Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Matthias Maier <tamiko@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/, app-emulation/qemu/
Date: Wed, 26 Jul 2017 17:15:03
Message-Id: 1501089293.e67f10960bca69fdede54d77eb54c4ab72b98d08.tamiko@gentoo
1 commit: e67f10960bca69fdede54d77eb54c4ab72b98d08
2 Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
3 AuthorDate: Wed Jul 26 17:10:46 2017 +0000
4 Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
5 CommitDate: Wed Jul 26 17:14:53 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e67f1096
7
8 app-emulation/qemu: security fixes
9
10 CVE-2017-11334, bug #621292
11 CVE-2017-11434, bug #625614
12 CVE-2017-9503, bug #621184
13 CVE-2017-9524, bug #621292
14
15 Package-Manager: Portage-2.3.6, Repoman-2.3.3
16
17 .../qemu/files/qemu-2.9.0-CVE-2017-11334.patch | 40 ++
18 .../qemu/files/qemu-2.9.0-CVE-2017-11434.patch | 29 +
19 .../qemu/files/qemu-2.9.0-CVE-2017-7539.patch | 272 +++++++
20 .../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch | 122 ++++
21 .../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch | 114 +++
22 .../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch | 80 +++
23 .../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch | 197 +++++
24 app-emulation/qemu/qemu-2.9.0-r55.ebuild | 792 +++++++++++++++++++++
25 8 files changed, 1646 insertions(+)
26
27 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
28 new file mode 100644
29 index 00000000000..bfe4c7d89f2
30 --- /dev/null
31 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
32 @@ -0,0 +1,40 @@
33 +[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest
34 +From: Prasad J Pandit <address@hidden>
35 +
36 +When accessing guest's ram block during DMA operation, use
37 +'qemu_ram_ptr_length' to get ram block pointer. It ensures
38 +that DMA operation of given length is possible; And avoids
39 +any OOB memory access situations.
40 +
41 +Reported-by: Alex <address@hidden>
42 +Signed-off-by: Prasad J Pandit <address@hidden>
43 +Message-Id: <address@hidden>
44 +Signed-off-by: Paolo Bonzini <address@hidden>
45 +---
46 + exec.c | 4 ++--
47 + 1 file changed, 2 insertions(+), 2 deletions(-)
48 +
49 +diff --git a/exec.c b/exec.c
50 +index a083ff8..ad103ce 100644
51 +--- a/exec.c
52 ++++ b/exec.c
53 +@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
54 + }
55 + } else {
56 + /* RAM case */
57 +- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
58 ++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
59 + memcpy(ptr, buf, l);
60 + invalidate_and_set_dirty(mr, addr1, l);
61 + }
62 +@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
63 + }
64 + } else {
65 + /* RAM case */
66 +- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
67 ++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
68 + memcpy(buf, ptr, l);
69 + }
70 +
71 +--
72 +1.8.3.1
73
74 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
75 new file mode 100644
76 index 00000000000..5d32067c7a0
77 --- /dev/null
78 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
79 @@ -0,0 +1,29 @@
80 +[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
81 +From: Prasad J Pandit <address@hidden>
82 +
83 +While parsing dhcp options string in 'dhcp_decode', if an options'
84 +length 'len' appeared towards the end of 'bp_vend' array, ensuing
85 +read could lead to an OOB memory access issue. Add check to avoid it.
86 +
87 +Reported-by: Reno Robert <address@hidden>
88 +Signed-off-by: Prasad J Pandit <address@hidden>
89 +---
90 + slirp/bootp.c | 3 +++
91 + 1 file changed, 3 insertions(+)
92 +
93 +diff --git a/slirp/bootp.c b/slirp/bootp.c
94 +index 5a4646c..5dd1a41 100644
95 +--- a/slirp/bootp.c
96 ++++ b/slirp/bootp.c
97 +@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
98 + if (p >= p_end)
99 + break;
100 + len = *p++;
101 ++ if (p + len > p_end) {
102 ++ break;
103 ++ }
104 + DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
105 +
106 + switch(tag) {
107 +--
108 +2.9.4
109
110 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
111 new file mode 100644
112 index 00000000000..0b5987c6623
113 --- /dev/null
114 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7539.patch
115 @@ -0,0 +1,272 @@
116 +From 2b0bbc4f8809c972bad134bc1a2570dbb01dea0b Mon Sep 17 00:00:00 2001
117 +From: Vladimir Sementsov-Ogievskiy <vsementsov@×××××××××.com>
118 +Date: Fri, 2 Jun 2017 18:01:41 +0300
119 +Subject: [PATCH] nbd/server: get rid of nbd_negotiate_read and friends
120 +
121 +Functions nbd_negotiate_{read,write,drop_sync} were introduced in
122 +1a6245a5b, when nbd_rwv (was nbd_wr_sync) was working through
123 +qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} ->
124 +qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without
125 +setting any handlers. But starting from ff82911cd nbd_rwv (was
126 +nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so
127 +watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then,
128 +let's just use nbd_{read,write,drop} functions.
129 +
130 +Functions nbd_{read,write,drop} has errp parameter, which is unused in
131 +this patch. This will be fixed later.
132 +
133 +Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@×××××××××.com>
134 +Reviewed-by: Eric Blake <eblake@××××××.com>
135 +Message-Id: <20170602150150.258222-4-vsementsov@×××××××××.com>
136 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
137 +---
138 + nbd/server.c | 107 ++++++++++++-----------------------------------------------
139 + 1 file changed, 22 insertions(+), 85 deletions(-)
140 +
141 +diff --git a/nbd/server.c b/nbd/server.c
142 +index d8bd927013..7f44ef0b15 100644
143 +--- a/nbd/server.c
144 ++++ b/nbd/server.c
145 +@@ -104,69 +104,6 @@ struct NBDClient {
146 +
147 + static void nbd_client_receive_next_request(NBDClient *client);
148 +
149 +-static gboolean nbd_negotiate_continue(QIOChannel *ioc,
150 +- GIOCondition condition,
151 +- void *opaque)
152 +-{
153 +- qemu_coroutine_enter(opaque);
154 +- return TRUE;
155 +-}
156 +-
157 +-static int nbd_negotiate_read(QIOChannel *ioc, void *buffer, size_t size)
158 +-{
159 +- ssize_t ret;
160 +- guint watch;
161 +-
162 +- assert(qemu_in_coroutine());
163 +- /* Negotiation are always in main loop. */
164 +- watch = qio_channel_add_watch(ioc,
165 +- G_IO_IN,
166 +- nbd_negotiate_continue,
167 +- qemu_coroutine_self(),
168 +- NULL);
169 +- ret = nbd_read(ioc, buffer, size, NULL);
170 +- g_source_remove(watch);
171 +- return ret;
172 +-
173 +-}
174 +-
175 +-static int nbd_negotiate_write(QIOChannel *ioc, const void *buffer, size_t size)
176 +-{
177 +- ssize_t ret;
178 +- guint watch;
179 +-
180 +- assert(qemu_in_coroutine());
181 +- /* Negotiation are always in main loop. */
182 +- watch = qio_channel_add_watch(ioc,
183 +- G_IO_OUT,
184 +- nbd_negotiate_continue,
185 +- qemu_coroutine_self(),
186 +- NULL);
187 +- ret = nbd_write(ioc, buffer, size, NULL);
188 +- g_source_remove(watch);
189 +- return ret;
190 +-}
191 +-
192 +-static int nbd_negotiate_drop_sync(QIOChannel *ioc, size_t size)
193 +-{
194 +- ssize_t ret;
195 +- uint8_t *buffer = g_malloc(MIN(65536, size));
196 +-
197 +- while (size > 0) {
198 +- size_t count = MIN(65536, size);
