qemu: Autospec creation for version 3.1.0

cHolzberger · Jan 10, 2019 · 3dc943d · 3dc943d
commit 3dc943d
Show file tree

Hide file tree

Showing 30 changed files with 1,173 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,13 @@
+.*~
+*~
+*.swp
+.repo-index
+*.log
+build.log.round*
+*.tar.*
+*.tgz
+!*.tar.*.*
+*.zip
+commitmsg
+results/
+rpms/
diff --git a/3353C9CEF108B584.pkey b/3353C9CEF108B584.pkey
diff --git a/CVE-2018-18954.nopatch b/CVE-2018-18954.nopatch
@@ -0,0 +1 @@
+Clear Linux does not build ppc target. Not applicable.
diff --git a/CVE-2018-20124.patch b/CVE-2018-20124.patch
@@ -0,0 +1,71 @@
+From 1b46b0fb7e9830d335676b925e10969ed992ee65 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 13 Dec 2018 01:00:34 +0530
+Subject: [PATCH] rdma: check num_sge does not exceed MAX_SGE
+
+rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set
+to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element
+with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue.
+Add check to avoid it.
+
+Reported-by: Saar Amar <saaramar5@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+---
+Rebased from 0e68373c by arzhan.i.kinzhalin@intel.com
+---
+ hw/rdma/rdma_backend.c | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
+index 5c7b3d8949..6519818d98 100644
+--- a/hw/rdma/rdma_backend.c
++++ b/hw/rdma/rdma_backend.c
+@@ -49,6 +49,17 @@ static void dummy_comp_handler(int status, unsigned int vendor_err, void *ctx)
+     pr_err("No completion handler is registered\n");
+ }
+
++static inline void complete_work(enum ibv_wc_status status, uint32_t vendor_err,
++                                 void *ctx)
++{
++    struct ibv_wc wc = {0};
++
++    wc.status = status;
++    wc.vendor_err = vendor_err;
++
++    comp_handler(ctx, &wc);
++}
++
+ static void poll_cq(RdmaDeviceResources *rdma_dev_res, struct ibv_cq *ibcq)
+ {
+     int i, ne;
+@@ -264,9 +275,9 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev,
+     }
+
+     pr_dbg("num_sge=%d\n", num_sge);
+-    if (!num_sge) {
+-        pr_dbg("num_sge=0\n");
+-        comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
++    if (!num_sge || num_sge > MAX_SGE) {
++        pr_dbg("invalid num_sge=%d\n", num_sge);
++        complete_work(IBV_WC_GENERAL_ERR, VENDOR_ERR_INV_NUM_SGE, ctx);
+         return;
+     }
+
+@@ -343,9 +354,9 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
+     }
+
+     pr_dbg("num_sge=%d\n", num_sge);
+-    if (!num_sge) {
+-        pr_dbg("num_sge=0\n");
+-        comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
++    if (!num_sge || num_sge > MAX_SGE) {
++        pr_dbg("invalid num_sge=%d\n", num_sge);
++        complete_work(IBV_WC_GENERAL_ERR, VENDOR_ERR_INV_NUM_SGE, ctx);
+         return;
+     }
+
+-- 
+2.20.0
+
diff --git a/CVE-2018-20191.patch b/CVE-2018-20191.patch
@@ -0,0 +1,43 @@
+From 2aa86456fb938a11f2b7bd57c8643c213218681c Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 13 Dec 2018 01:00:35 +0530
+Subject: [PATCH] pvrdma: add uar_read routine
+
+Define skeleton 'uar_read' routine. Avoid NULL dereference.
+
+Reported-by: Li Qiang <liq3ea@163.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
+---
+ hw/rdma/vmw/pvrdma_main.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
+index 64de16f..838ad8a 100644
+--- a/hw/rdma/vmw/pvrdma_main.c
++++ b/hw/rdma/vmw/pvrdma_main.c
+@@ -448,6 +448,11 @@ static const MemoryRegionOps regs_ops = {
+     },
+ };
+
++static uint64_t uar_read(void *opaque, hwaddr addr, unsigned size)
++{
++    return 0xffffffff;
++}
++
+ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
+ {
+     PVRDMADev *dev = opaque;
+@@ -489,6 +494,7 @@ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
+ }
+
+ static const MemoryRegionOps uar_ops = {
++    .read = uar_read,
+     .write = uar_write,
+     .endianness = DEVICE_LITTLE_ENDIAN,
+     .impl = {
+-- 
+1.8.3.1
+
+
diff --git a/ChangeLog b/ChangeLog
@@ -0,0 +1,6 @@
+openbios (0.1-1) unstable; urgency=low
+
+  * Initial Debian version.
+
+ -- Patrick Mauritz <oxygene@studentenbude.ath.cx>  Mon, 22 Jul 2002 23:24:56 +0200
+
diff --git a/Makefile b/Makefile
@@ -0,0 +1,5 @@
+PKG_NAME := qemu
+URL = http://wiki.qemu-project.org/download/qemu-3.1.0.tar.xz
+ARCHIVES = 
+
+include ../common/Makefile.common
diff --git a/NEWS b/NEWS
diff --git a/buildreq_add b/buildreq_add
@@ -0,0 +1,33 @@
+#
+# This file contains extra pkgconfig build requirements that don't get picked up but are 
