* [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0
@ 2019-04-24 0:15 Alistair Francis
2019-04-24 12:37 ` Burton, Ross
2019-04-25 13:49 ` Richard Purdie
0 siblings, 2 replies; 8+ messages in thread
From: Alistair Francis @ 2019-04-24 0:15 UTC (permalink / raw)
To: openembedded-core
This commit upgrade QEMU to the latest 4.0.0 release.
- The COPYING.LIB file has changed SHA to:
"Synchronize the LGPL 2.1 with the version from gnu.org"
- SDL 1.2 has been removed, along with the --with-sdlabi command line
arg
- The backported patches have been removed
- Al the other patches have been refreshed and the numbering has been
updated
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
meta/conf/distro/include/tcmode-default.inc | 2 +-
meta/recipes-devtools/qemu/qemu-native.inc | 4 +-
...u-native_3.1.0.bb => qemu-native_4.0.0.bb} | 0
...e_3.1.0.bb => qemu-system-native_4.0.0.bb} | 1 +
meta/recipes-devtools/qemu/qemu.inc | 38 +++---
.../qemu/0001-Add-a-missing-X11-include.patch | 65 ----------
...-egl-headless-add-egl_create_context.patch | 50 --------
...mu-Add-missing-wacom-HID-descriptor.patch} | 2 +-
...-allow-user-to-disable-pointer-grabs.patch | 72 -----------
...est-which-runs-all-unit-test-cases-.patch} | 6 +-
...-environment-space-to-boot-loader-q.patch} | 6 +-
...patch => 0004-qemu-disable-Valgrind.patch} | 6 +-
...searched-during-user-mode-emulation.patch} | 2 +-
...d.bfd-fix-cflags-and-set-some-envir.patch} | 6 +-
...connect-socket-to-a-spawned-command.patch} | 69 ++++++-----
... 0008-apic-fixup-fallthrough-to-PIC.patch} | 6 +-
...ebkitgtk-hangs-on-32-bit-x86-target.patch} | 4 +-
...-fix-mmap-munmap-mprotect-mremap-sh.patch} | 20 ++--
| 2 +-
...messages-when-qemi_cpu_kick_thread-.patch} | 10 +-
.../qemu/qemu/0014-fix-CVE-2018-16872.patch | 85 -------------
.../qemu/qemu/0015-fix-CVE-2018-20124.patch | 60 ----------
.../qemu/qemu/0016-fix-CVE-2018-20125.patch | 54 ---------
.../qemu/qemu/0017-fix-CVE-2018-20126.patch | 113 ------------------
.../qemu/qemu/0018-fix-CVE-2018-20191.patch | 47 --------
.../qemu/qemu/0019-fix-CVE-2018-20216.patch | 85 -------------
.../qemu/qemu/CVE-2019-3812.patch | 39 ------
.../qemu/{qemu_3.1.0.bb => qemu_4.0.0.bb} | 0
28 files changed, 87 insertions(+), 767 deletions(-)
rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => qemu-native_4.0.0.bb} (100%)
rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => qemu-system-native_4.0.0.bb} (95%)
delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
rename meta/recipes-devtools/qemu/qemu/{0002-qemu-Add-missing-wacom-HID-descriptor.patch => 0001-qemu-Add-missing-wacom-HID-descriptor.patch} (98%)
delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
rename meta/recipes-devtools/qemu/qemu/{0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch => 0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch} (83%)
rename meta/recipes-devtools/qemu/qemu/{0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch => 0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch} (89%)
rename meta/recipes-devtools/qemu/qemu/{0005-qemu-disable-Valgrind.patch => 0004-qemu-disable-Valgrind.patch} (85%)
rename meta/recipes-devtools/qemu/qemu/{0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch => 0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch} (98%)
rename meta/recipes-devtools/qemu/qemu/{0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch => 0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch} (82%)
rename meta/recipes-devtools/qemu/qemu/{0008-chardev-connect-socket-to-a-spawned-command.patch => 0007-chardev-connect-socket-to-a-spawned-command.patch} (80%)
rename meta/recipes-devtools/qemu/qemu/{0009-apic-fixup-fallthrough-to-PIC.patch => 0008-apic-fixup-fallthrough-to-PIC.patch} (90%)
rename meta/recipes-devtools/qemu/qemu/{0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch => 0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch} (93%)
rename meta/recipes-devtools/qemu/qemu/{0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch => 0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch} (90%)
rename meta/recipes-devtools/qemu/qemu/{0012-fix-libcap-header-issue-on-some-distro.patch => 0011-fix-libcap-header-issue-on-some-distro.patch} (97%)
rename meta/recipes-devtools/qemu/qemu/{0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch => 0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch} (87%)
delete mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
rename meta/recipes-devtools/qemu/{qemu_3.1.0.bb => qemu_4.0.0.bb} (100%)
diff --git a/meta/conf/distro/include/tcmode-default.inc b/meta/conf/distro/include/tcmode-default.inc
index 04373cc0aa..02e9ddde24 100644
--- a/meta/conf/distro/include/tcmode-default.inc
+++ b/meta/conf/distro/include/tcmode-default.inc
@@ -24,7 +24,7 @@ BINUVERSION ?= "2.32%"
GDBVERSION ?= "8.2%"
GLIBCVERSION ?= "2.29%"
LINUXLIBCVERSION ?= "5.0%"
-QEMUVERSION ?= "3.1%"
+QEMUVERSION ?= "4.0%"
GOVERSION ?= "1.12%"
PREFERRED_VERSION_gcc ?= "${GCCVERSION}"
diff --git a/meta/recipes-devtools/qemu/qemu-native.inc b/meta/recipes-devtools/qemu/qemu-native.inc
index 4373ad9e63..34ab8e6401 100644
--- a/meta/recipes-devtools/qemu/qemu-native.inc
+++ b/meta/recipes-devtools/qemu/qemu-native.inc
@@ -3,8 +3,8 @@ inherit native
require qemu.inc
SRC_URI_append = " \
- file://0012-fix-libcap-header-issue-on-some-distro.patch \
- file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
+ file://0011-fix-libcap-header-issue-on-some-distro.patch \
+ file://0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
"
EXTRA_OECONF_append = " --python=python2.7"
diff --git a/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-native_4.0.0.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-native_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu-native_4.0.0.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
similarity index 95%
rename from meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
index 5bf528bec1..820883df65 100644
--- a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
+++ b/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
@@ -20,4 +20,5 @@ do_install_append() {
# The following is also installed by qemu-native
rm -f ${D}${datadir}/qemu/trace-events-all
rm -rf ${D}${datadir}/qemu/keymaps
+ rm -rf ${D}${datadir}/icons/
}
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 13f0549c25..dd666f86a8 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -5,36 +5,26 @@ LICENSE = "GPLv2 & LGPLv2.1"
RDEPENDS_${PN}-ptest = "bash make"
LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
- file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
+ file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f"
SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://powerpc_rom.bin \
- file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \
- file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \
- file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
file://run-ptest \
- file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
- file://0005-qemu-disable-Valgrind.patch \
- file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
- file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
- file://0008-chardev-connect-socket-to-a-spawned-command.patch \
- file://0009-apic-fixup-fallthrough-to-PIC.patch \
- file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
- file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
- file://0001-Add-a-missing-X11-include.patch \
- file://0001-egl-headless-add-egl_create_context.patch \
- file://0014-fix-CVE-2018-16872.patch \
- file://0015-fix-CVE-2018-20124.patch \
- file://0016-fix-CVE-2018-20125.patch \
- file://0017-fix-CVE-2018-20126.patch \
- file://0018-fix-CVE-2018-20191.patch \
- file://0019-fix-CVE-2018-20216.patch \
- file://CVE-2019-3812.patch \
+ file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \
+ file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
+ file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
+ file://0004-qemu-disable-Valgrind.patch \
+ file://0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
+ file://0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
+ file://0007-chardev-connect-socket-to-a-spawned-command.patch \
+ file://0008-apic-fixup-fallthrough-to-PIC.patch \
+ file://0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
+ file://0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
-SRC_URI[md5sum] = "fb687ce0b02d3bf4327e36d3b99427a8"
-SRC_URI[sha256sum] = "6a0508df079a0a33c2487ca936a56c12122f105b8a96a44374704bef6c69abfc"
+SRC_URI[md5sum] = "0afeca336fd57ae3d3086ec07f59d708"
+SRC_URI[sha256sum] = "13a93dfe75b86734326f8d5b475fde82ec692d5b5a338b4262aeeb6b0fa4e469"
COMPATIBLE_HOST_mipsarchn32 = "null"
COMPATIBLE_HOST_mipsarchn64 = "null"
@@ -133,7 +123,7 @@ make_qemu_wrapper() {
PACKAGECONFIG_remove_darwin = "kvm virglrenderer glx gtk+"
PACKAGECONFIG_remove_mingw32 = "kvm virglrenderer glx gtk+"
-PACKAGECONFIG[sdl] = "--enable-sdl --with-sdlabi=2.0,--disable-sdl,libsdl2"
+PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2"
PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr,--disable-virtfs,libcap attr,"
PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"
PACKAGECONFIG[xfs] = "--enable-xfsctl,--disable-xfsctl,xfsprogs,"
diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
deleted file mode 100644
index 192936e1e7..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From eb1a215a4f86dde4493c3e22ad9f6d698850915e Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Thu, 20 Dec 2018 18:06:29 +0100
-Subject: [PATCH] egl-helpers.h: do not depend on X11 Window type, use
- EGLNativeWindowType
-
-It was assumed that mesa provides the necessary X11 includes,
-but it is not always the case, as it can be configured without x11 support.
-
-Upstream-Status: Submitted [http://lists.nongnu.org/archive/html/qemu-devel/2019-01/msg03706.html]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-
----
- include/ui/egl-helpers.h | 2 +-
- ui/egl-helpers.c | 4 ++--
- ui/gtk-egl.c | 2 +-
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/include/ui/egl-helpers.h b/include/ui/egl-helpers.h
-index 9db7293b..3fc656a7 100644
---- a/include/ui/egl-helpers.h
-+++ b/include/ui/egl-helpers.h
-@@ -43,7 +43,7 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf);
-
- #endif
-
--EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win);
-+EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win);
-
- int qemu_egl_init_dpy_x11(EGLNativeDisplayType dpy, DisplayGLMode mode);
- int qemu_egl_init_dpy_mesa(EGLNativeDisplayType dpy, DisplayGLMode mode);
-diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c
-index 4f475142..5e115b3f 100644
---- a/ui/egl-helpers.c
-+++ b/ui/egl-helpers.c
-@@ -273,14 +273,14 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf)
-
- /* ---------------------------------------------------------------------- */
-
--EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win)
-+EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win)
- {
- EGLSurface esurface;
- EGLBoolean b;
-
- esurface = eglCreateWindowSurface(qemu_egl_display,
- qemu_egl_config,
-- (EGLNativeWindowType)win, NULL);
-+ win, NULL);
- if (esurface == EGL_NO_SURFACE) {
- error_report("egl: eglCreateWindowSurface failed");
- return NULL;
-diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c
-index 5420c236..1f941162 100644
---- a/ui/gtk-egl.c
-+++ b/ui/gtk-egl.c
-@@ -54,7 +54,7 @@ void gd_egl_init(VirtualConsole *vc)
- }
-
- vc->gfx.ectx = qemu_egl_init_ctx();
-- vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, x11_window);
-+ vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, (EGLNativeWindowType)x11_window);
-
- assert(vc->gfx.esurface);
- }
diff --git a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch b/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
deleted file mode 100644
index d9326c017a..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 952e5d584f5aabe41298c278065fe628f3f7aa7a Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 29 Nov 2018 13:35:02 +0100
-Subject: [PATCH] egl-headless: add egl_create_context
-
-We must set the correct context (via eglMakeCurrent) before
-calling qemu_egl_create_context, so we need a thin wrapper and can't
-hook qemu_egl_create_context directly as ->dpy_gl_ctx_create callback.
-
-Reported-by: Frederik Carlier <frederik.carlier@quamotion.mobi>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-id: 20181129123502.30129-1-kraxel@redhat.com
-
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=952e5d584f5aabe41298c278065fe628f3f7aa7a]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- ui/egl-headless.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/ui/egl-headless.c b/ui/egl-headless.c
-index 4cf3bbc0e4..519e7bad32 100644
---- a/ui/egl-headless.c
-+++ b/ui/egl-headless.c
-@@ -38,6 +38,14 @@ static void egl_gfx_switch(DisplayChangeListener *dcl,
- edpy->ds = new_surface;
- }
-
-+static QEMUGLContext egl_create_context(DisplayChangeListener *dcl,
-+ QEMUGLParams *params)
-+{
-+ eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE,
-+ qemu_egl_rn_ctx);
-+ return qemu_egl_create_context(dcl, params);
-+}
-+
- static void egl_scanout_disable(DisplayChangeListener *dcl)
- {
- egl_dpy *edpy = container_of(dcl, egl_dpy, dcl);
-@@ -150,7 +158,7 @@ static const DisplayChangeListenerOps egl_ops = {
- .dpy_gfx_update = egl_gfx_update,
- .dpy_gfx_switch = egl_gfx_switch,
-
-- .dpy_gl_ctx_create = qemu_egl_create_context,
-+ .dpy_gl_ctx_create = egl_create_context,
- .dpy_gl_ctx_destroy = qemu_egl_destroy_context,
- .dpy_gl_ctx_make_current = qemu_egl_make_context_current,
- .dpy_gl_ctx_get_current = qemu_egl_get_current_context,
---
-2.17.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
similarity index 98%
rename from meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
rename to meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
index 4de2688838..5373915ff0 100644
--- a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
+++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
@@ -1,4 +1,4 @@
-From 7ac3c84f28866491c58cc0f52a25a706949c8ef3 Mon Sep 17 00:00:00 2001
+From 1cb804cf0e47116202011f3386b4739af668224a Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Thu, 27 Nov 2014 14:04:29 +0000
Subject: [PATCH] qemu: Add missing wacom HID descriptor
diff --git a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch b/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
deleted file mode 100644
index 5b9a1f911c..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From c53ddb5acbee56db6423f369b9f9a9b62501b4af Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Wed, 18 Sep 2013 14:04:54 +0100
-Subject: [PATCH] sdl.c: allow user to disable pointer grabs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When the pointer enters the Qemu window it calls SDL_WM_GrabInput, which calls
-XGrabPointer in a busyloop until it returns GrabSuccess. However if there's already
-a pointer grab (screen is locked, a menu is open) then qemu will hang until the
-grab can be taken. In the specific case of a headless X server on an autobuilder, once
-the screensaver has kicked in any qemu instance that appears underneath the
-pointer will hang.
-
-I'm not entirely sure why pointer grabs are required (the documentation
-explicitly says it doesn't do grabs when using a tablet, which we are) so wrap
-them in a conditional that can be set by the autobuilder environment, preserving
-the current grabbing behaviour for everyone else.
-
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-Signed-off-by: Eric Bénard <eric@eukrea.com>
-
----
- ui/sdl.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/ui/sdl.c b/ui/sdl.c
-index 190b16f5..aa89471d 100644
---- a/ui/sdl.c
-+++ b/ui/sdl.c
-@@ -69,6 +69,11 @@ static int idle_counter;
- static const guint16 *keycode_map;
- static size_t keycode_maplen;
-
-+#ifndef True
-+#define True 1
-+#endif
-+static doing_grabs = True;
-+
- #define SDL_REFRESH_INTERVAL_BUSY 10
- #define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \
- / SDL_REFRESH_INTERVAL_BUSY + 1)
-@@ -399,14 +404,16 @@ static void sdl_grab_start(void)
- }
- } else
- sdl_hide_cursor();
-- SDL_WM_GrabInput(SDL_GRAB_ON);
-+ if (doing_grabs)
-+ SDL_WM_GrabInput(SDL_GRAB_ON);
- gui_grab = 1;
- sdl_update_caption();
- }
-
- static void sdl_grab_end(void)
- {
-- SDL_WM_GrabInput(SDL_GRAB_OFF);
-+ if (doing_grabs)
-+ SDL_WM_GrabInput(SDL_GRAB_OFF);
- gui_grab = 0;
- sdl_show_cursor();
- sdl_update_caption();
-@@ -945,6 +952,8 @@ static void sdl1_display_init(DisplayState *ds, DisplayOptions *o)
- * This requires SDL >= 1.2.14. */
- setenv("SDL_DISABLE_LOCK_KEYS", "1", 1);
-
-+ doing_grabs = (getenv("QEMU_DONT_GRAB") == NULL);
-+
- flags = SDL_INIT_VIDEO | SDL_INIT_NOPARACHUTE;
- if (SDL_Init (flags)) {
- fprintf(stderr, "Could not initialize SDL(%s) - exiting\n",
diff --git a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
similarity index 83%
rename from meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
rename to meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
index 668fc4680c..7b7c5d71a0 100644
--- a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
+++ b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
@@ -1,4 +1,4 @@
-From aac8834bfd5b79e724f2593895847b50968a1223 Mon Sep 17 00:00:00 2001
+From 281116b31981b0b9e174bda8abe00f4eaa33c2ae Mon Sep 17 00:00:00 2001
From: Juro Bystricky <juro.bystricky@intel.com>
Date: Thu, 31 Aug 2017 11:06:56 -0700
Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
@@ -15,10 +15,10 @@ Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
1 file changed, 8 insertions(+)
diff --git a/tests/Makefile.include b/tests/Makefile.include
-index fb0b449c..afedabd4 100644
+index 36fc73fe..01fecd4d 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
-@@ -967,4 +967,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
+@@ -1184,4 +1184,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
-include $(wildcard tests/*.d)
-include $(wildcard tests/libqos/*.d)
diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
similarity index 89%
rename from meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
rename to meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
index b4d4c587bd..9a18ca18e4 100644
--- a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
+++ b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -1,4 +1,4 @@
-From 3de7a5635093c31dcb960ce9dff27da629b85d4d Mon Sep 17 00:00:00 2001
+From bf04acef9ec31ddcc18ddbb4ac5b7b1e7368bf7d Mon Sep 17 00:00:00 2001
From: Jason Wessel <jason.wessel@windriver.com>
Date: Fri, 28 Mar 2014 17:42:43 +0800
Subject: [PATCH] qemu: Add addition environment space to boot loader
@@ -19,10 +19,10 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
-index c1cf0fe1..decffd2f 100644
+index 439665ab..285c78ef 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
-@@ -62,7 +62,7 @@
+@@ -60,7 +60,7 @@
#define ENVP_ADDR 0x80002000l
#define ENVP_NB_ENTRIES 16
diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
similarity index 85%
rename from meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
rename to meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
index f0cf8148e1..9e326081f2 100644
--- a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
+++ b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
@@ -1,4 +1,4 @@
-From 32e8a94b6ae664d9b5689e19d495e304c0f41954 Mon Sep 17 00:00:00 2001
+From e40f797548bc3ff06c71b6cbe042a46406894d18 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Tue, 20 Oct 2015 22:19:08 +0100
Subject: [PATCH] qemu: disable Valgrind
@@ -13,10 +13,10 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
1 file changed, 9 deletions(-)
diff --git a/configure b/configure
-index 0a3c6a72..069e0daa 100755
+index 1c563a70..eaf9bb5e 100755
--- a/configure
+++ b/configure
-@@ -5044,15 +5044,6 @@ fi
+@@ -5311,15 +5311,6 @@ fi
# check if we have valgrind/valgrind.h
valgrind_h=no
diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
similarity index 98%
rename from meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
rename to meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
index 4b2f0137eb..819720a3f2 100644
--- a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
+++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
@@ -1,4 +1,4 @@
-From 02f80ee81681b6307a8032128a07686183662270 Mon Sep 17 00:00:00 2001
+From 547c3710a1493d2fd6bb56b819cf162db433756a Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Wed, 9 Mar 2016 22:49:02 +0000
Subject: [PATCH] qemu: Limit paths searched during user mode emulation
diff --git a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
similarity index 82%
rename from meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
rename to meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
index 4163e51884..b62a588c66 100644
--- a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
+++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
@@ -1,4 +1,4 @@
-From 74bce35b71f4733c13e96f96e25956ff943fae20 Mon Sep 17 00:00:00 2001
+From 107fd860529a3c1319d54c3c225758457b0d9394 Mon Sep 17 00:00:00 2001
From: Stephen Arnold <sarnold@vctlabs.com>
Date: Sun, 12 Jun 2016 18:09:56 -0700
Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
@@ -10,10 +10,10 @@ Upstream-Status: Pending
1 file changed, 4 deletions(-)
diff --git a/configure b/configure
-index 069e0daa..5b97f3c1 100755
+index eaf9bb5e..de2933d1 100755
--- a/configure
+++ b/configure
-@@ -5622,10 +5622,6 @@ write_c_skeleton
+@@ -5928,10 +5928,6 @@ write_c_skeleton
if test "$gcov" = "yes" ; then
CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
diff --git a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
similarity index 80%
rename from meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
rename to meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
index e5a2d4abca..f3f3dc3f5e 100644
--- a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
+++ b/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
@@ -1,4 +1,4 @@
-From 9c1e976290e87a83ab1bfe38eb7ff3521ff0d684 Mon Sep 17 00:00:00 2001
+From 136e159482a1bc8676cbe6e767055d0c3fb20065 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@xilinx.com>
Date: Thu, 21 Dec 2017 11:35:16 -0800
Subject: [PATCH] chardev: connect socket to a spawned command
@@ -46,17 +46,17 @@ Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---
- chardev/char-socket.c | 102 ++++++++++++++++++++++++++++++++++++++++++
+ chardev/char-socket.c | 101 ++++++++++++++++++++++++++++++++++++++++++
chardev/char.c | 3 ++
qapi/char.json | 5 +++
- 3 files changed, 110 insertions(+)
+ 3 files changed, 109 insertions(+)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
-index eaa8e8b6..959ed183 100644
+index 3916505d..a8e9dce8 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
-@@ -987,6 +987,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
- return false;
+@@ -1273,6 +1273,67 @@ static bool qmp_chardev_validate_socket(ChardevSocket *sock,
+ return true;
}
+#ifndef _WIN32
@@ -120,11 +120,10 @@ index eaa8e8b6..959ed183 100644
+ }
+}
+#endif
-+
+
static void qmp_chardev_open_socket(Chardev *chr,
ChardevBackend *backend,
- bool *be_opened,
-@@ -994,6 +1056,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
+@@ -1281,6 +1342,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
{
SocketChardev *s = SOCKET_CHARDEV(chr);
ChardevSocket *sock = backend->u.socket.data;
@@ -134,9 +133,9 @@ index eaa8e8b6..959ed183 100644
bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
bool is_listen = sock->has_server ? sock->server : true;
bool is_telnet = sock->has_telnet ? sock->telnet : false;
-@@ -1072,6 +1137,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
- s->reconnect_time = reconnect;
- }
+@@ -1346,6 +1410,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
+
+ update_disconnected_filename(s);
+#ifndef _WIN32
+ if (cmd) {
@@ -146,13 +145,13 @@ index eaa8e8b6..959ed183 100644
+ *be_opened = true;
+ } else
+#endif
- if (s->reconnect_time) {
- tcp_chr_connect_async(chr);
- } else {
-@@ -1131,9 +1204,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
+ if (s->is_listen) {
+ if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270,
+ is_waitconnect, errp) < 0) {
+@@ -1365,9 +1437,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
+ const char *host = qemu_opt_get(opts, "host");
const char *port = qemu_opt_get(opts, "port");
const char *fd = qemu_opt_get(opts, "fd");
- const char *tls_creds = qemu_opt_get(opts, "tls-creds");
+#ifndef _WIN32
+ const char *cmd = qemu_opt_get(opts, "cmd");
+#endif
@@ -166,7 +165,7 @@ index eaa8e8b6..959ed183 100644
+ * spawning a command, otherwise unmodified code that doesn't know about
+ * command spawning (like socket_reconnect_timeout()) might get called.
