ace-overlay: add qemu-2.9.0-r56 waiting for qemu-2.10 bug https://bugs.launchpad.net/qemu/+bug/1721788 get fixed
This commit is contained in:
parent
e2a4aa92ab
commit
ae97b92720
28
app-emulation/qemu/Manifest
Normal file
28
app-emulation/qemu/Manifest
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
AUX 65-kvm.rules 40 SHA256 c16a8dc7855880b2651f1a3ff488ecc54d4ac1036c71fffd5007021d8d18a7c5 SHA512 98aad2a2f212a7ac0ee5b60a9c92744fa462bce5f26594845c7a31d692aaaca2d52cb57bdbede7dfc60b9862c2a6510665dbb03215d5cf76e62516a283decdd6 WHIRLPOOL 937de93a23930f6b8533f0c3e0dd249c99ddf7d54446dea857607266ac0a4b435c5b4a52b2986b138bace9c0a7ade66f94116b38e2bc4767ead54bd11baf0920
|
||||||
|
AUX 65-kvm.rules-r1 120 SHA256 2f6b5b2600598fc402850bb7026eab0e5822e7221b584795bd2ed1a0290250df SHA512 4132ec4d3e7c1e3cf5e37224be1a3b864bcc0bfde9109e8fea9c99377289c28a7fdcf9155fbbd6605dbf8ebeb020c2ab575dd35e36bdf69f8ad07c4aa9c7b2f7 WHIRLPOOL 34dce92c0851c7edb5449c7d19e8767b09e61a73b551af90d987519e8e9c8c883e8ff8567d4a222294095bafdb58984347c694fc6ac458c630ed8e2d42438180
|
||||||
|
AUX bridge.conf 454 SHA256 a51850dd39923f3482e4c575b48ad9fef9c9ebb2f2176225da399b79ce48c69d SHA512 a907ee86b81a1b61033bb7621ded65112504131ef7b698c53e4014b958ee6fc79e66f63069015a01e41362cb70a7d0ed26dd9a03033cf776f4846f0e1f8f1533 WHIRLPOOL 8fcbd4abf9b8f7ca3d16fe0eaf17196ebf708dfecf85ce0f020e0de22b64905114f7b310f361826c81bb961c6b1bbbf984bff1e595bb949993b8966ccb222c35
|
||||||
|
AUX qemu-2.10.0-CVE-2017-13711.patch 2252 SHA256 0a1b741318920020c2e69312b052ebf6933d7e1ce92e2a0d38de88b3cbee6768 SHA512 3a9145088274e247f86198475bab1e8c3c10705612b0c59ccdf623db5a21f5da73a948ce5362633eb0d817e979cd43a130fe31093c85604590c9bcd37a4912ee WHIRLPOOL e43f833cd3ef88880d9e78732f13087164e0d971df4fc1979ad509f5437bb54d52e34eb0fa05ed09b4b2248f653a65c52e43da65f6bc14ed0c362a74ee93720d
|
||||||
|
AUX qemu-2.10.1-CVE-2017-15268.patch 2016 SHA256 488ea3e0598e7329af9f0873261c7b82a6cc0c30b9bcdd1f8eb636fccc08a965 SHA512 b4c69b53c086c6b12273e43512045e71390ae3486621d41c8310603c1739bcf3a67a7b1f105da48dcff312a145411b90c2f9539dbe890c88b5270f01ddaebf5d WHIRLPOOL 8b74ea691a6134d1f4f7ebaeaf13c9d60497e4ca51767e9c4fccf4e55f9b3831306a88f7fe41b58d918b44a1d09065c795255334a0d111a88c3554ab49ce301c
|
||||||
|
AUX qemu-2.10.1-CVE-2017-15289.patch 1923 SHA256 31b32c9102ee0eb78164242c63ae6d1da92ac64a6d8c3c5841263cc739b50486 SHA512 0541fac994f5989fa74b4909249f216011073e87de60d4df49654c2068d718d2a84b13c2751864073c25f5dd5ce5b5d871f8d0f55e56629d80a8b67599606baa WHIRLPOOL 2d100a5b6771088ed302fb6b64fb5cdfc41c3a9d576907422026bd86486fe14bd51721822fe1285b3ae40720144afcccf30a834dea5954a3808d25c5ef2e2828
|
||||||
|
AUX qemu-2.5.0-cflags.patch 410 SHA256 17f5624dd733f5c80e733cc67ae36a736169ec066024dbf802b416accfed0755 SHA512 0194d28de08b4e51c5bd1c9a2cc7965ba7f66dfddb8fd91de3da93677e6cf2d38ad3270f69aaea8a20cf2533c2980018d6e0fed711be2806fe2053fba7c081f3 WHIRLPOOL 5f5b95d00409fbe03adb64801d30a2fb5f98dded5efa7f0e78b5746776f72917dcbea767e1d0afcb304d8bf8c484adedb8037e6d54e9d34997c2bc3a98b53154
|
||||||
|
AUX qemu-2.5.0-sysmacros.patch 333 SHA256 a5716fc02da383d455f5cbd76f49e4ee74d84c2d5703319adcbeb145d04875f9 SHA512 329632c5bff846ca3ffcdb4bc94ae62f17c6bdbb566f9bec0784357c943523e8ca7773790b83a9617734cab3b003baa3d636cbd08f7385810a63b0fa0383c4f0 WHIRLPOOL 2a774767d4685545d3ed18e4f5dece99a9007597d73c56197652ff24083550f987ffb69e5c624760dece87def71a7c5c22a694bf999d7309e48ef622f18f0d73
|
||||||
|
AUX qemu-2.9.0-CVE-2017-10664.patch 1613 SHA256 5941cc41f0c02b185be3f6ba450f155dfc42e98f538560a054309066d12e5736 SHA512 19be668bd5847b65a82bd710de062bf1bc16a2b93516cbd6842328a71cd8ef8e97f38fa72bffe603a41f7674652a73b9bc05bc6791d265423490aa6de09738ce WHIRLPOOL f3e436bd5ba9e61473e6a66af4a1c0063445ad616a06cbed1760326435fd391d56d6f084eae4b3465928d995cb426f02ed813747aeda0b535ed7ed4a2a598072
|
||||||
|
AUX qemu-2.9.0-CVE-2017-10806.patch 1450 SHA256 ef884e2ed3adb618273af1d036ed0c7e3a09599e3d042080bb4b5014c6bc54d7 SHA512 38fea2c1a2a5a224585a07a028a8c4cfc1bec4d943e85c13e01228062bf306a502b0948270863b226bc974832e3af18158904fbfc08ccdf1f72f06e7830780d5 WHIRLPOOL f02fb957016af684dc894f93ec0b7dcca3febb8d37882aae1e17d2aca9948e200a013ae467cb54c5555e76c73f124a37c95fde189a4492d88322802d8160310c
|
||||||
|
AUX qemu-2.9.0-CVE-2017-11334.patch 1362 SHA256 bc2f3a50ad174e5453d0e4d1e14e9723b316e2339dc25ff31e27060ee13242bb SHA512 422296269ec29b3313c984947ac48b7179ce8e169131624d316589a621778f846b883e76cdfba50c62dc63ab5fede0ad0292704c1ca1cc9e1e7b3b01a153b8c8 WHIRLPOOL 504cf6b2ebfb11bf1471f920d101df28df59f1a585eac31ac278a366f2b769386bc7d100aa8386b3f8f45d5f5f700aa6625be3192eb4f1f3b77e69c6684cf74f
|
||||||
|
AUX qemu-2.9.0-CVE-2017-11434.patch 912 SHA256 e8be3cb9261f8735ff2a50fb8b79ccfea85456c7a2e5a5702fcc5339463dc05a SHA512 db95d9459b9669e0981195fe15f16c4e74d5f00c03e1ce5e33541e005260e77fa114b1b3f30bc06d80b723a6361b704fb58709b25773c168c8aa8f5f96580ac9 WHIRLPOOL c68e25024ab3c1d01e5b53d0a7b1591110b96d78079bc940ec28da2e2770dac6b1f9bbaaeb97c88ea0e1b46db886f7035d81bde582750e560d136916ecdab8a2
|
||||||
|
AUX qemu-2.9.0-CVE-2017-7493.patch 5656 SHA256 77462d39e811e58d3761523a6c580485bdfca0e74adbd10cf24c254e0ece262a SHA512 2b01f2878c98e77997b645ba80e69b5db398ef1e8f2b66344818d3c9af35dd66d49041ef9ee8aa152bf3e94970b4db282cf53909cb13b2532bc0a104251b2e81 WHIRLPOOL 23c788c5a78e126a61bd277e9fa1511cc71b8fbdc83a5bf319c5fc424219cbcceefad737844e45c11a76e047f8a49853d0a85b267f24f7b23bb7276d0edf0451
|
||||||
|
AUX qemu-2.9.0-CVE-2017-8112.patch 696 SHA256 a4dcc2a94749a5c20ef38d4c7ce13cd1ffe46017c77eea29ced0bec5c232e6aa SHA512 840f5270332729e0149a4705bae5fcc16e9503a995d6bfa5033904a544add337ca8ccb1d2a36bb57cc198f6354f5253403f1c4f04cbd18c08b4e1a9d6af9e07f WHIRLPOOL 1ba4e75fdd0c767254c85754612da9e8ff9ba2e7ea0811f723844bec190946805cd59db83f347a3dea4296d2b58d2df4a8d99a492335ba818824348bcebdd556
|
||||||
|
AUX qemu-2.9.0-CVE-2017-8309.patch 595 SHA256 8231747fe4d9c97392fe44b117caccd07d320313dc27fad17ac658122113ced9 SHA512 4415c36acb4f0594de7fe0de2b669d03d6b54ae44eb7f1f285c36223a02cca887b57db27a43ab1cc2e7e193ee5bce2748f9d2056aa925e0cc8f2133e67168a74 WHIRLPOOL af4c5e9763a0e114e554a1c8be99ea79da0b634fdc9d87922c7713187f1f904bfcce103648d549bbb190e92443664dbb9bd7592d8137f2337be0f4b22d1f9bd1
|
||||||
|
AUX qemu-2.9.0-CVE-2017-8379.patch 2736 SHA256 f2f8910c8e1ce9fc9804f4fbbe978fee20ccbfccc5efe49f42cdaafa63c511ce SHA512 79e32f75d98ca4a92a5069b65c5b9cff16064255ed4d161e4e292b97373742c25d5ddc12dfffa627197fdb5e0808108b30d0182a9c060cd181723bd90c618d15 WHIRLPOOL 545c00189da3b252c80bb35c6b6d3368a02b36b06f2866838ddd9ebb9ccf2b608ae278ee192b6b3aef2966736afe9bcdd646c80c228ec5daef76b92bd2721bd5
|
||||||
|
AUX qemu-2.9.0-CVE-2017-8380.patch 1048 SHA256 23eb5ae64b064e46785ae4f675fbe7c6a353f6688dd154ce98b78a0b7104a2fb SHA512 872fabc4f6eee48dff292297887b8c4a18aa6f8c2f9b7247e325c96e10ef8d72206f269d89c4a4a40ea6ad3e5082db40866b0f386f31716e749fb3a7db89d2dd WHIRLPOOL ddce30f5b22707938c2ba419264a6b731f292f0748e3891c7aa48daaa7a4b204a8bb1b4110fbd7c1836a02605e49e170a4bda6ee9eccdd2570472ff0f63c8d37
|
||||||
|
AUX qemu-2.9.0-CVE-2017-9503-1.patch 5036 SHA256 3831acce5d79ab1ad195ee6a26eb276a08fee00143ef6473ad488a49590c26e8 SHA512 690a43f3b15f10f4c030af761b2fcf873eb72d1ca53dd03f15eb35a30454298bda7ddde2b38ed549b8bad1b3a465ad3c7c9334886e75856794c0beee2dcadc2d WHIRLPOOL 909b90579ba60084bb69d3067e9bde6288011649ecc986d3f520dbce31cc9063cf3b175d62d017bf6bfa6026549250d2f64c06d4f0a411a5e95d7cf2af0062d8
|
||||||
|
AUX qemu-2.9.0-CVE-2017-9503-2.patch 4103 SHA256 a08f7f56890e1061d47691181ccdbd4cc2d97b5221d3b438afe8c429427b1e8d SHA512 21ce3255f511c82c7f8848392cb8266d804691a02207f06b950539f025a3bafb3f4c27365956cfa5129a7f0bc1796c006303993a328e72e689b8ff722f71e542 WHIRLPOOL 67bb2f24c2b567855c8f943208c5d4ceacb6df39539cc6ffce3e09fc55052b98aa794d19f70dad4fde515bd3021c46ff53ff374e58f09a802a2222a40eb3bf2d
|
||||||
|
AUX qemu-2.9.0-CVE-2017-9524-1.patch 2624 SHA256 f2479f79a81dba79eeee7a333b50bfb6f3d7e23d4cee6a8a65b291744d676b85 SHA512 7b72e492d4f9f38f15e3ec5ba3765b6d86cb726e8581278f1abcc485245f80d7a6ca9a5378dd214a82e230221d1ec650e90a221335beec8cd18567db7f7ce311 WHIRLPOOL 95b0566a9c7712e00e6200a839f449b8367aead31bf18b797193865825123b50d9f8ff11450f540caa94a102637ee5b7075ceaf8f703482296111a7af270f374
|
||||||
|
AUX qemu-2.9.0-CVE-2017-9524-2.patch 7016 SHA256 092da49ea1aafd9b94f20127b93c1373b9a83ef127cad1d45fdbd8f5a9d9dbe9 SHA512 de25c5506ae955fb799b2c9952120c9feb51b363f5ee277c9b63882938ce56c44702dcd688ecf65a3d2a089503be938432eb62ffa3df7409f4211bb7fa126f26 WHIRLPOOL b38c3a557be778634d53e7c356fb124e7470ad3e58b426677f3405c10faf76fa88d2f354d66a69b8549a64c480a338c94ed425c768394ad4cdd74ed4479ccc89
|
||||||
|
AUX qemu-binfmt.initd-r1 7959 SHA256 13c2791fb48080e9f264670dbe1915f03249d87d740f9b0f2c9502fccb056d03 SHA512 8aee19b4a993113ef4fafe3ab8b561edcc0c16782b36947e757233b6d33d26b48c1b9087c0f300be0d21ad19de14c684e8f2032ae2cd28888130a37ca4d6c314 WHIRLPOOL 3d86861fbe66c0a192a5577b7cd83ab01efd184849b25f8a804aace7a1fb46d87363d6417cc21a3447d2ed50c9db4409121dddae297678e3adc7d4c71556b695
|
||||||
|
AUX qemu-binfmt.initd.head 1445 SHA256 a9b4b1d1ffa82d572c01f14ebfbafb4b3a4c2eb5cad5af62c059f603a9f5a277 SHA512 a735268ae9ac84d8f2f2893bf018ee6de33231fa94a823bd8502b529bb456635c1ab5cf9b440df5ede8e414291f8bf45fc53898c2f3939c50d5ec4ffa554396a WHIRLPOOL 3ec0f916d5928d464fa8416c8eac472cfa01b560bba07642ff7929799918d1c8059ac7368ff5551e6aa993027849de08035d856db7981315d8e4ec470a0f785e
|
||||||
|
AUX qemu-binfmt.initd.tail 245 SHA256 1b765f5212946b73b8e4d92f64d34a9d2e358ef541c02164f6d6dd93cb15e1e7 SHA512 bcca16805f8380d52cc591ea3d65a8f6e5de456730618f6aee301510edb75d235a22d4d7aeed224882210392840adb403eb53234b6cb76a4cb24533852a8b737 WHIRLPOOL 41ddd1751101646e700a6fe4ef879bd4149d646a801f97e40534051895697dcbded06a1edda51457a0d624fbf68442c3e57178a3ee8e683e35368b88d10ba4a4
|
||||||
|
DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1
|
||||||
|
EBUILD qemu-2.9.0-r56.ebuild 23730 SHA256 2912b01e8567360795fef73ff09bf40735bc47c4b1e85d22ea01432e434daea4 SHA512 fb876999c82f735cf7739ef3014848b9afe51608ae0b084f5cdc3de9c409295acd50b2f17a70516e50007f5fd1f8f4ffc824abdfea248e930897870ee2758c08 WHIRLPOOL d4e440a25c8a7159a3857bd20262d1e0d808ab2a67d8620bbcaa2130f3b6f4326ea943e6613075f921a54ee7d9ca2f22739eee4bdd5cf5fabe8904c5fec57ef3
|
||||||
|
EBUILD qemu-2.9.0-r57.ebuild 23783 SHA256 57f7265327250df50acda43d3a2c22a399be0cfe76cbd10b93c10d54b967574b SHA512 7aea2a4805626d378da3c16d845f6750d7646bbdeef99236a254105ceece53b552b1d707f60a26f349eca96e275cd7d5ef7de68caa39325fedfe1fd0a710a434 WHIRLPOOL fe62c1168662c38661afefb5a41e62565ec50ba4f980b203cbcad5629300f54409e942cf41f85b8f8d2f1ecccae086e3266615460d0ac925e1b48a8c0c76d331
|
||||||
|
MISC metadata.xml 3794 SHA256 149f7bc9927e13bbf7355972e85df6f9f198dd17fb575a7e516817d6a88018fb SHA512 10f130f225b90dacf8262247d795a247abfdcbf3ad5fbe0693e8d4db79f755984f690cb150a7eb5a8e5d669ce404145c4fbb6b200d6362319be74759fd78b6d3 WHIRLPOOL 6a5e88caeb64387f619a19fecb55c39ccf3c8dcd360523e8d61b80051001c02fe81432c55e40b3f360295b35e9f5a1f707c570baf95cad06d18c4cd484da0ceb
