Update to qemu-2.2.0-rc1
This commit is contained in:
parent
725f84b743
commit
259393612c
|
@ -1,95 +0,0 @@
|
|||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 19 Aug 2014 18:56:28 +0100
|
||||
Subject: [PATCH] loader: Add load_image_gzipped function.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
As the name suggests this lets you load a ROM/disk image that is
|
||||
gzipped. It is uncompressed before storing it in guest memory.
|
||||
|
||||
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
|
||||
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
|
||||
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
|
||||
Message-id: 1407831259-2115-2-git-send-email-rjones@redhat.com
|
||||
[PMM: removed stray space before ')']
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
|
||||
(cherry picked from commit 235e74afcb85285a8e35e75f0cb6e6811267bb75)
|
||||
---
|
||||
hw/core/loader.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
include/hw/loader.h | 1 +
|
||||
2 files changed, 49 insertions(+)
|
||||
|
||||
diff --git a/hw/core/loader.c b/hw/core/loader.c
|
||||
index 2bf6b8f..0fde699 100644
|
||||
--- a/hw/core/loader.c
|
||||
+++ b/hw/core/loader.c
|
||||
@@ -577,6 +577,54 @@ int load_ramdisk(const char *filename, hwaddr addr, uint64_t max_sz)
|
||||
return load_uboot_image(filename, NULL, &addr, NULL, IH_TYPE_RAMDISK);
|
||||
}
|
||||
|
||||
+/* This simply prevents g_malloc in the function below from allocating
|
||||
+ * a huge amount of memory, by placing a limit on the maximum
|
||||
+ * uncompressed image size that load_image_gzipped will read.
|
||||
+ */
|
||||
+#define LOAD_IMAGE_MAX_GUNZIP_BYTES (256 << 20)
|
||||
+
|
||||
+/* Load a gzip-compressed kernel. */
|
||||
+int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz)
|
||||
+{
|
||||
+ uint8_t *compressed_data = NULL;
|
||||
+ uint8_t *data = NULL;
|
||||
+ gsize len;
|
||||
+ ssize_t bytes;
|
||||
+ int ret = -1;
|
||||
+
|
||||
+ if (!g_file_get_contents(filename, (char **) &compressed_data, &len,
|
||||
+ NULL)) {
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ /* Is it a gzip-compressed file? */
|
||||
+ if (len < 2 ||
|
||||
+ compressed_data[0] != 0x1f ||
|
||||
+ compressed_data[1] != 0x8b) {
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if (max_sz > LOAD_IMAGE_MAX_GUNZIP_BYTES) {
|
||||
+ max_sz = LOAD_IMAGE_MAX_GUNZIP_BYTES;
|
||||
+ }
|
||||
+
|
||||
+ data = g_malloc(max_sz);
|
||||
+ bytes = gunzip(data, max_sz, compressed_data, len);
|
||||
+ if (bytes < 0) {
|
||||
+ fprintf(stderr, "%s: unable to decompress gzipped kernel file\n",
|
||||
+ filename);
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ rom_add_blob_fixed(filename, data, bytes, addr);
|
||||
+ ret = bytes;
|
||||
+
|
||||
+ out:
|
||||
+ g_free(compressed_data);
|
||||
+ g_free(data);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Functions for reboot-persistent memory regions.
|
||||
* - used for vga bios and option roms.
|
||||
diff --git a/include/hw/loader.h b/include/hw/loader.h
|
||||
index 796cbf9..00c9117 100644
|
||||
--- a/include/hw/loader.h
|
||||
+++ b/include/hw/loader.h
|
||||
@@ -15,6 +15,7 @@ int get_image_size(const char *filename);
|
||||
int load_image(const char *filename, uint8_t *addr); /* deprecated */
|
||||
int load_image_targphys(const char *filename, hwaddr,
|
||||
uint64_t max_sz);
|
||||
+int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz);
|
||||
|
||||
#define ELF_LOAD_FAILED -1
|
||||
#define ELF_LOAD_NOT_ELF -2
|
|
@ -1,53 +0,0 @@
|
|||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Tue, 19 Aug 2014 18:56:28 +0100
|
||||
Subject: [PATCH] aarch64: Allow -kernel option to take a gzip-compressed
|
||||
kernel.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
On aarch64 it is the bootloader's job to uncompress the kernel. UEFI
|
||||
and u-boot bootloaders do this automatically when the kernel is
|
||||
gzip-compressed.
|
||||
|
||||
However the qemu -kernel option does not do this. The following
|
||||
command does not work:
|
||||
|
||||
qemu-system-aarch64 [...] -kernel /boot/vmlinuz
|
||||
|
||||
because it tries to execute the gzip-compressed data.
|
||||
|
||||
This commit lets gzip-compressed kernels be uncompressed
|
||||
transparently.
|
||||
|
||||
Currently this is only done when emulating aarch64.
|
||||
|
||||
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
|
||||
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
|
||||
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
|
||||
Message-id: 1407831259-2115-3-git-send-email-rjones@redhat.com
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
(cherry picked from commit 6f5d3cbe8892367026526a7deed0ceecc700a7ad)
|
||||
---
|
||||
hw/arm/boot.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
|
||||
index 3d1f4a2..b7d60aa 100644
|
||||
--- a/hw/arm/boot.c
|
||||
+++ b/hw/arm/boot.c
|
||||
@@ -510,6 +510,13 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
|
||||
kernel_size = load_uimage(info->kernel_filename, &entry, NULL,
|
||||
&is_linux);
|
||||
}
|
||||
+ /* On aarch64, it's the bootloader's job to uncompress the kernel. */
|
||||
+ if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64) && kernel_size < 0) {
|
||||
+ entry = info->loader_start + kernel_load_offset;
|
||||
+ kernel_size = load_image_gzipped(info->kernel_filename, entry,
|
||||
+ info->ram_size - kernel_load_offset);
|
||||
+ is_linux = 1;
|
||||
+ }
|
||||
if (kernel_size < 0) {
|
||||
entry = info->loader_start + kernel_load_offset;
|
||||
kernel_size = load_image_targphys(info->kernel_filename, entry,
|
|
@ -1,112 +0,0 @@
|
|||
From: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>
|
||||
Date: Wed, 13 Aug 2014 12:44:27 -0300
|
||||
Subject: [PATCH] block.curl: adding 'timeout' option
|
||||
|
||||
The curl hardcoded timeout (5 seconds) sometimes is not long
|
||||
enough depending on the remote server configuration and network
|
||||
traffic. The user should be able to set how much long he is
|
||||
willing to wait for the connection.
|
||||
|
||||
Adding a new option to set this timeout gives the user this
|
||||
flexibility. The previous default timeout of 5 seconds will be
|
||||
used if this option is not present.