+ */
-+ if (path || is_listen || is_telnet || is_tn3270 || reconnect || host || port || tls_creds) {
++ if (path || sock->server || sock->has_telnet || sock->has_tn3270 || sock->reconnect || host || port || sock->tls_creds) {
+ error_setg(errp, "chardev: socket: cmd does not support any additional options");
+ return;
+ }
@@ -176,14 +175,14 @@ index eaa8e8b6..959ed183 100644
if ((!!path + !!fd + !!host) != 1) {
error_setg(errp,
"Exactly one of 'path', 'fd' or 'host' required");
-@@ -1180,12 +1270,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
- sock->reconnect = reconnect;
- sock->tls_creds = g_strdup(tls_creds);
+@@ -1410,12 +1499,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
+ sock->has_tls_authz = qemu_opt_get(opts, "tls-authz");
+ sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz"));
+#ifndef _WIN32
+ sock->cmd = g_strdup(cmd);
+#endif
-+
++
addr = g_new0(SocketAddressLegacy, 1);
+#ifndef _WIN32
+ if (path || cmd) {
@@ -202,10 +201,10 @@ index eaa8e8b6..959ed183 100644
addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
addr->u.inet.data = g_new(InetSocketAddress, 1);
diff --git a/chardev/char.c b/chardev/char.c
-index 152dde53..62d5b578 100644
+index 514cd6b0..36a40d67 100644
--- a/chardev/char.c
+++ b/chardev/char.c
-@@ -818,6 +818,9 @@ QemuOptsList qemu_chardev_opts = {
+@@ -835,6 +835,9 @@ QemuOptsList qemu_chardev_opts = {
},{
.name = "path",
.type = QEMU_OPT_STRING,
@@ -216,10 +215,10 @@ index 152dde53..62d5b578 100644
.name = "host",
.type = QEMU_OPT_STRING,
diff --git a/qapi/char.json b/qapi/char.json
-index 79bac598..97bd161a 100644
+index a6e81ac7..517962c6 100644
--- a/qapi/char.json
+++ b/qapi/char.json
-@@ -242,6 +242,10 @@
+@@ -247,6 +247,10 @@
#
# @addr: socket address to listen on (server=true)
# or connect to (server=false)
@@ -228,13 +227,13 @@ index 79bac598..97bd161a 100644
+# is used by the chardev. Either an addr or a cmd can
+# be specified, but not both.
# @tls-creds: the ID of the TLS credentials object (since 2.6)
- # @server: create server socket (default: true)
- # @wait: wait for incoming connection on server
-@@ -261,6 +265,7 @@
- # Since: 1.4
+ # @tls-authz: the ID of the QAuthZ authorization object against which
+ # the client's x509 distinguished name will be validated. This
+@@ -272,6 +276,7 @@
##
- { 'struct': 'ChardevSocket', 'data': { 'addr' : 'SocketAddressLegacy',
-+ '*cmd' : 'str',
- '*tls-creds' : 'str',
- '*server' : 'bool',
- '*wait' : 'bool',
+ { 'struct': 'ChardevSocket',
+ 'data': { 'addr': 'SocketAddressLegacy',
++ '*cmd': 'str',
+ '*tls-creds': 'str',
+ '*tls-authz' : 'str',
+ '*server': 'bool',
diff --git a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
similarity index 90%
rename from meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
rename to meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
index 1d3a2b5b21..13037f33f3 100644
--- a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
+++ b/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
@@ -1,4 +1,4 @@
-From 4829da131996548dc86775b8b97a29c436f3d130 Mon Sep 17 00:00:00 2001
+From 1b3f264e2ba18caf658fae27293c426c8366c6a3 Mon Sep 17 00:00:00 2001
From: Mark Asselstine <mark.asselstine@windriver.com>
Date: Tue, 26 Feb 2013 11:43:28 -0500
Subject: [PATCH] apic: fixup fallthrough to PIC
@@ -30,10 +30,10 @@ Signed-off-by: He Zhe <zhe.he@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/intc/apic.c b/hw/intc/apic.c
-index 97ffdd82..ef23430e 100644
+index 6ea619c3..f892811e 100644
--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
-@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *dev)
+@@ -604,7 +604,7 @@ int apic_accept_pic_intr(DeviceState *dev)
APICCommonState *s = APIC(dev);
uint32_t lvt0;
diff --git a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
similarity index 93%
rename from meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
rename to meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
index c0d7914be0..c572ff94d0 100644
--- a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
+++ b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
@@ -1,4 +1,4 @@
-From bce25c9cda73569963615ffd31ed949cbe3a3781 Mon Sep 17 00:00:00 2001
+From a33ae91504ea4d254b5ace64a84791d3c96c9773 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@xilinx.com>
Date: Wed, 17 Jan 2018 10:51:49 -0800
Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
@@ -19,7 +19,7 @@ Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux-user/main.c b/linux-user/main.c
-index 923cbb75..fe0b9ff4 100644
+index a0aba9cb..34c54924 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -69,7 +69,7 @@ int have_guest_base;
diff --git a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch b/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
similarity index 90%
rename from meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
rename to meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
index 066ea7865a..3418eb7c65 100644
--- a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
+++ b/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
@@ -1,4 +1,4 @@
-From 496231774f8bc17ecfaf543a6603e3cad3f3f74e Mon Sep 17 00:00:00 2001
+From 2a66bd95c856de6950fbd802c5b99075207c1d76 Mon Sep 17 00:00:00 2001
From: Martin Jansa <martin.jansa@lge.com>
Date: Fri, 1 Jun 2018 08:41:07 +0000
Subject: [PATCH] Revert "linux-user: fix mmap/munmap/mprotect/mremap/shmat"
@@ -23,7 +23,7 @@ Upstream-Status: Pending
4 files changed, 15 insertions(+), 29 deletions(-)
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
-index 117d2fbb..90558c14 100644
+index b16c9ec5..612db6a0 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -163,12 +163,8 @@ extern unsigned long guest_base;
@@ -41,7 +41,7 @@ index 117d2fbb..90558c14 100644
#include "exec/hwaddr.h"
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
-index 95906849..ed17b3f6 100644
+index d78041d7..845639f7 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -62,13 +62,15 @@ typedef uint64_t abi_ptr;
@@ -68,7 +68,7 @@ index 95906849..ed17b3f6 100644
#define h2g_nocheck(x) ({ \
unsigned long __ret = (unsigned long)(x) - guest_base; \
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
-index 41e0983c..d0ee1c53 100644
+index e0249efe..cfe34b35 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -79,7 +79,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
@@ -81,9 +81,9 @@ index 41e0983c..d0ee1c53 100644
}
prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
@@ -490,8 +490,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
- * It can fail only on 64-bit host with 32-bit target.
- * On any other target/host host mmap() handles this error correctly.
- */
+ * It can fail only on 64-bit host with 32-bit target.
+ * On any other target/host host mmap() handles this error correctly.
+ */
- if (!guest_range_valid(start, len)) {
- errno = ENOMEM;
+ if ((unsigned long)start + len - 1 > (abi_ulong) -1) {
@@ -118,10 +118,10 @@ index 41e0983c..d0ee1c53 100644
if (flags & MREMAP_FIXED) {
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 280137da..efdd0006 100644
+index 96cd4bf8..e6754772 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
-@@ -3818,9 +3818,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
+@@ -3860,9 +3860,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
return -TARGET_EINVAL;
}
}
@@ -131,7 +131,7 @@ index 280137da..efdd0006 100644
mmap_lock();
-@@ -6582,7 +6579,7 @@ static int open_self_maps(void *cpu_env, int fd)
+@@ -6633,7 +6630,7 @@ static int open_self_maps(void *cpu_env, int fd)
}
if (h2g_valid(min)) {
int flags = page_get_flags(h2g(min));
diff --git a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch b/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
similarity index 97%
rename from meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
rename to meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
index 9cbe838811..3a7d7bbd33 100644
--- a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
+++ b/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
@@ -1,4 +1,4 @@
-From d3e0b8dac7c2eb20d7fcff747bc98b981f4398ef Mon Sep 17 00:00:00 2001
+From 9125afb733d8c96416bb83c5adad39bb8d0803a1 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 12 Mar 2013 09:54:06 +0800
Subject: [PATCH] fix libcap header issue on some distro
diff --git a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
similarity index 87%
rename from meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
rename to meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
index 27e508c5a3..04664195d1 100644
--- a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
+++ b/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
@@ -1,4 +1,4 @@
-From 861c522df7791d7e93743d5641f3ef2a5a3c4632 Mon Sep 17 00:00:00 2001
+From 0a53e906510cce1f32bc04a11e81ea40f834dac4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
Date: Wed, 12 Aug 2015 15:11:30 -0500
Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
@@ -20,10 +20,10 @@ Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
create mode 100644 custom_debug.h
diff --git a/cpus.c b/cpus.c
-index 0ddeeefc..4f3a5624 100644
+index e83f72b4..e6e2576e 100644
--- a/cpus.c
+++ b/cpus.c
-@@ -1768,6 +1768,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
+@@ -1769,6 +1769,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
return NULL;
}
@@ -32,9 +32,9 @@ index 0ddeeefc..4f3a5624 100644
static void qemu_cpu_kick_thread(CPUState *cpu)
{
#ifndef _WIN32
-@@ -1780,6 +1782,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
+@@ -1781,6 +1783,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
err = pthread_kill(cpu->thread->thread, SIG_IPI);
- if (err) {
+ if (err && err != ESRCH) {
fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
+ fprintf(stderr, "CPU #%d:\n", cpu->cpu_index);
+ cpu_dump_state(cpu, stderr, fprintf, 0);
diff --git a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch b/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
deleted file mode 100644
index 412aa16046..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-CVE: CVE-2018-16872
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From bab9df35ce73d1c8e19a37e2737717ea1c984dc1 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 13 Dec 2018 13:25:11 +0100
-Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
-
-Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
-While being at it also add O_CLOEXEC.
-
-usb-mtp only handles regular files and directories and ignores
-everything else, so users should not see a difference.
-
-Because qemu ignores symlinks, carrying out a successful symlink attack
-requires swapping an existing file or directory below rootdir for a
-symlink and winning the race against the inotify notification to qemu.
-
-Fixes: CVE-2018-16872
-Cc: Prasad J Pandit <ppandit@redhat.com>
-Cc: Bandan Das <bsd@redhat.com>
-Reported-by: Michael Hanselmann <public@hansmi.ch>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Michael Hanselmann <public@hansmi.ch>
-Message-id: 20181213122511.13853-1-kraxel@redhat.com
----
- hw/usb/dev-mtp.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
-index 100b7171f4..36c43b8c20 100644
---- a/hw/usb/dev-mtp.c
-+++ b/hw/usb/dev-mtp.c
-@@ -653,13 +653,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
- {
- struct dirent *entry;
- DIR *dir;
-+ int fd;
-
- if (o->have_children) {
- return;
- }
- o->have_children = true;
-
-- dir = opendir(o->path);
-+ fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
-+ if (fd < 0) {
-+ return;
-+ }
-+ dir = fdopendir(fd);
- if (!dir) {
- return;
- }
-@@ -1007,7 +1012,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
-
- trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
-
-- d->fd = open(o->path, O_RDONLY);
-+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
- if (d->fd == -1) {
- usb_mtp_data_free(d);
- return NULL;
-@@ -1031,7 +1036,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
- c->argv[1], c->argv[2]);
-
- d = usb_mtp_data_alloc(c);
-- d->fd = open(o->path, O_RDONLY);
-+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
- if (d->fd == -1) {
- usb_mtp_data_free(d);
- return NULL;
-@@ -1658,7 +1663,7 @@ static void usb_mtp_write_data(MTPState *s)
- 0, 0, 0, 0);
- goto done;
- }
-- d->fd = open(path, O_CREAT | O_WRONLY, mask);
-+ d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask);
- if (d->fd == -1) {
- usb_mtp_queue_result(s, RES_STORE_FULL, d->trans,
- 0, 0, 0, 0);
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch b/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
deleted file mode 100644
index 985b819409..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-CVE: CVE-2018-20124
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373]
-
-Backport patch to fix CVE-2018-20124. Update context and stay with current
-function comp_handler() which has been replaced with complete_work() in latest
-git repo.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 0e68373cc2b3a063ce067bc0cc3edaf370752890 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:34 +0530
-Subject: [PATCH] rdma: check num_sge does not exceed MAX_SGE
-
-rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set
-to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element
-with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue.
-Add check to avoid it.
-
-Reported-by: Saar Amar <saaramar5@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
----
- hw/rdma/rdma_backend.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
-index d7a4bbd9..7f8028f8 100644
---- a/hw/rdma/rdma_backend.c
-+++ b/hw/rdma/rdma_backend.c
-@@ -311,9 +311,9 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev,
- }
-
- pr_dbg("num_sge=%d\n", num_sge);
-- if (!num_sge) {
-- pr_dbg("num_sge=0\n");
-- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
-+ if (!num_sge || num_sge > MAX_SGE) {
-+ pr_dbg("invalid num_sge=%d\n", num_sge);
-+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
- return;
- }
-
-@@ -390,9 +390,9 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
- }
-
- pr_dbg("num_sge=%d\n", num_sge);
-- if (!num_sge) {
-- pr_dbg("num_sge=0\n");
-- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
-+ if (!num_sge || num_sge > MAX_SGE) {
-+ pr_dbg("invalid num_sge=%d\n", num_sge);
-+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
- return;
- }
-
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch b/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
deleted file mode 100644
index 56559c8388..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-CVE: CVE-2018-20125
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 2c858ce5da8ae6689c75182b73bc455a291cad41 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:36 +0530
-Subject: [PATCH] pvrdma: check number of pages when creating rings
-
-When creating CQ/QP rings, an object can have up to
-PVRDMA_MAX_FAST_REG_PAGES 8 pages. Check 'npages' parameter
-to avoid excessive memory allocation or a null dereference.
-
-Reported-by: Li Qiang <liq3ea@163.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
----
- hw/rdma/vmw/pvrdma_cmd.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
-index 3b94545761..f236ac4795 100644
---- a/hw/rdma/vmw/pvrdma_cmd.c
-+++ b/hw/rdma/vmw/pvrdma_cmd.c
-@@ -259,6 +259,11 @@ static int create_cq_ring(PCIDevice *pci_dev , PvrdmaRing **ring,
- int rc = -EINVAL;
- char ring_name[MAX_RING_NAME_SZ];
-
-+ if (!nchunks || nchunks > PVRDMA_MAX_FAST_REG_PAGES) {
-+ pr_dbg("invalid nchunks: %d\n", nchunks);
-+ return rc;
-+ }
-+
- pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
- dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
- if (!dir) {
-@@ -372,6 +377,12 @@ static int create_qp_rings(PCIDevice *pci_dev, uint64_t pdir_dma,
- char ring_name[MAX_RING_NAME_SZ];
- uint32_t wqe_sz;
-
-+ if (!spages || spages > PVRDMA_MAX_FAST_REG_PAGES
-+ || !rpages || rpages > PVRDMA_MAX_FAST_REG_PAGES) {
-+ pr_dbg("invalid pages: %d, %d\n", spages, rpages);
-+ return rc;
-+ }
-+
- pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
- dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
- if (!dir) {
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch b/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
deleted file mode 100644
index 8329f2cfd0..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-CVE: CVE-2018-20126
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c]
-
-Backport and rebase patch to fix CVE-2018-20126.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 509f57c98e7536905bb4902363d0cba66ce7e089 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:37 +0530
-Subject: [PATCH] pvrdma: release ring object in case of an error
-
-create_cq and create_qp routines allocate ring object, but it's
-not released in case of an error, leading to memory leakage.
-
-Reported-by: Li Qiang <liq3ea@163.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
----
- hw/rdma/vmw/pvrdma_cmd.c | 41 ++++++++++++++++++++++++++++++-----------
- 1 file changed, 30 insertions(+), 11 deletions(-)
-
-diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
-index 4faeb21..9b6796f 100644
---- a/hw/rdma/vmw/pvrdma_cmd.c
-+++ b/hw/rdma/vmw/pvrdma_cmd.c
-@@ -310,6 +310,14 @@ out:
- return rc;
- }
-
-+static void destroy_cq_ring(PvrdmaRing *ring)
-+{
-+ pvrdma_ring_free(ring);
-+ /* ring_state was in slot 1, not 0 so need to jump back */
-+ rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE);
-+ g_free(ring);
-+}
-+
- static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
- union pvrdma_cmd_resp *rsp)
- {
-@@ -333,6 +341,10 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
-
- resp->hdr.err = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev,
- cmd->cqe, &resp->cq_handle, ring);
-+ if (resp->hdr.err) {
-+ destroy_cq_ring(ring);
-+ }
-+
- resp->cqe = cmd->cqe;
-
- out:
-@@ -356,10 +368,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
- }
-
- ring = (PvrdmaRing *)cq->opaque;
-- pvrdma_ring_free(ring);
-- /* ring_state was in slot 1, not 0 so need to jump back */
-- rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE);
-- g_free(ring);
-+ destroy_cq_ring(ring);
-
- rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle);
-
-@@ -451,6 +460,17 @@ out:
- return rc;
- }
-
-+static void destroy_qp_rings(PvrdmaRing *ring)
-+{
-+ pr_dbg("sring=%p\n", &ring[0]);
-+ pvrdma_ring_free(&ring[0]);
-+ pr_dbg("rring=%p\n", &ring[1]);
-+ pvrdma_ring_free(&ring[1]);
-+
-+ rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE);
-+ g_free(ring);
-+}
-+
- static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
- union pvrdma_cmd_resp *rsp)
- {
-@@ -482,6 +502,11 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
- cmd->max_recv_wr, cmd->max_recv_sge,
- cmd->recv_cq_handle, rings, &resp->qpn);
-
-+ if (resp->hdr.err) {
-+ destroy_qp_rings(rings);
-+ return resp->hdr.err;
-+ }
-+
- resp->max_send_wr = cmd->max_send_wr;
- resp->max_recv_wr = cmd->max_recv_wr;
- resp->max_send_sge = cmd->max_send_sge;
-@@ -555,13 +580,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
- rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle);
-
- ring = (PvrdmaRing *)qp->opaque;
-- pr_dbg("sring=%p\n", &ring[0]);
-- pvrdma_ring_free(&ring[0]);
-- pr_dbg("rring=%p\n", &ring[1]);
-- pvrdma_ring_free(&ring[1]);
--
-- rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE);
-- g_free(ring);
-+ destroy_qp_rings(ring);
-
- return 0;
- }
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch b/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
deleted file mode 100644
index 8f8ff0567a..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-CVE: CVE-2018-20191
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2aa8645]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 2aa86456fb938a11f2b7bd57c8643c213218681c Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:35 +0530
-Subject: [PATCH] pvrdma: add uar_read routine
-
-Define skeleton 'uar_read' routine. Avoid NULL dereference.
