||||
From 2f55ce6ce26c16796443a7765a7d5fad157340ed Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:52:17 +0300
|
||||
Subject: [PATCH] virtio-scsi: fix buffer overrun on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4542
|
||||
|
||||
hw/scsi/scsi-bus.c invokes load_request.
|
||||
|
||||
virtio_scsi_load_request does:
|
||||
qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
|
||||
|
||||
this probably can make elem invalid, for example,
|
||||
make in_num or out_num huge, then:
|
||||
|
||||
virtio_scsi_parse_req(s, vs->cmd_vqs[n], req);
|
||||
|
||||
will do:
|
||||
|
||||
if (req->elem.out_num > 1) {
|
||||
qemu_sgl_init_external(req, &req->elem.out_sg[1],
|
||||
&req->elem.out_addr[1],
|
||||
req->elem.out_num - 1);
|
||||
} else {
|
||||
qemu_sgl_init_external(req, &req->elem.in_sg[1],
|
||||
&req->elem.in_addr[1],
|
||||
req->elem.in_num - 1);
|
||||
}
|
||||
|
||||
and this will access out of array bounds.
|
||||
|
||||
Note: this adds security checks within assert calls since
|
||||
SCSIBusInfo's load_request cannot fail.
|
||||
For now simply disable builds with NDEBUG - there seems
|
||||
to be little value in supporting these.
|
||||
|
||||
Cc: Andreas Färber <afaerber@suse.de>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 3c3ce981423e0d6c18af82ee62f1850c2cda5976)
|
||||
[AF: BNC#864804]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/scsi/virtio-scsi.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
|
||||
index b0d7517..1752193 100644
|
||||
--- a/hw/scsi/virtio-scsi.c
|
||||
+++ b/hw/scsi/virtio-scsi.c
|
||||
@@ -147,6 +147,15 @@ static void *virtio_scsi_load_request(QEMUFile *f, SCSIRequest *sreq)
|
||||
qemu_get_be32s(f, &n);
|
||||
assert(n < vs->conf.num_queues);
|
||||
qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
|
||||
+ /* TODO: add a way for SCSIBusInfo's load_request to fail,
|
||||
+ * and fail migration instead of asserting here.
|
||||
+ * When we do, we might be able to re-enable NDEBUG below.
|
||||
+ */
|
||||
+#ifdef NDEBUG
|
||||
+#error building with NDEBUG is not supported
|
||||
+#endif
|
||||
+ assert(req->elem.in_num <= ARRAY_SIZE(req->elem.in_sg));
|
||||
+ assert(req->elem.out_num <= ARRAY_SIZE(req->elem.out_sg));
|
||||
virtio_scsi_parse_req(s, vs->cmd_vqs[n], req);
|
||||
|
||||
scsi_req_ref(sreq);
|
@ -1,69 +0,0 @@
|
||||
From 075764d38e7916de4f2621c329d3b7d810a76500 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:52:21 +0300
|
||||
Subject: [PATCH] vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
As the macro verifies the value is positive, rename it
|
||||
to make the function clearer.
|
||||
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 3476436a44c29725efef0cabf5b3ea4e70054d57)
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/pci/pci.c | 4 ++--
|
||||
include/migration/vmstate.h | 2 +-
|
||||
target-arm/machine.c | 2 +-
|
||||
3 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
|
||||
index 2a9f08e..517ff2a 100644
|
||||
--- a/hw/pci/pci.c
|
||||
+++ b/hw/pci/pci.c
|
||||
@@ -475,7 +475,7 @@ const VMStateDescription vmstate_pci_device = {
|
||||
.minimum_version_id = 1,
|
||||
.minimum_version_id_old = 1,
|
||||
.fields = (VMStateField []) {
|
||||
- VMSTATE_INT32_LE(version_id, PCIDevice),
|
||||
+ VMSTATE_INT32_POSITIVE_LE(version_id, PCIDevice),
|
||||
VMSTATE_BUFFER_UNSAFE_INFO(config, PCIDevice, 0,
|
||||
vmstate_info_pci_config,
|
||||
PCI_CONFIG_SPACE_SIZE),
|
||||
@@ -492,7 +492,7 @@ const VMStateDescription vmstate_pcie_device = {
|
||||
.minimum_version_id = 1,
|
||||
.minimum_version_id_old = 1,
|
||||
.fields = (VMStateField []) {
|
||||
- VMSTATE_INT32_LE(version_id, PCIDevice),
|
||||
+ VMSTATE_INT32_POSITIVE_LE(version_id, PCIDevice),
|
||||
VMSTATE_BUFFER_UNSAFE_INFO(config, PCIDevice, 0,
|
||||
vmstate_info_pci_config,
|
||||
PCIE_CONFIG_SPACE_SIZE),
|
||||
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
|
||||
index 5b71370..7e45048 100644
|
||||
--- a/include/migration/vmstate.h
|
||||
+++ b/include/migration/vmstate.h
|
||||
@@ -601,7 +601,7 @@ extern const VMStateInfo vmstate_info_bitmap;
|
||||
#define VMSTATE_UINT64_EQUAL(_f, _s) \
|
||||
VMSTATE_UINT64_EQUAL_V(_f, _s, 0)
|
||||
|
||||
-#define VMSTATE_INT32_LE(_f, _s) \
|
||||
+#define VMSTATE_INT32_POSITIVE_LE(_f, _s) \
|
||||
VMSTATE_SINGLE(_f, _s, 0, vmstate_info_int32_le, int32_t)
|
||||
|
||||
#define VMSTATE_UINT8_TEST(_f, _s, _t) \
|
||||
diff --git a/target-arm/machine.c b/target-arm/machine.c
|
||||
index 7ced87a..5746ffd 100644
|
||||
--- a/target-arm/machine.c
|
||||
+++ b/target-arm/machine.c
|
||||
@@ -246,7 +246,7 @@ const VMStateDescription vmstate_arm_cpu = {
|
||||
/* The length-check must come before the arrays to avoid
|
||||
* incoming data possibly overflowing the array.
|
||||
*/
|
||||
- VMSTATE_INT32_LE(cpreg_vmstate_array_len, ARMCPU),
|
||||
+ VMSTATE_INT32_POSITIVE_LE(cpreg_vmstate_array_len, ARMCPU),
|
||||
VMSTATE_VARRAY_INT32(cpreg_vmstate_indexes, ARMCPU,
|
||||
cpreg_vmstate_array_len,
|
||||
0, vmstate_info_uint64, uint64_t),
|
@ -1,43 +0,0 @@
|
||||
From b94f504fbb4910705803236ec84805ac4ac9139e Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 3 Apr 2014 19:52:25 +0300
|
||||
Subject: [PATCH] usb: sanity check setup_index+setup_len in post_load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4541
|
||||
|
||||
s->setup_len and s->setup_index are fed into usb_packet_copy as
|
||||
size/offset into s->data_buf, it's possible for invalid state to exploit
|
||||
this to load arbitrary data.
|
||||
|
||||
setup_len and setup_index should be checked to make sure
|
||||
they are not negative.
