rpms
/
qemu
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to qemu-2.2.0-rc1

This commit is contained in:
Cole Robinson 2014-11-15 20:39:24 -05:00
parent 725f84b743
commit 259393612c
16 changed files with 69 additions and 1188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
0001-loader-Add-load_image_gzipped-function.patch
View File

@ -1,95 +0,0 @@
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 19 Aug 2014 18:56:28 +0100
Subject: [PATCH] loader: Add load_image_gzipped function.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
As the name suggests this lets you load a ROM/disk image that is
gzipped. It is uncompressed before storing it in guest memory.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1407831259-2115-2-git-send-email-rjones@redhat.com
[PMM: removed stray space before ')']
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 235e74afcb85285a8e35e75f0cb6e6811267bb75)
---
hw/core/loader.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
include/hw/loader.h | 1 +
2 files changed, 49 insertions(+)
diff --git a/hw/core/loader.c b/hw/core/loader.c
index 2bf6b8f..0fde699 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -577,6 +577,54 @@ int load_ramdisk(const char *filename, hwaddr addr, uint64_t max_sz)
return load_uboot_image(filename, NULL, &addr, NULL, IH_TYPE_RAMDISK);
}
+/* This simply prevents g_malloc in the function below from allocating
+ * a huge amount of memory, by placing a limit on the maximum
+ * uncompressed image size that load_image_gzipped will read.
+ */
+#define LOAD_IMAGE_MAX_GUNZIP_BYTES (256 << 20)
+
+/* Load a gzip-compressed kernel. */
+int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz)
+{
+ uint8_t *compressed_data = NULL;
+ uint8_t *data = NULL;
+ gsize len;
+ ssize_t bytes;
+ int ret = -1;
+
+ if (!g_file_get_contents(filename, (char **) &compressed_data, &len,
+ NULL)) {
+ goto out;
+ }
+
+ /* Is it a gzip-compressed file? */
+ if (len < 2 ||
+ compressed_data[0] != 0x1f ||
+ compressed_data[1] != 0x8b) {
+ goto out;
+ }
+
+ if (max_sz > LOAD_IMAGE_MAX_GUNZIP_BYTES) {
+ max_sz = LOAD_IMAGE_MAX_GUNZIP_BYTES;
+ }
+
+ data = g_malloc(max_sz);
+ bytes = gunzip(data, max_sz, compressed_data, len);
+ if (bytes < 0) {
+ fprintf(stderr, "%s: unable to decompress gzipped kernel file\n",
+ filename);
+ goto out;
+ }
+
+ rom_add_blob_fixed(filename, data, bytes, addr);
+ ret = bytes;
+
+ out:
+ g_free(compressed_data);
+ g_free(data);
+ return ret;
+}
+
/*
* Functions for reboot-persistent memory regions.
* - used for vga bios and option roms.
diff --git a/include/hw/loader.h b/include/hw/loader.h
index 796cbf9..00c9117 100644
--- a/include/hw/loader.h
+++ b/include/hw/loader.h
@@ -15,6 +15,7 @@ int get_image_size(const char *filename);
int load_image(const char *filename, uint8_t *addr); /* deprecated */
int load_image_targphys(const char *filename, hwaddr,
uint64_t max_sz);
+int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz);
#define ELF_LOAD_FAILED -1
#define ELF_LOAD_NOT_ELF -2

53
0002-aarch64-Allow-kernel-option-to-take-a-gzip-compresse.patch
View File

@ -1,53 +0,0 @@
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 19 Aug 2014 18:56:28 +0100
Subject: [PATCH] aarch64: Allow -kernel option to take a gzip-compressed
kernel.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
On aarch64 it is the bootloader's job to uncompress the kernel. UEFI
and u-boot bootloaders do this automatically when the kernel is
gzip-compressed.
However the qemu -kernel option does not do this. The following
command does not work:
qemu-system-aarch64 [...] -kernel /boot/vmlinuz
because it tries to execute the gzip-compressed data.
This commit lets gzip-compressed kernels be uncompressed
transparently.
Currently this is only done when emulating aarch64.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1407831259-2115-3-git-send-email-rjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 6f5d3cbe8892367026526a7deed0ceecc700a7ad)
---
hw/arm/boot.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 3d1f4a2..b7d60aa 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -510,6 +510,13 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
kernel_size = load_uimage(info->kernel_filename, &entry, NULL,
&is_linux);
}
+ /* On aarch64, it's the bootloader's job to uncompress the kernel. */
+ if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64) && kernel_size < 0) {
+ entry = info->loader_start + kernel_load_offset;
+ kernel_size = load_image_gzipped(info->kernel_filename, entry,
+ info->ram_size - kernel_load_offset);
+ is_linux = 1;
+ }
if (kernel_size < 0) {
entry = info->loader_start + kernel_load_offset;
kernel_size = load_image_targphys(info->kernel_filename, entry,