|
||||
|
||||
Reviewed-by: Fam Zheng <famz@redhat.com>
|
||||
Signed-off-by: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>
|
||||
Reviewed-by: Benoit Canet <benoit.canet@nodalink.com>
|
||||
Tested-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
(cherry picked from commit 212aefaa53d142baa9a22f5aadd2e72eb916c0c0)
|
||||
---
|
||||
block/curl.c | 13 ++++++++++++-
|
||||
qemu-options.hx | 10 ++++++++--
|
||||
2 files changed, 20 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/block/curl.c b/block/curl.c
|
||||
index 79ff2f1..6f45547 100644
|
||||
--- a/block/curl.c
|
||||
+++ b/block/curl.c
|
||||
@@ -63,6 +63,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
|
||||
#define CURL_NUM_ACB 8
|
||||
#define SECTOR_SIZE 512
|
||||
#define READ_AHEAD_DEFAULT (256 * 1024)
|
||||
+#define CURL_TIMEOUT_DEFAULT 5
|
||||
|
||||
#define FIND_RET_NONE 0
|
||||
#define FIND_RET_OK 1
|
||||
@@ -71,6 +72,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
|
||||
#define CURL_BLOCK_OPT_URL "url"
|
||||
#define CURL_BLOCK_OPT_READAHEAD "readahead"
|
||||
#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
|
||||
+#define CURL_BLOCK_OPT_TIMEOUT "timeout"
|
||||
|
||||
struct BDRVCURLState;
|
||||
|
||||
@@ -109,6 +111,7 @@ typedef struct BDRVCURLState {
|
||||
char *url;
|
||||
size_t readahead_size;
|
||||
bool sslverify;
|
||||
+ int timeout;
|
||||
bool accept_range;
|
||||
AioContext *aio_context;
|
||||
} BDRVCURLState;
|
||||
@@ -382,7 +385,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
|
||||
curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
|
||||
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
|
||||
(long) s->sslverify);
|
||||
- curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, 5);
|
||||
+ curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout);
|
||||
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
|
||||
(void *)curl_read_cb);
|
||||
curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state);
|
||||
@@ -489,6 +492,11 @@ static QemuOptsList runtime_opts = {
|
||||
.type = QEMU_OPT_BOOL,
|
||||
.help = "Verify SSL certificate"
|
||||
},
|
||||
+ {
|
||||
+ .name = CURL_BLOCK_OPT_TIMEOUT,
|
||||
+ .type = QEMU_OPT_NUMBER,
|
||||
+ .help = "Curl timeout"
|
||||
+ },
|
||||
{ /* end of list */ }
|
||||
},
|
||||
};
|
||||
@@ -525,6 +533,9 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
|
||||
goto out_noclean;
|
||||
}
|
||||
|
||||
+ s->timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
|
||||
+ CURL_TIMEOUT_DEFAULT);
|
||||
+
|
||||
s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
|
||||
|
||||
file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
|
||||
diff --git a/qemu-options.hx b/qemu-options.hx
|
||||
index 1549625..dcb008b 100644
|
||||
--- a/qemu-options.hx
|
||||
+++ b/qemu-options.hx
|
||||
@@ -2351,6 +2351,11 @@ multiple of 512 bytes. It defaults to 256k.
|
||||
@item sslverify
|
||||
Whether to verify the remote server's certificate when connecting over SSL. It
|
||||
can have the value 'on' or 'off'. It defaults to 'on'.
|
||||
+
|
||||
+@item timeout
|
||||
+Set the timeout in seconds of the CURL connection. This timeout is the time
|
||||
+that CURL waits for a response from the remote server to get the size of the
|
||||
+image to be downloaded. If not set, the default timeout of 5 seconds is used.
|
||||
@end table
|
||||
|
||||
Note that when passing options to qemu explicitly, @option{driver} is the value
|
||||
@@ -2372,9 +2377,10 @@ qemu-system-x86_64 -drive file=/tmp/Fedora-x86_64-20-20131211.1-sda.qcow2,copy-o
|
||||
@end example
|
||||
|
||||
Example: boot from an image stored on a VMware vSphere server with a self-signed
|
||||
-certificate using a local overlay for writes and a readahead of 64k
|
||||
+certificate using a local overlay for writes, a readahead of 64k and a timeout
|
||||
+of 10 seconds.
|
||||
@example
|
||||
-qemu-img create -f qcow2 -o backing_file='json:@{"file.driver":"https",, "file.url":"https://user:password@@vsphere.example.com/folder/test/test-flat.vmdk?dcPath=Datacenter&dsName=datastore1",, "file.sslverify":"off",, "file.readahead":"64k"@}' /tmp/test.qcow2
|
||||
+qemu-img create -f qcow2 -o backing_file='json:@{"file.driver":"https",, "file.url":"https://user:password@@vsphere.example.com/folder/test/test-flat.vmdk?dcPath=Datacenter&dsName=datastore1",, "file.sslverify":"off",, "file.readahead":"64k",, "file.timeout":10@}' /tmp/test.qcow2
|
||||
|
||||
qemu-system-x86_64 -drive file=/tmp/test.qcow2
|
||||
@end example
|
|
@ -1,123 +0,0 @@
|
|||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Fri, 29 Aug 2014 16:03:12 +0100
|
||||
Subject: [PATCH] curl: Allow a cookie or cookies to be sent with http/https
|
||||
requests.
|
||||
|
||||
In order to access VMware ESX efficiently, we need to send a session
|
||||
cookie. This patch is very simple and just allows you to send that
|
||||
session cookie. It punts on the question of how you get the session
|
||||
cookie in the first place, but in practice you can just run a `curl'
|
||||
command against the server and extract the cookie that way.
|
||||
|
||||
To use it, add file.cookie to the curl URL. For example:
|
||||
|
||||
$ qemu-img info 'json: {
|
||||
"file.driver":"https",
|
||||
"file.url":"https://vcenter/folder/Windows%202003/Windows%202003-flat.vmdk?dcPath=Datacenter&dsName=datastore1",
|
||||
"file.sslverify":"off",
|
||||
"file.cookie":"vmware_soap_session=\"52a01262-bf93-ccce-d379-8dabb3e55560\""}'
|
||||
image: [...]
|
||||
file format: raw
|
||||
virtual size: 8.0G (8589934592 bytes)
|
||||
disk size: unavailable
|
||||
|
||||
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
(cherry picked from commit a94f83d94fdf907680f068f1be7ad13d1f697067)
|
||||
---
|
||||
block/curl.c | 16 ++++++++++++++++
|
||||
qemu-options.hx | 5 +++++
|
||||
2 files changed, 21 insertions(+)
|
||||
|
||||
diff --git a/block/curl.c b/block/curl.c
|
||||
index 6f45547..537e257 100644
|
||||
--- a/block/curl.c
|
||||
+++ b/block/curl.c
|
||||
@@ -73,6 +73,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
|
||||
#define CURL_BLOCK_OPT_READAHEAD "readahead"
|
||||
#define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
|
||||
#define CURL_BLOCK_OPT_TIMEOUT "timeout"
|
||||
+#define CURL_BLOCK_OPT_COOKIE "cookie"
|
||||
|
||||
struct BDRVCURLState;
|
||||
|
||||
@@ -112,6 +113,7 @@ typedef struct BDRVCURLState {
|
||||
size_t readahead_size;
|
||||
bool sslverify;
|
||||
int timeout;
|
||||
+ char *cookie;
|
||||
bool accept_range;
|
||||
AioContext *aio_context;
|
||||
} BDRVCURLState;
|
||||
@@ -385,6 +387,9 @@ static CURLState *curl_init_state(BDRVCURLState *s)
|
||||
curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
|
||||
curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
|
||||
(long) s->sslverify);
|
||||
+ if (s->cookie) {
|
||||
+ curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
|
||||
+ }
|
||||
curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout);
|
||||
curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
|
||||
(void *)curl_read_cb);
|
||||
@@ -497,6 +502,11 @@ static QemuOptsList runtime_opts = {
|
||||
.type = QEMU_OPT_NUMBER,
|
||||
.help = "Curl timeout"
|
||||
},
|
||||
+ {
|
||||
+ .name = CURL_BLOCK_OPT_COOKIE,
|
||||
+ .type = QEMU_OPT_STRING,
|
||||
+ .help = "Pass the cookie or list of cookies with each request"
|
||||
+ },
|
||||
{ /* end of list */ }
|
||||
},
|
||||
};
|
||||
@@ -509,6 +519,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
|
||||
QemuOpts *opts;
|
||||
Error *local_err = NULL;
|
||||
const char *file;
|
||||
+ const char *cookie;
|
||||
double d;
|
||||
|
||||
static int inited = 0;
|
||||
@@ -538,6 +549,9 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
|
||||
|
||||
s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
|
||||
|
||||
+ cookie = qemu_opt_get(opts, CURL_BLOCK_OPT_COOKIE);
|
||||
+ s->cookie = g_strdup(cookie);
|
||||
+
|
||||
file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
|
||||
if (file == NULL) {
|
||||
error_setg(errp, "curl block driver requires an 'url' option");
|
||||
@@ -593,6 +607,7 @@ out:
|
||||
curl_easy_cleanup(state->curl);
|
||||
state->curl = NULL;
|
||||
out_noclean:
|
||||
+ g_free(s->cookie);
|
||||
g_free(s->url);
|
||||
qemu_opts_del(opts);
|
||||
return -EINVAL;
|
||||
@@ -689,6 +704,7 @@ static void curl_close(BlockDriverState *bs)
|
||||
DPRINTF("CURL: Close\n");
|
||||
curl_detach_aio_context(bs);
|
||||
|
||||
+ g_free(s->cookie);
|
||||
g_free(s->url);
|
||||
}
|
||||
|
||||
diff --git a/qemu-options.hx b/qemu-options.hx
|
||||
index dcb008b..53b6171 100644
|
||||
--- a/qemu-options.hx
|
||||
+++ b/qemu-options.hx
|
||||
@@ -2352,6 +2352,11 @@ multiple of 512 bytes. It defaults to 256k.