199 +- ret = nbd_negotiate_read(ioc, buffer, count);
200 +- if (ret < 0) {
201 +- g_free(buffer);
202 +- return ret;
203 +- }
204 +-
205 +- size -= count;
206 +- }
207 +-
208 +- g_free(buffer);
209 +- return 0;
210 +-}
211 +-
212 + /* Basic flow for negotiation
213 +
214 + Server Client
215 +@@ -205,22 +142,22 @@ static int nbd_negotiate_send_rep_len(QIOChannel *ioc, uint32_t type,
216 + type, opt, len);
217 +
218 + magic = cpu_to_be64(NBD_REP_MAGIC);
219 +- if (nbd_negotiate_write(ioc, &magic, sizeof(magic)) < 0) {
220 ++ if (nbd_write(ioc, &magic, sizeof(magic), NULL) < 0) {
221 + LOG("write failed (rep magic)");
222 + return -EINVAL;
223 + }
224 + opt = cpu_to_be32(opt);
225 +- if (nbd_negotiate_write(ioc, &opt, sizeof(opt)) < 0) {
226 ++ if (nbd_write(ioc, &opt, sizeof(opt), NULL) < 0) {
227 + LOG("write failed (rep opt)");
228 + return -EINVAL;
229 + }
230 + type = cpu_to_be32(type);
231 +- if (nbd_negotiate_write(ioc, &type, sizeof(type)) < 0) {
232 ++ if (nbd_write(ioc, &type, sizeof(type), NULL) < 0) {
233 + LOG("write failed (rep type)");
234 + return -EINVAL;
235 + }
236 + len = cpu_to_be32(len);
237 +- if (nbd_negotiate_write(ioc, &len, sizeof(len)) < 0) {
238 ++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
239 + LOG("write failed (rep data length)");
240 + return -EINVAL;
241 + }
242 +@@ -255,7 +192,7 @@ nbd_negotiate_send_rep_err(QIOChannel *ioc, uint32_t type,
243 + if (ret < 0) {
244 + goto out;
245 + }
246 +- if (nbd_negotiate_write(ioc, msg, len) < 0) {
247 ++ if (nbd_write(ioc, msg, len, NULL) < 0) {
248 + LOG("write failed (error message)");
249 + ret = -EIO;
250 + } else {
251 +@@ -286,15 +223,15 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, NBDExport *exp)
252 + }
253 +
254 + len = cpu_to_be32(name_len);
255 +- if (nbd_negotiate_write(ioc, &len, sizeof(len)) < 0) {
256 ++ if (nbd_write(ioc, &len, sizeof(len), NULL) < 0) {
257 + LOG("write failed (name length)");
258 + return -EINVAL;
259 + }
260 +- if (nbd_negotiate_write(ioc, name, name_len) < 0) {
261 ++ if (nbd_write(ioc, name, name_len, NULL) < 0) {
262 + LOG("write failed (name buffer)");
263 + return -EINVAL;
264 + }
265 +- if (nbd_negotiate_write(ioc, desc, desc_len) < 0) {
266 ++ if (nbd_write(ioc, desc, desc_len, NULL) < 0) {
267 + LOG("write failed (description buffer)");
268 + return -EINVAL;
269 + }
270 +@@ -308,7 +245,7 @@ static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length)
271 + NBDExport *exp;
272 +
273 + if (length) {
274 +- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
275 ++ if (nbd_drop(client->ioc, length, NULL) < 0) {
276 + return -EIO;
277 + }
278 + return nbd_negotiate_send_rep_err(client->ioc,
279 +@@ -339,7 +276,7 @@ static int nbd_negotiate_handle_export_name(NBDClient *client, uint32_t length)
280 + LOG("Bad length received");
281 + goto fail;
282 + }
283 +- if (nbd_negotiate_read(client->ioc, name, length) < 0) {
284 ++ if (nbd_read(client->ioc, name, length, NULL) < 0) {
285 + LOG("read failed");
286 + goto fail;
287 + }
288 +@@ -372,7 +309,7 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
289 + TRACE("Setting up TLS");
290 + ioc = client->ioc;
291 + if (length) {
292 +- if (nbd_negotiate_drop_sync(ioc, length) < 0) {
293 ++ if (nbd_drop(ioc, length, NULL) < 0) {
294 + return NULL;
295 + }
296 + nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,
297 +@@ -436,7 +373,7 @@ static int nbd_negotiate_options(NBDClient *client)
298 + ... Rest of request
299 + */
300 +
301 +- if (nbd_negotiate_read(client->ioc, &flags, sizeof(flags)) < 0) {
302 ++ if (nbd_read(client->ioc, &flags, sizeof(flags), NULL) < 0) {
303 + LOG("read failed");
304 + return -EIO;
305 + }
306 +@@ -462,7 +399,7 @@ static int nbd_negotiate_options(NBDClient *client)
307 + uint32_t clientflags, length;
308 + uint64_t magic;
309 +
310 +- if (nbd_negotiate_read(client->ioc, &magic, sizeof(magic)) < 0) {
311 ++ if (nbd_read(client->ioc, &magic, sizeof(magic), NULL) < 0) {
312 + LOG("read failed");
313 + return -EINVAL;
314 + }
315 +@@ -472,15 +409,15 @@ static int nbd_negotiate_options(NBDClient *client)
316 + return -EINVAL;
317 + }
318 +
319 +- if (nbd_negotiate_read(client->ioc, &clientflags,
320 +- sizeof(clientflags)) < 0)
321 ++ if (nbd_read(client->ioc, &clientflags,
322 ++ sizeof(clientflags), NULL) < 0)
323 + {
324 + LOG("read failed");
325 + return -EINVAL;
326 + }
327 + clientflags = be32_to_cpu(clientflags);
328 +
329 +- if (nbd_negotiate_read(client->ioc, &length, sizeof(length)) < 0) {
330 ++ if (nbd_read(client->ioc, &length, sizeof(length), NULL) < 0) {
331 + LOG("read failed");
332 + return -EINVAL;
333 + }
334 +@@ -510,7 +447,7 @@ static int nbd_negotiate_options(NBDClient *client)
335 + return -EINVAL;
336 +
337 + default:
338 +- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
339 ++ if (nbd_drop(client->ioc, length, NULL) < 0) {
340 + return -EIO;
341 + }
342 + ret = nbd_negotiate_send_rep_err(client->ioc,
343 +@@ -548,7 +485,7 @@ static int nbd_negotiate_options(NBDClient *client)
344 + return nbd_negotiate_handle_export_name(client, length);
345 +
346 + case NBD_OPT_STARTTLS:
347 +- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
348 ++ if (nbd_drop(client->ioc, length, NULL) < 0) {
349 + return -EIO;
350 + }
351 + if (client->tlscreds) {
352 +@@ -567,7 +504,7 @@ static int nbd_negotiate_options(NBDClient *client)
353 + }
354 + break;
355 + default:
356 +- if (nbd_negotiate_drop_sync(client->ioc, length) < 0) {
357 ++ if (nbd_drop(client->ioc, length, NULL) < 0) {
358 + return -EIO;
359 + }
360 + ret = nbd_negotiate_send_rep_err(client->ioc,
361 +@@ -656,12 +593,12 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
362 + TRACE("TLS cannot be enabled with oldstyle protocol");
363 + goto fail;
364 + }
365 +- if (nbd_negotiate_write(client->ioc, buf, sizeof(buf)) < 0) {
366 ++ if (nbd_write(client->ioc, buf, sizeof(buf), NULL) < 0) {
367 + LOG("write failed");
368 + goto fail;
369 + }
370 + } else {
371 +- if (nbd_negotiate_write(client->ioc, buf, 18) < 0) {
372 ++ if (nbd_write(client->ioc, buf, 18, NULL) < 0) {
373 + LOG("write failed");
374 + goto fail;
375 + }
376 +@@ -676,7 +613,7 @@ static coroutine_fn int nbd_negotiate(NBDClientNewData *data)
377 + stq_be_p(buf + 18, client->exp->size);
378 + stw_be_p(buf + 26, client->exp->nbdflags | myflags);
379 + len = client->no_zeroes ? 10 : sizeof(buf) - 18;
380 +- if (nbd_negotiate_write(client->ioc, buf + 18, len) < 0) {
381 ++ if (nbd_write(client->ioc, buf + 18, len, NULL) < 0) {
382 + LOG("write failed");
383 + goto fail;
384 + }
385 +--
386 +2.13.0
387 +
388
389 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
390 new file mode 100644
391 index 00000000000..01c81d10ec0
392 --- /dev/null
393 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
394 @@ -0,0 +1,122 @@
395 +From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
396 +From: Paolo Bonzini <pbonzini@××××××.com>
397 +Date: Thu, 1 Jun 2017 17:26:14 +0200
398 +Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
399 +
400 +This ensures that the request is unref'ed properly, and avoids a
401 +segmentation fault in the new qtest testcase that is added.