112
0003-block.curl-adding-timeout-option.patch
View File

@ -1,112 +0,0 @@
From: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>
Date: Wed, 13 Aug 2014 12:44:27 -0300
Subject: [PATCH] block.curl: adding 'timeout' option
The curl hardcoded timeout (5 seconds) sometimes is not long
enough depending on the remote server configuration and network
traffic. The user should be able to set how much long he is
willing to wait for the connection.
Adding a new option to set this timeout gives the user this
flexibility. The previous default timeout of 5 seconds will be
used if this option is not present.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>
Reviewed-by: Benoit Canet <benoit.canet@nodalink.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 212aefaa53d142baa9a22f5aadd2e72eb916c0c0)
---
block/curl.c | 13 ++++++++++++-
qemu-options.hx | 10 ++++++++--
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index 79ff2f1..6f45547 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -63,6 +63,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
#define CURL_NUM_ACB 8
#define SECTOR_SIZE 512
#define READ_AHEAD_DEFAULT (256 * 1024)
+#define CURL_TIMEOUT_DEFAULT 5
#define FIND_RET_NONE 0
#define FIND_RET_OK 1
@@ -71,6 +72,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
#define CURL_BLOCK_OPT_URL "url"
#define CURL_BLOCK_OPT_READAHEAD "readahead"
#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
+#define CURL_BLOCK_OPT_TIMEOUT "timeout"
struct BDRVCURLState;
@@ -109,6 +111,7 @@ typedef struct BDRVCURLState {
char *url;
size_t readahead_size;
bool sslverify;
+ int timeout;
bool accept_range;
AioContext *aio_context;
} BDRVCURLState;
@@ -382,7 +385,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
(long) s->sslverify);
- curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, 5);
+ curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout);
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
(void *)curl_read_cb);
curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state);
@@ -489,6 +492,11 @@ static QemuOptsList runtime_opts = {
.type = QEMU_OPT_BOOL,
.help = "Verify SSL certificate"
},
+ {
+ .name = CURL_BLOCK_OPT_TIMEOUT,
+ .type = QEMU_OPT_NUMBER,
+ .help = "Curl timeout"
+ },
{ /* end of list */ }
},
};
@@ -525,6 +533,9 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
goto out_noclean;
}
+ s->timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
+ CURL_TIMEOUT_DEFAULT);
+
s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
diff --git a/qemu-options.hx b/qemu-options.hx
index 1549625..dcb008b 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2351,6 +2351,11 @@ multiple of 512 bytes. It defaults to 256k.
@item sslverify
Whether to verify the remote server's certificate when connecting over SSL. It
can have the value 'on' or 'off'. It defaults to 'on'.
+
+@item timeout
+Set the timeout in seconds of the CURL connection. This timeout is the time
+that CURL waits for a response from the remote server to get the size of the
+image to be downloaded. If not set, the default timeout of 5 seconds is used.
@end table
Note that when passing options to qemu explicitly, @option{driver} is the value
@@ -2372,9 +2377,10 @@ qemu-system-x86_64 -drive file=/tmp/Fedora-x86_64-20-20131211.1-sda.qcow2,copy-o
@end example
Example: boot from an image stored on a VMware vSphere server with a self-signed
-certificate using a local overlay for writes and a readahead of 64k
+certificate using a local overlay for writes, a readahead of 64k and a timeout
+of 10 seconds.
@example
-qemu-img create -f qcow2 -o backing_file='json:@{"file.driver":"https",, "file.url":"https://user:password@@vsphere.example.com/folder/test/test-flat.vmdk?dcPath=Datacenter&dsName=datastore1",, "file.sslverify":"off",, "file.readahead":"64k"@}' /tmp/test.qcow2
+qemu-img create -f qcow2 -o backing_file='json:@{"file.driver":"https",, "file.url":"https://user:password@@vsphere.example.com/folder/test/test-flat.vmdk?dcPath=Datacenter&dsName=datastore1",, "file.sslverify":"off",, "file.readahead":"64k",, "file.timeout":10@}' /tmp/test.qcow2
qemu-system-x86_64 -drive file=/tmp/test.qcow2
@end example

123
0004-curl-Allow-a-cookie-or-cookies-to-be-sent-with-http-.patch
View File

@ -1,123 +0,0 @@
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 29 Aug 2014 16:03:12 +0100
Subject: [PATCH] curl: Allow a cookie or cookies to be sent with http/https
requests.
In order to access VMware ESX efficiently, we need to send a session
cookie. This patch is very simple and just allows you to send that
session cookie. It punts on the question of how you get the session
cookie in the first place, but in practice you can just run a `curl'
command against the server and extract the cookie that way.
To use it, add file.cookie to the curl URL. For example:
$ qemu-img info 'json: {
"file.driver":"https",
"file.url":"https://vcenter/folder/Windows%202003/Windows%202003-flat.vmdk?dcPath=Datacenter&dsName=datastore1",
"file.sslverify":"off",
"file.cookie":"vmware_soap_session=\"52a01262-bf93-ccce-d379-8dabb3e55560\""}'
image: [...]
file format: raw
virtual size: 8.0G (8589934592 bytes)
disk size: unavailable
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit a94f83d94fdf907680f068f1be7ad13d1f697067)
---
block/curl.c | 16 ++++++++++++++++
qemu-options.hx | 5 +++++
2 files changed, 21 insertions(+)
diff --git a/block/curl.c b/block/curl.c
index 6f45547..537e257 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -73,6 +73,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
#define CURL_BLOCK_OPT_READAHEAD "readahead"
#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
#define CURL_BLOCK_OPT_TIMEOUT "timeout"
+#define CURL_BLOCK_OPT_COOKIE "cookie"
struct BDRVCURLState;
@@ -112,6 +113,7 @@ typedef struct BDRVCURLState {
size_t readahead_size;
bool sslverify;
int timeout;
+ char *cookie;
bool accept_range;
AioContext *aio_context;
} BDRVCURLState;
@@ -385,6 +387,9 @@ static CURLState *curl_init_state(BDRVCURLState *s)
curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
(long) s->sslverify);
+ if (s->cookie) {
+ curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
+ }
curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout);
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
(void *)curl_read_cb);
@@ -497,6 +502,11 @@ static QemuOptsList runtime_opts = {
.type = QEMU_OPT_NUMBER,
.help = "Curl timeout"
},
+ {
+ .name = CURL_BLOCK_OPT_COOKIE,
+ .type = QEMU_OPT_STRING,
+ .help = "Pass the cookie or list of cookies with each request"
+ },
{ /* end of list */ }
},
};
@@ -509,6 +519,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
QemuOpts *opts;
Error *local_err = NULL;
const char *file;
+ const char *cookie;
double d;
static int inited = 0;
@@ -538,6 +549,9 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
+ cookie = qemu_opt_get(opts, CURL_BLOCK_OPT_COOKIE);
+ s->cookie = g_strdup(cookie);
+
file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
if (file == NULL) {
error_setg(errp, "curl block driver requires an 'url' option");
@@ -593,6 +607,7 @@ out:
curl_easy_cleanup(state->curl);
state->curl = NULL;
out_noclean:
+ g_free(s->cookie);
g_free(s->url);
qemu_opts_del(opts);
return -EINVAL;
@@ -689,6 +704,7 @@ static void curl_close(BlockDriverState *bs)
DPRINTF("CURL: Close\n");
curl_detach_aio_context(bs);
+ g_free(s->cookie);
g_free(s->url);
}
diff --git a/qemu-options.hx b/qemu-options.hx
index dcb008b..53b6171 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2352,6 +2352,11 @@ multiple of 512 bytes. It defaults to 256k.
Whether to verify the remote server's certificate when connecting over SSL. It
can have the value 'on' or 'off'. It defaults to 'on'.
+@item cookie
+Send this cookie (it can also be a list of cookies separated by ';') with
+each outgoing request. Only supported when using protocols such as HTTP
+which support cookies, otherwise ignored.
+
@item timeout
Set the timeout in seconds of the CURL connection. This timeout is the time
that CURL waits for a response from the remote server to get the size of the