|
||||
Whether to verify the remote server's certificate when connecting over SSL. It
|
||||
can have the value 'on' or 'off'. It defaults to 'on'.
|
||||
|
||||
+@item cookie
|
||||
+Send this cookie (it can also be a list of cookies separated by ';') with
|
||||
+each outgoing request. Only supported when using protocols such as HTTP
|
||||
+which support cookies, otherwise ignored.
|
||||
+
|
||||
@item timeout
|
||||
Set the timeout in seconds of the CURL connection. This timeout is the time
|
||||
that CURL waits for a response from the remote server to get the size of the
|
|
@ -1,76 +0,0 @@
|
|||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Thu, 28 Aug 2014 09:04:21 +0100
|
||||
Subject: [PATCH] curl: Don't deref NULL pointer in call to aio_poll.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
In commit 63f0f45f2e89b60ff8245fec81328ddfde42a303 the following
|
||||
mechanical change was made:
|
||||
|
||||
if (!state) {
|
||||
- qemu_aio_wait();
|
||||
+ aio_poll(state->s->aio_context, true);
|
||||
}
|
||||
|
||||
The new code now checks if state is NULL and then dereferences it
|
||||
('state->s') which is obviously incorrect.
|
||||
|
||||
This commit replaces state->s->aio_context with
|
||||
bdrv_get_aio_context(bs), fixing this problem. The two other hunks
|
||||
are concerned with getting the BlockDriverState pointer bs to where it
|
||||
is needed.
|
||||
|
||||
The original bug causes a segfault when using libguestfs to access a
|
||||
VMware vCenter Server and doing any kind of complex read-heavy
|
||||
operations. With this commit the segfault goes away.
|
||||
|
||||
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
(cherry picked from commit a2f468e48f8b6559ec9123e94948bc373b788941)
|
||||
---
|
||||
block/curl.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/block/curl.c b/block/curl.c
|
||||
index 537e257..d28b701 100644
|
||||
--- a/block/curl.c
|
||||
+++ b/block/curl.c
|
||||
@@ -357,7 +357,7 @@ static void curl_multi_timeout_do(void *arg)
|
||||
#endif
|
||||
}
|
||||
|
||||
-static CURLState *curl_init_state(BDRVCURLState *s)
|
||||
+static CURLState *curl_init_state(BlockDriverState *bs, BDRVCURLState *s)
|
||||
{
|
||||
CURLState *state = NULL;
|
||||
int i, j;
|
||||
@@ -375,7 +375,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
|
||||
break;
|
||||
}
|
||||
if (!state) {
|
||||
- aio_poll(state->s->aio_context, true);
|
||||
+ aio_poll(bdrv_get_aio_context(bs), true);
|
||||
}
|
||||
} while(!state);
|
||||
|
||||
@@ -566,7 +566,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
|
||||
DPRINTF("CURL: Opening %s\n", file);
|
||||
s->aio_context = bdrv_get_aio_context(bs);
|
||||
s->url = g_strdup(file);
|
||||
- state = curl_init_state(s);
|
||||
+ state = curl_init_state(bs, s);
|
||||
if (!state)
|
||||
goto out_noclean;
|
||||
|
||||
@@ -651,7 +651,7 @@ static void curl_readv_bh_cb(void *p)
|
||||
}
|
||||
|
||||
// No cache found, so let's start a new request
|
||||
- state = curl_init_state(s);
|
||||
+ state = curl_init_state(acb->common.bs, s);
|
||||
if (!state) {
|
||||
acb->common.cb(acb->common.opaque, -EIO);
|
||||
qemu_aio_release(acb);
|
|
@ -1,43 +0,0 @@
|
|||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 11 Sep 2014 18:45:33 +0200
|
||||
Subject: [PATCH] virtio-pci: enable bus master for old guests
|
||||
|
||||
commit cc943c36faa192cd4b32af8fe5edb31894017d35
|
||||
pci: Use bus master address space for delivering MSI/MSI-X messages
|
||||
breaks virtio-net for rhel6.[56] x86 guests because they don't
|
||||
enable bus mastering for virtio PCI devices. For the same reason,
|
||||
rhel6.[56] ppc64 guests cannot boot on a virtio-blk disk anymore.
|
||||
|
||||
Old guests forgot to enable bus mastering, enable it automatically on
|
||||
DRIVER (guests use some devices before DRIVER_OK).
|
||||
|
||||
Reported-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
|
||||
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
|
||||
Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
(cherry picked from commit e43c0b2ea5574efb0bedebf6a7d05916eefeba52)
|
||||
---
|
||||
hw/virtio/virtio-pci.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
|
||||
index 3007319..58ebbcf 100644
|
||||
--- a/hw/virtio/virtio-pci.c
|
||||
+++ b/hw/virtio/virtio-pci.c
|
||||
@@ -314,6 +314,16 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
|
||||
msix_unuse_all_vectors(&proxy->pci_dev);
|
||||
}
|
||||
|
||||
+ /* Linux before 2.6.34 drives the device without enabling
|
||||
+ the PCI device bus master bit. Enable it automatically
|
||||
+ for the guest. This is a PCI spec violation but so is
|
||||
+ initiating DMA with bus master bit clear. */
|
||||
+ if (val == (VIRTIO_CONFIG_S_ACKNOWLEDGE | VIRTIO_CONFIG_S_DRIVER)) {
|
||||
+ pci_default_write_config(&proxy->pci_dev, PCI_COMMAND,
|
||||
+ proxy->pci_dev.config[PCI_COMMAND] |
|
||||
+ PCI_COMMAND_MASTER, 1);
|
||||
+ }
|
||||
+
|
||||
/* Linux before 2.6.34 sets the device as OK without enabling
|
||||
the PCI device bus master bit. In this case we need to disable
|
||||
some safety checks. */
|
|
@ -1,116 +0,0 @@
|
|||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Thu, 11 Sep 2014 18:34:29 +0300
|
||||
Subject: [PATCH] virtio-pci: fix migration for pci bus master
|
||||
|
||||
Current support for bus master (clearing OK bit)
|
||||
together with the need to support guests which do not
|
||||
enable PCI bus mastering, leads to extra state in
|
||||
VIRTIO_PCI_FLAG_BUS_MASTER_BUG bit, which isn't robust
|
||||
in case of cross-version migration for the case when
|
||||
guests use the device before setting DRIVER_OK.
|
||||
|
||||
Rip out VIRTIO_PCI_FLAG_BUS_MASTER_BUG and implement a simpler
|
||||
work-around: treat clearing of PCI_COMMAND as a virtio reset. Old
|
||||
guests never touch this bit so they will work.
|
||||
|
||||
As reset clears device status, DRIVER and MASTER bits are
|
||||
now in sync, so we can fix up cross-version migration simply
|
||||
by synchronising them, without need to detect a buggy guest
|
||||
explicitly.
|
||||
|
||||
Drop tracking VIRTIO_PCI_FLAG_BUS_MASTER_BUG completely.
|
||||
|
||||
As reset makes the device quiescent, in the future we'll be able to drop
|
||||
checking OK bit in a bunch of places.
