Skip to content
Snippets Groups Projects
Verified Commit b6c0e8ad authored by Andrei Gherzan's avatar Andrei Gherzan :penguin:
Browse files

qemu: Drop version 5.2.0 


oe-core now comes with a newer version: 6.1.0. 5.2.0 version was an
upgrade for dunfell but now that we move to newer layers, we can drop it
and use the latest in upstream.

Signed-off-by: Andrei Gherzan's avatarAndrei Gherzan <andrei.gherzan@huawei.com>
parent fb297405
No related branches found
No related tags found
1 merge request!30flavours/zephyr/local.conf.sample: Bump CONF_VERSION
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 1107 deletions
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3409_4.patch deleted 100644 → 0
+ 0
75
View file @ fb297405
From b672bcaf5522294a4d8de3e88e0932d55585ee3b Mon Sep 17 00:00:00 2001
From: Bin Meng <bmeng.cn@gmail.com>
Date: Wed, 3 Mar 2021 20:26:37 +0800
Subject: [PATCH 4/6] hw/sd: sdhci: Correctly set the controller status for
ADMA
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When an ADMA transfer is started, the codes forget to set the
controller status to indicate a transfer is in progress.
With this fix, the following 2 reproducers:
https://paste.debian.net/plain/1185136
https://paste.debian.net/plain/1185141
cannot be reproduced with the following QEMU command line:
$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \
-nodefaults -device sdhci-pci,sd-spec-version=3 \
-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \
-device sd-card,drive=mydrive -qtest stdio
Cc: qemu-stable@nongnu.org
Fixes: CVE-2020-17380
Fixes: CVE-2020-25085
Fixes: CVE-2021-3409
Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum)
Reported-by: Sergej Schumilo (Ruhr-Universität Bochum)
Reported-by: Simon Wörner (Ruhr-Universität Bochum)
Buglink: https://bugs.launchpad.net/qemu/+bug/1892960
Buglink: https://bugs.launchpad.net/qemu/+bug/1909418
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210303122639.20004-4-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Upstream-Status: Backport [bc6f28995ff88f5d82c38afcfd65406f0ae375aa]
CVE: CVE-2021-3409
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/sd/sdhci.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index d8a46f307..7de03c6dd 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -768,7 +768,9 @@ static void sdhci_do_adma(SDHCIState *s)
switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) {
case SDHC_ADMA_ATTR_ACT_TRAN: /* data transfer */
+ s->prnsts |= SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE;
if (s->trnmod & SDHC_TRNS_READ) {
+ s->prnsts |= SDHC_DOING_READ;
while (length) {
if (s->data_count == 0) {
sdbus_read_data(&s->sdbus, s->fifo_buffer, block_size);
@@ -796,6 +798,7 @@ static void sdhci_do_adma(SDHCIState *s)
}
}
} else {
+ s->prnsts |= SDHC_DOING_WRITE;
while (length) {
begin = s->data_count;
if ((length + begin) < block_size) {
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch deleted 100644 → 0
+ 0
56
View file @ fb297405
From c2298884cf6bcf2b047b4bae5f78432b052b5729 Mon Sep 17 00:00:00 2001
From: Bin Meng <bmeng.cn@gmail.com>
Date: Wed, 3 Mar 2021 20:26:38 +0800
Subject: [PATCH 5/6] hw/sd: sdhci: Limit block size only when SDHC_BLKSIZE
register is writable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The codes to limit the maximum block size is only necessary when
SDHC_BLKSIZE register is writable.