76
0005-curl-Don-t-deref-NULL-pointer-in-call-to-aio_poll.patch
View File

@ -1,76 +0,0 @@
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 28 Aug 2014 09:04:21 +0100
Subject: [PATCH] curl: Don't deref NULL pointer in call to aio_poll.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In commit 63f0f45f2e89b60ff8245fec81328ddfde42a303 the following
mechanical change was made:
if (!state) {
- qemu_aio_wait();
+ aio_poll(state->s->aio_context, true);
}
The new code now checks if state is NULL and then dereferences it
('state->s') which is obviously incorrect.
This commit replaces state->s->aio_context with
bdrv_get_aio_context(bs), fixing this problem. The two other hunks
are concerned with getting the BlockDriverState pointer bs to where it
is needed.
The original bug causes a segfault when using libguestfs to access a
VMware vCenter Server and doing any kind of complex read-heavy
operations. With this commit the segfault goes away.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit a2f468e48f8b6559ec9123e94948bc373b788941)
---
block/curl.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index 537e257..d28b701 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -357,7 +357,7 @@ static void curl_multi_timeout_do(void *arg)
#endif
}
-static CURLState *curl_init_state(BDRVCURLState *s)
+static CURLState *curl_init_state(BlockDriverState *bs, BDRVCURLState *s)
{
CURLState *state = NULL;
int i, j;
@@ -375,7 +375,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
break;
}
if (!state) {
- aio_poll(state->s->aio_context, true);
+ aio_poll(bdrv_get_aio_context(bs), true);
}
} while(!state);
@@ -566,7 +566,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
DPRINTF("CURL: Opening %s\n", file);
s->aio_context = bdrv_get_aio_context(bs);
s->url = g_strdup(file);
- state = curl_init_state(s);
+ state = curl_init_state(bs, s);
if (!state)
goto out_noclean;
@@ -651,7 +651,7 @@ static void curl_readv_bh_cb(void *p)
}
// No cache found, so let's start a new request
- state = curl_init_state(s);
+ state = curl_init_state(acb->common.bs, s);
if (!state) {
acb->common.cb(acb->common.opaque, -EIO);
qemu_aio_release(acb);

43
0006-virtio-pci-enable-bus-master-for-old-guests.patch
View File

@ -1,43 +0,0 @@
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Thu, 11 Sep 2014 18:45:33 +0200
Subject: [PATCH] virtio-pci: enable bus master for old guests
commit cc943c36faa192cd4b32af8fe5edb31894017d35
pci: Use bus master address space for delivering MSI/MSI-X messages
breaks virtio-net for rhel6.[56] x86 guests because they don't
enable bus mastering for virtio PCI devices. For the same reason,
rhel6.[56] ppc64 guests cannot boot on a virtio-blk disk anymore.
Old guests forgot to enable bus mastering, enable it automatically on
DRIVER (guests use some devices before DRIVER_OK).
Reported-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit e43c0b2ea5574efb0bedebf6a7d05916eefeba52)
---
hw/virtio/virtio-pci.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 3007319..58ebbcf 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -314,6 +314,16 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
msix_unuse_all_vectors(&proxy->pci_dev);
}
+ /* Linux before 2.6.34 drives the device without enabling
+ the PCI device bus master bit. Enable it automatically
+ for the guest. This is a PCI spec violation but so is
+ initiating DMA with bus master bit clear. */
+ if (val == (VIRTIO_CONFIG_S_ACKNOWLEDGE | VIRTIO_CONFIG_S_DRIVER)) {
+ pci_default_write_config(&proxy->pci_dev, PCI_COMMAND,
+ proxy->pci_dev.config[PCI_COMMAND] |
+ PCI_COMMAND_MASTER, 1);
+ }
+
/* Linux before 2.6.34 sets the device as OK without enabling
the PCI device bus master bit. In this case we need to disable
some safety checks. */

116
0007-virtio-pci-fix-migration-for-pci-bus-master.patch
View File

@ -1,116 +0,0 @@
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Thu, 11 Sep 2014 18:34:29 +0300
Subject: [PATCH] virtio-pci: fix migration for pci bus master
Current support for bus master (clearing OK bit)
together with the need to support guests which do not
enable PCI bus mastering, leads to extra state in
VIRTIO_PCI_FLAG_BUS_MASTER_BUG bit, which isn't robust
in case of cross-version migration for the case when
guests use the device before setting DRIVER_OK.
Rip out VIRTIO_PCI_FLAG_BUS_MASTER_BUG and implement a simpler
work-around: treat clearing of PCI_COMMAND as a virtio reset. Old
guests never touch this bit so they will work.
As reset clears device status, DRIVER and MASTER bits are
now in sync, so we can fix up cross-version migration simply
by synchronising them, without need to detect a buggy guest
explicitly.
Drop tracking VIRTIO_PCI_FLAG_BUS_MASTER_BUG completely.
As reset makes the device quiescent, in the future we'll be able to drop
checking OK bit in a bunch of places.
Cc: Jason Wang <jasowang@redhat.com>
Cc: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 4d43d3f3c8147ade184df9a1e9e82826edd39e19)
---
hw/virtio/virtio-pci.c | 39 ++++++++++++++++++++-------------------
1 file changed, 20 insertions(+), 19 deletions(-)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 58ebbcf..c19c4d6 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -86,9 +86,6 @@
* 12 is historical, and due to x86 page size. */
#define VIRTIO_PCI_QUEUE_ADDR_SHIFT 12
-/* Flags track per-device state like workarounds for quirks in older guests. */
-#define VIRTIO_PCI_FLAG_BUS_MASTER_BUG (1 << 0)
-
static void virtio_pci_bus_new(VirtioBusState *bus, size_t bus_size,
VirtIOPCIProxy *dev);
@@ -323,14 +320,6 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
proxy->pci_dev.config[PCI_COMMAND] |
PCI_COMMAND_MASTER, 1);
}
-
- /* Linux before 2.6.34 sets the device as OK without enabling
- the PCI device bus master bit. In this case we need to disable
- some safety checks. */
- if ((val & VIRTIO_CONFIG_S_DRIVER_OK) &&
- !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
- proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
- }
break;
case VIRTIO_MSI_CONFIG_VECTOR:
msix_vector_unuse(&proxy->pci_dev, vdev->config_vector);
@@ -480,13 +469,18 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ uint8_t cmd = proxy->pci_dev.config[PCI_COMMAND];
+
pci_default_write_config(pci_dev, address, val, len);
if (range_covers_byte(address, len, PCI_COMMAND) &&
!(pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER) &&
- !(proxy->flags & VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
+ (cmd & PCI_COMMAND_MASTER)) {
+ /* Bus driver disables bus mastering - make it act
+ * as a kind of reset to render the device quiescent. */
virtio_pci_stop_ioeventfd(proxy);
- virtio_set_status(vdev, vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK);
+ virtio_reset(vdev);
+ msix_unuse_all_vectors(&proxy->pci_dev);
}
}
@@ -895,11 +889,19 @@ static void virtio_pci_vmstate_change(DeviceState *d, bool running)
VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
if (running) {
- /* Try to find out if the guest has bus master disabled, but is
- in ready state. Then we have a buggy guest OS. */
- if ((vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
- !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
- proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
+ /* Linux before 2.6.34 drives the device without enabling
+ the PCI device bus master bit. Enable it automatically
+ for the guest. This is a PCI spec violation but so is
+ initiating DMA with bus master bit clear.
+ Note: this only makes a difference when migrating
+ across QEMU versions from an old QEMU, as for new QEMU
+ bus master and driver bits are always in sync.
+ TODO: consider enabling conditionally for compat machine types. */
+ if (vdev->status & (VIRTIO_CONFIG_S_ACKNOWLEDGE |
+ VIRTIO_CONFIG_S_DRIVER)) {
+ pci_default_write_config(&proxy->pci_dev, PCI_COMMAND,
+ proxy->pci_dev.config[PCI_COMMAND] |
+ PCI_COMMAND_MASTER, 1);
}
virtio_pci_start_ioeventfd(proxy);
} else {
@@ -1043,7 +1045,6 @@ static void virtio_pci_reset(DeviceState *qdev)
virtio_pci_stop_ioeventfd(proxy);
virtio_bus_reset(bus);
msix_unuse_all_vectors(&proxy->pci_dev);
- proxy->flags &= ~VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
}
static Property virtio_pci_properties[] = {