|
||||
|
||||
Cc: Jason Wang <jasowang@redhat.com>
|
||||
Cc: Greg Kurz <gkurz@linux.vnet.ibm.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
(cherry picked from commit 4d43d3f3c8147ade184df9a1e9e82826edd39e19)
|
||||
---
|
||||
hw/virtio/virtio-pci.c | 39 ++++++++++++++++++++-------------------
|
||||
1 file changed, 20 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
|
||||
index 58ebbcf..c19c4d6 100644
|
||||
--- a/hw/virtio/virtio-pci.c
|
||||
+++ b/hw/virtio/virtio-pci.c
|
||||
@@ -86,9 +86,6 @@
|
||||
* 12 is historical, and due to x86 page size. */
|
||||
#define VIRTIO_PCI_QUEUE_ADDR_SHIFT 12
|
||||
|
||||
-/* Flags track per-device state like workarounds for quirks in older guests. */
|
||||
-#define VIRTIO_PCI_FLAG_BUS_MASTER_BUG (1 << 0)
|
||||
-
|
||||
static void virtio_pci_bus_new(VirtioBusState *bus, size_t bus_size,
|
||||
VirtIOPCIProxy *dev);
|
||||
|
||||
@@ -323,14 +320,6 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
|
||||
proxy->pci_dev.config[PCI_COMMAND] |
|
||||
PCI_COMMAND_MASTER, 1);
|
||||
}
|
||||
-
|
||||
- /* Linux before 2.6.34 sets the device as OK without enabling
|
||||
- the PCI device bus master bit. In this case we need to disable
|
||||
- some safety checks. */
|
||||
- if ((val & VIRTIO_CONFIG_S_DRIVER_OK) &&
|
||||
- !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
|
||||
- proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
|
||||
- }
|
||||
break;
|
||||
case VIRTIO_MSI_CONFIG_VECTOR:
|
||||
msix_vector_unuse(&proxy->pci_dev, vdev->config_vector);
|
||||
@@ -480,13 +469,18 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
|
||||
VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
|
||||
VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
|
||||
|
||||
+ uint8_t cmd = proxy->pci_dev.config[PCI_COMMAND];
|
||||
+
|
||||
pci_default_write_config(pci_dev, address, val, len);
|
||||
|
||||
if (range_covers_byte(address, len, PCI_COMMAND) &&
|
||||
!(pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER) &&
|
||||
- !(proxy->flags & VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
|
||||
+ (cmd & PCI_COMMAND_MASTER)) {
|
||||
+ /* Bus driver disables bus mastering - make it act
|
||||
+ * as a kind of reset to render the device quiescent. */
|
||||
virtio_pci_stop_ioeventfd(proxy);
|
||||
- virtio_set_status(vdev, vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK);
|
||||
+ virtio_reset(vdev);
|
||||
+ msix_unuse_all_vectors(&proxy->pci_dev);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -895,11 +889,19 @@ static void virtio_pci_vmstate_change(DeviceState *d, bool running)
|
||||
VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
|
||||
|
||||
if (running) {
|
||||
- /* Try to find out if the guest has bus master disabled, but is
|
||||
- in ready state. Then we have a buggy guest OS. */
|
||||
- if ((vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
|
||||
- !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
|
||||
- proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
|
||||
+ /* Linux before 2.6.34 drives the device without enabling
|
||||
+ the PCI device bus master bit. Enable it automatically
|
||||
+ for the guest. This is a PCI spec violation but so is
|
||||
+ initiating DMA with bus master bit clear.
|
||||
+ Note: this only makes a difference when migrating
|
||||
+ across QEMU versions from an old QEMU, as for new QEMU
|
||||
+ bus master and driver bits are always in sync.
|
||||
+ TODO: consider enabling conditionally for compat machine types. */
|
||||
+ if (vdev->status & (VIRTIO_CONFIG_S_ACKNOWLEDGE |
|
||||
+ VIRTIO_CONFIG_S_DRIVER)) {
|
||||
+ pci_default_write_config(&proxy->pci_dev, PCI_COMMAND,
|
||||
+ proxy->pci_dev.config[PCI_COMMAND] |
|
||||
+ PCI_COMMAND_MASTER, 1);
|
||||
}
|
||||
virtio_pci_start_ioeventfd(proxy);
|
||||
} else {
|
||||
@@ -1043,7 +1045,6 @@ static void virtio_pci_reset(DeviceState *qdev)
|
||||
virtio_pci_stop_ioeventfd(proxy);
|
||||
virtio_bus_reset(bus);
|
||||
msix_unuse_all_vectors(&proxy->pci_dev);
|
||||
- proxy->flags &= ~VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
|
||||
}
|
||||
|
||||
static Property virtio_pci_properties[] = {
|
|
@ -1,97 +0,0 @@
|
|||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Mon, 29 Sep 2014 11:27:32 +0300
|
||||
Subject: [PATCH] Revert "virtio-pci: fix migration for pci bus master"
|
||||
|
||||
This reverts commit 4d43d3f3c8147ade184df9a1e9e82826edd39e19.
|
||||
|
||||
Reported to break PPC guests.
|
||||
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
(cherry picked from commit 45363e46aeebfc99753389649eac7c7fc22bfe52)
|
||||
---
|
||||
hw/virtio/virtio-pci.c | 39 +++++++++++++++++++--------------------
|
||||
1 file changed, 19 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
|
||||
index c19c4d6..58ebbcf 100644
|
||||
--- a/hw/virtio/virtio-pci.c
|
||||
+++ b/hw/virtio/virtio-pci.c
|
||||
@@ -86,6 +86,9 @@
|
||||
* 12 is historical, and due to x86 page size. */
|
||||
#define VIRTIO_PCI_QUEUE_ADDR_SHIFT 12
|
||||
|
||||
+/* Flags track per-device state like workarounds for quirks in older guests. */
|
||||
+#define VIRTIO_PCI_FLAG_BUS_MASTER_BUG (1 << 0)
|
||||
+
|
||||
static void virtio_pci_bus_new(VirtioBusState *bus, size_t bus_size,
|
||||
VirtIOPCIProxy *dev);
|
||||
|
||||
@@ -320,6 +323,14 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
|
||||
proxy->pci_dev.config[PCI_COMMAND] |
|
||||
PCI_COMMAND_MASTER, 1);
|
||||
}
|
||||
+
|
||||
+ /* Linux before 2.6.34 sets the device as OK without enabling
|
||||
+ the PCI device bus master bit. In this case we need to disable
|
||||
+ some safety checks. */
|
||||
+ if ((val & VIRTIO_CONFIG_S_DRIVER_OK) &&
|
||||
+ !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
|
||||
+ proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
|
||||
+ }
|
||||
break;
|
||||
case VIRTIO_MSI_CONFIG_VECTOR:
|
||||
msix_vector_unuse(&proxy->pci_dev, vdev->config_vector);
|
||||
@@ -469,18 +480,13 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
|
||||
VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
|
||||
VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
|
||||
|
||||
- uint8_t cmd = proxy->pci_dev.config[PCI_COMMAND];
|
||||
-
|
||||
pci_default_write_config(pci_dev, address, val, len);
|
||||
|
||||
if (range_covers_byte(address, len, PCI_COMMAND) &&
|
||||
!(pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER) &&
|
||||
- (cmd & PCI_COMMAND_MASTER)) {
|
||||
- /* Bus driver disables bus mastering - make it act
|
||||
- * as a kind of reset to render the device quiescent. */
|
||||
+ !(proxy->flags & VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
|
||||
virtio_pci_stop_ioeventfd(proxy);
|
||||
- virtio_reset(vdev);
|
||||
- msix_unuse_all_vectors(&proxy->pci_dev);
|
||||
+ virtio_set_status(vdev, vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -889,19 +895,11 @@ static void virtio_pci_vmstate_change(DeviceState *d, bool running)
|
||||
VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
|
||||
|
||||
if (running) {
|
||||
- /* Linux before 2.6.34 drives the device without enabling
|
||||
- the PCI device bus master bit. Enable it automatically
|
||||
- for the guest. This is a PCI spec violation but so is
|
||||
- initiating DMA with bus master bit clear.
|
||||
- Note: this only makes a difference when migrating
|
||||
- across QEMU versions from an old QEMU, as for new QEMU
|
||||
- bus master and driver bits are always in sync.