402 +This is CVE-2017-9503.
403 +
404 +Reported-by: Zhangyanyu <zyy4013@×××××××××××.cn>
405 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
406 +---
407 + hw/scsi/megasas.c | 31 ++++++++++++++++---------------
408 + 2 files changed, 51 insertions(+), 15 deletions(-)
409 +
410 +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
411 +index 135662df31..734fdaef90 100644
412 +--- a/hw/scsi/megasas.c
413 ++++ b/hw/scsi/megasas.c
414 +@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
415 + static void megasas_abort_command(MegasasCmd *cmd)
416 + {
417 + /* Never abort internal commands. */
418 ++ if (cmd->dcmd_opcode != -1) {
419 ++ return;
420 ++ }
421 + if (cmd->req != NULL) {
422 + scsi_req_cancel(cmd->req);
423 + }
424 +@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
425 + uint64_t pd_size;
426 + uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
427 + uint8_t cmdbuf[6];
428 +- SCSIRequest *req;
429 + size_t len, resid;
430 +
431 + if (!cmd->iov_buf) {
432 +@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
433 + info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
434 + info->vpd_page83[0] = 0x7f;
435 + megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
436 +- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
437 +- if (!req) {
438 ++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
439 ++ if (!cmd->req) {
440 + trace_megasas_dcmd_req_alloc_failed(cmd->index,
441 + "PD get info std inquiry");
442 + g_free(cmd->iov_buf);
443 +@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
444 + }
445 + trace_megasas_dcmd_internal_submit(cmd->index,
446 + "PD get info std inquiry", lun);
447 +- len = scsi_req_enqueue(req);
448 ++ len = scsi_req_enqueue(cmd->req);
449 + if (len > 0) {
450 + cmd->iov_size = len;
451 +- scsi_req_continue(req);
452 ++ scsi_req_continue(cmd->req);
453 + }
454 + return MFI_STAT_INVALID_STATUS;
455 + } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
456 + megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
457 +- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
458 +- if (!req) {
459 ++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
460 ++ if (!cmd->req) {
461 + trace_megasas_dcmd_req_alloc_failed(cmd->index,
462 + "PD get info vpd inquiry");
463 + return MFI_STAT_FLASH_ALLOC_FAIL;
464 + }
465 + trace_megasas_dcmd_internal_submit(cmd->index,
466 + "PD get info vpd inquiry", lun);
467 +- len = scsi_req_enqueue(req);
468 ++ len = scsi_req_enqueue(cmd->req);
469 + if (len > 0) {
470 + cmd->iov_size = len;
471 +- scsi_req_continue(req);
472 ++ scsi_req_continue(cmd->req);
473 + }
474 + return MFI_STAT_INVALID_STATUS;
475 + }
476 +@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
477 + struct mfi_ld_info *info = cmd->iov_buf;
478 + size_t dcmd_size = sizeof(struct mfi_ld_info);
479 + uint8_t cdb[6];
480 +- SCSIRequest *req;
481 + ssize_t len, resid;
482 + uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
483 + uint64_t ld_size;
484 +@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
485 + cmd->iov_buf = g_malloc0(dcmd_size);
486 + info = cmd->iov_buf;
487 + megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
488 +- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
489 +- if (!req) {
490 ++ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
491 ++ if (!cmd->req) {
492 + trace_megasas_dcmd_req_alloc_failed(cmd->index,
493 + "LD get info vpd inquiry");
494 + g_free(cmd->iov_buf);
495 +@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
496 + }
497 + trace_megasas_dcmd_internal_submit(cmd->index,
498 + "LD get info vpd inquiry", lun);
499 +- len = scsi_req_enqueue(req);
500 ++ len = scsi_req_enqueue(cmd->req);
501 + if (len > 0) {
502 + cmd->iov_size = len;
503 +- scsi_req_continue(req);
504 ++ scsi_req_continue(cmd->req);
505 + }
506 + return MFI_STAT_INVALID_STATUS;
507 + }
508 +@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
509 + return;
510 + }
511 +
512 +- if (cmd->req == NULL) {
513 ++ if (cmd->dcmd_opcode != -1) {
514 + /*
515 + * Internal command complete
516 + */
517
518 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
519 new file mode 100644
520 index 00000000000..74725a92736
521 --- /dev/null
522 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
523 @@ -0,0 +1,114 @@
524 +From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
525 +From: Paolo Bonzini <pbonzini@××××××.com>
526 +Date: Thu, 1 Jun 2017 17:18:23 +0200
527 +Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
528 +
529 +Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
530 +
531 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
532 +---
533 + hw/scsi/megasas.c | 25 +++++++++++--------------
534 + 1 file changed, 11 insertions(+), 14 deletions(-)
535 +
536 +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
537 +index c353118882..a3f75c1650 100644
538 +--- a/hw/scsi/megasas.c
539 ++++ b/hw/scsi/megasas.c
540 +@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
541 +
542 + hwaddr pa;
543 + hwaddr pa_size;
544 ++ uint32_t dcmd_opcode;
545 + union mfi_frame *frame;
546 + SCSIRequest *req;
547 + QEMUSGList qsg;
548 +@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
549 + cmd->context &= (uint64_t)0xFFFFFFFF;
550 + }
551 + cmd->count = count;
552 ++ cmd->dcmd_opcode = -1;
553 + s->busy++;
554 +
555 + if (s->consumer_pa) {
556 +@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
557 +
558 + static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
559 + {
560 +- int opcode;
561 + int retval = 0;
562 + size_t len;
563 + const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
564 +
565 +- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
566 +- trace_megasas_handle_dcmd(cmd->index, opcode);
567 ++ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
568 ++ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
569 + if (megasas_map_dcmd(s, cmd) < 0) {
570 + return MFI_STAT_MEMORY_NOT_AVAILABLE;
571 + }
572 +- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
573 ++ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
574 + cmdptr++;
575 + }
576 + len = cmd->iov_size;
577 + if (cmdptr->opcode == -1) {
578 +- trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
579 ++ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
580 + retval = megasas_dcmd_dummy(s, cmd);
581 + } else {
582 + trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
583 +@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
584 + static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
585 + SCSIRequest *req)
586 + {
587 +- int opcode;
588 + int retval = MFI_STAT_OK;
589 + int lun = req->lun;
590 +
591 +- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
592 +- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
593 +- switch (opcode) {
594 ++ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
595 ++ switch (cmd->dcmd_opcode) {
596 + case MFI_DCMD_PD_GET_INFO:
597 + retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
598 + break;
599 +@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
600 + retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
601 + break;
602 + default:
603 +- trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
604 ++ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
605 + retval = MFI_STAT_INVALID_DCMD;
606 + break;
607 + }
608 +@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
609 + {
610 + MegasasCmd *cmd = req->hba_private;
611 + uint8_t *buf;
612 +- uint32_t opcode;
613 +
614 + trace_megasas_io_complete(cmd->index, len);
615 +
616 +@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
617 + }
618 +
619 + buf = scsi_req_get_buf(req);
620 +- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
621 +- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
622 ++ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
623 + struct mfi_pd_info *info = cmd->iov_buf;
624 +
625 + if (info->inquiry_data[0] == 0x7f) {
626 +@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
627 + memcpy(info->vpd_page83, buf, len);
628 + }
629 + scsi_req_continue(req);
630 +- } else if (opcode == MFI_DCMD_LD_GET_INFO) {
631 ++ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
632 + struct mfi_ld_info *info = cmd->iov_buf;
633 +
634 + if (cmd->iov_buf) {
635 +--
636 +2.13.0
637 +
638
639 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
640 new file mode 100644
641 index 00000000000..9d77193b1f6
642 --- /dev/null
643 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
644 @@ -0,0 +1,80 @@
645 +From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
646 +From: Eric Blake <eblake@××××××.com>
647 +Date: Fri, 26 May 2017 22:04:21 -0500
648 +Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
649 +
650 +If a non-NBD client connects to qemu-nbd, we would end up with
651 +a SIGSEGV in nbd_client_put() because we were trying to
652 +unregister the client's association to the export, even though
653 +we skipped inserting the client into that list. Easy trigger
654 +in two terminals:
655 +
656 +$ qemu-nbd -p 30001 --format=raw file
657 +$ nmap 127.0.0.1 -p 30001
658 +
659 +nmap claims that it thinks it connected to a pago-services1
660 +server (which probably means nmap could be updated to learn the
661 +NBD protocol and give a more accurate diagnosis of the open
662 +port - but that's not our problem), then terminates immediately,
663 +so our call to nbd_negotiate() fails. The fix is to reorder
664 +nbd_co_client_start() to ensure that all initialization occurs
665 +before we ever try talking to a client in nbd_negotiate(), so
666 +that the teardown sequence on negotiation failure doesn't fault
667 +while dereferencing a half-initialized object.