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210303122639.20004-5-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Upstream-Status: Backport [5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd]
CVE: CVE-2021-3409
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/sd/sdhci.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 7de03c6dd..6c780126e 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1142,15 +1142,15 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size)
if (!TRANSFERRING_DATA(s->prnsts)) {
MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12));
MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
- }
- /* Limit block size to the maximum buffer size */
- if (extract32(s->blksize, 0, 12) > s->buf_maxsz) {
- qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than "
- "the maximum buffer 0x%x\n", __func__, s->blksize,
- s->buf_maxsz);
+ /* Limit block size to the maximum buffer size */
+ if (extract32(s->blksize, 0, 12) > s->buf_maxsz) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than "
+ "the maximum buffer 0x%x\n", __func__, s->blksize,
+ s->buf_maxsz);
- s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz);
+ s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz);
+ }
}
break;
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3409_6.patch deleted 100644 → 0
+ 0
99
View file @ fb297405
From db916870a839346767b6d5ca7d0eed3128ba5fea Mon Sep 17 00:00:00 2001
From: Bin Meng <bmeng.cn@gmail.com>
Date: Wed, 3 Mar 2021 20:26:39 +0800
Subject: [PATCH 6/6] hw/sd: sdhci: Reset the data pointer of s->fifo_buffer[]
when a different block size is programmed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If the block size is programmed to a different value from the
previous one, reset the data pointer of s->fifo_buffer[] so that
s->fifo_buffer[] can be filled in using the new block size in
the next transfer.
With this fix, the following reproducer:
outl 0xcf8 0x80001010
outl 0xcfc 0xe0000000
outl 0xcf8 0x80001001
outl 0xcfc 0x06000000
write 0xe000002c 0x1 0x05
write 0xe0000005 0x1 0x02
write 0xe0000007 0x1 0x01
write 0xe0000028 0x1 0x10
write 0x0 0x1 0x23
write 0x2 0x1 0x08
write 0xe000000c 0x1 0x01
write 0xe000000e 0x1 0x20
write 0xe000000f 0x1 0x00
write 0xe000000c 0x1 0x32
write 0xe0000004 0x2 0x0200
write 0xe0000028 0x1 0x00
write 0xe0000003 0x1 0x40
cannot be reproduced with the following QEMU command line:
$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \
-nodefaults -device sdhci-pci,sd-spec-version=3 \
-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \
-device sd-card,drive=mydrive -qtest stdio
Cc: qemu-stable@nongnu.org
Fixes: CVE-2020-17380
Fixes: CVE-2020-25085
Fixes: CVE-2021-3409
Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum)
Reported-by: Sergej Schumilo (Ruhr-Universität Bochum)
Reported-by: Simon Wörner (Ruhr-Universität Bochum)
Buglink: https://bugs.launchpad.net/qemu/+bug/1892960
Buglink: https://bugs.launchpad.net/qemu/+bug/1909418
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210303122639.20004-6-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Upstream-Status: Backport [cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9]
CVE: CVE-2021-3409
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/sd/sdhci.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 6c780126e..216842420 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1140,6 +1140,8 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size)
break;
case SDHC_BLKSIZE:
if (!TRANSFERRING_DATA(s->prnsts)) {
+ uint16_t blksize = s->blksize;
+
MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12));
MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
@@ -1151,6 +1153,16 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size)
s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz);
}
+
+ /*
+ * If the block size is programmed to a different value from
+ * the previous one, reset the data pointer of s->fifo_buffer[]
+ * so that s->fifo_buffer[] can be filled in using the new block
+ * size in the next transfer.
+ */
+ if (blksize != s->blksize) {
+ s->data_count = 0;
+ }
}
break;
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3416_1.patch deleted 100644 → 0
+ 0
177
View file @ fb297405
From 4b1988a29d67277d6c8ce1df52975f5616592913 Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Wed, 24 Feb 2021 11:44:36 +0800
Subject: [PATCH 01/10] net: introduce qemu_receive_packet()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Some NIC supports loopback mode and this is done by calling
nc->info->receive() directly which in fact suppresses the effort of
reentrancy check that is done in qemu_net_queue_send().
Unfortunately we can't use qemu_net_queue_send() here since for
loopback there's no sender as peer, so this patch introduce a
qemu_receive_packet() which is used for implementing loopback mode
for a NIC with this check.