|
||||
- TODO: consider enabling conditionally for compat machine types. */
|
||||
- if (vdev->status & (VIRTIO_CONFIG_S_ACKNOWLEDGE |
|
||||
- VIRTIO_CONFIG_S_DRIVER)) {
|
||||
- pci_default_write_config(&proxy->pci_dev, PCI_COMMAND,
|
||||
- proxy->pci_dev.config[PCI_COMMAND] |
|
||||
- PCI_COMMAND_MASTER, 1);
|
||||
+ /* Try to find out if the guest has bus master disabled, but is
|
||||
+ in ready state. Then we have a buggy guest OS. */
|
||||
+ if ((vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
|
||||
+ !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
|
||||
+ proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
|
||||
}
|
||||
virtio_pci_start_ioeventfd(proxy);
|
||||
} else {
|
||||
@@ -1045,6 +1043,7 @@ static void virtio_pci_reset(DeviceState *qdev)
|
||||
virtio_pci_stop_ioeventfd(proxy);
|
||||
virtio_bus_reset(bus);
|
||||
msix_unuse_all_vectors(&proxy->pci_dev);
|
||||
+ proxy->flags &= ~VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
|
||||
}
|
||||
|
||||
static Property virtio_pci_properties[] = {
|
|
@ -1,45 +0,0 @@
|
|||
From: Petr Matousek <pmatouse@redhat.com>
|
||||
Date: Mon, 27 Oct 2014 12:41:44 +0100
|
||||
Subject: [PATCH] vnc: sanitize bits_per_pixel from the client
|
||||
|
||||
bits_per_pixel that are less than 8 could result in accessing
|
||||
non-initialized buffers later in the code due to the expectation
|
||||
that bytes_per_pixel value that is used to initialize these buffers is
|
||||
never zero.
|
||||
|
||||
To fix this check that bits_per_pixel from the client is one of the
|
||||
values that the rfb protocol specification allows.
|
||||
|
||||
This is CVE-2014-7815.
|
||||
|
||||
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
|
||||
|
||||
[ kraxel: apply codestyle fix ]
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
(cherry picked from commit e6908bfe8e07f2b452e78e677da1b45b1c0f6829)
|
||||
---
|
||||
ui/vnc.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/ui/vnc.c b/ui/vnc.c
|
||||
index f8d9b7d..87e34ae 100644
|
||||
--- a/ui/vnc.c
|
||||
+++ b/ui/vnc.c
|
||||
@@ -2026,6 +2026,16 @@ static void set_pixel_format(VncState *vs,
|
||||
return;
|
||||
}
|
||||
|
||||
+ switch (bits_per_pixel) {
|
||||
+ case 8:
|
||||
+ case 16:
|
||||
+ case 32:
|
||||
+ break;
|
||||
+ default:
|
||||
+ vnc_client_error(vs);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
vs->client_pf.rmax = red_max;
|
||||
vs->client_pf.rbits = hweight_long(red_max);
|
||||
vs->client_pf.rshift = red_shift;
|
|
@ -1,34 +0,0 @@
|
|||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Wed, 29 Oct 2014 12:56:06 +0100
|
||||
Subject: [PATCH] vmware-vga: CVE-2014-3689: turn off hw accel
|
||||
|
||||
Quick & easy stopgap for CVE-2014-3689: We just compile out the
|
||||
hardware acceleration functions which lack sanity checks. Thankfully
|
||||
we have capability bits for them (SVGA_CAP_RECT_COPY and
|
||||
SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.
|
||||
|
||||
Subsequent patches will add the missing checks and re-enable the
|
||||
hardware acceleration emulation.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Reviewed-by: Don Koch <dkoch@verizon.com>
|
||||
---
|
||||
hw/display/vmware_vga.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
|
||||
index 591b645..4a4229b 100644
|
||||
--- a/hw/display/vmware_vga.c
|
||||
+++ b/hw/display/vmware_vga.c
|
||||
@@ -29,8 +29,10 @@
|
||||
#include "hw/pci/pci.h"
|
||||
|
||||
#undef VERBOSE
|
||||
+#if 0
|
||||
#define HW_RECT_ACCEL
|
||||
#define HW_FILL_ACCEL
|
||||
+#endif
|
||||
#define HW_MOUSE_ACCEL
|
||||
|
||||
#include "vga_int.h"
|
|
@ -1,79 +0,0 @@
|
|||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Wed, 29 Oct 2014 12:56:07 +0100
|
||||
Subject: [PATCH] vmware-vga: add vmsvga_verify_rect
|
||||
|
||||
Add verification function for rectangles, returning
|
||||
true if verification passes and false otherwise.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Reviewed-by: Don Koch <dkoch@verizon.com>
|
||||
---
|
||||
hw/display/vmware_vga.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 52 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
|
||||
index 4a4229b..f0e487f 100644
|
||||
--- a/hw/display/vmware_vga.c
|
||||
+++ b/hw/display/vmware_vga.c
|
||||
@@ -294,8 +294,59 @@ enum {
|
||||
SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
|
||||
};
|
||||
|
||||
+static inline bool vmsvga_verify_rect(DisplaySurface *surface,
|
||||
+ const char *name,
|
||||
+ int x, int y, int w, int h)
|
||||
+{
|
||||
+ if (x < 0) {
|
||||
+ fprintf(stderr, "%s: x was < 0 (%d)\n", name, x);
|
||||
+ return false;
|
||||
+ }
|
||||
+ if (x > SVGA_MAX_WIDTH) {
|
||||
+ fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x);
|
||||
+ return false;
|
||||
+ }
|
||||
+ if (w < 0) {
|
||||
+ fprintf(stderr, "%s: w was < 0 (%d)\n", name, w);
|
||||
+ return false;
|
||||
+ }
|
||||
+ if (w > SVGA_MAX_WIDTH) {
|
||||
+ fprintf(stderr, "%s: w was > %d (%d)\n", name, SVGA_MAX_WIDTH, w);
|
||||
+ return false;
|
||||
+ }
|
||||
+ if (x + w > surface_width(surface)) {
|
||||
+ fprintf(stderr, "%s: width was > %d (x: %d, w: %d)\n",
|
||||
+ name, surface_width(surface), x, w);
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if (y < 0) {
|
||||
+ fprintf(stderr, "%s: y was < 0 (%d)\n", name, y);
|
||||
+ return false;
|
||||
+ }
|
||||
+ if (y > SVGA_MAX_HEIGHT) {
|
||||
+ fprintf(stderr, "%s: y was > %d (%d)\n", name, SVGA_MAX_HEIGHT, y);
|
||||
+ return false;
|
||||
+ }
|
||||
+ if (h < 0) {
|
||||
+ fprintf(stderr, "%s: h was < 0 (%d)\n", name, h);
|
||||
+ return false;
|
||||
+ }
|
||||
+ if (h > SVGA_MAX_HEIGHT) {
|
||||
+ fprintf(stderr, "%s: h was > %d (%d)\n", name, SVGA_MAX_HEIGHT, h);
|
||||
+ return false;
|
||||
+ }
|
||||
+ if (y + h > surface_height(surface)) {
|
||||
+ fprintf(stderr, "%s: update height > %d (y: %d, h: %d)\n",
|
||||
+ name, surface_height(surface), y, h);
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
|
||||
- int x, int y, int w, int h)
|
||||
+ int x, int y, int w, int h)
|
||||
{
|
||||
DisplaySurface *surface = qemu_console_surface(s->vga.con);
|
||||
int line;
|
|
@ -1,61 +0,0 @@
|
|||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Wed, 29 Oct 2014 12:56:08 +0100
|
||||
Subject: [PATCH] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
|
||||
|
||||
Switch vmsvga_update_rect over to use vmsvga_verify_rect. Slight change
|
||||
in behavior: We don't try to automatically fixup rectangles any more.
