From 69f166f734e87c4d5b025e9f2bbfcfba3d7cddcb Mon Sep 17 00:00:00 2001 From: Matthias Maier Date: Sun, 12 Feb 2017 22:50:18 -0600 Subject: app-emulation/qemu: fix various security issues, bug #608728 and others This commit applies upstream patches to 2.8.0 for the following CVEs CVE-2016-10155 #606720 CVE-2017-2615 #608034 CVE-2017-5525 #606264 CVE-2017-5552 #606722 CVE-2017-5578 #607000 CVE-2017-5579 #607100 CVE-2017-5667 #607766 CVE-2017-5856 #608036 CVE-2017-5857 #608038 CVE-2017-5898 #608520 CVE-2017-5931 #608728 Package-Manager: Portage-2.3.3, Repoman-2.3.1 --- .../qemu/files/qemu-2.8.0-CVE-2016-10155.patch | 46 ++ .../qemu/files/qemu-2.8.0-CVE-2017-2615.patch | 48 ++ .../qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch | 52 ++ .../qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch | 55 ++ .../qemu/files/qemu-2.8.0-CVE-2017-5552.patch | 41 ++ .../qemu/files/qemu-2.8.0-CVE-2017-5578.patch | 35 ++ .../qemu/files/qemu-2.8.0-CVE-2017-5579.patch | 40 ++ .../qemu/files/qemu-2.8.0-CVE-2017-5667.patch | 37 ++ .../qemu/files/qemu-2.8.0-CVE-2017-5856.patch | 64 ++ .../qemu/files/qemu-2.8.0-CVE-2017-5857.patch | 38 ++ .../qemu/files/qemu-2.8.0-CVE-2017-5898.patch | 35 ++ .../qemu/files/qemu-2.8.0-CVE-2017-5931.patch | 46 ++ app-emulation/qemu/qemu-2.8.0-r1.ebuild | 691 +++++++++++++++++++++ 13 files changed, 1228 insertions(+) create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch create mode 100644 app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch create mode 100644 app-emulation/qemu/qemu-2.8.0-r1.ebuild (limited to 'app-emulation') diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch new file mode 100644 index 00000000000..c486295d06f --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2016-10155.patch @@ -0,0 +1,46 @@ +From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Mon, 28 Nov 2016 17:49:04 -0800 +Subject: [PATCH] watchdog: 6300esb: add exit function + +When the Intel 6300ESB watchdog is hot unplug. The timer allocated +in realize isn't freed thus leaking memory leak. This patch avoid +this through adding the exit function. + +Signed-off-by: Li Qiang +Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com> +Signed-off-by: Paolo Bonzini +--- + hw/watchdog/wdt_i6300esb.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c +index a83d951..49b3cd1 100644 +--- a/hw/watchdog/wdt_i6300esb.c ++++ b/hw/watchdog/wdt_i6300esb.c +@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp) + /* qemu_register_coalesced_mmio (addr, 0x10); ? */ + } + ++static void i6300esb_exit(PCIDevice *dev) ++{ ++ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev); ++ ++ timer_del(d->timer); ++ timer_free(d->timer); ++} ++ + static WatchdogTimerModel model = { + .wdt_name = "i6300esb", + .wdt_description = "Intel 6300ESB", +@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data) + k->config_read = i6300esb_config_read; + k->config_write = i6300esb_config_write; + k->realize = i6300esb_realize; ++ k->exit = i6300esb_exit; + k->vendor_id = PCI_VENDOR_ID_INTEL; + k->device_id = PCI_DEVICE_ID_INTEL_ESB_9; + k->class_id = PCI_CLASS_SYSTEM_OTHER; +-- +2.10.2 + diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch new file mode 100644 index 00000000000..f0bba801657 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-2615.patch @@ -0,0 +1,48 @@ +From 62d4c6bd5263bb8413a06c80144fc678df6dfb64 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Wed, 1 Feb 2017 09:35:01 +0100 +Subject: [PATCH] cirrus: fix oob access issue (CVE-2017-2615) + +When doing bitblt copy in backward mode, we should minus the +blt width first just like the adding in the forward mode. This +can avoid the oob access of the front of vga's vram. + +Signed-off-by: Li Qiang + +{ kraxel: with backward blits (negative pitch) addr is the topmost + address, so check it as-is against vram size ] + +Cc: qemu-stable@nongnu.org +Cc: P J P +Cc: Laszlo Ersek +Cc: Paolo Bonzini +Cc: Wolfgang Bumiller +Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106) +Signed-off-by: Gerd Hoffmann +Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com +Reviewed-by: Laszlo Ersek +--- + hw/display/cirrus_vga.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c +index 7db6409..16f27e8 100644 +--- a/hw/display/cirrus_vga.c ++++ b/hw/display/cirrus_vga.c +@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, + { + if (pitch < 0) { + int64_t min = addr +- + ((int64_t)s->cirrus_blt_height-1) * pitch; +- int32_t max = addr +- + s->cirrus_blt_width; +- if (min < 0 || max > s->vga.vram_size) { ++ + ((int64_t)s->cirrus_blt_height - 1) * pitch ++ - s->cirrus_blt_width; ++ if (min < -1 || addr >= s->vga.vram_size) { + return true; + } + } else { +-- +2.10.2 + diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch new file mode 100644 index 00000000000..24411b4dca3 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-1.patch @@ -0,0 +1,52 @@ +From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Wed, 14 Dec 2016 18:30:21 -0800 +Subject: [PATCH] audio: ac97: add exit function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Currently the ac97 device emulation doesn't have a exit function, +hot unplug this device will leak some memory. Add a exit function to +avoid this. + +Signed-off-by: Li Qiang +Reviewed-by: Marc-André Lureau +Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com +Signed-off-by: Gerd Hoffmann +--- + hw/audio/ac97.