|
1
app-emulation/qemu/files/65-kvm.rules
Normal file
1
app-emulation/qemu/files/65-kvm.rules
Normal file
@ -0,0 +1 @@
|
|||||||
|
KERNEL=="kvm", GROUP="kvm", MODE="0660"
|
2
app-emulation/qemu/files/65-kvm.rules-r1
Normal file
2
app-emulation/qemu/files/65-kvm.rules-r1
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
KERNEL=="kvm", GROUP="kvm", MODE="0660"
|
||||||
|
KERNEL=="vhost-net", GROUP="kvm", MODE="0660", OPTIONS+="static_node=vhost-net"
|
14
app-emulation/qemu/files/bridge.conf
Normal file
14
app-emulation/qemu/files/bridge.conf
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
# This should have the following permissions: root:qemu 0640
|
||||||
|
|
||||||
|
# allow br0
|
||||||
|
# Uncommenting the above would allow users in the 'qemu' group
|
||||||
|
# to add devices to 'br0'
|
||||||
|
|
||||||
|
# allow virbr0
|
||||||
|
# Uncommenting the above would allow users in the 'qemu' group
|
||||||
|
# to add devices to 'virbr0'
|
||||||
|
|
||||||
|
# include /etc/qemu/bob.conf
|
||||||
|
# Uncommenting the above would allow users in the 'bob' group
|
||||||
|
# to have permissions defined in it, iff it has the following
|
||||||
|
# permissions: root:bob 0640
|
80
app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch
Normal file
80
app-emulation/qemu/files/qemu-2.10.0-CVE-2017-13711.patch
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
||||||
|
Date: Fri, 25 Aug 2017 01:35:53 +0200
|
||||||
|
Subject: [PATCH] slirp: fix clearing ifq_so from pending packets
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The if_fastq and if_batchq contain not only packets, but queues of packets
|
||||||
|
for the same socket. When sofree frees a socket, it thus has to clear ifq_so
|
||||||
|
from all the packets from the queues, not only the first.
|
||||||
|
|
||||||
|
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
||||||
|
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
|
||||||
|
Cc: qemu-stable@nongnu.org
|
||||||
|
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||||
|
---
|
||||||
|
slirp/socket.c | 39 +++++++++++++++++++++++----------------
|
||||||
|
1 file changed, 23 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/slirp/socket.c b/slirp/socket.c
|
||||||
|
index ecec0295a9..cb7b5b608d 100644
|
||||||
|
--- a/slirp/socket.c
|
||||||
|
+++ b/slirp/socket.c
|
||||||
|
@@ -60,29 +60,36 @@ socreate(Slirp *slirp)
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
+ * Remove references to so from the given message queue.
|
||||||
|
+ */
|
||||||
|
+static void
|
||||||
|
+soqfree(struct socket *so, struct quehead *qh)
|
||||||
|
+{
|
||||||
|
+ struct mbuf *ifq;
|
||||||
|
+
|
||||||
|
+ for (ifq = (struct mbuf *) qh->qh_link;
|
||||||
|
+ (struct quehead *) ifq != qh;
|
||||||
|
+ ifq = ifq->ifq_next) {
|
||||||
|
+ if (ifq->ifq_so == so) {
|
||||||
|
+ struct mbuf *ifm;
|
||||||
|
+ ifq->ifq_so = NULL;
|
||||||
|
+ for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
|
||||||
|
+ ifm->ifq_so = NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
* remque and free a socket, clobber cache
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
sofree(struct socket *so)
|
||||||
|
{
|
||||||
|
Slirp *slirp = so->slirp;
|
||||||
|
- struct mbuf *ifm;
|
||||||
|
|
||||||
|
- for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
|
||||||
|
- (struct quehead *) ifm != &slirp->if_fastq;
|
||||||
|
- ifm = ifm->ifq_next) {
|
||||||
|
- if (ifm->ifq_so == so) {
|
||||||
|
- ifm->ifq_so = NULL;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
|
||||||
|
- (struct quehead *) ifm != &slirp->if_batchq;
|
||||||
|
- ifm = ifm->ifq_next) {
|
||||||
|
- if (ifm->ifq_so == so) {
|
||||||
|
- ifm->ifq_so = NULL;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
+ soqfree(so, &slirp->if_fastq);
|
||||||
|
+ soqfree(so, &slirp->if_batchq);
|
||||||
|
|
||||||
|
if (so->so_emu==EMU_RSH && so->extra) {
|
||||||
|
sofree(so->extra);
|
||||||
|
--
|
||||||
|
2.13.5
|
||||||
|
|
54
app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
Normal file
54
app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15268.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
From a7b20a8efa28e5f22c26c06cd06c2f12bc863493 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||||
|
Date: Mon, 9 Oct 2017 14:43:42 +0100
|
||||||
|
Subject: [PATCH] io: monitor encoutput buffer size from websocket GSource
|
||||||
|
|
||||||
|
The websocket GSource is monitoring the size of the rawoutput
|
||||||
|
buffer to determine if the channel can accepts more writes.
|
||||||
|
The rawoutput buffer, however, is merely a temporary staging
|
||||||
|
buffer before data is copied into the encoutput buffer. Thus
|
||||||
|
its size will always be zero when the GSource runs.
|
||||||
|
|
||||||
|
This flaw causes the encoutput buffer to grow without bound
|
||||||
|
if the other end of the underlying data channel doesn't
|
||||||
|
read data being sent. This can be seen with VNC if a client
|
||||||
|
is on a slow WAN link and the guest OS is sending many screen
|
||||||
|
updates. A malicious VNC client can act like it is on a slow
|
||||||
|
link by playing a video in the guest and then reading data
|
||||||
|
very slowly, causing QEMU host memory to expand arbitrarily.
|
||||||
|
|
||||||
|
This issue is assigned CVE-2017-15268, publically reported in
|
||||||
|
|
||||||
|
https://bugs.launchpad.net/qemu/+bug/1718964
|
||||||
|
|
||||||
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||||
|
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||||
|
---
|
||||||
|
io/channel-websock.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/io/channel-websock.c b/io/channel-websock.c
|
||||||
|
index d1d471f86e..04bcc059cd 100644
|
||||||
|
--- a/io/channel-websock.c
|
||||||
|
+++ b/io/channel-websock.c
|
||||||
|
@@ -28,7 +28,7 @@
|
||||||
|
#include <time.h>
|
||||||
|
|
||||||
|
|
||||||
|
-/* Max amount to allow in rawinput/rawoutput buffers */
|
||||||
|
+/* Max amount to allow in rawinput/encoutput buffers */
|
||||||
|
#define QIO_CHANNEL_WEBSOCK_MAX_BUFFER 8192
|
||||||
|
|
||||||
|
#define QIO_CHANNEL_WEBSOCK_CLIENT_KEY_LEN 24
|
||||||
|
@@ -1208,7 +1208,7 @@ qio_channel_websock_source_check(GSource *source)
|
||||||
|
if (wsource->wioc->rawinput.offset || wsource->wioc->io_eof) {
|
||||||
|
cond |= G_IO_IN;
|
||||||
|
}
|
||||||
|
- if (wsource->wioc->rawoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
|
||||||
|
+ if (wsource->wioc->encoutput.offset < QIO_CHANNEL_WEBSOCK_MAX_BUFFER) {
|
||||||
|
cond |= G_IO_OUT;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.13.6
|
||||||
|
|
58
app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch
Normal file
58
app-emulation/qemu/files/qemu-2.10.1-CVE-2017-15289.patch
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
From eb38e1bc3740725ca29a535351de94107ec58d51 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Date: Wed, 11 Oct 2017 10:43:14 +0200
|
||||||
|
Subject: [PATCH] cirrus: fix oob access in mode4and5 write functions
|
||||||
|
|
||||||
|
Move dst calculation into the loop, so we apply the mask on each
|
||||||
|
interation and will not overflow vga memory.
|
||||||
|
|
||||||
|
Cc: Prasad J Pandit <pjp@fedoraproject.org>
|
||||||
|
Reported-by: Niu Guoxiang <niuguoxiang@huawei.com>
|
||||||
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Message-id: 20171011084314.21752-1-kraxel@redhat.com
|
||||||
|
---
|
||||||
|
hw/display/cirrus_vga.c | 6 ++----
|
||||||
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||||
|
index b4d579857a..bc32bf1e39 100644
|
||||||
|
--- a/hw/display/cirrus_vga.c
|
||||||
|
+++ b/hw/display/cirrus_vga.c
|
||||||
|
@@ -2038,15 +2038,14 @@ static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
|
||||||
|
unsigned val = mem_value;
|
||||||
|
uint8_t *dst;
|
||||||
|
|
||||||
|
- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
|
||||||
|
for (x = 0; x < 8; x++) {
|
||||||
|
+ dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask);
|
||||||
|
if (val & 0x80) {
|
||||||
|
*dst = s->cirrus_shadow_gr1;
|
||||||
|
} else if (mode == 5) {
|
||||||
|
*dst = s->cirrus_shadow_gr0;
|
||||||
|
}
|
||||||
|
val <<= 1;
|
||||||
|
- dst++;
|
||||||
|
}
|
||||||
|
memory_region_set_dirty(&s->vga.vram, offset, 8);
|
||||||
|
}
|
||||||
|
@@ -2060,8 +2059,8 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
|
||||||
|
unsigned val = mem_value;
|
||||||
|
uint8_t *dst;
|
||||||
|
|
||||||
|
- dst = s->vga.vram_ptr + (offset &= s->cirrus_addr_mask);
|
||||||
|
for (x = 0; x < 8; x++) {
|
||||||
|
+ dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1);
|
||||||
|
if (val & 0x80) {
|
||||||
|
*dst = s->cirrus_shadow_gr1;
|
||||||
|
*(dst + 1) = s->vga.gr[0x11];
|
||||||
|
@@ -2070,7 +2069,6 @@ static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
|
||||||
|
*(dst + 1) = s->vga.gr[0x10];
|
||||||
|
}
|
||||||
|
val <<= 1;
|
||||||
|
- dst += 2;
|
||||||
|
}
|
||||||
|
memory_region_set_dirty(&s->vga.vram, offset, 16);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.13.6
|
||||||
|
|
13
app-emulation/qemu/files/qemu-2.5.0-cflags.patch
Normal file
13
app-emulation/qemu/files/qemu-2.5.0-cflags.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
--- a/configure
|
||||||
|
+++ b/configure
|
||||||
|
@@ -4468,10 +4468,6 @@ fi
|
||||||
|
if test "$gcov" = "yes" ; then
|
||||||
|
CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
|
||||||
|
LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
|
||||||
|
-elif test "$fortify_source" = "yes" ; then
|
||||||
|
- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
|
||||||
|
-elif test "$debug" = "no"; then
|
||||||
|
- CFLAGS="-O2 $CFLAGS"
|
||||||
|
fi
|
||||||
|
|
||||||
|
##########################################
|
15
app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
Normal file
15
app-emulation/qemu/files/qemu-2.5.0-sysmacros.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
Linux C libs are moving away from implicit header pollution with sys/types.h
|
||||||
|
|
||||||
|
--- a/include/qemu/osdep.h
|
||||||
|
+++ b/include/qemu/osdep.h
|
||||||
|
@@ -78,6 +78,10 @@ extern int daemon(int, int);
|
||||||
|
#include <assert.h>
|
||||||
|
#include <signal.h>
|
||||||
|
|
||||||
|
+#ifdef __linux__
|
||||||
|
+#include <sys/sysmacros.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#ifdef __OpenBSD__
|
||||||
|
#include <sys/signal.h>
|
||||||
|
#endif
|
47
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
Normal file
47
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Max Reitz <mreitz@redhat.com>
|
||||||
|
Date: Sun, 11 Jun 2017 14:37:14 +0200
|
||||||
|
Subject: [PATCH] qemu-nbd: Ignore SIGPIPE
|
||||||
|
|
||||||
|
qemu proper has done so for 13 years
|
||||||
|
(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have
|
||||||
|
done so for four years (526eda14a68d5b3596be715505289b541288ef2a).
