Rebased to v2.4.0-rc0

2015-07-14 15:31:59 -04:00 · 2015-07-14 15:31:59 -04:00 · de4550957e
commit de4550957e
parent 61ce511be4
5 changed files with 13 additions and 248 deletions
--- a/0001-configure-Add-support-for-tcmalloc.patch
+++ b/0001-configure-Add-support-for-tcmalloc.patch
@ -1,102 +0,0 @@
 From: Fam Zheng <famz@redhat.com>
 Date: Thu, 26 Mar 2015 11:03:12 +0800
 Subject: [PATCH] configure: Add support for tcmalloc
 This adds "--enable-tcmalloc" and "--disable-tcmalloc" to allow linking
 to libtcmalloc from gperftools.
 tcmalloc is a malloc implementation that works well with threads and is
 fast, so it is good for performance.
 It is disabled by default, because the MALLOC_PERTURB_ flag we use in
 tests doesn't work with tcmalloc. However we can enable tcmalloc
 specific heap checker and profilers later.
 An IOPS gain can be observed with virtio-blk-dataplane, other parts of
 QEMU will directly benefit from it as well:
 ==========================================================
                       glibc malloc
 ----------------------------------------------------------
 rw         bs         iodepth    bw     iops       latency
 read       4k         1          150    38511      24
 ----------------------------------------------------------
 ==========================================================
                         tcmalloc
 ----------------------------------------------------------
 rw         bs         iodepth    bw     iops       latency
 read       4k         1          156    39969      23
 ----------------------------------------------------------
 Signed-off-by: Fam Zheng <famz@redhat.com>
 Message-Id: <1427338992-27057-1-git-send-email-famz@redhat.com>
 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 (cherry picked from commit 2847b46958ab0bd604e1b3fcafba0f5ba4375833)
 ---
 configure | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 diff --git a/configure b/configure
 index 6969f6f..75a4def 100755
 --- a/configure
 +++ b/configure
@@ -336,6 +336,7 @@ libssh2=""
 vhdx=""
 quorum=""
 numa=""
 +tcmalloc="no"
 # parse CC options first
 for opt do
@@ -1134,6 +1135,10 @@ for opt do
   ;;
   --enable-numa) numa="yes"
   ;;
 +  --disable-tcmalloc) tcmalloc="no"
 +  ;;
 +  --enable-tcmalloc) tcmalloc="yes"
 +  ;;
   *)
       echo "ERROR: unknown option $opt"
       echo "Try '$0 --help' for more information"
@@ -1407,6 +1412,8 @@ Advanced options (experts only):
   --enable-quorum          enable quorum block filter support
   --disable-numa           disable libnuma support
   --enable-numa            enable libnuma support
 +  --disable-tcmalloc       disable tcmalloc support
 +  --enable-tcmalloc        enable tcmalloc support
 NOTE: The object files are built at the place where configure is launched
 EOF
@@ -3331,6 +3338,22 @@ EOF
 fi
 ##########################################
 +# tcmalloc probe
 +
 +if test "$tcmalloc" = "yes" ; then
 +  cat > $TMPC << EOF
 +#include <stdlib.h>
 +int main(void) { malloc(1); return 0; }
 +EOF
 +
 +  if compile_prog "" "-ltcmalloc" ; then
 +    LIBS="-ltcmalloc $LIBS"
 +  else
 +    feature_not_found "tcmalloc" "install gperftools devel"
 +  fi
 +fi
 +
 +##########################################
 # signalfd probe
 signalfd="no"
 cat > $TMPC << EOF
@@ -4441,6 +4464,7 @@ echo "lzo support       $lzo"
 echo "snappy support    $snappy"
 echo "bzip2 support     $bzip2"
 echo "NUMA host support $numa"
 +echo "tcmalloc support  $tcmalloc"
 if test "$sdl_too_old" = "yes"; then
 echo "-> Your SDL version is too old - please upgrade to have SDL support"
--- a/0002-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch
+++ b/0002-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch
@ -1,82 +0,0 @@
 From: Petr Matousek <pmatouse@redhat.com>
 Date: Wed, 6 May 2015 09:48:59 +0200
 Subject: [PATCH] fdc: force the fifo access to be in bounds of the allocated
 buffer
 During processing of certain commands such as FD_CMD_READ_ID and
 FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
 get out of bounds leading to memory corruption with values coming
 from the guest.
 Fix this by making sure that the index is always bounded by the
 allocated memory.
 This is CVE-2015-3456.