97
0008-Revert-virtio-pci-fix-migration-for-pci-bus-master.patch
View File

@ -1,97 +0,0 @@
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Mon, 29 Sep 2014 11:27:32 +0300
Subject: [PATCH] Revert "virtio-pci: fix migration for pci bus master"
This reverts commit 4d43d3f3c8147ade184df9a1e9e82826edd39e19.
Reported to break PPC guests.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 45363e46aeebfc99753389649eac7c7fc22bfe52)
---
hw/virtio/virtio-pci.c | 39 +++++++++++++++++++--------------------
1 file changed, 19 insertions(+), 20 deletions(-)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index c19c4d6..58ebbcf 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -86,6 +86,9 @@
* 12 is historical, and due to x86 page size. */
#define VIRTIO_PCI_QUEUE_ADDR_SHIFT 12
+/* Flags track per-device state like workarounds for quirks in older guests. */
+#define VIRTIO_PCI_FLAG_BUS_MASTER_BUG (1 << 0)
+
static void virtio_pci_bus_new(VirtioBusState *bus, size_t bus_size,
VirtIOPCIProxy *dev);
@@ -320,6 +323,14 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
proxy->pci_dev.config[PCI_COMMAND] |
PCI_COMMAND_MASTER, 1);
}
+
+ /* Linux before 2.6.34 sets the device as OK without enabling
+ the PCI device bus master bit. In this case we need to disable
+ some safety checks. */
+ if ((val & VIRTIO_CONFIG_S_DRIVER_OK) &&
+ !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
+ proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
+ }
break;
case VIRTIO_MSI_CONFIG_VECTOR:
msix_vector_unuse(&proxy->pci_dev, vdev->config_vector);
@@ -469,18 +480,13 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- uint8_t cmd = proxy->pci_dev.config[PCI_COMMAND];
-
pci_default_write_config(pci_dev, address, val, len);
if (range_covers_byte(address, len, PCI_COMMAND) &&
!(pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER) &&
- (cmd & PCI_COMMAND_MASTER)) {
- /* Bus driver disables bus mastering - make it act
- * as a kind of reset to render the device quiescent. */
+ !(proxy->flags & VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
virtio_pci_stop_ioeventfd(proxy);
- virtio_reset(vdev);
- msix_unuse_all_vectors(&proxy->pci_dev);
+ virtio_set_status(vdev, vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK);
}
}
@@ -889,19 +895,11 @@ static void virtio_pci_vmstate_change(DeviceState *d, bool running)
VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
if (running) {
- /* Linux before 2.6.34 drives the device without enabling
- the PCI device bus master bit. Enable it automatically
- for the guest. This is a PCI spec violation but so is
- initiating DMA with bus master bit clear.
- Note: this only makes a difference when migrating
- across QEMU versions from an old QEMU, as for new QEMU
- bus master and driver bits are always in sync.
- TODO: consider enabling conditionally for compat machine types. */
- if (vdev->status & (VIRTIO_CONFIG_S_ACKNOWLEDGE |
- VIRTIO_CONFIG_S_DRIVER)) {
- pci_default_write_config(&proxy->pci_dev, PCI_COMMAND,
- proxy->pci_dev.config[PCI_COMMAND] |
- PCI_COMMAND_MASTER, 1);
+ /* Try to find out if the guest has bus master disabled, but is
+ in ready state. Then we have a buggy guest OS. */
+ if ((vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
+ !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
+ proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
}
virtio_pci_start_ioeventfd(proxy);
} else {
@@ -1045,6 +1043,7 @@ static void virtio_pci_reset(DeviceState *qdev)
virtio_pci_stop_ioeventfd(proxy);
virtio_bus_reset(bus);
msix_unuse_all_vectors(&proxy->pci_dev);
+ proxy->flags &= ~VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
}
static Property virtio_pci_properties[] = {

45
0009-vnc-sanitize-bits_per_pixel-from-the-client.patch
View File

@ -1,45 +0,0 @@
From: Petr Matousek <pmatouse@redhat.com>
Date: Mon, 27 Oct 2014 12:41:44 +0100
Subject: [PATCH] vnc: sanitize bits_per_pixel from the client
bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.
To fix this check that bits_per_pixel from the client is one of the
values that the rfb protocol specification allows.
This is CVE-2014-7815.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
[ kraxel: apply codestyle fix ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit e6908bfe8e07f2b452e78e677da1b45b1c0f6829)
---
ui/vnc.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ui/vnc.c b/ui/vnc.c
index f8d9b7d..87e34ae 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2026,6 +2026,16 @@ static void set_pixel_format(VncState *vs,
return;
}
+ switch (bits_per_pixel) {
+ case 8:
+ case 16:
+ case 32:
+ break;
+ default:
+ vnc_client_error(vs);
+ return;
+ }
+
vs->client_pf.rmax = red_max;
vs->client_pf.rbits = hweight_long(red_max);
vs->client_pf.rshift = red_shift;

34
0010-vmware-vga-CVE-2014-3689-turn-off-hw-accel.patch
View File

@ -1,34 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 29 Oct 2014 12:56:06 +0100
Subject: [PATCH] vmware-vga: CVE-2014-3689: turn off hw accel
Quick & easy stopgap for CVE-2014-3689: We just compile out the
hardware acceleration functions which lack sanity checks. Thankfully
we have capability bits for them (SVGA_CAP_RECT_COPY and
SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.
Subsequent patches will add the missing checks and re-enable the
hardware acceleration emulation.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
---
hw/display/vmware_vga.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index 591b645..4a4229b 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -29,8 +29,10 @@
#include "hw/pci/pci.h"
#undef VERBOSE
+#if 0
#define HW_RECT_ACCEL
#define HW_FILL_ACCEL
+#endif
#define HW_MOUSE_ACCEL
#include "vga_int.h"