|
||||
|
||||
Cc: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 9f8e9895c504149d7048e9fc5eb5cbb34b16e49a)
|
||||
[AF: BNC#864802]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/usb/bus.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/usb/bus.c b/hw/usb/bus.c
|
||||
index fe70429..e48b19f 100644
|
||||
--- a/hw/usb/bus.c
|
||||
+++ b/hw/usb/bus.c
|
||||
@@ -49,7 +49,9 @@ static int usb_device_post_load(void *opaque, int version_id)
|
||||
} else {
|
||||
dev->attached = 1;
|
||||
}
|
||||
- if (dev->setup_index >= sizeof(dev->data_buf) ||
|
||||
+ if (dev->setup_index < 0 ||
|
||||
+ dev->setup_len < 0 ||
|
||||
+ dev->setup_index >= sizeof(dev->data_buf) ||
|
||||
dev->setup_len >= sizeof(dev->data_buf)) {
|
||||
return -EINVAL;
|
||||
}
|
@ -1,102 +0,0 @@
|
||||
From 9ad9afb2ff3fa91c1315bd198e0118f8025b8805 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Maydell <peter.maydell@linaro.org>
|
||||
Date: Thu, 3 Apr 2014 19:52:28 +0300
|
||||
Subject: [PATCH] savevm: Ignore minimum_version_id_old if there is no
|
||||
load_state_old
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
At the moment we require vmstate definitions to set minimum_version_id_old
|
||||
to the same value as minimum_version_id if they do not provide a
|
||||
load_state_old handler. Since the load_state_old functionality is
|
||||
required only for a handful of devices that need to retain migration
|
||||
compatibility with a pre-vmstate implementation, this means the bulk
|
||||
of devices have pointless boilerplate. Relax the definition so that
|
||||
minimum_version_id_old is ignored if there is no load_state_old handler.
|
||||
|
||||
Note that under the old scheme we would segfault if the vmstate
|
||||
specified a minimum_version_id_old that was less than minimum_version_id
|
||||
but did not provide a load_state_old function, and the incoming state
|
||||
specified a version number between minimum_version_id_old and
|
||||
minimum_version_id. Under the new scheme this will just result in
|
||||
our failing the migration.
|
||||
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 767adce2d9cd397de3418caa16be35ea18d56f22)
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
docs/migration.txt | 12 +++++-------
|
||||
vmstate.c | 9 +++++----
|
||||
2 files changed, 10 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/docs/migration.txt b/docs/migration.txt
|
||||
index 0e0a1d4..fe1f2bb 100644
|
||||
--- a/docs/migration.txt
|
||||
+++ b/docs/migration.txt
|
||||
@@ -139,7 +139,6 @@ static const VMStateDescription vmstate_kbd = {
|
||||
.name = "pckbd",
|
||||
.version_id = 3,
|
||||
.minimum_version_id = 3,
|
||||
- .minimum_version_id_old = 3,
|
||||
.fields = (VMStateField []) {
|
||||
VMSTATE_UINT8(write_cmd, KBDState),
|
||||
VMSTATE_UINT8(status, KBDState),
|
||||
@@ -168,12 +167,13 @@ You can see that there are several version fields:
|
||||
- minimum_version_id: the minimum version_id that VMState is able to understand
|
||||
for that device.
|
||||
- minimum_version_id_old: For devices that were not able to port to vmstate, we can
|
||||
- assign a function that knows how to read this old state.
|
||||
+ assign a function that knows how to read this old state. This field is
|
||||
+ ignored if there is no load_state_old handler.
|
||||
|
||||
So, VMState is able to read versions from minimum_version_id to
|
||||
-version_id. And the function load_state_old() is able to load state
|
||||
-from minimum_version_id_old to minimum_version_id. This function is
|
||||
-deprecated and will be removed when no more users are left.
|
||||
+version_id. And the function load_state_old() (if present) is able to
|
||||
+load state from minimum_version_id_old to minimum_version_id. This
|
||||
+function is deprecated and will be removed when no more users are left.
|
||||
|
||||
=== Massaging functions ===
|
||||
|
||||
@@ -255,7 +255,6 @@ const VMStateDescription vmstate_ide_drive_pio_state = {
|
||||
.name = "ide_drive/pio_state",
|
||||
.version_id = 1,
|
||||
.minimum_version_id = 1,
|
||||
- .minimum_version_id_old = 1,
|
||||
.pre_save = ide_drive_pio_pre_save,
|
||||
.post_load = ide_drive_pio_post_load,
|
||||
.fields = (VMStateField []) {
|
||||
@@ -275,7 +274,6 @@ const VMStateDescription vmstate_ide_drive = {
|
||||
.name = "ide_drive",
|
||||
.version_id = 3,
|
||||
.minimum_version_id = 0,
|
||||
- .minimum_version_id_old = 0,
|
||||
.post_load = ide_drive_post_load,
|
||||
.fields = (VMStateField []) {
|
||||
.... several fields ....
|
||||
diff --git a/vmstate.c b/vmstate.c
|
||||
index 105f184..582c321 100644
|
||||
--- a/vmstate.c
|
||||
+++ b/vmstate.c
|
||||
@@ -19,11 +19,12 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
|
||||
if (version_id > vmsd->version_id) {
|
||||
return -EINVAL;
|
||||
}
|
||||
- if (version_id < vmsd->minimum_version_id_old) {
|
||||
- return -EINVAL;
|
||||
- }
|
||||
if (version_id < vmsd->minimum_version_id) {
|
||||
- return vmsd->load_state_old(f, opaque, version_id);
|
||||
+ if (vmsd->load_state_old &&
|
||||
+ version_id >= vmsd->minimum_version_id_old) {
|
||||
+ return vmsd->load_state_old(f, opaque, version_id);
|
||||
+ }
|
||||
+ return -EINVAL;
|
||||
}
|
||||
if (vmsd->pre_load) {
|
||||
int ret = vmsd->pre_load(opaque);
|
@ -1,46 +0,0 @@
|
||||
From 9ec43fe48680cf5917eb3d41ad85201d4137871f Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Mon, 28 Apr 2014 16:08:14 +0300
|
||||
Subject: [PATCH] ssi-sd: fix buffer overrun on invalid state load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4537
|
||||
|
||||
s->arglen is taken from wire and used as idx
|
||||
in ssi_sd_transfer().
|
||||
|
||||
Validate it before access.