NIC that supports loopback mode will be converted to this helper.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [705df5466c98f3efdd2b68d3b31dad86858acad7]
CVE: CVE-2021-3416
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
include/net/net.h | 5 +++++
include/net/queue.h | 8 ++++++++
net/net.c | 38 +++++++++++++++++++++++++++++++-------
net/queue.c | 22 ++++++++++++++++++++++
4 files changed, 66 insertions(+), 7 deletions(-)
diff --git a/include/net/net.h b/include/net/net.h
index 778fc787c..03f058ecb 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -143,12 +143,17 @@ void *qemu_get_nic_opaque(NetClientState *nc);
void qemu_del_net_client(NetClientState *nc);
typedef void (*qemu_nic_foreach)(NICState *nic, void *opaque);
void qemu_foreach_nic(qemu_nic_foreach func, void *opaque);
+int qemu_can_receive_packet(NetClientState *nc);
int qemu_can_send_packet(NetClientState *nc);
ssize_t qemu_sendv_packet(NetClientState *nc, const struct iovec *iov,
int iovcnt);
ssize_t qemu_sendv_packet_async(NetClientState *nc, const struct iovec *iov,
int iovcnt, NetPacketSent *sent_cb);
ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size);
+ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size);
+ssize_t qemu_receive_packet_iov(NetClientState *nc,
+ const struct iovec *iov,
+ int iovcnt);
ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size);
ssize_t qemu_send_packet_async(NetClientState *nc, const uint8_t *buf,
int size, NetPacketSent *sent_cb);
diff --git a/include/net/queue.h b/include/net/queue.h
index c0269bb1d..9f2f289d7 100644
--- a/include/net/queue.h
+++ b/include/net/queue.h
@@ -55,6 +55,14 @@ void qemu_net_queue_append_iov(NetQueue *queue,
void qemu_del_net_queue(NetQueue *queue);
+ssize_t qemu_net_queue_receive(NetQueue *queue,
+ const uint8_t *data,
+ size_t size);
+
+ssize_t qemu_net_queue_receive_iov(NetQueue *queue,
+ const struct iovec *iov,
+ int iovcnt);
+
ssize_t qemu_net_queue_send(NetQueue *queue,
NetClientState *sender,
unsigned flags,
diff --git a/net/net.c b/net/net.c
index 6a2c3d956..5e15e5d27 100644
--- a/net/net.c
+++ b/net/net.c
@@ -528,6 +528,17 @@ int qemu_set_vnet_be(NetClientState *nc, bool is_be)
#endif
}
+int qemu_can_receive_packet(NetClientState *nc)
+{
+ if (nc->receive_disabled) {
+ return 0;
+ } else if (nc->info->can_receive &&
+ !nc->info->can_receive(nc)) {
+ return 0;
+ }
+ return 1;
+}
+
int qemu_can_send_packet(NetClientState *sender)
{
int vm_running = runstate_is_running();
@@ -540,13 +551,7 @@ int qemu_can_send_packet(NetClientState *sender)
return 1;
}
- if (sender->peer->receive_disabled) {
- return 0;
- } else if (sender->peer->info->can_receive &&
- !sender->peer->info->can_receive(sender->peer)) {
- return 0;
- }
- return 1;
+ return qemu_can_receive_packet(sender->peer);
}
static ssize_t filter_receive_iov(NetClientState *nc,
@@ -679,6 +684,25 @@ ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size)
return qemu_send_packet_async(nc, buf, size, NULL);
}
+ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size)
+{
+ if (!qemu_can_receive_packet(nc)) {
+ return 0;
+ }
+
+ return qemu_net_queue_receive(nc->incoming_queue, buf, size);
+}
+
+ssize_t qemu_receive_packet_iov(NetClientState *nc, const struct iovec *iov,
+ int iovcnt)
+{
+ if (!qemu_can_receive_packet(nc)) {
+ return 0;
+ }
+
+ return qemu_net_queue_receive_iov(nc->incoming_queue, iov, iovcnt);
+}
+
ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size)
{
return qemu_send_packet_async_with_flags(nc, QEMU_NET_PACKET_FLAG_RAW,
diff --git a/net/queue.c b/net/queue.c
index 19e32c80f..c872d51df 100644
--- a/net/queue.c
+++ b/net/queue.c
@@ -182,6 +182,28 @@ static ssize_t qemu_net_queue_deliver_iov(NetQueue *queue,
return ret;
}
+ssize_t qemu_net_queue_receive(NetQueue *queue,
+ const uint8_t *data,
+ size_t size)
+{
+ if (queue->delivering) {
+ return 0;
+ }
+
+ return qemu_net_queue_deliver(queue, NULL, 0, data, size);
+}
+
