reset upstream subtrees to HEAD
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
index d86b155..d9d9da0 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
@@ -1,6 +1,6 @@
SUMMARY = "Helper utilities needed by the runqemu script"
LICENSE = "GPLv2"
-RDEPENDS_${PN} = "qemu-native"
+RDEPENDS_${PN} = "qemu-system-native"
PR = "r1"
LIC_FILES_CHKSUM = "file://${WORKDIR}/tunctl.c;endline=4;md5=ff3a09996bc5fff6bc5d4e0b4c28f999"
@@ -20,5 +20,5 @@
install tunctl ${D}${bindir}/
}
-DEPENDS += "qemu-native"
+DEPENDS += "qemu-system-native"
addtask addto_recipe_sysroot after do_populate_sysroot before do_build
diff --git a/poky/meta/recipes-devtools/qemu/qemu-native.inc b/poky/meta/recipes-devtools/qemu/qemu-native.inc
new file mode 100644
index 0000000..4373ad9
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu-native.inc
@@ -0,0 +1,17 @@
+inherit native
+
+require qemu.inc
+
+SRC_URI_append = " \
+ file://0012-fix-libcap-header-issue-on-some-distro.patch \
+ file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
+ "
+EXTRA_OECONF_append = " --python=python2.7"
+
+EXTRA_OEMAKE_append = " LD='${LD}' AR='${AR}' OBJCOPY='${OBJCOPY}' LDFLAGS='${LDFLAGS}'"
+
+LDFLAGS_append = " -fuse-ld=bfd"
+
+do_install_append() {
+ ${@bb.utils.contains('PACKAGECONFIG', 'gtk+', 'make_qemu_wrapper', '', d)}
+}
diff --git a/poky/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb
new file mode 100644
index 0000000..c8acff8
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb
@@ -0,0 +1,9 @@
+BPN = "qemu"
+
+DEPENDS = "glib-2.0-native zlib-native"
+
+require qemu-native.inc
+
+EXTRA_OECONF_append = " --target-list=${@get_qemu_usermode_target_list(d)} --disable-tools --disable-blobs --disable-guest-agent"
+
+PACKAGECONFIG ??= ""
diff --git a/poky/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
new file mode 100644
index 0000000..5bf528b
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
@@ -0,0 +1,23 @@
+BPN = "qemu"
+
+require qemu-native.inc
+
+# As some of the files installed by qemu-native and qemu-system-native
+# are the same, we depend on qemu-native to get the full installation set
+# and avoid file clashes
+DEPENDS = "glib-2.0-native zlib-native pixman-native qemu-native"
+
+EXTRA_OECONF_append = " --target-list=${@get_qemu_system_target_list(d)}"
+
+PACKAGECONFIG ??= "fdt alsa kvm"
+
+# Handle distros such as CentOS 5 32-bit that do not have kvm support
+PACKAGECONFIG_remove = "${@'kvm' if not os.path.exists('/usr/include/linux/kvm.h') else ''}"
+
+do_install_append() {
+ install -Dm 0755 ${WORKDIR}/powerpc_rom.bin ${D}${datadir}/qemu
+
+ # The following is also installed by qemu-native
+ rm -f ${D}${datadir}/qemu/trace-events-all
+ rm -rf ${D}${datadir}/qemu/keymaps
+}
diff --git a/poky/meta/recipes-devtools/qemu/qemu-targets.inc b/poky/meta/recipes-devtools/qemu/qemu-targets.inc
index 810401d..550d6f0 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-targets.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu-targets.inc
@@ -1,6 +1,7 @@
-# possible arch values are arm aarch64 mips mipsel mips64 mips64el ppc ppc64 ppc64abi32
-# ppcemb armeb alpha sparc32plus i386 x86_64 cris m68k microblaze sparc sparc32
-# sparc32plus
+# possible arch values are:
+# aarch64 arm armeb alpha cris i386 x86_64 m68k microblaze
+# mips mipsel mips64 mips64el ppc ppc64 ppc64abi32 ppcemb
+# riscv32 riscv64 sparc sparc32 sparc32plus
def get_qemu_target_list(d):
import bb
@@ -20,3 +21,8 @@
return softmmuonly + ''.join([arch + "-softmmu" + "," for arch in archs]).rstrip(',')
return softmmuonly + linuxuseronly + ''.join([arch + "-linux-user" + "," + arch + "-softmmu" + "," for arch in archs]).rstrip(',')
+def get_qemu_usermode_target_list(d):
+ return ",".join(filter(lambda i: "-linux-user" in i, get_qemu_target_list(d).split(',')))
+
+def get_qemu_system_target_list(d):
+ return ",".join(filter(lambda i: "-linux-user" not in i, get_qemu_target_list(d).split(',')))
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index b05c1ce..e503aa8 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -1,12 +1,66 @@
SUMMARY = "Fast open source processor emulator"
HOMEPAGE = "http://qemu.org"
LICENSE = "GPLv2 & LGPLv2.1"
-DEPENDS = "glib-2.0 zlib pixman"
-RDEPENDS_${PN}_class-target += "bash"
+
+RDEPENDS_${PN}-ptest = "bash make"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
+ file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
+
+SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
+ file://powerpc_rom.bin \
+ file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \
+ file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \
+ file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
+ file://run-ptest \
+ file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
+ file://0005-qemu-disable-Valgrind.patch \
+ file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
+ file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
+ file://0008-chardev-connect-socket-to-a-spawned-command.patch \
+ file://0009-apic-fixup-fallthrough-to-PIC.patch \
+ file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
+ file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
+ file://0001-Add-a-missing-X11-include.patch \
+ file://0001-egl-headless-add-egl_create_context.patch \
+ file://0014-fix-CVE-2018-16872.patch \
+ file://0015-fix-CVE-2018-20124.patch \
+ file://0016-fix-CVE-2018-20125.patch \
+ file://0017-fix-CVE-2018-20126.patch \
+ file://0018-fix-CVE-2018-20191.patch \
+ file://0019-fix-CVE-2018-20216.patch \
+ file://CVE-2019-3812.patch \
+ "
+UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
+
+SRC_URI[md5sum] = "fb687ce0b02d3bf4327e36d3b99427a8"
+SRC_URI[sha256sum] = "6a0508df079a0a33c2487ca936a56c12122f105b8a96a44374704bef6c69abfc"
+
+COMPATIBLE_HOST_mipsarchn32 = "null"
+COMPATIBLE_HOST_mipsarchn64 = "null"
+
+do_install_append() {
+ # Prevent QA warnings about installed ${localstatedir}/run
+ if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi
+}
+
