Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Aric Belsito <lluixhi@×××××.com>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/musl:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
Date: Mon, 13 Nov 2017 21:18:26
Message-Id: 1510607834.3c163a962cd7f22f3c86a503904df8d813722418.lluixhi@gentoo
1 commit: 3c163a962cd7f22f3c86a503904df8d813722418
2 Author: Aric Belsito <lluixhi <AT> gmail <DOT> com>
3 AuthorDate: Mon Nov 13 21:17:14 2017 +0000
4 Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com>
5 CommitDate: Mon Nov 13 21:17:14 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=3c163a96
7
8 app-emulation/qemu: version bump to 2.10.1
9
10 remove old versions.
11
12 app-emulation/qemu/Manifest | 2 +-
13 .../qemu/files/qemu-2.10.1-CVE-2017-15268.patch | 54 ++
14 .../qemu/files/qemu-2.10.1-CVE-2017-15289.patch | 58 ++
15 .../qemu/files/qemu-2.9.0-CVE-2017-10664.patch | 47 --
16 .../qemu/files/qemu-2.9.0-CVE-2017-10806.patch | 50 --
17 .../qemu/files/qemu-2.9.0-CVE-2017-11334.patch | 40 -
18 .../qemu/files/qemu-2.9.0-CVE-2017-11434.patch | 29 -
19 .../qemu/files/qemu-2.9.0-CVE-2017-7493.patch | 174 -----
20 .../qemu/files/qemu-2.9.0-CVE-2017-8112.patch | 22 -
21 .../qemu/files/qemu-2.9.0-CVE-2017-8309.patch | 22 -
22 .../qemu/files/qemu-2.9.0-CVE-2017-8379.patch | 76 --
23 .../qemu/files/qemu-2.9.0-CVE-2017-8380.patch | 34 -
24 .../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch | 122 ----
25 .../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch | 114 ---
26 .../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch | 80 --
27 .../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch | 197 -----
28 .../{qemu-2.10.0-r1.ebuild => qemu-2.10.1.ebuild} | 20 +-
29 app-emulation/qemu/qemu-2.9.0-r56.ebuild | 799 --------------------
30 app-emulation/qemu/qemu-2.9.0-r57.ebuild | 802 ---------------------
31 19 files changed, 129 insertions(+), 2613 deletions(-)
32
33 diff --git a/app-emulation/qemu/Manifest b/app-emulation/qemu/Manifest
34 index 0c8db49..95c955c 100644
35 --- a/app-emulation/qemu/Manifest
36 +++ b/app-emulation/qemu/Manifest
37 @@ -1,2 +1,2 @@
38 DIST qemu-2.10.0.tar.bz2 30955656 SHA256 7e9f39e1306e6dcc595494e91c1464d4b03f55ddd2053183e0e1b69f7f776d48 SHA512 ea21c014030f8a902df159641e6ccb45f0850ac5cb1cb8ab6845124c44ea5def54845e7bc66a6e80d624c78069f9baa913ee5119704076ae4ff47ab018ace9f9 WHIRLPOOL 58f846788fdf2b0c90e6d17ce921a1fe02556968d38ffc11be7e32b81ebc723dfeaa790f22d8085d4f388eb01fe0daa3ddbc00630c5ecba083df33cc9709fb39
39 -DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
40 +DIST qemu-2.10.1.tar.bz2 30821108 SHA256 8e040bc7556401ebb3a347a8f7878e9d4028cf71b2744b1a1699f4e741966ba8 SHA512 1a4a6ebf700ec6851c83cc2a71eaea8d95f14c685d094eaaa86c740eb9401e49a79074b72385f58681ca7646771a99bb6bbd9bebb39162f7220626d37ed0654f WHIRLPOOL 79b1b8c19affc799e1a42c02a7c2fea13bf4ca1f9a2aa6e765d529aa3531f68cca77e92264561b2884314074f3148469f5a2f976c3473beb5ed0568617ce777b
41
42 diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
43 new file mode 100644
44 index 0000000..7d08b32
45 --- /dev/null
46 +++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
47 @@ -0,0 +1,54 @@
48 +From a7b20a8efa28e5f22c26c06cd06c2f12bc863493 Mon Sep 17 00:00:00 2001
49 +From: "Daniel P. Berrange" <berrange@××××××.com>
50 +Date: Mon, 9 Oct 2017 14:43:42 +0100
51 +Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource
52 +
53 +The websocket GSource is monitoring the size of the rawoutput
54 +buffer to determine if the channel can accepts more writes.
55 +The rawoutput buffer, however, is merely a temporary staging
56 +buffer before data is copied into the encoutput buffer. Thus
57 +its size will always be zero when the GSource runs.
58 +
59 +This flaw causes the encoutput buffer to grow without bound
60 +if the other end of the underlying data channel doesn't
61 +read data being sent. This can be seen with VNC if a client
62 +is on a slow WAN link and the guest OS is sending many screen
63 +updates. A malicious VNC client can act like it is on a slow
64 +link by playing a video in the guest and then reading data
65 +very slowly, causing QEMU host memory to expand arbitrarily.
66 +
67 +This issue is assigned CVE-2017-15268, publically reported in
68 +
69 + https://bugs.launchpad.net/qemu/+bug/1718964
70 +
71 +Reviewed-by: Eric Blake <eblake@××××××.com>
72 +Signed-off-by: Daniel P. Berrange <berrange@××××××.com>
73 +---
74 + io/channel-websock.c | 4 ++--
75 + 1 file changed, 2 insertions(+), 2 deletions(-)
76 +
77 +diff --git a/io/channel-websock.c b/io/channel-websock.c
78 +index d1d471f86e..04bcc059cd 100644
79 +--- a/io/channel-websock.c
80 ++++ b/io/channel-websock.c
81 +@@ -28,7 +28,7 @@
82 + #include <time.h>
83 +
84 +
85 +-/* Max amount to allow in rawinput/rawoutput buffers */
86 ++/* Max amount to allow in rawinput/encoutput buffers */
87 + #define QIO_CHANNEL_WEBSOCK_MAX_BUFFER 8192
88 +
89 + #define QIO_CHANNEL_WEBSOCK_CLIENT_KEY_LEN 24
90 +@@ -1208,7 +1208,7 @@ qio_channel_websock_source_check(GSource *source)
91 + if (wsource->wioc->rawinput.offset || wsource->wioc->io_eof) {
92 + cond |= G_IO_IN;
93 + }
94 +- if (wsource->wioc->rawoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
95 ++ if (wsource->wioc->encoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
96 + cond |= G_IO_OUT;
97 + }
98 +
99 +--
100 +2.13.6
101 +
102
103 diff --git a/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch
104 new file mode 100644
105 index 0000000..a4ad2d5
106 --- /dev/null
107 +++ b/app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch
108 @@ -0,0 +1,58 @@
109 +From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001
110 +From: Gerd Hoffmann <kraxel@××××××.com>
111 +Date: Wed, 11 Oct 2017 10:43:14 +0200
112 +Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions
113 +
114 +Move dst calculation into the loop, so we apply the mask on each
115 +interation and will not overflow vga memory.
116 +
117 +Cc: Prasad J Pandit <pjp@×××××××××××××.org>
118 +Reported-by: Niu Guoxiang <niuguoxiang@××××××.com>
119 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
120 +Message-id: 20171011084314.21752-1-kraxel@××××××.com
121 +---
122 + hw/display/cirrus_vga.c | 6 ++----
123 + 1 file changed, 2 insertions(+), 4 deletions(-)
124 +
125 +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
126 +index b4d579857a..bc32bf1e39 100644
127 +--- a/hw/display/cirrus_vga.c
128 ++++ b/hw/display/cirrus_vga.c
129 +@@ -2038,15 +2038,14 @@ static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
130 + unsigned val = mem_value;
131 + uint8_t *dst;
132 +
133 +- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
134 + for (x = 0; x < 8; x++) {
135 ++ dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask);
136 + if (val & 0x80) {
137 + *dst = s->cirrus_shadow_gr1;
138 + } else if (mode == 5) {
139 + *dst = s->cirrus_shadow_gr0;
140 + }
141 + val <<= 1;
142 +- dst++;
143 + }
144 + memory_region_set_dirty(&s->vga.vram, offset, 8);
145 + }
146 +@@ -2060,8 +2059,8 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
147 + unsigned val = mem_value;
148 + uint8_t *dst;
149 +
150 +- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
151 + for (x = 0; x < 8; x++) {
152 ++ dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1);
153 + if (val & 0x80) {
154 + *dst = s->cirrus_shadow_gr1;
155 + *(dst + 1) = s->vga.gr[0x11];
156 +@@ -2070,7 +2069,6 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
157 + *(dst + 1) = s->vga.gr[0x10];
158 + }
159 + val <<= 1;
160 +- dst += 2;
161 + }
162 + memory_region_set_dirty(&s->vga.vram, offset, 16);
163 + }
164 +--
165 +2.13.6
166 +
167
168 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
169 deleted file mode 100644
170 index 7db0692..0000000
171 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
172 +++ /dev/null
173 @@ -1,47 +0,0 @@
174 -From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001
175 -From: Max Reitz <mreitz@××××××.com>
176 -Date: Sun, 11 Jun 2017 14:37:14 +0200
177 -Subject: [PATCH] qemu-nbd: Ignore SIGPIPE
178 -
179 -qemu proper has done so for 13 years
180 -(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have
181 -done so for four years (526eda14a68d5b3596be715505289b541288ef2a).
182 -Ignoring this signal is especially important in qemu-nbd because
183 -otherwise a client can easily take down the qemu-nbd server by dropping
184 -the connection when the server wants to send something, for example:
185 -
186 -$ qemu-nbd -x foo -f raw -t null-co:// &
187 -[1] 12726
188 -$ qemu-io -c quit nbd://localhost/bar
189 -can't open device nbd://localhost/bar: No export with name 'bar' available
190 -[1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co://
191 -
192 -In this case, the client sends an NBD_OPT_ABORT and closes the
193 -connection (because it is not required to wait for a reply), but the
194 -server replies with an NBD_REP_ACK (because it is required to reply).
195 -
196 -Signed-off-by: Max Reitz <mreitz@××××××.com>
197 -Message-Id: <20170611123714.31292-1-mreitz@××××××.com>
198 -Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
199 ----
200 - qemu-nbd.c | 4 ++++
201 - 1 file changed, 4 insertions(+)
202 -
203 -diff --git a/qemu-nbd.c b/qemu-nbd.c
204 -index 9464a0461c..4dd3fd4732 100644
205 ---- a/qemu-nbd.c
206 -+++ b/qemu-nbd.c
207 -@@ -581,6 +581,10 @@ int main(int argc, char **argv)
208 - sa_sigterm.sa_handler = termsig_handler;
209 - sigaction(SIGTERM, &sa_sigterm, NULL);
210 -
211 -+#ifdef CONFIG_POSIX
212 -+ signal(SIGPIPE, SIG_IGN);
213 -+#endif
214 -+
215 - module_call_init(MODULE_INIT_TRACE);
216 - qcrypto_init(&error_fatal);
217 -
218 ---
219 -2.13.0
220 -
221
222 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
223 deleted file mode 100644
224 index 0074f5f..0000000
225 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
226 +++ /dev/null
227 @@ -1,50 +0,0 @@
228 -From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001
229 -From: Gerd Hoffmann <kraxel@××××××.com>
230 -Date: Tue, 9 May 2017 13:01:28 +0200
231 -Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data
232 -MIME-Version: 1.0
233 -Content-Type: text/plain; charset=UTF-8
234 -Content-Transfer-Encoding: 8bit
235 -
236 -Don't reinvent a broken wheel, just use the hexdump function we have.
237 -
238 -Impact: low, broken code doesn't run unless you have debug logging
239 -enabled.
240 -
241 -Reported-by: 李强 <liqiang6-s@×××.cn>
242 -Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
243 -Message-id: 20170509110128.27261-1-kraxel@××××××.com
244 ----
245 - hw/usb/redirect.c | 13 +------------
246 - 1 file changed, 1 insertion(+), 12 deletions(-)
247 -
248 -diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
249 -index b001a27f05..ad5ef783a6 100644
250 ---- a/hw/usb/redirect.c
251 -+++ b/hw/usb/redirect.c
252 -@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
253 - static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
254 - const uint8_t *data, int len)
255 - {
256 -- int i, j, n;
257 --
258 - if (dev->debug < usbredirparser_debug_data) {
259 - return;
260 - }
261 --
262 -- for (i = 0; i < len; i += j) {
263 -- char buf[128];
264 --
265 -- n = sprintf(buf, "%s", desc);
266 -- for (j = 0; j < 8 && i + j < len; j++) {
267 -- n += sprintf(buf + n, " %02X", data[i + j]);
268 -- }
269 -- error_report("%s", buf);
270 -- }
271 -+ qemu_hexdump((char *)data, stderr, desc, len);
272 - }
273 -
274 - /*
275 ---
276 -2.13.0
277 -
278
279 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
280 deleted file mode 100644
281 index bfe4c7d..0000000
282 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
283 +++ /dev/null
284 @@ -1,40 +0,0 @@
285 -[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest
286 -From: Prasad J Pandit <address@hidden>
287 -
288 -When accessing guest's ram block during DMA operation, use
289 -'qemu_ram_ptr_length' to get ram block pointer. It ensures
290 -that DMA operation of given length is possible; And avoids
291 -any OOB memory access situations.