-
-Reported-by: Li Qiang <liq3ea@163.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
----
- hw/rdma/vmw/pvrdma_main.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
-index 64de16fb52..838ad8a949 100644
---- a/hw/rdma/vmw/pvrdma_main.c
-+++ b/hw/rdma/vmw/pvrdma_main.c
-@@ -448,6 +448,11 @@ static const MemoryRegionOps regs_ops = {
- },
- };
-
-+static uint64_t uar_read(void *opaque, hwaddr addr, unsigned size)
-+{
-+ return 0xffffffff;
-+}
-+
- static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
- {
- PVRDMADev *dev = opaque;
-@@ -489,6 +494,7 @@ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
- }
-
- static const MemoryRegionOps uar_ops = {
-+ .read = uar_read,
- .write = uar_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch b/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
deleted file mode 100644
index c02bad3bb9..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-CVE: CVE-2018-20216
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From f1e2e38ee0136b7710a2caa347049818afd57a1b Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:39 +0530
-Subject: [PATCH] pvrdma: check return value from pvrdma_idx_ring_has_ routines
-
-pvrdma_idx_ring_has_[data/space] routines also return invalid
-index PVRDMA_INVALID_IDX[=-1], if ring has no data/space. Check
-return value from these routines to avoid plausible infinite loops.
-
-Reported-by: Li Qiang <liq3ea@163.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
----
- hw/rdma/vmw/pvrdma_dev_ring.c | 29 +++++++++++------------------
- 1 file changed, 11 insertions(+), 18 deletions(-)
-
-diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
-index 01247fc041..e8e5b502f6 100644
---- a/hw/rdma/vmw/pvrdma_dev_ring.c
-+++ b/hw/rdma/vmw/pvrdma_dev_ring.c
-@@ -73,23 +73,16 @@ out:
-
- void *pvrdma_ring_next_elem_read(PvrdmaRing *ring)
- {
-+ int e;
- unsigned int idx = 0, offset;
-
-- /*
-- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
-- ring->ring_state->cons_head);
-- */
--
-- if (!pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx)) {
-+ e = pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx);
-+ if (e <= 0) {
- pr_dbg("No more data in ring\n");
- return NULL;
- }
-
- offset = idx * ring->elem_sz;
-- /*
-- pr_dbg("idx=%d\n", idx);
-- pr_dbg("offset=%d\n", offset);
-- */
- return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
- }
-
-@@ -105,20 +98,20 @@ void pvrdma_ring_read_inc(PvrdmaRing *ring)
-
- void *pvrdma_ring_next_elem_write(PvrdmaRing *ring)
- {
-- unsigned int idx, offset, tail;
-+ int idx;
-+ unsigned int offset, tail;
-
-- /*
-- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
-- ring->ring_state->cons_head);
-- */
--
-- if (!pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail)) {
-+ idx = pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail);
-+ if (idx <= 0) {
- pr_dbg("CQ is full\n");
- return NULL;
- }
-
- idx = pvrdma_idx(&ring->ring_state->prod_tail, ring->max_elems);
-- /* TODO: tail == idx */
-+ if (idx < 0 || tail != idx) {
-+ pr_dbg("invalid idx\n");
-+ return NULL;
-+ }
-
- offset = idx * ring->elem_sz;
- return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
deleted file mode 100644
index 7de5882b3e..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an
-out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc()
-function. A local attacker with permission to execute i2c commands could exploit
-this to read stack memory of the qemu process on the host.
-
-CVE: CVE-2019-3812
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 8 Jan 2019 11:23:01 +0100
-Subject: [PATCH] i2c-ddc: fix oob read
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Suggested-by: Michael Hanselmann <public@hansmi.ch>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Michael Hanselmann <public@hansmi.ch>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190108102301.1957-1-kraxel@redhat.com
----
- hw/i2c/i2c-ddc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
-index be34fe072cf..0a0367ff38f 100644
---- a/hw/i2c/i2c-ddc.c
-+++ b/hw/i2c/i2c-ddc.c
-@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
- I2CDDCState *s = I2CDDC(i2c);
-
- int value;
-- value = s->edid_blob[s->reg];
-+ value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
- s->reg++;
- return value;
- }
diff --git a/meta/recipes-devtools/qemu/qemu_3.1.0.bb b/meta/recipes-devtools/qemu/qemu_4.0.0.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu_4.0.0.bb
--
2.21.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0
2019-04-24 0:15 [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0 Alistair Francis
@ 2019-04-24 12:37 ` Burton, Ross
2019-04-24 17:37 ` Alistair Francis
2019-04-25 13:49 ` Richard Purdie
1 sibling, 1 reply; 8+ messages in thread
From: Burton, Ross @ 2019-04-24 12:37 UTC (permalink / raw)
To: Alistair Francis; +Cc: openembedded-core
This patch doesn't apply for me, probably because it got mangled in
transport somewhere. Is it in a branch I can pull from?
Ross
On Wed, 24 Apr 2019 at 01:15, Alistair Francis <Alistair.Francis@wdc.com> wrote:
>
> This commit upgrade QEMU to the latest 4.0.0 release.
>
> - The COPYING.LIB file has changed SHA to:
> "Synchronize the LGPL 2.1 with the version from gnu.org"
> - SDL 1.2 has been removed, along with the --with-sdlabi command line
> arg
> - The backported patches have been removed
> - Al the other patches have been refreshed and the numbering has been
> updated
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
> meta/conf/distro/include/tcmode-default.inc | 2 +-
> meta/recipes-devtools/qemu/qemu-native.inc | 4 +-
> ...u-native_3.1.0.bb => qemu-native_4.0.0.bb} | 0
> ...e_3.1.0.bb => qemu-system-native_4.0.0.bb} | 1 +
> meta/recipes-devtools/qemu/qemu.inc | 38 +++---
> .../qemu/0001-Add-a-missing-X11-include.patch | 65 ----------
> ...-egl-headless-add-egl_create_context.patch | 50 --------
> ...mu-Add-missing-wacom-HID-descriptor.patch} | 2 +-
> ...-allow-user-to-disable-pointer-grabs.patch | 72 -----------
> ...est-which-runs-all-unit-test-cases-.patch} | 6 +-
> ...-environment-space-to-boot-loader-q.patch} | 6 +-
> ...patch => 0004-qemu-disable-Valgrind.patch} | 6 +-
> ...searched-during-user-mode-emulation.patch} | 2 +-
> ...d.bfd-fix-cflags-and-set-some-envir.patch} | 6 +-
> ...connect-socket-to-a-spawned-command.patch} | 69 ++++++-----
> ... 0008-apic-fixup-fallthrough-to-PIC.patch} | 6 +-
> ...ebkitgtk-hangs-on-32-bit-x86-target.patch} | 4 +-
> ...-fix-mmap-munmap-mprotect-mremap-sh.patch} | 20 ++--
> ...-libcap-header-issue-on-some-distro.patch} | 2 +-
> ...messages-when-qemi_cpu_kick_thread-.patch} | 10 +-
> .../qemu/qemu/0014-fix-CVE-2018-16872.patch | 85 -------------
> .../qemu/qemu/0015-fix-CVE-2018-20124.patch | 60 ----------
> .../qemu/qemu/0016-fix-CVE-2018-20125.patch | 54 ---------
> .../qemu/qemu/0017-fix-CVE-2018-20126.patch | 113 ------------------
> .../qemu/qemu/0018-fix-CVE-2018-20191.patch | 47 --------
> .../qemu/qemu/0019-fix-CVE-2018-20216.patch | 85 -------------
> .../qemu/qemu/CVE-2019-3812.patch | 39 ------
> .../qemu/{qemu_3.1.0.bb => qemu_4.0.0.bb} | 0
> 28 files changed, 87 insertions(+), 767 deletions(-)
> rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => qemu-native_4.0.0.bb} (100%)
> rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => qemu-system-native_4.0.0.bb} (95%)
> delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
> delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
> rename meta/recipes-devtools/qemu/qemu/{0002-qemu-Add-missing-wacom-HID-descriptor.patch => 0001-qemu-Add-missing-wacom-HID-descriptor.patch} (98%)
> delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
> rename meta/recipes-devtools/qemu/qemu/{0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch => 0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch} (83%)
> rename meta/recipes-devtools/qemu/qemu/{0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch => 0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch} (89%)
> rename meta/recipes-devtools/qemu/qemu/{0005-qemu-disable-Valgrind.patch => 0004-qemu-disable-Valgrind.patch} (85%)
> rename meta/recipes-devtools/qemu/qemu/{0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch => 0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch} (98%)
> rename meta/recipes-devtools/qemu/qemu/{0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch => 0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch} (82%)
> rename meta/recipes-devtools/qemu/qemu/{0008-chardev-connect-socket-to-a-spawned-command.patch => 0007-chardev-connect-socket-to-a-spawned-command.patch} (80%)
> rename meta/recipes-devtools/qemu/qemu/{0009-apic-fixup-fallthrough-to-PIC.patch => 0008-apic-fixup-fallthrough-to-PIC.patch} (90%)
> rename meta/recipes-devtools/qemu/qemu/{0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch => 0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch} (93%)
> rename meta/recipes-devtools/qemu/qemu/{0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch => 0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch} (90%)
> rename meta/recipes-devtools/qemu/qemu/{0012-fix-libcap-header-issue-on-some-distro.patch => 0011-fix-libcap-header-issue-on-some-distro.patch} (97%)
> rename meta/recipes-devtools/qemu/qemu/{0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch => 0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch} (87%)
> delete mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
> delete mode 100644 meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
> delete mode 100644 meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
> delete mode 100644 meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
> delete mode 100644 meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
> delete mode 100644 meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
> delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
> rename meta/recipes-devtools/qemu/{qemu_3.1.0.bb => qemu_4.0.0.bb} (100%)
>
> diff --git a/meta/conf/distro/include/tcmode-default.inc b/meta/conf/distro/include/tcmode-default.inc
> index 04373cc0aa..02e9ddde24 100644
> --- a/meta/conf/distro/include/tcmode-default.inc
> +++ b/meta/conf/distro/include/tcmode-default.inc
> @@ -24,7 +24,7 @@ BINUVERSION ?= "2.32%"
> GDBVERSION ?= "8.2%"
> GLIBCVERSION ?= "2.29%"
> LINUXLIBCVERSION ?= "5.0%"
> -QEMUVERSION ?= "3.1%"
> +QEMUVERSION ?= "4.0%"
> GOVERSION ?= "1.12%"
>
> PREFERRED_VERSION_gcc ?= "${GCCVERSION}"
> diff --git a/meta/recipes-devtools/qemu/qemu-native.inc b/meta/recipes-devtools/qemu/qemu-native.inc
> index 4373ad9e63..34ab8e6401 100644
> --- a/meta/recipes-devtools/qemu/qemu-native.inc
> +++ b/meta/recipes-devtools/qemu/qemu-native.inc
> @@ -3,8 +3,8 @@ inherit native
> require qemu.inc
>
> SRC_URI_append = " \
> - file://0012-fix-libcap-header-issue-on-some-distro.patch \
> - file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
> + file://0011-fix-libcap-header-issue-on-some-distro.patch \
> + file://0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
> "
> EXTRA_OECONF_append = " --python=python2.7"
>
> diff --git a/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-native_4.0.0.bb
> similarity index 100%
> rename from meta/recipes-devtools/qemu/qemu-native_3.1.0.bb
> rename to meta/recipes-devtools/qemu/qemu-native_4.0.0.bb
> diff --git a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
> similarity index 95%
> rename from meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
> rename to meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
> index 5bf528bec1..820883df65 100644
> --- a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
> +++ b/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
> @@ -20,4 +20,5 @@ do_install_append() {
> # The following is also installed by qemu-native
> rm -f ${D}${datadir}/qemu/trace-events-all
> rm -rf ${D}${datadir}/qemu/keymaps
> + rm -rf ${D}${datadir}/icons/
> }
> diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
> index 13f0549c25..dd666f86a8 100644
> --- a/meta/recipes-devtools/qemu/qemu.inc
> +++ b/meta/recipes-devtools/qemu/qemu.inc
> @@ -5,36 +5,26 @@ LICENSE = "GPLv2 & LGPLv2.1"
> RDEPENDS_${PN}-ptest = "bash make"
>
> LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
> - file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
> + file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f"
>
> SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
> file://powerpc_rom.bin \
> - file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \
> - file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \
> - file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
> file://run-ptest \
> - file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
> - file://0005-qemu-disable-Valgrind.patch \
> - file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
> - file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
> - file://0008-chardev-connect-socket-to-a-spawned-command.patch \
> - file://0009-apic-fixup-fallthrough-to-PIC.patch \
> - file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
> - file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
> - file://0001-Add-a-missing-X11-include.patch \
> - file://0001-egl-headless-add-egl_create_context.patch \
> - file://0014-fix-CVE-2018-16872.patch \
> - file://0015-fix-CVE-2018-20124.patch \
> - file://0016-fix-CVE-2018-20125.patch \
> - file://0017-fix-CVE-2018-20126.patch \
> - file://0018-fix-CVE-2018-20191.patch \
> - file://0019-fix-CVE-2018-20216.patch \
> - file://CVE-2019-3812.patch \
> + file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \
> + file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
> + file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
> + file://0004-qemu-disable-Valgrind.patch \
> + file://0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
> + file://0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
> + file://0007-chardev-connect-socket-to-a-spawned-command.patch \
> + file://0008-apic-fixup-fallthrough-to-PIC.patch \
> + file://0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
> + file://0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
> "
> UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
>
> -SRC_URI[md5sum] = "fb687ce0b02d3bf4327e36d3b99427a8"
> -SRC_URI[sha256sum] = "6a0508df079a0a33c2487ca936a56c12122f105b8a96a44374704bef6c69abfc"
> +SRC_URI[md5sum] = "0afeca336fd57ae3d3086ec07f59d708"
> +SRC_URI[sha256sum] = "13a93dfe75b86734326f8d5b475fde82ec692d5b5a338b4262aeeb6b0fa4e469"
>
> COMPATIBLE_HOST_mipsarchn32 = "null"
> COMPATIBLE_HOST_mipsarchn64 = "null"
> @@ -133,7 +123,7 @@ make_qemu_wrapper() {
> PACKAGECONFIG_remove_darwin = "kvm virglrenderer glx gtk+"
> PACKAGECONFIG_remove_mingw32 = "kvm virglrenderer glx gtk+"
>
> -PACKAGECONFIG[sdl] = "--enable-sdl --with-sdlabi=2.0,--disable-sdl,libsdl2"
> +PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2"
> PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr,--disable-virtfs,libcap attr,"
> PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"
> PACKAGECONFIG[xfs] = "--enable-xfsctl,--disable-xfsctl,xfsprogs,"
> diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
> deleted file mode 100644
> index 192936e1e7..0000000000
> --- a/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
> +++ /dev/null
> @@ -1,65 +0,0 @@
> -From eb1a215a4f86dde4493c3e22ad9f6d698850915e Mon Sep 17 00:00:00 2001
> -From: Alexander Kanavin <alex.kanavin@gmail.com>
> -Date: Thu, 20 Dec 2018 18:06:29 +0100
> -Subject: [PATCH] egl-helpers.h: do not depend on X11 Window type, use
> - EGLNativeWindowType
> -
> -It was assumed that mesa provides the necessary X11 includes,
> -but it is not always the case, as it can be configured without x11 support.
> -
> -Upstream-Status: Submitted [http://lists.nongnu.org/archive/html/qemu-devel/2019-01/msg03706.html]
> -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
> -
> ----
> - include/ui/egl-helpers.h | 2 +-
> - ui/egl-helpers.c | 4 ++--
> - ui/gtk-egl.c | 2 +-
> - 3 files changed, 4 insertions(+), 4 deletions(-)
> -
> -diff --git a/include/ui/egl-helpers.h b/include/ui/egl-helpers.h
> -index 9db7293b..3fc656a7 100644
> ---- a/include/ui/egl-helpers.h
> -+++ b/include/ui/egl-helpers.h
> -@@ -43,7 +43,7 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf);
> -
> - #endif
> -
> --EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win);
> -+EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win);
> -
> - int qemu_egl_init_dpy_x11(EGLNativeDisplayType dpy, DisplayGLMode mode);
> - int qemu_egl_init_dpy_mesa(EGLNativeDisplayType dpy, DisplayGLMode mode);
> -diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c
> -index 4f475142..5e115b3f 100644
> ---- a/ui/egl-helpers.c
> -+++ b/ui/egl-helpers.c
> -@@ -273,14 +273,14 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf)
> -
> - /* ---------------------------------------------------------------------- */
> -
> --EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win)
> -+EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win)
> - {
> - EGLSurface esurface;
> - EGLBoolean b;
> -
> - esurface = eglCreateWindowSurface(qemu_egl_display,
> - qemu_egl_config,
> -- (EGLNativeWindowType)win, NULL);
> -+ win, NULL);
> - if (esurface == EGL_NO_SURFACE) {
> - error_report("egl: eglCreateWindowSurface failed");
> - return NULL;
> -diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c
> -index 5420c236..1f941162 100644
> ---- a/ui/gtk-egl.c
> -+++ b/ui/gtk-egl.c
> -@@ -54,7 +54,7 @@ void gd_egl_init(VirtualConsole *vc)
> - }
> -
> - vc->gfx.ectx = qemu_egl_init_ctx();
> -- vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, x11_window);
> -+ vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, (EGLNativeWindowType)x11_window);
> -
> - assert(vc->gfx.esurface);
> - }
> diff --git a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch b/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
> deleted file mode 100644
> index d9326c017a..0000000000
> --- a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
> +++ /dev/null
> @@ -1,50 +0,0 @@
> -From 952e5d584f5aabe41298c278065fe628f3f7aa7a Mon Sep 17 00:00:00 2001
> -From: Gerd Hoffmann <kraxel@redhat.com>
> -Date: Thu, 29 Nov 2018 13:35:02 +0100
> -Subject: [PATCH] egl-headless: add egl_create_context
> -
> -We must set the correct context (via eglMakeCurrent) before
> -calling qemu_egl_create_context, so we need a thin wrapper and can't
> -hook qemu_egl_create_context directly as ->dpy_gl_ctx_create callback.
> -
> -Reported-by: Frederik Carlier <frederik.carlier@quamotion.mobi>
> -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> -Message-id: 20181129123502.30129-1-kraxel@redhat.com
> -
> -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=952e5d584f5aabe41298c278065fe628f3f7aa7a]
> -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
> ----
> - ui/egl-headless.c | 10 +++++++++-
> - 1 file changed, 9 insertions(+), 1 deletion(-)
> -
> -diff --git a/ui/egl-headless.c b/ui/egl-headless.c
> -index 4cf3bbc0e4..519e7bad32 100644
> ---- a/ui/egl-headless.c
> -+++ b/ui/egl-headless.c
> -@@ -38,6 +38,14 @@ static void egl_gfx_switch(DisplayChangeListener *dcl,
> - edpy->ds = new_surface;
> - }
> -
> -+static QEMUGLContext egl_create_context(DisplayChangeListener *dcl,
> -+ QEMUGLParams *params)
> -+{
> -+ eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE,
> -+ qemu_egl_rn_ctx);
> -+ return qemu_egl_create_context(dcl, params);
> -+}
> -+
> - static void egl_scanout_disable(DisplayChangeListener *dcl)
> - {
> - egl_dpy *edpy = container_of(dcl, egl_dpy, dcl);
> -@@ -150,7 +158,7 @@ static const DisplayChangeListenerOps egl_ops = {
> - .dpy_gfx_update = egl_gfx_update,
> - .dpy_gfx_switch = egl_gfx_switch,
> -
> -- .dpy_gl_ctx_create = qemu_egl_create_context,
> -+ .dpy_gl_ctx_create = egl_create_context,
> - .dpy_gl_ctx_destroy = qemu_egl_destroy_context,
> - .dpy_gl_ctx_make_current = qemu_egl_make_context_current,
> - .dpy_gl_ctx_get_current = qemu_egl_get_current_context,
> ---
> -2.17.1
> -
> diff --git a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
> similarity index 98%
> rename from meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
> rename to meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
> index 4de2688838..5373915ff0 100644
> --- a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
> @@ -1,4 +1,4 @@
> -From 7ac3c84f28866491c58cc0f52a25a706949c8ef3 Mon Sep 17 00:00:00 2001
> +From 1cb804cf0e47116202011f3386b4739af668224a Mon Sep 17 00:00:00 2001
> From: Richard Purdie <richard.purdie@linuxfoundation.org>
> Date: Thu, 27 Nov 2014 14:04:29 +0000
> Subject: [PATCH] qemu: Add missing wacom HID descriptor
> diff --git a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch b/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
> deleted file mode 100644
> index 5b9a1f911c..0000000000
> --- a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
> +++ /dev/null
> @@ -1,72 +0,0 @@
> -From c53ddb5acbee56db6423f369b9f9a9b62501b4af Mon Sep 17 00:00:00 2001
> -From: Ross Burton <ross.burton@intel.com>
> -Date: Wed, 18 Sep 2013 14:04:54 +0100
> -Subject: [PATCH] sdl.c: allow user to disable pointer grabs
> -MIME-Version: 1.0
> -Content-Type: text/plain; charset=UTF-8
> -Content-Transfer-Encoding: 8bit
> -
> -When the pointer enters the Qemu window it calls SDL_WM_GrabInput, which calls
> -XGrabPointer in a busyloop until it returns GrabSuccess. However if there's already
> -a pointer grab (screen is locked, a menu is open) then qemu will hang until the
> -grab can be taken. In the specific case of a headless X server on an autobuilder, once
> -the screensaver has kicked in any qemu instance that appears underneath the
> -pointer will hang.