|
||||||
|
Ignoring this signal is especially important in qemu-nbd because
|
||||||
|
otherwise a client can easily take down the qemu-nbd server by dropping
|
||||||
|
the connection when the server wants to send something, for example:
|
||||||
|
|
||||||
|
$ qemu-nbd -x foo -f raw -t null-co:// &
|
||||||
|
[1] 12726
|
||||||
|
$ qemu-io -c quit nbd://localhost/bar
|
||||||
|
can't open device nbd://localhost/bar: No export with name 'bar' available
|
||||||
|
[1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co://
|
||||||
|
|
||||||
|
In this case, the client sends an NBD_OPT_ABORT and closes the
|
||||||
|
connection (because it is not required to wait for a reply), but the
|
||||||
|
server replies with an NBD_REP_ACK (because it is required to reply).
|
||||||
|
|
||||||
|
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||||
|
Message-Id: <20170611123714.31292-1-mreitz@redhat.com>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
---
|
||||||
|
qemu-nbd.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/qemu-nbd.c b/qemu-nbd.c
|
||||||
|
index 9464a0461c..4dd3fd4732 100644
|
||||||
|
--- a/qemu-nbd.c
|
||||||
|
+++ b/qemu-nbd.c
|
||||||
|
@@ -581,6 +581,10 @@ int main(int argc, char **argv)
|
||||||
|
sa_sigterm.sa_handler = termsig_handler;
|
||||||
|
sigaction(SIGTERM, &sa_sigterm, NULL);
|
||||||
|
|
||||||
|
+#ifdef CONFIG_POSIX
|
||||||
|
+ signal(SIGPIPE, SIG_IGN);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
module_call_init(MODULE_INIT_TRACE);
|
||||||
|
qcrypto_init(&error_fatal);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.13.0
|
||||||
|
|
50
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
Normal file
50
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Date: Tue, 9 May 2017 13:01:28 +0200
|
||||||
|
Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Don't reinvent a broken wheel, just use the hexdump function we have.
|
||||||
|
|
||||||
|
Impact: low, broken code doesn't run unless you have debug logging
|
||||||
|
enabled.
|
||||||
|
|
||||||
|
Reported-by: 李强 <liqiang6-s@360.cn>
|
||||||
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Message-id: 20170509110128.27261-1-kraxel@redhat.com
|
||||||
|
---
|
||||||
|
hw/usb/redirect.c | 13 +------------
|
||||||
|
1 file changed, 1 insertion(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
|
||||||
|
index b001a27f05..ad5ef783a6 100644
|
||||||
|
--- a/hw/usb/redirect.c
|
||||||
|
+++ b/hw/usb/redirect.c
|
||||||
|
@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
|
||||||
|
static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
|
||||||
|
const uint8_t *data, int len)
|
||||||
|
{
|
||||||
|
- int i, j, n;
|
||||||
|
-
|
||||||
|
if (dev->debug < usbredirparser_debug_data) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- for (i = 0; i < len; i += j) {
|
||||||
|
- char buf[128];
|
||||||
|
-
|
||||||
|
- n = sprintf(buf, "%s", desc);
|
||||||
|
- for (j = 0; j < 8 && i + j < len; j++) {
|
||||||
|
- n += sprintf(buf + n, " %02X", data[i + j]);
|
||||||
|
- }
|
||||||
|
- error_report("%s", buf);
|
||||||
|
- }
|
||||||
|
+ qemu_hexdump((char *)data, stderr, desc, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
--
|
||||||
|
2.13.0
|
||||||
|
|
40
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
Normal file
40
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest
|
||||||
|
From: Prasad J Pandit <address@hidden>
|
||||||
|
|
||||||
|
When accessing guest's ram block during DMA operation, use
|
||||||
|
'qemu_ram_ptr_length' to get ram block pointer. It ensures
|
||||||
|
that DMA operation of given length is possible; And avoids
|
||||||
|
any OOB memory access situations.
|
||||||
|
|
||||||
|
Reported-by: Alex <address@hidden>
|
||||||
|
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||||
|
Message-Id: <address@hidden>
|
||||||
|
Signed-off-by: Paolo Bonzini <address@hidden>
|
||||||
|
---
|
||||||
|
exec.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/exec.c b/exec.c
|
||||||
|
index a083ff8..ad103ce 100644
|
||||||
|
--- a/exec.c
|
||||||
|
+++ b/exec.c
|
||||||
|
@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* RAM case */
|
||||||
|
- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
|
||||||
|
+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
|
||||||
|
memcpy(ptr, buf, l);
|
||||||
|
invalidate_and_set_dirty(mr, addr1, l);
|
||||||
|
}
|
||||||
|
@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* RAM case */
|
||||||
|
- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
|
||||||
|
+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
|
||||||
|
memcpy(buf, ptr, l);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
1.8.3.1
|
29
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
Normal file
29
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
|
||||||
|
From: Prasad J Pandit <address@hidden>
|
||||||
|
|
||||||
|
While parsing dhcp options string in 'dhcp_decode', if an options'
|
||||||
|
length 'len' appeared towards the end of 'bp_vend' array, ensuing
|
||||||
|
read could lead to an OOB memory access issue. Add check to avoid it.
|
||||||
|
|
||||||
|
Reported-by: Reno Robert <address@hidden>
|
||||||
|
Signed-off-by: Prasad J Pandit <address@hidden>
|
||||||
|
---
|
||||||
|
slirp/bootp.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/slirp/bootp.c b/slirp/bootp.c
|
||||||
|
index 5a4646c..5dd1a41 100644
|
||||||
|
--- a/slirp/bootp.c
|
||||||
|
+++ b/slirp/bootp.c
|
||||||
|
@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
|
||||||
|
if (p >= p_end)
|
||||||
|
break;
|
||||||
|
len = *p++;
|
||||||
|
+ if (p + len > p_end) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
|
||||||
|
|
||||||
|
switch(tag) {
|
||||||
|
--
|
||||||
|
2.9.4
|
174
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
Normal file
174
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
Normal file
@ -0,0 +1,174 @@
|
|||||||
|
From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Greg Kurz <groug@kaod.org>
|
||||||
|
Date: Fri, 5 May 2017 14:48:08 +0200
|
||||||
|
Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
|
||||||
|
|
||||||
|
When using the mapped-file security mode, we shouldn't let the client mess
|
||||||
|
with the metadata. The current code already tries to hide the metadata dir
|
||||||
|
from the client by skipping it in local_readdir(). But the client can still
|
||||||
|
access or modify it through several other operations. This can be used to
|
||||||
|
escalate privileges in the guest.
|
||||||
|
|
||||||
|
Affected backend operations are:
|
||||||
|
- local_mknod()
|
||||||
|
- local_mkdir()
|
||||||
|
- local_open2()
|
||||||
|
- local_symlink()
|
||||||
|
- local_link()
|
||||||
|
- local_unlinkat()
|
||||||
|
- local_renameat()
|
||||||
|
- local_rename()
|
||||||
|
- local_name_to_path()
|
||||||
|
|
||||||
|
Other operations are safe because they are only passed a fid path, which
|
||||||
|
is computed internally in local_name_to_path().
|
||||||
|
|
||||||
|
This patch converts all the functions listed above to fail and return
|
||||||
|
EINVAL when being passed the name of the metadata dir. This may look
|
||||||
|
like a poor choice for errno, but there's no such thing as an illegal
|
||||||
|
path name on Linux and I could not think of anything better.
|
||||||
|
|
||||||
|
This fixes CVE-2017-7493.
|
||||||
|
|
||||||
|
Reported-by: Leo Gaspard <leo@gaspard.io>
|
||||||
|
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||||
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||||
|
---
|
||||||
|
hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
|
||||||
|
1 file changed, 56 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
|
||||||
|
index f3ebca4f7a..a2486566af 100644
|
||||||
|
--- a/hw/9pfs/9p-local.c
|
||||||
|
+++ b/hw/9pfs/9p-local.c
|
||||||
|
@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
|
||||||
|
return telldir(fs->dir.stream);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
|
||||||
|
+{
|
||||||
|
+ return !strcmp(name, VIRTFS_META_DIR);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
|
||||||
|
{
|
||||||
|
struct dirent *entry;
|
||||||
|
@@ -465,8 +470,8 @@ again:
|
||||||
|
if (ctx->export_flags & V9FS_SM_MAPPED) {
|
||||||
|
entry->d_type = DT_UNKNOWN;
|
||||||
|
} else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
|
||||||
|
- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
|
||||||
|
- /* skp the meta data directory */
|
||||||
|
+ if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
|
||||||
|
+ /* skip the meta data directory */
|
||||||
|
goto again;
|
||||||
|
}
|
||||||
|
entry->d_type = DT_UNKNOWN;
|
||||||
|
@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
|
||||||
|
int err = -1;
|
||||||
|
int dirfd;
|
||||||
|
|
||||||
|
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
|
||||||
|
+ local_is_mapped_file_metadata(fs_ctx, name)) {
|
||||||
|
+ errno = EINVAL;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
|
||||||
|
if (dirfd == -1) {
|
||||||
|
return -1;
|
||||||
|
@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
|
||||||
|
int err = -1;
|
||||||
|
int dirfd;
|
||||||
|
|
||||||
|
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
|
||||||
|
+ local_is_mapped_file_metadata(fs_ctx, name)) {
|
||||||
|
+ errno = EINVAL;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
|
||||||
|
if (dirfd == -1) {
|
||||||
|
return -1;
|
||||||
|
@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
|
||||||
|
int err = -1;
|
||||||
|
int dirfd;
|
||||||
|
|
||||||
|
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
|
||||||
|
+ local_is_mapped_file_metadata(fs_ctx, name)) {
|
||||||
|
+ errno = EINVAL;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Mark all the open to not follow symlinks
|
||||||
|
*/
|
||||||
|
@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
|
||||||
|
int err = -1;
|
||||||
|
int dirfd;
|
||||||
|
|
||||||
|
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
|
||||||
|
+ local_is_mapped_file_metadata(fs_ctx, name)) {
|
||||||
|
+ errno = EINVAL;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
|
||||||
|
if (dirfd == -1) {
|
||||||
|
return -1;
|
||||||
|
@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
|
||||||
|
int ret = -1;
|
||||||
|
int odirfd, ndirfd;
|
||||||
|
|
||||||
|
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
|
||||||
|
+ local_is_mapped_file_metadata(ctx, name)) {
|
||||||
|
+ errno = EINVAL;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
odirfd = local_opendir_nofollow(ctx, odirpath);
|
||||||
|
if (odirfd == -1) {
|
||||||
|
goto out;
|
||||||
|
@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
|
||||||
|
static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
|
||||||
|
const char *name, V9fsPath *target)
|
||||||
|
{
|
||||||
|
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
|
||||||
|
+ local_is_mapped_file_metadata(ctx, name)) {
|
||||||
|
+ errno = EINVAL;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (dir_path) {
|
||||||
|
v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
|
||||||
|
} else if (strcmp(name, "/")) {
|
||||||
|
@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
|
||||||
|
int ret;
|
||||||
|
int odirfd, ndirfd;
|
||||||
|
|
||||||
|
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
|
||||||
|
+ (local_is_mapped_file_metadata(ctx, old_name) ||
|
||||||
|
+ local_is_mapped_file_metadata(ctx, new_name))) {
|
||||||
|
+ errno = EINVAL;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
odirfd = local_opendir_nofollow(ctx, olddir->data);
|
||||||
|
if (odirfd == -1) {
|
||||||
|
return -1;
|
||||||
|
@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
|
||||||
|
int ret;
|
||||||
|
int dirfd;
|
||||||
|
|
||||||
|
+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
|
||||||
|
+ local_is_mapped_file_metadata(ctx, name)) {
|
||||||
|
+ errno = EINVAL;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
dirfd = local_opendir_nofollow(ctx, dir->data);
|
||||||
|
if (dirfd == -1) {
|
||||||
|
return -1;
|
||||||
|
--
|
||||||
|
2.13.0
|
||||||
|
|
22
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
Normal file
22
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
CVE-2017-8112
|
||||||
|
|
||||||
|
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html
|
||||||
|
---
|
||||||
|
hw/scsi/vmw_pvscsi.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
|
||||||
|
index 7557546..4a106da 100644
|
||||||
|
--- a/hw/scsi/vmw_pvscsi.c
|
||||||
|
+++ b/hw/scsi/vmw_pvscsi.c
|
||||||
|
@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
|
||||||
|
uint32_t len_log2;
|
||||||
|
uint32_t ring_size;
|
||||||
|
|
||||||
|
- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
|
||||||
|
+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
|
||||||
|
--
|
||||||
|
2.9.3
|
22
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
Normal file
22
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
bug #616870
|
||||||
|
|
||||||
|
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
|
||||||
|
---
|
||||||
|
audio/audio.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/audio/audio.c b/audio/audio.c
|
||||||
|
index c8898d8422..beafed209b 100644
|
||||||
|
--- a/audio/audio.c
|
||||||
|
+++ b/audio/audio.c
|
||||||
|
@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
|
||||||
|
sw = sw1;
|
||||||
|
}
|
||||||
|
QLIST_REMOVE (cap, entries);
|
||||||
|
+ g_free (cap->hw.mix_buf);
|
||||||
|
+ g_free (cap->buf);
|
||||||
|
g_free (cap);
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
--
|
||||||
|
2.9.3
|
76
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
Normal file
76
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
bug #616872
|
||||||
|
|
||||||
|
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
|
||||||
|
---
|
||||||
|
ui/input.c | 14 +++++++++++---
|
||||||
|
1 file changed, 11 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/ui/input.c b/ui/input.c
|
||||||
|
index ed88cda6d6..fb1f404095 100644
|
||||||
|
--- a/ui/input.c
|
||||||
|
+++ b/ui/input.c
|
||||||
|
@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
|
||||||
|
QTAILQ_HEAD_INITIALIZER(kbd_queue);
|
||||||
|
static QEMUTimer *kbd_timer;
|
||||||
|
static uint32_t kbd_default_delay_ms = 10;
|
||||||
|
+static uint32_t queue_count;
|
||||||
|
+static uint32_t queue_limit = 1024;
|
||||||
|
|
||||||
|
QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
|
||||||
|
QemuInputHandler *handler)
|
||||||
|
@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
QTAILQ_REMOVE(queue, item, node);
|
||||||
|
+ queue_count--;
|
||||||
|
g_free(item);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
|
||||||
|
item->delay_ms = delay_ms;
|
||||||
|
item->timer = timer;
|
||||||
|
QTAILQ_INSERT_TAIL(queue, item, node);
|
||||||
|
+ queue_count++;
|
||||||
|
|
||||||
|
if (start_timer) {
|
||||||
|
timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
|
||||||
|
@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
|
||||||
|
item->src = src;
|
||||||
|
item->evt = evt;
|
||||||
|
QTAILQ_INSERT_TAIL(queue, item, node);
|
||||||
|
+ queue_count++;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
|
||||||
|
@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
|
||||||
|
|
||||||
|
item->type = QEMU_INPUT_QUEUE_SYNC;
|
||||||
|
QTAILQ_INSERT_TAIL(queue, item, node);
|
||||||
|
+ queue_count++;
|
||||||
|
}
|
||||||
|
|
||||||
|
void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
|
||||||
|
@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
|
||||||
|
qemu_input_event_send(src, evt);
|
||||||
|
qemu_input_event_sync();
|
||||||
|
qapi_free_InputEvent(evt);
|
||||||
|
- } else {
|
||||||
|
+ } else if (queue_count < queue_limit) {
|
||||||
|
qemu_input_queue_event(&kbd_queue, src, evt);
|
||||||
|
qemu_input_queue_sync(&kbd_queue);
|
||||||
|
}
|
||||||
|
@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
|
||||||
|
kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
|
||||||
|
&kbd_queue);
|
||||||
|
}
|
||||||
|
- qemu_input_queue_delay(&kbd_queue, kbd_timer,
|
||||||
|
- delay_ms ? delay_ms : kbd_default_delay_ms);
|
||||||
|
+ if (queue_count < queue_limit) {
|
||||||
|
+ qemu_input_queue_delay(&kbd_queue, kbd_timer,
|
||||||
|
+ delay_ms ? delay_ms : kbd_default_delay_ms);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
|
||||||
|
--
|
||||||
|
2.9.3
|
34
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
Normal file
34
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
bug #616874
|
||||||
|
|
||||||
|
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
|
||||||
|
---
|
||||||
|
hw/scsi/megasas.c | 10 +++++-----
|
||||||
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
|
||||||
|
index 84b8caf..804122a 100644
|
||||||
|
--- a/hw/scsi/megasas.c
|
||||||
|
+++ b/hw/scsi/megasas.c
|
||||||
|
@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
|
||||||
|
case MFI_SEQ:
|
||||||
|
trace_megasas_mmio_writel("MFI_SEQ", val);
|
||||||
|
/* Magic sequence to start ADP reset */
|
||||||
|
- if (adp_reset_seq[s->adp_reset] == val) {
|
||||||
|
- s->adp_reset++;
|
||||||
|
+ if (adp_reset_seq[s->adp_reset++] == val) {
|
||||||
|
+ if (s->adp_reset == 6) {
|
||||||
|
+ s->adp_reset = 0;
|
||||||
|
+ s->diag = MFI_DIAG_WRITE_ENABLE;
|
||||||
|
+ }
|
||||||
|
} else {
|
||||||
|
s->adp_reset = 0;
|
||||||
|
s->diag = 0;
|
||||||
|
}
|
||||||
|
- if (s->adp_reset == 6) {
|
||||||
|
- s->diag = MFI_DIAG_WRITE_ENABLE;
|
||||||
|
- }
|
||||||
|
break;
|
||||||
|
case MFI_DIAG:
|
||||||
|
trace_megasas_mmio_writel("MFI_DIAG", val);
|
||||||
|
--
|
||||||
|
2.9.3
|
122
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
Normal file
122
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Date: Thu, 1 Jun 2017 17:26:14 +0200
|
||||||
|
Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
|
||||||
|
|
||||||
|
This ensures that the request is unref'ed properly, and avoids a
|
||||||
|
segmentation fault in the new qtest testcase that is added.
