Rebased to v2.4.0-rc0

0001-configure-Add-support-for-tcmalloc.patch

@@ -1,102 +0,0 @@
-From: Fam Zheng <famz@redhat.com>
-Date: Thu, 26 Mar 2015 11:03:12 +0800
-Subject: [PATCH] configure: Add support for tcmalloc
-
-This adds "--enable-tcmalloc" and "--disable-tcmalloc" to allow linking
-to libtcmalloc from gperftools.
-
-tcmalloc is a malloc implementation that works well with threads and is
-fast, so it is good for performance.
-
-It is disabled by default, because the MALLOC_PERTURB_ flag we use in
-tests doesn't work with tcmalloc. However we can enable tcmalloc
-specific heap checker and profilers later.
-
-An IOPS gain can be observed with virtio-blk-dataplane, other parts of
-QEMU will directly benefit from it as well:
-
-==========================================================
-                       glibc malloc
-----------------------------------------------------------
-rw         bs         iodepth    bw     iops       latency
-read       4k         1          150    38511      24
-----------------------------------------------------------
-
-==========================================================
-                         tcmalloc
-----------------------------------------------------------
-rw         bs         iodepth    bw     iops       latency
-read       4k         1          156    39969      23
-----------------------------------------------------------
-
-Signed-off-by: Fam Zheng <famz@redhat.com>
-Message-Id: <1427338992-27057-1-git-send-email-famz@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 2847b46958ab0bd604e1b3fcafba0f5ba4375833)
----
- configure | 24 ++++++++++++++++++++++++
- 1 file changed, 24 insertions(+)
-
-diff --git a/configure b/configure
-index 6969f6f..75a4def 100755
---- a/configure
-+++ b/configure
-@@ -336,6 +336,7 @@ libssh2=""
- vhdx=""
- quorum=""
- numa=""
-+tcmalloc="no"
- 
- # parse CC options first
- for opt do
-@@ -1134,6 +1135,10 @@ for opt do
-   ;;
-   --enable-numa) numa="yes"
-   ;;
-+  --disable-tcmalloc) tcmalloc="no"
-+  ;;
-+  --enable-tcmalloc) tcmalloc="yes"
-+  ;;
-   *)
-       echo "ERROR: unknown option $opt"
-       echo "Try '$0 --help' for more information"
-@@ -1407,6 +1412,8 @@ Advanced options (experts only):
-   --enable-quorum          enable quorum block filter support
-   --disable-numa           disable libnuma support
-   --enable-numa            enable libnuma support
-+  --disable-tcmalloc       disable tcmalloc support
-+  --enable-tcmalloc        enable tcmalloc support
- 
- NOTE: The object files are built at the place where configure is launched
- EOF
-@@ -3331,6 +3338,22 @@ EOF
- fi
- 
- ##########################################
-+# tcmalloc probe
-+
-+if test "$tcmalloc" = "yes" ; then
-+  cat > $TMPC << EOF
-+#include <stdlib.h>
-+int main(void) { malloc(1); return 0; }
-+EOF
-+
-+  if compile_prog "" "-ltcmalloc" ; then
-+    LIBS="-ltcmalloc $LIBS"
-+  else
-+    feature_not_found "tcmalloc" "install gperftools devel"
-+  fi
-+fi
-+
-+##########################################
- # signalfd probe
- signalfd="no"
- cat > $TMPC << EOF
-@@ -4441,6 +4464,7 @@ echo "lzo support       $lzo"
- echo "snappy support    $snappy"
- echo "bzip2 support     $bzip2"
- echo "NUMA host support $numa"
-+echo "tcmalloc support  $tcmalloc"
- 
- if test "$sdl_too_old" = "yes"; then
- echo "-> Your SDL version is too old - please upgrade to have SDL support"