+ssize_t qemu_net_queue_receive_iov(NetQueue *queue,
+ const struct iovec *iov,
+ int iovcnt)
+{
+ if (queue->delivering) {
+ return 0;
+ }
+
+ return qemu_net_queue_deliver_iov(queue, NULL, 0, iov, iovcnt);
+}
+
ssize_t qemu_net_queue_send(NetQueue *queue,
NetClientState *sender,
unsigned flags,
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch deleted 100644 → 0
+ 0
44
View file @ fb297405
From 65b851efd3d0280425c202f4e5880c48f8334dae Mon Sep 17 00:00:00 2001
From: Alexander Bulekov <alxndr@bu.edu>
Date: Mon, 1 Mar 2021 14:35:30 -0500
Subject: [PATCH 10/10] lan9118: switch to use qemu_receive_packet() for
loopback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [37cee01784ff0df13e5209517e1b3594a5e792d1]
CVE: CVE-2021-3416
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/net/lan9118.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c
index ab57c02c8..75f18ae2d 100644
--- a/hw/net/lan9118.c
+++ b/hw/net/lan9118.c
@@ -669,7 +669,7 @@ static void do_tx_packet(lan9118_state *s)
/* FIXME: Honor TX disable, and allow queueing of packets. */
if (s->phy_control & 0x4000) {
/* This assumes the receive routine doesn't touch the VLANClient. */
- lan9118_receive(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
+ qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
} else {
qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
}
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3416_2.patch deleted 100644 → 0
+ 0
42
View file @ fb297405
From e2a48a3c7cc33dbbe89f896e0f07462cb04ff6b5 Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Wed, 24 Feb 2021 12:13:22 +0800
Subject: [PATCH 02/10] e1000: switch to use qemu_receive_packet() for loopback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [1caff0340f49c93d535c6558a5138d20d475315c]
CVE: CVE-2021-3416
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/net/e1000.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index d7d05ae30..cf22c4f07 100644
--- a/hw/net/e1000.c
+++ b/hw/net/e1000.c
@@ -546,7 +546,7 @@ e1000_send_packet(E1000State *s, const uint8_t *buf, int size)
NetClientState *nc = qemu_get_queue(s->nic);
if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) {
- nc->info->receive(nc, buf, size);
+ qemu_receive_packet(nc, buf, size);
} else {
qemu_send_packet(nc, buf, size);
}
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3416_3.patch deleted 100644 → 0
+ 0
43
View file @ fb297405
From c041a4da1ff119715e0ccf2d4a7af62568f17b93 Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Wed, 24 Feb 2021 12:57:40 +0800
Subject: [PATCH 03/10] dp8393x: switch to use qemu_receive_packet() for
loopback packet
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [331d2ac9ea307c990dc86e6493e8f0c48d14bb33]
CVE: CVE-2021-3416
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/net/dp8393x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index 205c0decc..533a8304d 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -506,7 +506,7 @@ static void dp8393x_do_transmit_packets(dp8393xState *s)
s->regs[SONIC_TCR] |= SONIC_TCR_CRSL;
if (nc->info->can_receive(nc)) {
s->loopback_packet = 1;
- nc->info->receive(nc, s->tx_buffer, tx_len);
+ qemu_receive_packet(nc, s->tx_buffer, tx_len);
}
} else {
/* Transmit packet */
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3416_4.patch deleted 100644 → 0
+ 0
43
View file @ fb297405
From 9ac5345344b75995bc96d171eaa5dc8d26bf0e21 Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Wed, 24 Feb 2021 13:00:01 +0800
Subject: [PATCH 04/10] msf2-mac: switch to use qemu_receive_packet() for
loopback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [26194a58f4eb83c5bdf4061a1628508084450ba1]
CVE: CVE-2021-3416
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/net/msf2-emac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c
index 32ba9e841..3e6206044 100644
--- a/hw/net/msf2-emac.c
+++ b/hw/net/msf2-emac.c
@@ -158,7 +158,7 @@ static void msf2_dma_tx(MSF2EmacState *s)
* R_CFG1 bit 0 is set.