|
||||||
|
This is CVE-2017-9503.
|
||||||
|
|
||||||
|
Reported-by: Zhangyanyu <zyy4013@stu.ouc.edu.cn>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
---
|
||||||
|
hw/scsi/megasas.c | 31 ++++++++++++++++---------------
|
||||||
|
2 files changed, 51 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
|
||||||
|
index 135662df31..734fdaef90 100644
|
||||||
|
--- a/hw/scsi/megasas.c
|
||||||
|
+++ b/hw/scsi/megasas.c
|
||||||
|
@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
|
||||||
|
static void megasas_abort_command(MegasasCmd *cmd)
|
||||||
|
{
|
||||||
|
/* Never abort internal commands. */
|
||||||
|
+ if (cmd->dcmd_opcode != -1) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
if (cmd->req != NULL) {
|
||||||
|
scsi_req_cancel(cmd->req);
|
||||||
|
}
|
||||||
|
@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
|
||||||
|
uint64_t pd_size;
|
||||||
|
uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
|
||||||
|
uint8_t cmdbuf[6];
|
||||||
|
- SCSIRequest *req;
|
||||||
|
size_t len, resid;
|
||||||
|
|
||||||
|
if (!cmd->iov_buf) {
|
||||||
|
@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
|
||||||
|
info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
|
||||||
|
info->vpd_page83[0] = 0x7f;
|
||||||
|
megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
|
||||||
|
- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
|
||||||
|
- if (!req) {
|
||||||
|
+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
|
||||||
|
+ if (!cmd->req) {
|
||||||
|
trace_megasas_dcmd_req_alloc_failed(cmd->index,
|
||||||
|
"PD get info std inquiry");
|
||||||
|
g_free(cmd->iov_buf);
|
||||||
|
@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
|
||||||
|
}
|
||||||
|
trace_megasas_dcmd_internal_submit(cmd->index,
|
||||||
|
"PD get info std inquiry", lun);
|
||||||
|
- len = scsi_req_enqueue(req);
|
||||||
|
+ len = scsi_req_enqueue(cmd->req);
|
||||||
|
if (len > 0) {
|
||||||
|
cmd->iov_size = len;
|
||||||
|
- scsi_req_continue(req);
|
||||||
|
+ scsi_req_continue(cmd->req);
|
||||||
|
}
|
||||||
|
return MFI_STAT_INVALID_STATUS;
|
||||||
|
} else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
|
||||||
|
megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
|
||||||
|
- req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
|
||||||
|
- if (!req) {
|
||||||
|
+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
|
||||||
|
+ if (!cmd->req) {
|
||||||
|
trace_megasas_dcmd_req_alloc_failed(cmd->index,
|
||||||
|
"PD get info vpd inquiry");
|
||||||
|
return MFI_STAT_FLASH_ALLOC_FAIL;
|
||||||
|
}
|
||||||
|
trace_megasas_dcmd_internal_submit(cmd->index,
|
||||||
|
"PD get info vpd inquiry", lun);
|
||||||
|
- len = scsi_req_enqueue(req);
|
||||||
|
+ len = scsi_req_enqueue(cmd->req);
|
||||||
|
if (len > 0) {
|
||||||
|
cmd->iov_size = len;
|
||||||
|
- scsi_req_continue(req);
|
||||||
|
+ scsi_req_continue(cmd->req);
|
||||||
|
}
|
||||||
|
return MFI_STAT_INVALID_STATUS;
|
||||||
|
}
|
||||||
|
@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
|
||||||
|
struct mfi_ld_info *info = cmd->iov_buf;
|
||||||
|
size_t dcmd_size = sizeof(struct mfi_ld_info);
|
||||||
|
uint8_t cdb[6];
|
||||||
|
- SCSIRequest *req;
|
||||||
|
ssize_t len, resid;
|
||||||
|
uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
|
||||||
|
uint64_t ld_size;
|
||||||
|
@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
|
||||||
|
cmd->iov_buf = g_malloc0(dcmd_size);
|
||||||
|
info = cmd->iov_buf;
|
||||||
|
megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
|
||||||
|
- req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
|
||||||
|
- if (!req) {
|
||||||
|
+ cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
|
||||||
|
+ if (!cmd->req) {
|
||||||
|
trace_megasas_dcmd_req_alloc_failed(cmd->index,
|
||||||
|
"LD get info vpd inquiry");
|
||||||
|
g_free(cmd->iov_buf);
|
||||||
|
@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
|
||||||
|
}
|
||||||
|
trace_megasas_dcmd_internal_submit(cmd->index,
|
||||||
|
"LD get info vpd inquiry", lun);
|
||||||
|
- len = scsi_req_enqueue(req);
|
||||||
|
+ len = scsi_req_enqueue(cmd->req);
|
||||||
|
if (len > 0) {
|
||||||
|
cmd->iov_size = len;
|
||||||
|
- scsi_req_continue(req);
|
||||||
|
+ scsi_req_continue(cmd->req);
|
||||||
|
}
|
||||||
|
return MFI_STAT_INVALID_STATUS;
|
||||||
|
}
|
||||||
|
@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (cmd->req == NULL) {
|
||||||
|
+ if (cmd->dcmd_opcode != -1) {
|
||||||
|
/*
|
||||||
|
* Internal command complete
|
||||||
|
*/
|
114
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
Normal file
114
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Date: Thu, 1 Jun 2017 17:18:23 +0200
|
||||||
|
Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
|
||||||
|
|
||||||
|
Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
|
||||||
|
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
---
|
||||||
|
hw/scsi/megasas.c | 25 +++++++++++--------------
|
||||||
|
1 file changed, 11 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
|
||||||
|
index c353118882..a3f75c1650 100644
|
||||||
|
--- a/hw/scsi/megasas.c
|
||||||
|
+++ b/hw/scsi/megasas.c
|
||||||
|
@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
|
||||||
|
|
||||||
|
hwaddr pa;
|
||||||
|
hwaddr pa_size;
|
||||||
|
+ uint32_t dcmd_opcode;
|
||||||
|
union mfi_frame *frame;
|
||||||
|
SCSIRequest *req;
|
||||||
|
QEMUSGList qsg;
|
||||||
|
@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
|
||||||
|
cmd->context &= (uint64_t)0xFFFFFFFF;
|
||||||
|
}
|
||||||
|
cmd->count = count;
|
||||||
|
+ cmd->dcmd_opcode = -1;
|
||||||
|
s->busy++;
|
||||||
|
|
||||||
|
if (s->consumer_pa) {
|
||||||
|
@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
|
||||||
|
|
||||||
|
static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
|
||||||
|
{
|
||||||
|
- int opcode;
|
||||||
|
int retval = 0;
|
||||||
|
size_t len;
|
||||||
|
const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
|
||||||
|
|
||||||
|
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
|
||||||
|
- trace_megasas_handle_dcmd(cmd->index, opcode);
|
||||||
|
+ cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
|
||||||
|
+ trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
|
||||||
|
if (megasas_map_dcmd(s, cmd) < 0) {
|
||||||
|
return MFI_STAT_MEMORY_NOT_AVAILABLE;
|
||||||
|
}
|
||||||
|
- while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
|
||||||
|
+ while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
|
||||||
|
cmdptr++;
|
||||||
|
}
|
||||||
|
len = cmd->iov_size;
|
||||||
|
if (cmdptr->opcode == -1) {
|
||||||
|
- trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
|
||||||
|
+ trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
|
||||||
|
retval = megasas_dcmd_dummy(s, cmd);
|
||||||
|
} else {
|
||||||
|
trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
|
||||||
|
@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
|
||||||
|
static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
|
||||||
|
SCSIRequest *req)
|
||||||
|
{
|
||||||
|
- int opcode;
|
||||||
|
int retval = MFI_STAT_OK;
|
||||||
|
int lun = req->lun;
|
||||||
|
|
||||||
|
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
|
||||||
|
- trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
|
||||||
|
- switch (opcode) {
|
||||||
|
+ trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
|
||||||
|
+ switch (cmd->dcmd_opcode) {
|
||||||
|
case MFI_DCMD_PD_GET_INFO:
|
||||||
|
retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
|
||||||
|
break;
|
||||||
|
@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
|
||||||
|
retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
- trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
|
||||||
|
+ trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
|
||||||
|
retval = MFI_STAT_INVALID_DCMD;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
|
||||||
|
{
|
||||||
|
MegasasCmd *cmd = req->hba_private;
|
||||||
|
uint8_t *buf;
|
||||||
|
- uint32_t opcode;
|
||||||
|
|
||||||
|
trace_megasas_io_complete(cmd->index, len);
|
||||||
|
|
||||||
|
@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
|
||||||
|
}
|
||||||
|
|
||||||
|
buf = scsi_req_get_buf(req);
|
||||||
|
- opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
|
||||||
|
- if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
|
||||||
|
+ if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
|
||||||
|
struct mfi_pd_info *info = cmd->iov_buf;
|
||||||
|
|
||||||
|
if (info->inquiry_data[0] == 0x7f) {
|
||||||
|
@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
|
||||||
|
memcpy(info->vpd_page83, buf, len);
|
||||||
|
}
|
||||||
|
scsi_req_continue(req);
|
||||||
|
- } else if (opcode == MFI_DCMD_LD_GET_INFO) {
|
||||||
|
+ } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
|
||||||
|
struct mfi_ld_info *info = cmd->iov_buf;
|
||||||
|
|
||||||
|
if (cmd->iov_buf) {
|
||||||
|
--
|
||||||
|
2.13.0
|
||||||
|
|
80
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
Normal file
80
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eric Blake <eblake@redhat.com>
|
||||||
|
Date: Fri, 26 May 2017 22:04:21 -0500
|
||||||
|
Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
|
||||||
|
|
||||||
|
If a non-NBD client connects to qemu-nbd, we would end up with
|
||||||
|
a SIGSEGV in nbd_client_put() because we were trying to
|
||||||
|
unregister the client's association to the export, even though
|
||||||
|
we skipped inserting the client into that list. Easy trigger
|
||||||
|
in two terminals:
|
||||||
|
|
||||||
|
$ qemu-nbd -p 30001 --format=raw file
|
||||||
|
$ nmap 127.0.0.1 -p 30001
|
||||||
|
|
||||||
|
nmap claims that it thinks it connected to a pago-services1
|
||||||
|
server (which probably means nmap could be updated to learn the
|
||||||
|
NBD protocol and give a more accurate diagnosis of the open
|
||||||
|
port - but that's not our problem), then terminates immediately,
|
||||||
|
so our call to nbd_negotiate() fails. The fix is to reorder
|
||||||
|
nbd_co_client_start() to ensure that all initialization occurs
|
||||||
|
before we ever try talking to a client in nbd_negotiate(), so
|
||||||
|
that the teardown sequence on negotiation failure doesn't fault
|
||||||
|
while dereferencing a half-initialized object.
|
||||||
|
|
||||||
|
While debugging this, I also noticed that nbd_update_server_watch()
|
||||||
|
called by nbd_client_closed() was still adding a channel to accept
|
||||||
|
the next client, even when the state was no longer RUNNING. That
|
||||||
|
is fixed by making nbd_can_accept() pay attention to the current
|
||||||
|
state.