79
0011-vmware-vga-add-vmsvga_verify_rect.patch
View File

@ -1,79 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 29 Oct 2014 12:56:07 +0100
Subject: [PATCH] vmware-vga: add vmsvga_verify_rect
Add verification function for rectangles, returning
true if verification passes and false otherwise.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
---
hw/display/vmware_vga.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 52 insertions(+), 1 deletion(-)
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index 4a4229b..f0e487f 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -294,8 +294,59 @@ enum {
SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
};
+static inline bool vmsvga_verify_rect(DisplaySurface *surface,
+ const char *name,
+ int x, int y, int w, int h)
+{
+ if (x < 0) {
+ fprintf(stderr, "%s: x was < 0 (%d)\n", name, x);
+ return false;
+ }
+ if (x > SVGA_MAX_WIDTH) {
+ fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x);
+ return false;
+ }
+ if (w < 0) {
+ fprintf(stderr, "%s: w was < 0 (%d)\n", name, w);
+ return false;
+ }
+ if (w > SVGA_MAX_WIDTH) {
+ fprintf(stderr, "%s: w was > %d (%d)\n", name, SVGA_MAX_WIDTH, w);
+ return false;
+ }
+ if (x + w > surface_width(surface)) {
+ fprintf(stderr, "%s: width was > %d (x: %d, w: %d)\n",
+ name, surface_width(surface), x, w);
+ return false;
+ }
+
+ if (y < 0) {
+ fprintf(stderr, "%s: y was < 0 (%d)\n", name, y);
+ return false;
+ }
+ if (y > SVGA_MAX_HEIGHT) {
+ fprintf(stderr, "%s: y was > %d (%d)\n", name, SVGA_MAX_HEIGHT, y);
+ return false;
+ }
+ if (h < 0) {
+ fprintf(stderr, "%s: h was < 0 (%d)\n", name, h);
+ return false;
+ }
+ if (h > SVGA_MAX_HEIGHT) {
+ fprintf(stderr, "%s: h was > %d (%d)\n", name, SVGA_MAX_HEIGHT, h);
+ return false;
+ }
+ if (y + h > surface_height(surface)) {
+ fprintf(stderr, "%s: update height > %d (y: %d, h: %d)\n",
+ name, surface_height(surface), y, h);
+ return false;
+ }
+
+ return true;
+}
+
static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
- int x, int y, int w, int h)
+ int x, int y, int w, int h)
{
DisplaySurface *surface = qemu_console_surface(s->vga.con);
int line;

61
0012-vmware-vga-use-vmsvga_verify_rect-in-vmsvga_update_r.patch
View File

@ -1,61 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 29 Oct 2014 12:56:08 +0100
Subject: [PATCH] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
Switch vmsvga_update_rect over to use vmsvga_verify_rect. Slight change
in behavior: We don't try to automatically fixup rectangles any more.
In case we find invalid update requests we'll do a full-screen update
instead.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
---
hw/display/vmware_vga.c | 32 ++++----------------------------
1 file changed, 4 insertions(+), 28 deletions(-)
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index f0e487f..718746e 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -356,36 +356,12 @@ static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
uint8_t *src;
uint8_t *dst;
- if (x < 0) {
- fprintf(stderr, "%s: update x was < 0 (%d)\n", __func__, x);
- w += x;
+ if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
+ /* go for a fullscreen update as fallback */
x = 0;
- }
- if (w < 0) {
- fprintf(stderr, "%s: update w was < 0 (%d)\n", __func__, w);
- w = 0;
- }
- if (x + w > surface_width(surface)) {
- fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
- __func__, x, w);
- x = MIN(x, surface_width(surface));
- w = surface_width(surface) - x;
- }
-
- if (y < 0) {
- fprintf(stderr, "%s: update y was < 0 (%d)\n", __func__, y);
- h += y;
y = 0;
- }
- if (h < 0) {
- fprintf(stderr, "%s: update h was < 0 (%d)\n", __func__, h);
- h = 0;
- }
- if (y + h > surface_height(surface)) {
- fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
- __func__, y, h);
- y = MIN(y, surface_height(surface));
- h = surface_height(surface) - y;
+ w = surface_width(surface);
+ h = surface_height(surface);
}
bypl = surface_stride(surface);

75
0013-vmware-vga-use-vmsvga_verify_rect-in-vmsvga_copy_rec.patch
View File

@ -1,75 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 29 Oct 2014 12:56:09 +0100
Subject: [PATCH] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
---
hw/display/vmware_vga.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index 718746e..c2e0a43 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -29,8 +29,8 @@
#include "hw/pci/pci.h"
#undef VERBOSE
-#if 0
#define HW_RECT_ACCEL
+#if 0
#define HW_FILL_ACCEL
#endif
#define HW_MOUSE_ACCEL
@@ -406,7 +406,7 @@ static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
}
#ifdef HW_RECT_ACCEL
-static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
+static inline int vmsvga_copy_rect(struct vmsvga_state_s *s,
int x0, int y0, int x1, int y1, int w, int h)
{
DisplaySurface *surface = qemu_console_surface(s->vga.con);
@@ -417,6 +417,13 @@ static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
int line = h;
uint8_t *ptr[2];
+ if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) {
+ return -1;
+ }
+ if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) {
+ return -1;
+ }
+
if (y1 > y0) {
ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
@@ -432,6 +439,7 @@ static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
}
vmsvga_update_rect_delayed(s, x1, y1, w, h);
+ return 0;
}
#endif
@@ -625,12 +633,12 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
width = vmsvga_fifo_read(s);
height = vmsvga_fifo_read(s);
#ifdef HW_RECT_ACCEL
- vmsvga_copy_rect(s, x, y, dx, dy, width, height);
- break;
-#else
+ if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) {
+ break;
+ }
+#endif
args = 0;
goto badcmd;
-#endif
case SVGA_CMD_DEFINE_CURSOR:
len -= 8;

72
0014-vmware-vga-use-vmsvga_verify_rect-in-vmsvga_fill_rec.patch
View File

@ -1,72 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 29 Oct 2014 12:56:10 +0100
Subject: [PATCH] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
Add verification to vmsvga_fill_rect, re-enable HW_FILL_ACCEL.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Don Koch <dkoch@verizon.com>
---
hw/display/vmware_vga.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index c2e0a43..d44e3e8 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -30,9 +30,7 @@
#undef VERBOSE
#define HW_RECT_ACCEL
-#if 0
#define HW_FILL_ACCEL
-#endif
#define HW_MOUSE_ACCEL
#include "vga_int.h"
@@ -444,7 +442,7 @@ static inline int vmsvga_copy_rect(struct vmsvga_state_s *s,
#endif
#ifdef HW_FILL_ACCEL
-static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
+static inline int vmsvga_fill_rect(struct vmsvga_state_s *s,
uint32_t c, int x, int y, int w, int h)
{
DisplaySurface *surface = qemu_console_surface(s->vga.con);
@@ -457,6 +455,10 @@ static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
uint8_t *src;
uint8_t col[4];
+ if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
+ return -1;
+ }
+
col[0] = c;
col[1] = c >> 8;
col[2] = c >> 16;
@@ -481,6 +483,7 @@ static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
}
vmsvga_update_rect_delayed(s, x, y, w, h);
+ return 0;
}
#endif
@@ -613,12 +616,12 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
width = vmsvga_fifo_read(s);
height = vmsvga_fifo_read(s);
#ifdef HW_FILL_ACCEL
- vmsvga_fill_rect(s, colour, x, y, width, height);
- break;
-#else
+ if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) {
+ break;
+ }
+#endif
args = 0;
goto badcmd;
-#endif
case SVGA_CMD_RECT_COPY:
len -= 7;

