diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu')
16 files changed, 907 insertions, 0 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2016-1568.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2016-1568.patch new file mode 100644 index 000000000..56fd346ae --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2016-1568.patch @@ -0,0 +1,46 @@ +From 4ab0359a8ae182a7ac5c99609667273167703fab Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Mon, 11 Jan 2016 14:10:42 -0500 +Subject: [PATCH] ide: ahci: reset ncq object to unused on error + +When processing NCQ commands, AHCI device emulation prepares a +NCQ transfer object; To which an aio control block(aiocb) object +is assigned in 'execute_ncq_command'. In case, when the NCQ +command is invalid, the 'aiocb' object is not assigned, and NCQ +transfer object is left as 'used'. This leads to a use after +free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'. +Reset NCQ transfer object to 'unused' to avoid it. + +[Maintainer edit: s/ACHI/AHCI/ in the commit message. --js] + +Reported-by: Qinghao Tang <luodalongde@gmail.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Reviewed-by: John Snow <jsnow@redhat.com> +Message-id: 1452282511-4116-1-git-send-email-ppandit@redhat.com +Signed-off-by: John Snow <jsnow@redhat.com> + +Upstream-Status: Backport + +http://git.qemu.org/?p=qemu.git;a=commit;h=4ab0359a8ae182a7ac5c99609667273167703fab + +CVE: CVE-2016-1568 +[Yocto # 9013] + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/ide/ahci.c | 1 + + 1 file changed, 1 insertion(+) + +Index: qemu-2.5.0/hw/ide/ahci.c +=================================================================== +--- qemu-2.5.0.orig/hw/ide/ahci.c ++++ qemu-2.5.0/hw/ide/ahci.c +@@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *nc + ide_state->error = ABRT_ERR; + ide_state->status = READY_STAT | ERR_STAT; + ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); ++ ncq_tfs->used = 0; + } + + static void ncq_finish(NCQTransferState *ncq_tfs) diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2016-2197.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2016-2197.patch new file mode 100644 index 000000000..946435c43 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2016-2197.patch @@ -0,0 +1,59 @@ +From: Prasad J Pandit <address@hidden> + +When IDE AHCI emulation uses Frame Information Structures(FIS) +engine for data transfer, the mapped FIS buffer address is stored +in a static 'bounce.buffer'. When a request is made to map another +memory region, address_space_map() returns NULL because +'bounce.buffer' is in_use. It leads to a null pointer dereference +error while doing 'dma_memory_unmap'. Add a check to avoid it. + +Reported-by: Zuozhi fzz <address@hidden> +Signed-off-by: Prasad J Pandit <address@hidden> + +Upstream-Status: Backport +https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05740.html + +CVE: CVE-2016-2197 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/ide/ahci.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + + Update as per review + -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05715.html + +Index: qemu-2.5.0/hw/ide/ahci.c +=================================================================== +--- qemu-2.5.0.orig/hw/ide/ahci.c ++++ qemu-2.5.0/hw/ide/ahci.c +@@ -661,9 +661,11 @@ static bool ahci_map_fis_address(AHCIDev + + static void ahci_unmap_fis_address(AHCIDevice *ad) + { +- dma_memory_unmap(ad->hba->as, ad->res_fis, 256, +- DMA_DIRECTION_FROM_DEVICE, 256); +- ad->res_fis = NULL; ++ if (ad->res_fis) { ++ dma_memory_unmap(ad->hba->as, ad->res_fis, 256, ++ DMA_DIRECTION_FROM_DEVICE, 256); ++ ad->res_fis = NULL; ++ } + } + + static bool ahci_map_clb_address(AHCIDevice *ad) +@@ -677,9 +679,11 @@ static bool ahci_map_clb_address(AHCIDev + + static void ahci_unmap_clb_address(AHCIDevice *ad) + { +- dma_memory_unmap(ad->hba->as, ad->lst, 1024, +- DMA_DIRECTION_FROM_DEVICE, 1024); +- ad->lst = NULL; ++ if (ad->lst) { ++ dma_memory_unmap(ad->hba->as, ad->lst, 1024, ++ DMA_DIRECTION_FROM_DEVICE, 1024); ++ ad->lst = NULL; ++ } + } + + static void ahci_write_fis_sdb(AHCIState *s, NCQTransferState *ncq_tfs) diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch new file mode 100644 index 000000000..f1201f061 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2016-2198.patch @@ -0,0 +1,45 @@ +From: Prasad J Pandit <address@hidden> + +USB Ehci emulation supports host controller capability registers. +But its mmio '.write' function was missing, which lead to a null +pointer dereference issue. Add a do nothing 'ehci_caps_write' +definition to avoid it; Do nothing because capability registers +are Read Only(RO). + +Reported-by: Zuozhi Fzz <address@hidden> +Signed-off-by: Prasad J Pandit <address@hidden> + +Upstream-Status: Backport +https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html + +CVE: CVE-2016-2198 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/usb/hcd-ehci.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +Index: qemu-2.5.0/hw/usb/hcd-ehci.c +=================================================================== +--- qemu-2.5.0.orig/hw/usb/hcd-ehci.c ++++ qemu-2.5.0/hw/usb/hcd-ehci.c +@@ -893,6 +893,11 @@ static uint64_t ehci_caps_read(void *ptr + return s->caps[addr]; + } + ++static void ehci_caps_write(void *ptr, hwaddr addr, ++ uint64_t val, unsigned size) ++{ ++} ++ + static uint64_t ehci_opreg_read(void *ptr, hwaddr addr, + unsigned size) + { +@@ -2310,6 +2315,7 @@ static void ehci_frame_timer(void *opaqu + + static const MemoryRegionOps ehci_mmio_caps_ops = { + .read = ehci_caps_read, ++ .write = ehci_caps_write, + .valid.min_access_size = 1, + .valid.max_access_size = 4, + .impl.min_access_size = 1, diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/Qemu-Arm-versatilepb-Add-memory-size-checking.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/Qemu-Arm-versatilepb-Add-memory-size-checking.patch new file mode 100644 index 000000000..1a6cf5119 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/Qemu-Arm-versatilepb-Add-memory-size-checking.patch @@ -0,0 +1,46 @@ +From 896fa02c24347e6e9259812cfda187b1d6ca6199 Mon Sep 17 00:00:00 2001 +From: Jiang Lu <lu.jiang@windriver.com> +Date: Wed, 13 Nov 2013 10:38:08 +0800 +Subject: [PATCH] Qemu:Arm:versatilepb: Add memory size checking + +The machine can not work with memory over 256M, so add a checking +at startup. If the memory size exceed 256M, just stop emulation then +throw out warning about memory limitation. + +Upstream-Status: Pending + +Signed-off-by: Jiang Lu <lu.jiang@windriver.com> + +Updated it on 2014-01-15 for rebasing + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> + +Update it when upgrade qemu to 2.2.0 + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> +--- + hw/arm/versatilepb.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c +index 6c69f4e..9278d90 100644 +--- a/hw/arm/versatilepb.c ++++ b/hw/arm/versatilepb.c +@@ -204,6 +204,13 @@ static void versatile_init(MachineState *machine, int board_id) + exit(1); + } + ++ if (machine->ram_size > (256 << 20)) { ++ fprintf(stderr, ++ "qemu: Too much memory for this machine: %d MB, maximum 256 MB\n", ++ ((unsigned int)ram_size / (1 << 20))); ++ exit(1); ++ } ++ + cpuobj = object_new(object_class_get_name(cpu_oc)); + + /* By default ARM1176 CPUs have EL3 enabled. This board does not +-- +2.1.0 + diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile.patch new file mode 100644 index 000000000..a99f72098 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile.patch @@ -0,0 +1,29 @@ +Upstream-Status: Pending + +Add subpackage -ptest which runs all unit test cases for qemu. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + tests/Makefile | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/tests/Makefile b/tests/Makefile +index 88f7105..3f40b4b 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -405,3 +405,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) + + -include $(wildcard tests/*.d) + -include $(wildcard tests/libqos/*.d) ++ ++buildtest-TESTS: $(check-unit-y) ++ ++runtest-TESTS: ++ for f in $(check-unit-y); do \ ++ nf=$$(echo $$f | sed 's/tests\//\.