|
||||||
|
|
||||||
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
|
||||||
|
|
||||||
|
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||||
|
Message-Id: <20170527030421.28366-1-eblake@redhat.com>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
---
|
||||||
|
nbd/server.c | 8 +++-----
|
||||||
|
qemu-nbd.c | 2 +-
|
||||||
|
2 files changed, 4 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/nbd/server.c b/nbd/server.c
|
||||||
|
index ee59e5d234..49b55f6ede 100644
|
||||||
|
--- a/nbd/server.c
|
||||||
|
+++ b/nbd/server.c
|
||||||
|
@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
|
||||||
|
|
||||||
|
if (exp) {
|
||||||
|
nbd_export_get(exp);
|
||||||
|
+ QTAILQ_INSERT_TAIL(&exp->clients, client, next);
|
||||||
|
}
|
||||||
|
+ qemu_co_mutex_init(&client->send_lock);
|
||||||
|
+
|
||||||
|
if (nbd_negotiate(data)) {
|
||||||
|
client_close(client);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
- qemu_co_mutex_init(&client->send_lock);
|
||||||
|
-
|
||||||
|
- if (exp) {
|
||||||
|
- QTAILQ_INSERT_TAIL(&exp->clients, client, next);
|
||||||
|
- }
|
||||||
|
|
||||||
|
nbd_client_receive_next_request(client);
|
||||||
|
|
||||||
|
diff --git a/qemu-nbd.c b/qemu-nbd.c
|
||||||
|
index f60842fd86..651f85ecc1 100644
|
||||||
|
--- a/qemu-nbd.c
|
||||||
|
+++ b/qemu-nbd.c
|
||||||
|
@@ -325,7 +325,7 @@ out:
|
||||||
|
|
||||||
|
static int nbd_can_accept(void)
|
||||||
|
{
|
||||||
|
- return nb_fds < shared;
|
||||||
|
+ return state == RUNNING && nb_fds < shared;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void nbd_export_closed(NBDExport *exp)
|
||||||
|
--
|
||||||
|
2.13.0
|
||||||
|
|
197
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
Normal file
197
app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
Normal file
@ -0,0 +1,197 @@
|
|||||||
|
From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eric Blake <eblake@redhat.com>
|
||||||
|
Date: Thu, 8 Jun 2017 17:26:17 -0500
|
||||||
|
Subject: [PATCH] nbd: Fix regression on resiliency to port scan
|
||||||
|
|
||||||
|
Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
|
||||||
|
server would not quit, regardless of how many probe connections
|
||||||
|
came and went, until a connection actually negotiated). But we
|
||||||
|
broke that in commit ee7d7aa when removing the return value to
|
||||||
|
nbd_client_new(), although that patch also introduced a bug causing
|
||||||
|
an assertion failure on a client that fails negotiation. We then
|
||||||
|
made it worse during refactoring in commit 1a6245a (a segfault
|
||||||
|
before we could even assert); the (masked) assertion was cleaned
|
||||||
|
up in d3780c2 (still in 2.6), and just recently we finally fixed
|
||||||
|
the segfault ("nbd: Fully intialize client in case of failed
|
||||||
|
negotiation"). But that still means that ever since we added
|
||||||
|
TLS support to qemu-nbd, we have been vulnerable to an ill-timed
|
||||||
|
port-scan being able to cause a denial of service by taking down
|
||||||
|
qemu-nbd before a real client has a chance to connect.
|
||||||
|
|
||||||
|
Since negotiation is now handled asynchronously via coroutines,
|
||||||
|
we no longer have a synchronous point of return by re-adding a
|
||||||
|
return value to nbd_client_new(). So this patch instead wires
|
||||||
|
things up to pass the negotiation status through the close_fn
|
||||||
|
callback function.
|
||||||
|
|
||||||
|
Simple test across two terminals:
|
||||||
|
$ qemu-nbd -f raw -p 30001 file
|
||||||
|
$ nmap 127.0.0.1 -p 30001 && \
|
||||||
|
qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
|
||||||
|
|
||||||
|
Note that this patch does not change what constitutes successful
|
||||||
|
negotiation (thus, a client must enter transmission phase before
|
||||||
|
that client can be considered as a reason to terminate the server
|
||||||
|
when the connection ends). Perhaps we may want to tweak things
|
||||||
|
in a later patch to also treat a client that uses NBD_OPT_ABORT
|
||||||
|
as being a 'successful' negotiation (the client correctly talked
|
||||||
|
the NBD protocol, and informed us it was not going to use our
|
||||||
|
export after all), but that's a discussion for another day.
|
||||||
|
|
||||||
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
|
||||||
|
|
||||||
|
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||||
|
Message-Id: <20170608222617.20376-1-eblake@redhat.com>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
---
|
||||||
|
blockdev-nbd.c | 6 +++++-
|
||||||
|
include/block/nbd.h | 2 +-
|
||||||
|
nbd/server.c | 24 +++++++++++++++---------
|
||||||
|
qemu-nbd.c | 4 ++--
|
||||||
|
4 files changed, 23 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/blockdev-nbd.c b/blockdev-nbd.c
|
||||||
|
index dd0860f4a6..28f551a7b0 100644
|
||||||
|
--- a/blockdev-nbd.c
|
||||||
|
+++ b/blockdev-nbd.c
|
||||||
|
@@ -27,6 +27,10 @@ typedef struct NBDServerData {
|
||||||
|
|
||||||
|
static NBDServerData *nbd_server;
|
||||||
|
|
||||||
|
+static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
|
||||||
|
+{
|
||||||
|
+ nbd_client_put(client);
|
||||||
|
+}
|
||||||
|
|
||||||
|
static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
|
||||||
|
gpointer opaque)
|
||||||
|
@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
|
||||||
|
qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
|
||||||
|
nbd_client_new(NULL, cioc,
|
||||||
|
nbd_server->tlscreds, NULL,
|
||||||
|
- nbd_client_put);
|
||||||
|
+ nbd_blockdev_client_closed);
|
||||||
|
object_unref(OBJECT(cioc));
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
diff --git a/include/block/nbd.h b/include/block/nbd.h
|
||||||
|
index 416257abca..8fa5ce51f3 100644
|
||||||
|
--- a/include/block/nbd.h
|
||||||
|
+++ b/include/block/nbd.h
|
||||||
|
@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
|
||||||
|
QIOChannelSocket *sioc,
|
||||||
|
QCryptoTLSCreds *tlscreds,
|
||||||
|
const char *tlsaclname,
|
||||||
|
- void (*close)(NBDClient *));
|
||||||
|
+ void (*close_fn)(NBDClient *, bool));
|
||||||
|
void nbd_client_get(NBDClient *client);
|
||||||
|
void nbd_client_put(NBDClient *client);
|
||||||
|
|
||||||
|
diff --git a/nbd/server.c b/nbd/server.c
|
||||||
|
index 49b55f6ede..f2b1aa47ce 100644
|
||||||
|
--- a/nbd/server.c
|
||||||
|
+++ b/nbd/server.c
|
||||||
|
@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
|
||||||
|
|
||||||
|
struct NBDClient {
|
||||||
|
int refcount;
|
||||||
|
- void (*close)(NBDClient *client);
|
||||||
|
+ void (*close_fn)(NBDClient *client, bool negotiated);
|
||||||
|
|
||||||
|
bool no_zeroes;
|
||||||
|
NBDExport *exp;
|
||||||
|
@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-static void client_close(NBDClient *client)
|
||||||
|
+static void client_close(NBDClient *client, bool negotiated)
|
||||||
|
{
|
||||||
|
if (client->closing) {
|
||||||
|
return;
|
||||||
|
@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
|
||||||
|
NULL);
|
||||||
|
|
||||||
|
/* Also tell the client, so that they release their reference. */
|
||||||
|
- if (client->close) {
|
||||||
|
- client->close(client);
|
||||||
|
+ if (client->close_fn) {
|
||||||
|
+ client->close_fn(client, negotiated);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
|
||||||
|
|
||||||
|
nbd_export_get(exp);
|
||||||
|
QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
|
||||||
|
- client_close(client);
|
||||||
|
+ client_close(client, true);
|
||||||
|
}
|
||||||
|
nbd_export_set_name(exp, NULL);
|
||||||
|
nbd_export_set_description(exp, NULL);
|
||||||
|
@@ -1337,7 +1337,7 @@ done:
|
||||||
|
|
||||||
|
out:
|
||||||
|
nbd_request_put(req);
|
||||||
|
- client_close(client);
|
||||||
|
+ client_close(client, true);
|
||||||
|
nbd_client_put(client);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
|
||||||
|
qemu_co_mutex_init(&client->send_lock);
|
||||||
|
|
||||||
|
if (nbd_negotiate(data)) {
|
||||||
|
- client_close(client);
|
||||||
|
+ client_close(client, false);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1373,11 +1373,17 @@ out:
|
||||||
|
g_free(data);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Create a new client listener on the given export @exp, using the
|
||||||
|
+ * given channel @sioc. Begin servicing it in a coroutine. When the
|
||||||
|
+ * connection closes, call @close_fn with an indication of whether the
|
||||||
|
+ * client completed negotiation.
|
||||||
|
+ */
|
||||||
|
void nbd_client_new(NBDExport *exp,
|
||||||
|
QIOChannelSocket *sioc,
|
||||||
|
QCryptoTLSCreds *tlscreds,
|
||||||
|
const char *tlsaclname,
|
||||||
|
- void (*close_fn)(NBDClient *))
|
||||||
|
+ void (*close_fn)(NBDClient *, bool))
|
||||||
|
{
|
||||||
|
NBDClient *client;
|
||||||
|
NBDClientNewData *data = g_new(NBDClientNewData, 1);
|
||||||
|
@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
|
||||||
|
object_ref(OBJECT(client->sioc));
|
||||||
|
client->ioc = QIO_CHANNEL(sioc);
|
||||||
|
object_ref(OBJECT(client->ioc));
|
||||||
|
- client->close = close_fn;
|
||||||
|
+ client->close_fn = close_fn;
|
||||||
|
|
||||||
|
data->client = client;
|
||||||
|
data->co = qemu_coroutine_create(nbd_co_client_start, data);
|
||||||
|
diff --git a/qemu-nbd.c b/qemu-nbd.c
|
||||||
|
index 651f85ecc1..9464a0461c 100644
|
||||||
|
--- a/qemu-nbd.c
|
||||||
|
+++ b/qemu-nbd.c
|
||||||
|
@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
|
||||||
|
|
||||||
|
static void nbd_update_server_watch(void);
|
||||||
|
|
||||||
|
-static void nbd_client_closed(NBDClient *client)
|
||||||
|
+static void nbd_client_closed(NBDClient *client, bool negotiated)
|
||||||
|
{
|
||||||
|
nb_fds--;
|
||||||
|
- if (nb_fds == 0 && !persistent && state == RUNNING) {
|
||||||
|
+ if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
|
||||||
|
state = TERMINATE;
|
||||||
|
}
|
||||||
|
nbd_update_server_watch();
|
||||||
|
--
|
||||||
|
2.13.0
|
||||||
|
|
138
app-emulation/qemu/files/qemu-binfmt.initd-r1
Normal file
138
app-emulation/qemu/files/qemu-binfmt.initd-r1
Normal file
@ -0,0 +1,138 @@
|
|||||||
|
#!/sbin/openrc-run
|
||||||
|
# Copyright 1999-2016 Gentoo Foundation
|
||||||
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
|
|
||||||
|
# enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the kernel
|
||||||
|
|
||||||
|
# Defaulting to OC should be safe because it comes down to:
|
||||||
|
# - do we trust the interp itself to not be malicious? yes; we built it.
|
||||||
|
# - do we trust the programs we're running? ish; same permission as native
|
||||||
|
# binaries apply. so if user can do bad stuff natively, cross isn't worse.
|
||||||
|
: ${QEMU_BINFMT_FLAGS:=OC}
|
||||||
|
|
||||||
|
depend() {
|
||||||
|
after procfs
|
||||||
|
}
|
||||||
|
|
||||||
|
start() {
|
||||||
|
ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
|
||||||
|
|
||||||
|
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
|
||||||
|
modprobe -q binfmt_misc
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
|
||||||
|
eend $? "You need support for 'misc binaries' in your kernel!" || return
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then
|
||||||
|
mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1
|
||||||
|
eend $? || return
|
||||||
|
fi
|
||||||
|
|
||||||
|
# probe cpu type
|
||||||
|
cpu=`uname -m`
|
||||||
|
case "$cpu" in
|
||||||
|
i386|i486|i586|i686|i86pc|BePC|x86_64)
|
||||||
|
cpu="i386"
|
||||||
|
;;
|
||||||
|
m68k)
|
||||||
|
cpu="m68k"
|
||||||
|
;;
|
||||||
|
mips*)
|
||||||
|
cpu="mips"
|
||||||
|
;;
|
||||||
|
"Power Macintosh"|ppc|ppc64)
|
||||||
|
cpu="ppc"
|
||||||
|
;;
|
||||||
|
armv[4-9]*)
|
||||||
|
cpu="arm"
|
||||||
|
;;
|
||||||
|
sparc*)
|
||||||
|
cpu="sparc"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# register the interpreter for each cpu except for the native one
|
||||||
|
if [ $cpu != "i386" -a -x "/usr/bin/qemu-i386" ] ; then
|
||||||
|
echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "alpha" -a -x "/usr/bin/qemu-alpha" ] ; then
|
||||||
|
echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "arm" -a -x "/usr/bin/qemu-arm" ] ; then
|
||||||
|
echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "arm" -a -x "/usr/bin/qemu-armeb" ] ; then
|
||||||
|
echo ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "aarch64" -a -x "/usr/bin/qemu-aarch64" ] ; then
|
||||||
|
echo ':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "sparc" -a -x "/usr/bin/qemu-sparc" ] ; then
|
||||||
|
echo ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "ppc" -a -x "/usr/bin/qemu-ppc" ] ; then
|
||||||
|
echo ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "m68k" -a -x "/usr/bin/qemu-m68k" ] ; then
|
||||||
|
#echo 'Please check cpu value and header information for m68k!'
|
||||||
|
echo ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips" ] ; then
|
||||||
|
# FIXME: We could use the other endianness on a MIPS host.
|
||||||
|
echo ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsel" ] ; then
|
||||||
|
echo ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32" ] ; then
|
||||||
|
echo ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mipsn32el" ] ; then
|
||||||
|
echo ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64" ] ; then
|
||||||
|
echo ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "mips" -a -x "/usr/bin/qemu-mips64el" ] ; then
|
||||||
|
echo ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4" ] ; then
|
||||||
|
echo ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "sh" -a -x "/usr/bin/qemu-sh4eb" ] ; then
|
||||||
|
echo ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
if [ $cpu != "s390x" -a -x "/usr/bin/qemu-s390x" ] ; then
|
||||||
|
echo ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x:'"${QEMU_BINFMT_FLAGS}" > /proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
eend $?
|
||||||
|
}
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
ebegin "Unregistering qemu-user binaries"
|
||||||
|
local arches
|
||||||
|
|
||||||
|
arches="${arches} i386 i486"
|
||||||
|
arches="${arches} alpha"
|
||||||
|
arches="${arches} arm armeb"
|
||||||
|
arches="${arches} aarch64"
|
||||||
|
arches="${arches} sparc"
|
||||||
|
arches="${arches} ppc"
|
||||||
|
arches="${arches} m68k"
|
||||||
|
arches="${arches} mips mipsel mipsn32 mipsn32el mips64 mips64el"
|
||||||
|
arches="${arches} sh4 sh4eb"
|
||||||
|
arches="${arches} s390x"
|
||||||
|
|
||||||
|
for a in ${arches}; do
|
||||||
|
if [ -f /proc/sys/fs/binfmt_misc/$a ] ; then
|
||||||
|
echo '-1' > /proc/sys/fs/binfmt_misc/$a
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
eend $?
