From: Yousong Zhou Date: Thu, 6 Feb 2020 19:09:39 +0000 (+0800) Subject: qemu: enable guest_agent no matter whether softmmu is enabled X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=bdac2c8289eec0cfdd0e3d0867b05247170f6927;p=feed%2Fpackages.git qemu: enable guest_agent no matter whether softmmu is enabled Fixes: openwrt/packages#11067 Reported-by: Rosen Penev Signed-off-by: Yousong Zhou --- diff --git a/utils/qemu/Makefile b/utils/qemu/Makefile index 8dd7e5e827..4fd85fcf38 100644 --- a/utils/qemu/Makefile +++ b/utils/qemu/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=qemu PKG_VERSION:=4.2.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_HASH:=d3481d4108ce211a053ef15be69af1bdd9dde1510fda80d92be0f6c3e98768f0 PKG_SOURCE_URL:=http://download.qemu.org/ diff --git a/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch b/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch index a1fb69c707..d2e9823c4f 100644 --- a/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch +++ b/utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch @@ -1,7 +1,7 @@ -From cbb0971d0d1bc32413095810e24f17eb7169810a Mon Sep 17 00:00:00 2001 +From d4fcdea769a4629c874ebe1801d83e854c94d5e4 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Sat, 24 Feb 2018 13:43:19 +0800 -Subject: [PATCH 1/4] configure: allow disable fortify_source +Subject: [PATCH 1/5] configure: allow disable fortify_source Tell build system of qemu to not add _FORTIFY_SOURCE options and let the OpenWrt base build system decide flavor of fortify_source to use @@ -10,12 +10,12 @@ OpenWrt base build system decide flavor of fortify_source to use 1 file changed, 2 insertions(+) diff --git a/configure b/configure -index 1c563a7027..f4d949b35b 100755 +index 6099be1d84..b52d2cb406 100755 --- a/configure +++ b/configure -@@ -1518,6 +1518,8 @@ for opt do +@@ -1539,6 +1539,8 @@ for opt do ;; - --disable-libpmem) libpmem=no + --disable-plugins) plugins="no" ;; + --disable-fortify-source) fortify_source="no" + ;; diff --git a/utils/qemu/patches/0002-configure-allow-enabling-disabling-libudev-from-comm.patch b/utils/qemu/patches/0002-configure-allow-enabling-disabling-libudev-from-comm.patch index ea0183fa52..cdd8b3d01c 100644 --- a/utils/qemu/patches/0002-configure-allow-enabling-disabling-libudev-from-comm.patch +++ b/utils/qemu/patches/0002-configure-allow-enabling-disabling-libudev-from-comm.patch @@ -1,7 +1,7 @@ -From 39b07d1742475f2c60ae2c80f3f2853bb556e0b1 Mon Sep 17 00:00:00 2001 +From 2a6ab8342245c8dc2a09478d8eb0292e2dbcecf2 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Tue, 2 Apr 2019 06:31:31 +0000 -Subject: [PATCH 2/4] configure: allow enabling/disabling libudev from command +Subject: [PATCH 2/5] configure: allow enabling/disabling libudev from command line --- @@ -9,12 +9,12 @@ Subject: [PATCH 2/4] configure: allow enabling/disabling libudev from command 1 file changed, 4 insertions(+) diff --git a/configure b/configure -index f4d949b35b..939f54178b 100755 +index b52d2cb406..efe06f3c2b 100755 --- a/configure +++ b/configure -@@ -1518,6 +1518,10 @@ for opt do +@@ -1539,6 +1539,10 @@ for opt do ;; - --disable-libpmem) libpmem=no + --disable-plugins) plugins="no" ;; + --enable-libudev) libudev=yes + ;; diff --git a/utils/qemu/patches/0003-configure-enable-guest_agent-no-matter-whether-softm.patch b/utils/qemu/patches/0003-configure-enable-guest_agent-no-matter-whether-softm.patch new file mode 100644 index 0000000000..8ac16c6a70 --- /dev/null +++ b/utils/qemu/patches/0003-configure-enable-guest_agent-no-matter-whether-softm.patch @@ -0,0 +1,27 @@ +From 296215421441b73bc6eb487f1d4e7e15e0510a77 Mon Sep 17 00:00:00 2001 +From: Yousong Zhou +Date: Fri, 7 Feb 2020 03:02:44 +0800 +Subject: [PATCH 3/5] configure: enable guest_agent no matter whether softmmu + is enabled + +guest_agent as a tool to be run on guest machines does not depend on +whether there is a softmmu is to be built at this configure/make run + +Fixes a512590 ("configure: qemu-ga is only needed with softmmu targets") +--- + configure | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure b/configure +index efe06f3c2b..552d16ca8f 100755 +--- a/configure ++++ b/configure +@@ -6246,7 +6246,7 @@ fi + # Probe for guest agent support/options + + if [ "$guest_agent" != "no" ]; then +- if [ "$softmmu" = no -a "$want_tools" = no ] ; then ++ if [ "$guest_agent" = "" -a "$want_tools" = no ] ; then + guest_agent=no + elif [ "$linux" = "yes" -o "$bsd" = "yes" -o "$solaris" = "yes" -o "$mingw32" = "yes" ] ; then + tools="qemu-ga\$(EXESUF) $tools" diff --git a/utils/qemu/patches/0003-disas-fix-compilation-failure-when-isnan-is-a-macro.patch b/utils/qemu/patches/0003-disas-fix-compilation-failure-when-isnan-is-a-macro.patch deleted file mode 100644 index a204f183de..0000000000 --- a/utils/qemu/patches/0003-disas-fix-compilation-failure-when-isnan-is-a-macro.patch +++ /dev/null @@ -1,66 +0,0 @@ -From fb90eacb808c3b1719d6a5f2deefe88c82589bfb Mon Sep 17 00:00:00 2001 -From: Yousong Zhou -Date: Sat, 24 Feb 2018 13:45:25 +0800 -Subject: [PATCH 3/4] disas: fix compilation failure when isnan is a macro - ---- - disas/libvixl/vixl/utils.h | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -diff --git a/disas/libvixl/vixl/utils.h b/disas/libvixl/vixl/utils.h -index 5ab134e240..df30663df8 100644 ---- a/disas/libvixl/vixl/utils.h -+++ b/disas/libvixl/vixl/utils.h -@@ -118,11 +118,17 @@ double double_pack(uint64_t sign, uint64_t exp, uint64_t mantissa); - // An fpclassify() function for 16-bit half-precision floats. - int float16classify(float16 value); - -+#ifdef isnan -+#define isnan_ isnan -+#else -+#define isnan_ std::isnan -+#endif -+ - // NaN tests. - inline bool IsSignallingNaN(double num) { - const uint64_t kFP64QuietNaNMask = UINT64_C(0x0008000000000000); - uint64_t raw = double_to_rawbits(num); -- if (std::isnan(num) && ((raw & kFP64QuietNaNMask) == 0)) { -+ if (isnan_(num) && ((raw & kFP64QuietNaNMask) == 0)) { - return true; - } - return false; -@@ -132,7 +138,7 @@ inline bool IsSignallingNaN(double num) { - inline bool IsSignallingNaN(float num) { - const uint32_t kFP32QuietNaNMask = 0x00400000; - uint32_t raw = float_to_rawbits(num); -- if (std::isnan(num) && ((raw & kFP32QuietNaNMask) == 0)) { -+ if (isnan_(num) && ((raw & kFP32QuietNaNMask) == 0)) { - return true; - } - return false; -@@ -148,21 +154,21 @@ inline bool IsSignallingNaN(float16 num) { - - template - inline bool IsQuietNaN(T num) { -- return std::isnan(num) && !IsSignallingNaN(num); -+ return isnan_(num) && !IsSignallingNaN(num); - } - - - // Convert the NaN in 'num' to a quiet NaN. - inline double ToQuietNaN(double num) { - const uint64_t kFP64QuietNaNMask = UINT64_C(0x0008000000000000); -- VIXL_ASSERT(std::isnan(num)); -+ VIXL_ASSERT(isnan_(num)); - return rawbits_to_double(double_to_rawbits(num) | kFP64QuietNaNMask); - } - - - inline float ToQuietNaN(float num) { - const uint32_t kFP32QuietNaNMask = 0x00400000; -- VIXL_ASSERT(std::isnan(num)); -+ VIXL_ASSERT(isnan_(num)); - return rawbits_to_float(float_to_rawbits(num) | kFP32QuietNaNMask); - } - diff --git a/utils/qemu/patches/0004-disas-fix-compilation-failure-when-isnan-is-a-macro.patch b/utils/qemu/patches/0004-disas-fix-compilation-failure-when-isnan-is-a-macro.patch new file mode 100644 index 0000000000..8b85b5dde1 --- /dev/null +++ b/utils/qemu/patches/0004-disas-fix-compilation-failure-when-isnan-is-a-macro.patch @@ -0,0 +1,66 @@ +From 3ac531a6bdeecbe40741a76f1dc2b7fa6c11f8ef Mon Sep 17 00:00:00 2001 +From: Yousong Zhou +Date: Sat, 24 Feb 2018 13:45:25 +0800 +Subject: [PATCH 4/5] disas: fix compilation failure when isnan is a macro + +--- + disas/libvixl/vixl/utils.h | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/disas/libvixl/vixl/utils.h b/disas/libvixl/vixl/utils.h +index 5ab134e240..df30663df8 100644 +--- a/disas/libvixl/vixl/utils.h ++++ b/disas/libvixl/vixl/utils.h +@@ -118,11 +118,17 @@ double double_pack(uint64_t sign, uint64_t exp, uint64_t mantissa); + // An fpclassify() function for 16-bit half-precision floats. + int float16classify(float16 value); + ++#ifdef isnan ++#define isnan_ isnan ++#else ++#define isnan_ std::isnan ++#endif ++ + // NaN tests. + inline bool IsSignallingNaN(double num) { + const uint64_t kFP64QuietNaNMask = UINT64_C(0x0008000000000000); + uint64_t raw = double_to_rawbits(num); +- if (std::isnan(num) && ((raw & kFP64QuietNaNMask) == 0)) { ++ if (isnan_(num) && ((raw & kFP64QuietNaNMask) == 0)) { + return true; + } + return false; +@@ -132,7 +138,7 @@ inline bool IsSignallingNaN(double num) { + inline bool IsSignallingNaN(float num) { + const uint32_t kFP32QuietNaNMask = 0x00400000; + uint32_t raw = float_to_rawbits(num); +- if (std::isnan(num) && ((raw & kFP32QuietNaNMask) == 0)) { ++ if (isnan_(num) && ((raw & kFP32QuietNaNMask) == 0)) { + return true; + } + return false; +@@ -148,21 +154,21 @@ inline bool IsSignallingNaN(float16 num) { + + template + inline bool IsQuietNaN(T num) { +- return std::isnan(num) && !IsSignallingNaN(num); ++ return isnan_(num) && !IsSignallingNaN(num); + } + + + // Convert the NaN in 'num' to a quiet NaN. + inline double ToQuietNaN(double num) { + const uint64_t kFP64QuietNaNMask = UINT64_C(0x0008000000000000); +- VIXL_ASSERT(std::isnan(num)); ++ VIXL_ASSERT(isnan_(num)); + return rawbits_to_double(double_to_rawbits(num) | kFP64QuietNaNMask); + } + + + inline float ToQuietNaN(float num) { + const uint32_t kFP32QuietNaNMask = 0x00400000; +- VIXL_ASSERT(std::isnan(num)); ++ VIXL_ASSERT(isnan_(num)); + return rawbits_to_float(float_to_rawbits(num) | kFP32QuietNaNMask); + } + diff --git