\//g'); \ ++ $$nf; \ ++ done ++ +-- +1.7.9.5 + diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/configure-fix-Darwin-target-detection.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/configure-fix-Darwin-target-detection.patch new file mode 100644 index 000000000..59cdc1c30 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/configure-fix-Darwin-target-detection.patch @@ -0,0 +1,32 @@ +Upstream-Status: Pending +Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> + +From 9ac096d8eccf2d56ece646320c282c8369f8337c Mon Sep 17 00:00:00 2001 +From: Cristian Iorga <cristian.iorga@intel.com> +Date: Tue, 29 Jul 2014 18:35:59 +0300 +Subject: [PATCH] configure: fix Darwin target detection + +fix Darwin target detection for qemu +cross-compilation. + +Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> +--- + configure | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/configure b/configure +index 283c71c..1c66a11 100755 +--- a/configure ++++ b/configure +@@ -444,6 +444,8 @@ elif check_define __sun__ ; then + targetos='SunOS' + elif check_define __HAIKU__ ; then + targetos='Haiku' ++elif check_define __APPLE__ ; then ++ targetos='Darwin' + else + targetos=`uname -s` + fi +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch new file mode 100644 index 000000000..682213254 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch @@ -0,0 +1,76 @@ +From 697a834c35d19447b7dcdb9e1d9434bc6ce17c21 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com> +Date: Wed, 12 Aug 2015 15:11:30 -0500 +Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add custom_debug.h with function for print backtrace information. +When pthread_kill fails in qemu_cpu_kick_thread display backtrace and +current cpu information. + +Upstream-Status: Inappropriate +Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> +--- + cpus.c | 5 +++++ + custom_debug.h | 24 ++++++++++++++++++++++++ + 2 files changed, 29 insertions(+) + create mode 100644 custom_debug.h + +diff --git a/cpus.c b/cpus.c +index a822ce3..7e4786e 100644 +--- a/cpus.c ++++ b/cpus.c +@@ -1080,6 +1080,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg) + return NULL; + } + ++#include "custom_debug.h" ++ + static void qemu_cpu_kick_thread(CPUState *cpu) + { + #ifndef _WIN32 +@@ -1088,6 +1090,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu) + err = pthread_kill(cpu->thread->thread, SIG_IPI); + if (err) { + fprintf(stderr, "qemu:%s: %s", __func__, strerror(err)); ++ fprintf(stderr, "CPU #%d:\n", cpu->cpu_index); ++ cpu_dump_state(cpu, stderr, fprintf, 0); ++ backtrace_print(); + exit(1); + } + #else /* _WIN32 */ +diff --git a/custom_debug.h b/custom_debug.h +new file mode 100644 +index 0000000..f029e45 +--- /dev/null ++++ b/custom_debug.h +@@ -0,0 +1,24 @@ ++#include <execinfo.h> ++#include <stdio.h> ++#define BACKTRACE_MAX 128 ++static void backtrace_print(void) ++{ ++ int nfuncs = 0; ++ void *buf[BACKTRACE_MAX]; ++ char **symbols; ++ int i; ++ ++ nfuncs = backtrace(buf, BACKTRACE_MAX); ++ ++ symbols = backtrace_symbols(buf, nfuncs); ++ if (symbols == NULL) { ++ fprintf(stderr, "backtrace_print failed to get symbols"); ++ return; ++ } ++ ++ fprintf(stderr, "Backtrace ...\n"); ++ for (i = 0; i < nfuncs; i++) ++ fprintf(stderr, "%s\n", symbols[i]); ++ ++ free(symbols); ++} +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/disable-grabs.