174
qemu.spec
View File

@ -135,6 +135,7 @@
%global system_unicore32 system-unicore32
%global system_moxie system-moxie
%global system_aarch64 system-aarch64
%global system_tricore system-tricore
%endif
# libfdt is only needed to build ARM, aarch64, Microblaze or PPC emulators
@ -151,8 +152,8 @@
Summary: QEMU is a FAST! processor emulator
Name: qemu
Version: 2.1.2
Release: 6%{?dist}
Version: 2.2.0
Release: 0.1.rc1%{?dist}
Epoch: 2
License: GPLv2+ and LGPLv2+ and BSD
Group: Development/Tools
@ -167,7 +168,7 @@ ExclusiveArch: %{kvm_archs}
%define _smp_mflags %{nil}
%endif
Source0: http://wiki.qemu-project.org/download/%{name}-%{version}.tar.bz2
Source0: http://wiki.qemu-project.org/download/%{name}-%{version}-rc1.tar.bz2
Source1: qemu.binfmt
@ -192,29 +193,6 @@ Source12: bridge.conf
# qemu-kvm back compat wrapper
Source13: qemu-kvm.sh
# Allow aarch64 to boot compressed kernel
Patch0001: 0001-loader-Add-load_image_gzipped-function.patch
Patch0002: 0002-aarch64-Allow-kernel-option-to-take-a-gzip-compresse.patch
# Fix crash in curl driver
Patch0003: 0003-block.curl-adding-timeout-option.patch
Patch0004: 0004-curl-Allow-a-cookie-or-cookies-to-be-sent-with-http-.patch
Patch0005: 0005-curl-Don-t-deref-NULL-pointer-in-call-to-aio_poll.patch
# Fix crash on migration/snapshot (bz #1144490)
Patch0006: 0006-virtio-pci-enable-bus-master-for-old-guests.patch
Patch0007: 0007-virtio-pci-fix-migration-for-pci-bus-master.patch
# Fix PPC virtio regression (bz #1144490)
Patch0008: 0008-Revert-virtio-pci-fix-migration-for-pci-bus-master.patch
# CVE-2014-7815 vnc: insufficient bits_per_pixel from the client
# sanitization (bz #1157647, bz #1157641)
Patch0009: 0009-vnc-sanitize-bits_per_pixel-from-the-client.patch
# CVE-2014-3689 vmware_vga: insufficient parameter validation in
# rectangle functions (bz #1153038, bz #1153035)
Patch0010: 0010-vmware-vga-CVE-2014-3689-turn-off-hw-accel.patch
Patch0011: 0011-vmware-vga-add-vmsvga_verify_rect.patch
Patch0012: 0012-vmware-vga-use-vmsvga_verify_rect-in-vmsvga_update_r.patch
Patch0013: 0013-vmware-vga-use-vmsvga_verify_rect-in-vmsvga_copy_rec.patch
Patch0014: 0014-vmware-vga-use-vmsvga_verify_rect-in-vmsvga_fill_rec.patch
BuildRequires: SDL2-devel
BuildRequires: zlib-devel
BuildRequires: which
@ -368,6 +346,9 @@ Requires: %{name}-%{system_moxie} = %{epoch}:%{version}-%{release}
%if 0%{?system_aarch64:1}
Requires: %{name}-%{system_aarch64} = %{epoch}:%{version}-%{release}
%endif
%if 0%{?system_tricore:1}
Requires: %{name}-%{system_tricore} = %{epoch}:%{version}-%{release}
%endif
%if %{without separate_kvm}
Requires: %{name}-img = %{epoch}:%{version}-%{release}
%else
@ -700,6 +681,18 @@ emulation speed by using dynamic translation.
This package provides the system emulator for AArch64.
%endif
%if 0%{?system_tricore:1}
%package %{system_tricore}
Summary: QEMU system emulator for tricore
Group: Development/Tools
Requires: %{name}-common = %{epoch}:%{version}-%{release}
%description %{system_tricore}
QEMU is a generic and open source processor emulator which achieves a good
emulation speed by using dynamic translation.
This package provides the system emulator for Tricore.
%endif
%ifarch %{kvm_archs}
%package kvm-tools
@ -738,31 +731,7 @@ CAC emulation development files.
%prep
%setup -q
# Allow aarch64 to boot compressed kernel
%patch0001 -p1
%patch0002 -p1
# Fix crash in curl driver
%patch0003 -p1
%patch0004 -p1
%patch0005 -p1
# Fix crash on migration/snapshot (bz #1144490)
%patch0006 -p1
%patch0007 -p1
# Fix PPC virtio regression (bz #1144490)
%patch0008 -p1
# CVE-2014-7815 vnc: insufficient bits_per_pixel from the client
# sanitization (bz #1157647, bz #1157641)
%patch0009 -p1
# CVE-2014-3689 vmware_vga: insufficient parameter validation in
# rectangle functions (bz #1153038, bz #1153035)
%patch0010 -p1
%patch0011 -p1
%patch0012 -p1
%patch0013 -p1
%patch0014 -p1
%setup -q -n qemu-2.2.0-rc1
%build
%if %{with kvmonly}
@ -774,6 +743,7 @@ microblazeel-softmmu mips-softmmu mipsel-softmmu mips64-softmmu \
mips64el-softmmu or32-softmmu ppc-softmmu ppcemb-softmmu ppc64-softmmu \
s390x-softmmu sh4-softmmu sh4eb-softmmu sparc-softmmu sparc64-softmmu \
xtensa-softmmu xtensaeb-softmmu unicore32-softmmu moxie-softmmu \
tricore-softmmu \
i386-linux-user x86_64-linux-user aarch64-linux-user alpha-linux-user \
arm-linux-user armeb-linux-user cris-linux-user m68k-linux-user \
microblaze-linux-user microblazeel-linux-user mips-linux-user \
@ -1191,6 +1161,7 @@ getent passwd qemu >/dev/null || \
%{_datadir}/%{name}/qemu-icon.bmp
%{_datadir}/%{name}/qemu_logo_no_text.svg