+do_compile_ptest() {
+ make buildtest-TESTS
+}
+
+do_install_ptest() {
+ cp -rL ${B}/tests ${D}${PTEST_PATH}
+ find ${D}${PTEST_PATH}/tests -type f -name "*.[Sshcod]" | xargs -i rm -rf {}
+
+ cp ${S}/tests/Makefile.include ${D}${PTEST_PATH}/tests
+ # Don't check the file genreated by configure
+ sed -i -e '/wildcard config-host.mak/d' \
+ -e '$ {/endif/d}' ${D}${PTEST_PATH}/tests/Makefile.include
+}
+
require qemu-targets.inc
-inherit pkgconfig bluetooth
-BBCLASSEXTEND = "native nativesdk"
+inherit pkgconfig bluetooth ptest
# QEMU_TARGETS is overridable variable
QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 mips64el ppc riscv32 riscv64 sh4 x86_64"
@@ -25,15 +79,9 @@
--with-confsuffix=/${BPN} \
--disable-strip \
--disable-werror \
- --target-list=${@get_qemu_target_list(d)} \
--extra-cflags='${CFLAGS}' \
${PACKAGECONFIG_CONFARGS} \
"
-EXTRA_OECONF_append_class-native = " --python=python2.7"
-
-EXTRA_OEMAKE_append_class-native = " LD='${LD}' AR='${AR}' OBJCOPY='${OBJCOPY}' LDFLAGS='${LDFLAGS}'"
-
-LDFLAGS_append_class-native = " -fuse-ld=bfd"
export LIBTOOL="${HOST_SYS}-libtool"
@@ -70,19 +118,20 @@
}
# END of qemu-mips workaround
-PACKAGECONFIG ??= " \
- fdt sdl kvm \
- ${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \
-"
-PACKAGECONFIG_class-native ??= "fdt alsa kvm"
-PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm"
+make_qemu_wrapper() {
+ gdk_pixbuf_module_file=`pkg-config --variable=gdk_pixbuf_cache_file gdk-pixbuf-2.0`
-# Handle distros such as CentOS 5 32-bit that do not have kvm support
-PACKAGECONFIG_class-native_remove = "${@'kvm' if not os.path.exists('/usr/include/linux/kvm.h') else ''}"
+ for tool in `ls ${D}${bindir}/qemu-system-*`; do
+ create_wrapper $tool \
+ GDK_PIXBUF_MODULE_FILE=$gdk_pixbuf_module_file \
+ FONTCONFIG_PATH=/etc/fonts \
+ GTK_THEME=Adwaita
+ done
+}
-# Disable kvm on targets that do not support it
-PACKAGECONFIG_remove_darwin = "kvm"
-PACKAGECONFIG_remove_mingw32 = "kvm"
+# Disable kvm/virgl/mesa on targets that do not support it
+PACKAGECONFIG_remove_darwin = "kvm virglrenderer glx gtk+"
+PACKAGECONFIG_remove_mingw32 = "kvm virglrenderer glx gtk+"
PACKAGECONFIG[sdl] = "--enable-sdl --with-sdlabi=2.0,--disable-sdl,libsdl2"
PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr,--disable-virtfs,libcap attr,"
@@ -95,7 +144,7 @@
PACKAGECONFIG[libcurl] = "--enable-curl,--disable-curl,libcurl,"
PACKAGECONFIG[nss] = "--enable-smartcard,--disable-smartcard,nss,"
PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses,"
-PACKAGECONFIG[gtk+] = "--enable-gtk --with-gtkabi=3.0 --enable-vte,--disable-gtk --disable-vte,gtk+3 vte"
+PACKAGECONFIG[gtk+] = "--enable-gtk --enable-vte,--disable-gtk --disable-vte,gtk+3 vte gettext-native"
PACKAGECONFIG[libcap-ng] = "--enable-cap-ng,--disable-cap-ng,libcap-ng,"
PACKAGECONFIG[ssh2] = "--enable-libssh2,--disable-libssh2,libssh2,"
PACKAGECONFIG[gcrypt] = "--enable-gcrypt,--disable-gcrypt,libgcrypt,"
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
new file mode 100644
index 0000000..192936e
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
@@ -0,0 +1,65 @@
+From eb1a215a4f86dde4493c3e22ad9f6d698850915e Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Thu, 20 Dec 2018 18:06:29 +0100
+Subject: [PATCH] egl-helpers.h: do not depend on X11 Window type, use
+ EGLNativeWindowType
+
+It was assumed that mesa provides the necessary X11 includes,
+but it is not always the case, as it can be configured without x11 support.
+
+Upstream-Status: Submitted [http://lists.nongnu.org/archive/html/qemu-devel/2019-01/msg03706.html]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
+---
+ include/ui/egl-helpers.h | 2 +-
+ ui/egl-helpers.c | 4 ++--
+ ui/gtk-egl.c | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/include/ui/egl-helpers.h b/include/ui/egl-helpers.h
+index 9db7293b..3fc656a7 100644
+--- a/include/ui/egl-helpers.h
++++ b/include/ui/egl-helpers.h
+@@ -43,7 +43,7 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf);
+
+ #endif
+
+-EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win);
++EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win);
+
+ int qemu_egl_init_dpy_x11(EGLNativeDisplayType dpy, DisplayGLMode mode);
+ int qemu_egl_init_dpy_mesa(EGLNativeDisplayType dpy, DisplayGLMode mode);
+diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c
+index 4f475142..5e115b3f 100644
+--- a/ui/egl-helpers.c
++++ b/ui/egl-helpers.c
+@@ -273,14 +273,14 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf)
+
+ /* ---------------------------------------------------------------------- */
+
+-EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win)
++EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win)
+ {
+ EGLSurface esurface;
+ EGLBoolean b;
+
+ esurface = eglCreateWindowSurface(qemu_egl_display,
+ qemu_egl_config,
+- (EGLNativeWindowType)win, NULL);
++ win, NULL);
+ if (esurface == EGL_NO_SURFACE) {
+ error_report("egl: eglCreateWindowSurface failed");
+ return NULL;
+diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c
+index 5420c236..1f941162 100644
+--- a/ui/gtk-egl.c
++++ b/ui/gtk-egl.c
+@@ -54,7 +54,7 @@ void gd_egl_init(VirtualConsole *vc)
+ }
+
+ vc->gfx.ectx = qemu_egl_init_ctx();
+- vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, x11_window);
++ vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, (EGLNativeWindowType)x11_window);
+
+ assert(vc->gfx.esurface);
+ }
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
new file mode 100644
index 0000000..d9326c0
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
@@ -0,0 +1,50 @@
+From 952e5d584f5aabe41298c278065fe628f3f7aa7a Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Thu, 29 Nov 2018 13:35:02 +0100
+Subject: [PATCH] egl-headless: add egl_create_context
+
+We must set the correct context (via eglMakeCurrent) before
+calling qemu_egl_create_context, so we need a thin wrapper and can't
+hook qemu_egl_create_context directly as ->dpy_gl_ctx_create callback.