|
||||
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit a9c380db3b8c6af19546a68145c8d1438a09c92b)
|
||||
[AF: BNC#864391]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/sd/ssi-sd.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c
|
||||
index 3273c8a..b012e57 100644
|
||||
--- a/hw/sd/ssi-sd.c
|
||||
+++ b/hw/sd/ssi-sd.c
|
||||
@@ -230,8 +230,17 @@ static int ssi_sd_load(QEMUFile *f, void *opaque, int version_id)
|
||||
for (i = 0; i < 5; i++)
|
||||
s->response[i] = qemu_get_be32(f);
|
||||
s->arglen = qemu_get_be32(f);
|
||||
+ if (s->mode == SSI_SD_CMDARG &&
|
||||
+ (s->arglen < 0 || s->arglen >= ARRAY_SIZE(s->cmdarg))) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
s->response_pos = qemu_get_be32(f);
|
||||
s->stopping = qemu_get_be32(f);
|
||||
+ if (s->mode == SSI_SD_RESPONSE &&
|
||||
+ (s->response_pos < 0 || s->response_pos >= ARRAY_SIZE(s->response) ||
|
||||
+ (!s->stopping && s->arglen > ARRAY_SIZE(s->response)))) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
|
||||
ss->cs = qemu_get_be32(f);
|
||||
|
@ -1,77 +0,0 @@
|
||||
From e70b97747393a4d5544bdb9eb64a7f5b69b0bb91 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Roth <mdroth@linux.vnet.ibm.com>
|
||||
Date: Mon, 28 Apr 2014 16:08:17 +0300
|
||||
Subject: [PATCH] openpic: avoid buffer overrun on incoming migration
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4534
|
||||
|
||||
opp->nb_cpus is read from the wire and used to determine how many
|
||||
IRQDest elements to read into opp->dst[]. If the value exceeds the
|
||||
length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary
|
||||
data from the wire.
|
||||
|
||||
Fix this by failing migration if the value read from the wire exceeds
|
||||
MAX_CPU.
|
||||
|
||||
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
||||
Reviewed-by: Alexander Graf <agraf@suse.de>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e)
|
||||
[AF: BNC#864811]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/intc/openpic.c | 16 ++++++++++++++--
|
||||
1 file changed, 14 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/intc/openpic.c b/hw/intc/openpic.c
|
||||
index be76fbd..17136c9 100644
|
||||
--- a/hw/intc/openpic.c
|
||||
+++ b/hw/intc/openpic.c
|
||||
@@ -41,6 +41,7 @@
|
||||
#include "hw/sysbus.h"
|
||||
#include "hw/pci/msi.h"
|
||||
#include "qemu/bitops.h"
|
||||
+#include "qapi/qmp/qerror.h"
|
||||
|
||||
//#define DEBUG_OPENPIC
|
||||
|
||||
@@ -1416,7 +1417,7 @@ static void openpic_load_IRQ_queue(QEMUFile* f, IRQQueue *q)
|
||||
static int openpic_load(QEMUFile* f, void *opaque, int version_id)
|
||||
{
|
||||
OpenPICState *opp = (OpenPICState *)opaque;
|
||||
- unsigned int i;
|
||||
+ unsigned int i, nb_cpus;
|
||||
|
||||
if (version_id != 1) {
|
||||
return -EINVAL;
|
||||
@@ -1428,7 +1429,11 @@ static int openpic_load(QEMUFile* f, void *opaque, int version_id)
|
||||
qemu_get_be32s(f, &opp->spve);
|
||||
qemu_get_be32s(f, &opp->tfrr);
|
||||
|
||||
- qemu_get_be32s(f, &opp->nb_cpus);
|
||||
+ qemu_get_be32s(f, &nb_cpus);
|
||||
+ if (opp->nb_cpus != nb_cpus) {
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+ assert(nb_cpus > 0 && nb_cpus <= MAX_CPU);
|
||||
|
||||
for (i = 0; i < opp->nb_cpus; i++) {
|
||||
qemu_get_sbe32s(f, &opp->dst[i].ctpr);
|
||||
@@ -1567,6 +1572,13 @@ static void openpic_realize(DeviceState *dev, Error **errp)
|
||||
{NULL}
|
||||
};
|
||||
|
||||
+ if (opp->nb_cpus > MAX_CPU) {
|
||||
+ error_set(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE,
|
||||
+ TYPE_OPENPIC, "nb_cpus", (uint64_t)opp->nb_cpus,
|
||||
+ (uint64_t)0, (uint64_t)MAX_CPU);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
switch (opp->model) {
|
||||
case OPENPIC_MODEL_FSL_MPIC_20:
|
||||
default:
|
@ -1,60 +0,0 @@
|
||||
From 2eae80d0ad4c9d0de849fbe8ad6d7d5fa788fdfb Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Mon, 28 Apr 2014 16:08:21 +0300
|
||||
Subject: [PATCH] virtio-net: out-of-bounds buffer write on load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CVE-2013-4149 QEMU 1.3.0 out-of-bounds buffer write in
|
||||
virtio_net_load()@hw/net/virtio-net.c
|
||||
|
||||
> } else if (n->mac_table.in_use) {
|
||||
> uint8_t *buf = g_malloc0(n->mac_table.in_use);
|
||||
|
||||
We are allocating buffer of size n->mac_table.in_use
|
||||
|
||||
> qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN);
|
||||
|
||||
and read to the n->mac_table.in_use size buffer n->mac_table.in_use *
|
||||
ETH_ALEN bytes, corrupting memory.
|
||||
|
||||
If adversary controls state then memory written there is controlled
|
||||
by adversary.
|
||||
|
||||
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit 98f93ddd84800f207889491e0b5d851386b459cf)
|
||||
[AF: BNC#864649]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/net/virtio-net.c | 15 +++++++++++----
|
||||
1 file changed, 11 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
|
||||
index 0a8cb40..940a7cf 100644
|
||||
--- a/hw/net/virtio-net.c
|
||||
+++ b/hw/net/virtio-net.c
|
||||
@@ -1362,10 +1362,17 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id)
|
||||
if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) {
|
||||
qemu_get_buffer(f, n->mac_table.macs,
|
||||
n->mac_table.in_use * ETH_ALEN);
|
||||
- } else if (n->mac_table.in_use) {
|
||||
- uint8_t *buf = g_malloc0(n->mac_table.in_use);
|
||||
- qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN);
|
||||
- g_free(buf);
|
||||
+ } else {
|
||||
+ int64_t i;
|
||||
+
|
||||
+ /* Overflow detected - can happen if source has a larger MAC table.
|
||||
+ * We simply set overflow flag so there's no need to maintain the
|
||||
+ * table of addresses, discard them all.
|
||||
+ * Note: 64 bit math to avoid integer overflow.
|
||||
+ */
|
||||
+ for (i = 0; i < (int64_t)n->mac_table.in_use * ETH_ALEN; ++i) {
|
||||
+ qemu_get_byte(f);
|
||||
+ }
|
||||
n->mac_table.multi_overflow = n->mac_table.uni_overflow = 1;
|
||||
n->mac_table.in_use = 0;
|
||||
}
|
@ -1,57 +0,0 @@
|
||||
From 5d2ec830b492cc18205d3a10d9ed3595559cd831 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Mon, 28 Apr 2014 16:08:23 +0300
|
||||
Subject: [PATCH] virtio: validate config_len on load
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Malformed input can have config_len in migration stream
|
||||
exceed the array size allocated on destination, the
|
||||
result will be heap overflow.
|
||||
|
||||
To fix, that config_len matches on both sides.