*/
if (s->regs[R_CFG1] & R_CFG1_LB_EN_MASK) {
- nc->info->receive(nc, buf, size);
+ qemu_receive_packet(nc, buf, size);
} else {
qemu_send_packet(nc, buf, size);
}
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3416_5.patch deleted 100644 → 0
+ 0
45
View file @ fb297405
From d465dc79c9ee729d91ef086b993e956b1935be69 Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Wed, 24 Feb 2021 13:14:35 +0800
Subject: [PATCH 05/10] sungem: switch to use qemu_receive_packet() for
loopback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [8c92060d3c0248bd4d515719a35922cd2391b9b4]
CVE: CVE-2021-3416
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/net/sungem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/sungem.c b/hw/net/sungem.c
index 33c3722df..3684a4d73 100644
--- a/hw/net/sungem.c
+++ b/hw/net/sungem.c
@@ -306,7 +306,7 @@ static void sungem_send_packet(SunGEMState *s, const uint8_t *buf,
NetClientState *nc = qemu_get_queue(s->nic);
if (s->macregs[MAC_XIFCFG >> 2] & MAC_XIFCFG_LBCK) {
- nc->info->receive(nc, buf, size);
+ qemu_receive_packet(nc, buf, size);
} else {
qemu_send_packet(nc, buf, size);
}
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch deleted 100644 → 0
+ 0
43
View file @ fb297405
From c0010f9b2bafe866fe32e3c2688454bc24147136 Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Wed, 24 Feb 2021 13:27:52 +0800
Subject: [PATCH 06/10] tx_pkt: switch to use qemu_receive_packet_iov() for
loopback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch switches to use qemu_receive_receive_iov() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [8c552542b81e56ff532dd27ec6e5328954bdda73]
CVE: CVE-2021-3416
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/net/net_tx_pkt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
index da262edc3..1f9aa59ec 100644
--- a/hw/net/net_tx_pkt.c
+++ b/hw/net/net_tx_pkt.c
@@ -553,7 +553,7 @@ static inline void net_tx_pkt_sendv(struct NetTxPkt *pkt,
NetClientState *nc, const struct iovec *iov, int iov_cnt)
{
if (pkt->is_loopback) {
- nc->info->receive_iov(nc, iov, iov_cnt);
+ qemu_receive_packet_iov(nc, iov, iov_cnt);
} else {
qemu_sendv_packet(nc, iov, iov_cnt);
}
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3416_7.patch deleted 100644 → 0
+ 0
45
View file @ fb297405
From 64b38675c728354e4015e4bec3d975cd4cb8a981 Mon Sep 17 00:00:00 2001
From: Alexander Bulekov <alxndr@bu.edu>
Date: Fri, 26 Feb 2021 13:47:53 -0500
Subject: [PATCH 07/10] rtl8139: switch to use qemu_receive_packet() for
loopback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/qemu/+bug/1910826
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [5311fb805a4403bba024e83886fa0e7572265de4]
CVE: CVE-2021-3416
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/net/rtl8139.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index ba5ace1ab..d2dd03e6a 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -1795,7 +1795,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
}
DPRINTF("+++ transmit loopback mode\n");
- rtl8139_do_receive(qemu_get_queue(s->nic), buf, size, do_interrupt);
+ qemu_receive_packet(qemu_get_queue(s->nic), buf, size);
if (iov) {
g_free(buf2);
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3416_8.patch deleted 100644 → 0
+ 0
44
View file @ fb297405
From 023ce62f0a788ad3a8233c7a828554bceeafd031 Mon Sep 17 00:00:00 2001
From: Alexander Bulekov <alxndr@bu.edu>
Date: Mon, 1 Mar 2021 10:33:34 -0500
Subject: [PATCH 08/10] pcnet: switch to use qemu_receive_packet() for loopback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/qemu/+bug/1917085