0002-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch

@@ -1,82 +0,0 @@
-From: Petr Matousek <pmatouse@redhat.com>
-Date: Wed, 6 May 2015 09:48:59 +0200
-Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated
- buffer
-
-During processing of certain commands such as FD_CMD_READ_ID and
-FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
-get out of bounds leading to memory corruption with values coming
-from the guest.
-
-Fix this by making sure that the index is always bounded by the
-allocated memory.
-
-This is CVE-2015-3456.
-
-Signed-off-by: Petr Matousek <pmatouse@redhat.com>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Signed-off-by: John Snow <jsnow@redhat.com>
-(cherry picked from commit e907746266721f305d67bc0718795fedee2e824c)
----
- hw/block/fdc.c | 17 +++++++++++------
- 1 file changed, 11 insertions(+), 6 deletions(-)
-
-diff --git a/hw/block/fdc.c b/hw/block/fdc.c
-index 2bf87c9..a9de4ab 100644
---- a/hw/block/fdc.c
-+++ b/hw/block/fdc.c
-@@ -1512,7 +1512,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
- {
-     FDrive *cur_drv;
-     uint32_t retval = 0;
--    int pos;
-+    uint32_t pos;
- 
-     cur_drv = get_cur_drv(fdctrl);
-     fdctrl->dsr &= ~FD_DSR_PWRDOWN;
-@@ -1521,8 +1521,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
-         return 0;
-     }
-     pos = fdctrl->data_pos;
-+    pos %= FD_SECTOR_LEN;
-     if (fdctrl->msr & FD_MSR_NONDMA) {
--        pos %= FD_SECTOR_LEN;
-         if (pos == 0) {
-             if (fdctrl->data_pos != 0)
-                 if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
-@@ -1867,10 +1867,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
- static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
- {
-     FDrive *cur_drv = get_cur_drv(fdctrl);
-+    uint32_t pos;
- 
--    if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
-+    pos = fdctrl->data_pos - 1;
-+    pos %= FD_SECTOR_LEN;
-+    if (fdctrl->fifo[pos] & 0x80) {
-         /* Command parameters done */
--        if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
-+        if (fdctrl->fifo[pos] & 0x40) {
-             fdctrl->fifo[0] = fdctrl->fifo[1];
-             fdctrl->fifo[2] = 0;
-             fdctrl->fifo[3] = 0;
-@@ -1970,7 +1973,7 @@ static uint8_t command_to_handler[256];
- static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
- {
-     FDrive *cur_drv;
--    int pos;
-+    uint32_t pos;
- 
-     /* Reset mode */
-     if (!(fdctrl->dor & FD_DOR_nRESET)) {
-@@ -2019,7 +2022,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
-     }
- 
-     FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
--    fdctrl->fifo[fdctrl->data_pos++] = value;
-+    pos = fdctrl->data_pos++;
-+    pos %= FD_SECTOR_LEN;
-+    fdctrl->fifo[pos] = value;
-     if (fdctrl->data_pos == fdctrl->data_len) {
-         /* We now have all parameters
-          * and will be able to treat the command

0003-slirp-use-less-predictable-directory-name-in-tmp-for.patch

@@ -1,50 +0,0 @@
-From: Michael Tokarev <mjt@tls.msk.ru>
-Date: Thu, 28 May 2015 14:12:26 +0300
-Subject: [PATCH] slirp: use less predictable directory name in /tmp for smb
- config (CVE-2015-4037)
-
-In this version I used mkdtemp(3) which is:
-
-        _BSD_SOURCE
-        || /* Since glibc 2.10: */
-            (_POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700)
-
-(POSIX.1-2008), so should be available on systems we care about.
-
-While at it, reset the resulting directory name within smb structure
-on error so cleanup function wont try to remove directory which we
-failed to create.
-
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-Reviewed-by: Markus Armbruster <armbru@redhat.com>
-(cherry picked from commit 8b8f1c7e9ddb2e88a144638f6527bf70e32343e3)
----
- net/slirp.c | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/net/slirp.c b/net/slirp.c
-index 9bbed74..3090c10 100644
---- a/net/slirp.c
-+++ b/net/slirp.c
-@@ -481,7 +481,6 @@ static void slirp_smb_cleanup(SlirpState *s)
- static int slirp_smb(SlirpState* s, const char *exported_dir,
-                      struct in_addr vserver_addr)
- {
--    static int instance;
-     char smb_conf[128];
-     char smb_cmdline[128];
-     struct passwd *passwd;
-@@ -505,10 +504,10 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
-         return -1;
-     }
- 
--    snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.%ld-%d",
--             (long)getpid(), instance++);
--    if (mkdir(s->smb_dir, 0700) < 0) {
-+    snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.XXXXXX");
-+    if (!mkdtemp(s->smb_dir)) {
-         error_report("could not create samba server dir '%s'", s->smb_dir);
-+        s->smb_dir[0] = 0;
-         return -1;
-     }
-     snprintf(smb_conf, sizeof(smb_conf), "%s/%s", s->smb_dir, "smb.conf");

qemu.spec

@@ -39,14 +39,14 @@
 
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
-Version: 2.3.0
-Release: 15%{?dist}
+Version: 2.4.0
+Release: 0.1.rc0%{?dist}
 Epoch: 2
 License: GPLv2+ and LGPLv2+ and BSD
 Group: Development/Tools
 URL: http://www.qemu.org/
 