668 +
669 +While debugging this, I also noticed that nbd_update_server_watch()
670 +called by nbd_client_closed() was still adding a channel to accept
671 +the next client, even when the state was no longer RUNNING. That
672 +is fixed by making nbd_can_accept() pay attention to the current
673 +state.
674 +
675 +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
676 +
677 +Signed-off-by: Eric Blake <eblake@××××××.com>
678 +Message-Id: <20170527030421.28366-1-eblake@××××××.com>
679 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
680 +---
681 + nbd/server.c | 8 +++-----
682 + qemu-nbd.c | 2 +-
683 + 2 files changed, 4 insertions(+), 6 deletions(-)
684 +
685 +diff --git a/nbd/server.c b/nbd/server.c
686 +index ee59e5d234..49b55f6ede 100644
687 +--- a/nbd/server.c
688 ++++ b/nbd/server.c
689 +@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
690 +
691 + if (exp) {
692 + nbd_export_get(exp);
693 ++ QTAILQ_INSERT_TAIL(&exp->clients, client, next);
694 + }
695 ++ qemu_co_mutex_init(&client->send_lock);
696 ++
697 + if (nbd_negotiate(data)) {
698 + client_close(client);
699 + goto out;
700 + }
701 +- qemu_co_mutex_init(&client->send_lock);
702 +-
703 +- if (exp) {
704 +- QTAILQ_INSERT_TAIL(&exp->clients, client, next);
705 +- }
706 +
707 + nbd_client_receive_next_request(client);
708 +
709 +diff --git a/qemu-nbd.c b/qemu-nbd.c
710 +index f60842fd86..651f85ecc1 100644
711 +--- a/qemu-nbd.c
712 ++++ b/qemu-nbd.c
713 +@@ -325,7 +325,7 @@ out:
714 +
715 + static int nbd_can_accept(void)
716 + {
717 +- return nb_fds < shared;
718 ++ return state == RUNNING && nb_fds < shared;
719 + }
720 +
721 + static void nbd_export_closed(NBDExport *exp)
722 +--
723 +2.13.0
724 +
725
726 diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
727 new file mode 100644
728 index 00000000000..e6934b379a2
729 --- /dev/null
730 +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
731 @@ -0,0 +1,197 @@
732 +From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
733 +From: Eric Blake <eblake@××××××.com>
734 +Date: Thu, 8 Jun 2017 17:26:17 -0500
735 +Subject: [PATCH] nbd: Fix regression on resiliency to port scan
736 +
737 +Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
738 +server would not quit, regardless of how many probe connections
739 +came and went, until a connection actually negotiated). But we
740 +broke that in commit ee7d7aa when removing the return value to
741 +nbd_client_new(), although that patch also introduced a bug causing
742 +an assertion failure on a client that fails negotiation. We then
743 +made it worse during refactoring in commit 1a6245a (a segfault
744 +before we could even assert); the (masked) assertion was cleaned
745 +up in d3780c2 (still in 2.6), and just recently we finally fixed
746 +the segfault ("nbd: Fully intialize client in case of failed
747 +negotiation"). But that still means that ever since we added
748 +TLS support to qemu-nbd, we have been vulnerable to an ill-timed
749 +port-scan being able to cause a denial of service by taking down
750 +qemu-nbd before a real client has a chance to connect.
751 +
752 +Since negotiation is now handled asynchronously via coroutines,
753 +we no longer have a synchronous point of return by re-adding a
754 +return value to nbd_client_new(). So this patch instead wires
755 +things up to pass the negotiation status through the close_fn
756 +callback function.
757 +
758 +Simple test across two terminals:
759 +$ qemu-nbd -f raw -p 30001 file
760 +$ nmap 127.0.0.1 -p 30001 && \
761 + qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
762 +
763 +Note that this patch does not change what constitutes successful
764 +negotiation (thus, a client must enter transmission phase before
765 +that client can be considered as a reason to terminate the server
766 +when the connection ends). Perhaps we may want to tweak things
767 +in a later patch to also treat a client that uses NBD_OPT_ABORT
768 +as being a 'successful' negotiation (the client correctly talked
769 +the NBD protocol, and informed us it was not going to use our
770 +export after all), but that's a discussion for another day.
771 +
772 +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
773 +
774 +Signed-off-by: Eric Blake <eblake@××××××.com>
775 +Message-Id: <20170608222617.20376-1-eblake@××××××.com>
776 +Signed-off-by: Paolo Bonzini <pbonzini@××××××.com>
777 +---
778 + blockdev-nbd.c | 6 +++++-
779 + include/block/nbd.h | 2 +-
780 + nbd/server.c | 24 +++++++++++++++---------
781 + qemu-nbd.c | 4 ++--
782 + 4 files changed, 23 insertions(+), 13 deletions(-)
783 +
784 +diff --git a/blockdev-nbd.c b/blockdev-nbd.c
785 +index dd0860f4a6..28f551a7b0 100644
786 +--- a/blockdev-nbd.c
787 ++++ b/blockdev-nbd.c
788 +@@ -27,6 +27,10 @@ typedef struct NBDServerData {
789 +
790 + static NBDServerData *nbd_server;
791 +
792 ++static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
793 ++{
794 ++ nbd_client_put(client);
795 ++}
796 +
797 + static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
798 + gpointer opaque)
799 +@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
800 + qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
801 + nbd_client_new(NULL, cioc,
802 + nbd_server->tlscreds, NULL,
803 +- nbd_client_put);
804 ++ nbd_blockdev_client_closed);
805 + object_unref(OBJECT(cioc));
806 + return TRUE;
807 + }
808 +diff --git a/include/block/nbd.h b/include/block/nbd.h
809 +index 416257abca..8fa5ce51f3 100644
810 +--- a/include/block/nbd.h
811 ++++ b/include/block/nbd.h
812 +@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
813 + QIOChannelSocket *sioc,
814 + QCryptoTLSCreds *tlscreds,
815 + const char *tlsaclname,
816 +- void (*close)(NBDClient *));
817 ++ void (*close_fn)(NBDClient *, bool));
818 + void nbd_client_get(NBDClient *client);
819 + void nbd_client_put(NBDClient *client);
820 +
821 +diff --git a/nbd/server.c b/nbd/server.c
822 +index 49b55f6ede..f2b1aa47ce 100644
823 +--- a/nbd/server.c
824 ++++ b/nbd/server.c
825 +@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
826 +
827 + struct NBDClient {
828 + int refcount;
829 +- void (*close)(NBDClient *client);
830 ++ void (*close_fn)(NBDClient *client, bool negotiated);
831 +
832 + bool no_zeroes;
833 + NBDExport *exp;
834 +@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
835 + }
836 + }
837 +
838 +-static void client_close(NBDClient *client)
839 ++static void client_close(NBDClient *client, bool negotiated)
840 + {
841 + if (client->closing) {
842 + return;
843 +@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
844 + NULL);
845 +
846 + /* Also tell the client, so that they release their reference. */
847 +- if (client->close) {
848 +- client->close(client);
849 ++ if (client->close_fn) {
850 ++ client->close_fn(client, negotiated);
851 + }
852 + }
853 +
854 +@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
855 +
856 + nbd_export_get(exp);
857 + QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
858 +- client_close(client);
859 ++ client_close(client, true);
860 + }
861 + nbd_export_set_name(exp, NULL);
862 + nbd_export_set_description(exp, NULL);
863 +@@ -1337,7 +1337,7 @@ done:
864 +
865 + out:
866 + nbd_request_put(req);
867 +- client_close(client);
868 ++ client_close(client, true);
869 + nbd_client_put(client);
870 + }
871 +
872 +@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
873 + qemu_co_mutex_init(&client->send_lock);
874 +
875 + if (nbd_negotiate(data)) {
876 +- client_close(client);
877 ++ client_close(client, false);
878 + goto out;
879 + }
880 +
881 +@@ -1373,11 +1373,17 @@ out:
882 + g_free(data);
883 + }
884 +
885 ++/*
886 ++ * Create a new client listener on the given export @exp, using the
887 ++ * given channel @sioc. Begin servicing it in a coroutine. When the
888 ++ * connection closes, call @close_fn with an indication of whether the
889 ++ * client completed negotiation.