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928]
CVE: CVE-2021-3416
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/net/pcnet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
index f3f18d859..dcd3fc494 100644
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -1250,7 +1250,7 @@ txagain:
if (BCR_SWSTYLE(s) == 1)
add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
- pcnet_receive(qemu_get_queue(s->nic), s->buffer, s->xmit_pos);
+ qemu_receive_packet(qemu_get_queue(s->nic), s->buffer, s->xmit_pos);
s->looptest = 0;
} else {
if (s->nic) {
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch deleted 100644 → 0
+ 0
46
View file @ fb297405
From ecf7e62bb2cb02c9bd40082504ae376f3e19ffd2 Mon Sep 17 00:00:00 2001
From: Alexander Bulekov <alxndr@bu.edu>
Date: Mon, 1 Mar 2021 14:33:43 -0500
Subject: [PATCH 09/10] cadence_gem: switch to use qemu_receive_packet() for
loopback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Upstream-Status: Backport [e73adfbeec9d4e008630c814759052ed945c3fed]
CVE: CVE-2021-3416
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/net/cadence_gem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 7a534691f..43b760e3f 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -1275,8 +1275,8 @@ static void gem_transmit(CadenceGEMState *s)
/* Send the packet somewhere */
if (s->phy_loop || (s->regs[GEM_NWCTRL] &
GEM_NWCTRL_LOCALLOOP)) {
- gem_receive(qemu_get_queue(s->nic), s->tx_packet,
- total_bytes);
+ qemu_receive_packet(qemu_get_queue(s->nic), s->tx_packet,
+ total_bytes);
} else {
qemu_send_packet(qemu_get_queue(s->nic), s->tx_packet,
total_bytes);
--
2.29.2
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch deleted 100644 → 0
+ 0
42
View file @ fb297405
From 05a40b172e4d691371534828078be47e7fff524c Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 3 May 2021 15:29:15 +0200
Subject: [PATCH] usb: limit combined packets to 1 MiB (CVE-2021-3527)
usb-host and usb-redirect try to batch bulk transfers by combining many
small usb packets into a single, large transfer request, to reduce the
overhead and improve performance.
This patch adds a size limit of 1 MiB for those combined packets to
restrict the host resources the guest can bind that way.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20210503132915.2335822-6-kraxel@redhat.com>
Upstream-Status: Backport
https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c
CVE: CVE-2021-3527
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
hw/usb/combined-packet.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c
index 5d57e883dc..e56802f89a 100644
--- a/hw/usb/combined-packet.c
+++ b/hw/usb/combined-packet.c
@@ -171,7 +171,9 @@ void usb_ep_combine_input_packets(USBEndpoint *ep)
if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok ||
next == NULL ||
/* Work around for Linux usbfs bulk splitting + migration */
- (totalsize == (16 * KiB - 36) && p->int_req)) {
+ (totalsize == (16 * KiB - 36) && p->int_req) ||
+ /* Next package may grow combined package over 1MiB */
+ totalsize > 1 * MiB - ep->max_packet_size) {
usb_device_handle_data(ep->dev, first);
assert(first->status == USB_RET_ASYNC);
if (first->combined) {
--
GitLab
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3527-2.patch deleted 100644 → 0
+ 0
59
View file @ fb297405
From 7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 3 May 2021 15:29:12 +0200
Subject: [PATCH] usb/redir: avoid dynamic stack allocation (CVE-2021-3527)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Use autofree heap allocation instead.