> -
> -I'm not entirely sure why pointer grabs are required (the documentation
> -explicitly says it doesn't do grabs when using a tablet, which we are) so wrap
> -them in a conditional that can be set by the autobuilder environment, preserving
> -the current grabbing behaviour for everyone else.
> -
> -Upstream-Status: Pending
> -Signed-off-by: Ross Burton <ross.burton@intel.com>
> -Signed-off-by: Eric Bénard <eric@eukrea.com>
> -
> ----
> - ui/sdl.c | 13 +++++++++++--
> - 1 file changed, 11 insertions(+), 2 deletions(-)
> -
> -diff --git a/ui/sdl.c b/ui/sdl.c
> -index 190b16f5..aa89471d 100644
> ---- a/ui/sdl.c
> -+++ b/ui/sdl.c
> -@@ -69,6 +69,11 @@ static int idle_counter;
> - static const guint16 *keycode_map;
> - static size_t keycode_maplen;
> -
> -+#ifndef True
> -+#define True 1
> -+#endif
> -+static doing_grabs = True;
> -+
> - #define SDL_REFRESH_INTERVAL_BUSY 10
> - #define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \
> - / SDL_REFRESH_INTERVAL_BUSY + 1)
> -@@ -399,14 +404,16 @@ static void sdl_grab_start(void)
> - }
> - } else
> - sdl_hide_cursor();
> -- SDL_WM_GrabInput(SDL_GRAB_ON);
> -+ if (doing_grabs)
> -+ SDL_WM_GrabInput(SDL_GRAB_ON);
> - gui_grab = 1;
> - sdl_update_caption();
> - }
> -
> - static void sdl_grab_end(void)
> - {
> -- SDL_WM_GrabInput(SDL_GRAB_OFF);
> -+ if (doing_grabs)
> -+ SDL_WM_GrabInput(SDL_GRAB_OFF);
> - gui_grab = 0;
> - sdl_show_cursor();
> - sdl_update_caption();
> -@@ -945,6 +952,8 @@ static void sdl1_display_init(DisplayState *ds, DisplayOptions *o)
> - * This requires SDL >= 1.2.14. */
> - setenv("SDL_DISABLE_LOCK_KEYS", "1", 1);
> -
> -+ doing_grabs = (getenv("QEMU_DONT_GRAB") == NULL);
> -+
> - flags = SDL_INIT_VIDEO | SDL_INIT_NOPARACHUTE;
> - if (SDL_Init (flags)) {
> - fprintf(stderr, "Could not initialize SDL(%s) - exiting\n",
> diff --git a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
> similarity index 83%
> rename from meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
> rename to meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
> index 668fc4680c..7b7c5d71a0 100644
> --- a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
> @@ -1,4 +1,4 @@
> -From aac8834bfd5b79e724f2593895847b50968a1223 Mon Sep 17 00:00:00 2001
> +From 281116b31981b0b9e174bda8abe00f4eaa33c2ae Mon Sep 17 00:00:00 2001
> From: Juro Bystricky <juro.bystricky@intel.com>
> Date: Thu, 31 Aug 2017 11:06:56 -0700
> Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
> @@ -15,10 +15,10 @@ Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
> 1 file changed, 8 insertions(+)
>
> diff --git a/tests/Makefile.include b/tests/Makefile.include
> -index fb0b449c..afedabd4 100644
> +index 36fc73fe..01fecd4d 100644
> --- a/tests/Makefile.include
> +++ b/tests/Makefile.include
> -@@ -967,4 +967,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
> +@@ -1184,4 +1184,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
> -include $(wildcard tests/*.d)
> -include $(wildcard tests/libqos/*.d)
>
> diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
> similarity index 89%
> rename from meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
> rename to meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
> index b4d4c587bd..9a18ca18e4 100644
> --- a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
> @@ -1,4 +1,4 @@
> -From 3de7a5635093c31dcb960ce9dff27da629b85d4d Mon Sep 17 00:00:00 2001
> +From bf04acef9ec31ddcc18ddbb4ac5b7b1e7368bf7d Mon Sep 17 00:00:00 2001
> From: Jason Wessel <jason.wessel@windriver.com>
> Date: Fri, 28 Mar 2014 17:42:43 +0800
> Subject: [PATCH] qemu: Add addition environment space to boot loader
> @@ -19,10 +19,10 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
> -index c1cf0fe1..decffd2f 100644
> +index 439665ab..285c78ef 100644
> --- a/hw/mips/mips_malta.c
> +++ b/hw/mips/mips_malta.c
> -@@ -62,7 +62,7 @@
> +@@ -60,7 +60,7 @@
>
> #define ENVP_ADDR 0x80002000l
> #define ENVP_NB_ENTRIES 16
> diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
> similarity index 85%
> rename from meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
> rename to meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
> index f0cf8148e1..9e326081f2 100644
> --- a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
> @@ -1,4 +1,4 @@
> -From 32e8a94b6ae664d9b5689e19d495e304c0f41954 Mon Sep 17 00:00:00 2001
> +From e40f797548bc3ff06c71b6cbe042a46406894d18 Mon Sep 17 00:00:00 2001
> From: Ross Burton <ross.burton@intel.com>
> Date: Tue, 20 Oct 2015 22:19:08 +0100
> Subject: [PATCH] qemu: disable Valgrind
> @@ -13,10 +13,10 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
> 1 file changed, 9 deletions(-)
>
> diff --git a/configure b/configure
> -index 0a3c6a72..069e0daa 100755
> +index 1c563a70..eaf9bb5e 100755
> --- a/configure
> +++ b/configure
> -@@ -5044,15 +5044,6 @@ fi
> +@@ -5311,15 +5311,6 @@ fi
> # check if we have valgrind/valgrind.h
>
> valgrind_h=no
> diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
> similarity index 98%
> rename from meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
> rename to meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
> index 4b2f0137eb..819720a3f2 100644
> --- a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
> @@ -1,4 +1,4 @@
> -From 02f80ee81681b6307a8032128a07686183662270 Mon Sep 17 00:00:00 2001
> +From 547c3710a1493d2fd6bb56b819cf162db433756a Mon Sep 17 00:00:00 2001
> From: Richard Purdie <richard.purdie@linuxfoundation.org>
> Date: Wed, 9 Mar 2016 22:49:02 +0000
> Subject: [PATCH] qemu: Limit paths searched during user mode emulation
> diff --git a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
> similarity index 82%
> rename from meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
> rename to meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
> index 4163e51884..b62a588c66 100644
> --- a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
> @@ -1,4 +1,4 @@
> -From 74bce35b71f4733c13e96f96e25956ff943fae20 Mon Sep 17 00:00:00 2001
> +From 107fd860529a3c1319d54c3c225758457b0d9394 Mon Sep 17 00:00:00 2001
> From: Stephen Arnold <sarnold@vctlabs.com>
> Date: Sun, 12 Jun 2016 18:09:56 -0700
> Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
> @@ -10,10 +10,10 @@ Upstream-Status: Pending
> 1 file changed, 4 deletions(-)
>
> diff --git a/configure b/configure
> -index 069e0daa..5b97f3c1 100755
> +index eaf9bb5e..de2933d1 100755
> --- a/configure
> +++ b/configure
> -@@ -5622,10 +5622,6 @@ write_c_skeleton
> +@@ -5928,10 +5928,6 @@ write_c_skeleton
> if test "$gcov" = "yes" ; then
> CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
> LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
> diff --git a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
> similarity index 80%
> rename from meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
> rename to meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
> index e5a2d4abca..f3f3dc3f5e 100644
> --- a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
> @@ -1,4 +1,4 @@
> -From 9c1e976290e87a83ab1bfe38eb7ff3521ff0d684 Mon Sep 17 00:00:00 2001
> +From 136e159482a1bc8676cbe6e767055d0c3fb20065 Mon Sep 17 00:00:00 2001
> From: Alistair Francis <alistair.francis@xilinx.com>
> Date: Thu, 21 Dec 2017 11:35:16 -0800
> Subject: [PATCH] chardev: connect socket to a spawned command
> @@ -46,17 +46,17 @@ Upstream-Status: Inappropriate [embedded specific]
> Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
>
> ---
> - chardev/char-socket.c | 102 ++++++++++++++++++++++++++++++++++++++++++
> + chardev/char-socket.c | 101 ++++++++++++++++++++++++++++++++++++++++++
> chardev/char.c | 3 ++
> qapi/char.json | 5 +++
> - 3 files changed, 110 insertions(+)
> + 3 files changed, 109 insertions(+)
>
> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> -index eaa8e8b6..959ed183 100644
> +index 3916505d..a8e9dce8 100644
> --- a/chardev/char-socket.c
> +++ b/chardev/char-socket.c
> -@@ -987,6 +987,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
> - return false;
> +@@ -1273,6 +1273,67 @@ static bool qmp_chardev_validate_socket(ChardevSocket *sock,
> + return true;
> }
>
> +#ifndef _WIN32
> @@ -120,11 +120,10 @@ index eaa8e8b6..959ed183 100644
> + }
> +}
> +#endif
> -+
> +
> static void qmp_chardev_open_socket(Chardev *chr,
> ChardevBackend *backend,
> - bool *be_opened,
> -@@ -994,6 +1056,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
> +@@ -1281,6 +1342,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
> {
> SocketChardev *s = SOCKET_CHARDEV(chr);
> ChardevSocket *sock = backend->u.socket.data;
> @@ -134,9 +133,9 @@ index eaa8e8b6..959ed183 100644
> bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
> bool is_listen = sock->has_server ? sock->server : true;
> bool is_telnet = sock->has_telnet ? sock->telnet : false;
> -@@ -1072,6 +1137,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
> - s->reconnect_time = reconnect;
> - }
> +@@ -1346,6 +1410,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
> +
> + update_disconnected_filename(s);
>
> +#ifndef _WIN32
> + if (cmd) {
> @@ -146,13 +145,13 @@ index eaa8e8b6..959ed183 100644
> + *be_opened = true;
> + } else
> +#endif
> - if (s->reconnect_time) {
> - tcp_chr_connect_async(chr);
> - } else {
> -@@ -1131,9 +1204,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
> + if (s->is_listen) {
> + if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270,
> + is_waitconnect, errp) < 0) {
> +@@ -1365,9 +1437,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
> + const char *host = qemu_opt_get(opts, "host");
> const char *port = qemu_opt_get(opts, "port");
> const char *fd = qemu_opt_get(opts, "fd");
> - const char *tls_creds = qemu_opt_get(opts, "tls-creds");
> +#ifndef _WIN32
> + const char *cmd = qemu_opt_get(opts, "cmd");
> +#endif
> @@ -166,7 +165,7 @@ index eaa8e8b6..959ed183 100644
> + * spawning a command, otherwise unmodified code that doesn't know about
> + * command spawning (like socket_reconnect_timeout()) might get called.
> + */
> -+ if (path || is_listen || is_telnet || is_tn3270 || reconnect || host || port || tls_creds) {
> ++ if (path || sock->server || sock->has_telnet || sock->has_tn3270 || sock->reconnect || host || port || sock->tls_creds) {
> + error_setg(errp, "chardev: socket: cmd does not support any additional options");
> + return;
> + }
> @@ -176,14 +175,14 @@ index eaa8e8b6..959ed183 100644
> if ((!!path + !!fd + !!host) != 1) {
> error_setg(errp,
> "Exactly one of 'path', 'fd' or 'host' required");
> -@@ -1180,12 +1270,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
> - sock->reconnect = reconnect;
> - sock->tls_creds = g_strdup(tls_creds);
> +@@ -1410,12 +1499,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
> + sock->has_tls_authz = qemu_opt_get(opts, "tls-authz");
> + sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz"));
>
> +#ifndef _WIN32
> + sock->cmd = g_strdup(cmd);
> +#endif
> -+
> ++
> addr = g_new0(SocketAddressLegacy, 1);
> +#ifndef _WIN32
> + if (path || cmd) {
> @@ -202,10 +201,10 @@ index eaa8e8b6..959ed183 100644
> addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
> addr->u.inet.data = g_new(InetSocketAddress, 1);
> diff --git a/chardev/char.c b/chardev/char.c
> -index 152dde53..62d5b578 100644
> +index 514cd6b0..36a40d67 100644
> --- a/chardev/char.c
> +++ b/chardev/char.c
> -@@ -818,6 +818,9 @@ QemuOptsList qemu_chardev_opts = {
> +@@ -835,6 +835,9 @@ QemuOptsList qemu_chardev_opts = {
> },{
> .name = "path",
> .type = QEMU_OPT_STRING,
> @@ -216,10 +215,10 @@ index 152dde53..62d5b578 100644
> .name = "host",
> .type = QEMU_OPT_STRING,
> diff --git a/qapi/char.json b/qapi/char.json
> -index 79bac598..97bd161a 100644
> +index a6e81ac7..517962c6 100644
> --- a/qapi/char.json
> +++ b/qapi/char.json
> -@@ -242,6 +242,10 @@
> +@@ -247,6 +247,10 @@
> #
> # @addr: socket address to listen on (server=true)
> # or connect to (server=false)
> @@ -228,13 +227,13 @@ index 79bac598..97bd161a 100644
> +# is used by the chardev. Either an addr or a cmd can
> +# be specified, but not both.
> # @tls-creds: the ID of the TLS credentials object (since 2.6)
> - # @server: create server socket (default: true)
> - # @wait: wait for incoming connection on server
> -@@ -261,6 +265,7 @@
> - # Since: 1.4
> + # @tls-authz: the ID of the QAuthZ authorization object against which
> + # the client's x509 distinguished name will be validated. This
> +@@ -272,6 +276,7 @@
> ##
> - { 'struct': 'ChardevSocket', 'data': { 'addr' : 'SocketAddressLegacy',
> -+ '*cmd' : 'str',
> - '*tls-creds' : 'str',
> - '*server' : 'bool',
> - '*wait' : 'bool',
> + { 'struct': 'ChardevSocket',
> + 'data': { 'addr': 'SocketAddressLegacy',
> ++ '*cmd': 'str',
> + '*tls-creds': 'str',
> + '*tls-authz' : 'str',
> + '*server': 'bool',
> diff --git a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
> similarity index 90%
> rename from meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
> rename to meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
> index 1d3a2b5b21..13037f33f3 100644
> --- a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
> @@ -1,4 +1,4 @@
> -From 4829da131996548dc86775b8b97a29c436f3d130 Mon Sep 17 00:00:00 2001
> +From 1b3f264e2ba18caf658fae27293c426c8366c6a3 Mon Sep 17 00:00:00 2001
> From: Mark Asselstine <mark.asselstine@windriver.com>
> Date: Tue, 26 Feb 2013 11:43:28 -0500
> Subject: [PATCH] apic: fixup fallthrough to PIC
> @@ -30,10 +30,10 @@ Signed-off-by: He Zhe <zhe.he@windriver.com>
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/intc/apic.c b/hw/intc/apic.c
> -index 97ffdd82..ef23430e 100644
> +index 6ea619c3..f892811e 100644
> --- a/hw/intc/apic.c
> +++ b/hw/intc/apic.c
> -@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *dev)
> +@@ -604,7 +604,7 @@ int apic_accept_pic_intr(DeviceState *dev)
> APICCommonState *s = APIC(dev);
> uint32_t lvt0;
>
> diff --git a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
> similarity index 93%
> rename from meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
> rename to meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
> index c0d7914be0..c572ff94d0 100644
> --- a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
> @@ -1,4 +1,4 @@
> -From bce25c9cda73569963615ffd31ed949cbe3a3781 Mon Sep 17 00:00:00 2001
> +From a33ae91504ea4d254b5ace64a84791d3c96c9773 Mon Sep 17 00:00:00 2001
> From: Alistair Francis <alistair.francis@xilinx.com>
> Date: Wed, 17 Jan 2018 10:51:49 -0800
> Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
> @@ -19,7 +19,7 @@ Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/linux-user/main.c b/linux-user/main.c
> -index 923cbb75..fe0b9ff4 100644
> +index a0aba9cb..34c54924 100644
> --- a/linux-user/main.c
> +++ b/linux-user/main.c
> @@ -69,7 +69,7 @@ int have_guest_base;
> diff --git a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch b/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
> similarity index 90%
> rename from meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
> rename to meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
> index 066ea7865a..3418eb7c65 100644
> --- a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
> @@ -1,4 +1,4 @@
> -From 496231774f8bc17ecfaf543a6603e3cad3f3f74e Mon Sep 17 00:00:00 2001
> +From 2a66bd95c856de6950fbd802c5b99075207c1d76 Mon Sep 17 00:00:00 2001
> From: Martin Jansa <martin.jansa@lge.com>
> Date: Fri, 1 Jun 2018 08:41:07 +0000
> Subject: [PATCH] Revert "linux-user: fix mmap/munmap/mprotect/mremap/shmat"
> @@ -23,7 +23,7 @@ Upstream-Status: Pending
> 4 files changed, 15 insertions(+), 29 deletions(-)
>
> diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
> -index 117d2fbb..90558c14 100644
> +index b16c9ec5..612db6a0 100644
> --- a/include/exec/cpu-all.h
> +++ b/include/exec/cpu-all.h
> @@ -163,12 +163,8 @@ extern unsigned long guest_base;
> @@ -41,7 +41,7 @@ index 117d2fbb..90558c14 100644
>
> #include "exec/hwaddr.h"
> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
> -index 95906849..ed17b3f6 100644
> +index d78041d7..845639f7 100644
> --- a/include/exec/cpu_ldst.h
> +++ b/include/exec/cpu_ldst.h
> @@ -62,13 +62,15 @@ typedef uint64_t abi_ptr;
> @@ -68,7 +68,7 @@ index 95906849..ed17b3f6 100644
> #define h2g_nocheck(x) ({ \
> unsigned long __ret = (unsigned long)(x) - guest_base; \
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> -index 41e0983c..d0ee1c53 100644
> +index e0249efe..cfe34b35 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -79,7 +79,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
> @@ -81,9 +81,9 @@ index 41e0983c..d0ee1c53 100644
> }
> prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
> @@ -490,8 +490,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
> - * It can fail only on 64-bit host with 32-bit target.
> - * On any other target/host host mmap() handles this error correctly.
> - */
> + * It can fail only on 64-bit host with 32-bit target.
> + * On any other target/host host mmap() handles this error correctly.
> + */
> - if (!guest_range_valid(start, len)) {
> - errno = ENOMEM;
> + if ((unsigned long)start + len - 1 > (abi_ulong) -1) {
> @@ -118,10 +118,10 @@ index 41e0983c..d0ee1c53 100644
>
> if (flags & MREMAP_FIXED) {
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> -index 280137da..efdd0006 100644
> +index 96cd4bf8..e6754772 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> -@@ -3818,9 +3818,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
> +@@ -3860,9 +3860,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
> return -TARGET_EINVAL;
> }
> }
> @@ -131,7 +131,7 @@ index 280137da..efdd0006 100644
>
> mmap_lock();
>
> -@@ -6582,7 +6579,7 @@ static int open_self_maps(void *cpu_env, int fd)
> +@@ -6633,7 +6630,7 @@ static int open_self_maps(void *cpu_env, int fd)
> }
> if (h2g_valid(min)) {
> int flags = page_get_flags(h2g(min));
> diff --git a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch b/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
> similarity index 97%
> rename from meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
> rename to meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
> index 9cbe838811..3a7d7bbd33 100644
> --- a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
> @@ -1,4 +1,4 @@
> -From d3e0b8dac7c2eb20d7fcff747bc98b981f4398ef Mon Sep 17 00:00:00 2001
> +From 9125afb733d8c96416bb83c5adad39bb8d0803a1 Mon Sep 17 00:00:00 2001
> From: Hongxu Jia <hongxu.jia@windriver.com>
> Date: Tue, 12 Mar 2013 09:54:06 +0800
> Subject: [PATCH] fix libcap header issue on some distro
> diff --git a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
> similarity index 87%
> rename from meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
> rename to meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
> index 27e508c5a3..04664195d1 100644
> --- a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
> +++ b/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
> @@ -1,4 +1,4 @@
> -From 861c522df7791d7e93743d5641f3ef2a5a3c4632 Mon Sep 17 00:00:00 2001
> +From 0a53e906510cce1f32bc04a11e81ea40f834dac4 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
> Date: Wed, 12 Aug 2015 15:11:30 -0500
> Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
> @@ -20,10 +20,10 @@ Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
> create mode 100644 custom_debug.h
>
> diff --git a/cpus.c b/cpus.c
> -index 0ddeeefc..4f3a5624 100644
> +index e83f72b4..e6e2576e 100644
> --- a/cpus.c
> +++ b/cpus.c
> -@@ -1768,6 +1768,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
> +@@ -1769,6 +1769,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
> return NULL;
> }
>
> @@ -32,9 +32,9 @@ index 0ddeeefc..4f3a5624 100644
> static void qemu_cpu_kick_thread(CPUState *cpu)
> {
> #ifndef _WIN32
> -@@ -1780,6 +1782,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
> +@@ -1781,6 +1783,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
> err = pthread_kill(cpu->thread->thread, SIG_IPI);
> - if (err) {
> + if (err && err != ESRCH) {
> fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
> + fprintf(stderr, "CPU #%d:\n", cpu->cpu_index);
> + cpu_dump_state(cpu, stderr, fprintf, 0);
> diff --git a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch b/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
> deleted file mode 100644
> index 412aa16046..0000000000
> --- a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
> +++ /dev/null
> @@ -1,85 +0,0 @@
> -CVE: CVE-2018-16872
> -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35]
> -
> -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> -
> -From bab9df35ce73d1c8e19a37e2737717ea1c984dc1 Mon Sep 17 00:00:00 2001
> -From: Gerd Hoffmann <kraxel@redhat.com>
> -Date: Thu, 13 Dec 2018 13:25:11 +0100
> -Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
> -
> -Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
> -While being at it also add O_CLOEXEC.