a/utils/qemu/patches/0004-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch b/utils/qemu/patches/0004-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch deleted file mode 100644 index 45e4ca51ac..0000000000 --- a/utils/qemu/patches/0004-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 8cff6a5f07f66103809e6bf4a26c512d70ab2841 Mon Sep 17 00:00:00 2001 -From: Yousong Zhou -Date: Sat, 24 Feb 2018 13:46:31 +0800 -Subject: [PATCH 4/4] pc-bios: fix compilation when $(AS) is actually gcc - driver - ---- - pc-bios/optionrom/Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile -index e33a24da0d..ce734e8202 100644 ---- a/pc-bios/optionrom/Makefile -+++ b/pc-bios/optionrom/Makefile -@@ -34,7 +34,7 @@ endif - QEMU_INCLUDES += -I$(SRC_PATH) - - Wa = -Wa, --ASFLAGS += -32 -+ASFLAGS += $(Wa)-32 - QEMU_CFLAGS += $(call cc-c-option, $(QEMU_CFLAGS), $(Wa)-32) - - build-all: multiboot.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin -@@ -44,7 +44,7 @@ build-all: multiboot.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin - - - %.o: %.S -- $(call quiet-command,$(CPP) $(QEMU_INCLUDES) $(QEMU_DGFLAGS) -c -o - $< | $(AS) $(ASFLAGS) -o $@,"AS","$(TARGET_DIR)$@") -+ $(call quiet-command,$(CPP) $(QEMU_INCLUDES) $(QEMU_DGFLAGS) -c -o - $< | $(AS) $(ASFLAGS) -o $@ -x assembler -,"AS","$(TARGET_DIR)$@") - - pvh.img: pvh.o pvh_main.o - $(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -m $(LD_I386_EMULATION) -T $(SRC_PATH)/pc-bios/optionrom/flat.lds -s -o $@ $^,"BUILD","$(TARGET_DIR)$@") diff --git a/utils/qemu/patches/0005-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch b/utils/qemu/patches/0005-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch new file mode 100644 index 0000000000..02dca03cf9 --- /dev/null +++ b/utils/qemu/patches/0005-pc-bios-fix-compilation-when-AS-is-actually-gcc-driv.patch @@ -0,0 +1,32 @@ +From b6223a90ebbb5729e41b4fcb3bc9ac309ec04784 Mon Sep 17 00:00:00 2001 +From: Yousong Zhou +Date: Sat, 24 Feb 2018 13:46:31 +0800 +Subject: [PATCH 5/5] pc-bios: fix compilation when $(AS) is actually gcc + driver + +--- + pc-bios/optionrom/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile +index e33a24da0d..ce734e8202 100644 +--- a/pc-bios/optionrom/Makefile ++++ b/pc-bios/optionrom/Makefile +@@ -34,7 +34,7 @@ endif + QEMU_INCLUDES += -I$(SRC_PATH) + + Wa = -Wa, +-ASFLAGS += -32 ++ASFLAGS += $(Wa)-32 + QEMU_CFLAGS += $(call cc-c-option, $(QEMU_CFLAGS), $(Wa)-32) + + build-all: multiboot.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin +@@ -44,7 +44,7 @@ build-all: multiboot.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin + + + %.o: %.S +- $(call quiet-command,$(CPP) $(QEMU_INCLUDES) $(QEMU_DGFLAGS) -c -o - $< | $(AS) $(ASFLAGS) -o $@,"AS","$(TARGET_DIR)$@") ++ $(call quiet-command,$(CPP) $(QEMU_INCLUDES) $(QEMU_DGFLAGS) -c -o - $< | $(AS) $(ASFLAGS) -o $@ -x assembler -,"AS","$(TARGET_DIR)$@") + + pvh.img: pvh.o pvh_main.o + $(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -m $(LD_I386_EMULATION) -T $(SRC_PATH)/pc-bios/optionrom/flat.lds -s -o $@ $^,"BUILD","$(TARGET_DIR)$@") diff --git a/utils/qemu/patches/0005-slirp-ipreass-fix-use-after-free.patch b/utils/qemu/patches/0005-slirp-ipreass-fix-use-after-free.patch