+# desirable. One name per line, no whitespace.
+#
+attr-dev
+automake-dev
+bison
+ceph-dev
+flex
+glib-dev
+libaio-dev
+libcap-dev
+libcap-ng-dev
+libcap-ng-dev
+libjpeg-turbo-dev
+libseccomp-dev
+libtool
+libtool-dev
+m4
+gtk3
+gtk3-dev
+numactl-dev
+python-dev
+snappy-dev
+spice
+spice-dev
+spice-protocol
+usbredir-dev
+util-linux-dev
+zlib-dev
+libiscsi-dev
+libiscsi
+jemalloc-dev
diff --git a/buildreq_ban b/buildreq_ban
@@ -0,0 +1,13 @@
+#
+# This file contains banned pkgconfig build requirements that get picked up but are 
+# undesireable desirable. One name per line, no whitespace.
+#
+
+#qboot minimal build
+ncurses-dev
+gnutls-dev
+nettle-dev
+lzo-dev
+curl-dev
+pkgconfig(pixman-1)
+python-dev
diff --git a/configure b/configure
@@ -0,0 +1,26 @@
+--disable-sdl
+--enable-avx2
+--enable-gtk
+--enable-vnc
+--enable-kvm
+--disable-strip
+--target-list='i386-softmmu x86_64-softmmu i386-linux-user x86_64-linux-user'
+--enable-spice
+--enable-rbd
+--extra-cflags="-O3"
+--enable-attr
+--enable-cap-ng
+--enable-virtfs
+--enable-vhost-net
+--enable-usb-redir
+--python=/usr/bin/python
+--enable-seccomp
+--enable-linux-aio
+--enable-tpm
+--enable-opengl
+#--enable-virglrenderer
+#--enable-libnfs
+--enable-libiscsi
+--enable-coroutine-pool
+--enable-jemalloc
+#--enable-curses
diff --git a/configure.patch b/configure.patch
@@ -0,0 +1,10 @@
+--- qemu-2.2.0/configure~	2014-12-09 09:45:40.000000000 -0500
++++ qemu-2.2.0/configure	2015-01-06 14:30:38.483293008 -0500
+@@ -1132,7 +1132,6 @@
+   *)
+       echo "ERROR: unknown option $opt"
+       echo "Try '$0 --help' for more information"
+-      exit 1
+   ;;
+   esac
+ done
diff --git a/excludes b/excludes
@@ -0,0 +1,2 @@
+# This file contains the output files that need %exclude. Full path
+# names, one per line.
diff --git a/extras b/extras
@@ -0,0 +1 @@
+/usr/bin/qemu-img
diff --git a/make_check_command b/make_check_command
@@ -0,0 +1,3 @@
+make check || :
+
+
diff --git a/options.conf b/options.conf
@@ -0,0 +1,58 @@
+[package]
+name = qemu
+url = http://wiki.qemu-project.org/download/qemu-3.1.0.tar.xz
+archives = 
+giturl = https://github.com/qemu/qemu.git
+
+[autospec]
+# build 32 bit libraries
+32bit = false
+# allow package to build with test failures
+allow_test_failures = true
+# unset %build ld_as_needed variable
+asneeded = false
+# this package is trusted enough to automatically update (used by other tools)
+autoupdate = false
+# extend flags with '-std=gnu++98
+broken_c++ = false
+# disable parallelization during build
+broken_parallel_build = false
+# this package is a library compatability package and only ships versioned library files
+compat = false
+# set conservative build flags
+conservative_flags = false
+# dev package requires the extras to be installed
+dev_requires_extras = false
+# pass -ffast-math to compiler
+fast-math = false
+# optimize build for speed over size
+funroll-loops = false
+# set flags to smallest -02 flags possible
+insecure_build = false
+# do not remove static libraries
+keepstatic = false
+# do not require autostart subpackage
+no_autostart = false
+# disable stripping binaries
+nostrip = false
+# optimize build for size over speed
+optimize_size = false
+# set profile for pgo
+pgo = false
+# set flags for security-sensitive builds
+security_sensitive = true
+# do not run test suite
+skip_tests = false
+# add .so files to the lib package instead of dev
+so_to_lib = false
+# configure build for avx2
+use_avx2 = true
+# configure build for avx512
+use_avx512 = false
+# add clang flags
+use_clang = false
+# configure build for lto
+use_lto = false
+# require package verification for build
+verify_required = true
+
diff --git a/pkgconfig_add b/pkgconfig_add
@@ -0,0 +1,5 @@
+#
+# This file contains extra pkgconfig build requirements that don't get picked up but are 
+# desirable. One name per line, no whitespace.
+#
+pixman-1
diff --git a/pkgconfig_ban b/pkgconfig_ban
@@ -0,0 +1,5 @@
+#
+# This file contains pkgconfig build requirements that get picked up but are 
+# undesirable. One name per line, no whitespace.
+#
+gtk+-2.0
diff --git a/qemu-3.1.0.tar.xz.sig b/qemu-3.1.0.tar.xz.sig
diff --git a/qemu.license b/qemu.license
@@ -0,0 +1 @@
+GPL-2.0+ LGPL-2.0+ BSD
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Clear Linux does not build ppc target. Not applicable.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# This file contains the output files that need %exclude. Full path
		# names, one per line.