Fixes: 4f4321c11ff ("usb: use iovecs in USBPacket")
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210503132915.2335822-3-kraxel@redhat.com>
Upstream-Status: Backport
https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
CVE: CVE-2021-3527
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
hw/usb/redirect.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 17f06f3417..6a75b0dc4a 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -620,7 +620,7 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p,
.endpoint = ep,
.length = p->iov.size
};
- uint8_t buf[p->iov.size];
+ g_autofree uint8_t *buf = g_malloc(p->iov.size);
/* No id, we look at the ep when receiving a status back */
usb_packet_copy(p, buf, p->iov.size);
usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet,
@@ -818,7 +818,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p,
usbredirparser_send_bulk_packet(dev->parser, p->id,
&bulk_packet, NULL, 0);
} else {
- uint8_t buf[size];
+ g_autofree uint8_t *buf = g_malloc(size);
usb_packet_copy(p, buf, size);
usbredir_log_data(dev, "bulk data out:", buf, size);
usbredirparser_send_bulk_packet(dev->parser, p->id,
@@ -923,7 +923,7 @@ static void usbredir_handle_interrupt_out_data(USBRedirDevice *dev,
USBPacket *p, uint8_t ep)
{
struct usb_redir_interrupt_packet_header interrupt_packet;
- uint8_t buf[p->iov.size];
+ g_autofree uint8_t *buf = g_malloc(p->iov.size);
DPRINTF("interrupt-out ep %02X len %zd id %"PRIu64"\n", ep,
p->iov.size, p->id);
--
GitLab
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3582.patch deleted 100644 → 0
+ 0
47
View file @ fb297405
From 284f191b4abad213aed04cb0458e1600fd18d7c4 Mon Sep 17 00:00:00 2001
From: Marcel Apfelbaum <marcel@redhat.com>
Date: Wed, 16 Jun 2021 14:06:00 +0300
Subject: [PATCH] hw/rdma: Fix possible mremap overflow in the pvrdma device
(CVE-2021-3582)
Ensure mremap boundaries not trusting the guest kernel to
pass the correct buffer length.
Fixes: CVE-2021-3582
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
CVE: CVE-2021-3582
Upstream-Status: Backport [284f191b4abad213aed04cb0458e1600fd18d7c4]
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/rdma/vmw/pvrdma_cmd.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
index f59879e257..da7ddfa548 100644
--- a/hw/rdma/vmw/pvrdma_cmd.c
+++ b/hw/rdma/vmw/pvrdma_cmd.c
@@ -38,6 +38,13 @@ static void *pvrdma_map_to_pdir(PCIDevice *pdev, uint64_t pdir_dma,
return NULL;
}
+ length = ROUND_UP(length, TARGET_PAGE_SIZE);
+ if (nchunks * TARGET_PAGE_SIZE != length) {
+ rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks,
+ (unsigned long)length);
+ return NULL;
+ }
+
dir = rdma_pci_dma_map(pdev, pdir_dma, TARGET_PAGE_SIZE);
if (!dir) {
rdma_error_report("Failed to map to page directory");
--
2.25.1
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3607.patch deleted 100644 → 0
+ 0
43
View file @ fb297405
From 32e5703cfea07c91e6e84bcb0313f633bb146534 Mon Sep 17 00:00:00 2001
From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Date: Wed, 30 Jun 2021 14:46:34 +0300
Subject: [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
Check the guest passed a non zero page count
for pvrdma device ring buffers.
Fixes: CVE-2021-3607
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210630114634.2168872-1-marcel@redhat.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
CVE: CVE-2021-3607
Upstream-Status: Backport [32e5703cfea07c91e6e84bcb0313f633bb146534]
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/rdma/vmw/pvrdma_main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
index 84ae8024fc..7c0c3551a8 100644
--- a/hw/rdma/vmw/pvrdma_main.c
+++ b/hw/rdma/vmw/pvrdma_main.c
@@ -92,6 +92,11 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state,
uint64_t *dir, *tbl;
int rc = 0;
+ if (!num_pages) {
+ rdma_error_report("Ring pages count must be strictly positive");
+ return -EINVAL;
+ }
+
dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE);
if (!dir) {
rdma_error_report("Failed to map to page directory (ring %s)", name);
--
2.25.1
meta-oniro-staging/recipes-devtools/qemu/qemu/CVE-2021-3608.patch deleted 100644 → 0
+ 0
43
View file @ fb297405
From 66ae37d8cc313f89272e711174a846a229bcdbd3 Mon Sep 17 00:00:00 2001
From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Date: Wed, 30 Jun 2021 14:52:46 +0300
Subject: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Do not unmap uninitialized dma addresses.