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/disable-grabs.patch new file mode 100644 index 000000000..41726b1c8 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/disable-grabs.patch @@ -0,0 +1,72 @@ +When the pointer enters the Qemu window it calls SDL_WM_GrabInput, which calls +XGrabPointer in a busyloop until it returns GrabSuccess. However if there's already +a pointer grab (screen is locked, a menu is open) then qemu will hang until the +grab can be taken. In the specific case of a headless X server on an autobuilder, once +the screensaver has kicked in any qemu instance that appears underneath the +pointer will hang. + +I'm not entirely sure why pointer grabs are required (the documentation +explicitly says it doesn't do grabs when using a tablet, which we are) so wrap +them in a conditional that can be set by the autobuilder environment, preserving +the current grabbing behaviour for everyone else. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 4b1988ecb01a178269ec0513a75f2ec620c7ef6a Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@intel.com> +Date: Wed, 18 Sep 2013 14:04:54 +0100 +Subject: [PATCH] sdl.c: allow user to disable pointer grabs + +Signed-off-by: Ross Burton <ross.burton@intel.com> +Signed-off-by: Eric Bénard <eric@eukrea.com> +--- + ui/sdl.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/ui/sdl.c b/ui/sdl.c +index 39a42d6..9b8abe5 100644 +--- a/ui/sdl.c ++++ b/ui/sdl.c +@@ -59,6 +59,10 @@ static SDL_Cursor *guest_sprite = NULL; + static SDL_PixelFormat host_format; + static int scaling_active = 0; + static Notifier mouse_mode_notifier; ++#ifndef True ++#define True 1 ++#endif ++static doing_grabs = True; + + static void sdl_update(DisplayChangeListener *dcl, + int x, int y, int w, int h) +@@ -384,14 +388,16 @@ static void sdl_grab_start(void) + SDL_WarpMouse(guest_x, guest_y); + } else + sdl_hide_cursor(); +- SDL_WM_GrabInput(SDL_GRAB_ON); ++ if (doing_grabs) ++ SDL_WM_GrabInput(SDL_GRAB_ON); + gui_grab = 1; + sdl_update_caption(); + } + + static void sdl_grab_end(void) + { +- SDL_WM_GrabInput(SDL_GRAB_OFF); ++ if (doing_grabs) ++ SDL_WM_GrabInput(SDL_GRAB_OFF); + gui_grab = 0; + sdl_show_cursor(); + sdl_update_caption(); +@@ -909,6 +915,8 @@ void sdl_display_init(DisplayState *ds, int full_screen, int no_frame) + * This requires SDL >= 1.2.14. */ + setenv("SDL_DISABLE_LOCK_KEYS", "1", 1); + ++ doing_grabs = (getenv("QEMU_DONT_GRAB") == NULL); ++ + flags = SDL_INIT_VIDEO | SDL_INIT_NOPARACHUTE; + if (SDL_Init (flags)) { + fprintf(stderr, "Could not initialize SDL(%s) - exiting\n", +-- +1.8.3.1 + diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/exclude-some-arm-EABI-obsolete-syscalls.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/exclude-some-arm-EABI-obsolete-syscalls.patch new file mode 100644 index 000000000..171bda7e9 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/exclude-some-arm-EABI-obsolete-syscalls.patch @@ -0,0 +1,93 @@ +[PATCH] exclude some arm EABI obsolete syscalls + +Upstream-Status: Pending + +some syscalls are obsolete and no longer available for EABI, exclude them to +fix the below error: + In file included from qemu-seccomp.c:16:0: + qemu-seccomp.c:28:7: error: '__NR_select' undeclared here (not in a function) + { SCMP_SYS(select), 252 }, + ^ + qemu-seccomp.c:36:7: error: '__NR_mmap' undeclared here (not in a function) + { SCMP_SYS(mmap), 247 }, + ^ + qemu-seccomp.c:57:7: error: '__NR_getrlimit' undeclared here (not in a function) + { SCMP_SYS(getrlimit), 245 }, + ^ + qemu-seccomp.c:96:7: error: '__NR_time' undeclared here (not in a function) + { SCMP_SYS(time), 245 }, + ^ + qemu-seccomp.c:185:7: error: '__NR_alarm' undeclared here (not in a function) + { SCMP_SYS(alarm), 241 }, + +please refer source files: + arch/arm/include/uapi/asm/unistd.h +or kernel header: + /usr/include/asm/unistd.h + +Signed-off-by: Roy.Li <rongqing.li@windriver.com> +--- + qemu-seccomp.