-Source0: http://wiki.qemu-project.org/download/%{name}-%{version}.tar.bz2
+Source0: http://wiki.qemu-project.org/download/%{name}-%{version}-rc0.tar.bz2
 
 Source1: qemu.binfmt
 
@@ -68,14 +68,6 @@ Source12: bridge.conf
 # qemu-kvm back compat wrapper
 Source13: qemu-kvm.sh
 
-# Backport upstream 2.4 patch to link with tcmalloc, enable it
-Patch0001: 0001-configure-Add-support-for-tcmalloc.patch
-# CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access
-# (bz #1221152)
-Patch0002: 0002-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch
-# CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz
-# #1222894)
-Patch0003: 0003-slirp-use-less-predictable-directory-name-in-tmp-for.patch
 
 BuildRequires: SDL2-devel
 BuildRequires: zlib-devel
@@ -164,6 +156,8 @@ BuildRequires: numactl-devel
 %endif
 # Added in qemu 2.3
 BuildRequires: bzip2-devel
+# Added in qemu 2.4 for opengl bits
+Requires: libepoxy-devel
 
 
 Requires: %{name}-user = %{epoch}:%{version}-%{release}
@@ -546,7 +540,7 @@ CAC emulation development files.
 
 
 %prep
-%setup -q -n qemu-%{version}
+%setup -q -n qemu-%{version}-rc0
 %autopatch -p1
 
 
@@ -661,6 +655,7 @@ gcc %{_sourcedir}/ksmctl.c -O2 -g -o ksmctl
 
 mkdir -p %{buildroot}%{_udevdir}
 mkdir -p %{buildroot}%{_unitdir}
+mkdir -p %{buildroot}%{_sysconfdir}/qemu
 
 install -D -p -m 0644 %{_sourcedir}/ksm.service %{buildroot}%{_unitdir}
 install -D -p -m 0644 %{_sourcedir}/ksm.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/ksm
@@ -741,6 +736,7 @@ rom_link ../seavgabios/vgabios-cirrus.bin vgabios-cirrus.bin
 rom_link ../seavgabios/vgabios-qxl.bin vgabios-qxl.bin
 rom_link ../seavgabios/vgabios-stdvga.bin vgabios-stdvga.bin
 rom_link ../seavgabios/vgabios-vmware.bin vgabios-vmware.bin
+rom_link ../seavgabios/vgabios-virtio.bin vgabios-virtio.bin
 rom_link ../seabios/bios.bin bios.bin
 rom_link ../seabios/bios-256k.bin bios-256k.bin
 rom_link ../seabios/acpi-dsdt.aml acpi-dsdt.aml
@@ -1015,6 +1011,7 @@ getent passwd qemu >/dev/null || \
 %{_datadir}/%{name}/vgabios-qxl.bin
 %{_datadir}/%{name}/vgabios-stdvga.bin
 %{_datadir}/%{name}/vgabios-vmware.bin
+%{_datadir}/%{name}/vgabios-virtio.bin
 %{_datadir}/%{name}/pxe-e1000.rom
 %{_datadir}/%{name}/efi-e1000.rom
 %{_datadir}/%{name}/pxe-virtio.rom
@@ -1025,7 +1022,6 @@ getent passwd qemu >/dev/null || \
 %{_datadir}/%{name}/efi-rtl8139.rom
 %{_datadir}/%{name}/pxe-ne2k_pci.rom
 %{_datadir}/%{name}/efi-ne2k_pci.rom
-%config(noreplace) %{_sysconfdir}/qemu/target-x86_64.conf
 %ifarch %{ix86} x86_64
 %{?kvm_files:}
 %endif
@@ -1204,6 +1200,9 @@ getent passwd qemu >/dev/null || \
 
 
 %changelog
+* Tue Jul 14 2015 Cole Robinson <crobinso@redhat.com> 2:2.4.0-0.1-rc0
+- Rebased to version 2.4.0-rc0
+
 * Fri Jul  3 2015 Richard W.M. Jones <rjones@redhat.com> - 2:2.3.0-15
 - Bump and rebuild.
 

sources

@@ -1 +1 @@
-2fab3ea4460de9b57192e5b8b311f221  qemu-2.3.0.tar.bz2
+0c890db3811f2ad9cc7bb2a5afe08e4c  qemu-2.4.0-rc0.tar.bz2