+
+Reported-by: Frederik Carlier <frederik.carlier@quamotion.mobi>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 20181129123502.30129-1-kraxel@redhat.com
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=952e5d584f5aabe41298c278065fe628f3f7aa7a]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ ui/egl-headless.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/ui/egl-headless.c b/ui/egl-headless.c
+index 4cf3bbc0e4..519e7bad32 100644
+--- a/ui/egl-headless.c
++++ b/ui/egl-headless.c
+@@ -38,6 +38,14 @@ static void egl_gfx_switch(DisplayChangeListener *dcl,
+ edpy->ds = new_surface;
+ }
+
++static QEMUGLContext egl_create_context(DisplayChangeListener *dcl,
++ QEMUGLParams *params)
++{
++ eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE,
++ qemu_egl_rn_ctx);
++ return qemu_egl_create_context(dcl, params);
++}
++
+ static void egl_scanout_disable(DisplayChangeListener *dcl)
+ {
+ egl_dpy *edpy = container_of(dcl, egl_dpy, dcl);
+@@ -150,7 +158,7 @@ static const DisplayChangeListenerOps egl_ops = {
+ .dpy_gfx_update = egl_gfx_update,
+ .dpy_gfx_switch = egl_gfx_switch,
+
+- .dpy_gl_ctx_create = qemu_egl_create_context,
++ .dpy_gl_ctx_create = egl_create_context,
+ .dpy_gl_ctx_destroy = qemu_egl_destroy_context,
+ .dpy_gl_ctx_make_current = qemu_egl_make_context_current,
+ .dpy_gl_ctx_get_current = qemu_egl_get_current_context,
+--
+2.17.1
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch b/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
index b8a9206..5b9a1f9 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
@@ -1,4 +1,4 @@
-From 18fb45c34a473c4ba247bb82bcea94b7c3ba493a Mon Sep 17 00:00:00 2001
+From c53ddb5acbee56db6423f369b9f9a9b62501b4af Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 18 Sep 2013 14:04:54 +0100
Subject: [PATCH] sdl.c: allow user to disable pointer grabs
@@ -21,15 +21,16 @@
Upstream-Status: Pending
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Eric Bénard <eric@eukrea.com>
+
---
ui/sdl.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/ui/sdl.c b/ui/sdl.c
-index a5fd503c25..ab8d1b1eb1 100644
+index 190b16f5..aa89471d 100644
--- a/ui/sdl.c
+++ b/ui/sdl.c
-@@ -68,6 +68,11 @@ static int idle_counter;
+@@ -69,6 +69,11 @@ static int idle_counter;
static const guint16 *keycode_map;
static size_t keycode_maplen;
@@ -41,7 +42,7 @@
#define SDL_REFRESH_INTERVAL_BUSY 10
#define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \
/ SDL_REFRESH_INTERVAL_BUSY + 1)
-@@ -398,14 +403,16 @@ static void sdl_grab_start(void)
+@@ -399,14 +404,16 @@ static void sdl_grab_start(void)
}
} else
sdl_hide_cursor();
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch b/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
index 90e4b80..4de2688 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
@@ -1,4 +1,4 @@
-From 41603f745caaecdc7c9d760fb7d2df01ccc60128 Mon Sep 17 00:00:00 2001
+From 7ac3c84f28866491c58cc0f52a25a706949c8ef3 Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Thu, 27 Nov 2014 14:04:29 +0000
Subject: [PATCH] qemu: Add missing wacom HID descriptor
@@ -13,12 +13,13 @@
Upstream-Status: Submitted
2014/11/27
+
---
hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 93 insertions(+), 1 deletion(-)
diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c
-index bf70013059..2f6e129732 100644
+index ac0bc83b..6f9b22d4 100644
--- a/hw/usb/dev-wacom.c
+++ b/hw/usb/dev-wacom.c
@@ -72,6 +72,89 @@ static const USBDescStrings desc_strings = {
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
index 0d43271..668fc46 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
@@ -1,4 +1,4 @@
-From a9a669448ba6f1b295427e271d99f61736fc5189 Mon Sep 17 00:00:00 2001
+From aac8834bfd5b79e724f2593895847b50968a1223 Mon Sep 17 00:00:00 2001
From: Juro Bystricky <juro.bystricky@intel.com>
Date: Thu, 31 Aug 2017 11:06:56 -0700
Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
@@ -9,15 +9,16 @@
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
---
tests/Makefile.include | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tests/Makefile.include b/tests/Makefile.include
-index 3b9a5e31a2..dfbcd728d7 100644
+index fb0b449c..afedabd4 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
-@@ -972,4 +972,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
+@@ -967,4 +967,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
-include $(wildcard tests/*.d)
-include $(wildcard tests/libqos/*.d)
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
index 5152dca..b4d4c58 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -1,4 +1,4 @@
-From dd4404a334a545e9beafa1b1e41b3a8f35ef31a9 Mon Sep 17 00:00:00 2001
+From 3de7a5635093c31dcb960ce9dff27da629b85d4d Mon Sep 17 00:00:00 2001
From: Jason Wessel <jason.wessel@windriver.com>
Date: Fri, 28 Mar 2014 17:42:43 +0800
Subject: [PATCH] qemu: Add addition environment space to boot loader
@@ -13,12 +13,13 @@
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
+
---
hw/mips/mips_malta.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
-index f6513a4fd5..d5efafb1e8 100644
+index c1cf0fe1..decffd2f 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -62,7 +62,7 @@
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
index 70baf0f..f0cf814 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
@@ -1,4 +1,4 @@
-From 4475b3d97371e588540333988a97d7df3ec2c65a Mon Sep 17 00:00:00 2001
+From 32e8a94b6ae664d9b5689e19d495e304c0f41954 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Tue, 20 Oct 2015 22:19:08 +0100
Subject: [PATCH] qemu: disable Valgrind
@@ -7,15 +7,16 @@
Upstream-Status: Inappropriate
Signed-off-by: Ross Burton <ross.burton@intel.com>
+
---
configure | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/configure b/configure
-index 0a19b033bc..69e05fb6c0 100755
+index 0a3c6a72..069e0daa 100755
--- a/configure
+++ b/configure
-@@ -4895,15 +4895,6 @@ fi
+@@ -5044,15 +5044,6 @@ fi
# check if we have valgrind/valgrind.h
valgrind_h=no
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch b/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
index a9d798c..4b2f013 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
@@ -1,4 +1,4 @@
-From c532bcdae8259b0f71723cda331ded4dbb0fa908 Mon Sep 17 00:00:00 2001
+From 02f80ee81681b6307a8032128a07686183662270 Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Wed, 9 Mar 2016 22:49:02 +0000
Subject: [PATCH] qemu: Limit paths searched during user mode emulation
@@ -19,12 +19,13 @@
RP
2016/3/9
Upstream-Status: Pending
+
---
util/path.c | 44 ++++++++++++++++++++++----------------------
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/util/path.c b/util/path.c
-index 7f9fc272fb..a416cd4ac2 100644
+index 7f9fc272..a416cd4a 100644
--- a/util/path.c
+++ b/util/path.c
@@ -15,6 +15,7 @@ struct pathelem
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
index 12456bb..4163e51 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
@@ -1,18 +1,19 @@
-From 2d29d52b6f755758cfca6af0bcfd78091e16a7bc Mon Sep 17 00:00:00 2001
+From 74bce35b71f4733c13e96f96e25956ff943fae20 Mon Sep 17 00:00:00 2001
From: Stephen Arnold <sarnold@vctlabs.com>
Date: Sun, 12 Jun 2016 18:09:56 -0700
Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
Upstream-Status: Pending
+
---
configure | 4 ----
1 file changed, 4 deletions(-)
diff --git a/configure b/configure
-index 69e05fb6c0..12fc3d8bdc 100755
+index 069e0daa..5b97f3c1 100755
--- a/configure
+++ b/configure
-@@ -5413,10 +5413,6 @@ write_c_skeleton
+@@ -5622,10 +5622,6 @@ write_c_skeleton
if test "$gcov" = "yes" ; then
CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch b/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
index 2afe4e9..e5a2d4a 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
@@ -1,4 +1,4 @@
-From 20a09bb18907e67565c54fc505a741cbbef53f7f Mon Sep 17 00:00:00 2001