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c +index cbd959e..c306575 100644 +--- a/hw/audio/ac97.c ++++ b/hw/audio/ac97.c +@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp) + ac97_on_reset (&s->dev.qdev); + } + ++static void ac97_exit(PCIDevice *dev) ++{ ++ AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev); ++ ++ AUD_close_in(&s->card, s->voice_pi); ++ AUD_close_out(&s->card, s->voice_po); ++ AUD_close_in(&s->card, s->voice_mc); ++ AUD_remove_card(&s->card); ++} ++ + static int ac97_init (PCIBus *bus) + { + pci_create_simple (bus, -1, "AC97"); +@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data) + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); + + k->realize = ac97_realize; ++ k->exit = ac97_exit; + k->vendor_id = PCI_VENDOR_ID_INTEL; + k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5; + k->revision = 0x01; +-- +2.10.2 + diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch new file mode 100644 index 00000000000..6bbac580c3c --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5525-2.patch @@ -0,0 +1,55 @@ +From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Wed, 14 Dec 2016 18:32:22 -0800 +Subject: [PATCH] audio: es1370: add exit function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Currently the es1370 device emulation doesn't have a exit function, +hot unplug this device will leak some memory. Add a exit function to +avoid this. + +Signed-off-by: Li Qiang +Reviewed-by: Marc-André Lureau +Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com +Signed-off-by: Gerd Hoffmann +--- + hw/audio/es1370.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c +index 8449b5f..883ec69 100644 +--- a/hw/audio/es1370.c ++++ b/hw/audio/es1370.c +@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp) + es1370_reset (s); + } + ++static void es1370_exit(PCIDevice *dev) ++{ ++ ES1370State *s = ES1370(dev); ++ int i; ++ ++ for (i = 0; i < 2; ++i) { ++ AUD_close_out(&s->card, s->dac_voice[i]); ++ } ++ ++ AUD_close_in(&s->card, s->adc_voice); ++ AUD_remove_card(&s->card); ++} ++ + static int es1370_init (PCIBus *bus) + { + pci_create_simple (bus, -1, TYPE_ES1370); +@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data) + PCIDeviceClass *k = PCI_DEVICE_CLASS (klass); + + k->realize = es1370_realize; ++ k->exit = es1370_exit; + k->vendor_id = PCI_VENDOR_ID_ENSONIQ; + k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370; + k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO; +-- +2.10.2 + diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch new file mode 100644 index 00000000000..9475f3fd2a2 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5552.patch @@ -0,0 +1,41 @@ +From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Thu, 29 Dec 2016 03:11:26 -0500 +Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If the virgl_renderer_resource_attach_iov function fails the +'res_iovs' will be leaked. Add check of the return value to +free the 'res_iovs' when failing. + +Signed-off-by: Li Qiang +Reviewed-by: Marc-André Lureau +Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com +Signed-off-by: Gerd Hoffmann +--- + hw/display/virtio-gpu-3d.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c +index e29f099..b13ced3 100644 +--- a/hw/display/virtio-gpu-3d.c ++++ b/hw/display/virtio-gpu-3d.c +@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g, + return; + } + +- virgl_renderer_resource_attach_iov(att_rb.resource_id, +- res_iovs, att_rb.nr_entries); ++ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id, ++ res_iovs, att_rb.nr_entries); ++ ++ if (ret != 0) ++ virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries); + } + + static void virgl_resource_detach_backing(VirtIOGPU *g, +-- +2.10.2 + diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch new file mode 100644 index 00000000000..f93d1e7f9e9 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5578.patch @@ -0,0 +1,35 @@ +From 204f01b30975923c64006f8067f0937b91eea68b Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Thu, 29 Dec 2016 04:28:41 -0500 +Subject: [PATCH] virtio-gpu: fix memory leak in resource attach backing + +In the resource attach backing function, everytime it will +allocate 'res->iov' thus can leading a memory leak. This +patch avoid this. + +Signed-off-by: Li Qiang +Message-id: 1483003721-65360-1-git-send-email-liq3ea@gmail.com +Signed-off-by: Gerd Hoffmann +--- + hw/display/virtio-gpu.