|
||||
In case we find invalid update requests we'll do a full-screen update
|
||||
instead.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Reviewed-by: Don Koch <dkoch@verizon.com>
|
||||
---
|
||||
hw/display/vmware_vga.c | 32 ++++----------------------------
|
||||
1 file changed, 4 insertions(+), 28 deletions(-)
|
||||
|
||||
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
|
||||
index f0e487f..718746e 100644
|
||||
--- a/hw/display/vmware_vga.c
|
||||
+++ b/hw/display/vmware_vga.c
|
||||
@@ -356,36 +356,12 @@ static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
|
||||
uint8_t *src;
|
||||
uint8_t *dst;
|
||||
|
||||
- if (x < 0) {
|
||||
- fprintf(stderr, "%s: update x was < 0 (%d)\n", __func__, x);
|
||||
- w += x;
|
||||
+ if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
|
||||
+ /* go for a fullscreen update as fallback */
|
||||
x = 0;
|
||||
- }
|
||||
- if (w < 0) {
|
||||
- fprintf(stderr, "%s: update w was < 0 (%d)\n", __func__, w);
|
||||
- w = 0;
|
||||
- }
|
||||
- if (x + w > surface_width(surface)) {
|
||||
- fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
|
||||
- __func__, x, w);
|
||||
- x = MIN(x, surface_width(surface));
|
||||
- w = surface_width(surface) - x;
|
||||
- }
|
||||
-
|
||||
- if (y < 0) {
|
||||
- fprintf(stderr, "%s: update y was < 0 (%d)\n", __func__, y);
|
||||
- h += y;
|
||||
y = 0;
|
||||
- }
|
||||
- if (h < 0) {
|
||||
- fprintf(stderr, "%s: update h was < 0 (%d)\n", __func__, h);
|
||||
- h = 0;
|
||||
- }
|
||||
- if (y + h > surface_height(surface)) {
|
||||
- fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
|
||||
- __func__, y, h);
|
||||
- y = MIN(y, surface_height(surface));
|
||||
- h = surface_height(surface) - y;
|
||||
+ w = surface_width(surface);
|
||||
+ h = surface_height(surface);
|
||||
}
|
||||
|
||||
bypl = surface_stride(surface);
|
|
@ -1,75 +0,0 @@
|
|||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Wed, 29 Oct 2014 12:56:09 +0100
|
||||
Subject: [PATCH] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
|
||||
|
||||
Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Reviewed-by: Don Koch <dkoch@verizon.com>
|
||||
---
|
||||
hw/display/vmware_vga.c | 20 ++++++++++++++------
|
||||
1 file changed, 14 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
|
||||
index 718746e..c2e0a43 100644
|
||||
--- a/hw/display/vmware_vga.c
|
||||
+++ b/hw/display/vmware_vga.c
|
||||
@@ -29,8 +29,8 @@
|
||||
#include "hw/pci/pci.h"
|
||||
|
||||
#undef VERBOSE
|
||||
-#if 0
|
||||
#define HW_RECT_ACCEL
|
||||
+#if 0
|
||||
#define HW_FILL_ACCEL
|
||||
#endif
|
||||
#define HW_MOUSE_ACCEL
|
||||
@@ -406,7 +406,7 @@ static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
|
||||
}
|
||||
|
||||
#ifdef HW_RECT_ACCEL
|
||||
-static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
|
||||
+static inline int vmsvga_copy_rect(struct vmsvga_state_s *s,
|
||||
int x0, int y0, int x1, int y1, int w, int h)
|
||||
{
|
||||
DisplaySurface *surface = qemu_console_surface(s->vga.con);
|
||||
@@ -417,6 +417,13 @@ static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
|
||||
int line = h;
|
||||
uint8_t *ptr[2];
|
||||
|
||||
+ if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
if (y1 > y0) {
|
||||
ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
|
||||
ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
|
||||
@@ -432,6 +439,7 @@ static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
|
||||
}
|
||||
|
||||
vmsvga_update_rect_delayed(s, x1, y1, w, h);
|
||||
+ return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -625,12 +633,12 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
|
||||
width = vmsvga_fifo_read(s);
|
||||
height = vmsvga_fifo_read(s);
|
||||
#ifdef HW_RECT_ACCEL
|
||||
- vmsvga_copy_rect(s, x, y, dx, dy, width, height);
|
||||
- break;
|
||||
-#else
|
||||
+ if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) {
|
||||
+ break;
|
||||
+ }
|
||||
+#endif
|
||||
args = 0;
|
||||
goto badcmd;
|
||||
-#endif
|
||||
|
||||
case SVGA_CMD_DEFINE_CURSOR:
|
||||
len -= 8;
|
|
@ -1,72 +0,0 @@
|
|||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Wed, 29 Oct 2014 12:56:10 +0100
|
||||
Subject: [PATCH] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
|
||||
|
||||
Add verification to vmsvga_fill_rect, re-enable HW_FILL_ACCEL.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Reviewed-by: Don Koch <dkoch@verizon.com>
|
||||
---
|
||||
hw/display/vmware_vga.c | 17 ++++++++++-------
|
||||
1 file changed, 10 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
|
||||
index c2e0a43..d44e3e8 100644
|
||||
--- a/hw/display/vmware_vga.c
|
||||
+++ b/hw/display/vmware_vga.c
|
||||
@@ -30,9 +30,7 @@
|
||||
|
||||
#undef VERBOSE
|
||||
#define HW_RECT_ACCEL
|
||||
-#if 0
|
||||
#define HW_FILL_ACCEL
|
||||
-#endif
|
||||
#define HW_MOUSE_ACCEL
|
||||
|
||||
#include "vga_int.h"
|
||||
@@ -444,7 +442,7 @@ static inline int vmsvga_copy_rect(struct vmsvga_state_s *s,
|
||||
#endif
|
||||
|
||||
#ifdef HW_FILL_ACCEL
|
||||
-static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
|
||||
+static inline int vmsvga_fill_rect(struct vmsvga_state_s *s,
|
||||
uint32_t c, int x, int y, int w, int h)
|
||||
{
|
||||
DisplaySurface *surface = qemu_console_surface(s->vga.con);
|
||||
@@ -457,6 +455,10 @@ static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
|
||||
uint8_t *src;
|
||||
uint8_t col[4];
|
||||
|
||||
+ if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
col[0] = c;
|
||||
col[1] = c >> 8;
|
||||
col[2] = c >> 16;
|
||||
@@ -481,6 +483,7 @@ static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
|
||||
}
|
||||
|
||||
vmsvga_update_rect_delayed(s, x, y, w, h);
|
||||
+ return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -613,12 +616,12 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
|
||||
width = vmsvga_fifo_read(s);
|
||||
height = vmsvga_fifo_read(s);
|
||||
#ifdef HW_FILL_ACCEL
|
||||
- vmsvga_fill_rect(s, colour, x, y, width, height);
|
||||
- break;
|
||||
-#else
|
||||
+ if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) {
|
||||
+ break;
|
||||
+ }
|
||||
+#endif
|
||||
args = 0;
|
||||
goto badcmd;
|
||||
-#endif
|
||||
|
||||
case SVGA_CMD_RECT_COPY:
|
||||
len -= 7;
|
174
qemu.spec
174
qemu.spec
|
@ -135,6 +135,7 @@
|
|||
%global system_unicore32 system-unicore32
|
||||
%global system_moxie system-moxie
|
||||
%global system_aarch64 system-aarch64
|
||||
%global system_tricore system-tricore
|
||||
%endif
|
||||
|
||||
# libfdt is only needed to build ARM, aarch64, Microblaze or PPC emulators
|
||||
|
@ -151,8 +152,8 @@
|
|||
|
||||
Summary: QEMU is a FAST! processor emulator
|
||||
Name: qemu
|
||||
Version: 2.1.2
|
||||
Release: 6%{?dist}
|
||||
Version: 2.2.0
|
||||
Release: 0.1.rc1%{?dist}
|
||||
Epoch: 2
|
||||
License: GPLv2+ and LGPLv2+ and BSD
|
||||
Group: Development/Tools
|
||||
|
@ -167,7 +168,7 @@ ExclusiveArch: %{kvm_archs}
|
|||
%define _smp_mflags %{nil}
|
||||
%endif
|
||||
|
||||
Source0: http://wiki.qemu-project.org/download/%{name}-%{version}.tar.bz2
|
||||
Source0: http://wiki.qemu-project.org/download/%{name}-%{version}-rc1.tar.bz2
|
||||
|
||||
Source1: qemu.binfmt
|
||||
|
||||
|
@ -192,29 +193,6 @@ Source12: bridge.conf
|
|||
# qemu-kvm back compat wrapper
|
||||
Source13: qemu-kvm.sh
|
||||
|
||||
# Allow aarch64 to boot compressed kernel
|
||||
Patch0001: 0001-loader-Add-load_image_gzipped-function.patch
|
||||
Patch0002: 0002-aarch64-Allow-kernel-option-to-take-a-gzip-compresse.patch
|
||||
# Fix crash in curl driver
|
||||
Patch0003: 0003-block.curl-adding-timeout-option.patch