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim: ts=4 :
|
64
app-emulation/qemu/files/qemu-binfmt.initd.head
Normal file
64
app-emulation/qemu/files/qemu-binfmt.initd.head
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
#!/sbin/openrc-run
|
||||||
|
# Copyright 1999-2017 Gentoo Foundation
|
||||||
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
|
|
||||||
|
# Enable automatic non-native program execution by the kernel.
|
||||||
|
|
||||||
|
# Defaulting to OC should be safe because it comes down to:
|
||||||
|
# - do we trust the interp itself to not be malicious? yes; we built it.
|
||||||
|
# - do we trust the programs we're running? ish; same permission as native
|
||||||
|
# binaries apply. so if user can do bad stuff natively, cross isn't worse.
|
||||||
|
: ${QEMU_BINFMT_FLAGS:=OC}
|
||||||
|
|
||||||
|
depend() {
|
||||||
|
after procfs
|
||||||
|
}
|
||||||
|
|
||||||
|
start() {
|
||||||
|
ebegin "Registering qemu-user binaries (flags: ${QEMU_BINFMT_FLAGS})"
|
||||||
|
|
||||||
|
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
|
||||||
|
modprobe -q binfmt_misc
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -d /proc/sys/fs/binfmt_misc ] ; then
|
||||||
|
eend 1 "You need support for 'misc binaries' in your kernel!"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f /proc/sys/fs/binfmt_misc/register ] ; then
|
||||||
|
mount -t binfmt_misc -o nodev,noexec,nosuid \
|
||||||
|
binfmt_misc /proc/sys/fs/binfmt_misc >/dev/null 2>&1
|
||||||
|
eend $? || return
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Probe the native cpu type so we don't try registering them.
|
||||||
|
local cpu="$(uname -m)"
|
||||||
|
case "${cpu}" in
|
||||||
|
armv[4-9]*)
|
||||||
|
cpu="arm"
|
||||||
|
;;
|
||||||
|
i386|i486|i586|i686|i86pc|BePC|x86_64)
|
||||||
|
cpu="i386"
|
||||||
|
;;
|
||||||
|
m68k)
|
||||||
|
cpu="m68k"
|
||||||
|
;;
|
||||||
|
mips*)
|
||||||
|
cpu="mips"
|
||||||
|
;;
|
||||||
|
"Power Macintosh"|ppc|ppc64)
|
||||||
|
cpu="ppc"
|
||||||
|
;;
|
||||||
|
s390*)
|
||||||
|
cpu="s390"
|
||||||
|
;;
|
||||||
|
sh*)
|
||||||
|
cpu="sh"
|
||||||
|
;;
|
||||||
|
sparc*)
|
||||||
|
cpu="sparc"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Register the interpreter for each cpu except for the native one.
|
14
app-emulation/qemu/files/qemu-binfmt.initd.tail
Normal file
14
app-emulation/qemu/files/qemu-binfmt.initd.tail
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
eend 0
|
||||||
|
}
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
# We unregister everything in the "qemu-xxx" namespace.
|
||||||
|
ebegin "Unregistering qemu-user binaries"
|
||||||
|
local f
|
||||||
|
for f in /proc/sys/fs/binfmt_misc/qemu-* ; do
|
||||||
|
if [ -f "${f}" ] ; then
|
||||||
|
echo '-1' > "${f}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
eend 0
|
||||||
|
}
|
56
app-emulation/qemu/metadata.xml
Normal file
56
app-emulation/qemu/metadata.xml
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
|
||||||
|
<pkgmetadata>
|
||||||
|
<maintainer type="project">
|
||||||
|
<email>qemu@gentoo.org</email>
|
||||||
|
<name>Gentoo QEMU Project</name>
|
||||||
|
</maintainer>
|
||||||
|
<use>
|
||||||
|
<flag name="accessibility">Adds support for braille displays using brltty</flag>
|
||||||
|
<flag name="aio">Enables support for Linux's Async IO</flag>
|
||||||
|
<flag name="alsa">Enable alsa output for sound emulation</flag>
|
||||||
|
<flag name="curl">Support ISOs / -cdrom directives vis HTTP or HTTPS.</flag>
|
||||||
|
<flag name="fdt">Enables firmware device tree support</flag>
|
||||||
|
<flag name="glusterfs">Enables GlusterFS cluster fileystem via
|
||||||
|
<pkg>sys-cluster/glusterfs</pkg></flag>
|
||||||
|
<flag name="gnutls">Enable TLS support for the VNC console server.
|
||||||
|
For 1.4 and newer this also enables WebSocket support.
|
||||||
|
For 2.0 through 2.3 also enables disk quorum support.</flag>
|
||||||
|
<flag name="gtk2">Use gtk-2 instead of gtk-3</flag>
|
||||||
|
<flag name="iscsi">Enable direct iSCSI support via
|
||||||
|
<pkg>net-libs/libiscsi</pkg> instead of indirectly via the Linux
|
||||||
|
block layer that <pkg>sys-block/open-iscsi</pkg> does.</flag>
|
||||||
|
<flag name="ncurses">Enable the ncurses-based console</flag>
|
||||||
|
<flag name="nfs">Enable NFS support</flag>
|
||||||
|
<flag name="numa">Enable NUMA support</flag>
|
||||||
|
<flag name="pin-upstream-blobs">Pin the versions of BIOS firmware to the version included in the upstream release.
|
||||||
|
This is needed to sanely support migration/suspend/resume/snapshotting/etc... of instances.
|
||||||
|
When the blobs are different, random corruption/bugs/crashes/etc... may be observed.</flag>
|
||||||
|
<flag name="pulseaudio">Enable pulseaudio output for sound emulation</flag>
|
||||||
|
<flag name="rbd">Enable rados block device backend support, see http://ceph.newdream.net/wiki/QEMU-RBD</flag>
|
||||||
|
<flag name="sdl">Enable the SDL-based console</flag>
|
||||||
|
<flag name="sdl2">Use libsdl2 instead of libsdl</flag>
|
||||||
|
<flag name="spice">Enable Spice protocol support via <pkg>app-emulation/spice</pkg></flag>
|
||||||
|
<flag name="ssh">Enable SSH based block device support via <pkg>net-libs/libssh2</pkg></flag>
|
||||||
|
<flag name="static-user">Build the User targets as static binaries</flag>
|
||||||
|
<flag name="static">Build the User and Software MMU (system) targets as well as tools as static binaries</flag>
|
||||||
|
<flag name="snappy">Enable support for snappy compression</flag>
|
||||||
|
<flag name="systemtap">Enable SystemTAP/DTrace tracing</flag>
|
||||||
|
<flag name="tci">Enable the TCG Interpreter which can speed up or slowdown workloads depending on the host and guest CPUs being emulated. In the future it will be a runtime option but for now its compile time.</flag>
|
||||||
|
<flag name="jpeg">Enable jpeg image support for the VNC console server</flag>
|
||||||
|
<flag name="png">Enable png image support for the VNC console server</flag>
|
||||||
|
<flag name="usb">Enable USB passthrough via <pkg>dev-libs/libusb</pkg></flag>
|
||||||
|
<flag name="usbredir">Use <pkg>sys-apps/usbredir</pkg> to redirect USB devices to another machine over TCP</flag>
|
||||||
|
<flag name="vde">Enable VDE-based networking</flag>
|
||||||
|
<flag name="vhost-net">Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet</flag>
|
||||||
|
<flag name="virgl">Enable experimental Virgil 3d (virtual software GPU)</flag>
|
||||||
|
<flag name="virtfs">Enable VirtFS via virtio-9p-pci / fsdev. See http://wiki.qemu.org/Documentation/9psetup</flag>
|
||||||
|
<flag name="vte">Enable terminal support (<pkg>x11-libs/vte</pkg>) in the GTK+ interface</flag>
|
||||||
|
<flag name="xattr">Add support for getting and setting POSIX extended attributes, through
|
||||||
|
<pkg>sys-apps/attr</pkg>. Requisite for the virtfs backend.
|
||||||
|
</flag>
|
||||||
|
<flag name="xen">Enables support for Xen backends</flag>
|
||||||
|
<flag name="xfs">Support xfsctl() notification and syncing for XFS backed
|
||||||
|
virtual disks.</flag>
|
||||||
|
</use>
|
||||||
|
</pkgmetadata>
|
793
app-emulation/qemu/qemu-2.9.0-r56.ebuild
Normal file
793
app-emulation/qemu/qemu-2.9.0-r56.ebuild
Normal file
@ -0,0 +1,793 @@
|
|||||||
|
# Copyright 1999-2017 Gentoo Foundation
|
||||||
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
|
|
||||||
|
EAPI="6"
|
||||||
|
|
||||||
|
PYTHON_COMPAT=( python2_7 )
|
||||||
|
PYTHON_REQ_USE="ncurses,readline"
|
||||||
|
|
||||||
|
PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
|
||||||
|
|
||||||
|
FIRMWARE_ABI_VERSION="2.9.0-r52"
|
||||||
|
|
||||||
|
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
|
||||||
|
user udev fcaps readme.gentoo-r1 pax-utils l10n
|
||||||
|
|
||||||
|
if [[ ${PV} = *9999* ]]; then
|
||||||
|
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
|
||||||
|
inherit git-r3
|
||||||
|
SRC_URI=""
|
||||||
|
else
|
||||||
|
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
|
||||||
|
KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86 ~x86-fbsd"
|
||||||
|
fi
|
||||||
|
|
||||||
|
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
|
||||||
|
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
|
||||||
|
|
||||||
|
LICENSE="GPL-2 LGPL-2 BSD-2"
|
||||||
|
SLOT="0"
|
||||||
|
IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
|
||||||
|
glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
|
||||||
|
kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
|
||||||
|
pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
|
||||||
|
spice ssh static static-user systemtap tci test usb usbredir vde
|
||||||
|
+vhost-net virgl virtfs +vnc vte xattr xen xfs"
|
||||||
|
|
||||||
|
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
|
||||||
|
mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
|
||||||
|
sparc64 x86_64"
|
||||||
|
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
|
||||||
|
lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
|
||||||
|
IUSE_USER_TARGETS="${COMMON_TARGETS}
|
||||||
|
armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
|
||||||
|
|
||||||
|
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
|
||||||
|
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
|
||||||
|
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
|
||||||
|
|
||||||
|
# Allow no targets to be built so that people can get a tools-only build.
|
||||||
|
# Block USE flag configurations known to not work.
|
||||||
|
REQUIRED_USE="${PYTHON_REQUIRED_USE}
|
||||||
|
gtk2? ( gtk )
|
||||||
|
qemu_softmmu_targets_arm? ( fdt )
|
||||||
|
qemu_softmmu_targets_microblaze? ( fdt )
|
||||||
|
qemu_softmmu_targets_mips64el? ( fdt )
|
||||||
|
qemu_softmmu_targets_ppc? ( fdt )
|
||||||
|
qemu_softmmu_targets_ppc64? ( fdt )
|
||||||
|
sdl2? ( sdl )
|
||||||
|
static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
|
||||||
|
virtfs? ( xattr )
|
||||||
|
vte? ( gtk )"
|
||||||
|
|
||||||
|
# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
|
||||||
|
# and user/softmmu targets (qemu-*, qemu-system-*).
|
||||||
|
#
|
||||||
|
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
|
||||||
|
#
|
||||||
|
# The attr lib isn't always linked in (although the USE flag is always
|
||||||
|
# respected). This is because qemu supports using the C library's API
|
||||||
|
# when available rather than always using the extranl library.
|
||||||
|
ALL_DEPEND="
|
||||||
|
>=dev-libs/glib-2.0[static-libs(+)]
|
||||||
|
sys-libs/zlib[static-libs(+)]
|
||||||
|
python? ( ${PYTHON_DEPS} )
|
||||||
|
systemtap? ( dev-util/systemtap )
|
||||||
|
xattr? ( sys-apps/attr[static-libs(+)] )"
