diff options
| author | Thomas Penteker <tek@serverop.de> | 2016-09-12 00:51:16 +0200 |
|---|---|---|
| committer | Thomas Penteker <tek@serverop.de> | 2016-09-12 00:51:16 +0200 |
| commit | 11ac56da0391110611bad43df2344f5cb1799277 (patch) | |
| tree | f43e26271a7ca2a246f009f48d7a3d0c4890795a /qemu | |
| parent | 76350ca97b6e4639e9d0ace86e17847a038d9cad (diff) | |
| download | opt-11ac56da0391110611bad43df2344f5cb1799277.tar.gz opt-11ac56da0391110611bad43df2344f5cb1799277.tar.xz | |
qemu: 2.6.0 -> 2.7.0
Diffstat (limited to 'qemu')
| -rw-r--r-- | qemu/.footprint | 5 | ||||
| -rw-r--r-- | qemu/.md5sum | 3 | ||||
| -rw-r--r-- | qemu/Pkgfile | 8 | ||||
| -rw-r--r-- | qemu/cve-2016-4020-4439-4441.diff | 294 |
4 files changed, 8 insertions, 302 deletions
diff --git a/qemu/.footprint b/qemu/.footprint index 95ffe779b..8c273f804 100644 --- a/qemu/.footprint +++ b/qemu/.footprint @@ -33,11 +33,13 @@ drwxr-xr-x root/root usr/share/qemu/ -rw-r--r-- root/root usr/share/qemu/bios-256k.bin -rw-r--r-- root/root usr/share/qemu/bios.bin -rw-r--r-- root/root usr/share/qemu/efi-e1000.rom +-rw-r--r-- root/root usr/share/qemu/efi-e1000e.rom -rw-r--r-- root/root usr/share/qemu/efi-eepro100.rom -rw-r--r-- root/root usr/share/qemu/efi-ne2k_pci.rom -rw-r--r-- root/root usr/share/qemu/efi-pcnet.rom -rw-r--r-- root/root usr/share/qemu/efi-rtl8139.rom -rw-r--r-- root/root usr/share/qemu/efi-virtio.rom +-rw-r--r-- root/root usr/share/qemu/efi-vmxnet3.rom drwxr-xr-x root/root usr/share/qemu/keymaps/ -rw-r--r-- root/root usr/share/qemu/keymaps/ar -rw-r--r-- root/root usr/share/qemu/keymaps/bepo @@ -78,6 +80,7 @@ drwxr-xr-x root/root usr/share/qemu/keymaps/ -rw-r--r-- root/root usr/share/qemu/keymaps/tr -rw-r--r-- root/root usr/share/qemu/kvmvapic.bin -rw-r--r-- root/root usr/share/qemu/linuxboot.bin +-rw-r--r-- root/root usr/share/qemu/linuxboot_dma.bin -rw-r--r-- root/root usr/share/qemu/multiboot.bin -rw-r--r-- root/root usr/share/qemu/openbios-ppc -rw-r--r-- root/root usr/share/qemu/openbios-sparc32 @@ -98,7 +101,7 @@ drwxr-xr-x root/root usr/share/qemu/keymaps/ -rw-r--r-- root/root usr/share/qemu/sgabios.bin -rw-r--r-- root/root usr/share/qemu/slof.bin -rw-r--r-- root/root usr/share/qemu/spapr-rtas.bin --rw-r--r-- root/root usr/share/qemu/trace-events +-rw-r--r-- root/root usr/share/qemu/trace-events-all -rw-r--r-- root/root usr/share/qemu/u-boot.e500 -rw-r--r-- root/root usr/share/qemu/vgabios-cirrus.bin -rw-r--r-- root/root usr/share/qemu/vgabios-qxl.bin diff --git a/qemu/.md5sum b/qemu/.md5sum index 6d028daca..219a71cef 100644 --- a/qemu/.md5sum +++ b/qemu/.md5sum @@ -1,2 +1 @@ -bae792f4cb7495f567390046a1ede1cb cve-2016-4020-4439-4441.diff -ca3f70b43f093e33e9e014f144067f13 qemu-2.6.0.tar.bz2 +08d4d06d1cb598efecd796137f4844ab qemu-2.7.0.tar.bz2 diff --git a/qemu/Pkgfile b/qemu/Pkgfile index c7cfa4b66..c7d49816a 100644 --- a/qemu/Pkgfile +++ b/qemu/Pkgfile @@ -6,16 +6,14 @@ # Nice to have: libseccomp libiscsi libusb usbredir spice name=qemu -version=2.6.0 -release=2 -source=(http://wiki.qemu.org/download/qemu-$version.tar.bz2 cve-2016-4020-4439-4441.diff) +version=2.7.0 +release=1 +source=(http://wiki.qemu.org/download/qemu-$version.tar.bz2) build() { cd $name-$version - patch -p1 -i $SRC/cve-2016-4020-4439-4441.diff - ./configure --prefix=/usr \ --cc="${CC:=gcc}" \ --host-cc="${CC:=gcc}" \ diff --git a/qemu/cve-2016-4020-4439-4441.diff