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index 6a26258..ca88cf4 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -714,6 +714,11 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g, + return; + } + ++ if (res->iov) { ++ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; ++ return; ++ } ++ + ret = virtio_gpu_create_mapping_iov(&ab, cmd, &res->addrs, &res->iov); + if (ret != 0) { + cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; +-- +2.10.2 + diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch new file mode 100644 index 00000000000..e4572a8d571 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5579.patch @@ -0,0 +1,40 @@ +From 8409dc884a201bf74b30a9d232b6bbdd00cb7e2b Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Wed, 4 Jan 2017 00:43:16 -0800 +Subject: [PATCH] serial: fix memory leak in serial exit + +The serial_exit_core function doesn't free some resources. +This can lead memory leak when hotplug and unplug. This +patch avoid this. + +Signed-off-by: Li Qiang +Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com> +Signed-off-by: Paolo Bonzini +--- + hw/char/serial.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/hw/char/serial.c b/hw/char/serial.c +index ffbacd8..67b18ed 100644 +--- a/hw/char/serial.c ++++ b/hw/char/serial.c +@@ -906,6 +906,16 @@ void serial_realize_core(SerialState *s, Error **errp) + void serial_exit_core(SerialState *s) + { + qemu_chr_fe_deinit(&s->chr); ++ ++ timer_del(s->modem_status_poll); ++ timer_free(s->modem_status_poll); ++ ++ timer_del(s->fifo_timeout_timer); ++ timer_free(s->fifo_timeout_timer); ++ ++ fifo8_destroy(&s->recv_fifo); ++ fifo8_destroy(&s->xmit_fifo); ++ + qemu_unregister_reset(serial_reset, s); + } + +-- +2.10.2 + diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch new file mode 100644 index 00000000000..93e9c9406c4 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5667.patch @@ -0,0 +1,37 @@ +From 42922105beb14c2fc58185ea022b9f72fb5465e9 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit +Date: Tue, 7 Feb 2017 18:29:59 +0000 +Subject: [PATCH] sd: sdhci: check data length during dma_memory_read + +While doing multi block SDMA transfer in routine +'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting +index 'begin' and data length 's->data_count' could end up to be same. +This could lead to an OOB access issue. Correct transfer data length +to avoid it. + +Cc: qemu-stable@nongnu.org +Reported-by: Jiang Xin +Signed-off-by: Prasad J Pandit +Reviewed-by: Peter Maydell +Message-id: 20170130064736.9236-1-ppandit@redhat.com +Signed-off-by: Peter Maydell +--- + hw/sd/sdhci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index 01fbf22..5bd5ab6 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -536,7 +536,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) + boundary_count -= block_size - begin; + } + dma_memory_read(&address_space_memory, s->sdmasysad, +- &s->fifo_buffer[begin], s->data_count); ++ &s->fifo_buffer[begin], s->data_count - begin); + s->sdmasysad += s->data_count - begin; + if (s->data_count == block_size) { + for (n = 0; n < block_size; n++) { +-- +2.10.2 + diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch new file mode 100644 index 00000000000..2ebd49fa54d --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5856.patch @@ -0,0 +1,64 @@ +From 765a707000e838c30b18d712fe6cb3dd8e0435f3 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Mon, 2 Jan 2017 11:03:33 +0100 +Subject: [PATCH] megasas: fix guest-triggered memory leak + +If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd +will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory. +Avoid this by returning only the status from map_dcmd, and loading +cmd->iov_size in the caller. + +Reported-by: Li Qiang +Signed-off-by: Paolo Bonzini +--- + hw/scsi/megasas.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 67fc1e7..6233865 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -683,14 +683,14 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd) + trace_megasas_dcmd_invalid_sge(cmd->index, + cmd->frame->header.sge_count); + cmd->iov_size = 0; +- return -1; ++ return -EINVAL; + } + iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl); + iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl); + pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1); + qemu_sglist_add(&cmd->qsg, iov_pa, iov_size); + cmd->iov_size = iov_size; +- return cmd->iov_size; ++ return 0; + } + + static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size) +@@ -1559,19 +1559,20 @@ static const struct dcmd_cmd_tbl_t { + + static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd) + { +- int opcode, len; ++ int opcode; + int retval = 0; ++ size_t len; + const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl; + + opcode = le32_to_cpu(cmd->frame->dcmd.opcode); + trace_megasas_handle_dcmd(cmd->index, opcode); +- len = megasas_map_dcmd(s, cmd); +- if (len < 0) { ++ if (megasas_map_dcmd(s, cmd) < 0) { + return MFI_STAT_MEMORY_NOT_AVAILABLE; + } + while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) { + cmdptr++; + } ++ len = cmd->iov_size; + if (cmdptr->opcode == -1) { + trace_megasas_dcmd_unhandled(cmd->index, opcode, len); + retval = megasas_dcmd_dummy(s, cmd); +-- +2.10.2 + diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch new file mode 100644 index 00000000000..664a669ffaa --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5857.patch @@ -0,0 +1,38 @@ +When the guest sends VIRTIO_GPU_CMD_RESOURCE_UNREF without detaching the +backing storage beforehand (VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING) +we'll leak memory. + +This patch fixes it for 3d mode, simliar to the 2d mode fix in commit +"b8e2392 virtio-gpu: call cleanup mapping function in resource destroy". + +Reported-by: 李强 +Signed-off-by: Gerd Hoffmann +--- + hw/display/virtio-gpu-3d.