> -
> -usb-mtp only handles regular files and directories and ignores
> -everything else, so users should not see a difference.
> -
> -Because qemu ignores symlinks, carrying out a successful symlink attack
> -requires swapping an existing file or directory below rootdir for a
> -symlink and winning the race against the inotify notification to qemu.
> -
> -Fixes: CVE-2018-16872
> -Cc: Prasad J Pandit <ppandit@redhat.com>
> -Cc: Bandan Das <bsd@redhat.com>
> -Reported-by: Michael Hanselmann <public@hansmi.ch>
> -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> -Reviewed-by: Michael Hanselmann <public@hansmi.ch>
> -Message-id: 20181213122511.13853-1-kraxel@redhat.com
> ----
> - hw/usb/dev-mtp.c | 13 +++++++++----
> - 1 file changed, 9 insertions(+), 4 deletions(-)
> -
> -diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
> -index 100b7171f4..36c43b8c20 100644
> ---- a/hw/usb/dev-mtp.c
> -+++ b/hw/usb/dev-mtp.c
> -@@ -653,13 +653,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
> - {
> - struct dirent *entry;
> - DIR *dir;
> -+ int fd;
> -
> - if (o->have_children) {
> - return;
> - }
> - o->have_children = true;
> -
> -- dir = opendir(o->path);
> -+ fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
> -+ if (fd < 0) {
> -+ return;
> -+ }
> -+ dir = fdopendir(fd);
> - if (!dir) {
> - return;
> - }
> -@@ -1007,7 +1012,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
> -
> - trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
> -
> -- d->fd = open(o->path, O_RDONLY);
> -+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
> - if (d->fd == -1) {
> - usb_mtp_data_free(d);
> - return NULL;
> -@@ -1031,7 +1036,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
> - c->argv[1], c->argv[2]);
> -
> - d = usb_mtp_data_alloc(c);
> -- d->fd = open(o->path, O_RDONLY);
> -+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
> - if (d->fd == -1) {
> - usb_mtp_data_free(d);
> - return NULL;
> -@@ -1658,7 +1663,7 @@ static void usb_mtp_write_data(MTPState *s)
> - 0, 0, 0, 0);
> - goto done;
> - }
> -- d->fd = open(path, O_CREAT | O_WRONLY, mask);
> -+ d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask);
> - if (d->fd == -1) {
> - usb_mtp_queue_result(s, RES_STORE_FULL, d->trans,
> - 0, 0, 0, 0);
> ---
> -2.20.1
> -
> diff --git a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch b/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
> deleted file mode 100644
> index 985b819409..0000000000
> --- a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
> +++ /dev/null
> @@ -1,60 +0,0 @@
> -CVE: CVE-2018-20124
> -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373]
> -
> -Backport patch to fix CVE-2018-20124. Update context and stay with current
> -function comp_handler() which has been replaced with complete_work() in latest
> -git repo.
> -
> -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> -
> -From 0e68373cc2b3a063ce067bc0cc3edaf370752890 Mon Sep 17 00:00:00 2001
> -From: Prasad J Pandit <pjp@fedoraproject.org>
> -Date: Thu, 13 Dec 2018 01:00:34 +0530
> -Subject: [PATCH] rdma: check num_sge does not exceed MAX_SGE
> -
> -rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set
> -to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element
> -with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue.
> -Add check to avoid it.
> -
> -Reported-by: Saar Amar <saaramar5@gmail.com>
> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
> -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> ----
> - hw/rdma/rdma_backend.c | 12 ++++++------
> - 1 file changed, 6 insertions(+), 6 deletions(-)
> -
> -diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
> -index d7a4bbd9..7f8028f8 100644
> ---- a/hw/rdma/rdma_backend.c
> -+++ b/hw/rdma/rdma_backend.c
> -@@ -311,9 +311,9 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev,
> - }
> -
> - pr_dbg("num_sge=%d\n", num_sge);
> -- if (!num_sge) {
> -- pr_dbg("num_sge=0\n");
> -- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
> -+ if (!num_sge || num_sge > MAX_SGE) {
> -+ pr_dbg("invalid num_sge=%d\n", num_sge);
> -+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
> - return;
> - }
> -
> -@@ -390,9 +390,9 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
> - }
> -
> - pr_dbg("num_sge=%d\n", num_sge);
> -- if (!num_sge) {
> -- pr_dbg("num_sge=0\n");
> -- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
> -+ if (!num_sge || num_sge > MAX_SGE) {
> -+ pr_dbg("invalid num_sge=%d\n", num_sge);
> -+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
> - return;
> - }
> -
> ---
> -2.20.1
> -
> diff --git a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch b/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
> deleted file mode 100644
> index 56559c8388..0000000000
> --- a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
> +++ /dev/null
> @@ -1,54 +0,0 @@
> -CVE: CVE-2018-20125
> -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce]
> -
> -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> -
> -From 2c858ce5da8ae6689c75182b73bc455a291cad41 Mon Sep 17 00:00:00 2001
> -From: Prasad J Pandit <pjp@fedoraproject.org>
> -Date: Thu, 13 Dec 2018 01:00:36 +0530
> -Subject: [PATCH] pvrdma: check number of pages when creating rings
> -
> -When creating CQ/QP rings, an object can have up to
> -PVRDMA_MAX_FAST_REG_PAGES 8 pages. Check 'npages' parameter
> -to avoid excessive memory allocation or a null dereference.
> -
> -Reported-by: Li Qiang <liq3ea@163.com>
> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
> -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> ----
> - hw/rdma/vmw/pvrdma_cmd.c | 11 +++++++++++
> - 1 file changed, 11 insertions(+)
> -
> -diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
> -index 3b94545761..f236ac4795 100644
> ---- a/hw/rdma/vmw/pvrdma_cmd.c
> -+++ b/hw/rdma/vmw/pvrdma_cmd.c
> -@@ -259,6 +259,11 @@ static int create_cq_ring(PCIDevice *pci_dev , PvrdmaRing **ring,
> - int rc = -EINVAL;
> - char ring_name[MAX_RING_NAME_SZ];
> -
> -+ if (!nchunks || nchunks > PVRDMA_MAX_FAST_REG_PAGES) {
> -+ pr_dbg("invalid nchunks: %d\n", nchunks);
> -+ return rc;
> -+ }
> -+
> - pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
> - dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
> - if (!dir) {
> -@@ -372,6 +377,12 @@ static int create_qp_rings(PCIDevice *pci_dev, uint64_t pdir_dma,
> - char ring_name[MAX_RING_NAME_SZ];
> - uint32_t wqe_sz;
> -
> -+ if (!spages || spages > PVRDMA_MAX_FAST_REG_PAGES
> -+ || !rpages || rpages > PVRDMA_MAX_FAST_REG_PAGES) {
> -+ pr_dbg("invalid pages: %d, %d\n", spages, rpages);
> -+ return rc;
> -+ }
> -+
> - pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
> - dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
> - if (!dir) {
> ---
> -2.20.1
> -
> diff --git a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch b/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
> deleted file mode 100644
> index 8329f2cfd0..0000000000
> --- a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
> +++ /dev/null
> @@ -1,113 +0,0 @@
> -CVE: CVE-2018-20126
> -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c]
> -
> -Backport and rebase patch to fix CVE-2018-20126.
> -
> -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> -
> -From 509f57c98e7536905bb4902363d0cba66ce7e089 Mon Sep 17 00:00:00 2001
> -From: Prasad J Pandit <pjp@fedoraproject.org>
> -Date: Thu, 13 Dec 2018 01:00:37 +0530
> -Subject: [PATCH] pvrdma: release ring object in case of an error
> -
> -create_cq and create_qp routines allocate ring object, but it's
> -not released in case of an error, leading to memory leakage.
> -
> -Reported-by: Li Qiang <liq3ea@163.com>
> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
> -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> ----
> - hw/rdma/vmw/pvrdma_cmd.c | 41 ++++++++++++++++++++++++++++++-----------
> - 1 file changed, 30 insertions(+), 11 deletions(-)
> -
> -diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
> -index 4faeb21..9b6796f 100644
> ---- a/hw/rdma/vmw/pvrdma_cmd.c
> -+++ b/hw/rdma/vmw/pvrdma_cmd.c
> -@@ -310,6 +310,14 @@ out:
> - return rc;
> - }
> -
> -+static void destroy_cq_ring(PvrdmaRing *ring)
> -+{
> -+ pvrdma_ring_free(ring);
> -+ /* ring_state was in slot 1, not 0 so need to jump back */
> -+ rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE);
> -+ g_free(ring);
> -+}
> -+
> - static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
> - union pvrdma_cmd_resp *rsp)
> - {
> -@@ -333,6 +341,10 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
> -
> - resp->hdr.err = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev,
> - cmd->cqe, &resp->cq_handle, ring);
> -+ if (resp->hdr.err) {
> -+ destroy_cq_ring(ring);
> -+ }
> -+
> - resp->cqe = cmd->cqe;
> -
> - out:
> -@@ -356,10 +368,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
> - }
> -
> - ring = (PvrdmaRing *)cq->opaque;
> -- pvrdma_ring_free(ring);
> -- /* ring_state was in slot 1, not 0 so need to jump back */
> -- rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE);
> -- g_free(ring);
> -+ destroy_cq_ring(ring);
> -
> - rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle);
> -
> -@@ -451,6 +460,17 @@ out:
> - return rc;
> - }
> -
> -+static void destroy_qp_rings(PvrdmaRing *ring)
> -+{
> -+ pr_dbg("sring=%p\n", &ring[0]);
> -+ pvrdma_ring_free(&ring[0]);
> -+ pr_dbg("rring=%p\n", &ring[1]);
> -+ pvrdma_ring_free(&ring[1]);
> -+
> -+ rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE);
> -+ g_free(ring);
> -+}
> -+
> - static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
> - union pvrdma_cmd_resp *rsp)
> - {
> -@@ -482,6 +502,11 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
> - cmd->max_recv_wr, cmd->max_recv_sge,
> - cmd->recv_cq_handle, rings, &resp->qpn);
> -
> -+ if (resp->hdr.err) {
> -+ destroy_qp_rings(rings);
> -+ return resp->hdr.err;
> -+ }
> -+
> - resp->max_send_wr = cmd->max_send_wr;
> - resp->max_recv_wr = cmd->max_recv_wr;
> - resp->max_send_sge = cmd->max_send_sge;
> -@@ -555,13 +580,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
> - rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle);
> -
> - ring = (PvrdmaRing *)qp->opaque;
> -- pr_dbg("sring=%p\n", &ring[0]);
> -- pvrdma_ring_free(&ring[0]);
> -- pr_dbg("rring=%p\n", &ring[1]);
> -- pvrdma_ring_free(&ring[1]);
> --
> -- rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE);
> -- g_free(ring);
> -+ destroy_qp_rings(ring);
> -
> - return 0;
> - }
> ---
> -2.20.1
> -
> diff --git a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch b/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
> deleted file mode 100644
> index 8f8ff0567a..0000000000
> --- a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
> +++ /dev/null
> @@ -1,47 +0,0 @@
> -CVE: CVE-2018-20191
> -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2aa8645]
> -
> -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> -
> -From 2aa86456fb938a11f2b7bd57c8643c213218681c Mon Sep 17 00:00:00 2001
> -From: Prasad J Pandit <pjp@fedoraproject.org>
> -Date: Thu, 13 Dec 2018 01:00:35 +0530
> -Subject: [PATCH] pvrdma: add uar_read routine
> -
> -Define skeleton 'uar_read' routine. Avoid NULL dereference.
> -
> -Reported-by: Li Qiang <liq3ea@163.com>
> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> -Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> ----
> - hw/rdma/vmw/pvrdma_main.c | 6 ++++++
> - 1 file changed, 6 insertions(+)
> -
> -diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
> -index 64de16fb52..838ad8a949 100644
> ---- a/hw/rdma/vmw/pvrdma_main.c
> -+++ b/hw/rdma/vmw/pvrdma_main.c
> -@@ -448,6 +448,11 @@ static const MemoryRegionOps regs_ops = {
> - },
> - };
> -
> -+static uint64_t uar_read(void *opaque, hwaddr addr, unsigned size)
> -+{
> -+ return 0xffffffff;
> -+}
> -+
> - static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
> - {
> - PVRDMADev *dev = opaque;
> -@@ -489,6 +494,7 @@ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
> - }
> -
> - static const MemoryRegionOps uar_ops = {
> -+ .read = uar_read,
> - .write = uar_write,
> - .endianness = DEVICE_LITTLE_ENDIAN,
> - .impl = {
> ---
> -2.20.1
> -
> diff --git a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch b/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
> deleted file mode 100644
> index c02bad3bb9..0000000000
> --- a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
> +++ /dev/null
> @@ -1,85 +0,0 @@
> -CVE: CVE-2018-20216
> -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38]
> -
> -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> -
> -From f1e2e38ee0136b7710a2caa347049818afd57a1b Mon Sep 17 00:00:00 2001
> -From: Prasad J Pandit <pjp@fedoraproject.org>
> -Date: Thu, 13 Dec 2018 01:00:39 +0530
> -Subject: [PATCH] pvrdma: check return value from pvrdma_idx_ring_has_ routines
> -
> -pvrdma_idx_ring_has_[data/space] routines also return invalid
> -index PVRDMA_INVALID_IDX[=-1], if ring has no data/space. Check
> -return value from these routines to avoid plausible infinite loops.
> -
> -Reported-by: Li Qiang <liq3ea@163.com>
> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
> -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> ----
> - hw/rdma/vmw/pvrdma_dev_ring.c | 29 +++++++++++------------------
> - 1 file changed, 11 insertions(+), 18 deletions(-)
> -
> -diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
> -index 01247fc041..e8e5b502f6 100644
> ---- a/hw/rdma/vmw/pvrdma_dev_ring.c
> -+++ b/hw/rdma/vmw/pvrdma_dev_ring.c
> -@@ -73,23 +73,16 @@ out:
> -
> - void *pvrdma_ring_next_elem_read(PvrdmaRing *ring)
> - {
> -+ int e;
> - unsigned int idx = 0, offset;
> -
> -- /*
> -- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
> -- ring->ring_state->cons_head);
> -- */
> --
> -- if (!pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx)) {
> -+ e = pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx);
> -+ if (e <= 0) {
> - pr_dbg("No more data in ring\n");
> - return NULL;
> - }
> -
> - offset = idx * ring->elem_sz;
> -- /*
> -- pr_dbg("idx=%d\n", idx);
> -- pr_dbg("offset=%d\n", offset);
> -- */
> - return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
> - }
> -
> -@@ -105,20 +98,20 @@ void pvrdma_ring_read_inc(PvrdmaRing *ring)
> -
> - void *pvrdma_ring_next_elem_write(PvrdmaRing *ring)
> - {
> -- unsigned int idx, offset, tail;
> -+ int idx;
> -+ unsigned int offset, tail;
> -
> -- /*
> -- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
> -- ring->ring_state->cons_head);
> -- */
> --
> -- if (!pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail)) {
> -+ idx = pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail);
> -+ if (idx <= 0) {
> - pr_dbg("CQ is full\n");
> - return NULL;
> - }
> -
> - idx = pvrdma_idx(&ring->ring_state->prod_tail, ring->max_elems);
> -- /* TODO: tail == idx */
> -+ if (idx < 0 || tail != idx) {
> -+ pr_dbg("invalid idx\n");
> -+ return NULL;
> -+ }
> -
> - offset = idx * ring->elem_sz;
> - return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
> ---
> -2.20.1
> -
> diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
> deleted file mode 100644
> index 7de5882b3e..0000000000
> --- a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
> +++ /dev/null
> @@ -1,39 +0,0 @@
> -QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an
> -out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc()
> -function. A local attacker with permission to execute i2c commands could exploit
> -this to read stack memory of the qemu process on the host.
> -
> -CVE: CVE-2019-3812
> -Upstream-Status: Backport
> -Signed-off-by: Ross Burton <ross.burton@intel.com>
> -
> -From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
> -From: Gerd Hoffmann <kraxel@redhat.com>
> -Date: Tue, 8 Jan 2019 11:23:01 +0100
> -Subject: [PATCH] i2c-ddc: fix oob read
> -MIME-Version: 1.0
> -Content-Type: text/plain; charset=UTF-8
> -Content-Transfer-Encoding: 8bit
> -
> -Suggested-by: Michael Hanselmann <public@hansmi.ch>
> -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> -Reviewed-by: Michael Hanselmann <public@hansmi.ch>
> -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> -Message-id: 20190108102301.1957-1-kraxel@redhat.com
> ----
> - hw/i2c/i2c-ddc.c | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
> -index be34fe072cf..0a0367ff38f 100644
> ---- a/hw/i2c/i2c-ddc.c
> -+++ b/hw/i2c/i2c-ddc.c
> -@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
> - I2CDDCState *s = I2CDDC(i2c);
> -
> - int value;
> -- value = s->edid_blob[s->reg];
> -+ value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
> - s->reg++;
> - return value;
> - }
> diff --git a/meta/recipes-devtools/qemu/qemu_3.1.0.bb b/meta/recipes-devtools/qemu/qemu_4.0.0.bb
> similarity index 100%
> rename from meta/recipes-devtools/qemu/qemu_3.1.0.bb
> rename to meta/recipes-devtools/qemu/qemu_4.0.0.bb
> --
> 2.21.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0
2019-04-24 12:37 ` Burton, Ross
@ 2019-04-24 17:37 ` Alistair Francis
0 siblings, 0 replies; 8+ messages in thread
From: Alistair Francis @ 2019-04-24 17:37 UTC (permalink / raw)
To: Burton, Ross; +Cc: openembedded-core
On Wed, Apr 24, 2019 at 5:37 AM Burton, Ross <ross.burton@intel.com> wrote:
>
> This patch doesn't apply for me, probably because it got mangled in
> transport somewhere. Is it in a branch I can pull from?
Yep, you can get it from here:
https://github.com/alistair23/openembedded-core/tree/alistair/qemu-4.0.0
Alistair
>
> Ross
>
> On Wed, 24 Apr 2019 at 01:15, Alistair Francis <Alistair.Francis@wdc.com> wrote:
> >
> > This commit upgrade QEMU to the latest 4.0.0 release.