890 ++ */
891 + void nbd_client_new(NBDExport *exp,
892 + QIOChannelSocket *sioc,
893 + QCryptoTLSCreds *tlscreds,
894 + const char *tlsaclname,
895 +- void (*close_fn)(NBDClient *))
896 ++ void (*close_fn)(NBDClient *, bool))
897 + {
898 + NBDClient *client;
899 + NBDClientNewData *data = g_new(NBDClientNewData, 1);
900 +@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
901 + object_ref(OBJECT(client->sioc));
902 + client->ioc = QIO_CHANNEL(sioc);
903 + object_ref(OBJECT(client->ioc));
904 +- client->close = close_fn;
905 ++ client->close_fn = close_fn;
906 +
907 + data->client = client;
908 + data->co = qemu_coroutine_create(nbd_co_client_start, data);
909 +diff --git a/qemu-nbd.c b/qemu-nbd.c
910 +index 651f85ecc1..9464a0461c 100644
911 +--- a/qemu-nbd.c
912 ++++ b/qemu-nbd.c
913 +@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
914 +
915 + static void nbd_update_server_watch(void);
916 +
917 +-static void nbd_client_closed(NBDClient *client)
918 ++static void nbd_client_closed(NBDClient *client, bool negotiated)
919 + {
920 + nb_fds--;
921 +- if (nb_fds == 0 && !persistent && state == RUNNING) {
922 ++ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
923 + state = TERMINATE;
924 + }
925 + nbd_update_server_watch();
926 +--
927 +2.13.0
928 +
929
930 diff --git a/app-emulation/qemu/qemu-2.9.0-r55.ebuild b/app-emulation/qemu/qemu-2.9.0-r55.ebuild
931 new file mode 100644
932 index 00000000000..4a7f4b1c5f1
933 --- /dev/null
934 +++ b/app-emulation/qemu/qemu-2.9.0-r55.ebuild
935 @@ -0,0 +1,792 @@
936 +# Copyright 1999-2017 Gentoo Foundation
937 +# Distributed under the terms of the GNU General Public License v2
938 +
939 +EAPI="6"
940 +
941 +PYTHON_COMPAT=( python2_7 )
942 +PYTHON_REQ_USE="ncurses,readline"
943 +
944 +PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
945 +
946 +FIRMWARE_ABI_VERSION="2.9.0-r52"
947 +
948 +inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
949 + user udev fcaps readme.gentoo-r1 pax-utils l10n
950 +
951 +if [[ ${PV} = *9999* ]]; then
952 + EGIT_REPO_URI="git://git.qemu.org/qemu.git"
953 + inherit git-r3
954 + SRC_URI=""
955 +else
956 + SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
957 + KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
958 +fi
959 +
960 +DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
961 +HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
962 +
963 +LICENSE="GPL-2 LGPL-2 BSD-2"
964 +SLOT="0"
965 +IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
966 + glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
967 + kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
968 + pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
969 + spice ssh static static-user systemtap tci test usb usbredir vde
970 + +vhost-net virgl virtfs +vnc vte xattr xen xfs"
971 +
972 +COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
973 + mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
974 + sparc64 x86_64"
975 +IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
976 + lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
977 +IUSE_USER_TARGETS="${COMMON_TARGETS}
978 + armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
979 +
980 +use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
981 +use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
982 +IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
983 +
984 +# Allow no targets to be built so that people can get a tools-only build.
985 +# Block USE flag configurations known to not work.
986 +REQUIRED_USE="${PYTHON_REQUIRED_USE}
987 + gtk2? ( gtk )
988 + qemu_softmmu_targets_arm? ( fdt )
989 + qemu_softmmu_targets_microblaze? ( fdt )
990 + qemu_softmmu_targets_mips64el? ( fdt )
991 + qemu_softmmu_targets_ppc? ( fdt )
992 + qemu_softmmu_targets_ppc64? ( fdt )
993 + sdl2? ( sdl )
994 + static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
995 + virtfs? ( xattr )
996 + vte? ( gtk )"
997 +
998 +# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
999 +# and user/softmmu targets (qemu-*, qemu-system-*).
1000 +#
1001 +# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
1002 +#
1003 +# The attr lib isn't always linked in (although the USE flag is always
1004 +# respected). This is because qemu supports using the C library's API
1005 +# when available rather than always using the extranl library.
1006 +ALL_DEPEND="
1007 + >=dev-libs/glib-2.0[static-libs(+)]
1008 + sys-libs/zlib[static-libs(+)]
1009 + python? ( ${PYTHON_DEPS} )
1010 + systemtap? ( dev-util/systemtap )
1011 + xattr? ( sys-apps/attr[static-libs(+)] )"
1012 +
1013 +# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
1014 +# softmmu targets (qemu-system-*).