292 -
293 -Reported-by: Alex <address@hidden>
294 -Signed-off-by: Prasad J Pandit <address@hidden>
295 -Message-Id: <address@hidden>
296 -Signed-off-by: Paolo Bonzini <address@hidden>
297 ----
298 - exec.c | 4 ++--
299 - 1 file changed, 2 insertions(+), 2 deletions(-)
300 -
301 -diff --git a/exec.c b/exec.c
302 -index a083ff8..ad103ce 100644
303 ---- a/exec.c
304 -+++ b/exec.c
305 -@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
306 - }
307 - } else {
308 - /* RAM case */
309 -- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
310 -+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
311 - memcpy(ptr, buf, l);
312 - invalidate_and_set_dirty(mr, addr1, l);
313 - }
314 -@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
315 - }
316 - } else {
317 - /* RAM case */
318 -- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
319 -+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
320 - memcpy(buf, ptr, l);
321 - }
322 -
323 ---
324 -1.8.3.1
325
326 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
327 deleted file mode 100644
328 index 5d32067..0000000
329 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
330 +++ /dev/null
331 @@ -1,29 +0,0 @@
332 -[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
333 -From: Prasad J Pandit <address@hidden>
334 -
335 -While parsing dhcp options string in 'dhcp_decode', if an options'
336 -length 'len' appeared towards the end of 'bp_vend' array, ensuing
337 -read could lead to an OOB memory access issue. Add check to avoid it.
338 -
339 -Reported-by: Reno Robert <address@hidden>
340 -Signed-off-by: Prasad J Pandit <address@hidden>
341 ----
342 - slirp/bootp.c | 3 +++
343 - 1 file changed, 3 insertions(+)
344 -
345 -diff --git a/slirp/bootp.c b/slirp/bootp.c
346 -index 5a4646c..5dd1a41 100644
347 ---- a/slirp/bootp.c
348 -+++ b/slirp/bootp.c
349 -@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
350 - if (p >= p_end)
351 - break;
352 - len = *p++;
353 -+ if (p + len > p_end) {
354 -+ break;
355 -+ }
356 - DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
357 -
358 - switch(tag) {
359 ---
360 -2.9.4
361
362 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
363 deleted file mode 100644
364 index 346e771..0000000
365 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
366 +++ /dev/null
367 @@ -1,174 +0,0 @@
368 -From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
369 -From: Greg Kurz <groug@××××.org>
370 -Date: Fri, 5 May 2017 14:48:08 +0200
371 -Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
372 -
373 -When using the mapped-file security mode, we shouldn't let the client mess
374 -with the metadata. The current code already tries to hide the metadata dir
375 -from the client by skipping it in local_readdir(). But the client can still
376 -access or modify it through several other operations. This can be used to
377 -escalate privileges in the guest.
378 -
379 -Affected backend operations are:
380 -- local_mknod()
381 -- local_mkdir()
382 -- local_open2()
383 -- local_symlink()
384 -- local_link()
385 -- local_unlinkat()
386 -- local_renameat()
387 -- local_rename()
388 -- local_name_to_path()
389 -
390 -Other operations are safe because they are only passed a fid path, which
391 -is computed internally in local_name_to_path().
392 -
393 -This patch converts all the functions listed above to fail and return
394 -EINVAL when being passed the name of the metadata dir. This may look
395 -like a poor choice for errno, but there's no such thing as an illegal
396 -path name on Linux and I could not think of anything better.
397 -
398 -This fixes CVE-2017-7493.
399 -
400 -Reported-by: Leo Gaspard <leo@×××××××.io>
401 -Signed-off-by: Greg Kurz <groug@××××.org>
402 -Reviewed-by: Eric Blake <eblake@××××××.com>
403 ----
404 - hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
405 - 1 file changed, 56 insertions(+), 2 deletions(-)
406 -
407 -diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
408 -index f3ebca4f7a..a2486566af 100644
409 ---- a/hw/9pfs/9p-local.c
410 -+++ b/hw/9pfs/9p-local.c
411 -@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
412 - return telldir(fs->dir.stream);
413 - }
414 -
415 -+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
416 -+{
417 -+ return !strcmp(name, VIRTFS_META_DIR);
418 -+}
419 -+
420 - static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
421 - {
422 - struct dirent *entry;
423 -@@ -465,8 +470,8 @@ again:
424 - if (ctx->export_flags & V9FS_SM_MAPPED) {
425 - entry->d_type = DT_UNKNOWN;
426 - } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
427 -- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
428 -- /* skp the meta data directory */
429 -+ if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
430 -+ /* skip the meta data directory */
431 - goto again;
432 - }
433 - entry->d_type = DT_UNKNOWN;
434 -@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
435 - int err = -1;
436 - int dirfd;
437 -
438 -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
439 -+ local_is_mapped_file_metadata(fs_ctx, name)) {
440 -+ errno = EINVAL;
441 -+ return -1;
442 -+ }
443 -+
444 - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
445 - if (dirfd == -1) {
446 - return -1;
447 -@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
448 - int err = -1;
449 - int dirfd;
450 -
451 -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
452 -+ local_is_mapped_file_metadata(fs_ctx, name)) {
453 -+ errno = EINVAL;
454 -+ return -1;
455 -+ }
456 -+
457 - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
458 - if (dirfd == -1) {
459 - return -1;
460 -@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
461 - int err = -1;
462 - int dirfd;
463 -
464 -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
465 -+ local_is_mapped_file_metadata(fs_ctx, name)) {
466 -+ errno = EINVAL;
467 -+ return -1;
468 -+ }
469 -+
470 - /*
471 - * Mark all the open to not follow symlinks
472 - */
473 -@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
474 - int err = -1;
475 - int dirfd;
476 -
477 -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
478 -+ local_is_mapped_file_metadata(fs_ctx, name)) {
479 -+ errno = EINVAL;
480 -+ return -1;
481 -+ }
482 -+
483 - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
484 - if (dirfd == -1) {
485 - return -1;
486 -@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
487 - int ret = -1;
488 - int odirfd, ndirfd;
489 -
490 -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
491 -+ local_is_mapped_file_metadata(ctx, name)) {
492 -+ errno = EINVAL;
493 -+ return -1;
494 -+ }
495 -+
496 - odirfd = local_opendir_nofollow(ctx, odirpath);
497 - if (odirfd == -1) {
498 - goto out;
499 -@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
500 - static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
501 - const char *name, V9fsPath *target)
502 - {
503 -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
504 -+ local_is_mapped_file_metadata(ctx, name)) {
505 -+ errno = EINVAL;
506 -+ return -1;
507 -+ }
508 -+
509 - if (dir_path) {
510 - v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
511 - } else if (strcmp(name, "/")) {
512 -@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
513 - int ret;
514 - int odirfd, ndirfd;
515 -
516 -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
517 -+ (local_is_mapped_file_metadata(ctx, old_name) ||
518 -+ local_is_mapped_file_metadata(ctx, new_name))) {
519 -+ errno = EINVAL;
520 -+ return -1;
521 -+ }
522 -+
523 - odirfd = local_opendir_nofollow(ctx, olddir->data);
524 - if (odirfd == -1) {
525 - return -1;
526 -@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
527 - int ret;
528 - int dirfd;
529 -
530 -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
531 -+ local_is_mapped_file_metadata(ctx, name)) {
532 -+ errno = EINVAL;
533 -+ return -1;
534 -+ }
535 -+
536 - dirfd = local_opendir_nofollow(ctx, dir->data);
537 - if (dirfd == -1) {
538 - return -1;
539 ---
540 -2.13.0
541 -
542
543 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
544 deleted file mode 100644
545 index 31fb69b..0000000
546 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
547 +++ /dev/null
548 @@ -1,22 +0,0 @@
549 -CVE-2017-8112
550 -
551 -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html
552 ----
553 - hw/scsi/vmw_pvscsi.c | 2 +-
554 - 1 file changed, 1 insertion(+), 1 deletion(-)
555 -
556 -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
557 -index 7557546..4a106da 100644
558 ---- a/hw/scsi/vmw_pvscsi.c
559 -+++ b/hw/scsi/vmw_pvscsi.c
560 -@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
561 - uint32_t len_log2;
562 - uint32_t ring_size;
563 -
564 -- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
565 -+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
566 - return -1;
567 - }
568 - ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
569 ---
570 -2.9.3
571
572 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
573 deleted file mode 100644
574 index 4f7f870..0000000
575 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
576 +++ /dev/null
577 @@ -1,22 +0,0 @@
578 -bug #616870
579 -
580 -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
581 ----
582 - audio/audio.c | 2 ++
583 - 1 file changed, 2 insertions(+)
584 -
585 -diff --git a/audio/audio.c b/audio/audio.c
586 -index c8898d8422..beafed209b 100644
587 ---- a/audio/audio.c
588 -+++ b/audio/audio.c
589 -@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
590 - sw = sw1;
591 - }
592 - QLIST_REMOVE (cap, entries);
593 -+ g_free (cap->hw.mix_buf);
594 -+ g_free (cap->buf);
595 - g_free (cap);
596 - }
597 - return;
598 ---
599 -2.9.3
600
601 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
602 deleted file mode 100644
603 index 0a34dae..0000000
604 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
605 +++ /dev/null
606 @@ -1,76 +0,0 @@
607 -bug #616872
608 -
609 -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
610 ----
611 - ui/input.c | 14 +++++++++++---
612 - 1 file changed, 11 insertions(+), 3 deletions(-)
613 -
614 -diff --git a/ui/input.c b/ui/input.c
615 -index ed88cda6d6..fb1f404095 100644
616 ---- a/ui/input.c
617 -+++ b/ui/input.c
618 -@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
619 - QTAILQ_HEAD_INITIALIZER(kbd_queue);
620 - static QEMUTimer *kbd_timer;
621 - static uint32_t kbd_default_delay_ms = 10;
622 -+static uint32_t queue_count;
623 -+static uint32_t queue_limit = 1024;
624 -
625 - QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
626 - QemuInputHandler *handler)
627 -@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
628 - break;
629 - }
630 - QTAILQ_REMOVE(queue, item, node);
631 -+ queue_count--;
632 - g_free(item);
633 - }
634 - }
635 -@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
636 - item->delay_ms = delay_ms;
637 - item->timer = timer;
638 - QTAILQ_INSERT_TAIL(queue, item, node);
639 -+ queue_count++;
640 -
641 - if (start_timer) {
642 - timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
643 -@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
644 - item->src = src;
645 - item->evt = evt;
646 - QTAILQ_INSERT_TAIL(queue, item, node);
647 -+ queue_count++;
648 - }
649 -
650 - static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
651 -@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
652 -
653 - item->type = QEMU_INPUT_QUEUE_SYNC;
654 - QTAILQ_INSERT_TAIL(queue, item, node);
655 -+ queue_count++;
656 - }
657 -
658 - void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
659 -@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
660 - qemu_input_event_send(src, evt);
661 - qemu_input_event_sync();
662 - qapi_free_InputEvent(evt);
663 -- } else {
664 -+ } else if (queue_count < queue_limit) {
665 - qemu_input_queue_event(&kbd_queue, src, evt);
666 - qemu_input_queue_sync(&kbd_queue);
667 - }
668 -@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
669 - kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
670 - &kbd_queue);
671 - }
672 -- qemu_input_queue_delay(&kbd_queue, kbd_timer,
673 -- delay_ms ? delay_ms : kbd_default_delay_ms);
674 -+ if (queue_count < queue_limit) {
675 -+ qemu_input_queue_delay(&kbd_queue, kbd_timer,
676 -+ delay_ms ? delay_ms : kbd_default_delay_ms);
677 -+ }
678 - }
679 -
680 - InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
681 ---
682 -2.9.3
683
684 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
685 deleted file mode 100644
686 index 08911dd..0000000
687 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
688 +++ /dev/null
689 @@ -1,34 +0,0 @@
690 -bug #616874
691 -
692 -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
693 ----
694 - hw/scsi/megasas.c | 10 +++++-----
695 - 1 file changed, 5 insertions(+), 5 deletions(-)
696 -
697 -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
698 -index 84b8caf..804122a 100644
699 ---- a/hw/scsi/megasas.c
700 -+++ b/hw/scsi/megasas.c
701 -@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
702 - case MFI_SEQ:
703 - trace_megasas_mmio_writel("MFI_SEQ", val);
704 - /* Magic sequence to start ADP reset */
705 -- if (adp_reset_seq[s->adp_reset] == val) {
706 -- s->adp_reset++;
707 -+ if (adp_reset_seq[s->adp_reset++] == val) {
708 -+ if (s->adp_reset == 6) {
709 -+ s->adp_reset = 0;
710 -+ s->diag = MFI_DIAG_WRITE_ENABLE;
711 -+ }
712 - } else {
713 - s->adp_reset = 0;
714 - s->diag = 0;
715 - }
716 -- if (s->adp_reset == 6) {
717 -- s->diag = MFI_DIAG_WRITE_ENABLE;
718 -- }
719 - break;
720 - case MFI_DIAG:
721 - trace_megasas_mmio_writel("MFI_DIAG", val);
722 ---
723 -2.9.3
724
725 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
726 deleted file mode 100644
727 index 01c81d1..0000000
728 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
729 +++ /dev/null
730 @@ -1,122 +0,0 @@
731 -From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
732 -From: Paolo Bonzini <pbonzini@××××××.com>
733 -Date: Thu, 1 Jun 2017 17:26:14 +0200
734 -Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
735 -
736 -This ensures that the request is unref'ed properly, and avoids a
737 -segmentation fault in the new qtest testcase that is added.