|
||||
Patch0004: 0004-curl-Allow-a-cookie-or-cookies-to-be-sent-with-http-.patch
|
||||
Patch0005: 0005-curl-Don-t-deref-NULL-pointer-in-call-to-aio_poll.patch
|
||||
# Fix crash on migration/snapshot (bz #1144490)
|
||||
Patch0006: 0006-virtio-pci-enable-bus-master-for-old-guests.patch
|
||||
Patch0007: 0007-virtio-pci-fix-migration-for-pci-bus-master.patch
|
||||
# Fix PPC virtio regression (bz #1144490)
|
||||
Patch0008: 0008-Revert-virtio-pci-fix-migration-for-pci-bus-master.patch
|
||||
# CVE-2014-7815 vnc: insufficient bits_per_pixel from the client
|
||||
# sanitization (bz #1157647, bz #1157641)
|
||||
Patch0009: 0009-vnc-sanitize-bits_per_pixel-from-the-client.patch
|
||||
# CVE-2014-3689 vmware_vga: insufficient parameter validation in
|
||||
# rectangle functions (bz #1153038, bz #1153035)
|
||||
Patch0010: 0010-vmware-vga-CVE-2014-3689-turn-off-hw-accel.patch
|
||||
Patch0011: 0011-vmware-vga-add-vmsvga_verify_rect.patch
|
||||
Patch0012: 0012-vmware-vga-use-vmsvga_verify_rect-in-vmsvga_update_r.patch
|
||||
Patch0013: 0013-vmware-vga-use-vmsvga_verify_rect-in-vmsvga_copy_rec.patch
|
||||
Patch0014: 0014-vmware-vga-use-vmsvga_verify_rect-in-vmsvga_fill_rec.patch
|
||||
|
||||
BuildRequires: SDL2-devel
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: which
|
||||
|
@ -368,6 +346,9 @@ Requires: %{name}-%{system_moxie} = %{epoch}:%{version}-%{release}
|
|||
%if 0%{?system_aarch64:1}
|
||||
Requires: %{name}-%{system_aarch64} = %{epoch}:%{version}-%{release}
|
||||
%endif
|
||||
%if 0%{?system_tricore:1}
|
||||
Requires: %{name}-%{system_tricore} = %{epoch}:%{version}-%{release}
|
||||
%endif
|
||||
%if %{without separate_kvm}
|
||||
Requires: %{name}-img = %{epoch}:%{version}-%{release}
|
||||
%else
|
||||
|
@ -700,6 +681,18 @@ emulation speed by using dynamic translation.
|
|||
This package provides the system emulator for AArch64.
|
||||
%endif
|
||||
|
||||
%if 0%{?system_tricore:1}
|
||||
%package %{system_tricore}
|
||||
Summary: QEMU system emulator for tricore
|
||||
Group: Development/Tools
|
||||
Requires: %{name}-common = %{epoch}:%{version}-%{release}
|
||||
%description %{system_tricore}
|
||||
QEMU is a generic and open source processor emulator which achieves a good
|
||||
emulation speed by using dynamic translation.
|
||||
|
||||
This package provides the system emulator for Tricore.
|
||||
%endif
|
||||
|
||||
|
||||
%ifarch %{kvm_archs}
|
||||
%package kvm-tools
|
||||
|
@ -738,31 +731,7 @@ CAC emulation development files.
|
|||
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
# Allow aarch64 to boot compressed kernel
|
||||
%patch0001 -p1
|
||||
%patch0002 -p1
|
||||
# Fix crash in curl driver
|
||||
%patch0003 -p1
|
||||
%patch0004 -p1
|
||||
%patch0005 -p1
|
||||
# Fix crash on migration/snapshot (bz #1144490)
|
||||
%patch0006 -p1
|
||||
%patch0007 -p1
|
||||
# Fix PPC virtio regression (bz #1144490)
|
||||
%patch0008 -p1
|
||||
# CVE-2014-7815 vnc: insufficient bits_per_pixel from the client
|
||||
# sanitization (bz #1157647, bz #1157641)
|
||||
%patch0009 -p1
|
||||
# CVE-2014-3689 vmware_vga: insufficient parameter validation in
|
||||
# rectangle functions (bz #1153038, bz #1153035)
|
||||
%patch0010 -p1
|
||||
%patch0011 -p1
|
||||
%patch0012 -p1
|
||||
%patch0013 -p1
|
||||
%patch0014 -p1
|
||||
|
||||
%setup -q -n qemu-2.2.0-rc1
|
||||
|
||||
%build
|
||||
%if %{with kvmonly}
|
||||
|
@ -774,6 +743,7 @@ microblazeel-softmmu mips-softmmu mipsel-softmmu mips64-softmmu \
|
|||
mips64el-softmmu or32-softmmu ppc-softmmu ppcemb-softmmu ppc64-softmmu \
|
||||
s390x-softmmu sh4-softmmu sh4eb-softmmu sparc-softmmu sparc64-softmmu \
|
||||
xtensa-softmmu xtensaeb-softmmu unicore32-softmmu moxie-softmmu \
|
||||
tricore-softmmu \
|
||||
i386-linux-user x86_64-linux-user aarch64-linux-user alpha-linux-user \
|
||||
arm-linux-user armeb-linux-user cris-linux-user m68k-linux-user \
|
||||
microblaze-linux-user microblazeel-linux-user mips-linux-user \
|
||||
|
@ -1191,6 +1161,7 @@ getent passwd qemu >/dev/null || \
|
|||
%{_datadir}/%{name}/qemu-icon.bmp
|
||||
%{_datadir}/%{name}/qemu_logo_no_text.svg
|
||||
%{_datadir}/%{name}/keymaps/
|
||||
%{_datadir}/%{name}/trace-events
|
||||
%{_mandir}/man1/qemu.1*
|
||||
%{_mandir}/man1/virtfs-proxy-helper.1*
|
||||
%{_bindir}/virtfs-proxy-helper
|
||||
|
@ -1250,34 +1221,21 @@ getent passwd qemu >/dev/null || \
|
|||
%{_bindir}/qemu-sparc32plus
|
||||
%{_bindir}/qemu-sparc64
|
||||
%{_bindir}/qemu-unicore32
|
||||
%{_datadir}/systemtap/tapset/qemu-i386.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-x86_64.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-aarch64.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-alpha.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-arm.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-armeb.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-cris.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-m68k.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-microblaze.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-microblazeel.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-mips.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-mipsel.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-mips64.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-mips64el.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-mipsn32.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-mipsn32el.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-or32.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-ppc.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-ppc64.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-ppc64abi32.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-ppc64le.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-s390x.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-sh4.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-sh4eb.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-sparc.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-sparc32plus.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-sparc64.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-unicore32.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-i386*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-x86_64*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-aarch64*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-alpha*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-arm*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-cris*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-m68k*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-microblaze*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-mips*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-or32*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-ppc*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-s390x*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-sh4*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-sparc*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-unicore32*.stp
|
||||
%endif
|
||||
|
||||
%if 0%{?system_x86:1}
|
||||
|
@ -1286,8 +1244,8 @@ getent passwd qemu >/dev/null || \
|
|||
%if %{without kvmonly}
|
||||
%{_bindir}/qemu-system-i386
|
||||
%{_bindir}/qemu-system-x86_64
|
||||
%{_datadir}/systemtap/tapset/qemu-system-i386.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-x86_64.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-i386*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-x86_64*.stp
|
||||
%{_mandir}/man1/qemu-system-i386.1*
|
||||
%{_mandir}/man1/qemu-system-x86_64.1*