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/qemu-seccomp.c b/qemu-seccomp.c +index caa926e..5a78502 100644 +--- a/qemu-seccomp.c ++++ b/qemu-seccomp.c +@@ -25,15 +25,21 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { + { SCMP_SYS(timer_settime), 255 }, + { SCMP_SYS(timer_gettime), 254 }, + { SCMP_SYS(futex), 253 }, ++#if !defined(__ARM_EABI__) + { SCMP_SYS(select), 252 }, ++ { SCMP_SYS(time), 245 }, ++ { SCMP_SYS(alarm), 241 }, ++ { SCMP_SYS(getrlimit), 245 }, ++ { SCMP_SYS(mmap), 247 }, ++ { SCMP_SYS(socketcall), 250 }, ++ { SCMP_SYS(ipc), 245 }, ++#endif + { SCMP_SYS(recvfrom), 251 }, + { SCMP_SYS(sendto), 250 }, +- { SCMP_SYS(socketcall), 250 }, + { SCMP_SYS(read), 249 }, + { SCMP_SYS(io_submit), 249 }, + { SCMP_SYS(brk), 248 }, + { SCMP_SYS(clone), 247 }, +- { SCMP_SYS(mmap), 247 }, + { SCMP_SYS(mprotect), 246 }, + { SCMP_SYS(execve), 245 }, + { SCMP_SYS(open), 245 }, +@@ -48,13 +54,11 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { + { SCMP_SYS(bind), 245 }, + { SCMP_SYS(listen), 245 }, + { SCMP_SYS(semget), 245 }, +- { SCMP_SYS(ipc), 245 }, + { SCMP_SYS(gettimeofday), 245 }, + { SCMP_SYS(readlink), 245 }, + { SCMP_SYS(access), 245 }, + { SCMP_SYS(prctl), 245 }, + { SCMP_SYS(signalfd), 245 }, +- { SCMP_SYS(getrlimit), 245 }, + { SCMP_SYS(set_tid_address), 245 }, + { SCMP_SYS(statfs), 245 }, + { SCMP_SYS(unlink), 245 }, +@@ -93,7 +97,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { + { SCMP_SYS(times), 245 }, + { SCMP_SYS(exit), 245 }, + { SCMP_SYS(clock_gettime), 245 }, +- { SCMP_SYS(time), 245 }, + { SCMP_SYS(restart_syscall), 245 }, + { SCMP_SYS(pwrite64), 245 }, + { SCMP_SYS(nanosleep), 245 }, +@@ -182,7 +185,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { + { SCMP_SYS(lstat64), 241 }, + { SCMP_SYS(sendfile64), 241 }, + { SCMP_SYS(ugetrlimit), 241 }, +- { SCMP_SYS(alarm), 241 }, + { SCMP_SYS(rt_sigsuspend), 241 }, + { SCMP_SYS(rt_sigqueueinfo), 241 }, + { SCMP_SYS(rt_tgsigqueueinfo), 241 }, +-- +1.9.1 + diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch new file mode 100644 index 000000000..13a6ea23b --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch @@ -0,0 +1,84 @@ +fix libcap header issue on some distro + +1, When build qemu-native on SLED 11.2, there is an error: +... +| In file included from /usr/include/bits/sigcontext.h:28, +| from /usr/include/signal.h:339, +| from /buildarea2/tmp/work/i686-linux/qemu-native/1.4.0-r0/ +qemu-1.4.0/include/qemu-common.h:42, +| from fsdev/virtfs-proxy-helper.c:23: +| /usr/include/asm/sigcontext.h:28: error: expected specifier- +qualifier-list before '__u64' +| /usr/include/asm/sigcontext.h:191: error: expected specifier- +qualifier-list before '__u64' +... + +2, The virtfs-proxy-helper.c includes <sys/capability.h> and +qemu-common.h in sequence. The header include map is: +(`-->' presents `include') +... +"virtfs-proxy-helper.c" --> <sys/capability.h> +... +"virtfs-proxy-helper.c" --> "qemu-common.h" --> <signal.h> --> +<bits/sigcontext.h> --> <asm/sigcontext.h> --> <linux/types.h> --> +<asm/types.h> --> <asm-generic/types.h> --> <asm-generic/int-ll64.h> +... + +3, The bug is found on SLED 11.2 x86. In libcap header file +/usr/include/sys/capability.h, it does evil stuff like this: +... + 25 /* + 26 * Make sure we can be included from userland by preventing + 27 * capability.h from including other kernel headers + 28 */ + 29 #define _LINUX_TYPES_H + 30 #define _LINUX_FS_H + 31 #define __LINUX_COMPILER_H + 32 #define __user + 33 + 34 typedef unsigned int __u32; + 35 typedef __u32 __le32; +... +This completely prevents including /usr/include/linux/types.h. +The above `<asm/sigcontext.h> --> <linux/types.h>' is prevented, +and '__u64' is defined in <asm-generic/int-ll64.h>. + +4, Modify virtfs-proxy-helper.c to include <sys/capability.h> +last to workaround the issue. + +http://www.linuxtv.org/pipermail/vdr/2009-August/021194.html +http://patchwork.linuxtv.org/patch/12748/ + +Upstream-Status: Pending +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + fsdev/virtfs-proxy-helper.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c +--- a/fsdev/virtfs-proxy-helper.c ++++ b/fsdev/virtfs-proxy-helper.c +@@ -12,7 +12,6 @@ + #include <sys/resource.h> + #include <getopt.h> + #include <syslog.h> +-#include <sys/capability.h> + #include <sys/fsuid.h> + #include <sys/vfs.h> + #include <sys/ioctl.h> +@@ -26,7 +25,11 @@ + #include "virtio-9p-marshal.h" + #include "hw/9pfs/virtio-9p-proxy.h" + #include "fsdev/virtio-9p-marshal.h" +- ++/* ++ * Include this one last due to some versions of it being buggy: ++ * http://www.linuxtv.org/pipermail/vdr/2009-August/021194.html ++ */ ++#include <sys/capability.h> + #define PROGNAME "virtfs-proxy-helper" + + #ifndef XFS_SUPER_MAGIC +-- +1.7.10.4 + diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/no-valgrind.