|
||||
|
||||
CVE-2014-0182
|
||||
|
||||
Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
|
||||
--
|
||||
|
||||
v2: use %ix and %zx to print config_len values
|
||||
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
||||
(cherry picked from commit a890a2f9137ac3cf5b607649e66a6f3a5512d8dc)
|
||||
[AF: BNC#874788]
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/virtio/virtio.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
|
||||
index a70169a..7f4e7ec 100644
|
||||
--- a/hw/virtio/virtio.c
|
||||
+++ b/hw/virtio/virtio.c
|
||||
@@ -898,6 +898,7 @@ int virtio_set_features(VirtIODevice *vdev, uint32_t val)
|
||||
int virtio_load(VirtIODevice *vdev, QEMUFile *f)
|
||||
{
|
||||
int i, ret;
|
||||
+ int32_t config_len;
|
||||
uint32_t num;
|
||||
uint32_t features;
|
||||
uint32_t supported_features;
|
||||
@@ -924,7 +925,12 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f)
|
||||
features, supported_features);
|
||||
return -1;
|
||||
}
|
||||
- vdev->config_len = qemu_get_be32(f);
|
||||
+ config_len = qemu_get_be32(f);
|
||||
+ if (config_len != vdev->config_len) {
|
||||
+ error_report("Unexpected config length 0x%x. Expected 0x%zx",
|
||||
+ config_len, vdev->config_len);
|
||||
+ return -1;
|
||||
+ }
|
||||
qemu_get_buffer(f, vdev->config, vdev->config_len);
|
||||
|
||||
num = qemu_get_be32(f);
|
@ -1,36 +0,0 @@
|
||||
From f609ef91bccd8b1637575516a94a5dc0af804b40 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Mon, 12 May 2014 12:04:20 +0300
|
||||
Subject: [PATCH] virtio: allow mapping up to max queue size
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so
|
||||
it's OK if the value read is VIRTQUEUE_MAX_SIZE.
|
||||
|
||||
Not a big problem in practice as people don't use
|
||||
such big queues, but it's inelegant.
|
||||
|
||||
Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
(cherry picked from commit 937251408051e0489f78e4db3c92e045b147b38b)
|
||||
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
||||
---
|
||||
hw/virtio/virtio.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
|
||||
index 7f4e7ec..3557c17 100644
|
||||
--- a/hw/virtio/virtio.c
|
||||
+++ b/hw/virtio/virtio.c
|
||||
@@ -430,7 +430,7 @@ void virtqueue_map_sg(struct iovec *sg, hwaddr *addr,
|
||||
unsigned int i;
|
||||
hwaddr len;
|
||||
|
||||
- if (num_sg >= VIRTQUEUE_MAX_SIZE) {
|
||||
+ if (num_sg > VIRTQUEUE_MAX_SIZE) {
|
||||
error_report("virtio: map attempt out of bounds: %zd > %d",
|
||||
num_sg, VIRTQUEUE_MAX_SIZE);
|
||||
exit(1);
|
@ -1,29 +0,0 @@
|
||||
From 11ad0bafbf137a874f88ac810520acb90fa9a990 Mon Sep 17 00:00:00 2001
|
||||
From: Bo Yang <boyang@suse.com>
|
||||
Date: Wed, 20 Mar 2013 16:34:17 +0800
|
||||
Subject: [PATCH] [build] Avoid strict-aliasing warning for gcc 4.3
|
||||
|
||||
Signed-off-by: Bo Yang <boyang@suse.com>
|
||||
Signed-off-by: Michael Brown <mcb30@ipxe.org>
|
||||
---
|
||||
src/arch/i386/include/bits/byteswap.h | 4 ++--
|
||||
1 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/roms/ipxe/src/arch/i386/include/bits/byteswap.h b/roms/ipxe/src/arch/i386/include/bits/byteswap.h
|
||||
index f3d30a2..0d9cb96 100644
|
||||
--- a/roms/ipxe/src/arch/i386/include/bits/byteswap.h
|
||||
+++ b/roms/ipxe/src/arch/i386/include/bits/byteswap.h
|
||||
@@ -53,8 +53,8 @@ __bswap_variable_64 ( uint64_t x ) {
|
||||
static inline __attribute__ (( always_inline )) void
|
||||
__bswap_64s ( uint64_t *x ) {
|
||||
struct {
|
||||
- uint32_t low;
|
||||
- uint32_t high;
|
||||
+ uint32_t __attribute__ (( may_alias )) low;
|
||||
+ uint32_t __attribute__ (( may_alias )) high;
|
||||
} __attribute__ (( may_alias )) *dwords = ( ( void * ) x );
|
||||
uint32_t discard;
|
||||
|
||||
--
|
||||
1.7.7
|
||||
|
@ -1,55 +0,0 @@
|
||||
From 238050dfd46e3c4a87329da1d48b4d8dde5af8a1 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Brown <mcb30@ipxe.org>
|
||||
Date: Fri, 7 Jun 2013 13:46:27 +0100
|
||||
Subject: [PATCH] [build] Work around bug in gcc >= 4.8
|
||||
|
||||
gcc 4.8 and 4.9 fail to compile pxe_call.c with the error "bp cannot
|
||||
be used in asm here". Other points in the codebase which use "ebp" in
|
||||
the asm clobber list do not seem to be affected.
|
||||
|
||||
Unfortunately gcc provides no way to specify %ebp as an output
|
||||
register, so we cannot use this as a workaround. The only viable
|
||||
solution is to explicitly push/pop %ebp within the asm itself. This
|
||||
is ugly for two reasons: firstly, it may be unnecessary; secondly, it
|
||||
may cause gcc to generate invalid %esp-relative addresses if the asm
|
||||
happens to use memory operands. This specific block of asm uses no
|
||||
memory operands and so will not generate invalid code.
|
||||
|
||||
Reported-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
Reported-by: Christian Hesse <list@eworm.de>
|
||||
Originally-fixed-by: Christian Hesse <list@eworm.de>
|
||||
Signed-off-by: Michael Brown <mcb30@ipxe.org>
|
||||
---
|
||||
roms/ipxe/src/arch/i386/interface/pxe/pxe_call.c | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
Index: b/roms/ipxe/src/arch/i386/interface/pxe/pxe_call.c
|
||||
===================================================================
|
||||
--- a/roms/ipxe/src/arch/i386/interface/pxe/pxe_call.c
|
||||
+++ b/roms/ipxe/src/arch/i386/interface/pxe/pxe_call.c
|
||||
@@ -265,12 +265,14 @@ int pxe_start_nbp ( void ) {
|
||||
DBG ( "Restarting NBP (%x)\n", jmp );
|
||||
|
||||
/* Far call to PXE NBP */
|
||||
- __asm__ __volatile__ ( REAL_CODE ( "movw %%cx, %%es\n\t"
|
||||
+ __asm__ __volatile__ ( REAL_CODE ( "pushl %%ebp\n\t" /* gcc bug */
|
||||
+ "movw %%cx, %%es\n\t"
|
||||
"pushw %%es\n\t"
|
||||
"pushw %%di\n\t"
|
||||
"sti\n\t"
|
||||
"lcall $0, $0x7c00\n\t"
|
||||
- "addw $4, %%sp\n\t" )
|
||||
+ "popl %%ebp\n\t" /* discard */
|
||||
+ "popl %%ebp\n\t" /* gcc bug */ )
|
||||
: "=a" ( rc ), "=b" ( discard_b ),
|
||||
"=c" ( discard_c ), "=d" ( discard_d ),
|
||||
"=D" ( discard_D )
|
||||
@@ -278,7 +280,7 @@ int pxe_start_nbp ( void ) {
|
||||
"c" ( rm_cs ),
|
||||
"d" ( virt_to_phys ( &pxenv ) ),
|
||||
"D" ( __from_text16 ( &ppxe ) )
|
||||
- : "esi", "ebp", "memory" );
|
||||
+ : "esi", "memory" );
|
||||
|
||||
return rc;
|
||||
}
|
@ -1,41 +0,0 @@
|
||||
From eb5a2ba5962579e514b377f5fdab7292be0fb2a7 Mon Sep 17 00:00:00 2001
|
||||
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||
Date: Tue, 5 Mar 2013 15:18:20 +0000
|
||||
Subject: [PATCH] [zbin] Fix size used for memset in alloc_output_file
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The output->buf field is a pointer, not an array, so sizeof() is not
|
||||
applicable. We must use the allocated string length instead.