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c +index f96a0c2..ecb09d1 100644 +--- a/hw/display/virtio-gpu-3d.c ++++ b/hw/display/virtio-gpu-3d.c +@@ -77,10 +77,18 @@ static void virgl_cmd_resource_unref(VirtIOGPU *g, + struct virtio_gpu_ctrl_command *cmd) + { + struct virtio_gpu_resource_unref unref; ++ struct iovec *res_iovs = NULL; ++ int num_iovs = 0; + + VIRTIO_GPU_FILL_CMD(unref); + trace_virtio_gpu_cmd_res_unref(unref.resource_id); + ++ virgl_renderer_resource_detach_iov(unref.resource_id, ++ &res_iovs, ++ &num_iovs); ++ if (res_iovs != NULL && num_iovs != 0) { ++ virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs); ++ } + virgl_renderer_resource_unref(unref.resource_id); + } + +-- +1.8.3.1 diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch new file mode 100644 index 00000000000..9f94477a46b --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5898.patch @@ -0,0 +1,35 @@ +From c7dfbf322595ded4e70b626bf83158a9f3807c6a Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit +Date: Fri, 3 Feb 2017 00:52:28 +0530 +Subject: [PATCH] usb: ccid: check ccid apdu length + +CCID device emulator uses Application Protocol Data Units(APDU) +to exchange command and responses to and from the host. +The length in these units couldn't be greater than 65536. Add +check to ensure the same. It'd also avoid potential integer +overflow in emulated_apdu_from_guest. + +Reported-by: Li Qiang +Signed-off-by: Prasad J Pandit +Message-id: 20170202192228.10847-1-ppandit@redhat.com +Signed-off-by: Gerd Hoffmann +--- + hw/usb/dev-smartcard-reader.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c +index 89e11b6..1325ea1 100644 +--- a/hw/usb/dev-smartcard-reader.c ++++ b/hw/usb/dev-smartcard-reader.c +@@ -967,7 +967,7 @@ static void ccid_on_apdu_from_guest(USBCCIDState *s, CCID_XferBlock *recv) + DPRINTF(s, 1, "%s: seq %d, len %d\n", __func__, + recv->hdr.bSeq, len); + ccid_add_pending_answer(s, (CCID_Header *)recv); +- if (s->card) { ++ if (s->card && len <= BULK_OUT_DATA_SIZE) { + ccid_card_apdu_from_guest(s->card, recv->abData, len); + } else { + DPRINTF(s, D_WARN, "warning: discarded apdu\n"); +-- +2.10.2 + diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch new file mode 100644 index 00000000000..f24d557c96d --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-5931.patch @@ -0,0 +1,46 @@ +From a08aaff811fb194950f79711d2afe5a892ae03a4 Mon Sep 17 00:00:00 2001 +From: Gonglei +Date: Tue, 3 Jan 2017 14:50:03 +0800 +Subject: [PATCH] virtio-crypto: fix possible integer and heap overflow + +Because the 'size_t' type is 4 bytes in 32-bit platform, which +is the same with 'int'. It's easy to make 'max_len' to zero when +integer overflow and then cause heap overflow if 'max_len' is zero. + +Using uint_64 instead of size_t to avoid the integer overflow. + +Cc: qemu-stable@nongnu.org +Reported-by: Li Qiang +Signed-off-by: Gonglei +Tested-by: Li Qiang +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +--- + hw/virtio/virtio-crypto.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c +index 2f2467e..c23e1ad 100644 +--- a/hw/virtio/virtio-crypto.c ++++ b/hw/virtio/virtio-crypto.c +@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev, + uint32_t hash_start_src_offset = 0, len_to_hash = 0; + uint32_t cipher_start_src_offset = 0, len_to_cipher = 0; + +- size_t max_len, curr_size = 0; ++ uint64_t max_len, curr_size = 0; + size_t s; + + /* Plain cipher */ +@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev, + return NULL; + } + +- max_len = iv_len + aad_len + src_len + dst_len + hash_result_len; ++ max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len; + if (unlikely(max_len > vcrypto->conf.max_size)) { + virtio_error(vdev, "virtio-crypto too big length"); + return NULL; +-- +2.10.2 + diff --git a/app-emulation/qemu/qemu-2.8.0-r1.ebuild b/app-emulation/qemu/qemu-2.8.0-r1.ebuild new file mode 100644 index 00000000000..27420ae5fd6 --- /dev/null +++ b/app-emulation/qemu/qemu-2.8.0-r1.ebuild @@ -0,0 +1,691 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +PYTHON_COMPAT=( python2_7 ) +PYTHON_REQ_USE="ncurses,readline" + +PLOCALES="bg de_DE fr_FR hu it tr zh_CN" + +inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ + user udev fcaps readme.gentoo-r1 pax-utils l10n + +if [[ ${PV} = *9999* ]]; then + EGIT_REPO_URI="git://git.qemu.org/qemu.git" + inherit git-2 + SRC_URI="" +else + SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" + KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" +fi + +DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" +HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" + +LICENSE="GPL-2 LGPL-2 BSD-2" +SLOT="0" +IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs \ +gnutls gtk gtk2 infiniband iscsi +jpeg \ +kernel_linux kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs ++png pulseaudio python \ +rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-softmmu +static-user systemtap tci test +threads usb usbredir vde +vhost-net \ +virgl virtfs +vnc vte xattr xen xfs" + +COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel mips +mips64 mips64el mipsel or32 ppc ppc64 s390x sh4 sh4eb sparc sparc64 +x86_64" +IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS} lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb" +IUSE_USER_TARGETS="${COMMON_TARGETS} armeb mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx" + +use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) +use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) +IUSE+=" ${use_softmmu_targets} ${use_user_targets}" + +# Allow no targets to be built so that people can get a tools-only build. +# Block USE flag configurations known to not work. +REQUIRED_USE="${PYTHON_REQUIRED_USE} + gtk2? ( gtk ) + qemu_softmmu_targets_arm? ( fdt ) + qemu_softmmu_targets_microblaze? ( fdt ) + qemu_softmmu_targets_ppc? ( fdt ) + qemu_softmmu_targets_ppc64? ( fdt ) + sdl2? ( sdl ) + static? ( static-softmmu static-user ) + static-softmmu? ( !alsa !pulseaudio !bluetooth !opengl !gtk !gtk2 ) + virtfs? ( xattr ) + vte? ( gtk )" + +# Yep, you need both libcap and libcap-ng since virtfs only uses libcap. +# +# The attr lib isn't always linked in (although the USE flag is always +# respected). This is because qemu supports using the C library's API +# when available rather than always using the extranl library. +# +# Older versions of gnutls are supported, but it's simpler to just require +# the latest versions. This is also why we require nettle. +# +# TODO: Split out tools deps into another var. e.g. bzip2 is only used by +# system binaries and tools, not user binaries. +COMMON_LIB_DEPEND=">=dev-libs/glib-2.0[static-libs(+)] + sys-libs/zlib[static-libs(+)] + bzip2? ( app-arch/bzip2[static-libs(+)] ) + xattr? ( sys-apps/attr[static-libs(+)] )" +SOFTMMU_LIB_DEPEND="${COMMON_LIB_DEPEND} + >=x11-libs/pixman-0.28.0[static-libs(+)] + accessibility? ( app-accessibility/brltty[static-libs(+)] ) + aio? ( dev-libs/libaio[static-libs(+)] ) + alsa? ( >=media-libs/alsa-lib-1.0.13 ) + bluetooth? ( net-wireless/bluez ) + caps? ( sys-libs/libcap-ng[static-libs(+)] ) + curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) + fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) + glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) + gnutls? ( + dev-libs/nettle:=[static-libs(+)] + >=net-libs/gnutls-3.0:=[static-libs(+)] + ) + gtk? ( + gtk2? ( + x11-libs/gtk+:2 + vte? ( x11-libs/vte:0 ) + ) + !gtk2? ( + x11-libs/gtk+:3 + vte? ( x11-libs/vte:2.91 ) + ) + ) + infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] ) + iscsi? ( net-libs/libiscsi ) + jpeg? ( virtual/jpeg:0=[static-libs(+)] ) + lzo? ( dev-libs/lzo:2[static-libs(+)] ) + ncurses? ( sys-libs/ncurses:0=[static-libs(+)] ) + nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) + numa? ( sys-process/numactl[static-libs(+)] ) + opengl? ( + virtual/opengl + media-libs/libepoxy[static-libs(+)] + media-libs/mesa[static-libs(+)] + media-libs/mesa[egl,gbm] + ) + png? ( media-libs/libpng:0=[static-libs(+)] ) + pulseaudio? ( media-sound/pulseaudio ) + rbd? ( sys-cluster/ceph[static-libs(+)] ) + sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) + sdl? ( + !sdl2? ( + media-libs/libsdl[X] + >=media-libs/libsdl-1.2.11[static-libs(+)] + ) + sdl2? ( + media-libs/libsdl2[X] + media-libs/libsdl2[static-libs(+)] + ) + ) + seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) + smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) + snappy? ( app-arch/snappy[static-libs(+)] ) + spice? ( + >=app-emulation/spice-protocol-0.12.3 + >=app-emulation/spice-0.12.0[static-libs(+)] + ) + ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) + usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) + usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) + vde? ( net-misc/vde[static-libs(+)] ) + virgl? ( media-libs/virglrenderer[static-libs(+)] ) + virtfs? ( sys-libs/libcap ) + xfs? ( sys-fs/xfsprogs[static-libs(+)] )" +USER_LIB_DEPEND="${COMMON_LIB_DEPEND}" +X86_FIRMWARE_DEPEND=" + >=sys-firmware/ipxe-1.0.0_p20130624 + pin-upstream-blobs? ( + ~sys-firmware/seabios-1.10.1 + ~sys-firmware/sgabios-0.1_pre8 + ~sys-firmware/vgabios-0.7a + ) + !pin-upstream-blobs? ( + sys-firmware/seabios + sys-firmware/sgabios + sys-firmware/vgabios + )" +CDEPEND=" + !static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND//\[static-libs(+)]} ) " ${use_softmmu_targets}) ) + !static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND//\[static-libs(+)]} ) " ${use_user_targets}) ) + qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) + python? ( ${PYTHON_DEPS} ) + systemtap? ( dev-util/systemtap ) + xen? ( app-emulation/xen-tools:= )" +DEPEND="${CDEPEND} + dev-lang/perl + =dev-lang/python-2* + sys-apps/texinfo + virtual/pkgconfig + kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) + gtk? ( nls? ( sys-devel/gettext ) ) + static-softmmu? ( $(printf "%s? ( ${SOFTMMU_LIB_DEPEND} ) " ${use_softmmu_targets}) ) + static-user? ( $(printf "%s? ( ${USER_LIB_DEPEND} ) " ${use_user_targets}) ) + test? ( + dev-libs/glib[utils] + sys-devel/bc + )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-qemu ) +" + +STRIP_MASK="/usr/share/qemu/palcode-clipper" + +QA_PREBUILT=" + usr/share/qemu/openbios-ppc + usr/share/qemu/openbios-sparc64 + usr/share/qemu/openbios-sparc32 + usr/share/qemu/palcode-clipper + usr/share/qemu/s390-ccw.img + usr/share/qemu/u-boot.e500 +" + +QA_WX_LOAD="usr/bin/qemu-i386 + usr/bin/qemu-x86_64 + usr/bin/qemu-alpha + usr/bin/qemu-arm + usr/bin/qemu-cris + usr/bin/qemu-m68k + usr/bin/qemu-microblaze + usr/bin/qemu-microblazeel + usr/bin/qemu-mips + usr/bin/qemu-mipsel + usr/bin/qemu-or32 + usr/bin/qemu-ppc + usr/bin/qemu-ppc64 + usr/bin/qemu-ppc64abi32 + usr/bin/qemu-sh4 + usr/bin/qemu-sh4eb + usr/bin/qemu-sparc + usr/bin/qemu-sparc64 + usr/bin/qemu-armeb + usr/bin/qemu-sparc32plus + usr/bin/qemu-s390x + usr/bin/qemu-unicore32" + +DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure +you have the kernel module loaded before running kvm. The easiest way to +ensure that the kernel module is loaded is to load it on boot.\n +For AMD CPUs the module is called 'kvm-amd'.\n +For Intel CPUs the module is called 'kvm-intel'.\n +Please review /etc/conf.d/modules for how to load these.\n\n +Make sure your user is in the 'kvm' group\n +Just run 'gpasswd -a kvm', then have re-login.\n\n +For brand new installs, the default permissions on /dev/kvm might not let you +access it. You can tell udev to reset ownership/perms:\n +udevadm trigger -c add /dev/kvm" + +qemu_support_kvm() { + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 \ + use qemu_softmmu_targets_ppc || use qemu_softmmu_targets_ppc64 \ + use qemu_softmmu_targets_s390x; then + return 0 + fi + + return 1 +} + +pkg_pretend() { + if use kernel_linux && kernel_is lt 2 6 25; then + eerror "This version of KVM requres a host kernel of 2.6.25 or higher." + elif use kernel_linux; then + if ! linux_config_exists; then + eerror "Unable to check your kernel for KVM support" + else + CONFIG_CHECK="~KVM ~TUN ~BRIDGE" + ERROR_KVM="You must enable KVM in your kernel to continue" + ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in" + ERROR_KVM_AMD+=" your kernel configuration." + ERROR_KVM_INTEL="If you have an Intel CPU, you must enable" + ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration." + ERROR_TUN="You will need the Universal TUN/TAP driver compiled" + ERROR_TUN+=" into your kernel or loaded as a module to use the" + ERROR_TUN+=" virtual network device if using -net tap." + ERROR_BRIDGE="You will also need support for 802.1d" + ERROR_BRIDGE+=" Ethernet Bridging for some network configurations." + use vhost-net && CONFIG_CHECK+=" ~VHOST_NET" + ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net" + ERROR_VHOST_NET+=" support" + + if use amd64 || use x86 || use amd64-linux || use x86-linux; then + CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" + fi + + use python && CONFIG_CHECK+=" ~DEBUG_FS" + ERROR_DEBUG_FS="debugFS support required for kvm_stat" + + # Now do the actual checks setup above + check_extra_config + fi + fi + + if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then + eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt" + eerror "instances are still pointing to it. Please update your" + eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag" + eerror "and the right system binary (e.g. qemu-system-x86_64)." + die "update your virt configs to not use qemu-kvm" + fi +} + +pkg_setup() { + enewgroup kvm 78 +} + +# Sanity check to make sure target lists are kept up-to-date. +check_targets() { + local var=$1 mak=$2 + local detected sorted + + pushd "${S}"/default-configs >/dev/null || die + + # Force C locale until glibc is updated. #564936 + detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u)) + sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u)) + if [[ ${sorted} != "${detected}" ]] ; then + eerror "The ebuild needs to be kept in sync." + eerror "${var}: ${sorted}" + eerror "$(printf '%-*s' ${#var} configure): ${detected}" + die "sync ${var} to the list of targets" + fi + + popd >/dev/null +} + +handle_locales() { + # Make sure locale list is kept up-to-date. + local detected sorted + detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u)) + sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u)) + if [[ ${sorted} != "${detected}" ]] ; then + eerror "The ebuild needs to be kept in sync." + eerror "PLOCALES: ${sorted}" + eerror " po/*.po: ${detected}" + die "sync PLOCALES" + fi + + # Deal with selective install of locales. + if use nls ; then + # Delete locales the user does not want. #577814 + rm_loc() { rm po/$1.po || die; } + l10n_for_each_disabled_locale_do rm_loc + else + # Cheap hack to disable gettext .mo generation. + rm -f po/*.po + fi +} + +src_prepare() { + check_targets IUSE_SOFTMMU_TARGETS softmmu + check_targets IUSE_USER_TARGETS linux-user + + # Alter target makefiles to accept CFLAGS set via flag-o + sed -i -r \ + -e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \ + Makefile Makefile.target || die + + epatch "${FILESDIR}"/${PN}-2.5.0-cflags.patch + epatch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch + epatch "${FILESDIR}"/${PN}-2.7.0-CVE-2016-8669-1.patch #597108 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9908.patch #601826 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-9912.patch #602630 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10028.patch #603444 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2016-10155.patch #606720 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2615.patch #608034 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-1.patch #606264 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5525-2.patch + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5552.patch #606722 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5578.patch #607000 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5579.patch #607100 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5667.patch #607766 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5856.patch #608036 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5857.patch #608038 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5898.patch #608520 + epatch "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5931.patch #608728 + + # Fix ld and objcopy being called directly + tc-export AR LD OBJCOPY + + # Verbose builds + MAKEOPTS+=" V=1" + + epatch_user + + # Run after we've applied all patches. + handle_locales +} + +## +# configures qemu based on the build directory and the build type +# we are using. +# +qemu_src_configure() { + debug-print-function ${FUNCNAME} "$@" + + local buildtype=$1 + local builddir="${S}/${buildtype}-build" + local static_flag="static-${buildtype}" + + mkdir "${builddir}" + + local conf_opts=( + --prefix=/usr + --sysconfdir=/etc + --libdir=/usr/$(get_libdir) + --docdir=/usr/share/doc/${PF}/html + --disable-bsd-user + --disable-guest-agent + --disable-strip + --disable-werror + # We support gnutls/nettle for crypto operations. It is possible + # to use gcrypt when gnutls/nettle are disabled (but not when they + # are enabled), but it's not really worth the hassle. Disable it + # all the time to avoid automatically detecting it. #568856 + --disable-gcrypt + --python="${PYTHON}" + --cc="$(tc-getCC)" + --cxx="$(tc-getCXX)" + --host-cc="$(tc-getBUILD_CC)" + $(use_enable debug debug-info) + $(use_enable debug debug-tcg) + --enable-docs + $(use_enable tci tcg-interpreter) + $(use_enable xattr attr) + ) + + # Disable options not used by user targets as the default configure + # options will autoprobe and try to link in a bunch of unused junk. + conf_softmmu() { + if [[ ${buildtype} == "user" ]] ; then + echo "--disable-${2:-$1}" + else + use_enable "$@" + fi + } + conf_opts+=( + $(conf_softmmu accessibility brlapi) + $(conf_softmmu aio linux-aio) + $(conf_softmmu bzip2) + $(conf_softmmu bluetooth bluez) + $(conf_softmmu caps cap-ng) + $(conf_softmmu curl) + $(conf_softmmu fdt) + $(conf_softmmu glusterfs) + $(conf_softmmu gnutls) + $(conf_softmmu gnutls nettle) + $(conf_softmmu gtk) + $(conf_softmmu infiniband rdma) + $(conf_softmmu iscsi libiscsi) + $(conf_softmmu jpeg vnc-jpeg) + $(conf_softmmu kernel_linux kvm) + $(conf_softmmu lzo) + $(conf_softmmu ncurses curses) + $(conf_softmmu nfs libnfs) + $(conf_softmmu numa) + $(conf_softmmu opengl) + $(conf_softmmu png vnc-png) + $(conf_softmmu rbd) + $(conf_softmmu sasl vnc-sasl) + $(conf_softmmu sdl) + $(conf_softmmu seccomp) + $(conf_softmmu smartcard) + $(conf_softmmu snappy) + $(conf_softmmu spice) + $(conf_softmmu ssh libssh2) + $(conf_softmmu usb libusb) + $(conf_softmmu usbredir usb-redir) + $(conf_softmmu vde) + $(conf_softmmu vhost-net) + $(conf_softmmu virgl virglrenderer) + $(conf_softmmu virtfs) + $(conf_softmmu vnc) + $(conf_softmmu vte) + $(conf_softmmu xen) + $(conf_softmmu xen xen-pci-passthrough) + $(conf_softmmu xfs xfsctl) + ) + + case ${buildtype} in + user) + conf_opts+=( + --enable-linux-user + --disable-system + --disable-blobs + --disable-tools + ) + ;; + softmmu) + # audio options + local audio_opts="oss" + use alsa && audio_opts="alsa,${audio_opts}" + use sdl && audio_opts="sdl,${audio_opts}" + use pulseaudio && audio_opts="pa,${audio_opts}" + + conf_opts+=( + --disable-linux-user + --enable-system + --with-system-pixman + --audio-drv-list="${audio_opts}" + ) + use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) ) + use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) ) + ;; + tools) + conf_opts+=( + --disable-linux-user + --disable-system + --disable-blobs + $(use_enable bzip2) + ) + static_flag="static" + ;; + esac + + local targets="${buildtype}_targets" + [[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" ) + + # Add support for SystemTAP + use systemtap && conf_opts+=( --enable-trace-backend=dtrace ) + + # We always want to attempt to build with PIE support as it results + # in a more secure binary. But it doesn't work with static or if + # the current GCC doesn't have PIE support. + if use ${static_flag}; then + conf_opts+=( --static --disable-pie ) + else + gcc-specs-pie && conf_opts+=( --enable-pie ) + fi + + echo "../configure ${conf_opts[*]}" + cd "${builddir}" + ../configure "${conf_opts[@]}" || die "configure failed" + + # FreeBSD's kernel does not support QEMU assigning/grabbing + # host USB devices yet + use kernel_FreeBSD && \ + sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak +} + +src_configure() { + local target + + python_setup + + softmmu_targets= softmmu_bins=() + user_targets= user_bins=() + + for target in ${IUSE_SOFTMMU_TARGETS} ; do + if use "qemu_softmmu_targets_${target}"; then + softmmu_targets+=",${target}-softmmu" + softmmu_bins+=( "qemu-system-${target}" ) + fi + done + + for target in ${IUSE_USER_TARGETS} ; do + if use "qemu_user_targets_${target}"; then + user_targets+=",${target}-linux-user" + user_bins+=( "qemu-${target}" ) + fi + done + + softmmu_targets=${softmmu_targets#,} + user_targets=${user_targets#,} + + [[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu" + [[ -n ${user_targets} ]] && qemu_src_configure "user" + [[ -z ${softmmu_targets}${user_targets} ]] && qemu_src_configure "tools" +} + +src_compile() { + if [[ -n ${user_targets} ]]; then + cd "${S}/user-build" + default + fi + + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + default + fi + + if [[ -z ${softmmu_targets}${user_targets} ]]; then + cd "${S}/tools-build" + default + fi +} + +src_test() { + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + pax-mark m */qemu-system-* #515550 + emake -j1 check + emake -j1 check-report.html + fi +} + +qemu_python_install() { + python_domodule "${S}/scripts/qmp/qmp.py" + + python_doscript "${S}/scripts/kvm/vmxcap" + python_doscript "${S}/scripts/qmp/qmp-shell" + python_doscript "${S}/scripts/qmp/qemu-ga-client" +} + +src_install() { + if [[ -n ${user_targets} ]]; then + cd "${S}/user-build" + emake DESTDIR="${ED}" install + + # Install binfmt handler init script for user targets + newinitd "${FILESDIR}/qemu-binfmt.initd-r1" qemu-binfmt + fi + + if [[ -n ${softmmu_targets} ]]; then + cd "${S}/softmmu-build" + emake DESTDIR="${ED}" install + + # This might not exist if the test failed. #512010 + [[ -e check-report.html ]] && dohtml check-report.html + + if use kernel_linux; then + udev_dorules "${FILESDIR}"/65-kvm.rules + fi + + if use python; then + python_foreach_impl qemu_python_install + fi + fi + + if [[ -z ${softmmu_targets}${user_targets} ]]; then + cd "${S}/tools-build" + emake DESTDIR="${ED}" install + fi + + # Disable mprotect on the qemu binaries as they use JITs to be fast #459348 + pushd "${ED}"/usr/bin >/dev/null + pax-mark m "${softmmu_bins[@]}" "${user_bins[@]}" + popd >/dev/null + + # Install config file example for qemu-bridge-helper + insinto "/etc/qemu" + doins "${FILESDIR}/bridge.conf" + + # Remove the docdir placed qmp-commands.txt + mv "${ED}/usr/share/doc/${PF}/html/qmp-commands.txt" "${S}/docs/" || die + + cd "${S}" + dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt + newdoc pc-bios/README README.pc-bios + dodoc docs/qmp-*.txt + + if [[ -n ${softmmu_targets} ]]; then + # Remove SeaBIOS since we're using the SeaBIOS packaged one + rm "${ED}/usr/share/qemu/bios.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../seabios/bios.bin /usr/share/qemu/bios.bin + fi + + # Remove vgabios since we're using the vgabios packaged one + rm "${ED}/usr/share/qemu/vgabios.bin" + rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" + rm "${ED}/usr/share/qemu/vgabios-qxl.bin" + rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" + rm "${ED}/usr/share/qemu/vgabios-vmware.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin + dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin + dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin + dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin + dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin + fi + + # Remove sgabios since we're using the sgabios packaged one + rm "${ED}/usr/share/qemu/sgabios.bin" + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin + fi + + # Remove iPXE since we're using the iPXE packaged one + rm "${ED}"/usr/share/qemu/pxe-*.rom + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then + dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom + dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom + dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom + dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom + dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom + dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom + fi + fi + + qemu_support_kvm && readme.gentoo_create_doc +} + +pkg_postinst() { + if qemu_support_kvm; then + readme.gentoo_print_elog + fi + + if [[ -n ${softmmu_targets} ]] && use kernel_linux; then + udev_reload + fi + + fcaps cap_net_admin /usr/libexec/qemu-bridge-helper +} + +pkg_info() { + echo "Using:" + echo " $(best_version app-emulation/spice-protocol)" + echo " $(best_version sys-firmware/ipxe)" + echo " $(best_version sys-firmware/seabios)" + if has_version 'sys-firmware/seabios[binary]'; then + echo " USE=binary" + else + echo " USE=''" + fi + echo " $(best_version sys-firmware/vgabios)" +} -- cgit v1.2.1