|
||||
%endif
|
||||
|
@ -1333,7 +1291,7 @@ getent passwd qemu >/dev/null || \
|
|||
%files %{system_alpha}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-alpha
|
||||
%{_datadir}/systemtap/tapset/qemu-system-alpha.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-alpha*.stp
|
||||
%{_mandir}/man1/qemu-system-alpha.1*
|
||||
%{_datadir}/%{name}/palcode-clipper
|
||||
%endif
|
||||
|
@ -1342,7 +1300,7 @@ getent passwd qemu >/dev/null || \
|
|||
%files %{system_arm}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-arm
|
||||
%{_datadir}/systemtap/tapset/qemu-system-arm.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-arm*.stp
|
||||
%{_mandir}/man1/qemu-system-arm.1*
|
||||
%if %{without separate_kvm}
|
||||
%ifarch armv7hl
|
||||
|
@ -1360,10 +1318,7 @@ getent passwd qemu >/dev/null || \
|
|||
%{_bindir}/qemu-system-mipsel
|
||||
%{_bindir}/qemu-system-mips64
|
||||
%{_bindir}/qemu-system-mips64el
|
||||
%{_datadir}/systemtap/tapset/qemu-system-mips.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-mipsel.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-mips64el.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-mips64.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-mips*.stp
|
||||
%{_mandir}/man1/qemu-system-mips.1*
|
||||
%{_mandir}/man1/qemu-system-mipsel.1*
|
||||
%{_mandir}/man1/qemu-system-mips64el.1*
|
||||
|
@ -1374,7 +1329,7 @@ getent passwd qemu >/dev/null || \
|
|||
%files %{system_cris}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-cris
|
||||
%{_datadir}/systemtap/tapset/qemu-system-cris.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-cris*.stp
|
||||
%{_mandir}/man1/qemu-system-cris.1*
|
||||
%endif
|
||||
|
||||
|
@ -1382,7 +1337,7 @@ getent passwd qemu >/dev/null || \
|
|||
%files %{system_lm32}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-lm32
|
||||
%{_datadir}/systemtap/tapset/qemu-system-lm32.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-lm32*.stp
|
||||
%{_mandir}/man1/qemu-system-lm32.1*
|
||||
%endif
|
||||
|
||||
|
@ -1390,7 +1345,7 @@ getent passwd qemu >/dev/null || \
|
|||
%files %{system_m68k}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-m68k
|
||||
%{_datadir}/systemtap/tapset/qemu-system-m68k.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-m68k*.stp
|
||||
%{_mandir}/man1/qemu-system-m68k.1*
|
||||
%endif
|
||||
|
||||
|
@ -1399,8 +1354,7 @@ getent passwd qemu >/dev/null || \
|
|||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-microblaze
|
||||
%{_bindir}/qemu-system-microblazeel
|
||||
%{_datadir}/systemtap/tapset/qemu-system-microblaze.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-microblazeel.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-microblaze*.stp
|
||||
%{_mandir}/man1/qemu-system-microblaze.1*
|
||||
%{_mandir}/man1/qemu-system-microblazeel.1*
|
||||
%{_datadir}/%{name}/petalogix*.dtb
|
||||
|
@ -1410,7 +1364,7 @@ getent passwd qemu >/dev/null || \
|
|||
%files %{system_or32}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-or32
|
||||
%{_datadir}/systemtap/tapset/qemu-system-or32.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-or32*.stp
|
||||
%{_mandir}/man1/qemu-system-or32.1*
|
||||
%endif
|
||||
|
||||
|
@ -1418,7 +1372,7 @@ getent passwd qemu >/dev/null || \
|
|||
%files %{system_s390x}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-s390x
|
||||
%{_datadir}/systemtap/tapset/qemu-system-s390x.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-s390x*.stp
|
||||
%{_mandir}/man1/qemu-system-s390x.1*
|
||||
%{_datadir}/%{name}/s390-zipl.rom
|
||||
%{_datadir}/%{name}/s390-ccw.img
|
||||
|
@ -1433,8 +1387,7 @@ getent passwd qemu >/dev/null || \
|
|||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-sh4
|
||||
%{_bindir}/qemu-system-sh4eb
|
||||
%{_datadir}/systemtap/tapset/qemu-system-sh4.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-sh4eb.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-sh4*.stp
|
||||
%{_mandir}/man1/qemu-system-sh4.1*
|
||||
%{_mandir}/man1/qemu-system-sh4eb.1*
|
||||
%endif
|
||||
|
@ -1444,8 +1397,7 @@ getent passwd qemu >/dev/null || \
|
|||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-sparc
|
||||
%{_bindir}/qemu-system-sparc64
|
||||
%{_datadir}/systemtap/tapset/qemu-system-sparc.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-sparc64.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-sparc*.stp
|
||||
%{_mandir}/man1/qemu-system-sparc.1*
|
||||
%{_mandir}/man1/qemu-system-sparc64.1*
|
||||
%{_datadir}/%{name}/QEMU,tcx.bin
|
||||
|
@ -1459,9 +1411,9 @@ getent passwd qemu >/dev/null || \
|
|||
%{_bindir}/qemu-system-ppc
|
||||
%{_bindir}/qemu-system-ppc64
|
||||
%{_bindir}/qemu-system-ppcemb
|
||||
%{_datadir}/systemtap/tapset/qemu-system-ppc.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-ppc64.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-ppcemb.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-ppc*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-ppc64*.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-ppcemb*.stp
|
||||
%{_mandir}/man1/qemu-system-ppc.1*
|
||||
%{_mandir}/man1/qemu-system-ppc64.1*
|
||||
%{_mandir}/man1/qemu-system-ppcemb.1*
|
||||
|
@ -1480,7 +1432,7 @@ getent passwd qemu >/dev/null || \
|
|||
%files %{system_unicore32}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-unicore32
|
||||
%{_datadir}/systemtap/tapset/qemu-system-unicore32.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-unicore32*.stp
|
||||
%{_mandir}/man1/qemu-system-unicore32.1*
|
||||
%endif
|
||||
|
||||
|
@ -1489,8 +1441,7 @@ getent passwd qemu >/dev/null || \
|
|||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-xtensa
|
||||
%{_bindir}/qemu-system-xtensaeb
|
||||
%{_datadir}/systemtap/tapset/qemu-system-xtensa.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-xtensaeb.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-xtensa*.stp
|
||||
%{_mandir}/man1/qemu-system-xtensa.1*
|
||||
%{_mandir}/man1/qemu-system-xtensaeb.1*
|
||||
%endif
|
||||
|
@ -1499,7 +1450,7 @@ getent passwd qemu >/dev/null || \
|
|||
%files %{system_moxie}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-moxie
|
||||
%{_datadir}/systemtap/tapset/qemu-system-moxie.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-moxie*.stp
|
||||
%{_mandir}/man1/qemu-system-moxie.1*
|
||||
%endif
|
||||
|
||||
|
@ -1507,7 +1458,7 @@ getent passwd qemu >/dev/null || \
|
|||
%files %{system_aarch64}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-aarch64
|
||||
%{_datadir}/systemtap/tapset/qemu-system-aarch64.stp
|
||||
%{_datadir}/systemtap/tapset/qemu-system-aarch64*.stp
|
||||
%{_mandir}/man1/qemu-system-aarch64.1*
|
||||
%ifarch aarch64
|
||||
%{?kvm_files:}
|
||||
|
@ -1515,6 +1466,14 @@ getent passwd qemu >/dev/null || \
|
|||
%endif
|
||||
%endif
|
||||
|
||||
%if 0%{?system_tricore:1}
|
||||
%files %{system_tricore}
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/qemu-system-tricore
|
||||
%{_datadir}/systemtap/tapset/qemu-system-tricore*.stp
|
||||
%{_mandir}/man1/qemu-system-tricore.1*
|
||||
%endif
|
||||
|
||||
%if %{without separate_kvm}
|
||||
%files img
|
||||
%defattr(-,root,root)
|
||||
|
@ -1541,6 +1500,9 @@ getent passwd qemu >/dev/null || \
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Sat Nov 15 2014 Cole Robinson <crobinso@redhat.com> - 2:2.2.0-0.1.rc1
|
||||
- Update to qemu-2.2.0-rc1
|
||||
|
||||
* Wed Oct 29 2014 Cole Robinson <crobinso@redhat.com> - 2:2.1.2-6
|
||||
- CVE-2014-7815 vnc: insufficient bits_per_pixel from the client sanitization
|
||||
(bz #1157647, bz #1157641)
|
||||
|
|
Loading…
Reference in New Issue