738 -This is CVE-2017-9503.
739 -
740 -Reported-by: Zhangyanyu <zyy4013@×××××××××××.cn>
741 -Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
742 ----
743 - hw/scsi/megasas.c | 31 ++++++++++++++++---------------
744 - 2 files changed, 51 insertions(+), 15 deletions(-)
745 -
746 -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
747 -index 135662df31..734fdaef90 100644
748 ---- a/hw/scsi/megasas.c
749 -+++ b/hw/scsi/megasas.c
750 -@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
751 - static void megasas_abort_command(MegasasCmd *cmd)
752 - {
753 - /* Never abort internal commands. */
754 -+ if (cmd->dcmd_opcode != -1) {
755 -+ return;
756 -+ }
757 - if (cmd->req != NULL) {
758 - scsi_req_cancel(cmd->req);
759 - }
760 -@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
761 - uint64_t pd_size;
762 - uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
763 - uint8_t cmdbuf[6];
764 -- SCSIRequest *req;
765 - size_t len, resid;
766 -
767 - if (!cmd->iov_buf) {
768 -@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
769 - info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
770 - info->vpd_page83[0] = 0x7f;
771 - megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
772 -- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
773 -- if (!req) {
774 -+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
775 -+ if (!cmd->req) {
776 - trace_megasas_dcmd_req_alloc_failed(cmd->index,
777 - "PD get info std inquiry");
778 - g_free(cmd->iov_buf);
779 -@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
780 - }
781 - trace_megasas_dcmd_internal_submit(cmd->index,
782 - "PD get info std inquiry", lun);
783 -- len = scsi_req_enqueue(req);
784 -+ len = scsi_req_enqueue(cmd->req);
785 - if (len > 0) {
786 - cmd->iov_size = len;
787 -- scsi_req_continue(req);
788 -+ scsi_req_continue(cmd->req);
789 - }
790 - return MFI_STAT_INVALID_STATUS;
791 - } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
792 - megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
793 -- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
794 -- if (!req) {
795 -+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
796 -+ if (!cmd->req) {
797 - trace_megasas_dcmd_req_alloc_failed(cmd->index,
798 - "PD get info vpd inquiry");
799 - return MFI_STAT_FLASH_ALLOC_FAIL;
800 - }
801 - trace_megasas_dcmd_internal_submit(cmd->index,
802 - "PD get info vpd inquiry", lun);
803 -- len = scsi_req_enqueue(req);
804 -+ len = scsi_req_enqueue(cmd->req);
805 - if (len > 0) {
806 - cmd->iov_size = len;
807 -- scsi_req_continue(req);
808 -+ scsi_req_continue(cmd->req);
809 - }
810 - return MFI_STAT_INVALID_STATUS;
811 - }
812 -@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
813 - struct mfi_ld_info *info = cmd->iov_buf;
814 - size_t dcmd_size = sizeof(struct mfi_ld_info);
815 - uint8_t cdb[6];
816 -- SCSIRequest *req;
817 - ssize_t len, resid;
818 - uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
819 - uint64_t ld_size;
820 -@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
821 - cmd->iov_buf = g_malloc0(dcmd_size);
822 - info = cmd->iov_buf;
823 - megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
824 -- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
825 -- if (!req) {
826 -+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
827 -+ if (!cmd->req) {
828 - trace_megasas_dcmd_req_alloc_failed(cmd->index,
829 - "LD get info vpd inquiry");
830 - g_free(cmd->iov_buf);
831 -@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
832 - }
833 - trace_megasas_dcmd_internal_submit(cmd->index,
834 - "LD get info vpd inquiry", lun);
835 -- len = scsi_req_enqueue(req);
836 -+ len = scsi_req_enqueue(cmd->req);
837 - if (len > 0) {
838 - cmd->iov_size = len;
839 -- scsi_req_continue(req);
840 -+ scsi_req_continue(cmd->req);
841 - }
842 - return MFI_STAT_INVALID_STATUS;
843 - }
844 -@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
845 - return;
846 - }
847 -
848 -- if (cmd->req == NULL) {
849 -+ if (cmd->dcmd_opcode != -1) {
850 - /*
851 - * Internal command complete
852 - */
853
854 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
855 deleted file mode 100644
856 index 74725a9..0000000
857 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
858 +++ /dev/null
859 @@ -1,114 +0,0 @@
860 -From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
861 -From: Paolo Bonzini <pbonzini@××××××.com>
862 -Date: Thu, 1 Jun 2017 17:18:23 +0200
863 -Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
864 -
865 -Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
866 -
867 -Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
868 ----
869 - hw/scsi/megasas.c | 25 +++++++++++--------------
870 - 1 file changed, 11 insertions(+), 14 deletions(-)
871 -
872 -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
873 -index c353118882..a3f75c1650 100644
874 ---- a/hw/scsi/megasas.c
875 -+++ b/hw/scsi/megasas.c
876 -@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
877 -
878 - hwaddr pa;
879 - hwaddr pa_size;
880 -+ uint32_t dcmd_opcode;
881 - union mfi_frame *frame;
882 - SCSIRequest *req;
883 - QEMUSGList qsg;
884 -@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
885 - cmd->context &= (uint64_t)0xFFFFFFFF;
886 - }
887 - cmd->count = count;
888 -+ cmd->dcmd_opcode = -1;
889 - s->busy++;
890 -
891 - if (s->consumer_pa) {
892 -@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
893 -
894 - static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
895 - {
896 -- int opcode;
897 - int retval = 0;
898 - size_t len;
899 - const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
900 -
901 -- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
902 -- trace_megasas_handle_dcmd(cmd->index, opcode);
903 -+ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
904 -+ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
905 - if (megasas_map_dcmd(s, cmd) < 0) {
906 - return MFI_STAT_MEMORY_NOT_AVAILABLE;
907 - }
908 -- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
909 -+ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
910 - cmdptr++;
911 - }
912 - len = cmd->iov_size;
913 - if (cmdptr->opcode == -1) {
914 -- trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
915 -+ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
916 - retval = megasas_dcmd_dummy(s, cmd);
917 - } else {
918 - trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
919 -@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
920 - static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
921 - SCSIRequest *req)
922 - {
923 -- int opcode;
924 - int retval = MFI_STAT_OK;
925 - int lun = req->lun;
926 -
927 -- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
928 -- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
929 -- switch (opcode) {
930 -+ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
931 -+ switch (cmd->dcmd_opcode) {
932 - case MFI_DCMD_PD_GET_INFO:
933 - retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
934 - break;
935 -@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
936 - retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
937 - break;
938 - default:
939 -- trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
940 -+ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
941 - retval = MFI_STAT_INVALID_DCMD;
942 - break;
943 - }
944 -@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
945 - {
946 - MegasasCmd *cmd = req->hba_private;
947 - uint8_t *buf;
948 -- uint32_t opcode;
949 -
950 - trace_megasas_io_complete(cmd->index, len);
951 -
952 -@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
953 - }
954 -
955 - buf = scsi_req_get_buf(req);
956 -- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
957 -- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
958 -+ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
959 - struct mfi_pd_info *info = cmd->iov_buf;
960 -
961 - if (info->inquiry_data[0] == 0x7f) {
962 -@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
963 - memcpy(info->vpd_page83, buf, len);
964 - }
965 - scsi_req_continue(req);
966 -- } else if (opcode == MFI_DCMD_LD_GET_INFO) {
967 -+ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
968 - struct mfi_ld_info *info = cmd->iov_buf;
969 -
970 - if (cmd->iov_buf) {
971 ---
972 -2.13.0
973 -
974
975 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
976 deleted file mode 100644
977 index 9d77193..0000000
978 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
979 +++ /dev/null
980 @@ -1,80 +0,0 @@
981 -From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
982 -From: Eric Blake <eblake@××××××.com>
983 -Date: Fri, 26 May 2017 22:04:21 -0500
984 -Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
985 -
986 -If a non-NBD client connects to qemu-nbd, we would end up with
987 -a SIGSEGV in nbd_client_put() because we were trying to
988 -unregister the client's association to the export, even though
989 -we skipped inserting the client into that list. Easy trigger
990 -in two terminals:
991 -
992 -$ qemu-nbd -p 30001 --format=raw file
993 -$ nmap 127.0.0.1 -p 30001
994 -
995 -nmap claims that it thinks it connected to a pago-services1
996 -server (which probably means nmap could be updated to learn the
997 -NBD protocol and give a more accurate diagnosis of the open
998 -port - but that's not our problem), then terminates immediately,
999 -so our call to nbd_negotiate() fails. The fix is to reorder
1000 -nbd_co_client_start() to ensure that all initialization occurs
1001 -before we ever try talking to a client in nbd_negotiate(), so
1002 -that the teardown sequence on negotiation failure doesn't fault
1003 -while dereferencing a half-initialized object.
1004 -
1005 -While debugging this, I also noticed that nbd_update_server_watch()
1006 -called by nbd_client_closed() was still adding a channel to accept
1007 -the next client, even when the state was no longer RUNNING. That
1008 -is fixed by making nbd_can_accept() pay attention to the current
1009 -state.
1010 -
1011 -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
1012 -
1013 -Signed-off-by: Eric Blake <eblake@××××××.com>
1014 -Message-Id: <20170527030421.28366-1-eblake@××××××.com>
1015 -Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
1016 ----
1017 - nbd/server.c | 8 +++-----
1018 - qemu-nbd.c | 2 +-
1019 - 2 files changed, 4 insertions(+), 6 deletions(-)
1020 -
1021 -diff --git a/nbd/server.c b/nbd/server.c
1022 -index ee59e5d234..49b55f6ede 100644
1023 ---- a/nbd/server.c
1024 -+++ b/nbd/server.c
1025 -@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
1026 -
1027 - if (exp) {
1028 - nbd_export_get(exp);
1029 -+ QTAILQ_INSERT_TAIL(&exp->clients, client, next);
1030 - }
1031 -+ qemu_co_mutex_init(&client->send_lock);
1032 -+
1033 - if (nbd_negotiate(data)) {
1034 - client_close(client);
1035 - goto out;
1036 - }
1037 -- qemu_co_mutex_init(&client->send_lock);
1038 --
1039 -- if (exp) {
1040 -- QTAILQ_INSERT_TAIL(&exp->clients, client, next);
1041 -- }
1042 -
1043 - nbd_client_receive_next_request(client);
1044 -
1045 -diff --git a/qemu-nbd.c b/qemu-nbd.c
1046 -index f60842fd86..651f85ecc1 100644
1047 ---- a/qemu-nbd.c
1048 -+++ b/qemu-nbd.c
1049 -@@ -325,7 +325,7 @@ out:
1050 -
1051 - static int nbd_can_accept(void)
1052 - {
1053 -- return nb_fds < shared;
1054 -+ return state == RUNNING && nb_fds < shared;
1055 - }
1056 -
1057 - static void nbd_export_closed(NBDExport *exp)
1058 ---
1059 -2.13.0
1060 -
1061
1062 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
1063 deleted file mode 100644
1064 index e6934b3..0000000
1065 --- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
1066 +++ /dev/null
1067 @@ -1,197 +0,0 @@
1068 -From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
1069 -From: Eric Blake <eblake@××××××.com>
1070 -Date: Thu, 8 Jun 2017 17:26:17 -0500
1071 -Subject: [PATCH] nbd: Fix regression on resiliency to port scan
1072 -
1073 -Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
1074 -server would not quit, regardless of how many probe connections
1075 -came and went, until a connection actually negotiated). But we
1076 -broke that in commit ee7d7aa when removing the return value to
1077 -nbd_client_new(), although that patch also introduced a bug causing
1078 -an assertion failure on a client that fails negotiation. We then
1079 -made it worse during refactoring in commit 1a6245a (a segfault
1080 -before we could even assert); the (masked) assertion was cleaned
1081 -up in d3780c2 (still in 2.6), and just recently we finally fixed
1082 -the segfault ("nbd: Fully intialize client in case of failed
1083 -negotiation"). But that still means that ever since we added
1084 -TLS support to qemu-nbd, we have been vulnerable to an ill-timed
1085 -port-scan being able to cause a denial of service by taking down
1086 -qemu-nbd before a real client has a chance to connect.
1087 -
1088 -Since negotiation is now handled asynchronously via coroutines,
1089 -we no longer have a synchronous point of return by re-adding a
1090 -return value to nbd_client_new(). So this patch instead wires
1091 -things up to pass the negotiation status through the close_fn
1092 -callback function.
1093 -
1094 -Simple test across two terminals:
1095 -$ qemu-nbd -f raw -p 30001 file
1096 -$ nmap 127.0.0.1 -p 30001 && \
1097 - qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
1098 -
1099 -Note that this patch does not change what constitutes successful
1100 -negotiation (thus, a client must enter transmission phase before
1101 -that client can be considered as a reason to terminate the server
1102 -when the connection ends). Perhaps we may want to tweak things
1103 -in a later patch to also treat a client that uses NBD_OPT_ABORT
1104 -as being a 'successful' negotiation (the client correctly talked
1105 -the NBD protocol, and informed us it was not going to use our
1106 -export after all), but that's a discussion for another day.
1107 -
1108 -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
1109 -
1110 -Signed-off-by: Eric Blake <eblake@××××××.com>
1111 -Message-Id: <20170608222617.20376-1-eblake@××××××.com>
1112 -Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
1113 ----
1114 - blockdev-nbd.c | 6 +++++-
1115 - include/block/nbd.h | 2 +-
1116 - nbd/server.c | 24 +++++++++++++++---------
1117 - qemu-nbd.c | 4 ++--
1118 - 4 files changed, 23 insertions(+), 13 deletions(-)
1119 -
1120 -diff --git a/blockdev-nbd.c b/blockdev-nbd.c
1121 -index dd0860f4a6..28f551a7b0 100644
1122 ---- a/blockdev-nbd.c
1123 -+++ b/blockdev-nbd.c
1124 -@@ -27,6 +27,10 @@ typedef struct NBDServerData {
1125 -
1126 - static NBDServerData *nbd_server;
1127 -
1128 -+static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
1129 -+{
1130 -+ nbd_client_put(client);
1131 -+}
1132 -
1133 - static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
1134 - gpointer opaque)
1135 -@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
1136 - qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
1137 - nbd_client_new(NULL, cioc,
1138 - nbd_server->tlscreds, NULL,
1139 -- nbd_client_put);
1140 -+ nbd_blockdev_client_closed);
1141 - object_unref(OBJECT(cioc));
1142 - return TRUE;
1143 - }
1144 -diff --git a/include/block/nbd.h b/include/block/nbd.h
1145 -index 416257abca..8fa5ce51f3 100644
1146 ---- a/include/block/nbd.h
1147 -+++ b/include/block/nbd.h
1148 -@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
1149 - QIOChannelSocket *sioc,
1150 - QCryptoTLSCreds *tlscreds,
1151 - const char *tlsaclname,
1152 -- void (*close)(NBDClient *));
1153 -+ void (*close_fn)(NBDClient *, bool));
1154 - void nbd_client_get(NBDClient *client);
1155 - void nbd_client_put(NBDClient *client);
1156 -
1157 -diff --git a/nbd/server.c b/nbd/server.c
1158 -index 49b55f6ede..f2b1aa47ce 100644
1159 ---- a/nbd/server.c
1160 -+++ b/nbd/server.c
1161 -@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
1162 -
1163 - struct NBDClient {
1164 - int refcount;
1165 -- void (*close)(NBDClient *client);
1166 -+ void (*close_fn)(NBDClient *client, bool negotiated);
1167 -
1168 - bool no_zeroes;
1169 - NBDExport *exp;
1170 -@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
1171 - }
1172 - }
1173 -
1174 --static void client_close(NBDClient *client)
1175 -+static void client_close(NBDClient *client, bool negotiated)
1176 - {
1177 - if (client->closing) {
1178 - return;
1179 -@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
1180 - NULL);
1181 -
1182 - /* Also tell the client, so that they release their reference. */
1183 -- if (client->close) {
1184 -- client->close(client);
1185 -+ if (client->close_fn) {
1186 -+ client->close_fn(client, negotiated);
1187 - }
1188 - }
1189 -
1190 -@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
1191 -
1192 - nbd_export_get(exp);
1193 - QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
1194 -- client_close(client);
1195 -+ client_close(client, true);
1196 - }
1197 - nbd_export_set_name(exp, NULL);
1198 - nbd_export_set_description(exp, NULL);
1199 -@@ -1337,7 +1337,7 @@ done:
1200 -
1201 - out:
1202 - nbd_request_put(req);
1203 -- client_close(client);
1204 -+ client_close(client, true);
1205 - nbd_client_put(client);
1206 - }
1207 -
1208 -@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
1209 - qemu_co_mutex_init(&client->send_lock);
1210 -
1211 - if (nbd_negotiate(data)) {
1212 -- client_close(client);
1213 -+ client_close(client, false);
1214 - goto out;
1215 - }
1216 -
1217 -@@ -1373,11 +1373,17 @@ out:
1218 - g_free(data);
1219 - }
1220 -
1221 -+/*
1222 -+ * Create a new client listener on the given export @exp, using the
1223 -+ * given channel @sioc. Begin servicing it in a coroutine. When the
1224 -+ * connection closes, call @close_fn with an indication of whether the
1225 -+ * client completed negotiation.
1226 -+ */
1227 - void nbd_client_new(NBDExport *exp,
1228 - QIOChannelSocket *sioc,
1229 - QCryptoTLSCreds *tlscreds,
1230 - const char *tlsaclname,
1231 -- void (*close_fn)(NBDClient *))
1232 -+ void (*close_fn)(NBDClient *, bool))
1233 - {
1234 - NBDClient *client;
1235 - NBDClientNewData *data = g_new(NBDClientNewData, 1);
1236 -@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
1237 - object_ref(OBJECT(client->sioc));
1238 - client->ioc = QIO_CHANNEL(sioc);
1239 - object_ref(OBJECT(client->ioc));
1240 -- client->close = close_fn;
1241 -+ client->close_fn = close_fn;
1242 -
1243 - data->client = client;
1244 - data->co = qemu_coroutine_create(nbd_co_client_start, data);
1245 -diff --git a/qemu-nbd.c b/qemu-nbd.c
1246 -index 651f85ecc1..9464a0461c 100644
1247 ---- a/qemu-nbd.c
1248 -+++ b/qemu-nbd.c
1249 -@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
1250 -
1251 - static void nbd_update_server_watch(void);
1252 -
1253 --static void nbd_client_closed(NBDClient *client)
1254 -+static void nbd_client_closed(NBDClient *client, bool negotiated)
1255 - {
1256 - nb_fds--;
1257 -- if (nb_fds == 0 && !persistent && state == RUNNING) {
1258 -+ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
1259 - state = TERMINATE;
1260 - }
1261 - nbd_update_server_watch();
1262 ---
1263 -2.13.0
1264 -
1265
1266 diff --git a/app-emulation/qemu/qemu-2.10.0-r1.ebuild b/app-emulation/qemu/qemu-2.10.1.ebuild
1267 similarity index 97%
1268 rename from app-emulation/qemu/qemu-2.10.0-r1.ebuild
1269 rename to app-emulation/qemu/qemu-2.10.1.ebuild
1270 index e7343e3..b448f20 100644
1271 --- a/app-emulation/qemu/qemu-2.10.0-r1.ebuild
1272 +++ b/app-emulation/qemu/qemu-2.10.1.ebuild
1273 @@ -19,7 +19,7 @@ if [[ ${PV} = *9999* ]]; then
1274 SRC_URI=""
1275 else
1276 SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
1277 - KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
1278 + KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
1279 fi
1280
1281 DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
1282 @@ -164,6 +164,14 @@ X86_FIRMWARE_DEPEND="
1283 >=sys-firmware/seabios-1.10.2[seavgabios]
1284 sys-firmware/sgabios
1285 )"
1286 +PPC64_FIRMWARE_DEPEND="
1287 + pin-upstream-blobs? (
1288 + ~sys-firmware/seabios-1.10.2[binary,seavgabios]
1289 + )
1290 + !pin-upstream-blobs? (
1291 + >=sys-firmware/seabios-1.10.2[seavgabios]
1292 + )
1293 +"
1294
1295 CDEPEND="
1296 !static? (
1297 @@ -171,7 +179,9 @@ CDEPEND="
1298 ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
1299 )
1300 qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
1301 - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
1302 + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
1303 + qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} )
1304 +"
1305 DEPEND="${CDEPEND}
1306 dev-lang/perl
1307 =dev-lang/python-2*
1308 @@ -200,7 +210,8 @@ PATCHES=(
1309 # gentoo patches
1310 "${FILESDIR}"/${PN}-2.5.0-cflags.patch
1311 "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
1312 - "${FILESDIR}"/${PN}-2.10.0-CVE-2017-13711.patch # bug 629350
1313 + "${FILESDIR}"/${PN}-2.10.1-CVE-2017-15268.patch
1314 + "${FILESDIR}"/${PN}-2.10.1-CVE-2017-15289.patch
1315 )
1316
1317 STRIP_MASK="/usr/share/qemu/palcode-clipper"
1318 @@ -704,7 +715,8 @@ src_install() {
1319 rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
1320 rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
1321 rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
1322 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1323 + # PPC64 loads vgabios-stdvga
1324 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then
1325 dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
1326 dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
1327 dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
1328
1329 diff --git a/app-emulation/qemu/qemu-2.9.0-r56.ebuild b/app-emulation/qemu/qemu-2.9.0-r56.ebuild
1330 deleted file mode 100644
1331 index 256a811..0000000
1332 --- a/app-emulation/qemu/qemu-2.9.0-r56.ebuild
1333 +++ /dev/null
1334 @@ -1,799 +0,0 @@
1335 -# Copyright 1999-2017 Gentoo Foundation
1336 -# Distributed under the terms of the GNU General Public License v2
1337 -
1338 -EAPI="6"
1339 -
1340 -PYTHON_COMPAT=( python2_7 )
1341 -PYTHON_REQ_USE="ncurses,readline"
1342 -
1343 -PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
1344 -
1345 -FIRMWARE_ABI_VERSION="2.9.0-r52"
1346 -
1347 -inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
1348 - user udev fcaps readme.gentoo-r1 pax-utils l10n
1349 -
1350 -if [[ ${PV} = *9999* ]]; then
1351 - EGIT_REPO_URI="git://git.qemu.org/qemu.git"
1352 - inherit git-r3
1353 - SRC_URI=""
1354 -else
1355 - SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
1356 - KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
1357 -fi
1358 -
1359 -DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
1360 -HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
1361 -
1362 -LICENSE="GPL-2 LGPL-2 BSD-2"
1363 -SLOT="0"
1364 -IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
1365 - glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
1366 - kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
1367 - pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
1368 - spice ssh static static-user systemtap tci test usb usbredir vde
1369 - +vhost-net virgl virtfs +vnc vte xattr xen xfs"
1370 -
1371 -COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
1372 - mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
1373 - sparc64 x86_64"
1374 -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
1375 - lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
1376 -IUSE_USER_TARGETS="${COMMON_TARGETS}
1377 - armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
1378 -
1379 -use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
1380 -use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
1381 -IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
1382 -
1383 -# Allow no targets to be built so that people can get a tools-only build.
1384 -# Block USE flag configurations known to not work.
1385 -REQUIRED_USE="${PYTHON_REQUIRED_USE}
1386 - gtk2? ( gtk )
1387 - qemu_softmmu_targets_arm? ( fdt )
1388 - qemu_softmmu_targets_microblaze? ( fdt )
1389 - qemu_softmmu_targets_mips64el? ( fdt )
1390 - qemu_softmmu_targets_ppc? ( fdt )
1391 - qemu_softmmu_targets_ppc64? ( fdt )
1392 - sdl2? ( sdl )
1393 - static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
1394 - virtfs? ( xattr )
1395 - vte? ( gtk )"
1396 -
1397 -# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
1398 -# and user/softmmu targets (qemu-*, qemu-system-*).
1399 -#
1400 -# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
1401 -#
1402 -# The attr lib isn't always linked in (although the USE flag is always
1403 -# respected). This is because qemu supports using the C library's API
1404 -# when available rather than always using the extranl library.
1405 -ALL_DEPEND="
1406 - >=dev-libs/glib-2.0[static-libs(+)]
1407 - sys-libs/zlib[static-libs(+)]
1408 - python? ( ${PYTHON_DEPS} )
1409 - systemtap? ( dev-util/systemtap )
1410 - xattr? ( sys-apps/attr[static-libs(+)] )"
1411 -
1412 -# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
1413 -# softmmu targets (qemu-system-*).
1414 -SOFTMMU_TOOLS_DEPEND="
1415 - >=x11-libs/pixman-0.28.0[static-libs(+)]
1416 - accessibility? (
1417 - app-accessibility/brltty[api]
1418 - app-accessibility/brltty[static-libs(+)]
1419 - )
1420 - aio? ( dev-libs/libaio[static-libs(+)] )
1421 - alsa? ( >=media-libs/alsa-lib-1.0.13 )
1422 - bluetooth? ( net-wireless/bluez )
1423 - bzip2? ( app-arch/bzip2[static-libs(+)] )
1424 - caps? ( sys-libs/libcap-ng[static-libs(+)] )
1425 - curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
1426 - fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
1427 - glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
1428 - gnutls? (
1429 - dev-libs/nettle:=[static-libs(+)]
1430 - >=net-libs/gnutls-3.0:=[static-libs(+)]
1431 - )
1432 - gtk? (
1433 - gtk2? (
1434 - x11-libs/gtk+:2
1435 - vte? ( x11-libs/vte:0 )
1436 - )
1437 - !gtk2? (
1438 - x11-libs/gtk+:3
1439 - vte? ( x11-libs/vte:2.91 )
1440 - )
1441 - )
1442 - infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
1443 - iscsi? ( net-libs/libiscsi )
1444 - jpeg? ( virtual/jpeg:0=[static-libs(+)] )
1445 - lzo? ( dev-libs/lzo:2[static-libs(+)] )
1446 - ncurses? (
1447 - sys-libs/ncurses:0=[unicode]
1448 - sys-libs/ncurses:0=[static-libs(+)]
1449 - )
1450 - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
1451 - numa? ( sys-process/numactl[static-libs(+)] )
1452 - opengl? (
1453 - virtual/opengl
1454 - media-libs/libepoxy[static-libs(+)]
1455 - media-libs/mesa[static-libs(+)]
1456 - media-libs/mesa[egl,gbm]
1457 - )
1458 - png? ( media-libs/libpng:0=[static-libs(+)] )
1459 - pulseaudio? ( media-sound/pulseaudio )
1460 - rbd? ( sys-cluster/ceph[static-libs(+)] )
1461 - sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
1462 - sdl? (
1463 - !sdl2? (
1464 - media-libs/libsdl[X]
1465 - >=media-libs/libsdl-1.2.11[static-libs(+)]
1466 - )
1467 - sdl2? (
1468 - media-libs/libsdl2[X]
1469 - media-libs/libsdl2[static-libs(+)]
1470 - )
1471 - )
1472 - seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
1473 - smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
1474 - snappy? ( app-arch/snappy:=[static-libs(+)] )
1475 - spice? (
1476 - >=app-emulation/spice-protocol-0.12.3
1477 - >=app-emulation/spice-0.12.0[static-libs(+)]
1478 - )
1479 - ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
1480 - usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
1481 - usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
1482 - vde? ( net-misc/vde[static-libs(+)] )
1483 - virgl? ( media-libs/virglrenderer[static-libs(+)] )
1484 - virtfs? ( sys-libs/libcap )
1485 - xen? ( app-emulation/xen-tools:= )
1486 - xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
1487 -
1488 -X86_FIRMWARE_DEPEND="
1489 - pin-upstream-blobs? (
1490 - ~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
1491 - ~sys-firmware/ipxe-1.0.0_p20160620
1492 - ~sys-firmware/seabios-1.10.2[binary,seavgabios]
1493 - ~sys-firmware/sgabios-0.1_pre8
1494 - )
1495 - !pin-upstream-blobs? (
1496 - sys-firmware/edk2-ovmf
1497 - sys-firmware/ipxe
1498 - >=sys-firmware/seabios-1.10.2[seavgabios]
1499 - sys-firmware/sgabios
1500 - )"
1501 -
1502 -CDEPEND="
1503 - !static? (
1504 - ${ALL_DEPEND//\[static-libs(+)]}
1505 - ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
1506 - )
1507 - qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
1508 - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
1509 -DEPEND="${CDEPEND}
1510 - dev-lang/perl
1511 - =dev-lang/python-2*
1512 - sys-apps/texinfo
1513 - virtual/pkgconfig
1514 - kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
1515 - gtk? ( nls? ( sys-devel/gettext ) )
1516 - static? (
1517 - ${ALL_DEPEND}
1518 - ${SOFTMMU_TOOLS_DEPEND}
1519 - )
1520 - static-user? ( ${ALL_DEPEND} )
1521 - test? (
1522 - dev-libs/glib[utils]
1523 - sys-devel/bc
1524 - )"
1525 -RDEPEND="${CDEPEND}
1526 - selinux? ( sec-policy/selinux-qemu )"
1527 -
1528 -PATCHES=(
1529 - # musl patches
1530 - "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
1531 - "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
1532 - "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
1533 -
1534 - # gentoo patches
1535 - "${FILESDIR}"/${PN}-2.5.0-cflags.patch
1536 - "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
1537 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
1538 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
1539 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
1540 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
1541 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
1542 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614
1543 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292
1544 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292
1545 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
1546 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184
1547 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
1548 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016
1549 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088
1550 -)
1551 -
1552 -STRIP_MASK="/usr/share/qemu/palcode-clipper"
1553 -
1554 -QA_PREBUILT="
1555 - usr/share/qemu/openbios-ppc
1556 - usr/share/qemu/openbios-sparc64
1557 - usr/share/qemu/openbios-sparc32
1558 - usr/share/qemu/palcode-clipper
1559 - usr/share/qemu/s390-ccw.img
1560 - usr/share/qemu/u-boot.e500"
1561 -
1562 -QA_WX_LOAD="usr/bin/qemu-i386
1563 - usr/bin/qemu-x86_64
1564 - usr/bin/qemu-alpha
1565 - usr/bin/qemu-arm
1566 - usr/bin/qemu-cris
1567 - usr/bin/qemu-m68k
1568 - usr/bin/qemu-microblaze
1569 - usr/bin/qemu-microblazeel
1570 - usr/bin/qemu-mips
1571 - usr/bin/qemu-mipsel
1572 - usr/bin/qemu-or1k
1573 - usr/bin/qemu-ppc
1574 - usr/bin/qemu-ppc64
1575 - usr/bin/qemu-ppc64abi32
1576 - usr/bin/qemu-sh4
1577 - usr/bin/qemu-sh4eb
1578 - usr/bin/qemu-sparc
1579 - usr/bin/qemu-sparc64
1580 - usr/bin/qemu-armeb
1581 - usr/bin/qemu-sparc32plus
1582 - usr/bin/qemu-s390x
1583 - usr/bin/qemu-unicore32"
1584 -
1585 -DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
1586 -kernel module loaded before running kvm. The easiest way to ensure that the
1587 -kernel module is loaded is to load it on boot.
1588 - For AMD CPUs the module is called 'kvm-amd'.
1589 - For Intel CPUs the module is called 'kvm-intel'.
1590 -Please review /etc/conf.d/modules for how to load these.
1591 -
1592 -Make sure your user is in the 'kvm' group. Just run
1593 - $ gpasswd -a <USER> kvm
1594 -then have <USER> re-login.
1595 -
1596 -For brand new installs, the default permissions on /dev/kvm might not let
1597 -you access it. You can tell udev to reset ownership/perms:
1598 - $ udevadm trigger -c add /dev/kvm
1599 -
1600 -If you want to register binfmt handlers for qemu user targets:
1601 -For openrc:
1602 - # rc-update add qemu-binfmt
1603 -For systemd:
1604 - # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
1605 -
1606 -pkg_pretend() {
1607 - if use kernel_linux && kernel_is lt 2 6 25; then
1608 - eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
1609 - elif use kernel_linux; then
1610 - if ! linux_config_exists; then
1611 - eerror "Unable to check your kernel for KVM support"
1612 - else
1613 - CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
1614 - ERROR_KVM="You must enable KVM in your kernel to continue"
1615 - ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
1616 - ERROR_KVM_AMD+=" your kernel configuration."
1617 - ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
1618 - ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
1619 - ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
1620 - ERROR_TUN+=" into your kernel or loaded as a module to use the"
1621 - ERROR_TUN+=" virtual network device if using -net tap."
1622 - ERROR_BRIDGE="You will also need support for 802.1d"
1623 - ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
1624 - use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
1625 - ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
1626 - ERROR_VHOST_NET+=" support"
1627 -
1628 - if use amd64 || use x86 || use amd64-linux || use x86-linux; then
1629 - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
1630 - fi
1631 -
1632 - use python && CONFIG_CHECK+=" ~DEBUG_FS"
1633 - ERROR_DEBUG_FS="debugFS support required for kvm_stat"
1634 -
1635 - # Now do the actual checks setup above
1636 - check_extra_config
1637 - fi
1638 - fi
1639 -
1640 - if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
1641 - eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
1642 - eerror "instances are still pointing to it. Please update your"
1643 - eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
1644 - eerror "and the right system binary (e.g. qemu-system-x86_64)."
1645 - die "update your virt configs to not use qemu-kvm"
1646 - fi
1647 -}
1648 -
1649 -pkg_setup() {
1650 - enewgroup kvm 78
1651 -}
1652 -
1653 -# Sanity check to make sure target lists are kept up-to-date.
1654 -check_targets() {
1655 - local var=$1 mak=$2
1656 - local detected sorted
1657 -
1658 - pushd "${S}"/default-configs >/dev/null || die
1659 -
1660 - # Force C locale until glibc is updated. #564936
1661 - detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
1662 - sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
1663 - if [[ ${sorted} != "${detected}" ]] ; then
1664 - eerror "The ebuild needs to be kept in sync."
1665 - eerror "${var}: ${sorted}"
1666 - eerror "$(printf '%-*s' ${#var} configure): ${detected}"
1667 - die "sync ${var} to the list of targets"
1668 - fi
1669 -
1670 - popd >/dev/null
1671 -}
1672 -
1673 -handle_locales() {
1674 - # Make sure locale list is kept up-to-date.
1675 - local detected sorted
1676 - detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
1677 - sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
1678 - if [[ ${sorted} != "${detected}" ]] ; then
1679 - eerror "The ebuild needs to be kept in sync."
1680 - eerror "PLOCALES: ${sorted}"
1681 - eerror " po/*.po: ${detected}"
1682 - die "sync PLOCALES"
1683 - fi
1684 -
1685 - # Deal with selective install of locales.
1686 - if use nls ; then
1687 - # Delete locales the user does not want. #577814
1688 - rm_loc() { rm po/$1.po || die; }
1689 - l10n_for_each_disabled_locale_do rm_loc
1690 - else
1691 - # Cheap hack to disable gettext .mo generation.
1692 - rm -f po/*.po
1693 - fi
1694 -}
1695 -
1696 -src_prepare() {
1697 - check_targets IUSE_SOFTMMU_TARGETS softmmu
1698 - check_targets IUSE_USER_TARGETS linux-user
1699 -
1700 - # Alter target makefiles to accept CFLAGS set via flag-o
1701 - sed -i -r \
1702 - -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
1703 - Makefile Makefile.target || die
1704 -
1705 - default
1706 -
1707 - # Fix ld and objcopy being called directly
1708 - tc-export AR LD OBJCOPY
1709 -
1710 - # Verbose builds
1711 - MAKEOPTS+=" V=1"
1712 -
1713 - # Run after we've applied all patches.
1714 - handle_locales
1715 -}
1716 -
1717 -##
1718 -# configures qemu based on the build directory and the build type
1719 -# we are using.
1720 -#
1721 -qemu_src_configure() {
1722 - debug-print-function ${FUNCNAME} "$@"
1723 -
1724 - local buildtype=$1
1725 - local builddir="${S}/${buildtype}-build"
1726 -
1727 - mkdir "${builddir}"
1728 -
1729 - local conf_opts=(
1730 - --prefix=/usr
1731 - --sysconfdir=/etc
1732 - --libdir=/usr/$(get_libdir)
1733 - --docdir=/usr/share/doc/${PF}/html
1734 - --disable-bsd-user
1735 - --disable-guest-agent
1736 - --disable-strip
1737 - --disable-werror
1738 - # We support gnutls/nettle for crypto operations. It is possible
1739 - # to use gcrypt when gnutls/nettle are disabled (but not when they
1740 - # are enabled), but it's not really worth the hassle. Disable it
1741 - # all the time to avoid automatically detecting it. #568856
1742 - --disable-gcrypt
1743 - --python="${PYTHON}"
1744 - --cc="$(tc-getCC)"
1745 - --cxx="$(tc-getCXX)"
1746 - --host-cc="$(tc-getBUILD_CC)"
1747 - $(use_enable debug debug-info)
1748 - $(use_enable debug debug-tcg)
1749 - --enable-docs
1750 - $(use_enable tci tcg-interpreter)
1751 - $(use_enable xattr attr)
1752 - )
1753 -
1754 - # Disable options not used by user targets. This simplifies building
1755 - # static user targets (USE=static-user) considerably.
1756 - conf_notuser() {
1757 - if [[ ${buildtype} == "user" ]] ; then
1758 - echo "--disable-${2:-$1}"
1759 - else
1760 - use_enable "$@"
1761 - fi
1762 - }
1763 - conf_opts+=(
1764 - $(conf_notuser accessibility brlapi)
1765 - $(conf_notuser aio linux-aio)
1766 - $(conf_notuser bzip2)
1767 - $(conf_notuser bluetooth bluez)
1768 - $(conf_notuser caps cap-ng)
1769 - $(conf_notuser curl)
1770 - $(conf_notuser fdt)
1771 - $(conf_notuser glusterfs)
1772 - $(conf_notuser gnutls)
1773 - $(conf_notuser gnutls nettle)
1774 - $(conf_notuser gtk)
1775 - $(conf_notuser infiniband rdma)
1776 - $(conf_notuser iscsi libiscsi)
1777 - $(conf_notuser jpeg vnc-jpeg)
1778 - $(conf_notuser kernel_linux kvm)
1779 - $(conf_notuser lzo)
1780 - $(conf_notuser ncurses curses)
1781 - $(conf_notuser nfs libnfs)
1782 - $(conf_notuser numa)
1783 - $(conf_notuser opengl)
1784 - $(conf_notuser png vnc-png)
1785 - $(conf_notuser rbd)
1786 - $(conf_notuser sasl vnc-sasl)
1787 - $(conf_notuser sdl)
1788 - $(conf_notuser seccomp)
1789 - $(conf_notuser smartcard)
1790 - $(conf_notuser snappy)
1791 - $(conf_notuser spice)
1792 - $(conf_notuser ssh libssh2)
1793 - $(conf_notuser usb libusb)
1794 - $(conf_notuser usbredir usb-redir)
1795 - $(conf_notuser vde)
1796 - $(conf_notuser vhost-net)
1797 - $(conf_notuser virgl virglrenderer)
1798 - $(conf_notuser virtfs)
1799 - $(conf_notuser vnc)
1800 - $(conf_notuser vte)
1801 - $(conf_notuser xen)
1802 - $(conf_notuser xen xen-pci-passthrough)
1803 - $(conf_notuser xfs xfsctl)
1804 - )
1805 -
1806 - if [[ ! ${buildtype} == "user" ]] ; then
1807 - # audio options
1808 - local audio_opts="oss"
1809 - use alsa && audio_opts="alsa,${audio_opts}"
1810 - use sdl && audio_opts="sdl,${audio_opts}"
1811 - use pulseaudio && audio_opts="pa,${audio_opts}"
1812 - conf_opts+=(
1813 - --audio-drv-list="${audio_opts}"
1814 - )
1815 - use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
1816 - use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
1817 - fi
1818 -
1819 - case ${buildtype} in
1820 - user)
1821 - conf_opts+=(
1822 - --enable-linux-user
1823 - --disable-system
1824 - --disable-blobs
1825 - --disable-tools
1826 - )
1827 - local static_flag="static-user"
1828 - ;;
1829 - softmmu)
1830 - conf_opts+=(
1831 - --disable-linux-user
1832 - --enable-system
1833 - --disable-tools
1834 - --with-system-pixman
1835 - )
1836 - local static_flag="static"
1837 - ;;
1838 - tools)
1839 - conf_opts+=(
1840 - --disable-linux-user
1841 - --disable-system
1842 - --disable-blobs
1843 - --enable-tools
1844 - )
1845 - local static_flag="static"
1846 - ;;
1847 - esac
1848 -
1849 - local targets="${buildtype}_targets"
1850 - [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
1851 -
1852 - # Add support for SystemTAP
1853 - use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
1854 -
1855 - # We always want to attempt to build with PIE support as it results
1856 - # in a more secure binary. But it doesn't work with static or if
1857 - # the current GCC doesn't have PIE support.
1858 - if use ${static_flag}; then
1859 - conf_opts+=( --static --disable-pie )
1860 - else
1861 - tc-enables-pie && conf_opts+=( --enable-pie )
1862 - fi
1863 -
1864 - echo "../configure ${conf_opts[*]}"
1865 - cd "${builddir}"
1866 - ../configure "${conf_opts[@]}" || die "configure failed"
1867 -
1868 - # FreeBSD's kernel does not support QEMU assigning/grabbing
1869 - # host USB devices yet
1870 - use kernel_FreeBSD && \
1871 - sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
1872 -}
1873 -
1874 -src_configure() {
1875 - local target
1876 -
1877 - python_setup
1878 -
1879 - softmmu_targets= softmmu_bins=()
1880 - user_targets= user_bins=()
1881 -
1882 - for target in ${IUSE_SOFTMMU_TARGETS} ; do
1883 - if use "qemu_softmmu_targets_${target}"; then
1884 - softmmu_targets+=",${target}-softmmu"
1885 - softmmu_bins+=( "qemu-system-${target}" )
1886 - fi
1887 - done
1888 -
1889 - for target in ${IUSE_USER_TARGETS} ; do
1890 - if use "qemu_user_targets_${target}"; then
1891 - user_targets+=",${target}-linux-user"
1892 - user_bins+=( "qemu-${target}" )
1893 - fi
1894 - done
1895 -
1896 - softmmu_targets=${softmmu_targets#,}
1897 - user_targets=${user_targets#,}
1898 -
1899 - [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
1900 - [[ -n ${user_targets} ]] && qemu_src_configure "user"
1901 - qemu_src_configure "tools"
1902 -}
1903 -
1904 -src_compile() {
1905 - if [[ -n ${user_targets} ]]; then
1906 - cd "${S}/user-build"
1907 - default
1908 - fi
1909 -
1910 - if [[ -n ${softmmu_targets} ]]; then
1911 - cd "${S}/softmmu-build"
1912 - default
1913 - fi
1914 -
1915 - cd "${S}/tools-build"
1916 - default
1917 -}
1918 -
1919 -src_test() {
1920 - if [[ -n ${softmmu_targets} ]]; then
1921 - cd "${S}/softmmu-build"
1922 - pax-mark m */qemu-system-* #515550
1923 - emake -j1 check
1924 - emake -j1 check-report.html
1925 - fi
1926 -}
1927 -
1928 -qemu_python_install() {
1929 - python_domodule "${S}/scripts/qmp/qmp.py"
1930 -
1931 - python_doscript "${S}/scripts/kvm/vmxcap"
1932 - python_doscript "${S}/scripts/qmp/qmp-shell"
1933 - python_doscript "${S}/scripts/qmp/qemu-ga-client"
1934 -}
1935 -
1936 -# Generate binfmt support files.
1937 -# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
1938 -# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
1939 -generate_initd() {
1940 - local out="${T}/qemu-binfmt"
1941 - local out_systemd="${T}/qemu.conf"
1942 - local d="${T}/binfmt.d"
1943 -
1944 - einfo "Generating qemu binfmt scripts and configuration files"
1945 -
1946 - # Generate the debian fragments first.
1947 - mkdir -p "${d}"
1948 - "${S}"/scripts/qemu-binfmt-conf.sh \
1949 - --debian \
1950 - --exportdir "${d}" \
1951 - --qemu-path "${EPREFIX}/usr/bin" \
1952 - || die
1953 - # Then turn the fragments into a shell script we can source.
1954 - sed -E -i \
1955 - -e 's:^([^ ]+) (.*)$:\1="\2":' \
1956 - "${d}"/* || die
1957 -
1958 - # Generate the init.d script by assembling the fragments from above.
1959 - local f qcpu package interpreter magic mask
1960 - cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
1961 - for f in "${d}"/qemu-* ; do
1962 - source "${f}"
1963 -
1964 - # Normalize the cpu logic like we do in the init.d for the native cpu.
1965 - qcpu=${package#qemu-}
1966 - case ${qcpu} in
1967 - arm*) qcpu="arm";;
1968 - mips*) qcpu="mips";;
1969 - ppc*) qcpu="ppc";;
1970 - s390*) qcpu="s390";;
1971 - sh*) qcpu="sh";;
1972 - sparc*) qcpu="sparc";;
1973 - esac
1974 -
1975 - cat <<EOF >>"${out}"
1976 - if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
1977 - echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
1978 - fi
1979 -EOF
1980 -
1981 - echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
1982 -
1983 - done
1984 - cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
1985 -}
1986 -
1987 -src_install() {
1988 - if [[ -n ${user_targets} ]]; then
1989 - cd "${S}/user-build"
1990 - emake DESTDIR="${ED}" install
1991 -
1992 - # Install binfmt handler init script for user targets.
1993 - generate_initd
1994 - doinitd "${T}/qemu-binfmt"
1995 -
1996 - # Install binfmt/qemu.conf.
1997 - insinto "/usr/share/qemu/binfmt.d"
1998 - doins "${T}/qemu.conf"
1999 - fi
2000 -
2001 - if [[ -n ${softmmu_targets} ]]; then
2002 - cd "${S}/softmmu-build"
2003 - emake DESTDIR="${ED}" install
2004 -
2005 - # This might not exist if the test failed. #512010
2006 - [[ -e check-report.html ]] && dohtml check-report.html
2007 -
2008 - if use kernel_linux; then
2009 - udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
2010 - fi
2011 -
2012 - if use python; then
2013 - python_foreach_impl qemu_python_install
2014 - fi
2015 - fi
2016 -
2017 - cd "${S}/tools-build"
2018 - emake DESTDIR="${ED}" install
2019 -
2020 - # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
2021 - pushd "${ED}"/usr/bin >/dev/null
2022 - pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
2023 - popd >/dev/null
2024 -
2025 - # Install config file example for qemu-bridge-helper
2026 - insinto "/etc/qemu"
2027 - doins "${FILESDIR}/bridge.conf"
2028 -
2029 - cd "${S}"
2030 - dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
2031 - newdoc pc-bios/README README.pc-bios
2032 - dodoc docs/qmp-*.txt
2033 -
2034 - if [[ -n ${softmmu_targets} ]]; then
2035 - # Remove SeaBIOS since we're using the SeaBIOS packaged one
2036 - rm "${ED}/usr/share/qemu/bios.bin"
2037 - rm "${ED}/usr/share/qemu/bios-256k.bin"
2038 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2039 - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
2040 - dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
2041 - fi
2042 -
2043 - # Remove vgabios since we're using the seavgabios packaged one
2044 - rm "${ED}/usr/share/qemu/vgabios.bin"
2045 - rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
2046 - rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
2047 - rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
2048 - rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
2049 - rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
2050 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2051 - dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
2052 - dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
2053 - dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
2054 - dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
2055 - dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
2056 - dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
2057 - fi
2058 -
2059 - # Remove sgabios since we're using the sgabios packaged one
2060 - rm "${ED}/usr/share/qemu/sgabios.bin"
2061 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2062 - dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
2063 - fi
2064 -
2065 - # Remove iPXE since we're using the iPXE packaged one
2066 - rm "${ED}"/usr/share/qemu/pxe-*.rom
2067 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2068 - dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
2069 - dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
2070 - dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
2071 - dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
2072 - dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
2073 - dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
2074 - fi
2075 - fi
2076 -
2077 - DISABLE_AUTOFORMATTING=true
2078 - readme.gentoo_create_doc
2079 -}
2080 -
2081 -firmware_abi_change() {
2082 - local pv
2083 - for pv in ${REPLACING_VERSIONS}; do
2084 - if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
2085 - return 0
2086 - fi
2087 - done
2088 - return 1
2089 -}
2090 -
2091 -pkg_postinst() {
2092 - if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
2093 - udev_reload
2094 - fi
2095 -
2096 - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
2097 -
2098 - DISABLE_AUTOFORMATTING=true
2099 - readme.gentoo_print_elog
2100 -
2101 - if use pin-upstream-blobs && firmware_abi_change; then
2102 - ewarn "This version of qemu pins new versions of firmware blobs:"
2103 - ewarn " $(best_version sys-firmware/edk2-ovmf)"
2104 - ewarn " $(best_version sys-firmware/ipxe)"
2105 - ewarn " $(best_version sys-firmware/seabios)"
2106 - ewarn " $(best_version sys-firmware/sgabios)"
2107 - ewarn "This might break resume of hibernated guests (started with a different"
2108 - ewarn "firmware version) and live migration to/from qemu versions with different"
2109 - ewarn "firmware. Please (cold) restart all running guests. For functional"
2110 - ewarn "guest migration ensure that all"
2111 - ewarn "hosts run at least"
2112 - ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
2113 - fi
2114 -}
2115 -
2116 -pkg_info() {
2117 - echo "Using:"
2118 - echo " $(best_version app-emulation/spice-protocol)"
2119 - echo " $(best_version sys-firmware/edk2-ovmf)"
2120 - if has_version 'sys-firmware/edk2-ovmf[binary]'; then
2121 - echo " USE=binary"
2122 - else
2123 - echo " USE=''"
2124 - fi
2125 - echo " $(best_version sys-firmware/ipxe)"
2126 - echo " $(best_version sys-firmware/seabios)"
2127 - if has_version 'sys-firmware/seabios[binary]'; then
2128 - echo " USE=binary"
2129 - else
2130 - echo " USE=''"
2131 - fi
2132 - echo " $(best_version sys-firmware/sgabios)"
2133 -}
2134
2135 diff --git a/app-emulation/qemu/qemu-2.9.0-r57.ebuild b/app-emulation/qemu/qemu-2.9.0-r57.ebuild
2136 deleted file mode 100644
2137 index ffe6437..0000000
2138 --- a/app-emulation/qemu/qemu-2.9.0-r57.ebuild
2139 +++ /dev/null
2140 @@ -1,802 +0,0 @@
2141 -# Copyright 1999-2017 Gentoo Foundation
2142 -# Distributed under the terms of the GNU General Public License v2
2143 -
2144 -EAPI="6"
2145 -
2146 -PYTHON_COMPAT=( python2_7 )
2147 -PYTHON_REQ_USE="ncurses,readline"
2148 -
2149 -PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
2150 -
2151 -FIRMWARE_ABI_VERSION="2.9.0-r52"
2152 -
2153 -inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
2154 - user udev fcaps readme.gentoo-r1 pax-utils l10n
2155 -
2156 -if [[ ${PV} = *9999* ]]; then
2157 - EGIT_REPO_URI="git://git.qemu.org/qemu.git"
2158 - inherit git-r3
2159 - SRC_URI=""
2160 -else
2161 - SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
2162 - KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
2163 -fi
2164 -
2165 -DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
2166 -HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
2167 -
2168 -LICENSE="GPL-2 LGPL-2 BSD-2"
2169 -SLOT="0"
2170 -IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
2171 - glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
2172 - kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
2173 - pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
2174 - spice ssh static static-user systemtap tci test usb usbredir vde
2175 - +vhost-net virgl virtfs +vnc vte xattr xen xfs"
2176 -
2177 -COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
2178 - mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
2179 - sparc64 x86_64"
2180 -IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
2181 - lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
2182 -IUSE_USER_TARGETS="${COMMON_TARGETS}
2183 - armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
2184 -
2185 -use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
2186 -use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
2187 -IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
2188 -
2189 -# Allow no targets to be built so that people can get a tools-only build.
2190 -# Block USE flag configurations known to not work.
2191 -REQUIRED_USE="${PYTHON_REQUIRED_USE}
2192 - gtk2? ( gtk )
2193 - qemu_softmmu_targets_arm? ( fdt )
2194 - qemu_softmmu_targets_microblaze? ( fdt )
2195 - qemu_softmmu_targets_mips64el? ( fdt )
2196 - qemu_softmmu_targets_ppc? ( fdt )
2197 - qemu_softmmu_targets_ppc64? ( fdt )
2198 - sdl2? ( sdl )
2199 - static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
2200 - virtfs? ( xattr )
2201 - vte? ( gtk )"
2202 -
2203 -# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
2204 -# and user/softmmu targets (qemu-*, qemu-system-*).
2205 -#
2206 -# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
2207 -#
2208 -# The attr lib isn't always linked in (although the USE flag is always
2209 -# respected). This is because qemu supports using the C library's API
2210 -# when available rather than always using the extranl library.
2211 -ALL_DEPEND="
2212 - >=dev-libs/glib-2.0[static-libs(+)]
2213 - sys-libs/zlib[static-libs(+)]
2214 - python? ( ${PYTHON_DEPS} )
2215 - systemtap? ( dev-util/systemtap )
2216 - xattr? ( sys-apps/attr[static-libs(+)] )"
2217 -
2218 -# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
2219 -# softmmu targets (qemu-system-*).
2220 -SOFTMMU_TOOLS_DEPEND="
2221 - >=x11-libs/pixman-0.28.0[static-libs(+)]
2222 - accessibility? (
2223 - app-accessibility/brltty[api]
2224 - app-accessibility/brltty[static-libs(+)]
2225 - )
2226 - aio? ( dev-libs/libaio[static-libs(+)] )
2227 - alsa? ( >=media-libs/alsa-lib-1.0.13 )
2228 - bluetooth? ( net-wireless/bluez )
2229 - bzip2? ( app-arch/bzip2[static-libs(+)] )
2230 - caps? ( sys-libs/libcap-ng[static-libs(+)] )
2231 - curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
2232 - fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
2233 - glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
2234 - gnutls? (
2235 - dev-libs/nettle:=[static-libs(+)]
2236 - >=net-libs/gnutls-3.0:=[static-libs(+)]
2237 - )
2238 - gtk? (
2239 - gtk2? (
2240 - x11-libs/gtk+:2
2241 - vte? ( x11-libs/vte:0 )
2242 - )
2243 - !gtk2? (
2244 - x11-libs/gtk+:3
2245 - vte? ( x11-libs/vte:2.91 )
2246 - )
2247 - )
2248 - infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
2249 - iscsi? ( net-libs/libiscsi )
2250 - jpeg? ( virtual/jpeg:0=[static-libs(+)] )
2251 - lzo? ( dev-libs/lzo:2[static-libs(+)] )
2252 - ncurses? (
2253 - sys-libs/ncurses:0=[unicode]
2254 - sys-libs/ncurses:0=[static-libs(+)]
2255 - )
2256 - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
2257 - numa? ( sys-process/numactl[static-libs(+)] )
2258 - opengl? (
2259 - virtual/opengl
2260 - media-libs/libepoxy[static-libs(+)]
2261 - media-libs/mesa[static-libs(+)]
2262 - media-libs/mesa[egl,gbm]
2263 - )
2264 - png? ( media-libs/libpng:0=[static-libs(+)] )
2265 - pulseaudio? ( media-sound/pulseaudio )
2266 - rbd? ( sys-cluster/ceph[static-libs(+)] )
2267 - sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
2268 - sdl? (
2269 - !sdl2? (
2270 - media-libs/libsdl[X]
2271 - >=media-libs/libsdl-1.2.11[static-libs(+)]
2272 - )
2273 - sdl2? (
2274 - media-libs/libsdl2[X]
2275 - media-libs/libsdl2[static-libs(+)]
2276 - )
2277 - )
2278 - seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
2279 - smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
2280 - snappy? ( app-arch/snappy:=[static-libs(+)] )
2281 - spice? (
2282 - >=app-emulation/spice-protocol-0.12.3
2283 - >=app-emulation/spice-0.12.0[static-libs(+)]
2284 - )
2285 - ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
2286 - usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
2287 - usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
2288 - vde? ( net-misc/vde[static-libs(+)] )
2289 - virgl? ( media-libs/virglrenderer[static-libs(+)] )
2290 - virtfs? ( sys-libs/libcap )
2291 - xen? ( app-emulation/xen-tools:= )
2292 - xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
2293 -
2294 -X86_FIRMWARE_DEPEND="
2295 - pin-upstream-blobs? (
2296 - ~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
2297 - ~sys-firmware/ipxe-1.0.0_p20160620
2298 - ~sys-firmware/seabios-1.10.2[binary,seavgabios]
2299 - ~sys-firmware/sgabios-0.1_pre8
2300 - )
2301 - !pin-upstream-blobs? (
2302 - sys-firmware/edk2-ovmf
2303 - sys-firmware/ipxe
2304 - >=sys-firmware/seabios-1.10.2[seavgabios]
2305 - sys-firmware/sgabios
2306 - )"
2307 -
2308 -CDEPEND="
2309 - !static? (
2310 - ${ALL_DEPEND//\[static-libs(+)]}
2311 - ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
2312 - )
2313 - qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
2314 - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
2315 -DEPEND="${CDEPEND}
2316 - dev-lang/perl
2317 - =dev-lang/python-2*
2318 - sys-apps/texinfo
2319 - virtual/pkgconfig
2320 - kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
2321 - gtk? ( nls? ( sys-devel/gettext ) )
2322 - static? (
2323 - ${ALL_DEPEND}
2324 - ${SOFTMMU_TOOLS_DEPEND}
2325 - )
2326 - static-user? ( ${ALL_DEPEND} )
2327 - test? (
2328 - dev-libs/glib[utils]
2329 - sys-devel/bc
2330 - )"
2331 -RDEPEND="${CDEPEND}
2332 - selinux? ( sec-policy/selinux-qemu )"
2333 -
2334 -PATCHES=(
2335 - # musl patches
2336 - "${FILESDIR}"/${PN}-2.8.0-F_SHLCK-and-F_EXLCK.patch
2337 - "${FILESDIR}"/${PN}-2.0.0-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch
2338 - "${FILESDIR}"/${PN}-2.2.0-_sigev_un.patch
2339 -
2340 - # gentoo patches
2341 - "${FILESDIR}"/${PN}-2.5.0-cflags.patch
2342 - "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
2343 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
2344 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
2345 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
2346 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
2347 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
2348 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614
2349 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292
2350 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292
2351 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
2352 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184
2353 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
2354 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016
2355 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088
2356 -)
2357 -
2358 -STRIP_MASK="/usr/share/qemu/palcode-clipper"
2359 -
2360 -QA_PREBUILT="
2361 - usr/share/qemu/openbios-ppc
2362 - usr/share/qemu/openbios-sparc64
2363 - usr/share/qemu/openbios-sparc32
2364 - usr/share/qemu/palcode-clipper
2365 - usr/share/qemu/s390-ccw.img
2366 - usr/share/qemu/u-boot.e500"
2367 -
2368 -QA_WX_LOAD="usr/bin/qemu-i386
2369 - usr/bin/qemu-x86_64
2370 - usr/bin/qemu-alpha
2371 - usr/bin/qemu-arm
2372 - usr/bin/qemu-cris
2373 - usr/bin/qemu-m68k
2374 - usr/bin/qemu-microblaze
2375 - usr/bin/qemu-microblazeel
2376 - usr/bin/qemu-mips
2377 - usr/bin/qemu-mipsel
2378 - usr/bin/qemu-or1k
2379 - usr/bin/qemu-ppc
2380 - usr/bin/qemu-ppc64
2381 - usr/bin/qemu-ppc64abi32
2382 - usr/bin/qemu-sh4
2383 - usr/bin/qemu-sh4eb
2384 - usr/bin/qemu-sparc
2385 - usr/bin/qemu-sparc64
2386 - usr/bin/qemu-armeb
2387 - usr/bin/qemu-sparc32plus
2388 - usr/bin/qemu-s390x
2389 - usr/bin/qemu-unicore32"
2390 -
2391 -DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
2392 -kernel module loaded before running kvm. The easiest way to ensure that the
2393 -kernel module is loaded is to load it on boot.
2394 - For AMD CPUs the module is called 'kvm-amd'.
2395 - For Intel CPUs the module is called 'kvm-intel'.
2396 -Please review /etc/conf.d/modules for how to load these.
2397 -
2398 -Make sure your user is in the 'kvm' group. Just run
2399 - $ gpasswd -a <USER> kvm
2400 -then have <USER> re-login.
2401 -
2402 -For brand new installs, the default permissions on /dev/kvm might not let
2403 -you access it. You can tell udev to reset ownership/perms:
2404 - $ udevadm trigger -c add /dev/kvm
2405 -
2406 -If you want to register binfmt handlers for qemu user targets:
2407 -For openrc:
2408 - # rc-update add qemu-binfmt
2409 -For systemd:
2410 - # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
2411 -
2412 -pkg_pretend() {
2413 - if use kernel_linux && kernel_is lt 2 6 25; then
2414 - eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
2415 - elif use kernel_linux; then
2416 - if ! linux_config_exists; then
2417 - eerror "Unable to check your kernel for KVM support"
2418 - else
2419 - CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
2420 - ERROR_KVM="You must enable KVM in your kernel to continue"
2421 - ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
2422 - ERROR_KVM_AMD+=" your kernel configuration."
2423 - ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
2424 - ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
2425 - ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
2426 - ERROR_TUN+=" into your kernel or loaded as a module to use the"
2427 - ERROR_TUN+=" virtual network device if using -net tap."
2428 - ERROR_BRIDGE="You will also need support for 802.1d"
2429 - ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
2430 - use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
2431 - ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
2432 - ERROR_VHOST_NET+=" support"
2433 -
2434 - if use amd64 || use x86 || use amd64-linux || use x86-linux; then
2435 - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
2436 - fi
2437 -
2438 - use python && CONFIG_CHECK+=" ~DEBUG_FS"
2439 - ERROR_DEBUG_FS="debugFS support required for kvm_stat"
2440 -
2441 - # Now do the actual checks setup above
2442 - check_extra_config
2443 - fi
2444 - fi
2445 -
2446 - if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
2447 - eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
2448 - eerror "instances are still pointing to it. Please update your"
2449 - eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
2450 - eerror "and the right system binary (e.g. qemu-system-x86_64)."
2451 - die "update your virt configs to not use qemu-kvm"
2452 - fi
2453 -}
2454 -
2455 -pkg_setup() {
2456 - enewgroup kvm 78
2457 -}
2458 -
2459 -# Sanity check to make sure target lists are kept up-to-date.
2460 -check_targets() {
2461 - local var=$1 mak=$2
2462 - local detected sorted
2463 -
2464 - pushd "${S}"/default-configs >/dev/null || die
2465 -
2466 - # Force C locale until glibc is updated. #564936
2467 - detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
2468 - sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
2469 - if [[ ${sorted} != "${detected}" ]] ; then
2470 - eerror "The ebuild needs to be kept in sync."
2471 - eerror "${var}: ${sorted}"
2472 - eerror "$(printf '%-*s' ${#var} configure): ${detected}"
2473 - die "sync ${var} to the list of targets"
2474 - fi
2475 -
2476 - popd >/dev/null
2477 -}
2478 -
2479 -handle_locales() {
2480 - # Make sure locale list is kept up-to-date.
2481 - local detected sorted
2482 - detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
2483 - sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
2484 - if [[ ${sorted} != "${detected}" ]] ; then
2485 - eerror "The ebuild needs to be kept in sync."
2486 - eerror "PLOCALES: ${sorted}"
2487 - eerror " po/*.po: ${detected}"
2488 - die "sync PLOCALES"
2489 - fi
2490 -
2491 - # Deal with selective install of locales.
2492 - if use nls ; then
2493 - # Delete locales the user does not want. #577814
2494 - rm_loc() { rm po/$1.po || die; }
2495 - l10n_for_each_disabled_locale_do rm_loc
2496 - else
2497 - # Cheap hack to disable gettext .mo generation.
2498 - rm -f po/*.po
2499 - fi
2500 -}
2501 -
2502 -src_prepare() {
2503 - check_targets IUSE_SOFTMMU_TARGETS softmmu
2504 - check_targets IUSE_USER_TARGETS linux-user
2505 -
2506 - # Alter target makefiles to accept CFLAGS set via flag-o
2507 - sed -i -r \
2508 - -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
2509 - Makefile Makefile.target || die
2510 -
2511 - default
2512 -
2513 - # Fix ld and objcopy being called directly
2514 - tc-export AR LD OBJCOPY
2515 -
2516 - # Verbose builds
2517 - MAKEOPTS+=" V=1"
2518 -
2519 - # Run after we've applied all patches.
2520 - handle_locales
2521 -
2522 - #remove bundled copy of libfdt
2523 - rm -r dtc || die
2524 -}
2525 -
2526 -##
2527 -# configures qemu based on the build directory and the build type
2528 -# we are using.
2529 -#
2530 -qemu_src_configure() {
2531 - debug-print-function ${FUNCNAME} "$@"
2532 -
2533 - local buildtype=$1
2534 - local builddir="${S}/${buildtype}-build"
2535 -
2536 - mkdir "${builddir}"
2537 -
2538 - local conf_opts=(
2539 - --prefix=/usr
2540 - --sysconfdir=/etc
2541 - --libdir=/usr/$(get_libdir)
2542 - --docdir=/usr/share/doc/${PF}/html
2543 - --disable-bsd-user
2544 - --disable-guest-agent
2545 - --disable-strip
2546 - --disable-werror
2547 - # We support gnutls/nettle for crypto operations. It is possible
2548 - # to use gcrypt when gnutls/nettle are disabled (but not when they
2549 - # are enabled), but it's not really worth the hassle. Disable it
2550 - # all the time to avoid automatically detecting it. #568856
2551 - --disable-gcrypt
2552 - --python="${PYTHON}"
2553 - --cc="$(tc-getCC)"
2554 - --cxx="$(tc-getCXX)"
2555 - --host-cc="$(tc-getBUILD_CC)"
2556 - $(use_enable debug debug-info)
2557 - $(use_enable debug debug-tcg)
2558 - --enable-docs
2559 - $(use_enable tci tcg-interpreter)
2560 - $(use_enable xattr attr)
2561 - )
2562 -
2563 - # Disable options not used by user targets. This simplifies building
2564 - # static user targets (USE=static-user) considerably.