+From 9c1e976290e87a83ab1bfe38eb7ff3521ff0d684 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@xilinx.com>
Date: Thu, 21 Dec 2017 11:35:16 -0800
Subject: [PATCH] chardev: connect socket to a spawned command
@@ -44,6 +44,7 @@
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
+
---
chardev/char-socket.c | 102 ++++++++++++++++++++++++++++++++++++++++++
chardev/char.c | 3 ++
@@ -51,10 +52,10 @@
3 files changed, 110 insertions(+)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
-index 159e69c3b1..84778cf31a 100644
+index eaa8e8b6..959ed183 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
-@@ -934,6 +934,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
+@@ -987,6 +987,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
return false;
}
@@ -123,7 +124,7 @@
static void qmp_chardev_open_socket(Chardev *chr,
ChardevBackend *backend,
bool *be_opened,
-@@ -941,6 +1003,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
+@@ -994,6 +1056,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
{
SocketChardev *s = SOCKET_CHARDEV(chr);
ChardevSocket *sock = backend->u.socket.data;
@@ -133,7 +134,7 @@
bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
bool is_listen = sock->has_server ? sock->server : true;
bool is_telnet = sock->has_telnet ? sock->telnet : false;
-@@ -1008,6 +1073,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
+@@ -1072,6 +1137,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
s->reconnect_time = reconnect;
}
@@ -145,10 +146,10 @@
+ *be_opened = true;
+ } else
+#endif
- /* If reconnect_time is set, will do that in chr_machine_done. */
- if (!s->reconnect_time) {
- if (s->is_listen) {
-@@ -1065,9 +1138,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
+ if (s->reconnect_time) {
+ tcp_chr_connect_async(chr);
+ } else {
+@@ -1131,9 +1204,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
const char *port = qemu_opt_get(opts, "port");
const char *fd = qemu_opt_get(opts, "fd");
const char *tls_creds = qemu_opt_get(opts, "tls-creds");
@@ -175,7 +176,7 @@
if ((!!path + !!fd + !!host) != 1) {
error_setg(errp,
"Exactly one of 'path', 'fd' or 'host' required");
-@@ -1112,12 +1202,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
+@@ -1180,12 +1270,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
sock->reconnect = reconnect;
sock->tls_creds = g_strdup(tls_creds);
@@ -201,10 +202,10 @@
addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
addr->u.inet.data = g_new(InetSocketAddress, 1);
diff --git a/chardev/char.c b/chardev/char.c
-index 76d866e6fe..9747d51d7c 100644
+index 152dde53..62d5b578 100644
--- a/chardev/char.c
+++ b/chardev/char.c
-@@ -792,6 +792,9 @@ QemuOptsList qemu_chardev_opts = {
+@@ -818,6 +818,9 @@ QemuOptsList qemu_chardev_opts = {
},{
.name = "path",
.type = QEMU_OPT_STRING,
@@ -215,10 +216,10 @@
.name = "host",
.type = QEMU_OPT_STRING,
diff --git a/qapi/char.json b/qapi/char.json
-index ae19dcd1ed..6de0f29bcd 100644
+index 79bac598..97bd161a 100644
--- a/qapi/char.json
+++ b/qapi/char.json
-@@ -241,6 +241,10 @@
+@@ -242,6 +242,10 @@
#
# @addr: socket address to listen on (server=true)
# or connect to (server=false)
@@ -229,7 +230,7 @@
# @tls-creds: the ID of the TLS credentials object (since 2.6)
# @server: create server socket (default: true)
# @wait: wait for incoming connection on server
-@@ -258,6 +262,7 @@
+@@ -261,6 +265,7 @@
# Since: 1.4
##
{ 'struct': 'ChardevSocket', 'data': { 'addr' : 'SocketAddressLegacy',
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch b/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
index 5969d93..1d3a2b5 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
@@ -1,4 +1,4 @@
-From 5046c21efdbc7413cddd5c5dbd9e1d53258d3e8c Mon Sep 17 00:00:00 2001
+From 4829da131996548dc86775b8b97a29c436f3d130 Mon Sep 17 00:00:00 2001
From: Mark Asselstine <mark.asselstine@windriver.com>
Date: Tue, 26 Feb 2013 11:43:28 -0500
Subject: [PATCH] apic: fixup fallthrough to PIC
@@ -24,12 +24,13 @@
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html]
Signed-off-by: He Zhe <zhe.he@windriver.com>
+
---
hw/intc/apic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/intc/apic.c b/hw/intc/apic.c
-index 6fda52b86c..cd7291962d 100644
+index 97ffdd82..ef23430e 100644
--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *dev)
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
index e110f63..c0d7914 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
@@ -1,4 +1,4 @@
-From 3cd92c7a885e4997ef6843313298c1d748d6ca39 Mon Sep 17 00:00:00 2001
+From bce25c9cda73569963615ffd31ed949cbe3a3781 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@xilinx.com>
Date: Wed, 17 Jan 2018 10:51:49 -0800
Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
@@ -13,15 +13,16 @@
Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
+
---
linux-user/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux-user/main.c b/linux-user/main.c
-index 8907a84114..ea42c43610 100644
+index 923cbb75..fe0b9ff4 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
-@@ -79,7 +79,7 @@ do { \
+@@ -69,7 +69,7 @@ int have_guest_base;
(TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
/* There are a number of places where we assign reserved_va to a variable
of type abi_ulong and expect it to fit. Avoid the last page. */
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch b/poky/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
index 41626eb..066ea78 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
@@ -1,4 +1,4 @@
-From 3ed26be2091436296933ed2146f7269c791c7bfe Mon Sep 17 00:00:00 2001
+From 496231774f8bc17ecfaf543a6603e3cad3f3f74e Mon Sep 17 00:00:00 2001
From: Martin Jansa <martin.jansa@lge.com>
Date: Fri, 1 Jun 2018 08:41:07 +0000
Subject: [PATCH] Revert "linux-user: fix mmap/munmap/mprotect/mremap/shmat"
@@ -14,6 +14,7 @@
This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583.
Upstream-Status: Pending
+
---
include/exec/cpu-all.h | 6 +-----
include/exec/cpu_ldst.h | 16 +++++++++-------
@@ -22,10 +23,10 @@
4 files changed, 15 insertions(+), 29 deletions(-)
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
-index f4fa94e966..0b141683f0 100644
+index 117d2fbb..90558c14 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
-@@ -159,12 +159,8 @@ extern unsigned long guest_base;
+@@ -163,12 +163,8 @@ extern unsigned long guest_base;
extern int have_guest_base;
extern unsigned long reserved_va;
@@ -40,12 +41,12 @@
#include "exec/hwaddr.h"
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
-index 5de8c8a5af..191f2e962a 100644
+index 95906849..ed17b3f6 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
-@@ -51,13 +51,15 @@
+@@ -62,13 +62,15 @@ typedef uint64_t abi_ptr;
/* All direct uses of g2h and h2g need to go away for usermode softmmu. */
- #define g2h(x) ((void *)((unsigned long)(target_ulong)(x) + guest_base))
+ #define g2h(x) ((void *)((unsigned long)(abi_ptr)(x) + guest_base))
-#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)
-#define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base)
@@ -67,10 +68,10 @@
#define h2g_nocheck(x) ({ \
unsigned long __ret = (unsigned long)(x) - guest_base; \
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
-index 9168a2051c..de85669aab 100644
+index 41e0983c..d0ee1c53 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
-@@ -80,7 +80,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
+@@ -79,7 +79,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
return -TARGET_EINVAL;
len = TARGET_PAGE_ALIGN(len);
end = start + len;
@@ -79,7 +80,7 @@
return -TARGET_ENOMEM;
}
prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
-@@ -482,8 +482,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
+@@ -490,8 +490,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
* It can fail only on 64-bit host with 32-bit target.
* On any other target/host host mmap() handles this error correctly.