1015 +SOFTMMU_TOOLS_DEPEND="
1016 + >=x11-libs/pixman-0.28.0[static-libs(+)]
1017 + accessibility? (
1018 + app-accessibility/brltty[api]
1019 + app-accessibility/brltty[static-libs(+)]
1020 + )
1021 + aio? ( dev-libs/libaio[static-libs(+)] )
1022 + alsa? ( >=media-libs/alsa-lib-1.0.13 )
1023 + bluetooth? ( net-wireless/bluez )
1024 + bzip2? ( app-arch/bzip2[static-libs(+)] )
1025 + caps? ( sys-libs/libcap-ng[static-libs(+)] )
1026 + curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
1027 + fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
1028 + glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
1029 + gnutls? (
1030 + dev-libs/nettle:=[static-libs(+)]
1031 + >=net-libs/gnutls-3.0:=[static-libs(+)]
1032 + )
1033 + gtk? (
1034 + gtk2? (
1035 + x11-libs/gtk+:2
1036 + vte? ( x11-libs/vte:0 )
1037 + )
1038 + !gtk2? (
1039 + x11-libs/gtk+:3
1040 + vte? ( x11-libs/vte:2.91 )
1041 + )
1042 + )
1043 + infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
1044 + iscsi? ( net-libs/libiscsi )
1045 + jpeg? ( virtual/jpeg:0=[static-libs(+)] )
1046 + lzo? ( dev-libs/lzo:2[static-libs(+)] )
1047 + ncurses? (
1048 + sys-libs/ncurses:0=[unicode]
1049 + sys-libs/ncurses:0=[static-libs(+)]
1050 + )
1051 + nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
1052 + numa? ( sys-process/numactl[static-libs(+)] )
1053 + opengl? (
1054 + virtual/opengl
1055 + media-libs/libepoxy[static-libs(+)]
1056 + media-libs/mesa[static-libs(+)]
1057 + media-libs/mesa[egl,gbm]
1058 + )
1059 + png? ( media-libs/libpng:0=[static-libs(+)] )
1060 + pulseaudio? ( media-sound/pulseaudio )
1061 + rbd? ( sys-cluster/ceph[static-libs(+)] )
1062 + sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
1063 + sdl? (
1064 + !sdl2? (
1065 + media-libs/libsdl[X]
1066 + >=media-libs/libsdl-1.2.11[static-libs(+)]
1067 + )
1068 + sdl2? (
1069 + media-libs/libsdl2[X]
1070 + media-libs/libsdl2[static-libs(+)]
1071 + )
1072 + )
1073 + seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
1074 + smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
1075 + snappy? ( app-arch/snappy:=[static-libs(+)] )
1076 + spice? (
1077 + >=app-emulation/spice-protocol-0.12.3
1078 + >=app-emulation/spice-0.12.0[static-libs(+)]
1079 + )
1080 + ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
1081 + usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
1082 + usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
1083 + vde? ( net-misc/vde[static-libs(+)] )
1084 + virgl? ( media-libs/virglrenderer[static-libs(+)] )
1085 + virtfs? ( sys-libs/libcap )
1086 + xen? ( app-emulation/xen-tools:= )
1087 + xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
1088 +
1089 +X86_FIRMWARE_DEPEND="
1090 + pin-upstream-blobs? (
1091 + ~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
1092 + ~sys-firmware/ipxe-1.0.0_p20160620
1093 + ~sys-firmware/seabios-1.10.2[binary,seavgabios]
1094 + ~sys-firmware/sgabios-0.1_pre8
1095 + )
1096 + !pin-upstream-blobs? (
1097 + sys-firmware/edk2-ovmf
1098 + sys-firmware/ipxe
1099 + >=sys-firmware/seabios-1.10.2[seavgabios]
1100 + sys-firmware/sgabios
1101 + )"
1102 +
1103 +CDEPEND="
1104 + !static? (
1105 + ${ALL_DEPEND//\[static-libs(+)]}
1106 + ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
1107 + )
1108 + qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
1109 + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
1110 +DEPEND="${CDEPEND}
1111 + dev-lang/perl
1112 + =dev-lang/python-2*
1113 + sys-apps/texinfo
1114 + virtual/pkgconfig
1115 + kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
1116 + gtk? ( nls? ( sys-devel/gettext ) )
1117 + static? (
1118 + ${ALL_DEPEND}
1119 + ${SOFTMMU_TOOLS_DEPEND}
1120 + )
1121 + static-user? ( ${ALL_DEPEND} )
1122 + test? (
1123 + dev-libs/glib[utils]
1124 + sys-devel/bc
1125 + )"
1126 +RDEPEND="${CDEPEND}
1127 + selinux? ( sec-policy/selinux-qemu )"
1128 +
1129 +PATCHES=(
1130 + "${FILESDIR}"/${PN}-2.5.0-cflags.patch
1131 + "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
1132 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
1133 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
1134 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
1135 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
1136 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
1137 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614
1138 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292
1139 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292
1140 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
1141 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184
1142 + "${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
1143 +)
1144 +
1145 +
1146 +STRIP_MASK="/usr/share/qemu/palcode-clipper"
1147 +
1148 +QA_PREBUILT="
1149 + usr/share/qemu/openbios-ppc
1150 + usr/share/qemu/openbios-sparc64
1151 + usr/share/qemu/openbios-sparc32
1152 + usr/share/qemu/palcode-clipper
1153 + usr/share/qemu/s390-ccw.img
1154 + usr/share/qemu/u-boot.e500"
1155 +
1156 +QA_WX_LOAD="usr/bin/qemu-i386
1157 + usr/bin/qemu-x86_64
1158 + usr/bin/qemu-alpha
1159 + usr/bin/qemu-arm
1160 + usr/bin/qemu-cris
1161 + usr/bin/qemu-m68k
1162 + usr/bin/qemu-microblaze
1163 + usr/bin/qemu-microblazeel
1164 + usr/bin/qemu-mips
1165 + usr/bin/qemu-mipsel
1166 + usr/bin/qemu-or1k
1167 + usr/bin/qemu-ppc
1168 + usr/bin/qemu-ppc64
1169 + usr/bin/qemu-ppc64abi32
1170 + usr/bin/qemu-sh4
1171 + usr/bin/qemu-sh4eb
1172 + usr/bin/qemu-sparc
1173 + usr/bin/qemu-sparc64
1174 + usr/bin/qemu-armeb
1175 + usr/bin/qemu-sparc32plus
1176 + usr/bin/qemu-s390x
1177 + usr/bin/qemu-unicore32"
1178 +
1179 +DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
1180 +kernel module loaded before running kvm. The easiest way to ensure that the
1181 +kernel module is loaded is to load it on boot.
1182 + For AMD CPUs the module is called 'kvm-amd'.
1183 + For Intel CPUs the module is called 'kvm-intel'.
1184 +Please review /etc/conf.d/modules for how to load these.
1185 +
1186 +Make sure your user is in the 'kvm' group. Just run
1187 + $ gpasswd -a <USER> kvm
1188 +then have <USER> re-login.
1189 +
1190 +For brand new installs, the default permissions on /dev/kvm might not let
1191 +you access it. You can tell udev to reset ownership/perms:
1192 + $ udevadm trigger -c add /dev/kvm
1193 +
1194 +If you want to register binfmt handlers for qemu user targets:
1195 +For openrc:
1196 + # rc-update add qemu-binfmt
1197 +For systemd:
1198 + # ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
1199 +
1200 +pkg_pretend() {
1201 + if use kernel_linux && kernel_is lt 2 6 25; then
1202 + eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
1203 + elif use kernel_linux; then
1204 + if ! linux_config_exists; then
1205 + eerror "Unable to check your kernel for KVM support"
1206 + else
1207 + CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
1208 + ERROR_KVM="You must enable KVM in your kernel to continue"
1209 + ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
1210 + ERROR_KVM_AMD+=" your kernel configuration."
1211 + ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
1212 + ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
1213 + ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
1214 + ERROR_TUN+=" into your kernel or loaded as a module to use the"
1215 + ERROR_TUN+=" virtual network device if using -net tap."
1216 + ERROR_BRIDGE="You will also need support for 802.1d"
1217 + ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
1218 + use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
1219 + ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
1220 + ERROR_VHOST_NET+=" support"
1221 +
1222 + if use amd64 || use x86 || use amd64-linux || use x86-linux; then
1223 + CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
1224 + fi
1225 +
1226 + use python && CONFIG_CHECK+=" ~DEBUG_FS"
1227 + ERROR_DEBUG_FS="debugFS support required for kvm_stat"
1228 +
1229 + # Now do the actual checks setup above
1230 + check_extra_config
1231 + fi
1232 + fi
1233 +
1234 + if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
1235 + eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
1236 + eerror "instances are still pointing to it. Please update your"
1237 + eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
1238 + eerror "and the right system binary (e.g. qemu-system-x86_64)."
1239 + die "update your virt configs to not use qemu-kvm"
1240 + fi
1241 +}
1242 +
1243 +pkg_setup() {
1244 + enewgroup kvm 78
1245 +}
1246 +
1247 +# Sanity check to make sure target lists are kept up-to-date.
1248 +check_targets() {
1249 + local var=$1 mak=$2
1250 + local detected sorted
1251 +
1252 + pushd "${S}"/default-configs >/dev/null || die
1253 +
1254 + # Force C locale until glibc is updated. #564936
1255 + detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
1256 + sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
1257 + if [[ ${sorted} != "${detected}" ]] ; then
1258 + eerror "The ebuild needs to be kept in sync."
1259 + eerror "${var}: ${sorted}"
1260 + eerror "$(printf '%-*s' ${#var} configure): ${detected}"
1261 + die "sync ${var} to the list of targets"
1262 + fi
1263 +
1264 + popd >/dev/null
1265 +}
1266 +
1267 +handle_locales() {
1268 + # Make sure locale list is kept up-to-date.
1269 + local detected sorted
1270 + detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
1271 + sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
1272 + if [[ ${sorted} != "${detected}" ]] ; then
1273 + eerror "The ebuild needs to be kept in sync."
1274 + eerror "PLOCALES: ${sorted}"
1275 + eerror " po/*.po: ${detected}"
1276 + die "sync PLOCALES"
1277 + fi
1278 +
1279 + # Deal with selective install of locales.