|
||||||
|
|
||||||
|
# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
|
||||||
|
# softmmu targets (qemu-system-*).
|
||||||
|
SOFTMMU_TOOLS_DEPEND="
|
||||||
|
>=x11-libs/pixman-0.28.0[static-libs(+)]
|
||||||
|
accessibility? (
|
||||||
|
app-accessibility/brltty[api]
|
||||||
|
app-accessibility/brltty[static-libs(+)]
|
||||||
|
)
|
||||||
|
aio? ( dev-libs/libaio[static-libs(+)] )
|
||||||
|
alsa? ( >=media-libs/alsa-lib-1.0.13 )
|
||||||
|
bluetooth? ( net-wireless/bluez )
|
||||||
|
bzip2? ( app-arch/bzip2[static-libs(+)] )
|
||||||
|
caps? ( sys-libs/libcap-ng[static-libs(+)] )
|
||||||
|
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
|
||||||
|
fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] )
|
||||||
|
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
|
||||||
|
gnutls? (
|
||||||
|
dev-libs/nettle:=[static-libs(+)]
|
||||||
|
>=net-libs/gnutls-3.0:=[static-libs(+)]
|
||||||
|
)
|
||||||
|
gtk? (
|
||||||
|
gtk2? (
|
||||||
|
x11-libs/gtk+:2
|
||||||
|
vte? ( x11-libs/vte:0 )
|
||||||
|
)
|
||||||
|
!gtk2? (
|
||||||
|
x11-libs/gtk+:3
|
||||||
|
vte? ( x11-libs/vte:2.91 )
|
||||||
|
)
|
||||||
|
)
|
||||||
|
infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
|
||||||
|
iscsi? ( net-libs/libiscsi )
|
||||||
|
jpeg? ( virtual/jpeg:0=[static-libs(+)] )
|
||||||
|
lzo? ( dev-libs/lzo:2[static-libs(+)] )
|
||||||
|
ncurses? (
|
||||||
|
sys-libs/ncurses:0=[unicode]
|
||||||
|
sys-libs/ncurses:0=[static-libs(+)]
|
||||||
|
)
|
||||||
|
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
|
||||||
|
numa? ( sys-process/numactl[static-libs(+)] )
|
||||||
|
opengl? (
|
||||||
|
virtual/opengl
|
||||||
|
media-libs/libepoxy[static-libs(+)]
|
||||||
|
media-libs/mesa[static-libs(+)]
|
||||||
|
media-libs/mesa[egl,gbm]
|
||||||
|
)
|
||||||
|
png? ( media-libs/libpng:0=[static-libs(+)] )
|
||||||
|
pulseaudio? ( media-sound/pulseaudio )
|
||||||
|
rbd? ( sys-cluster/ceph[static-libs(+)] )
|
||||||
|
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
|
||||||
|
sdl? (
|
||||||
|
!sdl2? (
|
||||||
|
media-libs/libsdl[X]
|
||||||
|
>=media-libs/libsdl-1.2.11[static-libs(+)]
|
||||||
|
)
|
||||||
|
sdl2? (
|
||||||
|
media-libs/libsdl2[X]
|
||||||
|
media-libs/libsdl2[static-libs(+)]
|
||||||
|
)
|
||||||
|
)
|
||||||
|
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
|
||||||
|
smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
|
||||||
|
snappy? ( app-arch/snappy:=[static-libs(+)] )
|
||||||
|
spice? (
|
||||||
|
>=app-emulation/spice-protocol-0.12.3
|
||||||
|
>=app-emulation/spice-0.12.0[static-libs(+)]
|
||||||
|
)
|
||||||
|
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
|
||||||
|
usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
|
||||||
|
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
|
||||||
|
vde? ( net-misc/vde[static-libs(+)] )
|
||||||
|
virgl? ( media-libs/virglrenderer[static-libs(+)] )
|
||||||
|
virtfs? ( sys-libs/libcap )
|
||||||
|
xen? ( app-emulation/xen-tools:= )
|
||||||
|
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
|
||||||
|
|
||||||
|
X86_FIRMWARE_DEPEND="
|
||||||
|
pin-upstream-blobs? (
|
||||||
|
~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
|
||||||
|
~sys-firmware/ipxe-1.0.0_p20160620
|
||||||
|
~sys-firmware/seabios-1.10.2[binary,seavgabios]
|
||||||
|
~sys-firmware/sgabios-0.1_pre8
|
||||||
|
)
|
||||||
|
!pin-upstream-blobs? (
|
||||||
|
sys-firmware/edk2-ovmf
|
||||||
|
sys-firmware/ipxe
|
||||||
|
>=sys-firmware/seabios-1.10.2[seavgabios]
|
||||||
|
sys-firmware/sgabios
|
||||||
|
)"
|
||||||
|
|
||||||
|
CDEPEND="
|
||||||
|
!static? (
|
||||||
|
${ALL_DEPEND//\[static-libs(+)]}
|
||||||
|
${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
|
||||||
|
)
|
||||||
|
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
|
||||||
|
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
|
||||||
|
DEPEND="${CDEPEND}
|
||||||
|
dev-lang/perl
|
||||||
|
=dev-lang/python-2*
|
||||||
|
sys-apps/texinfo
|
||||||
|
virtual/pkgconfig
|
||||||
|
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
|
||||||
|
gtk? ( nls? ( sys-devel/gettext ) )
|
||||||
|
static? (
|
||||||
|
${ALL_DEPEND}
|
||||||
|
${SOFTMMU_TOOLS_DEPEND}
|
||||||
|
)
|
||||||
|
static-user? ( ${ALL_DEPEND} )
|
||||||
|
test? (
|
||||||
|
dev-libs/glib[utils]
|
||||||
|
sys-devel/bc
|
||||||
|
)"
|
||||||
|
RDEPEND="${CDEPEND}
|
||||||
|
selinux? ( sec-policy/selinux-qemu )"
|
||||||
|
|
||||||
|
PATCHES=(
|
||||||
|
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
|
||||||
|
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088
|
||||||
|
)
|
||||||
|
|
||||||
|
STRIP_MASK="/usr/share/qemu/palcode-clipper"
|
||||||
|
|
||||||
|
QA_PREBUILT="
|
||||||
|
usr/share/qemu/openbios-ppc
|
||||||
|
usr/share/qemu/openbios-sparc64
|
||||||
|
usr/share/qemu/openbios-sparc32
|
||||||
|
usr/share/qemu/palcode-clipper
|
||||||
|
usr/share/qemu/s390-ccw.img
|
||||||
|
usr/share/qemu/u-boot.e500"
|
||||||
|
|
||||||
|
QA_WX_LOAD="usr/bin/qemu-i386
|
||||||
|
usr/bin/qemu-x86_64
|
||||||
|
usr/bin/qemu-alpha
|
||||||
|
usr/bin/qemu-arm
|
||||||
|
usr/bin/qemu-cris
|
||||||
|
usr/bin/qemu-m68k
|
||||||
|
usr/bin/qemu-microblaze
|
||||||
|
usr/bin/qemu-microblazeel
|
||||||
|
usr/bin/qemu-mips
|
||||||
|
usr/bin/qemu-mipsel
|
||||||
|
usr/bin/qemu-or1k
|
||||||
|
usr/bin/qemu-ppc
|
||||||
|
usr/bin/qemu-ppc64
|
||||||
|
usr/bin/qemu-ppc64abi32
|
||||||
|
usr/bin/qemu-sh4
|
||||||
|
usr/bin/qemu-sh4eb
|
||||||
|
usr/bin/qemu-sparc
|
||||||
|
usr/bin/qemu-sparc64
|
||||||
|
usr/bin/qemu-armeb
|
||||||
|
usr/bin/qemu-sparc32plus
|
||||||
|
usr/bin/qemu-s390x
|
||||||
|
usr/bin/qemu-unicore32"
|
||||||
|
|
||||||
|
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
|
||||||
|
kernel module loaded before running kvm. The easiest way to ensure that the
|
||||||
|
kernel module is loaded is to load it on boot.
|
||||||
|
For AMD CPUs the module is called 'kvm-amd'.
|
||||||
|
For Intel CPUs the module is called 'kvm-intel'.
|
||||||
|
Please review /etc/conf.d/modules for how to load these.
|
||||||
|
|
||||||
|
Make sure your user is in the 'kvm' group. Just run
|
||||||
|
$ gpasswd -a <USER> kvm
|
||||||
|
then have <USER> re-login.
|
||||||
|
|
||||||
|
For brand new installs, the default permissions on /dev/kvm might not let
|
||||||
|
you access it. You can tell udev to reset ownership/perms:
|
||||||
|
$ udevadm trigger -c add /dev/kvm
|
||||||
|
|
||||||
|
If you want to register binfmt handlers for qemu user targets:
|
||||||
|
For openrc:
|
||||||
|
# rc-update add qemu-binfmt
|
||||||
|
For systemd:
|
||||||
|
# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
|
||||||
|
|
||||||
|
pkg_pretend() {
|
||||||
|
if use kernel_linux && kernel_is lt 2 6 25; then
|
||||||
|
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
|
||||||
|
elif use kernel_linux; then
|
||||||
|
if ! linux_config_exists; then
|
||||||
|
eerror "Unable to check your kernel for KVM support"
|
||||||
|
else
|
||||||
|
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
|
||||||
|
ERROR_KVM="You must enable KVM in your kernel to continue"
|
||||||
|
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
|
||||||
|
ERROR_KVM_AMD+=" your kernel configuration."
|
||||||
|
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
|
||||||
|
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
|
||||||
|
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
|
||||||
|
ERROR_TUN+=" into your kernel or loaded as a module to use the"
|
||||||
|
ERROR_TUN+=" virtual network device if using -net tap."
|
||||||
|
ERROR_BRIDGE="You will also need support for 802.1d"
|
||||||
|
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
|
||||||
|
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
|
||||||
|
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
|
||||||
|
ERROR_VHOST_NET+=" support"
|
||||||
|
|
||||||
|
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
|
||||||
|
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
|
||||||
|
fi
|
||||||
|
|
||||||
|
use python && CONFIG_CHECK+=" ~DEBUG_FS"
|
||||||
|
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
|
||||||
|
|
||||||
|
# Now do the actual checks setup above
|
||||||
|
check_extra_config
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
|
||||||
|
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
|
||||||
|
eerror "instances are still pointing to it. Please update your"
|
||||||
|
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
|
||||||
|
eerror "and the right system binary (e.g. qemu-system-x86_64)."
|
||||||
|
die "update your virt configs to not use qemu-kvm"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
pkg_setup() {
|
||||||
|
enewgroup kvm 78
|
||||||
|
}
|
||||||
|
|
||||||
|
# Sanity check to make sure target lists are kept up-to-date.
|
||||||
|
check_targets() {
|
||||||
|
local var=$1 mak=$2
|
||||||
|
local detected sorted
|
||||||
|
|
||||||
|
pushd "${S}"/default-configs >/dev/null || die
|
||||||
|
|
||||||
|
# Force C locale until glibc is updated. #564936
|
||||||
|
detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
|
||||||
|
sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
|
||||||
|
if [[ ${sorted} != "${detected}" ]] ; then
|
||||||
|
eerror "The ebuild needs to be kept in sync."
|
||||||
|
eerror "${var}: ${sorted}"
|
||||||
|
eerror "$(printf '%-*s' ${#var} configure): ${detected}"
|
||||||
|
die "sync ${var} to the list of targets"
|
||||||
|
fi
|
||||||
|
|
||||||
|
popd >/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
|
handle_locales() {
|
||||||
|
# Make sure locale list is kept up-to-date.
|
||||||
|
local detected sorted
|
||||||
|
detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
|
||||||
|
sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
|
||||||
|
if [[ ${sorted} != "${detected}" ]] ; then
|
||||||
|
eerror "The ebuild needs to be kept in sync."
|
||||||
|
eerror "PLOCALES: ${sorted}"
|
||||||
|
eerror " po/*.po: ${detected}"
|
||||||
|
die "sync PLOCALES"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Deal with selective install of locales.
|
||||||
|
if use nls ; then
|
||||||
|
# Delete locales the user does not want. #577814
|
||||||
|
rm_loc() { rm po/$1.po || die; }
|
||||||
|
l10n_for_each_disabled_locale_do rm_loc
|
||||||
|
else
|
||||||
|
# Cheap hack to disable gettext .mo generation.
|
||||||
|
rm -f po/*.po
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
src_prepare() {
|
||||||
|
check_targets IUSE_SOFTMMU_TARGETS softmmu
|
||||||
|
check_targets IUSE_USER_TARGETS linux-user
|
||||||
|
|
||||||
|
# Alter target makefiles to accept CFLAGS set via flag-o
|
||||||
|
sed -i -r \
|
||||||
|
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
|
||||||
|
Makefile Makefile.target || die
|
||||||
|
|
||||||
|
default
|
||||||
|
|
||||||
|
# Fix ld and objcopy being called directly
|
||||||
|
tc-export AR LD OBJCOPY
|
||||||
|
|
||||||
|
# Verbose builds
|
||||||
|
MAKEOPTS+=" V=1"
|
||||||
|
|
||||||
|
# Run after we've applied all patches.
|
||||||
|
handle_locales
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
# configures qemu based on the build directory and the build type
|
||||||
|
# we are using.
|
||||||
|
#
|
||||||
|
qemu_src_configure() {
|
||||||
|
debug-print-function ${FUNCNAME} "$@"
|
||||||
|
|
||||||
|
local buildtype=$1
|
||||||
|
local builddir="${S}/${buildtype}-build"
|
||||||
|
|
||||||
|
mkdir "${builddir}"
|
||||||
|
|
||||||
|
local conf_opts=(
|
||||||
|
--prefix=/usr
|
||||||
|
--sysconfdir=/etc
|
||||||
|
--libdir=/usr/$(get_libdir)
|
||||||
|
--docdir=/usr/share/doc/${PF}/html
|
||||||
|
--disable-bsd-user
|
||||||
|
--disable-guest-agent
|
||||||
|
--disable-strip
|
||||||
|
--disable-werror
|
||||||
|
# We support gnutls/nettle for crypto operations. It is possible
|
||||||
|
# to use gcrypt when gnutls/nettle are disabled (but not when they
|
||||||
|
# are enabled), but it's not really worth the hassle. Disable it
|
||||||
|
# all the time to avoid automatically detecting it. #568856
|
||||||
|
--disable-gcrypt
|
||||||
|
--python="${PYTHON}"
|
||||||
|
--cc="$(tc-getCC)"
|
||||||
|
--cxx="$(tc-getCXX)"
|
||||||
|
--host-cc="$(tc-getBUILD_CC)"
|
||||||
|
$(use_enable debug debug-info)
|
||||||
|
$(use_enable debug debug-tcg)
|
||||||
|
--enable-docs
|
||||||
|
$(use_enable tci tcg-interpreter)
|
||||||
|
$(use_enable xattr attr)
|
||||||
|
)