*/
@@ -90,7 +91,7 @@
goto fail;
}
-@@ -623,10 +623,8 @@ int target_munmap(abi_ulong start, abi_ulong len)
+@@ -631,10 +631,8 @@ int target_munmap(abi_ulong start, abi_ulong len)
if (start & ~TARGET_PAGE_MASK)
return -TARGET_EINVAL;
len = TARGET_PAGE_ALIGN(len);
@@ -102,7 +103,7 @@
mmap_lock();
end = start + len;
real_start = start & qemu_host_page_mask;
-@@ -681,13 +679,6 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
+@@ -689,13 +687,6 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
int prot;
void *host_addr;
@@ -117,10 +118,10 @@
if (flags & MREMAP_FIXED) {
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 643b8833de..271f215147 100644
+index 280137da..efdd0006 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
-@@ -4919,9 +4919,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
+@@ -3818,9 +3818,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
return -TARGET_EINVAL;
}
}
@@ -130,7 +131,7 @@
mmap_lock();
-@@ -7497,7 +7494,7 @@ static int open_self_maps(void *cpu_env, int fd)
+@@ -6582,7 +6579,7 @@ static int open_self_maps(void *cpu_env, int fd)
}
if (h2g_valid(min)) {
int flags = page_get_flags(h2g(min));
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch b/poky/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
index aa24f72..9cbe838 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
@@ -1,4 +1,4 @@
-From bb9e48e331eee06d7bac1dce809c70191d1a3b4d Mon Sep 17 00:00:00 2001
+From d3e0b8dac7c2eb20d7fcff747bc98b981f4398ef Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 12 Mar 2013 09:54:06 +0800
Subject: [PATCH] fix libcap header issue on some distro
@@ -54,12 +54,13 @@
Upstream-Status: Pending
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
---
fsdev/virtfs-proxy-helper.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
-index 6f132c5ff1..8329950c26 100644
+index 6f132c5f..8329950c 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -13,7 +13,6 @@
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
index 8a9141a..27e508c 100644
--- a/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
+++ b/poky/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
@@ -1,4 +1,4 @@
-From edc8dba74c7a4a2121d76c982be0074183bf080a Mon Sep 17 00:00:00 2001
+From 861c522df7791d7e93743d5641f3ef2a5a3c4632 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
Date: Wed, 12 Aug 2015 15:11:30 -0500
Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
@@ -12,6 +12,7 @@
Upstream-Status: Inappropriate
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
+
---
cpus.c | 5 +++++
custom_debug.h | 24 ++++++++++++++++++++++++
@@ -19,10 +20,10 @@
create mode 100644 custom_debug.h
diff --git a/cpus.c b/cpus.c
-index 38eba8bff3..b84a60a4f3 100644
+index 0ddeeefc..4f3a5624 100644
--- a/cpus.c
+++ b/cpus.c
-@@ -1690,6 +1690,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
+@@ -1768,6 +1768,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
return NULL;
}
@@ -31,7 +32,7 @@
static void qemu_cpu_kick_thread(CPUState *cpu)
{
#ifndef _WIN32
-@@ -1702,6 +1704,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
+@@ -1780,6 +1782,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
err = pthread_kill(cpu->thread->thread, SIG_IPI);
if (err) {
fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
@@ -43,7 +44,7 @@
#else /* _WIN32 */
diff --git a/custom_debug.h b/custom_debug.h
new file mode 100644
-index 0000000000..f029e45547
+index 00000000..f029e455
--- /dev/null
+++ b/custom_debug.h
@@ -0,0 +1,24 @@
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch b/poky/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
new file mode 100644
index 0000000..412aa16
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
@@ -0,0 +1,85 @@
+CVE: CVE-2018-16872
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From bab9df35ce73d1c8e19a37e2737717ea1c984dc1 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Thu, 13 Dec 2018 13:25:11 +0100
+Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
+
+Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
+While being at it also add O_CLOEXEC.
+
+usb-mtp only handles regular files and directories and ignores
+everything else, so users should not see a difference.
+
+Because qemu ignores symlinks, carrying out a successful symlink attack
+requires swapping an existing file or directory below rootdir for a
+symlink and winning the race against the inotify notification to qemu.
+
+Fixes: CVE-2018-16872
+Cc: Prasad J Pandit <ppandit@redhat.com>
+Cc: Bandan Das <bsd@redhat.com>
+Reported-by: Michael Hanselmann <public@hansmi.ch>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Michael Hanselmann <public@hansmi.ch>
+Message-id: 20181213122511.13853-1-kraxel@redhat.com
+---
+ hw/usb/dev-mtp.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
+index 100b7171f4..36c43b8c20 100644
+--- a/hw/usb/dev-mtp.c
++++ b/hw/usb/dev-mtp.c
+@@ -653,13 +653,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
+ {
+ struct dirent *entry;
+ DIR *dir;
++ int fd;
+
+ if (o->have_children) {
+ return;
+ }
+ o->have_children = true;
+
+- dir = opendir(o->path);
++ fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
++ if (fd < 0) {
++ return;
++ }
++ dir = fdopendir(fd);
+ if (!dir) {
+ return;
+ }
+@@ -1007,7 +1012,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
+
+ trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
+
+- d->fd = open(o->path, O_RDONLY);
++ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
+ if (d->fd == -1) {
+ usb_mtp_data_free(d);
+ return NULL;
+@@ -1031,7 +1036,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
+ c->argv[1], c->argv[2]);
+
+ d = usb_mtp_data_alloc(c);
+- d->fd = open(o->path, O_RDONLY);
++ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
+ if (d->fd == -1) {
+ usb_mtp_data_free(d);
+ return NULL;
+@@ -1658,7 +1663,7 @@ static void usb_mtp_write_data(MTPState *s)
+ 0, 0, 0, 0);
+ goto done;
+ }
+- d->fd = open(path, O_CREAT | O_WRONLY, mask);
++ d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask);
+ if (d->fd == -1) {
+ usb_mtp_queue_result(s, RES_STORE_FULL, d->trans,
+ 0, 0, 0, 0);
+--
+2.20.1
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch b/poky/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
new file mode 100644
index 0000000..985b819
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
@@ -0,0 +1,60 @@
+CVE: CVE-2018-20124
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373]
+
+Backport patch to fix CVE-2018-20124. Update context and stay with current
+function comp_handler() which has been replaced with complete_work() in latest
+git repo.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 0e68373cc2b3a063ce067bc0cc3edaf370752890 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 13 Dec 2018 01:00:34 +0530
+Subject: [PATCH] rdma: check num_sge does not exceed MAX_SGE
+
+rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set
+to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element
+with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue.
+Add check to avoid it.
+
+Reported-by: Saar Amar <saaramar5@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+---
+ hw/rdma/rdma_backend.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
+index d7a4bbd9..7f8028f8 100644
+--- a/hw/rdma/rdma_backend.c
++++ b/hw/rdma/rdma_backend.c
+@@ -311,9 +311,9 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev,
+ }
+
+ pr_dbg("num_sge=%d\n", num_sge);
+- if (!num_sge) {
+- pr_dbg("num_sge=0\n");
+- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
++ if (!num_sge || num_sge > MAX_SGE) {
++ pr_dbg("invalid num_sge=%d\n", num_sge);
++ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
+ return;
+ }
+
+@@ -390,9 +390,9 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
+ }
+
+ pr_dbg("num_sge=%d\n", num_sge);
+- if (!num_sge) {
+- pr_dbg("num_sge=0\n");
+- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
++ if (!num_sge || num_sge > MAX_SGE) {
++ pr_dbg("invalid num_sge=%d\n", num_sge);
++ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
+ return;
+ }
+
+--
+2.20.1
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch b/poky/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
new file mode 100644
index 0000000..56559c8
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
@@ -0,0 +1,54 @@
+CVE: CVE-2018-20125
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 2c858ce5da8ae6689c75182b73bc455a291cad41 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 13 Dec 2018 01:00:36 +0530
+Subject: [PATCH] pvrdma: check number of pages when creating rings
+
+When creating CQ/QP rings, an object can have up to
+PVRDMA_MAX_FAST_REG_PAGES 8 pages. Check 'npages' parameter
+to avoid excessive memory allocation or a null dereference.