> >
> > - The COPYING.LIB file has changed SHA to:
> > "Synchronize the LGPL 2.1 with the version from gnu.org"
> > - SDL 1.2 has been removed, along with the --with-sdlabi command line
> > arg
> > - The backported patches have been removed
> > - Al the other patches have been refreshed and the numbering has been
> > updated
> >
> > Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> > ---
> > meta/conf/distro/include/tcmode-default.inc | 2 +-
> > meta/recipes-devtools/qemu/qemu-native.inc | 4 +-
> > ...u-native_3.1.0.bb => qemu-native_4.0.0.bb} | 0
> > ...e_3.1.0.bb => qemu-system-native_4.0.0.bb} | 1 +
> > meta/recipes-devtools/qemu/qemu.inc | 38 +++---
> > .../qemu/0001-Add-a-missing-X11-include.patch | 65 ----------
> > ...-egl-headless-add-egl_create_context.patch | 50 --------
> > ...mu-Add-missing-wacom-HID-descriptor.patch} | 2 +-
> > ...-allow-user-to-disable-pointer-grabs.patch | 72 -----------
> > ...est-which-runs-all-unit-test-cases-.patch} | 6 +-
> > ...-environment-space-to-boot-loader-q.patch} | 6 +-
> > ...patch => 0004-qemu-disable-Valgrind.patch} | 6 +-
> > ...searched-during-user-mode-emulation.patch} | 2 +-
> > ...d.bfd-fix-cflags-and-set-some-envir.patch} | 6 +-
> > ...connect-socket-to-a-spawned-command.patch} | 69 ++++++-----
> > ... 0008-apic-fixup-fallthrough-to-PIC.patch} | 6 +-
> > ...ebkitgtk-hangs-on-32-bit-x86-target.patch} | 4 +-
> > ...-fix-mmap-munmap-mprotect-mremap-sh.patch} | 20 ++--
> > ...-libcap-header-issue-on-some-distro.patch} | 2 +-
> > ...messages-when-qemi_cpu_kick_thread-.patch} | 10 +-
> > .../qemu/qemu/0014-fix-CVE-2018-16872.patch | 85 -------------
> > .../qemu/qemu/0015-fix-CVE-2018-20124.patch | 60 ----------
> > .../qemu/qemu/0016-fix-CVE-2018-20125.patch | 54 ---------
> > .../qemu/qemu/0017-fix-CVE-2018-20126.patch | 113 ------------------
> > .../qemu/qemu/0018-fix-CVE-2018-20191.patch | 47 --------
> > .../qemu/qemu/0019-fix-CVE-2018-20216.patch | 85 -------------
> > .../qemu/qemu/CVE-2019-3812.patch | 39 ------
> > .../qemu/{qemu_3.1.0.bb => qemu_4.0.0.bb} | 0
> > 28 files changed, 87 insertions(+), 767 deletions(-)
> > rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => qemu-native_4.0.0.bb} (100%)
> > rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => qemu-system-native_4.0.0.bb} (95%)
> > delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
> > delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
> > rename meta/recipes-devtools/qemu/qemu/{0002-qemu-Add-missing-wacom-HID-descriptor.patch => 0001-qemu-Add-missing-wacom-HID-descriptor.patch} (98%)
> > delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
> > rename meta/recipes-devtools/qemu/qemu/{0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch => 0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch} (83%)
> > rename meta/recipes-devtools/qemu/qemu/{0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch => 0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch} (89%)
> > rename meta/recipes-devtools/qemu/qemu/{0005-qemu-disable-Valgrind.patch => 0004-qemu-disable-Valgrind.patch} (85%)
> > rename meta/recipes-devtools/qemu/qemu/{0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch => 0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch} (98%)
> > rename meta/recipes-devtools/qemu/qemu/{0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch => 0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch} (82%)
> > rename meta/recipes-devtools/qemu/qemu/{0008-chardev-connect-socket-to-a-spawned-command.patch => 0007-chardev-connect-socket-to-a-spawned-command.patch} (80%)
> > rename meta/recipes-devtools/qemu/qemu/{0009-apic-fixup-fallthrough-to-PIC.patch => 0008-apic-fixup-fallthrough-to-PIC.patch} (90%)
> > rename meta/recipes-devtools/qemu/qemu/{0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch => 0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch} (93%)
> > rename meta/recipes-devtools/qemu/qemu/{0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch => 0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch} (90%)
> > rename meta/recipes-devtools/qemu/qemu/{0012-fix-libcap-header-issue-on-some-distro.patch => 0011-fix-libcap-header-issue-on-some-distro.patch} (97%)
> > rename meta/recipes-devtools/qemu/qemu/{0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch => 0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch} (87%)
> > delete mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
> > delete mode 100644 meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
> > delete mode 100644 meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
> > delete mode 100644 meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
> > delete mode 100644 meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
> > delete mode 100644 meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
> > delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
> > rename meta/recipes-devtools/qemu/{qemu_3.1.0.bb => qemu_4.0.0.bb} (100%)
> >
> > diff --git a/meta/conf/distro/include/tcmode-default.inc b/meta/conf/distro/include/tcmode-default.inc
> > index 04373cc0aa..02e9ddde24 100644
> > --- a/meta/conf/distro/include/tcmode-default.inc
> > +++ b/meta/conf/distro/include/tcmode-default.inc
> > @@ -24,7 +24,7 @@ BINUVERSION ?= "2.32%"
> > GDBVERSION ?= "8.2%"
> > GLIBCVERSION ?= "2.29%"
> > LINUXLIBCVERSION ?= "5.0%"
> > -QEMUVERSION ?= "3.1%"
> > +QEMUVERSION ?= "4.0%"
> > GOVERSION ?= "1.12%"
> >
> > PREFERRED_VERSION_gcc ?= "${GCCVERSION}"
> > diff --git a/meta/recipes-devtools/qemu/qemu-native.inc b/meta/recipes-devtools/qemu/qemu-native.inc
> > index 4373ad9e63..34ab8e6401 100644
> > --- a/meta/recipes-devtools/qemu/qemu-native.inc
> > +++ b/meta/recipes-devtools/qemu/qemu-native.inc
> > @@ -3,8 +3,8 @@ inherit native
> > require qemu.inc
> >
> > SRC_URI_append = " \
> > - file://0012-fix-libcap-header-issue-on-some-distro.patch \
> > - file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
> > + file://0011-fix-libcap-header-issue-on-some-distro.patch \
> > + file://0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
> > "
> > EXTRA_OECONF_append = " --python=python2.7"
> >
> > diff --git a/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-native_4.0.0.bb
> > similarity index 100%
> > rename from meta/recipes-devtools/qemu/qemu-native_3.1.0.bb
> > rename to meta/recipes-devtools/qemu/qemu-native_4.0.0.bb
> > diff --git a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
> > similarity index 95%
> > rename from meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
> > rename to meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
> > index 5bf528bec1..820883df65 100644
> > --- a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
> > +++ b/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
> > @@ -20,4 +20,5 @@ do_install_append() {
> > # The following is also installed by qemu-native
> > rm -f ${D}${datadir}/qemu/trace-events-all
> > rm -rf ${D}${datadir}/qemu/keymaps
> > + rm -rf ${D}${datadir}/icons/
> > }
> > diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
> > index 13f0549c25..dd666f86a8 100644
> > --- a/meta/recipes-devtools/qemu/qemu.inc
> > +++ b/meta/recipes-devtools/qemu/qemu.inc
> > @@ -5,36 +5,26 @@ LICENSE = "GPLv2 & LGPLv2.1"
> > RDEPENDS_${PN}-ptest = "bash make"
> >
> > LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
> > - file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
> > + file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f"
> >
> > SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
> > file://powerpc_rom.bin \
> > - file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \
> > - file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \
> > - file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
> > file://run-ptest \
> > - file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
> > - file://0005-qemu-disable-Valgrind.patch \
> > - file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
> > - file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
> > - file://0008-chardev-connect-socket-to-a-spawned-command.patch \
> > - file://0009-apic-fixup-fallthrough-to-PIC.patch \
> > - file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
> > - file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
> > - file://0001-Add-a-missing-X11-include.patch \
> > - file://0001-egl-headless-add-egl_create_context.patch \
> > - file://0014-fix-CVE-2018-16872.patch \
> > - file://0015-fix-CVE-2018-20124.patch \
> > - file://0016-fix-CVE-2018-20125.patch \
> > - file://0017-fix-CVE-2018-20126.patch \
> > - file://0018-fix-CVE-2018-20191.patch \
> > - file://0019-fix-CVE-2018-20216.patch \
> > - file://CVE-2019-3812.patch \
> > + file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \
> > + file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
> > + file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
> > + file://0004-qemu-disable-Valgrind.patch \
> > + file://0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
> > + file://0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
> > + file://0007-chardev-connect-socket-to-a-spawned-command.patch \
> > + file://0008-apic-fixup-fallthrough-to-PIC.patch \
> > + file://0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
> > + file://0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
> > "
> > UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
> >
> > -SRC_URI[md5sum] = "fb687ce0b02d3bf4327e36d3b99427a8"
> > -SRC_URI[sha256sum] = "6a0508df079a0a33c2487ca936a56c12122f105b8a96a44374704bef6c69abfc"
> > +SRC_URI[md5sum] = "0afeca336fd57ae3d3086ec07f59d708"
> > +SRC_URI[sha256sum] = "13a93dfe75b86734326f8d5b475fde82ec692d5b5a338b4262aeeb6b0fa4e469"
> >
> > COMPATIBLE_HOST_mipsarchn32 = "null"
> > COMPATIBLE_HOST_mipsarchn64 = "null"
> > @@ -133,7 +123,7 @@ make_qemu_wrapper() {
> > PACKAGECONFIG_remove_darwin = "kvm virglrenderer glx gtk+"
> > PACKAGECONFIG_remove_mingw32 = "kvm virglrenderer glx gtk+"
> >
> > -PACKAGECONFIG[sdl] = "--enable-sdl --with-sdlabi=2.0,--disable-sdl,libsdl2"
> > +PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2"
> > PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr,--disable-virtfs,libcap attr,"
> > PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"
> > PACKAGECONFIG[xfs] = "--enable-xfsctl,--disable-xfsctl,xfsprogs,"
> > diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
> > deleted file mode 100644
> > index 192936e1e7..0000000000
> > --- a/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
> > +++ /dev/null
> > @@ -1,65 +0,0 @@
> > -From eb1a215a4f86dde4493c3e22ad9f6d698850915e Mon Sep 17 00:00:00 2001
> > -From: Alexander Kanavin <alex.kanavin@gmail.com>
> > -Date: Thu, 20 Dec 2018 18:06:29 +0100
> > -Subject: [PATCH] egl-helpers.h: do not depend on X11 Window type, use
> > - EGLNativeWindowType
> > -
> > -It was assumed that mesa provides the necessary X11 includes,
> > -but it is not always the case, as it can be configured without x11 support.
> > -
> > -Upstream-Status: Submitted [http://lists.nongnu.org/archive/html/qemu-devel/2019-01/msg03706.html]
> > -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
> > -
> > ----
> > - include/ui/egl-helpers.h | 2 +-
> > - ui/egl-helpers.c | 4 ++--
> > - ui/gtk-egl.c | 2 +-
> > - 3 files changed, 4 insertions(+), 4 deletions(-)
> > -
> > -diff --git a/include/ui/egl-helpers.h b/include/ui/egl-helpers.h
> > -index 9db7293b..3fc656a7 100644
> > ---- a/include/ui/egl-helpers.h
> > -+++ b/include/ui/egl-helpers.h
> > -@@ -43,7 +43,7 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf);
> > -
> > - #endif
> > -
> > --EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win);
> > -+EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win);
> > -
> > - int qemu_egl_init_dpy_x11(EGLNativeDisplayType dpy, DisplayGLMode mode);
> > - int qemu_egl_init_dpy_mesa(EGLNativeDisplayType dpy, DisplayGLMode mode);
> > -diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c
> > -index 4f475142..5e115b3f 100644
> > ---- a/ui/egl-helpers.c
> > -+++ b/ui/egl-helpers.c
> > -@@ -273,14 +273,14 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf)
> > -
> > - /* ---------------------------------------------------------------------- */
> > -
> > --EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win)
> > -+EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win)
> > - {
> > - EGLSurface esurface;
> > - EGLBoolean b;
> > -
> > - esurface = eglCreateWindowSurface(qemu_egl_display,
> > - qemu_egl_config,
> > -- (EGLNativeWindowType)win, NULL);
> > -+ win, NULL);
> > - if (esurface == EGL_NO_SURFACE) {
> > - error_report("egl: eglCreateWindowSurface failed");
> > - return NULL;
> > -diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c
> > -index 5420c236..1f941162 100644
> > ---- a/ui/gtk-egl.c
> > -+++ b/ui/gtk-egl.c
> > -@@ -54,7 +54,7 @@ void gd_egl_init(VirtualConsole *vc)
> > - }
> > -
> > - vc->gfx.ectx = qemu_egl_init_ctx();
> > -- vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, x11_window);
> > -+ vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, (EGLNativeWindowType)x11_window);
> > -
> > - assert(vc->gfx.esurface);
> > - }
> > diff --git a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch b/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
> > deleted file mode 100644
> > index d9326c017a..0000000000
> > --- a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
> > +++ /dev/null
> > @@ -1,50 +0,0 @@
> > -From 952e5d584f5aabe41298c278065fe628f3f7aa7a Mon Sep 17 00:00:00 2001
> > -From: Gerd Hoffmann <kraxel@redhat.com>
> > -Date: Thu, 29 Nov 2018 13:35:02 +0100
> > -Subject: [PATCH] egl-headless: add egl_create_context
> > -
> > -We must set the correct context (via eglMakeCurrent) before
> > -calling qemu_egl_create_context, so we need a thin wrapper and can't
> > -hook qemu_egl_create_context directly as ->dpy_gl_ctx_create callback.
> > -
> > -Reported-by: Frederik Carlier <frederik.carlier@quamotion.mobi>
> > -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > -Message-id: 20181129123502.30129-1-kraxel@redhat.com
> > -
> > -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=952e5d584f5aabe41298c278065fe628f3f7aa7a]
> > -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
> > ----
> > - ui/egl-headless.c | 10 +++++++++-
> > - 1 file changed, 9 insertions(+), 1 deletion(-)
> > -
> > -diff --git a/ui/egl-headless.c b/ui/egl-headless.c
> > -index 4cf3bbc0e4..519e7bad32 100644
> > ---- a/ui/egl-headless.c
> > -+++ b/ui/egl-headless.c
> > -@@ -38,6 +38,14 @@ static void egl_gfx_switch(DisplayChangeListener *dcl,
> > - edpy->ds = new_surface;
> > - }
> > -
> > -+static QEMUGLContext egl_create_context(DisplayChangeListener *dcl,
> > -+ QEMUGLParams *params)
> > -+{
> > -+ eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE,
> > -+ qemu_egl_rn_ctx);
> > -+ return qemu_egl_create_context(dcl, params);
> > -+}
> > -+
> > - static void egl_scanout_disable(DisplayChangeListener *dcl)
> > - {
> > - egl_dpy *edpy = container_of(dcl, egl_dpy, dcl);
> > -@@ -150,7 +158,7 @@ static const DisplayChangeListenerOps egl_ops = {
> > - .dpy_gfx_update = egl_gfx_update,
> > - .dpy_gfx_switch = egl_gfx_switch,
> > -
> > -- .dpy_gl_ctx_create = qemu_egl_create_context,
> > -+ .dpy_gl_ctx_create = egl_create_context,
> > - .dpy_gl_ctx_destroy = qemu_egl_destroy_context,
> > - .dpy_gl_ctx_make_current = qemu_egl_make_context_current,
> > - .dpy_gl_ctx_get_current = qemu_egl_get_current_context,
> > ---
> > -2.17.1
> > -
> > diff --git a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
> > similarity index 98%
> > rename from meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
> > rename to meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
> > index 4de2688838..5373915ff0 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
> > @@ -1,4 +1,4 @@
> > -From 7ac3c84f28866491c58cc0f52a25a706949c8ef3 Mon Sep 17 00:00:00 2001
> > +From 1cb804cf0e47116202011f3386b4739af668224a Mon Sep 17 00:00:00 2001
> > From: Richard Purdie <richard.purdie@linuxfoundation.org>
> > Date: Thu, 27 Nov 2014 14:04:29 +0000
> > Subject: [PATCH] qemu: Add missing wacom HID descriptor
> > diff --git a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch b/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
> > deleted file mode 100644
> > index 5b9a1f911c..0000000000
> > --- a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
> > +++ /dev/null
> > @@ -1,72 +0,0 @@
> > -From c53ddb5acbee56db6423f369b9f9a9b62501b4af Mon Sep 17 00:00:00 2001
> > -From: Ross Burton <ross.burton@intel.com>
> > -Date: Wed, 18 Sep 2013 14:04:54 +0100
> > -Subject: [PATCH] sdl.c: allow user to disable pointer grabs
> > -MIME-Version: 1.0
> > -Content-Type: text/plain; charset=UTF-8
> > -Content-Transfer-Encoding: 8bit
> > -
> > -When the pointer enters the Qemu window it calls SDL_WM_GrabInput, which calls
> > -XGrabPointer in a busyloop until it returns GrabSuccess. However if there's already
> > -a pointer grab (screen is locked, a menu is open) then qemu will hang until the
> > -grab can be taken. In the specific case of a headless X server on an autobuilder, once
> > -the screensaver has kicked in any qemu instance that appears underneath the
> > -pointer will hang.
> > -
> > -I'm not entirely sure why pointer grabs are required (the documentation
> > -explicitly says it doesn't do grabs when using a tablet, which we are) so wrap
> > -them in a conditional that can be set by the autobuilder environment, preserving
> > -the current grabbing behaviour for everyone else.
> > -
> > -Upstream-Status: Pending
> > -Signed-off-by: Ross Burton <ross.burton@intel.com>
> > -Signed-off-by: Eric Bénard <eric@eukrea.com>
> > -
> > ----
> > - ui/sdl.c | 13 +++++++++++--
> > - 1 file changed, 11 insertions(+), 2 deletions(-)
> > -
> > -diff --git a/ui/sdl.c b/ui/sdl.c
> > -index 190b16f5..aa89471d 100644
> > ---- a/ui/sdl.c
> > -+++ b/ui/sdl.c
> > -@@ -69,6 +69,11 @@ static int idle_counter;
> > - static const guint16 *keycode_map;
> > - static size_t keycode_maplen;
> > -
> > -+#ifndef True
> > -+#define True 1
> > -+#endif
> > -+static doing_grabs = True;
> > -+
> > - #define SDL_REFRESH_INTERVAL_BUSY 10
> > - #define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \
> > - / SDL_REFRESH_INTERVAL_BUSY + 1)
> > -@@ -399,14 +404,16 @@ static void sdl_grab_start(void)
> > - }
> > - } else
> > - sdl_hide_cursor();
> > -- SDL_WM_GrabInput(SDL_GRAB_ON);
> > -+ if (doing_grabs)
> > -+ SDL_WM_GrabInput(SDL_GRAB_ON);
> > - gui_grab = 1;
> > - sdl_update_caption();
> > - }
> > -
> > - static void sdl_grab_end(void)
> > - {
> > -- SDL_WM_GrabInput(SDL_GRAB_OFF);
> > -+ if (doing_grabs)
> > -+ SDL_WM_GrabInput(SDL_GRAB_OFF);
> > - gui_grab = 0;
> > - sdl_show_cursor();
> > - sdl_update_caption();
> > -@@ -945,6 +952,8 @@ static void sdl1_display_init(DisplayState *ds, DisplayOptions *o)
> > - * This requires SDL >= 1.2.14. */
> > - setenv("SDL_DISABLE_LOCK_KEYS", "1", 1);
> > -
> > -+ doing_grabs = (getenv("QEMU_DONT_GRAB") == NULL);
> > -+
> > - flags = SDL_INIT_VIDEO | SDL_INIT_NOPARACHUTE;
> > - if (SDL_Init (flags)) {
> > - fprintf(stderr, "Could not initialize SDL(%s) - exiting\n",
> > diff --git a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
> > similarity index 83%
> > rename from meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
> > rename to meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
> > index 668fc4680c..7b7c5d71a0 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
> > @@ -1,4 +1,4 @@
> > -From aac8834bfd5b79e724f2593895847b50968a1223 Mon Sep 17 00:00:00 2001
> > +From 281116b31981b0b9e174bda8abe00f4eaa33c2ae Mon Sep 17 00:00:00 2001
> > From: Juro Bystricky <juro.bystricky@intel.com>
> > Date: Thu, 31 Aug 2017 11:06:56 -0700
> > Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
> > @@ -15,10 +15,10 @@ Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/tests/Makefile.include b/tests/Makefile.include
> > -index fb0b449c..afedabd4 100644
> > +index 36fc73fe..01fecd4d 100644
> > --- a/tests/Makefile.include
> > +++ b/tests/Makefile.include
> > -@@ -967,4 +967,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
> > +@@ -1184,4 +1184,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
> > -include $(wildcard tests/*.d)
> > -include $(wildcard tests/libqos/*.d)
> >
> > diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
> > similarity index 89%
> > rename from meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
> > rename to meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
> > index b4d4c587bd..9a18ca18e4 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
> > @@ -1,4 +1,4 @@
> > -From 3de7a5635093c31dcb960ce9dff27da629b85d4d Mon Sep 17 00:00:00 2001
> > +From bf04acef9ec31ddcc18ddbb4ac5b7b1e7368bf7d Mon Sep 17 00:00:00 2001
> > From: Jason Wessel <jason.wessel@windriver.com>
> > Date: Fri, 28 Mar 2014 17:42:43 +0800
> > Subject: [PATCH] qemu: Add addition environment space to boot loader
> > @@ -19,10 +19,10 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com>
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
> > -index c1cf0fe1..decffd2f 100644
> > +index 439665ab..285c78ef 100644
> > --- a/hw/mips/mips_malta.c
> > +++ b/hw/mips/mips_malta.c
> > -@@ -62,7 +62,7 @@
> > +@@ -60,7 +60,7 @@
> >
> > #define ENVP_ADDR 0x80002000l
> > #define ENVP_NB_ENTRIES 16
> > diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
> > similarity index 85%
> > rename from meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
> > rename to meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
> > index f0cf8148e1..9e326081f2 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
> > @@ -1,4 +1,4 @@
> > -From 32e8a94b6ae664d9b5689e19d495e304c0f41954 Mon Sep 17 00:00:00 2001
> > +From e40f797548bc3ff06c71b6cbe042a46406894d18 Mon Sep 17 00:00:00 2001
> > From: Ross Burton <ross.burton@intel.com>
> > Date: Tue, 20 Oct 2015 22:19:08 +0100
> > Subject: [PATCH] qemu: disable Valgrind
> > @@ -13,10 +13,10 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
> > 1 file changed, 9 deletions(-)
> >
> > diff --git a/configure b/configure
> > -index 0a3c6a72..069e0daa 100755
> > +index 1c563a70..eaf9bb5e 100755
> > --- a/configure
> > +++ b/configure
> > -@@ -5044,15 +5044,6 @@ fi
> > +@@ -5311,15 +5311,6 @@ fi
> > # check if we have valgrind/valgrind.h
> >
> > valgrind_h=no
> > diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
> > similarity index 98%
> > rename from meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
> > rename to meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
> > index 4b2f0137eb..819720a3f2 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
> > @@ -1,4 +1,4 @@
> > -From 02f80ee81681b6307a8032128a07686183662270 Mon Sep 17 00:00:00 2001
> > +From 547c3710a1493d2fd6bb56b819cf162db433756a Mon Sep 17 00:00:00 2001
> > From: Richard Purdie <richard.purdie@linuxfoundation.org>
> > Date: Wed, 9 Mar 2016 22:49:02 +0000
> > Subject: [PATCH] qemu: Limit paths searched during user mode emulation
> > diff --git a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
> > similarity index 82%
> > rename from meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
> > rename to meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
> > index 4163e51884..b62a588c66 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
> > @@ -1,4 +1,4 @@
> > -From 74bce35b71f4733c13e96f96e25956ff943fae20 Mon Sep 17 00:00:00 2001
> > +From 107fd860529a3c1319d54c3c225758457b0d9394 Mon Sep 17 00:00:00 2001
> > From: Stephen Arnold <sarnold@vctlabs.com>
> > Date: Sun, 12 Jun 2016 18:09:56 -0700
> > Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
> > @@ -10,10 +10,10 @@ Upstream-Status: Pending
> > 1 file changed, 4 deletions(-)
> >
> > diff --git a/configure b/configure
> > -index 069e0daa..5b97f3c1 100755
> > +index eaf9bb5e..de2933d1 100755
> > --- a/configure
> > +++ b/configure
> > -@@ -5622,10 +5622,6 @@ write_c_skeleton
> > +@@ -5928,10 +5928,6 @@ write_c_skeleton
> > if test "$gcov" = "yes" ; then
> > CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
> > LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
> > diff --git a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
> > similarity index 80%
> > rename from meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
> > rename to meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
> > index e5a2d4abca..f3f3dc3f5e 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
> > @@ -1,4 +1,4 @@
> > -From 9c1e976290e87a83ab1bfe38eb7ff3521ff0d684 Mon Sep 17 00:00:00 2001
> > +From 136e159482a1bc8676cbe6e767055d0c3fb20065 Mon Sep 17 00:00:00 2001
> > From: Alistair Francis <alistair.francis@xilinx.com>
> > Date: Thu, 21 Dec 2017 11:35:16 -0800
> > Subject: [PATCH] chardev: connect socket to a spawned command
> > @@ -46,17 +46,17 @@ Upstream-Status: Inappropriate [embedded specific]
> > Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
> >
> > ---
> > - chardev/char-socket.c | 102 ++++++++++++++++++++++++++++++++++++++++++
> > + chardev/char-socket.c | 101 ++++++++++++++++++++++++++++++++++++++++++
> > chardev/char.c | 3 ++
> > qapi/char.json | 5 +++
> > - 3 files changed, 110 insertions(+)
> > + 3 files changed, 109 insertions(+)
> >
> > diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> > -index eaa8e8b6..959ed183 100644
> > +index 3916505d..a8e9dce8 100644
> > --- a/chardev/char-socket.c
> > +++ b/chardev/char-socket.c
> > -@@ -987,6 +987,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
> > - return false;
> > +@@ -1273,6 +1273,67 @@ static bool qmp_chardev_validate_socket(ChardevSocket *sock,
> > + return true;
> > }
> >
> > +#ifndef _WIN32
> > @@ -120,11 +120,10 @@ index eaa8e8b6..959ed183 100644
> > + }
> > +}
> > +#endif
> > -+
> > +
> > static void qmp_chardev_open_socket(Chardev *chr,
> > ChardevBackend *backend,
> > - bool *be_opened,
> > -@@ -994,6 +1056,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
> > +@@ -1281,6 +1342,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
> > {
> > SocketChardev *s = SOCKET_CHARDEV(chr);
> > ChardevSocket *sock = backend->u.socket.data;
> > @@ -134,9 +133,9 @@ index eaa8e8b6..959ed183 100644
> > bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
> > bool is_listen = sock->has_server ? sock->server : true;
> > bool is_telnet = sock->has_telnet ? sock->telnet : false;
> > -@@ -1072,6 +1137,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
> > - s->reconnect_time = reconnect;
> > - }
> > +@@ -1346,6 +1410,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
> > +
> > + update_disconnected_filename(s);
> >
> > +#ifndef _WIN32
> > + if (cmd) {
> > @@ -146,13 +145,13 @@ index eaa8e8b6..959ed183 100644
> > + *be_opened = true;
> > + } else
> > +#endif
> > - if (s->reconnect_time) {
> > - tcp_chr_connect_async(chr);
> > - } else {
> > -@@ -1131,9 +1204,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
> > + if (s->is_listen) {
> > + if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270,
> > + is_waitconnect, errp) < 0) {
> > +@@ -1365,9 +1437,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
> > + const char *host = qemu_opt_get(opts, "host");
> > const char *port = qemu_opt_get(opts, "port");
> > const char *fd = qemu_opt_get(opts, "fd");
> > - const char *tls_creds = qemu_opt_get(opts, "tls-creds");
> > +#ifndef _WIN32
> > + const char *cmd = qemu_opt_get(opts, "cmd");
> > +#endif
> > @@ -166,7 +165,7 @@ index eaa8e8b6..959ed183 100644
> > + * spawning a command, otherwise unmodified code that doesn't know about
> > + * command spawning (like socket_reconnect_timeout()) might get called.