%{_datadir}/%{name}/keymaps/
%{_datadir}/%{name}/trace-events
%{_mandir}/man1/qemu.1*
%{_mandir}/man1/virtfs-proxy-helper.1*
%{_bindir}/virtfs-proxy-helper
@ -1250,34 +1221,21 @@ getent passwd qemu >/dev/null || \
%{_bindir}/qemu-sparc32plus
%{_bindir}/qemu-sparc64
%{_bindir}/qemu-unicore32
%{_datadir}/systemtap/tapset/qemu-i386.stp
%{_datadir}/systemtap/tapset/qemu-x86_64.stp
%{_datadir}/systemtap/tapset/qemu-aarch64.stp
%{_datadir}/systemtap/tapset/qemu-alpha.stp
%{_datadir}/systemtap/tapset/qemu-arm.stp
%{_datadir}/systemtap/tapset/qemu-armeb.stp
%{_datadir}/systemtap/tapset/qemu-cris.stp
%{_datadir}/systemtap/tapset/qemu-m68k.stp
%{_datadir}/systemtap/tapset/qemu-microblaze.stp
%{_datadir}/systemtap/tapset/qemu-microblazeel.stp
%{_datadir}/systemtap/tapset/qemu-mips.stp
%{_datadir}/systemtap/tapset/qemu-mipsel.stp
%{_datadir}/systemtap/tapset/qemu-mips64.stp
%{_datadir}/systemtap/tapset/qemu-mips64el.stp
%{_datadir}/systemtap/tapset/qemu-mipsn32.stp
%{_datadir}/systemtap/tapset/qemu-mipsn32el.stp
%{_datadir}/systemtap/tapset/qemu-or32.stp
%{_datadir}/systemtap/tapset/qemu-ppc.stp
%{_datadir}/systemtap/tapset/qemu-ppc64.stp
%{_datadir}/systemtap/tapset/qemu-ppc64abi32.stp
%{_datadir}/systemtap/tapset/qemu-ppc64le.stp
%{_datadir}/systemtap/tapset/qemu-s390x.stp
%{_datadir}/systemtap/tapset/qemu-sh4.stp
%{_datadir}/systemtap/tapset/qemu-sh4eb.stp
%{_datadir}/systemtap/tapset/qemu-sparc.stp
%{_datadir}/systemtap/tapset/qemu-sparc32plus.stp
%{_datadir}/systemtap/tapset/qemu-sparc64.stp
%{_datadir}/systemtap/tapset/qemu-unicore32.stp
%{_datadir}/systemtap/tapset/qemu-i386*.stp
%{_datadir}/systemtap/tapset/qemu-x86_64*.stp
%{_datadir}/systemtap/tapset/qemu-aarch64*.stp
%{_datadir}/systemtap/tapset/qemu-alpha*.stp
%{_datadir}/systemtap/tapset/qemu-arm*.stp
%{_datadir}/systemtap/tapset/qemu-cris*.stp
%{_datadir}/systemtap/tapset/qemu-m68k*.stp
%{_datadir}/systemtap/tapset/qemu-microblaze*.stp
%{_datadir}/systemtap/tapset/qemu-mips*.stp
%{_datadir}/systemtap/tapset/qemu-or32*.stp
%{_datadir}/systemtap/tapset/qemu-ppc*.stp
%{_datadir}/systemtap/tapset/qemu-s390x*.stp
%{_datadir}/systemtap/tapset/qemu-sh4*.stp
%{_datadir}/systemtap/tapset/qemu-sparc*.stp
%{_datadir}/systemtap/tapset/qemu-unicore32*.stp
%endif
%if 0%{?system_x86:1}
@ -1286,8 +1244,8 @@ getent passwd qemu >/dev/null || \
%if %{without kvmonly}
%{_bindir}/qemu-system-i386
%{_bindir}/qemu-system-x86_64
%{_datadir}/systemtap/tapset/qemu-system-i386.stp
%{_datadir}/systemtap/tapset/qemu-system-x86_64.stp
%{_datadir}/systemtap/tapset/qemu-system-i386*.stp
%{_datadir}/systemtap/tapset/qemu-system-x86_64*.stp
%{_mandir}/man1/qemu-system-i386.1*
%{_mandir}/man1/qemu-system-x86_64.1*
%endif
@ -1333,7 +1291,7 @@ getent passwd qemu >/dev/null || \
%files %{system_alpha}
%defattr(-,root,root)
%{_bindir}/qemu-system-alpha
%{_datadir}/systemtap/tapset/qemu-system-alpha.stp
%{_datadir}/systemtap/tapset/qemu-system-alpha*.stp
%{_mandir}/man1/qemu-system-alpha.1*
%{_datadir}/%{name}/palcode-clipper
%endif
@ -1342,7 +1300,7 @@ getent passwd qemu >/dev/null || \
%files %{system_arm}
%defattr(-,root,root)
%{_bindir}/qemu-system-arm
%{_datadir}/systemtap/tapset/qemu-system-arm.stp
%{_datadir}/systemtap/tapset/qemu-system-arm*.stp
%{_mandir}/man1/qemu-system-arm.1*
%if %{without separate_kvm}
%ifarch armv7hl
@ -1360,10 +1318,7 @@ getent passwd qemu >/dev/null || \
%{_bindir}/qemu-system-mipsel
%{_bindir}/qemu-system-mips64
%{_bindir}/qemu-system-mips64el
%{_datadir}/systemtap/tapset/qemu-system-mips.stp
%{_datadir}/systemtap/tapset/qemu-system-mipsel.stp
%{_datadir}/systemtap/tapset/qemu-system-mips64el.stp
%{_datadir}/systemtap/tapset/qemu-system-mips64.stp
%{_datadir}/systemtap/tapset/qemu-system-mips*.stp
%{_mandir}/man1/qemu-system-mips.1*
%{_mandir}/man1/qemu-system-mipsel.1*
%{_mandir}/man1/qemu-system-mips64el.1*
@ -1374,7 +1329,7 @@ getent passwd qemu >/dev/null || \
%files %{system_cris}
%defattr(-,root,root)
%{_bindir}/qemu-system-cris
%{_datadir}/systemtap/tapset/qemu-system-cris.stp
%{_datadir}/systemtap/tapset/qemu-system-cris*.stp
%{_mandir}/man1/qemu-system-cris.1*
%endif
@ -1382,7 +1337,7 @@ getent passwd qemu >/dev/null || \
%files %{system_lm32}
%defattr(-,root,root)
%{_bindir}/qemu-system-lm32
%{_datadir}/systemtap/tapset/qemu-system-lm32.stp
%{_datadir}/systemtap/tapset/qemu-system-lm32*.stp
%{_mandir}/man1/qemu-system-lm32.1*
%endif
@ -1390,7 +1345,7 @@ getent passwd qemu >/dev/null || \
%files %{system_m68k}
%defattr(-,root,root)
%{_bindir}/qemu-system-m68k
%{_datadir}/systemtap/tapset/qemu-system-m68k.stp