Fixes: CVE-2021-3608
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210630115246.2178219-1-marcel@redhat.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
CVE: CVE-2021-3608
Upstream-Status: Backport [66ae37d8cc313f89272e711174a846a229bcdbd3]
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
hw/rdma/vmw/pvrdma_dev_ring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
index 074ac59b84..42130667a7 100644
--- a/hw/rdma/vmw/pvrdma_dev_ring.c
+++ b/hw/rdma/vmw/pvrdma_dev_ring.c
@@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, const char *name, PCIDevice *dev,
qatomic_set(&ring->ring_state->cons_head, 0);
*/
ring->npages = npages;
- ring->pages = g_malloc(npages * sizeof(void *));
+ ring->pages = g_malloc0(npages * sizeof(void *));
for (i = 0; i < npages; i++) {
if (!tbl[i]) {
--
2.25.1
meta-oniro-staging/recipes-devtools/qemu/qemu/cross.patch deleted 100644 → 0
+ 0
30
View file @ fb297405
We need to be able to trigger configure's cross code but we don't want
to set cross_prefix as it does other things we don't want. Patch things
so we can do what we need in the target config case.
Upstream-Status: Inappropriate [may be rewritten in a way upstream may accept?]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Index: qemu-5.2.0/configure
===================================================================
--- qemu-5.2.0.orig/configure
+++ qemu-5.2.0/configure
@@ -6973,7 +6973,6 @@ if has $sdl2_config; then
fi
echo "strip = [$(meson_quote $strip)]" >> $cross
echo "windres = [$(meson_quote $windres)]" >> $cross
-if test -n "$cross_prefix"; then
cross_arg="--cross-file config-meson.cross"
echo "[host_machine]" >> $cross
if test "$mingw32" = "yes" ; then
@@ -6999,9 +6998,6 @@ if test -n "$cross_prefix"; then
else
echo "endian = 'little'" >> $cross
fi
-else
- cross_arg="--native-file config-meson.cross"
-fi
mv $cross config-meson.cross
rm -rf meson-private meson-info meson-logs
meta-oniro-staging/recipes-devtools/qemu/qemu/determinism.patch deleted 100644 → 0
+ 0
41
View file @ fb297405
When sources are included within debug information, a couple of areas of the
qemu build are not reproducible due to either full buildpaths or timestamps.
Replace the full paths with relative ones. I couldn't figure out how to get
meson to pass relative paths but we can fix that in the script.
For the keymaps, omit the timestamps as they don't matter to us.
Upstream-Status: Pending [some version of all/part of this may be accepted]
RP 2021/3/1
Index: qemu-5.2.0/scripts/decodetree.py
===================================================================
--- qemu-5.2.0.orig/scripts/decodetree.py
+++ qemu-5.2.0/scripts/decodetree.py
@@ -1303,8 +1303,8 @@ def main():
toppat = ExcMultiPattern(0)
for filename in args:
- input_file = filename
- f = open(filename, 'r')
+ input_file = os.path.relpath(filename)
+ f = open(input_file, 'r')
parse_file(f, toppat)
f.close()
Index: qemu-5.2.0/ui/keycodemapdb/tools/keymap-gen
===================================================================
--- qemu-5.2.0.orig/ui/keycodemapdb/tools/keymap-gen
+++ qemu-5.2.0/ui/keycodemapdb/tools/keymap-gen
@@ -317,9 +317,8 @@ class LanguageGenerator(object):
raise NotImplementedError()
def generate_header(self, database, args):
- today = time.strftime("%Y-%m-%d %H:%M")
self._boilerplate([
- "This file is auto-generated from keymaps.csv on %s" % today,
+ "This file is auto-generated from keymaps.csv",
"Database checksum sha256(%s)" % database.mapchecksum,
"To re-generate, run:",
" %s" % args,
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent