Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Matthias Maier <tamiko@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
Date: Mon, 13 Feb 2017 04:58:18
Message-Id: 1486961418.69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb.tamiko@gentoo
1 commit: 69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb
2 Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
3 AuthorDate: Mon Feb 13 04:50:18 2017 +0000
4 Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
5 CommitDate: Mon Feb 13 04:50:18 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69f166f7
7
8 app-emulation/qemu: fix various security issues, bug #608728 and others
9
10 This commit applies upstream patches to 2.8.0 for the following CVEs
11
12 CVE-2016-10155 #606720
13 CVE-2017-2615 #608034
14 CVE-2017-5525 #606264
15 CVE-2017-5552 #606722
16 CVE-2017-5578 #607000
17 CVE-2017-5579 #607100
18 CVE-2017-5667 #607766
19 CVE-2017-5856 #608036
20 CVE-2017-5857 #608038
21 CVE-2017-5898 #608520
22 CVE-2017-5931 #608728
23
24 Package-Manager: Portage-2.3.3, Repoman-2.3.1
25
26 .../qemu/files/qemu-2.8.0-CVE-2016-10155.patch | 46 ++
27 .../qemu/files/qemu-2.8.0-CVE-2017-2615.patch | 48 ++
28 .../qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch | 52 ++
29 .../qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch | 55 ++
30 .../qemu/files/qemu-2.8.0-CVE-2017-5552.patch | 41 ++
31 .../qemu/files/qemu-2.8.0-CVE-2017-5578.patch | 35 ++
32 .../qemu/files/qemu-2.8.0-CVE-2017-5579.patch | 40 ++
33 .../qemu/files/qemu-2.8.0-CVE-2017-5667.patch | 37 ++
34 .../qemu/files/qemu-2.8.0-CVE-2017-5856.patch | 64 ++
35 .../qemu/files/qemu-2.8.0-CVE-2017-5857.patch | 38 ++
36 .../qemu/files/qemu-2.8.0-CVE-2017-5898.patch | 35 ++
37 .../qemu/files/qemu-2.8.0-CVE-2017-5931.patch | 46 ++
38 app-emulation/qemu/qemu-2.8.0-r1.ebuild | 691 +++++++++++++++++++++
39 13 files changed, 1228 insertions(+)
40
41 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
42 new file mode 100644
43 index 0000000000..c486295d06
44 --- /dev/null
45 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch
46 @@ -0,0 +1,46 @@
47 +From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
48 +From: Li Qiang <liqiang6-s@×××.cn>
49 +Date: Mon, 28 Nov 2016 17:49:04 -0800
50 +Subject: [PATCH] watchdog: 6300esb: add exit function
51 +
52 +When the Intel 6300ESB watchdog is hot unplug. The timer allocated
53 +in realize isn't freed thus leaking memory leak. This patch avoid
54 +this through adding the exit function.
55 +
56 +Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
57 +Message-Id: <583cde9c.3223ed0a.7f0c2.886e@×××××××××.com>
58 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
59 +---
60 + hw/watchdog/wdt_i6300esb.c | 9 +++++++++
61 + 1 file changed, 9 insertions(+)
62 +
63 +diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
64 +index a83d951..49b3cd1 100644
65 +--- a/hw/watchdog/wdt_i6300esb.c
66 ++++ b/hw/watchdog/wdt_i6300esb.c
67 +@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
68 + /* qemu_register_coalesced_mmio (addr, 0x10); ? */
69 + }
70 +
71 ++static void i6300esb_exit(PCIDevice *dev)
72 ++{
73 ++ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
74 ++
75 ++ timer_del(d->timer);
76 ++ timer_free(d->timer);
77 ++}
78 ++
79 + static WatchdogTimerModel model = {
80 + .wdt_name = "i6300esb",
81 + .wdt_description = "Intel 6300ESB",
82 +@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
83 + k->config_read = i6300esb_config_read;
84 + k->config_write = i6300esb_config_write;
85 + k->realize = i6300esb_realize;
86 ++ k->exit = i6300esb_exit;
87 + k->vendor_id = PCI_VENDOR_ID_INTEL;
88 + k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
89 + k->class_id = PCI_CLASS_SYSTEM_OTHER;
90 +--
91 +2.10.2
92 +
93
94 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
95 new file mode 100644
96 index 0000000000..f0bba80165
97 --- /dev/null
98 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch
99 @@ -0,0 +1,48 @@
100 +From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001
101 +From: Li Qiang <liqiang6-s@×××.cn>
102 +Date: Wed, 1 Feb 2017 09:35:01 +0100
103 +Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615)
104 +
105 +When doing bitblt copy in backward mode, we should minus the
106 +blt width first just like the adding in the forward mode. This
107 +can avoid the oob access of the front of vga's vram.
108 +
109 +Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
110 +
111 +{ kraxel: with backward blits (negative pitch) addr is the topmost
112 + address, so check it as-is against vram size ]
113 +
114 +Cc: qemu-stable@××××××.org
115 +Cc: P J P <ppandit@××××××.com>
116 +Cc: Laszlo Ersek <lersek@××××××.com>
117 +Cc: Paolo Bonzini <pbonzini@××××××.com>
118 +Cc: Wolfgang Bumiller <w.bumiller@×××××××.com>
119 +Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
120 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
121 +Message-id: 1485938101-26602-1-git-send-email-kraxel@××××××.com
122 +Reviewed-by: Laszlo Ersek <lersek@××××××.com>
123 +---
124 + hw/display/cirrus_vga.c | 7 +++----
125 + 1 file changed, 3 insertions(+), 4 deletions(-)
126 +
127 +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
128 +index 7db6409..16f27e8 100644
129 +--- a/hw/display/cirrus_vga.c
130 ++++ b/hw/display/cirrus_vga.c
131 +@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
132 + {
133 + if (pitch < 0) {
134 + int64_t min = addr
135 +- + ((int64_t)s->cirrus_blt_height-1) * pitch;
136 +- int32_t max = addr
137 +- + s->cirrus_blt_width;
138 +- if (min < 0 || max > s->vga.vram_size) {
139 ++ + ((int64_t)s->cirrus_blt_height - 1) * pitch
140 ++ - s->cirrus_blt_width;
141 ++ if (min < -1 || addr >= s->vga.vram_size) {
142 + return true;
143 + }
144 + } else {
145 +--
146 +2.10.2
147 +
148
149 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
150 new file mode 100644
151 index 0000000000..24411b4dca
152 --- /dev/null
153 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch
154 @@ -0,0 +1,52 @@
155 +From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
156 +From: Li Qiang <liqiang6-s@×××.cn>
157 +Date: Wed, 14 Dec 2016 18:30:21 -0800
158 +Subject: [PATCH] audio: ac97: add exit function
159 +MIME-Version: 1.0
160 +Content-Type: text/plain; charset=UTF-8
161 +Content-Transfer-Encoding: 8bit
162 +
163 +Currently the ac97 device emulation doesn't have a exit function,
164 +hot unplug this device will leak some memory. Add a exit function to
165 +avoid this.
166 +
167 +Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
168 +Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com>
169 +Message-id: 58520052.4825ed0a.27a71.6cae@×××××××××.com
170 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
171 +---
172 + hw/audio/ac97.c | 11 +++++++++++
173 + 1 file changed, 11 insertions(+)
174 +
175 +diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
176 +index cbd959e..c306575 100644
177 +--- a/hw/audio/ac97.c
178 ++++ b/hw/audio/ac97.c
179 +@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
180 + ac97_on_reset (&s->dev.qdev);
181 + }
182 +
183 ++static void ac97_exit(PCIDevice *dev)
184 ++{
185 ++ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
186 ++
187 ++ AUD_close_in(&s->card, s->voice_pi);
188 ++ AUD_close_out(&s->card, s->voice_po);
189 ++ AUD_close_in(&s->card, s->voice_mc);
190 ++ AUD_remove_card(&s->card);
191 ++}
192 ++
193 + static int ac97_init (PCIBus *bus)
194 + {
195 + pci_create_simple (bus, -1, "AC97");
196 +@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
197 + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
198 +
199 + k->realize = ac97_realize;
200 ++ k->exit = ac97_exit;
201 + k->vendor_id = PCI_VENDOR_ID_INTEL;
202 + k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
203 + k->revision = 0x01;
204 +--
205 +2.10.2
206 +
207
208 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
209 new file mode 100644
210 index 0000000000..6bbac580c3
211 --- /dev/null
212 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch
213 @@ -0,0 +1,55 @@
214 +From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
215 +From: Li Qiang <liqiang6-s@×××.cn>
216 +Date: Wed, 14 Dec 2016 18:32:22 -0800
217 +Subject: [PATCH] audio: es1370: add exit function
218 +MIME-Version: 1.0
219 +Content-Type: text/plain; charset=UTF-8
220 +Content-Transfer-Encoding: 8bit
221 +
222 +Currently the es1370 device emulation doesn't have a exit function,
223 +hot unplug this device will leak some memory. Add a exit function to
224 +avoid this.
225 +
226 +Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
227 +Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com>
228 +Message-id: 585200c9.a968ca0a.1ab80.4c98@×××××××××.com
229 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
230 +---
231 + hw/audio/es1370.c | 14 ++++++++++++++
232 + 1 file changed, 14 insertions(+)
233 +
234 +diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
235 +index 8449b5f..883ec69 100644
236 +--- a/hw/audio/es1370.c
237 ++++ b/hw/audio/es1370.c
238 +@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
239 + es1370_reset (s);
240 + }
241 +
242 ++static void es1370_exit(PCIDevice *dev)
243 ++{
244 ++ ES1370State *s = ES1370(dev);
245 ++ int i;
246 ++
247 ++ for (i = 0; i < 2; ++i) {
248 ++ AUD_close_out(&s->card, s->dac_voice[i]);
249 ++ }
250 ++
251 ++ AUD_close_in(&s->card, s->adc_voice);
252 ++ AUD_remove_card(&s->card);
253 ++}
254 ++
255 + static int es1370_init (PCIBus *bus)
256 + {
257 + pci_create_simple (bus, -1, TYPE_ES1370);
258 +@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
259 + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
260 +
261 + k->realize = es1370_realize;
262 ++ k->exit = es1370_exit;
263 + k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
264 + k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
265 + k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
266 +--
267 +2.10.2
268 +
269
270 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
271 new file mode 100644
272 index 0000000000..9475f3fd2a
273 --- /dev/null
274 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch
275 @@ -0,0 +1,41 @@
276 +From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
277 +From: Li Qiang <liq3ea@×××××.com>
278 +Date: Thu, 29 Dec 2016 03:11:26 -0500
279 +Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
280 +MIME-Version: 1.0
281 +Content-Type: text/plain; charset=UTF-8
282 +Content-Transfer-Encoding: 8bit
283 +
284 +If the virgl_renderer_resource_attach_iov function fails the
285 +'res_iovs' will be leaked. Add check of the return value to
286 +free the 'res_iovs' when failing.
287 +
288 +Signed-off-by: Li Qiang <liq3ea@×××××.com>
289 +Reviewed-by: Marc-André Lureau <marcandre.lureau@××××××.com>
290 +Message-id: 1482999086-59795-1-git-send-email-liq3ea@×××××.com
291 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
292 +---
293 + hw/display/virtio-gpu-3d.c | 7 +++++--
294 + 1 file changed, 5 insertions(+), 2 deletions(-)
295 +
296 +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
297 +index e29f099..b13ced3 100644
298 +--- a/hw/display/virtio-gpu-3d.c
299 ++++ b/hw/display/virtio-gpu-3d.c
300 +@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
301 + return;
302 + }
303 +
304 +- virgl_renderer_resource_attach_iov(att_rb.resource_id,
305 +- res_iovs, att_rb.nr_entries);
306 ++ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
307 ++ res_iovs, att_rb.nr_entries);
308 ++
309 ++ if (ret != 0)
310 ++ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
311 + }
312 +
313 + static void virgl_resource_detach_backing(VirtIOGPU *g,
314 +--
315 +2.10.2
316 +
317
318 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
319 new file mode 100644
320 index 0000000000..f93d1e7f9e
321 --- /dev/null
322 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch
323 @@ -0,0 +1,35 @@
324 +From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001
325 +From: Li Qiang <liq3ea@×××××.com>
326 +Date: Thu, 29 Dec 2016 04:28:41 -0500
327 +Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing
328 +
329 +In the resource attach backing function, everytime it will
330 +allocate 'res->iov' thus can leading a memory leak. This
331 +patch avoid this.
332 +
333 +Signed-off-by: Li Qiang <liq3ea@×××××.com>
334 +Message-id: 1483003721-65360-1-git-send-email-liq3ea@×××××.com
335 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
336 +---
337 + hw/display/virtio-gpu.c | 5 +++++
338 + 1 file changed, 5 insertions(+)
339 +
340 +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
341 +index 6a26258..ca88cf4 100644
342 +--- a/hw/display/virtio-gpu.c
343 ++++ b/hw/display/virtio-gpu.c
344 +@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g,
345 + return;
346 + }
347 +
348 ++ if (res->iov) {
349 ++ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
350 ++ return;
351 ++ }
352 ++
353 + ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov);
354 + if (ret != 0) {
355 + cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
356 +--
357 +2.10.2
358 +
359
360 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
361 new file mode 100644
362 index 0000000000..e4572a8d57
363 --- /dev/null
364 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch
365 @@ -0,0 +1,40 @@
366 +From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001
367 +From: Li Qiang <liqiang6-s@×××.cn>
368 +Date: Wed, 4 Jan 2017 00:43:16 -0800
369 +Subject: [PATCH] serial: fix memory leak in serial exit
370 +
371 +The serial_exit_core function doesn't free some resources.
372 +This can lead memory leak when hotplug and unplug. This
373 +patch avoid this.
374 +
375 +Signed-off-by: Li Qiang <liqiang6-s@×××.cn>
376 +Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@×××××××××.com>
377 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
378 +---
379 + hw/char/serial.c | 10 ++++++++++
380 + 1 file changed, 10 insertions(+)
381 +
382 +diff --git a/hw/char/serial.c b/hw/char/serial.c
383 +index ffbacd8..67b18ed 100644
384 +--- a/hw/char/serial.c
385 ++++ b/hw/char/serial.c
386 +@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp)
387 + void serial_exit_core(SerialState *s)
388 + {
389 + qemu_chr_fe_deinit(&s->chr);
390 ++
391 ++ timer_del(s->modem_status_poll);
392 ++ timer_free(s->modem_status_poll);
393 ++
394 ++ timer_del(s->fifo_timeout_timer);
395 ++ timer_free(s->fifo_timeout_timer);
396 ++
397 ++ fifo8_destroy(&s->recv_fifo);
398 ++ fifo8_destroy(&s->xmit_fifo);
399 ++
400 + qemu_unregister_reset(serial_reset, s);
401 + }
402 +
403 +--
404 +2.10.2
405 +
406
407 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
408 new file mode 100644
409 index 0000000000..93e9c9406c
410 --- /dev/null
411 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch
412 @@ -0,0 +1,37 @@
413 +From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001
414 +From: Prasad J Pandit <pjp@×××××××××××××.org>
415 +Date: Tue, 7 Feb 2017 18:29:59 +0000
416 +Subject: [PATCH] sd: sdhci: check data length during dma_memory_read
417 +
418 +While doing multi block SDMA transfer in routine
419 +'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting
420 +index 'begin' and data length 's->data_count' could end up to be same.
421 +This could lead to an OOB access issue. Correct transfer data length
422 +to avoid it.
423 +
424 +Cc: qemu-stable@××××××.org
425 +Reported-by: Jiang Xin <jiangxin1@××××××.com>
426 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
427 +Reviewed-by: Peter Maydell <peter.maydell@××××××.org>
428 +Message-id: 20170130064736.9236-1-ppandit@××××××.com
429 +Signed-off-by: Peter Maydell <peter.maydell@××××××.org>
430 +---
431 + hw/sd/sdhci.c | 2 +-
432 + 1 file changed, 1 insertion(+), 1 deletion(-)
433 +
434 +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
435 +index 01fbf22..5bd5ab6 100644
436 +--- a/hw/sd/sdhci.c
437 ++++ b/hw/sd/sdhci.c
438 +@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
439 + boundary_count -= block_size - begin;
440 + }
441 + dma_memory_read(&address_space_memory, s->sdmasysad,
442 +- &s->fifo_buffer[begin], s->data_count);
443 ++ &s->fifo_buffer[begin], s->data_count - begin);
444 + s->sdmasysad += s->data_count - begin;
445 + if (s->data_count == block_size) {
446 + for (n = 0; n < block_size; n++) {
447 +--
448 +2.10.2
449 +
450
451 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
452 new file mode 100644
453 index 0000000000..2ebd49fa54
454 --- /dev/null
455 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch
456 @@ -0,0 +1,64 @@
457 +From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001
458 +From: Paolo Bonzini <pbonzini@××××××.com>
459 +Date: Mon, 2 Jan 2017 11:03:33 +0100
460 +Subject: [PATCH] megasas: fix guest-triggered memory leak
461 +
462 +If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
463 +will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
464 +Avoid this by returning only the status from map_dcmd, and loading
465 +cmd->iov_size in the caller.
466 +
467 +Reported-by: Li Qiang <liqiang6-s@×××.cn>
468 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
469 +---
470 + hw/scsi/megasas.c | 11 ++++++-----
471 + 1 file changed, 6 insertions(+), 5 deletions(-)
472 +
473 +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
474 +index 67fc1e7..6233865 100644
475 +--- a/hw/scsi/megasas.c
476 ++++ b/hw/scsi/megasas.c
477 +@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
478 + trace_megasas_dcmd_invalid_sge(cmd->index,
479 + cmd->frame->header.sge_count);
480 + cmd->iov_size = 0;
481 +- return -1;
482 ++ return -EINVAL;
483 + }
484 + iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
485 + iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
486 + pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
487 + qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
488 + cmd->iov_size = iov_size;
489 +- return cmd->iov_size;
490 ++ return 0;
491 + }
492 +
493 + static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
494 +@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t {
495 +
496 + static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
497 + {
498 +- int opcode, len;
499 ++ int opcode;
500 + int retval = 0;
501 ++ size_t len;
502 + const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
503 +
504 + opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
505 + trace_megasas_handle_dcmd(cmd->index, opcode);
506 +- len = megasas_map_dcmd(s, cmd);
507 +- if (len < 0) {
508 ++ if (megasas_map_dcmd(s, cmd) < 0) {
509 + return MFI_STAT_MEMORY_NOT_AVAILABLE;
510 + }
511 + while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
512 + cmdptr++;
513 + }
514 ++ len = cmd->iov_size;
515 + if (cmdptr->opcode == -1) {
516 + trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
517 + retval = megasas_dcmd_dummy(s, cmd);
518 +--
519 +2.10.2
520 +
521
522 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
523 new file mode 100644
524 index 0000000000..664a669ffa
525 --- /dev/null
526 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch
527 @@ -0,0 +1,38 @@
528 +When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the
529 +backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING)
530 +we'll leak memory.
531 +
532 +This patch fixes it for 3d mode, simliar to the 2d mode fix in commit
533 +"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy".
534 +
535 +Reported-by: 李强 <address@hidden>
536 +Signed-off-by: Gerd Hoffmann <address@hidden>
537 +---
538 + hw/display/virtio-gpu-3d.c | 8 ++++++++
539 + 1 file changed, 8 insertions(+)
540 +
541 +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
542 +index f96a0c2..ecb09d1 100644
543 +--- a/hw/display/virtio-gpu-3d.c
544 ++++ b/hw/display/virtio-gpu-3d.c
545 +@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g,
546 + struct virtio_gpu_ctrl_command *cmd)
547 + {
548 + struct virtio_gpu_resource_unref unref;
549 ++ struct iovec *res_iovs = NULL;
550 ++ int num_iovs = 0;
551 +
552 + VIRTIO_GPU_FILL_CMD(unref);
553 + trace_virtio_gpu_cmd_res_unref(unref.resource_id);
554 +
555 ++ virgl_renderer_resource_detach_iov(unref.resource_id,
556 ++ &res_iovs,
557 ++ &num_iovs);
558 ++ if (res_iovs != NULL && num_iovs != 0) {
559 ++ virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs);
560 ++ }
561 + virgl_renderer_resource_unref(unref.resource_id);
562 + }
563 +
564 +--
565 +1.8.3.1
566
567 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
568 new file mode 100644
569 index 0000000000..9f94477a46
570 --- /dev/null
571 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch
572 @@ -0,0 +1,35 @@
573 +From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001
574 +From: Prasad J Pandit <pjp@×××××××××××××.org>
575 +Date: Fri, 3 Feb 2017 00:52:28 +0530
576 +Subject: [PATCH] usb: ccid: check ccid apdu length
577 +
578 +CCID device emulator uses Application Protocol Data Units(APDU)
579 +to exchange command and responses to and from the host.
580 +The length in these units couldn't be greater than 65536. Add
581 +check to ensure the same. It'd also avoid potential integer
582 +overflow in emulated_apdu_from_guest.
583 +
584 +Reported-by: Li Qiang <liqiang6-s@×××.cn>
585 +Signed-off-by: Prasad J Pandit <pjp@×××××××××××××.org>
586 +Message-id: 20170202192228.10847-1-ppandit@××××××.com
587 +Signed-off-by: Gerd Hoffmann <kraxel@××××××.com>
588 +---
589 + hw/usb/dev-smartcard-reader.c | 2 +-
590 + 1 file changed, 1 insertion(+), 1 deletion(-)
591 +
592 +diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
593 +index 89e11b6..1325ea1 100644
594 +--- a/hw/usb/dev-smartcard-reader.c
595 ++++ b/hw/usb/dev-smartcard-reader.c
596 +@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv)
597 + DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__,
598 + recv->hdr.bSeq, len);
599 + ccid_add_pending_answer(s, (CCID_Header *)recv);
600 +- if (s->card) {
601 ++ if (s->card && len <= BULK_OUT_DATA_SIZE) {
602 + ccid_card_apdu_from_guest(s->card, recv->abData, len);
603 + } else {
604 + DPRINTF(s, D_WARN, "warning: discarded apdu\n");
605 +--
606 +2.10.2
607 +
608
609 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
610 new file mode 100644
611 index 0000000000..f24d557c96
612 --- /dev/null
613 +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch
614 @@ -0,0 +1,46 @@
615 +From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001
616 +From: Gonglei <arei.gonglei@××××××.com>
617 +Date: Tue, 3 Jan 2017 14:50:03 +0800
618 +Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow
619 +
620 +Because the 'size_t' type is 4 bytes in 32-bit platform, which
621 +is the same with 'int'. It's easy to make 'max_len' to zero when
622 +integer overflow and then cause heap overflow if 'max_len' is zero.
623 +
624 +Using uint_64 instead of size_t to avoid the integer overflow.
625 +
626 +Cc: qemu-stable@××××××.org
627 +Reported-by: Li Qiang <liqiang6-s@×××.cn>
628 +Signed-off-by: Gonglei <arei.gonglei@××××××.com>
629 +Tested-by: Li Qiang <liqiang6-s@×××.cn>
630 +Reviewed-by: Michael S. Tsirkin <mst@××××××.com>
631 +Signed-off-by: Michael S. Tsirkin <mst@××××××.com>
632 +---
633 + hw/virtio/virtio-crypto.c | 4 ++--
634 + 1 file changed, 2 insertions(+), 2 deletions(-)
635 +
636 +diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
637 +index 2f2467e..c23e1ad 100644
638 +--- a/hw/virtio/virtio-crypto.c
639 ++++ b/hw/virtio/virtio-crypto.c
640 +@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
641 + uint32_t hash_start_src_offset = 0, len_to_hash = 0;
642 + uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
643 +
644 +- size_t max_len, curr_size = 0;
645 ++ uint64_t max_len, curr_size = 0;
646 + size_t s;
647 +
648 + /* Plain cipher */
649 +@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
650 + return NULL;
651 + }
652 +
653 +- max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
654 ++ max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
655 + if (unlikely(max_len > vcrypto->conf.max_size)) {
656 + virtio_error(vdev, "virtio-crypto too big length");
657 + return NULL;
658 +--
659 +2.10.2
660 +
661
662 diff --git a/app-emulation/qemu/qemu-2.8.0-r1.ebuild b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
663 new file mode 100644
664 index 0000000000..27420ae5fd
665 --- /dev/null
666 +++ b/app-emulation/qemu/qemu-2.8.0-r1.ebuild
667 @@ -0,0 +1,691 @@
668 +# Copyright 1999-2017 Gentoo Foundation
669 +# Distributed under the terms of the GNU General Public License v2
670 +
671 +EAPI="5"
672 +
673 +PYTHON_COMPAT=( python2_7 )
674 +PYTHON_REQ_USE="ncurses,readline"
675 +
676 +PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
677 +
678 +inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
679 + user udev fcaps readme.gentoo-r1 pax-utils l10n
680 +
681 +if [[ ${PV} = *9999* ]]; then
682 + EGIT_REPO_URI="git://git.qemu.org/qemu.git"
683 + inherit git-2
684 + SRC_URI=""
685 +else
686 + SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
687 + KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
688 +fi
689 +
690 +DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
691 +HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
692 +
693 +LICENSE="GPL-2 LGPL-2 BSD-2"
694 +SLOT="0"
695 +IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \
696 +gnutls gtk gtk2 infiniband iscsi +jpeg \
697 +kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs
698 ++png pulseaudio python \
699 +rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu
700 +static-user systemtap tci test +threads usb usbredir vde +vhost-net \
701 +virgl virtfs +vnc vte xattr xen xfs"
702 +
703 +COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips
704 +mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64
705 +x86_64"
706 +IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
707 +IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
708 +
709 +use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
710 +use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
711 +IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
712 +
713 +# Allow no targets to be built so that people can get a tools-only build.
714 +# Block USE flag configurations known to not work.
715 +REQUIRED_USE="${PYTHON_REQUIRED_USE}
716 + gtk2? ( gtk )
717 + qemu_softmmu_targets_arm? ( fdt )
718 + qemu_softmmu_targets_microblaze? ( fdt )
719 + qemu_softmmu_targets_ppc? ( fdt )
720 + qemu_softmmu_targets_ppc64? ( fdt )
721 + sdl2? ( sdl )
722 + static? ( static-softmmu static-user )
723 + static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 )
724 + virtfs? ( xattr )
725 + vte? ( gtk )"
726 +
727 +# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
728 +#
729 +# The attr lib isn't always linked in (although the USE flag is always
730 +# respected). This is because qemu supports using the C library's API
731 +# when available rather than always using the extranl library.
732 +#
733 +# Older versions of gnutls are supported, but it's simpler to just require
734 +# the latest versions. This is also why we require nettle.
735 +#
736 +# TODO: Split out tools deps into another var. e.g. bzip2 is only used by
737 +# system binaries and tools, not user binaries.
738 +COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)]
739 + sys-libs/zlib[static-libs(+)]
740 + bzip2? ( app-arch/bzip2[static-libs(+)] )
741 + xattr? ( sys-apps/attr[static-libs(+)] )"
742 +SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND}
743 + >=x11-libs/pixman-0.28.0[static-libs(+)]
744 + accessibility? ( app-accessibility/brltty[static-libs(+)] )
745 + aio? ( dev-libs/libaio[static-libs(+)] )
746 + alsa? ( >=media-libs/alsa-lib-1.0.13 )
747 + bluetooth? ( net-wireless/bluez )
748 + caps? ( sys-libs/libcap-ng[static-libs(+)] )
749 + curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
750 + fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
751 + glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
752 + gnutls? (
753 + dev-libs/nettle:=[static-libs(+)]
754 + >=net-libs/gnutls-3.0:=[static-libs(+)]
755 + )
756 + gtk? (
757 + gtk2? (
758 + x11-libs/gtk+:2
759 + vte? ( x11-libs/vte:0 )
760 + )
761 + !gtk2? (
762 + x11-libs/gtk+:3
763 + vte? ( x11-libs/vte:2.91 )
764 + )
765 + )
766 + infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
767 + iscsi? ( net-libs/libiscsi )
768 + jpeg? ( virtual/jpeg:0=[static-libs(+)] )
769 + lzo? ( dev-libs/lzo:2[static-libs(+)] )
770 + ncurses? ( sys-libs/ncurses:0=[static-libs(+)] )
771 + nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
772 + numa? ( sys-process/numactl[static-libs(+)] )
773 + opengl? (
774 + virtual/opengl
775 + media-libs/libepoxy[static-libs(+)]
776 + media-libs/mesa[static-libs(+)]
777 + media-libs/mesa[egl,gbm]
778 + )
779 + png? ( media-libs/libpng:0=[static-libs(+)] )
780 + pulseaudio? ( media-sound/pulseaudio )
781 + rbd? ( sys-cluster/ceph[static-libs(+)] )
782 + sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
783 + sdl? (
784 + !sdl2? (
785 + media-libs/libsdl[X]
786 + >=media-libs/libsdl-1.2.11[static-libs(+)]
787 + )
788 + sdl2? (
789 + media-libs/libsdl2[X]
790 + media-libs/libsdl2[static-libs(+)]
791 + )
792 + )
793 + seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
794 + smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
795 + snappy? ( app-arch/snappy[static-libs(+)] )
796 + spice? (
797 + >=app-emulation/spice-protocol-0.12.3
798 + >=app-emulation/spice-0.12.0[static-libs(+)]
799 + )
800 + ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
801 + usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
802 + usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
803 + vde? ( net-misc/vde[static-libs(+)] )
804 + virgl? ( media-libs/virglrenderer[static-libs(+)] )
805 + virtfs? ( sys-libs/libcap )
806 + xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
807 +USER_LIB_DEPEND="${COMMON_LIB_DEPEND}"
808 +X86_FIRMWARE_DEPEND="
809 + >=sys-firmware/ipxe-1.0.0_p20130624
810 + pin-upstream-blobs? (
811 + ~sys-firmware/seabios-1.10.1
812 + ~sys-firmware/sgabios-0.1_pre8
813 + ~sys-firmware/vgabios-0.7a
814 + )
815 + !pin-upstream-blobs? (
816 + sys-firmware/seabios
817 + sys-firmware/sgabios
818 + sys-firmware/vgabios
819 + )"
820 +CDEPEND="
821 + !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) )
822 + !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) )
823 + qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
824 + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )
825 + python? ( ${PYTHON_DEPS} )
826 + systemtap? ( dev-util/systemtap )
827 + xen? ( app-emulation/xen-tools:= )"
828 +DEPEND="${CDEPEND}
829 + dev-lang/perl
830 + =dev-lang/python-2*
831 + sys-apps/texinfo
832 + virtual/pkgconfig
833 + kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
834 + gtk? ( nls? ( sys-devel/gettext ) )
835 + static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) )
836 + static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) )
837 + test? (
838 + dev-libs/glib[utils]
839 + sys-devel/bc
840 + )"
841 +RDEPEND="${CDEPEND}
842 + selinux? ( sec-policy/selinux-qemu )
843 +"
844 +
845 +STRIP_MASK="/usr/share/qemu/palcode-clipper"
846 +
847 +QA_PREBUILT="
848 + usr/share/qemu/openbios-ppc
849 + usr/share/qemu/openbios-sparc64
850 + usr/share/qemu/openbios-sparc32
851 + usr/share/qemu/palcode-clipper
852 + usr/share/qemu/s390-ccw.img
853 + usr/share/qemu/u-boot.e500
854 +"
855 +
856 +QA_WX_LOAD="usr/bin/qemu-i386
857 + usr/bin/qemu-x86_64
858 + usr/bin/qemu-alpha
859 + usr/bin/qemu-arm
860 + usr/bin/qemu-cris
861 + usr/bin/qemu-m68k
862 + usr/bin/qemu-microblaze
863 + usr/bin/qemu-microblazeel
864 + usr/bin/qemu-mips
865 + usr/bin/qemu-mipsel
866 + usr/bin/qemu-or32
867 + usr/bin/qemu-ppc
868 + usr/bin/qemu-ppc64
869 + usr/bin/qemu-ppc64abi32
870 + usr/bin/qemu-sh4
871 + usr/bin/qemu-sh4eb
872 + usr/bin/qemu-sparc
873 + usr/bin/qemu-sparc64
874 + usr/bin/qemu-armeb
875 + usr/bin/qemu-sparc32plus
876 + usr/bin/qemu-s390x
877 + usr/bin/qemu-unicore32"
878 +
879 +DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure
880 +you have the kernel module loaded before running kvm. The easiest way to
881 +ensure that the kernel module is loaded is to load it on boot.\n
882 +For AMD CPUs the module is called 'kvm-amd'.\n
883 +For Intel CPUs the module is called 'kvm-intel'.\n
884 +Please review /etc/conf.d/modules for how to load these.\n\n
885 +Make sure your user is in the 'kvm' group\n
886 +Just run 'gpasswd -a <USER> kvm', then have <USER> re-login.\n\n
887 +For brand new installs, the default permissions on /dev/kvm might not let you
888 +access it. You can tell udev to reset ownership/perms:\n
889 +udevadm trigger -c add /dev/kvm"
890 +
891 +qemu_support_kvm() {
892 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \
893 + use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \
894 + use qemu_softmmu_targets_s390x; then
895 + return 0
896 + fi
897 +
898 + return 1
899 +}
900 +
901 +pkg_pretend() {
902 + if use kernel_linux && kernel_is lt 2 6 25; then
903 + eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
904 + elif use kernel_linux; then
905 + if ! linux_config_exists; then
906 + eerror "Unable to check your kernel for KVM support"
907 + else
908 + CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
909 + ERROR_KVM="You must enable KVM in your kernel to continue"
910 + ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
911 + ERROR_KVM_AMD+=" your kernel configuration."
912 + ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
913 + ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
914 + ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
915 + ERROR_TUN+=" into your kernel or loaded as a module to use the"
916 + ERROR_TUN+=" virtual network device if using -net tap."
917 + ERROR_BRIDGE="You will also need support for 802.1d"
918 + ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
919 + use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
920 + ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
921 + ERROR_VHOST_NET+=" support"
922 +
923 + if use amd64 || use x86 || use amd64-linux || use x86-linux; then
924 + CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
925 + fi
926 +
927 + use python && CONFIG_CHECK+=" ~DEBUG_FS"
928 + ERROR_DEBUG_FS="debugFS support required for kvm_stat"
929 +
930 + # Now do the actual checks setup above
931 + check_extra_config
932 + fi
933 + fi
934 +
935 + if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
936 + eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
937 + eerror "instances are still pointing to it. Please update your"
938 + eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
939 + eerror "and the right system binary (e.g. qemu-system-x86_64)."
940 + die "update your virt configs to not use qemu-kvm"
941 + fi
942 +}
943 +
944 +pkg_setup() {
945 + enewgroup kvm 78
946 +}
947 +
948 +# Sanity check to make sure target lists are kept up-to-date.
949 +check_targets() {
950 + local var=$1 mak=$2
951 + local detected sorted
952 +
953 + pushd "${S}"/default-configs >/dev/null || die
954 +
955 + # Force C locale until glibc is updated. #564936
956 + detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
957 + sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
958 + if [[ ${sorted} != "${detected}" ]] ; then
959 + eerror "The ebuild needs to be kept in sync."
960 + eerror "${var}: ${sorted}"
961 + eerror "$(printf '%-*s' ${#var} configure): ${detected}"
962 + die "sync ${var} to the list of targets"
963 + fi
964 +
965 + popd >/dev/null
966 +}
967 +
968 +handle_locales() {
969 + # Make sure locale list is kept up-to-date.
970 + local detected sorted
971 + detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
972 + sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
973 + if [[ ${sorted} != "${detected}" ]] ; then
974 + eerror "The ebuild needs to be kept in sync."
975 + eerror "PLOCALES: ${sorted}"
976 + eerror " po/*.po: ${detected}"
977 + die "sync PLOCALES"
978 + fi
979 +
980 + # Deal with selective install of locales.
981 + if use nls ; then
982 + # Delete locales the user does not want. #577814
983 + rm_loc() { rm po/$1.po || die; }
984 + l10n_for_each_disabled_locale_do rm_loc
985 + else
986 + # Cheap hack to disable gettext .mo generation.
987 + rm -f po/*.po
988 + fi
989 +}
990 +
991 +src_prepare() {
992 + check_targets IUSE_SOFTMMU_TARGETS softmmu
993 + check_targets IUSE_USER_TARGETS linux-user
994 +
995 + # Alter target makefiles to accept CFLAGS set via flag-o
996 + sed -i -r \
997 + -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
998 + Makefile Makefile.target || die
999 +
1000 + epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch
1001 + epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
1002 + epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108
1003 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826
1004 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630
1005 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444
1006 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch #606720
1007 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch #608034
1008 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264
1009 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch
1010 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch #606722
1011 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch #607000
1012 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch #607100
1013 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5667.patch #607766
1014 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch #608036
1015 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch #608038
1016 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch #608520
1017 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch #608728
1018 +
1019 + # Fix ld and objcopy being called directly
1020 + tc-export AR LD OBJCOPY
1021 +
1022 + # Verbose builds
1023 + MAKEOPTS+=" V=1"
1024 +
1025 + epatch_user
1026 +
1027 + # Run after we've applied all patches.
1028 + handle_locales
1029 +}
1030 +
1031 +##
1032 +# configures qemu based on the build directory and the build type
1033 +# we are using.
1034 +#
1035 +qemu_src_configure() {
1036 + debug-print-function ${FUNCNAME} "$@"
1037 +
1038 + local buildtype=$1
1039 + local builddir="${S}/${buildtype}-build"
1040 + local static_flag="static-${buildtype}"
1041 +
1042 + mkdir "${builddir}"
1043 +
1044 + local conf_opts=(
1045 + --prefix=/usr
1046 + --sysconfdir=/etc
1047 + --libdir=/usr/$(get_libdir)
1048 + --docdir=/usr/share/doc/${PF}/html
1049 + --disable-bsd-user
1050 + --disable-guest-agent
1051 + --disable-strip
1052 + --disable-werror
1053 + # We support gnutls/nettle for crypto operations. It is possible
1054 + # to use gcrypt when gnutls/nettle are disabled (but not when they
1055 + # are enabled), but it's not really worth the hassle. Disable it
1056 + # all the time to avoid automatically detecting it. #568856
1057 + --disable-gcrypt
1058 + --python="${PYTHON}"
1059 + --cc="$(tc-getCC)"
1060 + --cxx="$(tc-getCXX)"
1061 + --host-cc="$(tc-getBUILD_CC)"
1062 + $(use_enable debug debug-info)
1063 + $(use_enable debug debug-tcg)
1064 + --enable-docs
1065 + $(use_enable tci tcg-interpreter)
1066 + $(use_enable xattr attr)
1067 + )
1068 +
1069 + # Disable options not used by user targets as the default configure
1070 + # options will autoprobe and try to link in a bunch of unused junk.
1071 + conf_softmmu() {
1072 + if [[ ${buildtype} == "user" ]] ; then
1073 + echo "--disable-${2:-$1}"
1074 + else
1075 + use_enable "$@"
1076 + fi
1077 + }
1078 + conf_opts+=(
1079 + $(conf_softmmu accessibility brlapi)
1080 + $(conf_softmmu aio linux-aio)
1081 + $(conf_softmmu bzip2)
1082 + $(conf_softmmu bluetooth bluez)
1083 + $(conf_softmmu caps cap-ng)
1084 + $(conf_softmmu curl)
1085 + $(conf_softmmu fdt)
1086 + $(conf_softmmu glusterfs)
1087 + $(conf_softmmu gnutls)
1088 + $(conf_softmmu gnutls nettle)
1089 + $(conf_softmmu gtk)
1090 + $(conf_softmmu infiniband rdma)
1091 + $(conf_softmmu iscsi libiscsi)
1092 + $(conf_softmmu jpeg vnc-jpeg)
1093 + $(conf_softmmu kernel_linux kvm)
1094 + $(conf_softmmu lzo)
1095 + $(conf_softmmu ncurses curses)
1096 + $(conf_softmmu nfs libnfs)
1097 + $(conf_softmmu numa)
1098 + $(conf_softmmu opengl)
1099 + $(conf_softmmu png vnc-png)
1100 + $(conf_softmmu rbd)
1101 + $(conf_softmmu sasl vnc-sasl)
1102 + $(conf_softmmu sdl)
1103 + $(conf_softmmu seccomp)
1104 + $(conf_softmmu smartcard)
1105 + $(conf_softmmu snappy)
1106 + $(conf_softmmu spice)
1107 + $(conf_softmmu ssh libssh2)
1108 + $(conf_softmmu usb libusb)
1109 + $(conf_softmmu usbredir usb-redir)
1110 + $(conf_softmmu vde)
1111 + $(conf_softmmu vhost-net)
1112 + $(conf_softmmu virgl virglrenderer)
1113 + $(conf_softmmu virtfs)
1114 + $(conf_softmmu vnc)
1115 + $(conf_softmmu vte)
1116 + $(conf_softmmu xen)
1117 + $(conf_softmmu xen xen-pci-passthrough)
1118 + $(conf_softmmu xfs xfsctl)
1119 + )
1120 +
1121 + case ${buildtype} in
1122 + user)
1123 + conf_opts+=(
1124 + --enable-linux-user
1125 + --disable-system
1126 + --disable-blobs
1127 + --disable-tools
1128 + )
1129 + ;;
1130 + softmmu)
1131 + # audio options
1132 + local audio_opts="oss"
1133 + use alsa && audio_opts="alsa,${audio_opts}"
1134 + use sdl && audio_opts="sdl,${audio_opts}"
1135 + use pulseaudio && audio_opts="pa,${audio_opts}"
1136 +
1137 + conf_opts+=(
1138 + --disable-linux-user
1139 + --enable-system
1140 + --with-system-pixman
1141 + --audio-drv-list="${audio_opts}"
1142 + )
1143 + use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
1144 + use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
1145 + ;;
1146 + tools)
1147 + conf_opts+=(
1148 + --disable-linux-user
1149 + --disable-system
1150 + --disable-blobs
1151 + $(use_enable bzip2)
1152 + )
1153 + static_flag="static"
1154 + ;;
1155 + esac
1156 +
1157 + local targets="${buildtype}_targets"
1158 + [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
1159 +
1160 + # Add support for SystemTAP
1161 + use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
1162 +
1163 + # We always want to attempt to build with PIE support as it results
1164 + # in a more secure binary. But it doesn't work with static or if
1165 + # the current GCC doesn't have PIE support.
1166 + if use ${static_flag}; then
1167 + conf_opts+=( --static --disable-pie )
1168 + else
1169 + gcc-specs-pie && conf_opts+=( --enable-pie )
1170 + fi
1171 +
1172 + echo "../configure ${conf_opts[*]}"
1173 + cd "${builddir}"
1174 + ../configure "${conf_opts[@]}" || die "configure failed"
1175 +
1176 + # FreeBSD's kernel does not support QEMU assigning/grabbing
1177 + # host USB devices yet
1178 + use kernel_FreeBSD && \
1179 + sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
1180 +}
1181 +
1182 +src_configure() {
1183 + local target
1184 +
1185 + python_setup
1186 +
1187 + softmmu_targets= softmmu_bins=()
1188 + user_targets= user_bins=()
1189 +
1190 + for target in ${IUSE_SOFTMMU_TARGETS} ; do
1191 + if use "qemu_softmmu_targets_${target}"; then
1192 + softmmu_targets+=",${target}-softmmu"
1193 + softmmu_bins+=( "qemu-system-${target}" )
1194 + fi
1195 + done
1196 +
1197 + for target in ${IUSE_USER_TARGETS} ; do
1198 + if use "qemu_user_targets_${target}"; then
1199 + user_targets+=",${target}-linux-user"
1200 + user_bins+=( "qemu-${target}" )
1201 + fi
1202 + done
1203 +
1204 + softmmu_targets=${softmmu_targets#,}
1205 + user_targets=${user_targets#,}
1206 +
1207 + [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
1208 + [[ -n ${user_targets} ]] && qemu_src_configure "user"
1209 + [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools"
1210 +}
1211 +
1212 +src_compile() {
1213 + if [[ -n ${user_targets} ]]; then
1214 + cd "${S}/user-build"
1215 + default
1216 + fi
1217 +
1218 + if [[ -n ${softmmu_targets} ]]; then
1219 + cd "${S}/softmmu-build"
1220 + default
1221 + fi
1222 +
1223 + if [[ -z ${softmmu_targets}${user_targets} ]]; then
1224 + cd "${S}/tools-build"
1225 + default
1226 + fi
1227 +}
1228 +
1229 +src_test() {
1230 + if [[ -n ${softmmu_targets} ]]; then
1231 + cd "${S}/softmmu-build"
1232 + pax-mark m */qemu-system-* #515550
1233 + emake -j1 check
1234 + emake -j1 check-report.html
1235 + fi
1236 +}
1237 +
1238 +qemu_python_install() {
1239 + python_domodule "${S}/scripts/qmp/qmp.py"
1240 +
1241 + python_doscript "${S}/scripts/kvm/vmxcap"
1242 + python_doscript "${S}/scripts/qmp/qmp-shell"
1243 + python_doscript "${S}/scripts/qmp/qemu-ga-client"
1244 +}
1245 +
1246 +src_install() {
1247 + if [[ -n ${user_targets} ]]; then
1248 + cd "${S}/user-build"
1249 + emake DESTDIR="${ED}" install
1250 +
1251 + # Install binfmt handler init script for user targets
1252 + newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt
1253 + fi
1254 +
1255 + if [[ -n ${softmmu_targets} ]]; then
1256 + cd "${S}/softmmu-build"
1257 + emake DESTDIR="${ED}" install
1258 +
1259 + # This might not exist if the test failed. #512010
1260 + [[ -e check-report.html ]] && dohtml check-report.html
1261 +
1262 + if use kernel_linux; then
1263 + udev_dorules "${FILESDIR}"/65-kvm.rules
1264 + fi
1265 +
1266 + if use python; then
1267 + python_foreach_impl qemu_python_install
1268 + fi
1269 + fi
1270 +
1271 + if [[ -z ${softmmu_targets}${user_targets} ]]; then
1272 + cd "${S}/tools-build"
1273 + emake DESTDIR="${ED}" install
1274 + fi
1275 +
1276 + # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
1277 + pushd "${ED}"/usr/bin >/dev/null
1278 + pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}"
1279 + popd >/dev/null
1280 +
1281 + # Install config file example for qemu-bridge-helper
1282 + insinto "/etc/qemu"
1283 + doins "${FILESDIR}/bridge.conf"
1284 +
1285 + # Remove the docdir placed qmp-commands.txt
1286 + mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die
1287 +
1288 + cd "${S}"
1289 + dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
1290 + newdoc pc-bios/README README.pc-bios
1291 + dodoc docs/qmp-*.txt
1292 +
1293 + if [[ -n ${softmmu_targets} ]]; then
1294 + # Remove SeaBIOS since we're using the SeaBIOS packaged one
1295 + rm "${ED}/usr/share/qemu/bios.bin"
1296 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1297 + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
1298 + fi
1299 +
1300 + # Remove vgabios since we're using the vgabios packaged one
1301 + rm "${ED}/usr/share/qemu/vgabios.bin"
1302 + rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
1303 + rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
1304 + rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
1305 + rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
1306 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1307 + dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin
1308 + dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
1309 + dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
1310 + dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
1311 + dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
1312 + fi
1313 +
1314 + # Remove sgabios since we're using the sgabios packaged one
1315 + rm "${ED}/usr/share/qemu/sgabios.bin"
1316 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1317 + dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
1318 + fi
1319 +
1320 + # Remove iPXE since we're using the iPXE packaged one
1321 + rm "${ED}"/usr/share/qemu/pxe-*.rom
1322 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1323 + dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
1324 + dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
1325 + dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
1326 + dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
1327 + dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
1328 + dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
1329 + fi
1330 + fi
1331 +
1332 + qemu_support_kvm && readme.gentoo_create_doc
1333 +}
1334 +
1335 +pkg_postinst() {
1336 + if qemu_support_kvm; then
1337 + readme.gentoo_print_elog
1338 + fi
1339 +
1340 + if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
1341 + udev_reload
1342 + fi
1343 +
1344 + fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
1345 +}
1346 +
1347 +pkg_info() {
1348 + echo "Using:"
1349 + echo " $(best_version app-emulation/spice-protocol)"
1350 + echo " $(best_version sys-firmware/ipxe)"
1351 + echo " $(best_version sys-firmware/seabios)"
1352 + if has_version 'sys-firmware/seabios[binary]'; then
1353 + echo " USE=binary"
1354 + else
1355 + echo " USE=''"
1356 + fi
1357 + echo " $(best_version sys-firmware/vgabios)"
1358 +}
Report Message
Find on MARC Find on Google Groups