 Signed-off-by: Petr Matousek <pmatouse@redhat.com>
 Reviewed-by: John Snow <jsnow@redhat.com>
 Signed-off-by: John Snow <jsnow@redhat.com>
 (cherry picked from commit e907746266721f305d67bc0718795fedee2e824c)
 ---
 hw/block/fdc.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)
 diff --git a/hw/block/fdc.c b/hw/block/fdc.c
 index 2bf87c9..a9de4ab 100644
 --- a/hw/block/fdc.c
 +++ b/hw/block/fdc.c
@@ -1512,7 +1512,7 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
 {
     FDrive *cur_drv;
     uint32_t retval = 0;
 -    int pos;
 +    uint32_t pos;
     cur_drv = get_cur_drv(fdctrl);
     fdctrl->dsr &= ~FD_DSR_PWRDOWN;
@@ -1521,8 +1521,8 @@ static uint32_t fdctrl_read_data(FDCtrl *fdctrl)
         return 0;
     }
     pos = fdctrl->data_pos;
 +    pos %= FD_SECTOR_LEN;
     if (fdctrl->msr & FD_MSR_NONDMA) {
 -        pos %= FD_SECTOR_LEN;
         if (pos == 0) {
             if (fdctrl->data_pos != 0)
                 if (!fdctrl_seek_to_next_sect(fdctrl, cur_drv)) {
@@ -1867,10 +1867,13 @@ static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
 static void fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direction)
 {
     FDrive *cur_drv = get_cur_drv(fdctrl);
 +    uint32_t pos;
 -    if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x80) {
 +    pos = fdctrl->data_pos - 1;
 +    pos %= FD_SECTOR_LEN;
 +    if (fdctrl->fifo[pos] & 0x80) {
         /* Command parameters done */
 -        if (fdctrl->fifo[fdctrl->data_pos - 1] & 0x40) {
 +        if (fdctrl->fifo[pos] & 0x40) {
             fdctrl->fifo[0] = fdctrl->fifo[1];
             fdctrl->fifo[2] = 0;
             fdctrl->fifo[3] = 0;
@@ -1970,7 +1973,7 @@ static uint8_t command_to_handler[256];
 static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
 {
     FDrive *cur_drv;
 -    int pos;
 +    uint32_t pos;
     /* Reset mode */
     if (!(fdctrl->dor & FD_DOR_nRESET)) {
@@ -2019,7 +2022,9 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value)
     }
     FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
 -    fdctrl->fifo[fdctrl->data_pos++] = value;
 +    pos = fdctrl->data_pos++;
 +    pos %= FD_SECTOR_LEN;
 +    fdctrl->fifo[pos] = value;
     if (fdctrl->data_pos == fdctrl->data_len) {
         /* We now have all parameters
          * and will be able to treat the command
--- a/0003-slirp-use-less-predictable-directory-name-in-tmp-for.patch
+++ b/0003-slirp-use-less-predictable-directory-name-in-tmp-for.patch
@ -1,50 +0,0 @@
 From: Michael Tokarev <mjt@tls.msk.ru>
 Date: Thu, 28 May 2015 14:12:26 +0300
 Subject: [PATCH] slirp: use less predictable directory name in /tmp for smb
 config (CVE-2015-4037)
 In this version I used mkdtemp(3) which is:
        _BSD_SOURCE
        || /* Since glibc 2.10: */
            (_POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700)
 (POSIX.1-2008), so should be available on systems we care about.
 While at it, reset the resulting directory name within smb structure
 on error so cleanup function wont try to remove directory which we
 failed to create.
 Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
 Reviewed-by: Markus Armbruster <armbru@redhat.com>
 (cherry picked from commit 8b8f1c7e9ddb2e88a144638f6527bf70e32343e3)
 ---
 net/slirp.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
 diff --git a/net/slirp.c b/net/slirp.c
 index 9bbed74..3090c10 100644
 --- a/net/slirp.c
 +++ b/net/slirp.c
@@ -481,7 +481,6 @@ static void slirp_smb_cleanup(SlirpState *s)
 static int slirp_smb(SlirpState* s, const char *exported_dir,
                      struct in_addr vserver_addr)
 {
 -    static int instance;
     char smb_conf[128];
     char smb_cmdline[128];
     struct passwd *passwd;
@@ -505,10 +504,10 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
         return -1;