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/no-valgrind.patch new file mode 100644 index 000000000..91f728042 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/no-valgrind.patch @@ -0,0 +1,19 @@ +There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@intel.com> + +diff --git a/configure b/configure +index b3c4f51..4d3929e 100755 +--- a/configure ++++ b/configure +@@ -4193,9 +4192,0 @@ valgrind_h=no +-cat > $TMPC << EOF +-#include <valgrind/valgrind.h> +-int main(void) { +- return 0; +-} +-EOF +-if compile_prog "" "" ; then +- valgrind_h=yes +-fi diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/pathlimit.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/pathlimit.patch new file mode 100644 index 000000000..57ab981c6 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/pathlimit.patch @@ -0,0 +1,137 @@ +By default qemu builds a complete list of directories within the user +emulation sysroot (-L option). The OE sysroot directory is large and +this is confusing, for example it indexes all pkgdata. In particular this +confuses strace of qemu binaries with tons of irrelevant paths. + +This patch stops the code indexing up front and instead only indexes +things if/as/when it needs to. This drastically reduces the files it +reads and reduces memory usage and cleans up strace. + +It would also avoid the infinite directory traversal bug in [YOCTO #6996] +although the code could still be vulnerable if it parsed those specific +paths. + +RP +2016/3/9 +Upstream-Status: Pending + +Index: qemu-2.5.0/util/path.c +=================================================================== +--- qemu-2.5.0.orig/util/path.c ++++ qemu-2.5.0/util/path.c +@@ -19,6 +19,7 @@ struct pathelem + char *name; + /* Full path name, eg. /usr/gnemul/x86-linux/lib. */ + char *pathname; ++ int populated_entries; + struct pathelem *parent; + /* Children */ + unsigned int num_entries; +@@ -49,6 +50,7 @@ static struct pathelem *new_entry(const + new->name = g_strdup(name); + new->pathname = g_strdup_printf("%s/%s", root, name); + new->num_entries = 0; ++ new->populated_entries = 0; + return new; + } + +@@ -57,15 +59,16 @@ static struct pathelem *new_entry(const + /* Not all systems provide this feature */ + #if defined(DT_DIR) && defined(DT_UNKNOWN) && defined(DT_LNK) + # define dirent_type(dirent) ((dirent)->d_type) +-# define is_dir_maybe(type) \ +- ((type) == DT_DIR || (type) == DT_UNKNOWN || (type) == DT_LNK) ++# define is_not_dir(type) \ ++ ((type) != DT_DIR && (type) != DT_UNKNOWN && (type) != DT_LNK) + #else + # define dirent_type(dirent) (1) +-# define is_dir_maybe(type) (type) ++# define is_not_dir(type) (0) + #endif + + static struct pathelem *add_dir_maybe(struct pathelem *path) + { ++ unsigned int i; + DIR *dir; + + if ((dir = opendir(path->pathname)) != NULL) { +@@ -78,6 +81,11 @@ static struct pathelem *add_dir_maybe(st + } + closedir(dir); + } ++ ++ for (i = 0; i < path->num_entries; i++) ++ (path->entries[i])->parent = path; ++ ++ path->populated_entries = 1; + return path; + } + +@@ -93,26 +101,16 @@ static struct pathelem *add_entry(struct + e = &root->entries[root->num_entries-1]; + + *e = new_entry(root->pathname, root, name); +- if (is_dir_maybe(type)) { +- *e = add_dir_maybe(*e); ++ if (is_not_dir(type)) { ++ (*e)->populated_entries = 1; + } + + return root; + } + +-/* This needs to be done after tree is stabilized (ie. no more reallocs!). */ +-static void set_parents(struct pathelem *child, struct pathelem *parent) +-{ +- unsigned int i; +- +- child->parent = parent; +- for (i = 0; i < child->num_entries; i++) +- set_parents(child->entries[i], child); +-} +- + /* FIXME: Doesn't