+
+Reported-by: Li Qiang <liq3ea@163.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+---
+ hw/rdma/vmw/pvrdma_cmd.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
+index 3b94545761..f236ac4795 100644
+--- a/hw/rdma/vmw/pvrdma_cmd.c
++++ b/hw/rdma/vmw/pvrdma_cmd.c
+@@ -259,6 +259,11 @@ static int create_cq_ring(PCIDevice *pci_dev , PvrdmaRing **ring,
+ int rc = -EINVAL;
+ char ring_name[MAX_RING_NAME_SZ];
+
++ if (!nchunks || nchunks > PVRDMA_MAX_FAST_REG_PAGES) {
++ pr_dbg("invalid nchunks: %d\n", nchunks);
++ return rc;
++ }
++
+ pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
+ dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
+ if (!dir) {
+@@ -372,6 +377,12 @@ static int create_qp_rings(PCIDevice *pci_dev, uint64_t pdir_dma,
+ char ring_name[MAX_RING_NAME_SZ];
+ uint32_t wqe_sz;
+
++ if (!spages || spages > PVRDMA_MAX_FAST_REG_PAGES
++ || !rpages || rpages > PVRDMA_MAX_FAST_REG_PAGES) {
++ pr_dbg("invalid pages: %d, %d\n", spages, rpages);
++ return rc;
++ }
++
+ pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
+ dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
+ if (!dir) {
+--
+2.20.1
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch b/poky/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
new file mode 100644
index 0000000..8329f2c
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
@@ -0,0 +1,113 @@
+CVE: CVE-2018-20126
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c]
+
+Backport and rebase patch to fix CVE-2018-20126.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 509f57c98e7536905bb4902363d0cba66ce7e089 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 13 Dec 2018 01:00:37 +0530
+Subject: [PATCH] pvrdma: release ring object in case of an error
+
+create_cq and create_qp routines allocate ring object, but it's
+not released in case of an error, leading to memory leakage.
+
+Reported-by: Li Qiang <liq3ea@163.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+---
+ hw/rdma/vmw/pvrdma_cmd.c | 41 ++++++++++++++++++++++++++++++-----------
+ 1 file changed, 30 insertions(+), 11 deletions(-)
+
+diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
+index 4faeb21..9b6796f 100644
+--- a/hw/rdma/vmw/pvrdma_cmd.c
++++ b/hw/rdma/vmw/pvrdma_cmd.c
+@@ -310,6 +310,14 @@ out:
+ return rc;
+ }
+
++static void destroy_cq_ring(PvrdmaRing *ring)
++{
++ pvrdma_ring_free(ring);
++ /* ring_state was in slot 1, not 0 so need to jump back */
++ rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE);
++ g_free(ring);
++}
++
+ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
+ union pvrdma_cmd_resp *rsp)
+ {
+@@ -333,6 +341,10 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
+
+ resp->hdr.err = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev,
+ cmd->cqe, &resp->cq_handle, ring);
++ if (resp->hdr.err) {
++ destroy_cq_ring(ring);
++ }
++
+ resp->cqe = cmd->cqe;
+
+ out:
+@@ -356,10 +368,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
+ }
+
+ ring = (PvrdmaRing *)cq->opaque;
+- pvrdma_ring_free(ring);
+- /* ring_state was in slot 1, not 0 so need to jump back */
+- rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE);
+- g_free(ring);
++ destroy_cq_ring(ring);
+
+ rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle);
+
+@@ -451,6 +460,17 @@ out:
+ return rc;
+ }
+
++static void destroy_qp_rings(PvrdmaRing *ring)
++{
++ pr_dbg("sring=%p\n", &ring[0]);
++ pvrdma_ring_free(&ring[0]);
++ pr_dbg("rring=%p\n", &ring[1]);
++ pvrdma_ring_free(&ring[1]);
++
++ rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE);
++ g_free(ring);
++}
++
+ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
+ union pvrdma_cmd_resp *rsp)
+ {
+@@ -482,6 +502,11 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
+ cmd->max_recv_wr, cmd->max_recv_sge,
+ cmd->recv_cq_handle, rings, &resp->qpn);
+
++ if (resp->hdr.err) {
++ destroy_qp_rings(rings);
++ return resp->hdr.err;
++ }
++
+ resp->max_send_wr = cmd->max_send_wr;
+ resp->max_recv_wr = cmd->max_recv_wr;
+ resp->max_send_sge = cmd->max_send_sge;
+@@ -555,13 +580,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
+ rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle);
+
+ ring = (PvrdmaRing *)qp->opaque;
+- pr_dbg("sring=%p\n", &ring[0]);
+- pvrdma_ring_free(&ring[0]);
+- pr_dbg("rring=%p\n", &ring[1]);
+- pvrdma_ring_free(&ring[1]);
+-
+- rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE);
+- g_free(ring);
++ destroy_qp_rings(ring);
+
+ return 0;
+ }
+--
+2.20.1
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch b/poky/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
new file mode 100644
index 0000000..8f8ff05
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
@@ -0,0 +1,47 @@
+CVE: CVE-2018-20191
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2aa8645]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 2aa86456fb938a11f2b7bd57c8643c213218681c Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 13 Dec 2018 01:00:35 +0530
+Subject: [PATCH] pvrdma: add uar_read routine
+
+Define skeleton 'uar_read' routine. Avoid NULL dereference.
+
+Reported-by: Li Qiang <liq3ea@163.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+---
+ hw/rdma/vmw/pvrdma_main.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
+index 64de16fb52..838ad8a949 100644
+--- a/hw/rdma/vmw/pvrdma_main.c
++++ b/hw/rdma/vmw/pvrdma_main.c
+@@ -448,6 +448,11 @@ static const MemoryRegionOps regs_ops = {
+ },
+ };
+
++static uint64_t uar_read(void *opaque, hwaddr addr, unsigned size)
++{
++ return 0xffffffff;
++}
++
+ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
+ {
+ PVRDMADev *dev = opaque;
+@@ -489,6 +494,7 @@ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
+ }
+
+ static const MemoryRegionOps uar_ops = {
++ .read = uar_read,
+ .write = uar_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+ .impl = {
+--
+2.20.1
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch b/poky/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
new file mode 100644
index 0000000..c02bad3
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
@@ -0,0 +1,85 @@
+CVE: CVE-2018-20216
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From f1e2e38ee0136b7710a2caa347049818afd57a1b Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 13 Dec 2018 01:00:39 +0530
+Subject: [PATCH] pvrdma: check return value from pvrdma_idx_ring_has_ routines
+
+pvrdma_idx_ring_has_[data/space] routines also return invalid
+index PVRDMA_INVALID_IDX[=-1], if ring has no data/space. Check
+return value from these routines to avoid plausible infinite loops.
+
+Reported-by: Li Qiang <liq3ea@163.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+---
+ hw/rdma/vmw/pvrdma_dev_ring.c | 29 +++++++++++------------------
+ 1 file changed, 11 insertions(+), 18 deletions(-)
+
+diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
+index 01247fc041..e8e5b502f6 100644
+--- a/hw/rdma/vmw/pvrdma_dev_ring.c
++++ b/hw/rdma/vmw/pvrdma_dev_ring.c
+@@ -73,23 +73,16 @@ out:
+
+ void *pvrdma_ring_next_elem_read(PvrdmaRing *ring)
+ {
++ int e;
+ unsigned int idx = 0, offset;
+
+- /*
+- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
+- ring->ring_state->cons_head);
+- */
+-
+- if (!pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx)) {
++ e = pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx);
++ if (e <= 0) {
+ pr_dbg("No more data in ring\n");
+ return NULL;
+ }
+
+ offset = idx * ring->elem_sz;
+- /*
+- pr_dbg("idx=%d\n", idx);
+- pr_dbg("offset=%d\n", offset);
+- */
+ return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
+ }
+
+@@ -105,20 +98,20 @@ void pvrdma_ring_read_inc(PvrdmaRing *ring)
+
+ void *pvrdma_ring_next_elem_write(PvrdmaRing *ring)
+ {
+- unsigned int idx, offset, tail;
++ int idx;
++ unsigned int offset, tail;
+
+- /*
+- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
+- ring->ring_state->cons_head);
+- */
+-
+- if (!pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail)) {
++ idx = pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail);
++ if (idx <= 0) {
+ pr_dbg("CQ is full\n");
+ return NULL;
+ }
+
+ idx = pvrdma_idx(&ring->ring_state->prod_tail, ring->max_elems);
+- /* TODO: tail == idx */
++ if (idx < 0 || tail != idx) {
++ pr_dbg("invalid idx\n");
++ return NULL;
++ }
+
+ offset = idx * ring->elem_sz;
+ return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
+--
+2.20.1
+
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch
deleted file mode 100644
index 7e1e442..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-10839.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From fdc89e90fac40c5ca2686733df17b6423fb8d8fb Mon Sep 17 00:00:00 2001
-From: Jason Wang <jasowang@redhat.com>
-Date: Wed, 30 May 2018 13:08:15 +0800
-Subject: [PATCH] ne2000: fix possible out of bound access in ne2000_receive
-
-In ne2000_receive(), we try to assign size_ to size which converts
-from size_t to integer. This will cause troubles when size_ is greater
-INT_MAX, this will lead a negative value in size and it can then pass
-the check of size < MIN_BUF_SIZE which may lead out of bound access of
-for both buf and buf1.