b/qemu/cve-2016-4020-4439-4441.diff deleted file mode 100644 index e203e9e40..000000000 --- a/qemu/cve-2016-4020-4439-4441.diff +++ /dev/null @@ -1,294 +0,0 @@ ---- a/hw/i386/kvmvapic.c -+++ b/hw/i386/kvmvapic.c -@@ -394,7 +394,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip) - CPUX86State *env = &cpu->env; - VAPICHandlers *handlers; - uint8_t opcode[2]; -- uint32_t imm32; -+ uint32_t imm32 = 0; - target_ulong current_pc = 0; - target_ulong current_cs_base = 0; - int current_flags = 0; ---- a/hw/scsi/esp.c -+++ b/hw/scsi/esp.c -@@ -448,7 +448,11 @@ void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) - break; - case ESP_FIFO: - if (s->do_cmd) { -- s->cmdbuf[s->cmdlen++] = val & 0xff; -+ if (s->cmdlen < TI_BUFSZ) { -+ s->cmdbuf[s->cmdlen++] = val & 0xff; -+ } else { -+ trace_esp_error_fifo_overrun(); -+ } - } else if (s->ti_size == TI_BUFSZ - 1) { - trace_esp_error_fifo_overrun(); - } else { ---- a/hw/scsi/esp.c -+++ b/hw/scsi/esp.c -@@ -82,7 +82,7 @@ void esp_request_cancelled(SCSIRequest *req) - } - } - --static uint32_t get_cmd(ESPState *s, uint8_t *buf) -+static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) - { - uint32_t dmalen; - int target; -@@ -92,6 +92,9 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf) - dmalen = s->rregs[ESP_TCLO]; - dmalen |= s->rregs[ESP_TCMID] << 8; - dmalen |= s->rregs[ESP_TCHI] << 16; -+ if (dmalen > buflen) { -+ return 0; -+ } - s->dma_memory_read(s->dma_opaque, buf, dmalen); - } else { - dmalen = s->ti_size; -@@ -166,7 +169,7 @@ static void handle_satn(ESPState *s) - s->dma_cb = handle_satn; - return; - } -- len = get_cmd(s, buf); -+ len = get_cmd(s, buf, sizeof(buf)); - if (len) - do_cmd(s, buf); - } -@@ -180,7 +183,7 @@ static void handle_s_without_atn(ESPState *s) - s->dma_cb = handle_s_without_atn; - return; - } -- len = get_cmd(s, buf); -+ len = get_cmd(s, buf, sizeof(buf)); - if (len) { - do_busid_cmd(s, buf, 0); - } -@@ -192,7 +195,7 @@ static void handle_satn_stop(ESPState *s) - s->dma_cb = handle_satn_stop; - return; - } -- s->cmdlen = get_cmd(s, s->cmdbuf); -+ s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); - if (s->cmdlen) { - trace_esp_handle_satn_stop(s->cmdlen); - s->do_cmd = 1; ---- a/hw/display/vga.c -+++ b/hw/display/vga.c -@@ -149,6 +149,11 @@ static inline bool vbe_enabled(VGACommonState *s) - return s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED; - } - -+static inline uint8_t sr(VGACommonState *s, int idx) -+{ -+ return vbe_enabled(s) ? s->sr_vbe[idx] : s->sr[idx]; -+} -+ - static void vga_update_memory_access(VGACommonState *s) - { - hwaddr base, offset, size; -@@ -163,8 +168,8 @@ static void vga_update_memory_access(VGACommonState *s) - s->has_chain4_alias = false; - s->plane_updated = 0xf; - } -- if ((s->sr[VGA_SEQ_PLANE_WRITE] & VGA_SR02_ALL_PLANES) == -- VGA_SR02_ALL_PLANES && s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) { -+ if ((sr(s, VGA_SEQ_PLANE_WRITE) & VGA_SR02_ALL_PLANES) == -+ VGA_SR02_ALL_PLANES && sr(s, VGA_SEQ_MEMORY_MODE) & VGA_SR04_CHN_4M) { - offset = 0; - switch ((s->gr[VGA_GFX_MISC] >> 2) & 3) { - case 0: -@@ -234,7 +239,7 @@ static void vga_precise_update_retrace_info(VGACommonState *s) - ((s->cr[VGA_CRTC_OVERFLOW] >> 6) & 2)) << 8); - vretr_end_line = s->cr[VGA_CRTC_V_SYNC_END] & 0xf; - -- clocking_mode = (s->sr[VGA_SEQ_CLOCK_MODE] >> 3) & 1; -+ clocking_mode = (sr(s, VGA_SEQ_CLOCK_MODE) >> 3) & 1; - clock_sel = (s->msr >> 2) & 3; - dots = (s->msr & 1) ? 