|
||||
|
||||
Identified by gcc:
|
||||
|
||||
util/zbin.c: In function ‘alloc_output_file’:
|
||||
util/zbin.c:146:37: warning: argument to ‘sizeof’ in ‘memset’ call
|
||||
is the same expression as the destination; did you mean to
|
||||
dereference it? [-Wsizeof-pointer-memaccess]
|
||||
memset ( output->buf, 0xff, sizeof ( output->buf ) );
|
||||
|
||||
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
Signed-off-by: Michael Brown <mcb30@ipxe.org>
|
||||
---
|
||||
src/util/zbin.c | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/roms/ipxe/src/util/zbin.c b/roms/ipxe/src/util/zbin.c
|
||||
index 0dabaf1..3b7cf95 100644
|
||||
--- a/roms/ipxe/src/util/zbin.c
|
||||
+++ b/roms/ipxe/src/util/zbin.c
|
||||
@@ -143,7 +143,7 @@ static int alloc_output_file ( size_t max_len, struct output_file *output ) {
|
||||
max_len );
|
||||
return -1;
|
||||
}
|
||||
- memset ( output->buf, 0xff, sizeof ( output->buf ) );
|
||||
+ memset ( output->buf, 0xff, max_len );
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
1.7.7
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:058db8ef29b53a4a9bfcfad59193bec18d39a16790765f0a4db6b12963ced6df
|
||||
size 12948827
|
3
qemu-2.1.0-rc1.tar.bz2
Normal file
3
qemu-2.1.0-rc1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ebac4b3ebea59e3ebbc6f1674a60285c608ef9c0f19715ea592e162c682aee6b
|
||||
size 23541925
|
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 9 17:34:55 UTC 2014 - afaerber@suse.de
|
||||
|
||||
- Update to v2.1.0-rc0: http://wiki.qemu-project.org/ChangeLog/2.1
|
||||
* Package qemu-ppc64le binary
|
||||
* Modified update_git.sh accordingly
|
||||
- Update to v2.1.0-rc1: http://wiki.qemu-project.org/ChangeLog/2.1
|
||||
* Modified update_git.sh accordingly
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 13 08:17:18 UTC 2014 - afaerber@suse.de
|
||||
|
||||
|
@ -21,9 +21,9 @@ Url: http://www.qemu.org/
|
||||
Summary: Universal CPU emulator
|
||||
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
||||
Group: System/Emulators/PC
|
||||
Version: 2.0.0
|
||||
Version: 2.0.91
|
||||
Release: 0
|
||||
Source: qemu-2.0.0.tar.bz2
|
||||
Source: qemu-2.1.0-rc1.tar.bz2
|
||||
# This patch queue is auto-generated from https://github.com/openSUSE/qemu
|
||||
Patch0001: 0001-XXX-dont-dump-core-on-sigabort.patch
|
||||
Patch0002: 0002-XXX-work-around-SA_RESTART-race-wit.patch
|
||||
@ -39,7 +39,7 @@ Patch0011: 0011-linux-user-add-binfmt-wrapper-for-a.patch
|
||||
Patch0012: 0012-PPC-KVM-Disable-mmu-notifier-check.patch
|
||||
Patch0013: 0013-linux-user-fix-segfault-deadlock.patch
|
||||
Patch0014: 0014-linux-user-binfmt-support-host-bina.patch
|
||||
Patch0015: 0015-linux-user-arm-no-tb_flush-on-reset.patch
|
||||
Patch0015: 0015-target-arm-linux-user-no-tb_flush-o.patch
|
||||
Patch0016: 0016-linux-user-Ignore-broken-loop-ioctl.patch
|
||||
Patch0017: 0017-linux-user-lock-tcg.patch
|
||||
Patch0018: 0018-linux-user-Run-multi-threaded-code-.patch
|
||||
@ -61,42 +61,13 @@ Patch0033: 0033-Make-char-muxer-more-robust-wrt-sma.patch
|
||||
Patch0034: 0034-linux-user-lseek-explicitly-cast-no.patch
|
||||
Patch0035: 0035-virtfs-proxy-helper-Provide-__u64-f.patch
|
||||
Patch0036: 0036-configure-Enable-PIE-for-ppc-and-pp.patch
|
||||
Patch0037: 0037-xen_disk-add-discard-support.patch
|
||||
Patch0038: 0038-tests-Don-t-run-qom-test-twice.patch
|
||||
Patch0039: 0039-qtest-Assure-that-init_socket-s-lis.patch
|
||||
Patch0040: 0040-qtest-Add-error-reporting-to-socket.patch
|
||||
Patch0041: 0041-qtest-Increase-socket-timeout.patch
|
||||
Patch0042: 0042-qtest-Be-paranoid-about-accept-addr.patch
|
||||
Patch0043: 0043-arm-translate.c-Fix-smlald-Instruct.patch
|
||||
Patch0044: 0044-target-arm-A64-fix-unallocated-test.patch
|
||||
Patch0045: 0045-tcg-ppc64-Support-the-ELFv2-ABI.patch
|
||||
Patch0046: 0046-vmstate-add-VMS_MUST_EXIST.patch
|
||||
Patch0047: 0047-vmstate-add-VMSTATE_VALIDATE.patch
|
||||
Patch0048: 0048-virtio-net-fix-buffer-overflow-on-i.patch
|
||||