handle DIR/.. where DIR is not in emulated dir. */ + static const char * +-follow_path(const struct pathelem *cursor, const char *name) ++follow_path(struct pathelem *cursor, struct pathelem **source, const char *name) + { + unsigned int i, namelen; + +@@ -123,14 +121,18 @@ follow_path(const struct pathelem *curso + return cursor->pathname; + + if (strneq(name, namelen, "..")) +- return follow_path(cursor->parent, name + namelen); ++ return follow_path(cursor->parent, &cursor->parent, name + namelen); + + if (strneq(name, namelen, ".")) +- return follow_path(cursor, name + namelen); ++ return follow_path(cursor, source, name + namelen); ++ ++ if (!cursor->populated_entries) ++ *source = add_dir_maybe(cursor); ++ cursor = *source; + + for (i = 0; i < cursor->num_entries; i++) + if (strneq(name, namelen, cursor->entries[i]->name)) +- return follow_path(cursor->entries[i], name + namelen); ++ return follow_path(cursor->entries[i], &cursor->entries[i], name + namelen); + + /* Not found */ + return NULL; +@@ -164,8 +166,6 @@ void init_paths(const char *prefix) + g_free(base->name); + g_free(base); + base = NULL; +- } else { +- set_parents(base, base); + } + } + +@@ -177,5 +177,5 @@ const char *path(const char *name) + if (!base || !name || name[0] != '/') + return name; + +- return follow_path(base, name) ?: name; ++ return follow_path(base, &base, name) ?: name; + } diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/powerpc_rom.bin b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/powerpc_rom.bin Binary files differnew file mode 100644 index 000000000..c4044296c --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/powerpc_rom.bin diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch new file mode 100644 index 000000000..c7425ab8d --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch @@ -0,0 +1,31 @@ +qemu: Add addition environment space to boot loader qemu-system-mips + +Upstream-Status: Inappropriate - OE uses deep paths + +If you create a project with very long directory names like 128 characters +deep and use NFS, the kernel arguments will be truncated. The kernel will +accept longer strings such as 1024 bytes, but the qemu boot loader defaulted +to only 256 bytes. This patch expands the limit. + +Signed-off-by: Jason Wessel <jason.wessel@windriver.com> +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + hw/mips/mips_malta.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c +index 9d521cc..17c0391 100644 +--- a/hw/mips/mips_malta.c ++++ b/hw/mips/mips_malta.c +@@ -53,7 +53,7 @@ + + #define ENVP_ADDR 0x80002000l + #define ENVP_NB_ENTRIES 16 +-#define ENVP_ENTRY_SIZE 256 ++#define ENVP_ENTRY_SIZE 1024 + + /* Hardware addresses */ + #define FLASH_ADDRESS 0x1e000000ULL +-- +1.7.10.4 + diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/run-ptest b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/run-ptest new file mode 100644 index 000000000..f4b8e97e1 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/run-ptest @@ -0,0 +1,8 @@ +#!/bin/sh +# +#This script is used to run qemu test suites +ptestdir=$(pwd) +cd tests + +export SRC_PATH=$ptestdir +make -k runtest-TESTS | sed '/: OK/ s/^/PASS: /g' diff --git a/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/wacom.patch b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/wacom.patch new file mode 100644 index 000000000..cd06aa4ac --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-devtools/qemu/qemu/wacom.patch @@ -0,0 +1,130 @@ +The USB wacom device is missing a HID descriptor which causes it +to fail to operate with recent kernels (e.g. 3.17). + +This patch adds a HID desriptor to the device, based upon one from +real wcom device. + +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Upstream-Status: Submitted +2014/11/27 + +Index: qemu-2.1.0/hw/usb/dev-wacom.c +=================================================================== +--- qemu-2.1.0.orig/hw/usb/dev-wacom.c 2014-08-01 15:12:17.000000000 +0100 ++++ qemu-2.1.0/hw/usb/dev-wacom.c 2014-10-12 12:13:30.540306042 +0100 +@@ -68,6 +68,89 @@ + [STR_SERIALNUMBER] = "1", + }; + ++static const uint8_t qemu_tablet_hid_report_descriptor[] = { ++ 0x05, 0x01, /* Usage Page (Generic Desktop) */ ++ 0x09, 0x02, /* Usage (Mouse) */ ++ 0xa1, 0x01, /* Collection (Application) */ ++ 0x85, 0x01, /* Report ID (1) */ ++ 0x09, 0x01, /* Usage (Pointer) */ ++ 0xa1, 0x00, /* Collection (Physical) */ ++ 0x05, 0x09, /* Usage Page (Button) */ ++ 0x19, 0x01, /* Usage Minimum (1) */ ++ 0x29, 0x05, /* Usage Maximum (5) */ ++ 0x15, 0x00, /* Logical Minimum (0) */ ++ 0x25, 0x01, /* Logical Maximum (1) */ ++ 0x95, 0x05, /* Report Count (5) */ ++ 0x75, 0x01, /* Report Size (1) */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0x95, 0x01, /* Report Count (1) */ ++ 0x75, 0x03, /* Report Size (3) */ ++ 0x81, 0x01, /* Input (Constant) */ ++ 0x05, 0x01, /* Usage Page (Generic Desktop) */ ++ 0x09, 0x30, /* Usage (X) */ ++ 0x09, 0x31, /* Usage (Y) */ ++ 0x15, 0x81, /* Logical Minimum (-127) */ ++ 0x25, 0x7f, /* Logical Maximum (127) */ ++ 0x75, 0x08, /* Report Size (8) */ ++ 0x95, 0x02, /* Report Count (2) */ ++ 0x81, 0x06, /* Input (Data, Variable, Relative) */ ++ 0xc0, /* End Collection */ ++ 0xc0, /* End Collection */ ++ 0x05, 0x0d, /* Usage Page (Digitizer) */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0xa1, 0x01, /* Collection (Application) */ ++ 0x85, 0x02, /* Report ID (2) */ ++ 0xa1, 0x00, /* Collection (Physical) */ ++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0x15, 0x00, /* Logical Minimum (0) */ ++ 0x26, 0xff, 0x00, /* Logical Maximum (255) */ ++ 0x75, 0x08, /* Report Size (8) */ ++ 0x95, 0x08, /* Report Count (8) */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0xc0, /* End Collection */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0x85, 0x02, /* Report ID (2) */ ++ 0x95, 0x01, /* Report Count (1) */ ++ 0xb1, 0x02, /* FEATURE (2) */ ++ 0xc0, /* End Collection */ ++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0xa1, 0x01, /* Collection (Application) */ ++ 0x85, 0x02, /* Report ID (2) */ ++ 0x05, 0x0d, /* Usage Page (Digitizer) */ ++ 0x09, 0x22, /* Usage (Finger) */ ++ 0xa1, 0x00, /* Collection (Physical) */ ++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0x15, 0x00, /* Logical Minimum (0) */ ++ 0x26, 0xff, 0x00, /* Logical Maximum */ ++ 0x75, 0x08, /* Report Size (8) */ ++ 0x95, 0x02, /* Report Count (2) */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0x05, 0x01, /* Usage Page (Generic Desktop) */ ++ 0x09, 0x30, /* Usage (X) */ ++ 0x35, 0x00, /* Physical Minimum */ ++ 0x46, 0xe0, 0x2e, /* Physical Maximum */ ++ 0x26, 0xe0, 0x01, /* Logical Maximum */ ++ 0x75, 0x10, /* Report Size (16) */ ++ 0x95, 0x01, /* Report Count (1) */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0x09, 0x31, /* Usage (Y) */ ++ 0x46, 0x40, 0x1f, /* Physical Maximum */ ++ 0x26, 0x40, 0x01, /* Logical Maximum */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ ++ 0x09, 0x01, /* Usage (Digitizer) */ ++ 0x26, 0xff, 0x00, /* Logical Maximum */ ++ 0x75, 0x08, /* Report Size (8) */ ++ 0x95, 0x0d, /* Report Count (13) */ ++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ ++ 0xc0, /* End Collection */ ++ 0xc0, /* End Collection */ ++}; ++ ++ + static const USBDescIface desc_iface_wacom = { + .bInterfaceNumber = 0, + .bNumEndpoints = 1, +@@ -85,7 +168,7 @@ + 0x00, /* u8 country_code */ + 0x01, /* u8 num_descriptors */ + 0x22, /* u8 type: Report */ +- 0x6e, 0, /* u16 len */ ++ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ + }, + }, + }, +@@ -265,6 +350,15 @@ + } + + switch (request) { ++ case InterfaceRequest | USB_REQ_GET_DESCRIPTOR: ++ switch (value >> 8) { ++ case 0x22: ++ memcpy(data, qemu_tablet_hid_report_descriptor, ++ sizeof(qemu_tablet_hid_report_descriptor)); ++ p->actual_length = sizeof(qemu_tablet_hid_report_descriptor); ++ break; ++ } ++ break; + case WACOM_SET_REPORT: + if (s->mouse_grabbed) { + qemu_remove_mouse_event_handler(s->eh_entry); |