deleted file mode 100644 index 45f37d32d5..0000000000 --- a/utils/qemu/patches/0005-slirp-ipreass-fix-use-after-free.patch +++ /dev/null @@ -1,46 +0,0 @@ -From c59279437eda91841b9d26079c70b8a540d41204 Mon Sep 17 00:00:00 2001 -From: Samuel Thibault -Date: Mon, 26 Aug 2019 00:55:03 +0200 -Subject: [PATCH] ip_reass: Fix use after free - -Using ip_deq after m_free might read pointers from an allocation reuse. - -This would be difficult to exploit, but that is still related with -CVE-2019-14378 which generates fragmented IP packets that would trigger this -issue and at least produce a DoS. - -Signed-off-by: Samuel Thibault ---- -Taken from https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943 - - slirp/src/ip_input.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/slirp/src/ip_input.c b/slirp/src/ip_input.c -index 7364ce0..aa514ae 100644 ---- a/slirp/src/ip_input.c -+++ b/slirp/src/ip_input.c -@@ -292,6 +292,7 @@ static struct ip *ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp) - */ - while (q != (struct ipasfrag *)&fp->frag_link && - ip->ip_off + ip->ip_len > q->ipf_off) { -+ struct ipasfrag *prev; - i = (ip->ip_off + ip->ip_len) - q->ipf_off; - if (i < q->ipf_len) { - q->ipf_len -= i; -@@ -299,9 +300,10 @@ static struct ip *ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp) - m_adj(dtom(slirp, q), i); - break; - } -+ prev = q; - q = q->ipf_next; -- m_free(dtom(slirp, q->ipf_prev)); -- ip_deq(q->ipf_prev); -+ ip_deq(prev); -+ m_free(dtom(slirp, prev)); - } - - insert: --- -2.22.0 - diff --git a/utils/qemu/patches/0006-slirp-ipreass-fix-use-after-free.patch b/utils/qemu/patches/0006-slirp-ipreass-fix-use-after-free.patch new file mode 100644 index 0000000000..45f37d32d5 --- /dev/null +++ b/utils/qemu/patches/0006-slirp-ipreass-fix-use-after-free.patch @@ -0,0 +1,46 @@ +From c59279437eda91841b9d26079c70b8a540d41204 Mon Sep 17 00:00:00 2001 +From: Samuel Thibault +Date: Mon, 26 Aug 2019 00:55:03 +0200 +Subject: [PATCH] ip_reass: Fix use after free + +Using ip_deq after m_free might read pointers from an allocation reuse. + +This would be difficult to exploit, but that is still related with +CVE-2019-14378 which generates fragmented IP packets that would trigger this +issue and at least produce a DoS. + +Signed-off-by: Samuel Thibault +--- +Taken from https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943 + + slirp/src/ip_input.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/slirp/src/ip_input.c b/slirp/src/ip_input.c +index 7364ce0..aa514ae 100644 +--- a/slirp/src/ip_input.c ++++ b/slirp/src/ip_input.c +@@ -292,6 +292,7 @@ static struct ip *ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp) + */ + while (q != (struct ipasfrag *)&fp->frag_link && + ip->ip_off + ip->ip_len > q->ipf_off) { ++ struct ipasfrag *prev; + i = (ip->ip_off + ip->ip_len) - q->ipf_off; + if (i < q->ipf_len) { + q->ipf_len -= i; +@@ -299,9 +300,10 @@ static struct ip *ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp) + m_adj(dtom(slirp, q), i); + break; + } ++ prev = q; + q = q->ipf_next; +- m_free(dtom(slirp, q->ipf_prev)); +- ip_deq(q->ipf_prev); ++ ip_deq(prev); ++ m_free(dtom(slirp, prev)); + } + + insert: +-- +2.22.0 +