Patch0049: 0049-virtio-net-out-of-bounds-buffer-wri.patch
|
||||
Patch0050: 0050-virtio-out-of-bounds-buffer-write-o.patch
|
||||
Patch0051: 0051-ahci-fix-buffer-overrun-on-invalid-.patch
|
||||
Patch0052: 0052-hpet-fix-buffer-overrun-on-invalid-.patch
|
||||
Patch0053: 0053-hw-pci-pcie_aer.c-fix-buffer-overru.patch
|
||||
Patch0054: 0054-pl022-fix-buffer-overun-on-invalid-.patch
|
||||
Patch0055: 0055-vmstate-fix-buffer-overflow-in-targ.patch
|
||||
Patch0056: 0056-virtio-avoid-buffer-overrun-on-inco.patch
|
||||
Patch0057: 0057-virtio-validate-num_sg-when-mapping.patch
|
||||
Patch0058: 0058-pxa2xx-avoid-buffer-overrun-on-inco.patch
|
||||
Patch0059: 0059-ssd0323-fix-buffer-overun-on-invali.patch
|
||||
Patch0060: 0060-tsc210x-fix-buffer-overrun-on-inval.patch
|
||||
Patch0061: 0061-zaurus-fix-buffer-overrun-on-invali.patch
|
||||
Patch0062: 0062-virtio-scsi-fix-buffer-overrun-on-i.patch
|
||||
Patch0063: 0063-vmstate-s-VMSTATE_INT32_LE-VMSTATE_.patch
|
||||
Patch0064: 0064-usb-sanity-check-setup_index-setup_.patch
|
||||
Patch0065: 0065-savevm-Ignore-minimum_version_id_ol.patch
|
||||
Patch0066: 0066-ssi-sd-fix-buffer-overrun-on-invali.patch
|
||||
Patch0067: 0067-openpic-avoid-buffer-overrun-on-inc.patch
|
||||
Patch0068: 0068-virtio-net-out-of-bounds-buffer-wri.patch
|
||||
Patch0069: 0069-virtio-validate-config_len-on-load.patch
|
||||
Patch0070: 0070-virtio-allow-mapping-up-to-max-queu.patch
|
||||
Patch0071: 0071-module-Simplify-module_load.patch
|
||||
Patch0072: 0072-module-Don-t-complain-when-a-module.patch
|
||||
Patch0037: 0037-tests-Don-t-run-qom-test-twice.patch
|
||||
Patch0038: 0038-qtest-Increase-socket-timeout.patch
|
||||
Patch0039: 0039-module-Simplify-module_load.patch
|
||||
Patch0040: 0040-module-Don-t-complain-when-a-module.patch
|
||||
Patch0041: 0041-tests-Fix-unterminated-string-outpu.patch
|
||||
Patch0042: 0042-libqos-Fix-PC-PCI-endianness-glitch.patch
|
||||
Patch0043: 0043-qtest-fix-vhost-user-test-compilati.patch
|
||||
# Please do not add patches manually here, run update_git.sh.
|
||||
# this is to make lint happy
|
||||
Source300: rpmlintrc
|
||||
@ -149,7 +120,7 @@ emulations. This can be used together with the OBS build script to
|
||||
run cross-architecture builds.
|
||||
|
||||
%prep
|
||||
%setup -q -n qemu-2.0.0
|
||||
%setup -q -n qemu-2.1.0-rc1
|
||||
%patch0001 -p1
|
||||
%patch0002 -p1
|
||||
%patch0003 -p1
|
||||
@ -193,35 +164,6 @@ run cross-architecture builds.
|
||||
%patch0041 -p1
|
||||
%patch0042 -p1
|
||||
%patch0043 -p1
|
||||
%patch0044 -p1
|
||||
%patch0045 -p1
|
||||
%patch0046 -p1
|
||||
%patch0047 -p1
|
||||
%patch0048 -p1
|
||||
%patch0049 -p1
|
||||
%patch0050 -p1
|
||||
%patch0051 -p1
|
||||
%patch0052 -p1
|
||||
%patch0053 -p1
|
||||
%patch0054 -p1
|
||||
%patch0055 -p1
|
||||
%patch0056 -p1
|
||||
%patch0057 -p1
|
||||
%patch0058 -p1
|
||||
%patch0059 -p1
|
||||
%patch0060 -p1
|
||||
%patch0061 -p1
|
||||
%patch0062 -p1
|
||||
%patch0063 -p1
|
||||
%patch0064 -p1
|
||||
%patch0065 -p1
|
||||
%patch0066 -p1
|
||||
%patch0067 -p1
|
||||
%patch0068 -p1
|
||||
%patch0069 -p1
|
||||
%patch0070 -p1
|
||||
%patch0071 -p1
|
||||
%patch0072 -p1
|
||||
|
||||
%build
|
||||
./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \
|
||||
@ -284,6 +226,7 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%_bindir/qemu-or32
|
||||
%_bindir/qemu-ppc64abi32
|
||||
%_bindir/qemu-ppc64
|
||||
%_bindir/qemu-ppc64le
|
||||
%_bindir/qemu-ppc
|
||||
%_bindir/qemu-s390x
|
||||
%_bindir/qemu-sh4
|
||||
|
@ -23,7 +23,7 @@ License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
||||
Group: System/Emulators/PC
|
||||
QEMU_VERSION
|
||||
Release: 0
|
||||
Source: qemu-2.0.0.tar.bz2
|
||||
Source: qemu-2.1.0-rc1.tar.bz2
|
||||
# This patch queue is auto-generated from https://github.com/openSUSE/qemu
|
||||
PATCH_FILES
|
||||
# Please do not add patches manually here, run update_git.sh.
|
||||
@ -78,7 +78,7 @@ emulations. This can be used together with the OBS build script to
|
||||
run cross-architecture builds.