8 : 9; - -@@ -486,7 +491,6 @@ void vga_ioport_write(void *opaque, uint32_t addr, uint32_t val) - printf("vga: write SR%x = 0x%02x\n", s->sr_index, val); - #endif - s->sr[s->sr_index] = val & sr_mask[s->sr_index]; -- vbe_update_vgaregs(s); - if (s->sr_index == VGA_SEQ_CLOCK_MODE) { - s->update_retrace_info(s); - } -@@ -680,13 +684,13 @@ static void vbe_update_vgaregs(VGACommonState *s) - - if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4) { - shift_control = 0; -- s->sr[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */ -+ s->sr_vbe[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */ - } else { - shift_control = 2; - /* set chain 4 mode */ -- s->sr[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M; -+ s->sr_vbe[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M; - /* activate all planes */ -- s->sr[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES; -+ s->sr_vbe[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES; - } - s->gr[VGA_GFX_MODE] = (s->gr[VGA_GFX_MODE] & ~0x60) | - (shift_control << 5); -@@ -836,7 +840,7 @@ uint32_t vga_mem_readb(VGACommonState *s, hwaddr addr) - break; - } - -- if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) { -+ if (sr(s, VGA_SEQ_MEMORY_MODE) & VGA_SR04_CHN_4M) { - /* chain 4 mode : simplest access */ - assert(addr < s->vram_size); - ret = s->vram_ptr[addr]; -@@ -904,11 +908,11 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val) - break; - } - -- if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) { -+ if (sr(s, VGA_SEQ_MEMORY_MODE) & VGA_SR04_CHN_4M) { - /* chain 4 mode : simplest access */ - plane = addr & 3; - mask = (1 << plane); -- if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) { -+ if (sr(s, VGA_SEQ_PLANE_WRITE) & mask) { - assert(addr < s->vram_size); - s->vram_ptr[addr] = val; - #ifdef DEBUG_VGA_MEM -@@ -921,7 +925,7 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val) - /* odd/even mode (aka text mode mapping) */ - plane = (s->gr[VGA_GFX_PLANE_READ] & 2) | (addr & 1); - mask = (1 << plane); -- if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) { -+ if (sr(s, VGA_SEQ_PLANE_WRITE) & mask) { - addr = ((addr & ~1) << 1) | plane; - if (addr >= s->vram_size) { - return; -@@ -996,7 +1000,7 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val) - - do_write: - /* mask data according to sr[2] */ -- mask = s->sr[VGA_SEQ_PLANE_WRITE]; -+ mask = sr(s, VGA_SEQ_PLANE_WRITE); - s->plane_updated |= mask; /* only used to detect font change */ - write_mask = mask16[mask]; - if (addr * sizeof(uint32_t) >= s->vram_size) { -@@ -1152,10 +1156,10 @@ static void vga_get_text_resolution(VGACommonState *s, int *pwidth, int *pheight - /* total width & height */ - cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1; - cwidth = 8; -- if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) { -+ if (!