1280 + if use nls ; then
1281 + # Delete locales the user does not want. #577814
1282 + rm_loc() { rm po/$1.po || die; }
1283 + l10n_for_each_disabled_locale_do rm_loc
1284 + else
1285 + # Cheap hack to disable gettext .mo generation.
1286 + rm -f po/*.po
1287 + fi
1288 +}
1289 +
1290 +src_prepare() {
1291 + check_targets IUSE_SOFTMMU_TARGETS softmmu
1292 + check_targets IUSE_USER_TARGETS linux-user
1293 +
1294 + # Alter target makefiles to accept CFLAGS set via flag-o
1295 + sed -i -r \
1296 + -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
1297 + Makefile Makefile.target || die
1298 +
1299 + default
1300 +
1301 + # Fix ld and objcopy being called directly
1302 + tc-export AR LD OBJCOPY
1303 +
1304 + # Verbose builds
1305 + MAKEOPTS+=" V=1"
1306 +
1307 + # Run after we've applied all patches.
1308 + handle_locales
1309 +}
1310 +
1311 +##
1312 +# configures qemu based on the build directory and the build type
1313 +# we are using.
1314 +#
1315 +qemu_src_configure() {
1316 + debug-print-function ${FUNCNAME} "$@"
1317 +
1318 + local buildtype=$1
1319 + local builddir="${S}/${buildtype}-build"
1320 +
1321 + mkdir "${builddir}"
1322 +
1323 + local conf_opts=(
1324 + --prefix=/usr
1325 + --sysconfdir=/etc
1326 + --libdir=/usr/$(get_libdir)
1327 + --docdir=/usr/share/doc/${PF}/html
1328 + --disable-bsd-user
1329 + --disable-guest-agent
1330 + --disable-strip
1331 + --disable-werror
1332 + # We support gnutls/nettle for crypto operations. It is possible
1333 + # to use gcrypt when gnutls/nettle are disabled (but not when they
1334 + # are enabled), but it's not really worth the hassle. Disable it
1335 + # all the time to avoid automatically detecting it. #568856
1336 + --disable-gcrypt
1337 + --python="${PYTHON}"
1338 + --cc="$(tc-getCC)"
1339 + --cxx="$(tc-getCXX)"
1340 + --host-cc="$(tc-getBUILD_CC)"
1341 + $(use_enable debug debug-info)
1342 + $(use_enable debug debug-tcg)
1343 + --enable-docs
1344 + $(use_enable tci tcg-interpreter)
1345 + $(use_enable xattr attr)
1346 + )
1347 +
1348 + # Disable options not used by user targets. This simplifies building
1349 + # static user targets (USE=static-user) considerably.
1350 + conf_notuser() {
1351 + if [[ ${buildtype} == "user" ]] ; then
1352 + echo "--disable-${2:-$1}"
1353 + else
1354 + use_enable "$@"
1355 + fi
1356 + }
1357 + conf_opts+=(
1358 + $(conf_notuser accessibility brlapi)
1359 + $(conf_notuser aio linux-aio)
1360 + $(conf_notuser bzip2)
1361 + $(conf_notuser bluetooth bluez)
1362 + $(conf_notuser caps cap-ng)
1363 + $(conf_notuser curl)
1364 + $(conf_notuser fdt)
1365 + $(conf_notuser glusterfs)
1366 + $(conf_notuser gnutls)
1367 + $(conf_notuser gnutls nettle)
1368 + $(conf_notuser gtk)
1369 + $(conf_notuser infiniband rdma)
1370 + $(conf_notuser iscsi libiscsi)
1371 + $(conf_notuser jpeg vnc-jpeg)
1372 + $(conf_notuser kernel_linux kvm)
1373 + $(conf_notuser lzo)
1374 + $(conf_notuser ncurses curses)
1375 + $(conf_notuser nfs libnfs)
1376 + $(conf_notuser numa)
1377 + $(conf_notuser opengl)
1378 + $(conf_notuser png vnc-png)
1379 + $(conf_notuser rbd)
1380 + $(conf_notuser sasl vnc-sasl)
1381 + $(conf_notuser sdl)
1382 + $(conf_notuser seccomp)
1383 + $(conf_notuser smartcard)
1384 + $(conf_notuser snappy)
1385 + $(conf_notuser spice)
1386 + $(conf_notuser ssh libssh2)
1387 + $(conf_notuser usb libusb)
1388 + $(conf_notuser usbredir usb-redir)
1389 + $(conf_notuser vde)
1390 + $(conf_notuser vhost-net)
1391 + $(conf_notuser virgl virglrenderer)
1392 + $(conf_notuser virtfs)
1393 + $(conf_notuser vnc)
1394 + $(conf_notuser vte)
1395 + $(conf_notuser xen)
1396 + $(conf_notuser xen xen-pci-passthrough)
1397 + $(conf_notuser xfs xfsctl)
1398 + )
1399 +
1400 + if [[ ! ${buildtype} == "user" ]] ; then
1401 + # audio options
1402 + local audio_opts="oss"
1403 + use alsa && audio_opts="alsa,${audio_opts}"
1404 + use sdl && audio_opts="sdl,${audio_opts}"
1405 + use pulseaudio && audio_opts="pa,${audio_opts}"
1406 + conf_opts+=(
1407 + --audio-drv-list="${audio_opts}"
1408 + )
1409 + use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
1410 + use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
1411 + fi
1412 +
1413 + case ${buildtype} in
1414 + user)
1415 + conf_opts+=(
1416 + --enable-linux-user
1417 + --disable-system
1418 + --disable-blobs
1419 + --disable-tools
1420 + )
1421 + local static_flag="static-user"
1422 + ;;
1423 + softmmu)
1424 + conf_opts+=(
1425 + --disable-linux-user
1426 + --enable-system
1427 + --disable-tools
1428 + --with-system-pixman
1429 + )
1430 + local static_flag="static"
1431 + ;;
1432 + tools)
1433 + conf_opts+=(
1434 + --disable-linux-user
1435 + --disable-system
1436 + --disable-blobs
1437 + --enable-tools
1438 + )
1439 + local static_flag="static"
1440 + ;;
1441 + esac
1442 +
1443 + local targets="${buildtype}_targets"
1444 + [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
1445 +
1446 + # Add support for SystemTAP
1447 + use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
1448 +
1449 + # We always want to attempt to build with PIE support as it results
1450 + # in a more secure binary. But it doesn't work with static or if
1451 + # the current GCC doesn't have PIE support.
1452 + if use ${static_flag}; then
1453 + conf_opts+=( --static --disable-pie )
1454 + else
1455 + tc-enables-pie && conf_opts+=( --enable-pie )
1456 + fi
1457 +
1458 + echo "../configure ${conf_opts[*]}"
1459 + cd "${builddir}"
1460 + ../configure "${conf_opts[@]}" || die "configure failed"
1461 +
1462 + # FreeBSD's kernel does not support QEMU assigning/grabbing
1463 + # host USB devices yet
1464 + use kernel_FreeBSD && \
1465 + sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
1466 +}
1467 +
1468 +src_configure() {
1469 + local target
1470 +
1471 + python_setup
1472 +
1473 + softmmu_targets= softmmu_bins=()
1474 + user_targets= user_bins=()
1475 +
1476 + for target in ${IUSE_SOFTMMU_TARGETS} ; do
1477 + if use "qemu_softmmu_targets_${target}"; then
1478 + softmmu_targets+=",${target}-softmmu"
1479 + softmmu_bins+=( "qemu-system-${target}" )
1480 + fi
1481 + done
1482 +
1483 + for target in ${IUSE_USER_TARGETS} ; do
1484 + if use "qemu_user_targets_${target}"; then
1485 + user_targets+=",${target}-linux-user"
1486 + user_bins+=( "qemu-${target}" )
1487 + fi
1488 + done
1489 +
1490 + softmmu_targets=${softmmu_targets#,}
1491 + user_targets=${user_targets#,}
1492 +
1493 + [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
1494 + [[ -n ${user_targets} ]] && qemu_src_configure "user"
1495 + qemu_src_configure "tools"
1496 +}
1497 +
1498 +src_compile() {
1499 + if [[ -n ${user_targets} ]]; then
1500 + cd "${S}/user-build"
1501 + default
1502 + fi
1503 +
1504 + if [[ -n ${softmmu_targets} ]]; then
1505 + cd "${S}/softmmu-build"
1506 + default
1507 + fi
1508 +
1509 + cd "${S}/tools-build"
1510 + default
1511 +}
1512 +
1513 +src_test() {
1514 + if [[ -n ${softmmu_targets} ]]; then
1515 + cd "${S}/softmmu-build"
1516 + pax-mark m */qemu-system-* #515550
1517 + emake -j1 check
1518 + emake -j1 check-report.html
1519 + fi
1520 +}
1521 +
1522 +qemu_python_install() {
1523 + python_domodule "${S}/scripts/qmp/qmp.py"
1524 +
1525 + python_doscript "${S}/scripts/kvm/vmxcap"
1526 + python_doscript "${S}/scripts/qmp/qmp-shell"
1527 + python_doscript "${S}/scripts/qmp/qemu-ga-client"
1528 +}
1529 +
1530 +# Generate binfmt support files.