-
-Fixing by converting the type of size to size_t.
-
-CC: qemu-stable@nongnu.org
-Reported-by: Daniel Shapira <daniel@twistlock.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff
-;h=fdc89e90fac40c5ca2686733df17b6423fb8d8fb#patch1]
-
-CVE: CVE-2018-10839
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- hw/net/ne2000.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
-index 07d79e3..869518e 100644
---- a/hw/net/ne2000.c
-+++ b/hw/net/ne2000.c
-@@ -174,7 +174,7 @@ static int ne2000_buffer_full(NE2000State *s)
- ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
- {
- NE2000State *s = qemu_get_nic_opaque(nc);
-- int size = size_;
-+ size_t size = size_;
- uint8_t *p;
- unsigned int total_len, next, avail, len, index, mcast_idx;
- uint8_t buf1[60];
-@@ -182,7 +182,7 @@ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
- { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-
- #if defined(DEBUG_NE2000)
-- printf("NE2000: received len=%d\n", size);
-+ printf("NE2000: received len=%zu\n", size);
- #endif
-
- if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
---
-1.8.3.1
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-15746.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-15746.patch
deleted file mode 100644
index 2f61ea0..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-15746.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 9acf4c64dd4560bd268006d7356c7455fab7e5b1 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Thu, 6 Sep 2018 14:52:12 +0800
-Subject: [PATCH] seccomp: set the seccomp filter to all threads
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When using "-seccomp on", the seccomp policy is only applied to the
-main thread, the vcpu worker thread and other worker threads created
-after seccomp policy is applied; the seccomp policy is not applied to
-e.g. the RCU thread because it is created before the seccomp policy is
-applied and SECCOMP_FILTER_FLAG_TSYNC isn't used.
-
-This can be verified with
-for task in /proc/`pidof qemu`/task/*; do cat $task/status | grep Secc ; done
-Seccomp: 2
-Seccomp: 0
-Seccomp: 0
-Seccomp: 2
-Seccomp: 2
-Seccomp: 2
-
-Starting with libseccomp 2.2.0 and kernel >= 3.17, we can use
-seccomp_attr_set(ctx, > SCMP_FLTATR_CTL_TSYNC, 1) to update the policy
-on all threads.
-
-libseccomp requirement was bumped to 2.2.0 in previous patch.
-libseccomp should fail to set the filter if it can't honour
-SCMP_FLTATR_CTL_TSYNC (untested), and thus -sandbox will now fail on
-kernel < 3.17.
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Acked-by: Eduardo Otubo <otubo@redhat.com>
-
-Upstream-Status: Backport[https://github.com/qemu/qemu/commit/
-70dfabeaa79ba4d7a3b699abe1a047c8012db114#diff-18106d3b47a2d249f9d41e772b7db22d]
-
-CVE: CVE-2018-15746
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- qemu-seccomp.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/qemu-seccomp.c b/qemu-seccomp.c
-index 9cd8eb9..ba5500a 100644
---- a/qemu-seccomp.c
-+++ b/qemu-seccomp.c
-@@ -120,6 +120,11 @@ static int seccomp_start(uint32_t seccomp_opts)
- goto seccomp_return;
- }
-
-+ rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
-+ if (rc != 0) {
-+ goto seccomp_return;
-+ }
-+
- for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
- if (!(seccomp_opts & blacklist[i].set)) {
- continue;
---
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch
deleted file mode 100644
index af40ff2..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17958.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 06e88ca78d056ea4de885e3a1496805179dc47bc Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Mon, 15 Oct 2018 16:33:04 +0800
-Subject: [PATCH] ne2000: fix possible out of bound access in ne2000_receive
-
-In ne2000_receive(), we try to assign size_ to size which converts
-from size_t to integer. This will cause troubles when size_ is greater
-INT_MAX, this will lead a negative value in size and it can then pass
-the check of size < MIN_BUF_SIZE which may lead out of bound access of
-for both buf and buf1.
-
-Fixing by converting the type of size to size_t.
-
-CC: address@hidden
-Reported-by: Daniel Shapira <address@hidden>
-Reviewed-by: Michael S. Tsirkin <address@hidden>
-Signed-off-by: Jason Wang <address@hidden>
-
-Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html]
-
-CVE: CVE-2018-17958
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- hw/net/ne2000.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
-index 07d79e3..869518e 100644
---- a/hw/net/ne2000.c
-+++ b/hw/net/ne2000.c
-@@ -174,7 +174,7 @@ static int ne2000_buffer_full(NE2000State *s)
- ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
- {
- NE2000State *s = qemu_get_nic_opaque(nc);
-- int size = size_;
-+ size_t size = size_;
- uint8_t *p;
- unsigned int total_len, next, avail, len, index, mcast_idx;
- uint8_t buf1[60];
-@@ -182,7 +182,7 @@ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
- { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-
- #if defined(DEBUG_NE2000)
-- printf("NE2000: received len=%d\n", size);
-+ printf("NE2000: received len=%zu\n", size);
- #endif
-
- if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
---
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17962.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17962.patch
deleted file mode 100644
index 88bfd81..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17962.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 20abe443ad9464b18ac494f71f7d53f19ee3748f Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Mon, 15 Oct 2018 16:38:08 +0800
-Subject: [PATCH] rtl8139: fix possible out of bound access
-
-In rtl8139_do_receive(), we try to assign size_ to size which converts
-from size_t to integer. This will cause troubles when size_ is greater
-INT_MAX, this will lead a negative value in size and it can then pass
-the check of size < MIN_BUF_SIZE which may lead out of bound access of
-for both buf and buf1.
-
-Fixing by converting the type of size to size_t.