(sr(s, VGA_SEQ_CLOCK_MODE) & VGA_SR01_CHAR_CLK_8DOTS)) { - cwidth = 9; - } -- if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) { -+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 0x08) { - cwidth = 16; /* NOTE: no 18 pixel wide */ - } - width = (s->cr[VGA_CRTC_H_DISP] + 1); -@@ -1197,7 +1201,7 @@ static void vga_draw_text(VGACommonState *s, int full_update) - int64_t now = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL); - - /* compute font data address (in plane 2) */ -- v = s->sr[VGA_SEQ_CHARACTER_MAP]; -+ v = sr(s, VGA_SEQ_CHARACTER_MAP); - offset = (((v >> 4) & 1) | ((v << 1) & 6)) * 8192 * 4 + 2; - if (offset != s->font_offsets[0]) { - s->font_offsets[0] = offset; -@@ -1506,11 +1510,11 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) - } - - if (shift_control == 0) { -- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) { -+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) { - disp_width <<= 1; - } - } else if (shift_control == 1) { -- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) { -+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) { - disp_width <<= 1; - } - } -@@ -1574,7 +1578,7 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) - - if (shift_control == 0) { - full_update |= update_palette16(s); -- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) { -+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) { - v = VGA_DRAW_LINE4D2; - } else { - v = VGA_DRAW_LINE4; -@@ -1582,7 +1586,7 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) - bits = 4; - } else if (shift_control == 1) { - full_update |= update_palette16(s); -- if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) { -+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 8) { - v = VGA_DRAW_LINE2D2; - } else { - v = VGA_DRAW_LINE2; -@@ -1629,7 +1633,7 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) - #if 0 - printf("w=%d h=%d v=%d line_offset=%d cr[0x09]=0x%02x cr[0x17]=0x%02x linecmp=%d sr[0x01]=0x%02x\n", - width, height, v, line_offset, s->cr[9], s->cr[VGA_CRTC_MODE], -- s->line_compare, s->sr[VGA_SEQ_CLOCK_MODE]); -+ s->line_compare, sr(s, VGA_SEQ_CLOCK_MODE)); - #endif - addr1 = (s->start_addr * 4); - bwidth = (width * bits + 7) / 8; -@@ -1781,6 +1785,7 @@ void vga_common_reset(VGACommonState *s) - { - s->sr_index = 0; - memset(s->sr, '\0', sizeof(s->sr)); -+ memset(s->sr_vbe, '\0', sizeof(s->sr_vbe)); - s->gr_index = 0; - memset(s->gr, '\0', sizeof(s->gr)); - s->ar_index = 0; -@@ -1883,10 +1888,10 @@ static void vga_update_text(void *opaque, console_ch_t *chardata) - /* total width & height */ - cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1; - cw = 8; -- if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) { -+ if (!(sr(s, VGA_SEQ_CLOCK_MODE) & VGA_SR01_CHAR_CLK_8DOTS)) { - cw = 9; - } -- if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) { -+ if (sr(s, VGA_SEQ_CLOCK_MODE) & 0x08) { - cw = 16; /* NOTE: no 18 pixel wide */ - } - width = (s->cr[VGA_CRTC_H_DISP] + 1); -@@ -2053,6 +2058,7 @@ static int vga_common_post_load(void *opaque, int version_id) - - /* force refresh */ - s->graphic_mode = -1; -+ vbe_update_vgaregs(s); - return 0; - } - ---- a/hw/display/vga_int.h -+++ b/hw/display/vga_int.h -@@ -98,6 +98,7 @@ typedef struct VGACommonState { - MemoryRegion chain4_alias; - uint8_t sr_index; - uint8_t sr[256]; -+ uint8_t sr_vbe[256]; - uint8_t gr_index; - uint8_t gr[256]; - uint8_t ar_index; ---- a/hw/arm/virt.c -+++ b/hw/arm/virt.c -@@ -1114,10 +1114,14 @@ static void machvirt_init(MachineState *machine) - * KVM is not available yet - */ - if (!gic_version) { -+ if (!kvm_enabled()) { -+ error_report("gic-version=host requires KVM"); -+ exit(1); -+ } -+ - gic_version = kvm_arm_vgic_probe(); - if (!gic_version) { - error_report("Unable to determine GIC version supported by host"); -- error_printf("KVM acceleration is probably not supported\n"); - exit(1); - } - } |