%{_datadir}/systemtap/tapset/qemu-system-m68k*.stp
%{_mandir}/man1/qemu-system-m68k.1*
%endif
@ -1399,8 +1354,7 @@ getent passwd qemu >/dev/null || \
%defattr(-,root,root)
%{_bindir}/qemu-system-microblaze
%{_bindir}/qemu-system-microblazeel
%{_datadir}/systemtap/tapset/qemu-system-microblaze.stp
%{_datadir}/systemtap/tapset/qemu-system-microblazeel.stp
%{_datadir}/systemtap/tapset/qemu-system-microblaze*.stp
%{_mandir}/man1/qemu-system-microblaze.1*
%{_mandir}/man1/qemu-system-microblazeel.1*
%{_datadir}/%{name}/petalogix*.dtb
@ -1410,7 +1364,7 @@ getent passwd qemu >/dev/null || \
%files %{system_or32}
%defattr(-,root,root)
%{_bindir}/qemu-system-or32
%{_datadir}/systemtap/tapset/qemu-system-or32.stp
%{_datadir}/systemtap/tapset/qemu-system-or32*.stp
%{_mandir}/man1/qemu-system-or32.1*
%endif
@ -1418,7 +1372,7 @@ getent passwd qemu >/dev/null || \
%files %{system_s390x}
%defattr(-,root,root)
%{_bindir}/qemu-system-s390x
%{_datadir}/systemtap/tapset/qemu-system-s390x.stp
%{_datadir}/systemtap/tapset/qemu-system-s390x*.stp
%{_mandir}/man1/qemu-system-s390x.1*
%{_datadir}/%{name}/s390-zipl.rom
%{_datadir}/%{name}/s390-ccw.img
@ -1433,8 +1387,7 @@ getent passwd qemu >/dev/null || \
%defattr(-,root,root)
%{_bindir}/qemu-system-sh4
%{_bindir}/qemu-system-sh4eb
%{_datadir}/systemtap/tapset/qemu-system-sh4.stp
%{_datadir}/systemtap/tapset/qemu-system-sh4eb.stp
%{_datadir}/systemtap/tapset/qemu-system-sh4*.stp
%{_mandir}/man1/qemu-system-sh4.1*
%{_mandir}/man1/qemu-system-sh4eb.1*
%endif
@ -1444,8 +1397,7 @@ getent passwd qemu >/dev/null || \
%defattr(-,root,root)
%{_bindir}/qemu-system-sparc
%{_bindir}/qemu-system-sparc64
%{_datadir}/systemtap/tapset/qemu-system-sparc.stp
%{_datadir}/systemtap/tapset/qemu-system-sparc64.stp
%{_datadir}/systemtap/tapset/qemu-system-sparc*.stp
%{_mandir}/man1/qemu-system-sparc.1*
%{_mandir}/man1/qemu-system-sparc64.1*
%{_datadir}/%{name}/QEMU,tcx.bin
@ -1459,9 +1411,9 @@ getent passwd qemu >/dev/null || \
%{_bindir}/qemu-system-ppc
%{_bindir}/qemu-system-ppc64
%{_bindir}/qemu-system-ppcemb
%{_datadir}/systemtap/tapset/qemu-system-ppc.stp
%{_datadir}/systemtap/tapset/qemu-system-ppc64.stp
%{_datadir}/systemtap/tapset/qemu-system-ppcemb.stp
%{_datadir}/systemtap/tapset/qemu-system-ppc*.stp
%{_datadir}/systemtap/tapset/qemu-system-ppc64*.stp
%{_datadir}/systemtap/tapset/qemu-system-ppcemb*.stp
%{_mandir}/man1/qemu-system-ppc.1*
%{_mandir}/man1/qemu-system-ppc64.1*
%{_mandir}/man1/qemu-system-ppcemb.1*
@ -1480,7 +1432,7 @@ getent passwd qemu >/dev/null || \
%files %{system_unicore32}
%defattr(-,root,root)
%{_bindir}/qemu-system-unicore32
%{_datadir}/systemtap/tapset/qemu-system-unicore32.stp
%{_datadir}/systemtap/tapset/qemu-system-unicore32*.stp
%{_mandir}/man1/qemu-system-unicore32.1*
%endif
@ -1489,8 +1441,7 @@ getent passwd qemu >/dev/null || \
%defattr(-,root,root)
%{_bindir}/qemu-system-xtensa
%{_bindir}/qemu-system-xtensaeb
%{_datadir}/systemtap/tapset/qemu-system-xtensa.stp
%{_datadir}/systemtap/tapset/qemu-system-xtensaeb.stp
%{_datadir}/systemtap/tapset/qemu-system-xtensa*.stp
%{_mandir}/man1/qemu-system-xtensa.1*
%{_mandir}/man1/qemu-system-xtensaeb.1*
%endif
@ -1499,7 +1450,7 @@ getent passwd qemu >/dev/null || \
%files %{system_moxie}
%defattr(-,root,root)
%{_bindir}/qemu-system-moxie
%{_datadir}/systemtap/tapset/qemu-system-moxie.stp
%{_datadir}/systemtap/tapset/qemu-system-moxie*.stp
%{_mandir}/man1/qemu-system-moxie.1*
%endif
@ -1507,7 +1458,7 @@ getent passwd qemu >/dev/null || \
%files %{system_aarch64}
%defattr(-,root,root)
%{_bindir}/qemu-system-aarch64
%{_datadir}/systemtap/tapset/qemu-system-aarch64.stp
%{_datadir}/systemtap/tapset/qemu-system-aarch64*.stp
%{_mandir}/man1/qemu-system-aarch64.1*
%ifarch aarch64
%{?kvm_files:}
@ -1515,6 +1466,14 @@ getent passwd qemu >/dev/null || \
%endif
%endif
%if 0%{?system_tricore:1}
%files %{system_tricore}
%defattr(-,root,root)
%{_bindir}/qemu-system-tricore
%{_datadir}/systemtap/tapset/qemu-system-tricore*.stp
%{_mandir}/man1/qemu-system-tricore.1*
%endif
%if %{without separate_kvm}
%files img
%defattr(-,root,root)
@ -1541,6 +1500,9 @@ getent passwd qemu >/dev/null || \
%endif
%changelog
* Sat Nov 15 2014 Cole Robinson <crobinso@redhat.com> - 2:2.2.0-0.1.rc1
- Update to qemu-2.2.0-rc1
* Wed Oct 29 2014 Cole Robinson <crobinso@redhat.com> - 2:2.1.2-6
- CVE-2014-7815 vnc: insufficient bits_per_pixel from the client sanitization
(bz #1157647, bz #1157641)

2
sources
View File

@ -1 +1 @@
0ff197c4ed4b695620bc4734e77c888f qemu-2.1.2.tar.bz2
2da53c1c44ee769f9827f68e2412c9c5 qemu-2.2.0-rc1.tar.bz2