|
||||
|
||||
%prep
|
||||
%setup -q -n qemu-2.0.0
|
||||
%setup -q -n qemu-2.1.0-rc1
|
||||
PATCH_EXEC
|
||||
|
||||
%build
|
||||
@ -142,6 +142,7 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%_bindir/qemu-or32
|
||||
%_bindir/qemu-ppc64abi32
|
||||
%_bindir/qemu-ppc64
|
||||
%_bindir/qemu-ppc64le
|
||||
%_bindir/qemu-ppc
|
||||
%_bindir/qemu-s390x
|
||||
%_bindir/qemu-sh4
|
||||
|
21
qemu.changes
21
qemu.changes
@ -1,3 +1,24 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 9 17:34:55 UTC 2014 - afaerber@suse.de
|
||||
|
||||
- Update to v2.1.0-rc0: http://wiki.qemu-project.org/ChangeLog/2.1
|
||||
* xen_disk discard support now upstream
|
||||
0037-xen_disk-add-discard-support.patch dropped
|
||||
* PowerPC ELF v2 support now upstream
|
||||
0045-tcg-ppc64-Support-the-ELFv2-ABI.patch dropped
|
||||
* iPXE fixes now included
|
||||
ipxe-build-Work-around-bug-in-gcc-4.8.patch dropped
|
||||
ipxe-build-Avoid-strict-aliasing-warning.patch dropped
|
||||
ipxe-zbin-Fix-size-used-for-memset-in-al.patch dropped
|
||||
* SeaVGABIOS fix now included
|
||||
vgabios-Make-sure-stdvga_list_modes-doesn-t-overrun-.patch dropped
|
||||
* Modified update_git.sh accordingly
|
||||
- Update to v2.1.0-rc1: http://wiki.qemu-project.org/ChangeLog/2.1
|
||||
* 0041-tests-Fix-unterminated-string-outpu.patch: Test fix
|
||||
* 0042-libqos-Fix-PC-PCI-endianness-glitch.patch: Test fix for ppc
|
||||
* 0043-qtest-fix-vhost-user-test-compilati.patch: Test fix for SP3
|
||||
* Modified update_git.sh accordingly
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 23 21:42:31 UTC 2014 - afaerber@suse.de
|
||||
|
||||
|
96
qemu.spec
96
qemu.spec
@ -43,9 +43,9 @@ Url: http://www.qemu.org/
|
||||
Summary: Universal CPU emulator
|
||||
License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
||||
Group: System/Emulators/PC
|
||||
Version: 2.0.0
|
||||
Version: 2.0.91
|
||||
Release: 0
|
||||
Source: %name-2.0.0.tar.bz2
|
||||
Source: %name-2.1.0-rc1.tar.bz2
|
||||
Source1: 80-kvm.rules
|
||||
Source2: qemu-ifup
|
||||
Source3: kvm_stat
|
||||
@ -68,7 +68,7 @@ Patch0011: 0011-linux-user-add-binfmt-wrapper-for-a.patch
|
||||
Patch0012: 0012-PPC-KVM-Disable-mmu-notifier-check.patch
|
||||
Patch0013: 0013-linux-user-fix-segfault-deadlock.patch
|
||||
Patch0014: 0014-linux-user-binfmt-support-host-bina.patch
|
||||
Patch0015: 0015-linux-user-arm-no-tb_flush-on-reset.patch
|
||||
Patch0015: 0015-target-arm-linux-user-no-tb_flush-o.patch
|
||||
Patch0016: 0016-linux-user-Ignore-broken-loop-ioctl.patch
|
||||
Patch0017: 0017-linux-user-lock-tcg.patch
|
||||
Patch0018: 0018-linux-user-Run-multi-threaded-code-.patch
|
||||
@ -90,51 +90,15 @@ Patch0033: 0033-Make-char-muxer-more-robust-wrt-sma.patch
|
||||
Patch0034: 0034-linux-user-lseek-explicitly-cast-no.patch
|
||||
Patch0035: 0035-virtfs-proxy-helper-Provide-__u64-f.patch
|
||||
Patch0036: 0036-configure-Enable-PIE-for-ppc-and-pp.patch
|
||||
Patch0037: 0037-xen_disk-add-discard-support.patch
|
||||
Patch0038: 0038-tests-Don-t-run-qom-test-twice.patch
|
||||
Patch0039: 0039-qtest-Assure-that-init_socket-s-lis.patch
|
||||
Patch0040: 0040-qtest-Add-error-reporting-to-socket.patch
|
||||
Patch0041: 0041-qtest-Increase-socket-timeout.patch
|
||||
Patch0042: 0042-qtest-Be-paranoid-about-accept-addr.patch
|
||||
Patch0043: 0043-arm-translate.c-Fix-smlald-Instruct.patch
|
||||
Patch0044: 0044-target-arm-A64-fix-unallocated-test.patch
|
||||
Patch0045: 0045-tcg-ppc64-Support-the-ELFv2-ABI.patch
|
||||
Patch0046: 0046-vmstate-add-VMS_MUST_EXIST.patch
|
||||
Patch0047: 0047-vmstate-add-VMSTATE_VALIDATE.patch
|
||||
Patch0048: 0048-virtio-net-fix-buffer-overflow-on-i.patch
|
||||
Patch0049: 0049-virtio-net-out-of-bounds-buffer-wri.patch
|
||||
Patch0050: 0050-virtio-out-of-bounds-buffer-write-o.patch
|
||||
Patch0051: 0051-ahci-fix-buffer-overrun-on-invalid-.patch
|
||||
Patch0052: 0052-hpet-fix-buffer-overrun-on-invalid-.patch
|
||||
Patch0053: 0053-hw-pci-pcie_aer.c-fix-buffer-overru.patch
|
||||
Patch0054: 0054-pl022-fix-buffer-overun-on-invalid-.patch
|
||||
Patch0055: 0055-vmstate-fix-buffer-overflow-in-targ.patch
|
||||
Patch0056: 0056-virtio-avoid-buffer-overrun-on-inco.patch
|
||||
Patch0057: 0057-virtio-validate-num_sg-when-mapping.patch
|
||||
Patch0058: 0058-pxa2xx-avoid-buffer-overrun-on-inco.patch
|
||||
Patch0059: 0059-ssd0323-fix-buffer-overun-on-invali.patch
|
||||
Patch0060: 0060-tsc210x-fix-buffer-overrun-on-inval.patch
|
||||
Patch0061: 0061-zaurus-fix-buffer-overrun-on-invali.patch
|
||||
Patch0062: 0062-virtio-scsi-fix-buffer-overrun-on-i.patch
|
||||
Patch0063: 0063-vmstate-s-VMSTATE_INT32_LE-VMSTATE_.patch
|
||||
Patch0064: 0064-usb-sanity-check-setup_index-setup_.patch
|
||||
Patch0065: 0065-savevm-Ignore-minimum_version_id_ol.patch
|
||||
Patch0066: 0066-ssi-sd-fix-buffer-overrun-on-invali.patch
|
||||
Patch0067: 0067-openpic-avoid-buffer-overrun-on-inc.patch
|
||||
Patch0068: 0068-virtio-net-out-of-bounds-buffer-wri.patch
|
||||
Patch0069: 0069-virtio-validate-config_len-on-load.patch
|
||||
Patch0070: 0070-virtio-allow-mapping-up-to-max-queu.patch
|
||||
Patch0071: 0071-module-Simplify-module_load.patch
|
||||
Patch0072: 0072-module-Don-t-complain-when-a-module.patch
|
||||
Patch0037: 0037-tests-Don-t-run-qom-test-twice.patch
|
||||
Patch0038: 0038-qtest-Increase-socket-timeout.patch
|
||||
Patch0039: 0039-module-Simplify-module_load.patch
|
||||
Patch0040: 0040-module-Don-t-complain-when-a-module.patch
|
||||
Patch0041: 0041-tests-Fix-unterminated-string-outpu.patch
|
||||
Patch0042: 0042-libqos-Fix-PC-PCI-endianness-glitch.patch
|
||||
Patch0043: 0043-qtest-fix-vhost-user-test-compilati.patch
|
||||
# Please do not add patches manually here, run update_git.sh.
|
||||
|
||||
# roms/ipxe patches
|
||||
Patch1000: ipxe-build-Work-around-bug-in-gcc-4.8.patch
|
||||
Patch1001: ipxe-zbin-Fix-size-used-for-memset-in-al.patch
|
||||
Patch1002: ipxe-build-Avoid-strict-aliasing-warning.patch
|
||||
Patch1003: vgabios-Make-sure-stdvga_list_modes-doesn-t-overrun-.patch
|
||||
# end roms/ipxe patches
|
||||
|
||||
# this is to make lint happy
|
||||
Source300: rpmlintrc
|
||||
Source302: bridge.conf
|
||||
@ -457,7 +421,7 @@ This sub-package contains the guest agent.