     }
 -    snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.%ld-%d",
 -             (long)getpid(), instance++);
 -    if (mkdir(s->smb_dir, 0700) < 0) {
 +    snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.XXXXXX");
 +    if (!mkdtemp(s->smb_dir)) {
         error_report("could not create samba server dir '%s'", s->smb_dir);
 +        s->smb_dir[0] = 0;
         return -1;
     }
     snprintf(smb_conf, sizeof(smb_conf), "%s/%s", s->smb_dir, "smb.conf");
--- a/qemu.spec
+++ b/qemu.spec
@ -39,14 +39,14 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
-Version: 2.3.0
+Version: 2.4.0
-Release: 15%{?dist}
+Release: 0.1.rc0%{?dist}
 Epoch: 2
 License: GPLv2+ and LGPLv2+ and BSD
 Group: Development/Tools
 URL: http://www.qemu.org/
-Source0: http://wiki.qemu-project.org/download/%{name}-%{version}.tar.bz2
+Source0: http://wiki.qemu-project.org/download/%{name}-%{version}-rc0.tar.bz2
 Source1: qemu.binfmt
@ -68,14 +68,6 @@ Source12: bridge.conf
 # qemu-kvm back compat wrapper
 Source13: qemu-kvm.sh
 # Backport upstream 2.4 patch to link with tcmalloc, enable it
 Patch0001: 0001-configure-Add-support-for-tcmalloc.patch
 # CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access
 # (bz #1221152)
 Patch0002: 0002-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch
 # CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz
 # #1222894)
 Patch0003: 0003-slirp-use-less-predictable-directory-name-in-tmp-for.patch
 BuildRequires: SDL2-devel
 BuildRequires: zlib-devel
@ -164,6 +156,8 @@ BuildRequires: numactl-devel
 %endif
 # Added in qemu 2.3
 BuildRequires: bzip2-devel
 # Added in qemu 2.4 for opengl bits
 Requires: libepoxy-devel
 Requires: %{name}-user = %{epoch}:%{version}-%{release}
@ -546,7 +540,7 @@ CAC emulation development files.
 %prep
-%setup -q -n qemu-%{version}
+%setup -q -n qemu-%{version}-rc0
 %autopatch -p1
@ -661,6 +655,7 @@ gcc %{_sourcedir}/ksmctl.c -O2 -g -o ksmctl
 mkdir -p %{buildroot}%{_udevdir}
 mkdir -p %{buildroot}%{_unitdir}
 mkdir -p %{buildroot}%{_sysconfdir}/qemu
 install -D -p -m 0644 %{_sourcedir}/ksm.service %{buildroot}%{_unitdir}
 install -D -p -m 0644 %{_sourcedir}/ksm.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/ksm
@ -741,6 +736,7 @@ rom_link ../seavgabios/vgabios-cirrus.bin vgabios-cirrus.bin
 rom_link ../seavgabios/vgabios-qxl.bin vgabios-qxl.bin
 rom_link ../seavgabios/vgabios-stdvga.bin vgabios-stdvga.bin
 rom_link ../seavgabios/vgabios-vmware.bin vgabios-vmware.bin
 rom_link ../seavgabios/vgabios-virtio.bin vgabios-virtio.bin
 rom_link ../seabios/bios.bin bios.bin
 rom_link ../seabios/bios-256k.bin bios-256k.bin
 rom_link ../seabios/acpi-dsdt.aml acpi-dsdt.aml
@ -1015,6 +1011,7 @@ getent passwd qemu >/dev/null || \
 %{_datadir}/%{name}/vgabios-qxl.bin
 %{_datadir}/%{name}/vgabios-stdvga.bin
 %{_datadir}/%{name}/vgabios-vmware.bin
 %{_datadir}/%{name}/vgabios-virtio.bin
 %{_datadir}/%{name}/pxe-e1000.rom
 %{_datadir}/%{name}/efi-e1000.rom
 %{_datadir}/%{name}/pxe-virtio.rom
@ -1025,7 +1022,6 @@ getent passwd qemu >/dev/null || \
 %{_datadir}/%{name}/efi-rtl8139.rom
 %{_datadir}/%{name}/pxe-ne2k_pci.rom
 %{_datadir}/%{name}/efi-ne2k_pci.rom
 %config(noreplace) %{_sysconfdir}/qemu/target-x86_64.conf
 %ifarch %{ix86} x86_64
 %{?kvm_files:}
 %endif
@ -1204,6 +1200,9 @@ getent passwd qemu >/dev/null || \
 %changelog
 * Tue Jul 14 2015 Cole Robinson <crobinso@redhat.com> 2:2.4.0-0.1-rc0
 - Rebased to version 2.4.0-rc0
 * Fri Jul  3 2015 Richard W.M. Jones <rjones@redhat.com> - 2:2.3.0-15
 - Bump and rebuild.
--- a/2
+++ b/2
@ -1 +1 @@
-2fab3ea4460de9b57192e5b8b311f221  qemu-2.3.0.tar.bz2
+0c890db3811f2ad9cc7bb2a5afe08e4c  qemu-2.4.0-rc0.tar.bz2
`@ -1 +1 @@`
	`2fab3ea4460de9b57192e5b8b311f221 qemu-2.3.0.tar.bz2`	`0c890db3811f2ad9cc7bb2a5afe08e4c qemu-2.4.0-rc0.tar.bz2`