1531 +# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
1532 +# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
1533 +generate_initd() {
1534 + local out="${T}/qemu-binfmt"
1535 + local out_systemd="${T}/qemu.conf"
1536 + local d="${T}/binfmt.d"
1537 +
1538 + einfo "Generating qemu binfmt scripts and configuration files"
1539 +
1540 + # Generate the debian fragments first.
1541 + mkdir -p "${d}"
1542 + "${S}"/scripts/qemu-binfmt-conf.sh \
1543 + --debian \
1544 + --exportdir "${d}" \
1545 + --qemu-path "${EPREFIX}/usr/bin" \
1546 + || die
1547 + # Then turn the fragments into a shell script we can source.
1548 + sed -E -i \
1549 + -e 's:^([^ ]+) (.*)$:\1="\2":' \
1550 + "${d}"/* || die
1551 +
1552 + # Generate the init.d script by assembling the fragments from above.
1553 + local f qcpu package interpreter magic mask
1554 + cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
1555 + for f in "${d}"/qemu-* ; do
1556 + source "${f}"
1557 +
1558 + # Normalize the cpu logic like we do in the init.d for the native cpu.
1559 + qcpu=${package#qemu-}
1560 + case ${qcpu} in
1561 + arm*) qcpu="arm";;
1562 + mips*) qcpu="mips";;
1563 + ppc*) qcpu="ppc";;
1564 + s390*) qcpu="s390";;
1565 + sh*) qcpu="sh";;
1566 + sparc*) qcpu="sparc";;
1567 + esac
1568 +
1569 + cat <<EOF >>"${out}"
1570 + if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
1571 + echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
1572 + fi
1573 +EOF
1574 +
1575 + echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
1576 +
1577 + done
1578 + cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
1579 +}
1580 +
1581 +src_install() {
1582 + if [[ -n ${user_targets} ]]; then
1583 + cd "${S}/user-build"
1584 + emake DESTDIR="${ED}" install
1585 +
1586 + # Install binfmt handler init script for user targets.
1587 + generate_initd
1588 + doinitd "${T}/qemu-binfmt"
1589 +
1590 + # Install binfmt/qemu.conf.
1591 + insinto "/usr/share/qemu/binfmt.d"
1592 + doins "${T}/qemu.conf"
1593 + fi
1594 +
1595 + if [[ -n ${softmmu_targets} ]]; then
1596 + cd "${S}/softmmu-build"
1597 + emake DESTDIR="${ED}" install
1598 +
1599 + # This might not exist if the test failed. #512010
1600 + [[ -e check-report.html ]] && dohtml check-report.html
1601 +
1602 + if use kernel_linux; then
1603 + udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
1604 + fi
1605 +
1606 + if use python; then
1607 + python_foreach_impl qemu_python_install
1608 + fi
1609 + fi
1610 +
1611 + cd "${S}/tools-build"
1612 + emake DESTDIR="${ED}" install
1613 +
1614 + # Disable mprotect on the qemu binaries as they use JITs to be fast #459348
1615 + pushd "${ED}"/usr/bin >/dev/null
1616 + pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
1617 + popd >/dev/null
1618 +
1619 + # Install config file example for qemu-bridge-helper
1620 + insinto "/etc/qemu"
1621 + doins "${FILESDIR}/bridge.conf"
1622 +
1623 + cd "${S}"
1624 + dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
1625 + newdoc pc-bios/README README.pc-bios
1626 + dodoc docs/qmp-*.txt
1627 +
1628 + if [[ -n ${softmmu_targets} ]]; then
1629 + # Remove SeaBIOS since we're using the SeaBIOS packaged one
1630 + rm "${ED}/usr/share/qemu/bios.bin"
1631 + rm "${ED}/usr/share/qemu/bios-256k.bin"
1632 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1633 + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
1634 + dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
1635 + fi
1636 +
1637 + # Remove vgabios since we're using the seavgabios packaged one
1638 + rm "${ED}/usr/share/qemu/vgabios.bin"
1639 + rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
1640 + rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
1641 + rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
1642 + rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
1643 + rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
1644 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1645 + dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
1646 + dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
1647 + dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
1648 + dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
1649 + dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
1650 + dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
1651 + fi
1652 +
1653 + # Remove sgabios since we're using the sgabios packaged one
1654 + rm "${ED}/usr/share/qemu/sgabios.bin"
1655 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1656 + dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
1657 + fi
1658 +
1659 + # Remove iPXE since we're using the iPXE packaged one
1660 + rm "${ED}"/usr/share/qemu/pxe-*.rom
1661 + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
1662 + dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
1663 + dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
1664 + dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
1665 + dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
1666 + dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
1667 + dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
1668 + fi
1669 + fi
1670 +
1671 + DISABLE_AUTOFORMATTING=true
1672 + readme.gentoo_create_doc
1673 +}
1674 +
1675 +firmware_abi_change() {
1676 + local pv
1677 + for pv in ${REPLACING_VERSIONS}; do
1678 + if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
1679 + return 0
1680 + fi
1681 + done
1682 + return 1
1683 +}
1684 +
1685 +pkg_postinst() {
1686 + if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
1687 + udev_reload
1688 + fi
1689 +
1690 + fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
1691 +
1692 + DISABLE_AUTOFORMATTING=true
1693 + readme.gentoo_print_elog
1694 +
1695 + if use pin-upstream-blobs && firmware_abi_change; then
1696 + ewarn "This version of qemu pins new versions of firmware blobs:"
1697 + ewarn " $(best_version sys-firmware/edk2-ovmf)"
1698 + ewarn " $(best_version sys-firmware/ipxe)"
1699 + ewarn " $(best_version sys-firmware/seabios)"
1700 + ewarn " $(best_version sys-firmware/sgabios)"
1701 + ewarn "This might break resume of hibernated guests (started with a different"
1702 + ewarn "firmware version) and live migration to/from qemu versions with different"
1703 + ewarn "firmware. Please (cold) restart all running guests. For functional"
1704 + ewarn "guest migration ensure that all"
1705 + ewarn "hosts run at least"
1706 + ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
1707 + fi
1708 +}
1709 +
1710 +pkg_info() {
1711 + echo "Using:"
1712 + echo " $(best_version app-emulation/spice-protocol)"
1713 + echo " $(best_version sys-firmware/edk2-ovmf)"
1714 + if has_version 'sys-firmware/edk2-ovmf[binary]'; then
1715 + echo " USE=binary"
1716 + else
1717 + echo " USE=''"
1718 + fi
1719 + echo " $(best_version sys-firmware/ipxe)"
1720 + echo " $(best_version sys-firmware/seabios)"
1721 + if has_version 'sys-firmware/seabios[binary]'; then
1722 + echo " USE=binary"
1723 + else
1724 + echo " USE=''"
1725 + fi
1726 + echo " $(best_version sys-firmware/sgabios)"
1727 +}
Report Message
Find on MARC Find on Google Groups