|
||||
%package seabios
|
||||
Summary: X86 BIOS for QEMU
|
||||
Group: System/Emulators/PC
|
||||
Version: 1.7.4
|
||||
Version: 1.7.5
|
||||
Release: 0
|
||||
%if 0%{?suse_version} > %{noarch_supported}
|
||||
BuildArch: noarch
|
||||
@ -471,7 +435,7 @@ is the default BIOS for QEMU.
|
||||
%package vgabios
|
||||
Summary: VGA BIOSes for QEMU
|
||||
Group: System/Emulators/PC
|
||||
Version: 1.7.4
|
||||
Version: 1.7.5
|
||||
Release: 0
|
||||
%if 0%{?suse_version} > %{noarch_supported}
|
||||
BuildArch: noarch
|
||||
@ -526,7 +490,7 @@ This package provides a service file for starting and stopping KSM.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q #-n %name-2.0.0-rc3
|
||||
%setup -q -n %name-2.1.0-rc1
|
||||
%patch0001 -p1
|
||||
%patch0002 -p1
|
||||
%patch0003 -p1
|
||||
@ -570,40 +534,6 @@ This package provides a service file for starting and stopping KSM.
|
||||
%patch0041 -p1
|
||||
%patch0042 -p1
|
||||
%patch0043 -p1
|
||||
%patch0044 -p1
|
||||
%patch0045 -p1
|
||||
%patch0046 -p1
|
||||
%patch0047 -p1
|
||||
%patch0048 -p1
|
||||
%patch0049 -p1
|
||||
%patch0050 -p1
|
||||
%patch0051 -p1
|
||||
%patch0052 -p1
|
||||
%patch0053 -p1
|
||||
%patch0054 -p1
|
||||
%patch0055 -p1
|
||||
%patch0056 -p1
|
||||
%patch0057 -p1
|
||||
%patch0058 -p1
|
||||
%patch0059 -p1
|
||||
%patch0060 -p1
|
||||
%patch0061 -p1
|
||||
%patch0062 -p1
|
||||
%patch0063 -p1
|
||||
%patch0064 -p1
|
||||
%patch0065 -p1
|
||||
%patch0066 -p1
|
||||
%patch0067 -p1
|
||||
%patch0068 -p1
|
||||
%patch0069 -p1
|
||||
%patch0070 -p1
|
||||
%patch0071 -p1
|
||||
%patch0072 -p1
|
||||
|
||||
%patch1000 -p1
|
||||
%patch1001 -p1
|
||||
%patch1002 -p1
|
||||
%patch1003 -p1
|
||||
|
||||
%if %{build_x86_fw_from_source}
|
||||
# as a safeguard, delete the firmware files that we intend to build
|
||||
|
16
qemu.spec.in
16
qemu.spec.in
@ -45,7 +45,7 @@ License: BSD-3-Clause and GPL-2.0 and GPL-2.0+ and LGPL-2.1+ and MIT
|
||||
Group: System/Emulators/PC
|
||||
QEMU_VERSION
|
||||
Release: 0
|
||||
Source: %name-2.0.0.tar.bz2
|
||||
Source: %name-2.1.0-rc1.tar.bz2
|
||||
Source1: 80-kvm.rules
|
||||
Source2: qemu-ifup
|
||||
Source3: kvm_stat
|
||||
@ -57,13 +57,6 @@ Source7: 60-kvm.x86.rules
|
||||
PATCH_FILES
|
||||
# Please do not add patches manually here, run update_git.sh.
|
||||
|
||||
# roms/ipxe patches
|
||||
Patch1000: ipxe-build-Work-around-bug-in-gcc-4.8.patch
|
||||
Patch1001: ipxe-zbin-Fix-size-used-for-memset-in-al.patch
|
||||
Patch1002: ipxe-build-Avoid-strict-aliasing-warning.patch
|
||||
Patch1003: vgabios-Make-sure-stdvga_list_modes-doesn-t-overrun-.patch
|
||||
# end roms/ipxe patches
|
||||
|
||||
# this is to make lint happy
|
||||
Source300: rpmlintrc
|
||||
Source302: bridge.conf
|
||||
@ -455,14 +448,9 @@ This package provides a service file for starting and stopping KSM.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q #-n %name-2.0.0-rc3
|
||||
%setup -q -n %name-2.1.0-rc1
|
||||
PATCH_EXEC
|
||||
|
||||
%patch1000 -p1
|
||||
%patch1001 -p1
|
||||
%patch1002 -p1
|
||||
%patch1003 -p1
|
||||
|
||||
%if %{build_x86_fw_from_source}
|
||||
# as a safeguard, delete the firmware files that we intend to build
|
||||
for i in %built_firmware_files
|
||||
|
@ -11,8 +11,8 @@
|
||||
|
||||
GIT_TREE=git://github.com/openSUSE/qemu.git
|
||||
GIT_LOCAL_TREE=~/git/qemu-opensuse
|
||||
GIT_BRANCH=opensuse-2.0
|
||||
GIT_UPSTREAM_TAG=v2.0.0
|
||||
GIT_BRANCH=opensuse-2.1
|
||||
GIT_UPSTREAM_TAG=v2.1.0-rc1
|
||||
GIT_DIR=/dev/shm/qemu-factory-git-dir
|
||||
CMP_DIR=/dev/shm/qemu-factory-cmp-dir
|
||||
|
||||
|
@ -1,29 +0,0 @@
|
||||
From 2620984b42fd2a374e94c75f04982c60edf179cb Mon Sep 17 00:00:00 2001
|
||||
From: Kevin O'Connor <kevin@koconnor.net>
|
||||
Date: Tue, 11 Feb 2014 17:36:56 -0500
|
||||
Subject: [PATCH] vgabios: Make sure stdvga_list_modes() doesn't overrun the
|
||||
buffer.
|
||||
References: bnc#880625
|
||||
|
||||
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
vgasrc/stdvgamodes.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/roms/seabios/vgasrc/stdvgamodes.c b/roms/seabios/vgasrc/stdvgamodes.c
|
||||
index a97c85f..8436729 100644
|
||||
--- a/roms/seabios/vgasrc/stdvgamodes.c
|
||||
+++ b/roms/seabios/vgasrc/stdvgamodes.c
|
||||
@@ -336,7 +336,7 @@ void
|
||||
stdvga_list_modes(u16 seg, u16 *dest, u16 *last)
|
||||
{
|
||||
int i;
|
||||
- for (i = 0; i < ARRAY_SIZE(vga_modes); i++) {
|
||||
+ for (i = 0; i < ARRAY_SIZE(vga_modes) && dest < last; i++) {
|
||||
struct stdvga_mode_s *stdmode_g = &vga_modes[i];
|
||||
u16 mode = GET_GLOBAL(stdmode_g->mode);
|
||||
if (mode == 0xffff)
|
||||
--
|
||||
1.9.0
|
||||
|
Loading…
Reference in New Issue
Block a user