-
-CC: address@hidden
-Reported-by: Daniel Shapira <address@hidden>
-Reviewed-by: Michael S. Tsirkin <address@hidden>
-Signed-off-by: Jason Wang <address@hidden>
-
-Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html]
-
-CVE: CVE-2018-17962
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- hw/net/rtl8139.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
-index 46daa16..2342a09 100644
---- a/hw/net/rtl8139.c
-+++ b/hw/net/rtl8139.c
-@@ -817,7 +817,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
- RTL8139State *s = qemu_get_nic_opaque(nc);
- PCIDevice *d = PCI_DEVICE(s);
- /* size is the length of the buffer passed to the driver */
-- int size = size_;
-+ size_t size = size_;
- const uint8_t *dot1q_buf = NULL;
-
- uint32_t packet_header = 0;
-@@ -826,7 +826,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
- static const uint8_t broadcast_macaddr[6] =
- { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
-
-- DPRINTF(">>> received len=%d\n", size);
-+ DPRINTF(">>> received len=%zu\n", size);
-
- /* test if board clock is stopped */
- if (!s->clock_enabled)
-@@ -1035,7 +1035,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
-
- if (size+4 > rx_space)
- {
-- DPRINTF("C+ Rx mode : descriptor %d size %d received %d + 4\n",
-+ DPRINTF("C+ Rx mode : descriptor %d size %d received %zu + 4\n",
- descriptor, rx_space, size);
-
- s->IntrStatus |= RxOverflow;
-@@ -1148,7 +1148,7 @@ static ssize_t rtl8139_do_receive(NetClientState *nc, const uint8_t *buf, size_t
- if (avail != 0 && RX_ALIGN(size + 8) >= avail)
- {
- DPRINTF("rx overflow: rx buffer length %d head 0x%04x "
-- "read 0x%04x === available 0x%04x need 0x%04x\n",
-+ "read 0x%04x === available 0x%04x need 0x%04zx\n",
- s->RxBufferSize, s->RxBufAddr, s->RxBufPtr, avail, size + 8);
-
- s->IntrStatus |= RxOverflow;
---
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17963.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17963.patch
deleted file mode 100644
index 054cdc8..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu/CVE-2018-17963.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From e5ff72a8005dd1d9c0f63f8a9cc4298df5bb7551 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Mon, 15 Oct 2018 16:39:46 +0800
-Subject: [PATCH] pcnet: fix possible buffer overflow
-
-In pcnet_receive(), we try to assign size_ to size which converts from
-size_t to integer. This will cause troubles when size_ is greater
-INT_MAX, this will lead a negative value in size and it can then pass
-the check of size < MIN_BUF_SIZE which may lead out of bound access
-for both buf and buf1.
-
-Fixing by converting the type of size to size_t.
-
-CC: address@hidden
-Reported-by: Daniel Shapira <address@hidden>
-Reviewed-by: Michael S. Tsirkin <address@hidden>
-Signed-off-by: Jason Wang <address@hidden>
-
-Upstream-Status: Backport [https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html]
-
-CVE: CVE-2018-17963
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- hw/net/pcnet.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
-index 0c44554..d9ba04b 100644
---- a/hw/net/pcnet.c
-+++ b/hw/net/pcnet.c
-@@ -988,14 +988,14 @@ ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
- uint8_t buf1[60];
- int remaining;
- int crc_err = 0;
-- int size = size_;
-+ size_t size = size_;
-
- if (CSR_DRX(s) || CSR_STOP(s) || CSR_SPND(s) || !size ||
- (CSR_LOOP(s) && !s->looptest)) {
- return -1;
- }
- #ifdef PCNET_DEBUG
-- printf("pcnet_receive size=%d\n", size);
-+ printf("pcnet_receive size=%zu\n", size);
- #endif
-
- /* if too small buffer, then expand it */
---
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
new file mode 100644
index 0000000..7de5882
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
@@ -0,0 +1,39 @@
+QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an
+out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc()
+function. A local attacker with permission to execute i2c commands could exploit
+this to read stack memory of the qemu process on the host.
+
+CVE: CVE-2019-3812
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 8 Jan 2019 11:23:01 +0100
+Subject: [PATCH] i2c-ddc: fix oob read
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Suggested-by: Michael Hanselmann <public@hansmi.ch>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Michael Hanselmann <public@hansmi.ch>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190108102301.1957-1-kraxel@redhat.com
+---
+ hw/i2c/i2c-ddc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
+index be34fe072cf..0a0367ff38f 100644
+--- a/hw/i2c/i2c-ddc.c
++++ b/hw/i2c/i2c-ddc.c
+@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
+ I2CDDCState *s = I2CDDC(i2c);
+
+ int value;
+- value = s->edid_blob[s->reg];
++ value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
+ s->reg++;
+ return value;
+ }
diff --git a/poky/meta/recipes-devtools/qemu/qemu_3.0.0.bb b/poky/meta/recipes-devtools/qemu/qemu_3.0.0.bb
deleted file mode 100644
index 776548b..0000000
--- a/poky/meta/recipes-devtools/qemu/qemu_3.0.0.bb
+++ /dev/null
@@ -1,60 +0,0 @@
-require qemu.inc
-
-inherit ptest
-
-RDEPENDS_${PN}-ptest = "bash make"
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
- file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
-
-SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
- file://powerpc_rom.bin \
- file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \
- file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \
- file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
- file://run-ptest \
- file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
- file://0005-qemu-disable-Valgrind.patch \
- file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
- file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
- file://0008-chardev-connect-socket-to-a-spawned-command.patch \
- file://0009-apic-fixup-fallthrough-to-PIC.patch \
- file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
- file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
- file://CVE-2018-15746.patch \
- file://CVE-2018-17958.patch \
- file://CVE-2018-17962.patch \
- file://CVE-2018-17963.patch \
- "
-UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
-
-SRC_URI_append_class-native = " \
- file://0012-fix-libcap-header-issue-on-some-distro.patch \
- file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
- "
-
-SRC_URI[md5sum] = "6a5c8df583406ea24ef25b239c3243e0"
-SRC_URI[sha256sum] = "8d7af64fe8bd5ea5c3bdf17131a8b858491bcce1ee3839425a6d91fb821b5713"
-
-COMPATIBLE_HOST_mipsarchn32 = "null"
-COMPATIBLE_HOST_mipsarchn64 = "null"
-
-do_install_append() {
- # Prevent QA warnings about installed ${localstatedir}/run
- if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi
- install -Dm 0755 ${WORKDIR}/powerpc_rom.bin ${D}${datadir}/qemu
-}
-
-do_compile_ptest() {
- make buildtest-TESTS
-}
-
-do_install_ptest() {
- cp -rL ${B}/tests ${D}${PTEST_PATH}
- find ${D}${PTEST_PATH}/tests -type f -name "*.[Sshcod]" | xargs -i rm -rf {}
-
- cp ${S}/tests/Makefile.include ${D}${PTEST_PATH}/tests
- # Don't check the file genreated by configure
- sed -i -e '/wildcard config-host.mak/d' \
- -e '$ {/endif/d}' ${D}${PTEST_PATH}/tests/Makefile.include
-}
diff --git a/poky/meta/recipes-devtools/qemu/qemu_3.1.0.bb b/poky/meta/recipes-devtools/qemu/qemu_3.1.0.bb
new file mode 100644
index 0000000..04d8bee
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu_3.1.0.bb
@@ -0,0 +1,22 @@
+BBCLASSEXTEND = "nativesdk"
+
+require qemu.inc
+
+DEPENDS = "glib-2.0 zlib pixman"
+
+RDEPENDS_${PN}_class-target += "bash"
+
+EXTRA_OECONF_append_class-target = " --target-list=${@get_qemu_target_list(d)}"
+EXTRA_OECONF_append_class-nativesdk = " --target-list=${@get_qemu_target_list(d)}"
+
+do_install_append_class-nativesdk() {
+ ${@bb.utils.contains('PACKAGECONFIG', 'gtk+', 'make_qemu_wrapper', '', d)}
+}
+
+PACKAGECONFIG ??= " \
+ fdt sdl kvm \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \
+"
+PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm"
+
+
diff --git a/poky/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb b/poky/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb
index 4aada52..a0448a1 100644
--- a/poky/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb
@@ -20,8 +20,9 @@
#!/bin/sh
set -x
-if [ ${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'True', 'False', d)} = False ]; then
- echo "qemuwrapper: qemu usermode is not supported"
+if [ ${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'True', 'False', d)} = False -a "${PN}" != "nativesdk-qemuwrapper-cross" ]; then
+ echo "qemuwrapper: qemu usermode is not supported"
+ exit 1
fi