> > + */
> > -+ if (path || is_listen || is_telnet || is_tn3270 || reconnect || host || port || tls_creds) {
> > ++ if (path || sock->server || sock->has_telnet || sock->has_tn3270 || sock->reconnect || host || port || sock->tls_creds) {
> > + error_setg(errp, "chardev: socket: cmd does not support any additional options");
> > + return;
> > + }
> > @@ -176,14 +175,14 @@ index eaa8e8b6..959ed183 100644
> > if ((!!path + !!fd + !!host) != 1) {
> > error_setg(errp,
> > "Exactly one of 'path', 'fd' or 'host' required");
> > -@@ -1180,12 +1270,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
> > - sock->reconnect = reconnect;
> > - sock->tls_creds = g_strdup(tls_creds);
> > +@@ -1410,12 +1499,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
> > + sock->has_tls_authz = qemu_opt_get(opts, "tls-authz");
> > + sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz"));
> >
> > +#ifndef _WIN32
> > + sock->cmd = g_strdup(cmd);
> > +#endif
> > -+
> > ++
> > addr = g_new0(SocketAddressLegacy, 1);
> > +#ifndef _WIN32
> > + if (path || cmd) {
> > @@ -202,10 +201,10 @@ index eaa8e8b6..959ed183 100644
> > addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
> > addr->u.inet.data = g_new(InetSocketAddress, 1);
> > diff --git a/chardev/char.c b/chardev/char.c
> > -index 152dde53..62d5b578 100644
> > +index 514cd6b0..36a40d67 100644
> > --- a/chardev/char.c
> > +++ b/chardev/char.c
> > -@@ -818,6 +818,9 @@ QemuOptsList qemu_chardev_opts = {
> > +@@ -835,6 +835,9 @@ QemuOptsList qemu_chardev_opts = {
> > },{
> > .name = "path",
> > .type = QEMU_OPT_STRING,
> > @@ -216,10 +215,10 @@ index 152dde53..62d5b578 100644
> > .name = "host",
> > .type = QEMU_OPT_STRING,
> > diff --git a/qapi/char.json b/qapi/char.json
> > -index 79bac598..97bd161a 100644
> > +index a6e81ac7..517962c6 100644
> > --- a/qapi/char.json
> > +++ b/qapi/char.json
> > -@@ -242,6 +242,10 @@
> > +@@ -247,6 +247,10 @@
> > #
> > # @addr: socket address to listen on (server=true)
> > # or connect to (server=false)
> > @@ -228,13 +227,13 @@ index 79bac598..97bd161a 100644
> > +# is used by the chardev. Either an addr or a cmd can
> > +# be specified, but not both.
> > # @tls-creds: the ID of the TLS credentials object (since 2.6)
> > - # @server: create server socket (default: true)
> > - # @wait: wait for incoming connection on server
> > -@@ -261,6 +265,7 @@
> > - # Since: 1.4
> > + # @tls-authz: the ID of the QAuthZ authorization object against which
> > + # the client's x509 distinguished name will be validated. This
> > +@@ -272,6 +276,7 @@
> > ##
> > - { 'struct': 'ChardevSocket', 'data': { 'addr' : 'SocketAddressLegacy',
> > -+ '*cmd' : 'str',
> > - '*tls-creds' : 'str',
> > - '*server' : 'bool',
> > - '*wait' : 'bool',
> > + { 'struct': 'ChardevSocket',
> > + 'data': { 'addr': 'SocketAddressLegacy',
> > ++ '*cmd': 'str',
> > + '*tls-creds': 'str',
> > + '*tls-authz' : 'str',
> > + '*server': 'bool',
> > diff --git a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
> > similarity index 90%
> > rename from meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
> > rename to meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
> > index 1d3a2b5b21..13037f33f3 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
> > @@ -1,4 +1,4 @@
> > -From 4829da131996548dc86775b8b97a29c436f3d130 Mon Sep 17 00:00:00 2001
> > +From 1b3f264e2ba18caf658fae27293c426c8366c6a3 Mon Sep 17 00:00:00 2001
> > From: Mark Asselstine <mark.asselstine@windriver.com>
> > Date: Tue, 26 Feb 2013 11:43:28 -0500
> > Subject: [PATCH] apic: fixup fallthrough to PIC
> > @@ -30,10 +30,10 @@ Signed-off-by: He Zhe <zhe.he@windriver.com>
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/hw/intc/apic.c b/hw/intc/apic.c
> > -index 97ffdd82..ef23430e 100644
> > +index 6ea619c3..f892811e 100644
> > --- a/hw/intc/apic.c
> > +++ b/hw/intc/apic.c
> > -@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *dev)
> > +@@ -604,7 +604,7 @@ int apic_accept_pic_intr(DeviceState *dev)
> > APICCommonState *s = APIC(dev);
> > uint32_t lvt0;
> >
> > diff --git a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
> > similarity index 93%
> > rename from meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
> > rename to meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
> > index c0d7914be0..c572ff94d0 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
> > @@ -1,4 +1,4 @@
> > -From bce25c9cda73569963615ffd31ed949cbe3a3781 Mon Sep 17 00:00:00 2001
> > +From a33ae91504ea4d254b5ace64a84791d3c96c9773 Mon Sep 17 00:00:00 2001
> > From: Alistair Francis <alistair.francis@xilinx.com>
> > Date: Wed, 17 Jan 2018 10:51:49 -0800
> > Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
> > @@ -19,7 +19,7 @@ Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/linux-user/main.c b/linux-user/main.c
> > -index 923cbb75..fe0b9ff4 100644
> > +index a0aba9cb..34c54924 100644
> > --- a/linux-user/main.c
> > +++ b/linux-user/main.c
> > @@ -69,7 +69,7 @@ int have_guest_base;
> > diff --git a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch b/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
> > similarity index 90%
> > rename from meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
> > rename to meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
> > index 066ea7865a..3418eb7c65 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
> > @@ -1,4 +1,4 @@
> > -From 496231774f8bc17ecfaf543a6603e3cad3f3f74e Mon Sep 17 00:00:00 2001
> > +From 2a66bd95c856de6950fbd802c5b99075207c1d76 Mon Sep 17 00:00:00 2001
> > From: Martin Jansa <martin.jansa@lge.com>
> > Date: Fri, 1 Jun 2018 08:41:07 +0000
> > Subject: [PATCH] Revert "linux-user: fix mmap/munmap/mprotect/mremap/shmat"
> > @@ -23,7 +23,7 @@ Upstream-Status: Pending
> > 4 files changed, 15 insertions(+), 29 deletions(-)
> >
> > diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
> > -index 117d2fbb..90558c14 100644
> > +index b16c9ec5..612db6a0 100644
> > --- a/include/exec/cpu-all.h
> > +++ b/include/exec/cpu-all.h
> > @@ -163,12 +163,8 @@ extern unsigned long guest_base;
> > @@ -41,7 +41,7 @@ index 117d2fbb..90558c14 100644
> >
> > #include "exec/hwaddr.h"
> > diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
> > -index 95906849..ed17b3f6 100644
> > +index d78041d7..845639f7 100644
> > --- a/include/exec/cpu_ldst.h
> > +++ b/include/exec/cpu_ldst.h
> > @@ -62,13 +62,15 @@ typedef uint64_t abi_ptr;
> > @@ -68,7 +68,7 @@ index 95906849..ed17b3f6 100644
> > #define h2g_nocheck(x) ({ \
> > unsigned long __ret = (unsigned long)(x) - guest_base; \
> > diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> > -index 41e0983c..d0ee1c53 100644
> > +index e0249efe..cfe34b35 100644
> > --- a/linux-user/mmap.c
> > +++ b/linux-user/mmap.c
> > @@ -79,7 +79,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
> > @@ -81,9 +81,9 @@ index 41e0983c..d0ee1c53 100644
> > }
> > prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
> > @@ -490,8 +490,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
> > - * It can fail only on 64-bit host with 32-bit target.
> > - * On any other target/host host mmap() handles this error correctly.
> > - */
> > + * It can fail only on 64-bit host with 32-bit target.
> > + * On any other target/host host mmap() handles this error correctly.
> > + */
> > - if (!guest_range_valid(start, len)) {
> > - errno = ENOMEM;
> > + if ((unsigned long)start + len - 1 > (abi_ulong) -1) {
> > @@ -118,10 +118,10 @@ index 41e0983c..d0ee1c53 100644
> >
> > if (flags & MREMAP_FIXED) {
> > diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> > -index 280137da..efdd0006 100644
> > +index 96cd4bf8..e6754772 100644
> > --- a/linux-user/syscall.c
> > +++ b/linux-user/syscall.c
> > -@@ -3818,9 +3818,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
> > +@@ -3860,9 +3860,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
> > return -TARGET_EINVAL;
> > }
> > }
> > @@ -131,7 +131,7 @@ index 280137da..efdd0006 100644
> >
> > mmap_lock();
> >
> > -@@ -6582,7 +6579,7 @@ static int open_self_maps(void *cpu_env, int fd)
> > +@@ -6633,7 +6630,7 @@ static int open_self_maps(void *cpu_env, int fd)
> > }
> > if (h2g_valid(min)) {
> > int flags = page_get_flags(h2g(min));
> > diff --git a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch b/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
> > similarity index 97%
> > rename from meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
> > rename to meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
> > index 9cbe838811..3a7d7bbd33 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
> > @@ -1,4 +1,4 @@
> > -From d3e0b8dac7c2eb20d7fcff747bc98b981f4398ef Mon Sep 17 00:00:00 2001
> > +From 9125afb733d8c96416bb83c5adad39bb8d0803a1 Mon Sep 17 00:00:00 2001
> > From: Hongxu Jia <hongxu.jia@windriver.com>
> > Date: Tue, 12 Mar 2013 09:54:06 +0800
> > Subject: [PATCH] fix libcap header issue on some distro
> > diff --git a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
> > similarity index 87%
> > rename from meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
> > rename to meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
> > index 27e508c5a3..04664195d1 100644
> > --- a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
> > +++ b/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
> > @@ -1,4 +1,4 @@
> > -From 861c522df7791d7e93743d5641f3ef2a5a3c4632 Mon Sep 17 00:00:00 2001
> > +From 0a53e906510cce1f32bc04a11e81ea40f834dac4 Mon Sep 17 00:00:00 2001
> > From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
> > Date: Wed, 12 Aug 2015 15:11:30 -0500
> > Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
> > @@ -20,10 +20,10 @@ Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
> > create mode 100644 custom_debug.h
> >
> > diff --git a/cpus.c b/cpus.c
> > -index 0ddeeefc..4f3a5624 100644
> > +index e83f72b4..e6e2576e 100644
> > --- a/cpus.c
> > +++ b/cpus.c
> > -@@ -1768,6 +1768,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
> > +@@ -1769,6 +1769,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
> > return NULL;
> > }
> >
> > @@ -32,9 +32,9 @@ index 0ddeeefc..4f3a5624 100644
> > static void qemu_cpu_kick_thread(CPUState *cpu)
> > {
> > #ifndef _WIN32
> > -@@ -1780,6 +1782,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
> > +@@ -1781,6 +1783,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
> > err = pthread_kill(cpu->thread->thread, SIG_IPI);
> > - if (err) {
> > + if (err && err != ESRCH) {
> > fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
> > + fprintf(stderr, "CPU #%d:\n", cpu->cpu_index);
> > + cpu_dump_state(cpu, stderr, fprintf, 0);
> > diff --git a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch b/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
> > deleted file mode 100644
> > index 412aa16046..0000000000
> > --- a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
> > +++ /dev/null
> > @@ -1,85 +0,0 @@
> > -CVE: CVE-2018-16872
> > -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35]
> > -
> > -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> > -
> > -From bab9df35ce73d1c8e19a37e2737717ea1c984dc1 Mon Sep 17 00:00:00 2001
> > -From: Gerd Hoffmann <kraxel@redhat.com>
> > -Date: Thu, 13 Dec 2018 13:25:11 +0100
> > -Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
> > -
> > -Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
> > -While being at it also add O_CLOEXEC.
> > -
> > -usb-mtp only handles regular files and directories and ignores
> > -everything else, so users should not see a difference.
> > -
> > -Because qemu ignores symlinks, carrying out a successful symlink attack
> > -requires swapping an existing file or directory below rootdir for a
> > -symlink and winning the race against the inotify notification to qemu.
> > -
> > -Fixes: CVE-2018-16872
> > -Cc: Prasad J Pandit <ppandit@redhat.com>
> > -Cc: Bandan Das <bsd@redhat.com>
> > -Reported-by: Michael Hanselmann <public@hansmi.ch>
> > -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > -Reviewed-by: Michael Hanselmann <public@hansmi.ch>
> > -Message-id: 20181213122511.13853-1-kraxel@redhat.com
> > ----
> > - hw/usb/dev-mtp.c | 13 +++++++++----
> > - 1 file changed, 9 insertions(+), 4 deletions(-)
> > -
> > -diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
> > -index 100b7171f4..36c43b8c20 100644
> > ---- a/hw/usb/dev-mtp.c
> > -+++ b/hw/usb/dev-mtp.c
> > -@@ -653,13 +653,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
> > - {
> > - struct dirent *entry;
> > - DIR *dir;
> > -+ int fd;
> > -
> > - if (o->have_children) {
> > - return;
> > - }
> > - o->have_children = true;
> > -
> > -- dir = opendir(o->path);
> > -+ fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
> > -+ if (fd < 0) {
> > -+ return;
> > -+ }
> > -+ dir = fdopendir(fd);
> > - if (!dir) {
> > - return;
> > - }
> > -@@ -1007,7 +1012,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
> > -
> > - trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
> > -
> > -- d->fd = open(o->path, O_RDONLY);
> > -+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
> > - if (d->fd == -1) {
> > - usb_mtp_data_free(d);
> > - return NULL;
> > -@@ -1031,7 +1036,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
> > - c->argv[1], c->argv[2]);
> > -
> > - d = usb_mtp_data_alloc(c);
> > -- d->fd = open(o->path, O_RDONLY);
> > -+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
> > - if (d->fd == -1) {
> > - usb_mtp_data_free(d);
> > - return NULL;
> > -@@ -1658,7 +1663,7 @@ static void usb_mtp_write_data(MTPState *s)
> > - 0, 0, 0, 0);
> > - goto done;
> > - }
> > -- d->fd = open(path, O_CREAT | O_WRONLY, mask);
> > -+ d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask);
> > - if (d->fd == -1) {
> > - usb_mtp_queue_result(s, RES_STORE_FULL, d->trans,
> > - 0, 0, 0, 0);
> > ---
> > -2.20.1
> > -
> > diff --git a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch b/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
> > deleted file mode 100644
> > index 985b819409..0000000000
> > --- a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
> > +++ /dev/null
> > @@ -1,60 +0,0 @@
> > -CVE: CVE-2018-20124
> > -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373]
> > -
> > -Backport patch to fix CVE-2018-20124. Update context and stay with current
> > -function comp_handler() which has been replaced with complete_work() in latest
> > -git repo.
> > -
> > -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> > -
> > -From 0e68373cc2b3a063ce067bc0cc3edaf370752890 Mon Sep 17 00:00:00 2001
> > -From: Prasad J Pandit <pjp@fedoraproject.org>
> > -Date: Thu, 13 Dec 2018 01:00:34 +0530
> > -Subject: [PATCH] rdma: check num_sge does not exceed MAX_SGE
> > -
> > -rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set
> > -to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element
> > -with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue.
> > -Add check to avoid it.
> > -
> > -Reported-by: Saar Amar <saaramar5@gmail.com>
> > -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> > -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
> > -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> > ----
> > - hw/rdma/rdma_backend.c | 12 ++++++------
> > - 1 file changed, 6 insertions(+), 6 deletions(-)
> > -
> > -diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
> > -index d7a4bbd9..7f8028f8 100644
> > ---- a/hw/rdma/rdma_backend.c
> > -+++ b/hw/rdma/rdma_backend.c
> > -@@ -311,9 +311,9 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev,
> > - }
> > -
> > - pr_dbg("num_sge=%d\n", num_sge);
> > -- if (!num_sge) {
> > -- pr_dbg("num_sge=0\n");
> > -- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
> > -+ if (!num_sge || num_sge > MAX_SGE) {
> > -+ pr_dbg("invalid num_sge=%d\n", num_sge);
> > -+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
> > - return;
> > - }
> > -
> > -@@ -390,9 +390,9 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
> > - }
> > -
> > - pr_dbg("num_sge=%d\n", num_sge);
> > -- if (!num_sge) {
> > -- pr_dbg("num_sge=0\n");
> > -- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
> > -+ if (!num_sge || num_sge > MAX_SGE) {
> > -+ pr_dbg("invalid num_sge=%d\n", num_sge);
> > -+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
> > - return;
> > - }
> > -
> > ---
> > -2.20.1
> > -
> > diff --git a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch b/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
> > deleted file mode 100644
> > index 56559c8388..0000000000
> > --- a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
> > +++ /dev/null
> > @@ -1,54 +0,0 @@
> > -CVE: CVE-2018-20125
> > -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce]
> > -
> > -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> > -
> > -From 2c858ce5da8ae6689c75182b73bc455a291cad41 Mon Sep 17 00:00:00 2001
> > -From: Prasad J Pandit <pjp@fedoraproject.org>
> > -Date: Thu, 13 Dec 2018 01:00:36 +0530
> > -Subject: [PATCH] pvrdma: check number of pages when creating rings
> > -
> > -When creating CQ/QP rings, an object can have up to
> > -PVRDMA_MAX_FAST_REG_PAGES 8 pages. Check 'npages' parameter
> > -to avoid excessive memory allocation or a null dereference.