2565 - conf_notuser() {
2566 - if [[ ${buildtype} == "user" ]] ; then
2567 - echo "--disable-${2:-$1}"
2568 - else
2569 - use_enable "$@"
2570 - fi
2571 - }
2572 - conf_opts+=(
2573 - $(conf_notuser accessibility brlapi)
2574 - $(conf_notuser aio linux-aio)
2575 - $(conf_notuser bzip2)
2576 - $(conf_notuser bluetooth bluez)
2577 - $(conf_notuser caps cap-ng)
2578 - $(conf_notuser curl)
2579 - $(conf_notuser fdt)
2580 - $(conf_notuser glusterfs)
2581 - $(conf_notuser gnutls)
2582 - $(conf_notuser gnutls nettle)
2583 - $(conf_notuser gtk)
2584 - $(conf_notuser infiniband rdma)
2585 - $(conf_notuser iscsi libiscsi)
2586 - $(conf_notuser jpeg vnc-jpeg)
2587 - $(conf_notuser kernel_linux kvm)
2588 - $(conf_notuser lzo)
2589 - $(conf_notuser ncurses curses)
2590 - $(conf_notuser nfs libnfs)
2591 - $(conf_notuser numa)
2592 - $(conf_notuser opengl)
2593 - $(conf_notuser png vnc-png)
2594 - $(conf_notuser rbd)
2595 - $(conf_notuser sasl vnc-sasl)
2596 - $(conf_notuser sdl)
2597 - $(conf_notuser seccomp)
2598 - $(conf_notuser smartcard)
2599 - $(conf_notuser snappy)
2600 - $(conf_notuser spice)
2601 - $(conf_notuser ssh libssh2)
2602 - $(conf_notuser usb libusb)
2603 - $(conf_notuser usbredir usb-redir)
2604 - $(conf_notuser vde)
2605 - $(conf_notuser vhost-net)
2606 - $(conf_notuser virgl virglrenderer)
2607 - $(conf_notuser virtfs)
2608 - $(conf_notuser vnc)
2609 - $(conf_notuser vte)
2610 - $(conf_notuser xen)
2611 - $(conf_notuser xen xen-pci-passthrough)
2612 - $(conf_notuser xfs xfsctl)
2613 - )
2614 -
2615 - if [[ ! ${buildtype} == "user" ]] ; then
2616 - # audio options
2617 - local audio_opts="oss"
2618 - use alsa && audio_opts="alsa,${audio_opts}"
2619 - use sdl && audio_opts="sdl,${audio_opts}"
2620 - use pulseaudio && audio_opts="pa,${audio_opts}"
2621 - conf_opts+=(
2622 - --audio-drv-list="${audio_opts}"
2623 - )
2624 - use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
2625 - use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
2626 - fi
2627 -
2628 - case ${buildtype} in
2629 - user)
2630 - conf_opts+=(
2631 - --enable-linux-user
2632 - --disable-system
2633 - --disable-blobs
2634 - --disable-tools
2635 - )
2636 - local static_flag="static-user"
2637 - ;;
2638 - softmmu)
2639 - conf_opts+=(
2640 - --disable-linux-user
2641 - --enable-system
2642 - --disable-tools
2643 - --with-system-pixman
2644 - )
2645 - local static_flag="static"
2646 - ;;
2647 - tools)
2648 - conf_opts+=(
2649 - --disable-linux-user
2650 - --disable-system
2651 - --disable-blobs
2652 - --enable-tools
2653 - )
2654 - local static_flag="static"
2655 - ;;
2656 - esac
2657 -
2658 - local targets="${buildtype}_targets"
2659 - [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
2660 -
2661 - # Add support for SystemTAP
2662 - use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
2663 -
2664 - # We always want to attempt to build with PIE support as it results
2665 - # in a more secure binary. But it doesn't work with static or if
2666 - # the current GCC doesn't have PIE support.
2667 - if use ${static_flag}; then
2668 - conf_opts+=( --static --disable-pie )
2669 - else
2670 - tc-enables-pie && conf_opts+=( --enable-pie )
2671 - fi
2672 -
2673 - echo "../configure ${conf_opts[*]}"
2674 - cd "${builddir}"
2675 - ../configure "${conf_opts[@]}" || die "configure failed"
2676 -
2677 - # FreeBSD's kernel does not support QEMU assigning/grabbing
2678 - # host USB devices yet
2679 - use kernel_FreeBSD && \
2680 - sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
2681 -}
2682 -
2683 -src_configure() {
2684 - local target
2685 -
2686 - python_setup
2687 -
2688 - softmmu_targets= softmmu_bins=()
2689 - user_targets= user_bins=()
2690 -
2691 - for target in ${IUSE_SOFTMMU_TARGETS} ; do
2692 - if use "qemu_softmmu_targets_${target}"; then
2693 - softmmu_targets+=",${target}-softmmu"
2694 - softmmu_bins+=( "qemu-system-${target}" )
2695 - fi
2696 - done
2697 -
2698 - for target in ${IUSE_USER_TARGETS} ; do
2699 - if use "qemu_user_targets_${target}"; then
2700 - user_targets+=",${target}-linux-user"
2701 - user_bins+=( "qemu-${target}" )
2702 - fi
2703 - done
2704 -
2705 - softmmu_targets=${softmmu_targets#,}
2706 - user_targets=${user_targets#,}
2707 -
2708 - [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
2709 - [[ -n ${user_targets} ]] && qemu_src_configure "user"
2710 - qemu_src_configure "tools"
2711 -}
2712 -
2713 -src_compile() {
2714 - if [[ -n ${user_targets} ]]; then
2715 - cd "${S}/user-build"
2716 - default
2717 - fi
2718 -
2719 - if [[ -n ${softmmu_targets} ]]; then
2720 - cd "${S}/softmmu-build"
2721 - default
2722 - fi
2723 -
2724 - cd "${S}/tools-build"
2725 - default
2726 -}
2727 -
2728 -src_test() {
2729 - if [[ -n ${softmmu_targets} ]]; then
2730 - cd "${S}/softmmu-build"
2731 - pax-mark m */qemu-system-* #515550
2732 - emake -j1 check
2733 - emake -j1 check-report.html
2734 - fi
2735 -}
2736 -
2737 -qemu_python_install() {
2738 - python_domodule "${S}/scripts/qmp/qmp.py"
2739 -
2740 - python_doscript "${S}/scripts/kvm/vmxcap"
2741 - python_doscript "${S}/scripts/qmp/qmp-shell"
2742 - python_doscript "${S}/scripts/qmp/qemu-ga-client"
2743 -}
2744 -
2745 -# Generate binfmt support files.
2746 -# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
2747 -# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
2748 -generate_initd() {
2749 - local out="${T}/qemu-binfmt"
2750 - local out_systemd="${T}/qemu.conf"
2751 - local d="${T}/binfmt.d"
2752 -
2753 - einfo "Generating qemu binfmt scripts and configuration files"
2754 -
2755 - # Generate the debian fragments first.
2756 - mkdir -p "${d}"
2757 - "${S}"/scripts/qemu-binfmt-conf.sh \
2758 - --debian \
2759 - --exportdir "${d}" \
2760 - --qemu-path "${EPREFIX}/usr/bin" \
2761 - || die
2762 - # Then turn the fragments into a shell script we can source.
2763 - sed -E -i \
2764 - -e 's:^([^ ]+) (.*)$:\1="\2":' \
2765 - "${d}"/* || die
2766 -
2767 - # Generate the init.d script by assembling the fragments from above.
2768 - local f qcpu package interpreter magic mask
2769 - cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
2770 - for f in "${d}"/qemu-* ; do
2771 - source "${f}"
2772 -
2773 - # Normalize the cpu logic like we do in the init.d for the native cpu.
2774 - qcpu=${package#qemu-}
2775 - case ${qcpu} in
2776 - arm*) qcpu="arm";;
2777 - mips*) qcpu="mips";;
2778 - ppc*) qcpu="ppc";;
2779 - s390*) qcpu="s390";;
2780 - sh*) qcpu="sh";;
2781 - sparc*) qcpu="sparc";;
2782 - esac
2783 -
2784 - cat <<EOF >>"${out}"
2785 - if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
2786 - echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
2787 - fi
2788 -EOF
2789 -
2790 - echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
2791 -
2792 - done
2793 - cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
2794 -}
2795 -
2796 -src_install() {
2797 - if [[ -n ${user_targets} ]]; then
2798 - cd "${S}/user-build"
2799 - emake DESTDIR="${ED}" install
2800 -
2801 - # Install binfmt handler init script for user targets.
2802 - generate_initd
2803 - doinitd "${T}/qemu-binfmt"
2804 -
2805 - # Install binfmt/qemu.conf.
2806 - insinto "/usr/share/qemu/binfmt.d"
2807 - doins "${T}/qemu.conf"
2808 - fi
2809 -
2810 - if [[ -n ${softmmu_targets} ]]; then
2811 - cd "${S}/softmmu-build"
2812 - emake DESTDIR="${ED}" install
2813 -
2814 - # This might not exist if the test failed. #512010
2815 - [[ -e check-report.html ]] && dohtml check-report.html
2816 -
2817 - if use kernel_linux; then
2818 - udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
2819 - fi
2820 -
2821 - if use python; then
2822 - python_foreach_impl qemu_python_install
2823 - fi
2824 - fi
2825 -
2826 - cd "${S}/tools-build"
2827 - emake DESTDIR="${ED}" install
2828 -
2829 - # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
2830 - pushd "${ED}"/usr/bin >/dev/null
2831 - pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
2832 - popd >/dev/null
2833 -
2834 - # Install config file example for qemu-bridge-helper
2835 - insinto "/etc/qemu"
2836 - doins "${FILESDIR}/bridge.conf"
2837 -
2838 - cd "${S}"
2839 - dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
2840 - newdoc pc-bios/README README.pc-bios
2841 - dodoc docs/qmp-*.txt
2842 -
2843 - if [[ -n ${softmmu_targets} ]]; then
2844 - # Remove SeaBIOS since we're using the SeaBIOS packaged one
2845 - rm "${ED}/usr/share/qemu/bios.bin"
2846 - rm "${ED}/usr/share/qemu/bios-256k.bin"
2847 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2848 - dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
2849 - dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
2850 - fi
2851 -
2852 - # Remove vgabios since we're using the seavgabios packaged one
2853 - rm "${ED}/usr/share/qemu/vgabios.bin"
2854 - rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
2855 - rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
2856 - rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
2857 - rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
2858 - rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
2859 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2860 - dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
2861 - dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
2862 - dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
2863 - dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
2864 - dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
2865 - dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
2866 - fi
2867 -
2868 - # Remove sgabios since we're using the sgabios packaged one
2869 - rm "${ED}/usr/share/qemu/sgabios.bin"
2870 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2871 - dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
2872 - fi
2873 -
2874 - # Remove iPXE since we're using the iPXE packaged one
2875 - rm "${ED}"/usr/share/qemu/pxe-*.rom
2876 - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
2877 - dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
2878 - dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
2879 - dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
2880 - dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
2881 - dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
2882 - dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
2883 - fi
2884 - fi
2885 -
2886 - DISABLE_AUTOFORMATTING=true
2887 - readme.gentoo_create_doc
2888 -}
2889 -
2890 -firmware_abi_change() {
2891 - local pv
2892 - for pv in ${REPLACING_VERSIONS}; do
2893 - if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
2894 - return 0
2895 - fi
2896 - done
2897 - return 1
2898 -}
2899 -
2900 -pkg_postinst() {
2901 - if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
2902 - udev_reload
2903 - fi
2904 -
2905 - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
2906 -
2907 - DISABLE_AUTOFORMATTING=true
2908 - readme.gentoo_print_elog
2909 -
2910 - if use pin-upstream-blobs && firmware_abi_change; then
2911 - ewarn "This version of qemu pins new versions of firmware blobs:"
2912 - ewarn " $(best_version sys-firmware/edk2-ovmf)"
2913 - ewarn " $(best_version sys-firmware/ipxe)"
2914 - ewarn " $(best_version sys-firmware/seabios)"
2915 - ewarn " $(best_version sys-firmware/sgabios)"
2916 - ewarn "This might break resume of hibernated guests (started with a different"
2917 - ewarn "firmware version) and live migration to/from qemu versions with different"
2918 - ewarn "firmware. Please (cold) restart all running guests. For functional"
2919 - ewarn "guest migration ensure that all"
2920 - ewarn "hosts run at least"
2921 - ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
2922 - fi
2923 -}
2924 -
2925 -pkg_info() {
2926 - echo "Using:"
2927 - echo " $(best_version app-emulation/spice-protocol)"
2928 - echo " $(best_version sys-firmware/edk2-ovmf)"
2929 - if has_version 'sys-firmware/edk2-ovmf[binary]'; then
2930 - echo " USE=binary"
2931 - else
2932 - echo " USE=''"
2933 - fi
2934 - echo " $(best_version sys-firmware/ipxe)"
2935 - echo " $(best_version sys-firmware/seabios)"
2936 - if has_version 'sys-firmware/seabios[binary]'; then
2937 - echo " USE=binary"
2938 - else
2939 - echo " USE=''"
2940 - fi
2941 - echo " $(best_version sys-firmware/sgabios)"
2942 -}
Report Message
Find on MARC Find on Google Groups