> > -
> > -Reported-by: Li Qiang <liq3ea@163.com>
> > -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> > -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
> > -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> > ----
> > - hw/rdma/vmw/pvrdma_cmd.c | 11 +++++++++++
> > - 1 file changed, 11 insertions(+)
> > -
> > -diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
> > -index 3b94545761..f236ac4795 100644
> > ---- a/hw/rdma/vmw/pvrdma_cmd.c
> > -+++ b/hw/rdma/vmw/pvrdma_cmd.c
> > -@@ -259,6 +259,11 @@ static int create_cq_ring(PCIDevice *pci_dev , PvrdmaRing **ring,
> > - int rc = -EINVAL;
> > - char ring_name[MAX_RING_NAME_SZ];
> > -
> > -+ if (!nchunks || nchunks > PVRDMA_MAX_FAST_REG_PAGES) {
> > -+ pr_dbg("invalid nchunks: %d\n", nchunks);
> > -+ return rc;
> > -+ }
> > -+
> > - pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
> > - dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
> > - if (!dir) {
> > -@@ -372,6 +377,12 @@ static int create_qp_rings(PCIDevice *pci_dev, uint64_t pdir_dma,
> > - char ring_name[MAX_RING_NAME_SZ];
> > - uint32_t wqe_sz;
> > -
> > -+ if (!spages || spages > PVRDMA_MAX_FAST_REG_PAGES
> > -+ || !rpages || rpages > PVRDMA_MAX_FAST_REG_PAGES) {
> > -+ pr_dbg("invalid pages: %d, %d\n", spages, rpages);
> > -+ return rc;
> > -+ }
> > -+
> > - pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
> > - dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
> > - if (!dir) {
> > ---
> > -2.20.1
> > -
> > diff --git a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch b/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
> > deleted file mode 100644
> > index 8329f2cfd0..0000000000
> > --- a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
> > +++ /dev/null
> > @@ -1,113 +0,0 @@
> > -CVE: CVE-2018-20126
> > -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c]
> > -
> > -Backport and rebase patch to fix CVE-2018-20126.
> > -
> > -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> > -
> > -From 509f57c98e7536905bb4902363d0cba66ce7e089 Mon Sep 17 00:00:00 2001
> > -From: Prasad J Pandit <pjp@fedoraproject.org>
> > -Date: Thu, 13 Dec 2018 01:00:37 +0530
> > -Subject: [PATCH] pvrdma: release ring object in case of an error
> > -
> > -create_cq and create_qp routines allocate ring object, but it's
> > -not released in case of an error, leading to memory leakage.
> > -
> > -Reported-by: Li Qiang <liq3ea@163.com>
> > -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> > -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
> > -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> > ----
> > - hw/rdma/vmw/pvrdma_cmd.c | 41 ++++++++++++++++++++++++++++++-----------
> > - 1 file changed, 30 insertions(+), 11 deletions(-)
> > -
> > -diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
> > -index 4faeb21..9b6796f 100644
> > ---- a/hw/rdma/vmw/pvrdma_cmd.c
> > -+++ b/hw/rdma/vmw/pvrdma_cmd.c
> > -@@ -310,6 +310,14 @@ out:
> > - return rc;
> > - }
> > -
> > -+static void destroy_cq_ring(PvrdmaRing *ring)
> > -+{
> > -+ pvrdma_ring_free(ring);
> > -+ /* ring_state was in slot 1, not 0 so need to jump back */
> > -+ rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE);
> > -+ g_free(ring);
> > -+}
> > -+
> > - static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
> > - union pvrdma_cmd_resp *rsp)
> > - {
> > -@@ -333,6 +341,10 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
> > -
> > - resp->hdr.err = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev,
> > - cmd->cqe, &resp->cq_handle, ring);
> > -+ if (resp->hdr.err) {
> > -+ destroy_cq_ring(ring);
> > -+ }
> > -+
> > - resp->cqe = cmd->cqe;
> > -
> > - out:
> > -@@ -356,10 +368,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
> > - }
> > -
> > - ring = (PvrdmaRing *)cq->opaque;
> > -- pvrdma_ring_free(ring);
> > -- /* ring_state was in slot 1, not 0 so need to jump back */
> > -- rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE);
> > -- g_free(ring);
> > -+ destroy_cq_ring(ring);
> > -
> > - rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle);
> > -
> > -@@ -451,6 +460,17 @@ out:
> > - return rc;
> > - }
> > -
> > -+static void destroy_qp_rings(PvrdmaRing *ring)
> > -+{
> > -+ pr_dbg("sring=%p\n", &ring[0]);
> > -+ pvrdma_ring_free(&ring[0]);
> > -+ pr_dbg("rring=%p\n", &ring[1]);
> > -+ pvrdma_ring_free(&ring[1]);
> > -+
> > -+ rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE);
> > -+ g_free(ring);
> > -+}
> > -+
> > - static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
> > - union pvrdma_cmd_resp *rsp)
> > - {
> > -@@ -482,6 +502,11 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
> > - cmd->max_recv_wr, cmd->max_recv_sge,
> > - cmd->recv_cq_handle, rings, &resp->qpn);
> > -
> > -+ if (resp->hdr.err) {
> > -+ destroy_qp_rings(rings);
> > -+ return resp->hdr.err;
> > -+ }
> > -+
> > - resp->max_send_wr = cmd->max_send_wr;
> > - resp->max_recv_wr = cmd->max_recv_wr;
> > - resp->max_send_sge = cmd->max_send_sge;
> > -@@ -555,13 +580,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
> > - rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle);
> > -
> > - ring = (PvrdmaRing *)qp->opaque;
> > -- pr_dbg("sring=%p\n", &ring[0]);
> > -- pvrdma_ring_free(&ring[0]);
> > -- pr_dbg("rring=%p\n", &ring[1]);
> > -- pvrdma_ring_free(&ring[1]);
> > --
> > -- rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE);
> > -- g_free(ring);
> > -+ destroy_qp_rings(ring);
> > -
> > - return 0;
> > - }
> > ---
> > -2.20.1
> > -
> > diff --git a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch b/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
> > deleted file mode 100644
> > index 8f8ff0567a..0000000000
> > --- a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
> > +++ /dev/null
> > @@ -1,47 +0,0 @@
> > -CVE: CVE-2018-20191
> > -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2aa8645]
> > -
> > -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> > -
> > -From 2aa86456fb938a11f2b7bd57c8643c213218681c Mon Sep 17 00:00:00 2001
> > -From: Prasad J Pandit <pjp@fedoraproject.org>
> > -Date: Thu, 13 Dec 2018 01:00:35 +0530
> > -Subject: [PATCH] pvrdma: add uar_read routine
> > -
> > -Define skeleton 'uar_read' routine. Avoid NULL dereference.
> > -
> > -Reported-by: Li Qiang <liq3ea@163.com>
> > -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> > -Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> > -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> > ----
> > - hw/rdma/vmw/pvrdma_main.c | 6 ++++++
> > - 1 file changed, 6 insertions(+)
> > -
> > -diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
> > -index 64de16fb52..838ad8a949 100644
> > ---- a/hw/rdma/vmw/pvrdma_main.c
> > -+++ b/hw/rdma/vmw/pvrdma_main.c
> > -@@ -448,6 +448,11 @@ static const MemoryRegionOps regs_ops = {
> > - },
> > - };
> > -
> > -+static uint64_t uar_read(void *opaque, hwaddr addr, unsigned size)
> > -+{
> > -+ return 0xffffffff;
> > -+}
> > -+
> > - static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
> > - {
> > - PVRDMADev *dev = opaque;
> > -@@ -489,6 +494,7 @@ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
> > - }
> > -
> > - static const MemoryRegionOps uar_ops = {
> > -+ .read = uar_read,
> > - .write = uar_write,
> > - .endianness = DEVICE_LITTLE_ENDIAN,
> > - .impl = {
> > ---
> > -2.20.1
> > -
> > diff --git a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch b/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
> > deleted file mode 100644
> > index c02bad3bb9..0000000000
> > --- a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
> > +++ /dev/null
> > @@ -1,85 +0,0 @@
> > -CVE: CVE-2018-20216
> > -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38]
> > -
> > -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> > -
> > -From f1e2e38ee0136b7710a2caa347049818afd57a1b Mon Sep 17 00:00:00 2001
> > -From: Prasad J Pandit <pjp@fedoraproject.org>
> > -Date: Thu, 13 Dec 2018 01:00:39 +0530
> > -Subject: [PATCH] pvrdma: check return value from pvrdma_idx_ring_has_ routines
> > -
> > -pvrdma_idx_ring_has_[data/space] routines also return invalid
> > -index PVRDMA_INVALID_IDX[=-1], if ring has no data/space. Check
> > -return value from these routines to avoid plausible infinite loops.
> > -
> > -Reported-by: Li Qiang <liq3ea@163.com>
> > -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> > -Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
> > -Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> > ----
> > - hw/rdma/vmw/pvrdma_dev_ring.c | 29 +++++++++++------------------
> > - 1 file changed, 11 insertions(+), 18 deletions(-)
> > -
> > -diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
> > -index 01247fc041..e8e5b502f6 100644
> > ---- a/hw/rdma/vmw/pvrdma_dev_ring.c
> > -+++ b/hw/rdma/vmw/pvrdma_dev_ring.c
> > -@@ -73,23 +73,16 @@ out:
> > -
> > - void *pvrdma_ring_next_elem_read(PvrdmaRing *ring)
> > - {
> > -+ int e;
> > - unsigned int idx = 0, offset;
> > -
> > -- /*
> > -- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
> > -- ring->ring_state->cons_head);
> > -- */
> > --
> > -- if (!pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx)) {
> > -+ e = pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx);
> > -+ if (e <= 0) {
> > - pr_dbg("No more data in ring\n");
> > - return NULL;
> > - }
> > -
> > - offset = idx * ring->elem_sz;
> > -- /*
> > -- pr_dbg("idx=%d\n", idx);
> > -- pr_dbg("offset=%d\n", offset);
> > -- */
> > - return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
> > - }
> > -
> > -@@ -105,20 +98,20 @@ void pvrdma_ring_read_inc(PvrdmaRing *ring)
> > -
> > - void *pvrdma_ring_next_elem_write(PvrdmaRing *ring)
> > - {
> > -- unsigned int idx, offset, tail;
> > -+ int idx;
> > -+ unsigned int offset, tail;
> > -
> > -- /*
> > -- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
> > -- ring->ring_state->cons_head);
> > -- */
> > --
> > -- if (!pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail)) {
> > -+ idx = pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail);
> > -+ if (idx <= 0) {
> > - pr_dbg("CQ is full\n");
> > - return NULL;
> > - }
> > -
> > - idx = pvrdma_idx(&ring->ring_state->prod_tail, ring->max_elems);
> > -- /* TODO: tail == idx */
> > -+ if (idx < 0 || tail != idx) {
> > -+ pr_dbg("invalid idx\n");
> > -+ return NULL;
> > -+ }
> > -
> > - offset = idx * ring->elem_sz;
> > - return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
> > ---
> > -2.20.1
> > -
> > diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
> > deleted file mode 100644
> > index 7de5882b3e..0000000000
> > --- a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
> > +++ /dev/null
> > @@ -1,39 +0,0 @@
> > -QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an
> > -out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc()
> > -function. A local attacker with permission to execute i2c commands could exploit
> > -this to read stack memory of the qemu process on the host.
> > -
> > -CVE: CVE-2019-3812
> > -Upstream-Status: Backport
> > -Signed-off-by: Ross Burton <ross.burton@intel.com>
> > -
> > -From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
> > -From: Gerd Hoffmann <kraxel@redhat.com>
> > -Date: Tue, 8 Jan 2019 11:23:01 +0100
> > -Subject: [PATCH] i2c-ddc: fix oob read
> > -MIME-Version: 1.0
> > -Content-Type: text/plain; charset=UTF-8
> > -Content-Transfer-Encoding: 8bit
> > -
> > -Suggested-by: Michael Hanselmann <public@hansmi.ch>
> > -Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > -Reviewed-by: Michael Hanselmann <public@hansmi.ch>
> > -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> > -Message-id: 20190108102301.1957-1-kraxel@redhat.com
> > ----
> > - hw/i2c/i2c-ddc.c | 2 +-
> > - 1 file changed, 1 insertion(+), 1 deletion(-)
> > -
> > -diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
> > -index be34fe072cf..0a0367ff38f 100644
> > ---- a/hw/i2c/i2c-ddc.c
> > -+++ b/hw/i2c/i2c-ddc.c
> > -@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
> > - I2CDDCState *s = I2CDDC(i2c);
> > -
> > - int value;
> > -- value = s->edid_blob[s->reg];
> > -+ value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
> > - s->reg++;
> > - return value;
> > - }
> > diff --git a/meta/recipes-devtools/qemu/qemu_3.1.0.bb b/meta/recipes-devtools/qemu/qemu_4.0.0.bb
> > similarity index 100%
> > rename from meta/recipes-devtools/qemu/qemu_3.1.0.bb
> > rename to meta/recipes-devtools/qemu/qemu_4.0.0.bb
> > --
> > 2.21.0
> >
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0
2019-04-24 0:15 [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0 Alistair Francis
2019-04-24 12:37 ` Burton, Ross
@ 2019-04-25 13:49 ` Richard Purdie
2019-04-25 14:26 ` akuster808
1 sibling, 1 reply; 8+ messages in thread
From: Richard Purdie @ 2019-04-25 13:49 UTC (permalink / raw)
To: Alistair Francis, openembedded-core
On Wed, 2019-04-24 at 00:15 +0000, Alistair Francis wrote:
> This commit upgrade QEMU to the latest 4.0.0 release.
>
> - The COPYING.LIB file has changed SHA to:
> "Synchronize the LGPL 2.1 with the version from gnu.org"
> - SDL 1.2 has been removed, along with the --with-sdlabi command
> line
> arg
> - The backported patches have been removed
> - Al the other patches have been refreshed and the numbering has
> been
> updated
I put this in for testing but it failed as nativesdk-qemu doesn't build
due to unpackaged files:
https://autobuilder.yoctoproject.org/typhoon/#/builders/65/builds/535/steps/7/logs/step1b
Cheers,
Richard
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0
2019-04-25 13:49 ` Richard Purdie
@ 2019-04-25 14:26 ` akuster808
2019-04-25 18:24 ` Alistair Francis
0 siblings, 1 reply; 8+ messages in thread
From: akuster808 @ 2019-04-25 14:26 UTC (permalink / raw)
To: Richard Purdie, Alistair Francis, openembedded-core
On 4/25/19 6:49 AM, Richard Purdie wrote:
> On Wed, 2019-04-24 at 00:15 +0000, Alistair Francis wrote:
>> This commit upgrade QEMU to the latest 4.0.0 release.
>>
>> - The COPYING.LIB file has changed SHA to:
>> "Synchronize the LGPL 2.1 with the version from gnu.org"
>> - SDL 1.2 has been removed, along with the --with-sdlabi command
>> line
>> arg
>> - The backported patches have been removed
>> - Al the other patches have been refreshed and the numbering has
>> been
>> updated
> I put this in for testing but it failed as nativesdk-qemu doesn't build
> due to unpackaged files:
Bug opened: 13308
Thanks,
Your neighborhood swat team.
> https://autobuilder.yoctoproject.org/typhoon/#/builders/65/builds/535/steps/7/logs/step1b
>
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0
2019-04-25 14:26 ` akuster808
@ 2019-04-25 18:24 ` Alistair Francis
2019-04-26 13:40 ` richard.purdie
0 siblings, 1 reply; 8+ messages in thread
From: Alistair Francis @ 2019-04-25 18:24 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-core
On Thu, Apr 25, 2019 at 7:27 AM akuster808 <akuster808@gmail.com> wrote:
>
>
>
> On 4/25/19 6:49 AM, Richard Purdie wrote:
> > On Wed, 2019-04-24 at 00:15 +0000, Alistair Francis wrote:
> >> This commit upgrade QEMU to the latest 4.0.0 release.
> >>
> >> - The COPYING.LIB file has changed SHA to:
> >> "Synchronize the LGPL 2.1 with the version from gnu.org"
> >> - SDL 1.2 has been removed, along with the --with-sdlabi command
> >> line
> >> arg
> >> - The backported patches have been removed
> >> - Al the other patches have been refreshed and the numbering has
> >> been
> >> updated
> > I put this in for testing but it failed as nativesdk-qemu doesn't build
> > due to unpackaged files:
>
> Bug opened: 13308
>
> Thanks,
>
> Your neighborhood swat team.
>
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/65/builds/535/steps/7/logs/step1b
I have updated the patch here:
https://github.com/alistair23/openembedded-core/tree/alistair/qemu-4.0.0
Alistair
> >
> > Cheers,
> >
> > Richard
> >
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0
2019-04-25 18:24 ` Alistair Francis
@ 2019-04-26 13:40 ` richard.purdie
2019-04-26 17:54 ` Alistair Francis
0 siblings, 1 reply; 8+ messages in thread
From: richard.purdie @ 2019-04-26 13:40 UTC (permalink / raw)
To: Alistair Francis, akuster808; +Cc: openembedded-core
On Thu, 2019-04-25 at 11:24 -0700, Alistair Francis wrote:
> On Thu, Apr 25, 2019 at 7:27 AM akuster808 <akuster808@gmail.com> wrote:
> >
> >
> > On 4/25/19 6:49 AM, Richard Purdie wrote:
> > > On Wed, 2019-04-24 at 00:15 +0000, Alistair Francis wrote:
> > > > This commit upgrade QEMU to the latest 4.0.0 release.
> > > >
> > > > - The COPYING.LIB file has changed SHA to:
> > > > "Synchronize the LGPL 2.1 with the version from gnu.org"
> > > > - SDL 1.2 has been removed, along with the --with-sdlabi command
> > > > line
> > > > arg
> > > > - The backported patches have been removed
> > > > - Al the other patches have been refreshed and the numbering has
> > > > been
> > > > updated
> > > I put this in for testing but it failed as nativesdk-qemu doesn't build
> > > due to unpackaged files:
> >
> > Bug opened: 13308
> >
> > Thanks,
> >
> > Your neighborhood swat team.
> >
> > > https://autobuilder.yoctoproject.org/typhoon/#/builders/65/builds/535/steps/7/logs/step1b
>
> I have updated the patch here:
> https://github.com/alistair23/openembedded-core/tree/alistair/qemu-4.0.0
Thanks, this worked better in testing but showed issues with qemuarm
booting:
https://autobuilder.yoctoproject.org/typhoon/#/builders/53/builds/535
https://autobuilder.yoctoproject.org/typhoon/#/builders/47/builds/549
I took it out of -next again and those passed (but some of the other
build failures also in that build remained)
Cheers,
Richard
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0
2019-04-26 13:40 ` richard.purdie
@ 2019-04-26 17:54 ` Alistair Francis
0 siblings, 0 replies; 8+ messages in thread
From: Alistair Francis @ 2019-04-26 17:54 UTC (permalink / raw)
To: Richard Purdie; +Cc: openembedded-core
On Fri, Apr 26, 2019 at 6:40 AM <richard.purdie@linuxfoundation.org> wrote:
>
> On Thu, 2019-04-25 at 11:24 -0700, Alistair Francis wrote:
> > On Thu, Apr 25, 2019 at 7:27 AM akuster808 <akuster808@gmail.com> wrote:
> > >
> > >
> > > On 4/25/19 6:49 AM, Richard Purdie wrote:
> > > > On Wed, 2019-04-24 at 00:15 +0000, Alistair Francis wrote:
> > > > > This commit upgrade QEMU to the latest 4.0.0 release.
> > > > >
> > > > > - The COPYING.LIB file has changed SHA to:
> > > > > "Synchronize the LGPL 2.1 with the version from gnu.org"
> > > > > - SDL 1.2 has been removed, along with the --with-sdlabi command
> > > > > line
> > > > > arg
> > > > > - The backported patches have been removed
> > > > > - Al the other patches have been refreshed and the numbering has
> > > > > been
> > > > > updated
> > > > I put this in for testing but it failed as nativesdk-qemu doesn't build
> > > > due to unpackaged files:
> > >
> > > Bug opened: 13308
> > >
> > > Thanks,
> > >
> > > Your neighborhood swat team.
> > >
> > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/65/builds/535/steps/7/logs/step1b
> >
> > I have updated the patch here:
> > https://github.com/alistair23/openembedded-core/tree/alistair/qemu-4.0.0
>
>
> Thanks, this worked better in testing but showed issues with qemuarm
> booting:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/53/builds/535
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/47/builds/549
I can't reproduce this failure to start (build 549) with my QEMU 4.0
patch applied on master.
I also can't reproduce the ping test failure in build 535.
I do see SSH failures, but I think that's more related to my TAP
set-up (which has never seemed to work correctly) more then anything
else.
Is it possible to get more details from the failures?
Alistair
>
> I took it out of -next again and those passed (but some of the other
> build failures also in that build remained)
>
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-04-26 17:56 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-24 0:15 [PATCH] qemu: Upgrade from 3.1.0 to 4.0.0 Alistair Francis
2019-04-24 12:37 ` Burton, Ross
2019-04-24 17:37 ` Alistair Francis
2019-04-25 13:49 ` Richard Purdie
2019-04-25 14:26 ` akuster808
2019-04-25 18:24 ` Alistair Francis
2019-04-26 13:40 ` richard.purdie
2019-04-26 17:54 ` Alistair Francis
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.