|
||||||
|
|
||||||
|
# Disable options not used by user targets. This simplifies building
|
||||||
|
# static user targets (USE=static-user) considerably.
|
||||||
|
conf_notuser() {
|
||||||
|
if [[ ${buildtype} == "user" ]] ; then
|
||||||
|
echo "--disable-${2:-$1}"
|
||||||
|
else
|
||||||
|
use_enable "$@"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
conf_opts+=(
|
||||||
|
$(conf_notuser accessibility brlapi)
|
||||||
|
$(conf_notuser aio linux-aio)
|
||||||
|
$(conf_notuser bzip2)
|
||||||
|
$(conf_notuser bluetooth bluez)
|
||||||
|
$(conf_notuser caps cap-ng)
|
||||||
|
$(conf_notuser curl)
|
||||||
|
$(conf_notuser fdt)
|
||||||
|
$(conf_notuser glusterfs)
|
||||||
|
$(conf_notuser gnutls)
|
||||||
|
$(conf_notuser gnutls nettle)
|
||||||
|
$(conf_notuser gtk)
|
||||||
|
$(conf_notuser infiniband rdma)
|
||||||
|
$(conf_notuser iscsi libiscsi)
|
||||||
|
$(conf_notuser jpeg vnc-jpeg)
|
||||||
|
$(conf_notuser kernel_linux kvm)
|
||||||
|
$(conf_notuser lzo)
|
||||||
|
$(conf_notuser ncurses curses)
|
||||||
|
$(conf_notuser nfs libnfs)
|
||||||
|
$(conf_notuser numa)
|
||||||
|
$(conf_notuser opengl)
|
||||||
|
$(conf_notuser png vnc-png)
|
||||||
|
$(conf_notuser rbd)
|
||||||
|
$(conf_notuser sasl vnc-sasl)
|
||||||
|
$(conf_notuser sdl)
|
||||||
|
$(conf_notuser seccomp)
|
||||||
|
$(conf_notuser smartcard)
|
||||||
|
$(conf_notuser snappy)
|
||||||
|
$(conf_notuser spice)
|
||||||
|
$(conf_notuser ssh libssh2)
|
||||||
|
$(conf_notuser usb libusb)
|
||||||
|
$(conf_notuser usbredir usb-redir)
|
||||||
|
$(conf_notuser vde)
|
||||||
|
$(conf_notuser vhost-net)
|
||||||
|
$(conf_notuser virgl virglrenderer)
|
||||||
|
$(conf_notuser virtfs)
|
||||||
|
$(conf_notuser vnc)
|
||||||
|
$(conf_notuser vte)
|
||||||
|
$(conf_notuser xen)
|
||||||
|
$(conf_notuser xen xen-pci-passthrough)
|
||||||
|
$(conf_notuser xfs xfsctl)
|
||||||
|
)
|
||||||
|
|
||||||
|
if [[ ! ${buildtype} == "user" ]] ; then
|
||||||
|
# audio options
|
||||||
|
local audio_opts="oss"
|
||||||
|
use alsa && audio_opts="alsa,${audio_opts}"
|
||||||
|
use sdl && audio_opts="sdl,${audio_opts}"
|
||||||
|
use pulseaudio && audio_opts="pa,${audio_opts}"
|
||||||
|
conf_opts+=(
|
||||||
|
--audio-drv-list="${audio_opts}"
|
||||||
|
)
|
||||||
|
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
|
||||||
|
use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
|
||||||
|
fi
|
||||||
|
|
||||||
|
case ${buildtype} in
|
||||||
|
user)
|
||||||
|
conf_opts+=(
|
||||||
|
--enable-linux-user
|
||||||
|
--disable-system
|
||||||
|
--disable-blobs
|
||||||
|
--disable-tools
|
||||||
|
)
|
||||||
|
local static_flag="static-user"
|
||||||
|
;;
|
||||||
|
softmmu)
|
||||||
|
conf_opts+=(
|
||||||
|
--disable-linux-user
|
||||||
|
--enable-system
|
||||||
|
--disable-tools
|
||||||
|
--with-system-pixman
|
||||||
|
)
|
||||||
|
local static_flag="static"
|
||||||
|
;;
|
||||||
|
tools)
|
||||||
|
conf_opts+=(
|
||||||
|
--disable-linux-user
|
||||||
|
--disable-system
|
||||||
|
--disable-blobs
|
||||||
|
--enable-tools
|
||||||
|
)
|
||||||
|
local static_flag="static"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
local targets="${buildtype}_targets"
|
||||||
|
[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
|
||||||
|
|
||||||
|
# Add support for SystemTAP
|
||||||
|
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
|
||||||
|
|
||||||
|
# We always want to attempt to build with PIE support as it results
|
||||||
|
# in a more secure binary. But it doesn't work with static or if
|
||||||
|
# the current GCC doesn't have PIE support.
|
||||||
|
if use ${static_flag}; then
|
||||||
|
conf_opts+=( --static --disable-pie )
|
||||||
|
else
|
||||||
|
tc-enables-pie && conf_opts+=( --enable-pie )
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "../configure ${conf_opts[*]}"
|
||||||
|
cd "${builddir}"
|
||||||
|
../configure "${conf_opts[@]}" || die "configure failed"
|
||||||
|
|
||||||
|
# FreeBSD's kernel does not support QEMU assigning/grabbing
|
||||||
|
# host USB devices yet
|
||||||
|
use kernel_FreeBSD && \
|
||||||
|
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
|
||||||
|
}
|
||||||
|
|
||||||
|
src_configure() {
|
||||||
|
local target
|
||||||
|
|
||||||
|
python_setup
|
||||||
|
|
||||||
|
softmmu_targets= softmmu_bins=()
|
||||||
|
user_targets= user_bins=()
|
||||||
|
|
||||||
|
for target in ${IUSE_SOFTMMU_TARGETS} ; do
|
||||||
|
if use "qemu_softmmu_targets_${target}"; then
|
||||||
|
softmmu_targets+=",${target}-softmmu"
|
||||||
|
softmmu_bins+=( "qemu-system-${target}" )
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
for target in ${IUSE_USER_TARGETS} ; do
|
||||||
|
if use "qemu_user_targets_${target}"; then
|
||||||
|
user_targets+=",${target}-linux-user"
|
||||||
|
user_bins+=( "qemu-${target}" )
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
softmmu_targets=${softmmu_targets#,}
|
||||||
|
user_targets=${user_targets#,}
|
||||||
|
|
||||||
|
[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
|
||||||
|
[[ -n ${user_targets} ]] && qemu_src_configure "user"
|
||||||
|
qemu_src_configure "tools"
|
||||||
|
}
|
||||||
|
|
||||||
|
src_compile() {
|
||||||
|
if [[ -n ${user_targets} ]]; then
|
||||||
|
cd "${S}/user-build"
|
||||||
|
default
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -n ${softmmu_targets} ]]; then
|
||||||
|
cd "${S}/softmmu-build"
|
||||||
|
default
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd "${S}/tools-build"
|
||||||
|
default
|
||||||
|
}
|
||||||
|
|
||||||
|
src_test() {
|
||||||
|
if [[ -n ${softmmu_targets} ]]; then
|
||||||
|
cd "${S}/softmmu-build"
|
||||||
|
pax-mark m */qemu-system-* #515550
|
||||||
|
emake -j1 check
|
||||||
|
emake -j1 check-report.html
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
qemu_python_install() {
|
||||||
|
python_domodule "${S}/scripts/qmp/qmp.py"
|
||||||
|
|
||||||
|
python_doscript "${S}/scripts/kvm/vmxcap"
|
||||||
|
python_doscript "${S}/scripts/qmp/qmp-shell"
|
||||||
|
python_doscript "${S}/scripts/qmp/qemu-ga-client"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Generate binfmt support files.
|
||||||
|
# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
|
||||||
|
# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
|
||||||
|
generate_initd() {
|
||||||
|
local out="${T}/qemu-binfmt"
|
||||||
|
local out_systemd="${T}/qemu.conf"
|
||||||
|
local d="${T}/binfmt.d"
|
||||||
|
|
||||||
|
einfo "Generating qemu binfmt scripts and configuration files"
|
||||||
|
|
||||||
|
# Generate the debian fragments first.
|
||||||
|
mkdir -p "${d}"
|
||||||
|
"${S}"/scripts/qemu-binfmt-conf.sh \
|
||||||
|
--debian \
|
||||||
|
--exportdir "${d}" \
|
||||||
|
--qemu-path "${EPREFIX}/usr/bin" \
|
||||||
|
|| die
|
||||||
|
# Then turn the fragments into a shell script we can source.
|
||||||
|
sed -E -i \
|
||||||
|
-e 's:^([^ ]+) (.*)$:\1="\2":' \
|
||||||
|
"${d}"/* || die
|
||||||
|
|
||||||
|
# Generate the init.d script by assembling the fragments from above.
|
||||||
|
local f qcpu package interpreter magic mask
|
||||||
|
cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
|
||||||
|
for f in "${d}"/qemu-* ; do
|
||||||
|
source "${f}"
|
||||||
|
|
||||||
|
# Normalize the cpu logic like we do in the init.d for the native cpu.
|
||||||
|
qcpu=${package#qemu-}
|
||||||
|
case ${qcpu} in
|
||||||
|
arm*) qcpu="arm";;
|
||||||
|
mips*) qcpu="mips";;
|
||||||
|
ppc*) qcpu="ppc";;
|
||||||
|
s390*) qcpu="s390";;
|
||||||
|
sh*) qcpu="sh";;
|
||||||
|
sparc*) qcpu="sparc";;
|
||||||
|
esac
|
||||||
|
|
||||||
|
cat <<EOF >>"${out}"
|
||||||
|
if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
|
||||||
|
echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
|
||||||
|
|
||||||
|
done
|
||||||
|
cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
|
||||||
|
}
|
||||||
|
|
||||||
|
src_install() {
|
||||||
|
if [[ -n ${user_targets} ]]; then
|
||||||
|
cd "${S}/user-build"
|
||||||
|
emake DESTDIR="${ED}" install
|
||||||
|
|
||||||
|
# Install binfmt handler init script for user targets.
|
||||||
|
generate_initd
|
||||||
|
doinitd "${T}/qemu-binfmt"
|
||||||
|
|
||||||
|
# Install binfmt/qemu.conf.
|
||||||
|
insinto "/usr/share/qemu/binfmt.d"
|
||||||
|
doins "${T}/qemu.conf"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -n ${softmmu_targets} ]]; then
|
||||||
|
cd "${S}/softmmu-build"
|
||||||
|
emake DESTDIR="${ED}" install
|
||||||
|
|
||||||
|
# This might not exist if the test failed. #512010
|
||||||
|
[[ -e check-report.html ]] && dohtml check-report.html
|
||||||
|
|
||||||
|
if use kernel_linux; then
|
||||||
|
udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
|
||||||
|
fi
|
||||||
|
|
||||||
|
if use python; then
|
||||||
|
python_foreach_impl qemu_python_install
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd "${S}/tools-build"
|
||||||
|
emake DESTDIR="${ED}" install
|
||||||
|
|
||||||
|
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
|
||||||
|
pushd "${ED}"/usr/bin >/dev/null
|
||||||
|
pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
|
||||||
|
popd >/dev/null
|
||||||
|
|
||||||
|
# Install config file example for qemu-bridge-helper
|
||||||
|
insinto "/etc/qemu"
|
||||||
|
doins "${FILESDIR}/bridge.conf"
|
||||||
|
|
||||||
|
cd "${S}"
|
||||||
|
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
|
||||||
|
newdoc pc-bios/README README.pc-bios
|
||||||
|
dodoc docs/qmp-*.txt
|
||||||
|
|
||||||
|
if [[ -n ${softmmu_targets} ]]; then
|
||||||
|
# Remove SeaBIOS since we're using the SeaBIOS packaged one
|
||||||
|
rm "${ED}/usr/share/qemu/bios.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/bios-256k.bin"
|
||||||
|
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||||
|
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
|
||||||
|
dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove vgabios since we're using the seavgabios packaged one
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
|
||||||
|
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||||
|
dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
|
||||||
|
dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
|
||||||
|
dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
|
||||||
|
dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
|
||||||
|
dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
|
||||||
|
dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove sgabios since we're using the sgabios packaged one
|
||||||
|
rm "${ED}/usr/share/qemu/sgabios.bin"
|
||||||
|
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||||
|
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove iPXE since we're using the iPXE packaged one
|
||||||
|
rm "${ED}"/usr/share/qemu/pxe-*.rom
|
||||||
|
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||||
|
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
|
||||||
|
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
|
||||||
|
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
|
||||||
|
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
|
||||||
|
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
|
||||||
|
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
DISABLE_AUTOFORMATTING=true
|
||||||
|
readme.gentoo_create_doc
|
||||||
|
}
|
||||||
|
|
||||||
|
firmware_abi_change() {
|
||||||
|
local pv
|
||||||
|
for pv in ${REPLACING_VERSIONS}; do
|
||||||
|
if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
pkg_postinst() {
|
||||||
|
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
|
||||||
|
udev_reload
|
||||||
|
fi
|
||||||
|
|
||||||
|
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
|
||||||
|
|
||||||
|
DISABLE_AUTOFORMATTING=true
|
||||||
|
readme.gentoo_print_elog
|
||||||
|
|
||||||
|
if use pin-upstream-blobs && firmware_abi_change; then
|
||||||
|
ewarn "This version of qemu pins new versions of firmware blobs:"
|
||||||
|
ewarn " $(best_version sys-firmware/edk2-ovmf)"
|
||||||
|
ewarn " $(best_version sys-firmware/ipxe)"
|
||||||
|
ewarn " $(best_version sys-firmware/seabios)"
|
||||||
|
ewarn " $(best_version sys-firmware/sgabios)"
|
||||||
|
ewarn "This might break resume of hibernated guests (started with a different"
|
||||||
|
ewarn "firmware version) and live migration to/from qemu versions with different"
|
||||||
|
ewarn "firmware. Please (cold) restart all running guests. For functional"
|
||||||
|
ewarn "guest migration ensure that all"
|
||||||
|
ewarn "hosts run at least"
|
||||||
|
ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
pkg_info() {
|
||||||
|
echo "Using:"
|
||||||
|
echo " $(best_version app-emulation/spice-protocol)"
|
||||||
|
echo " $(best_version sys-firmware/edk2-ovmf)"
|
||||||
|
if has_version 'sys-firmware/edk2-ovmf[binary]'; then
|
||||||
|
echo " USE=binary"
|
||||||
|
else
|
||||||
|
echo " USE=''"
|
||||||
|
fi
|
||||||
|
echo " $(best_version sys-firmware/ipxe)"
|
||||||
|
echo " $(best_version sys-firmware/seabios)"
|
||||||
|
if has_version 'sys-firmware/seabios[binary]'; then
|
||||||
|
echo " USE=binary"
|
||||||
|
else
|
||||||
|
echo " USE=''"
|
||||||
|
fi
|
||||||
|
echo " $(best_version sys-firmware/sgabios)"
|
||||||
|
}
|
796
app-emulation/qemu/qemu-2.9.0-r57.ebuild
Normal file
796
app-emulation/qemu/qemu-2.9.0-r57.ebuild
Normal file
@ -0,0 +1,796 @@
|
|||||||
|
# Copyright 1999-2017 Gentoo Foundation
|
||||||
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
|
|
||||||
|
EAPI="6"
|
||||||
|
|
||||||
|
PYTHON_COMPAT=( python2_7 )
|
||||||
|
PYTHON_REQ_USE="ncurses,readline"
|
||||||
|
|
||||||
|
PLOCALES="bg de_DE fr_FR hu it tr zh_CN"
|
||||||
|
|
||||||
|
FIRMWARE_ABI_VERSION="2.9.0-r52"
|
||||||
|
|
||||||
|
inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \
|
||||||
|
user udev fcaps readme.gentoo-r1 pax-utils l10n
|
||||||
|
|
||||||
|
if [[ ${PV} = *9999* ]]; then
|
||||||
|
EGIT_REPO_URI="git://git.qemu.org/qemu.git"
|
||||||
|
inherit git-r3
|
||||||
|
SRC_URI=""
|
||||||
|
else
|
||||||
|
SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2"
|
||||||
|
KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
|
||||||
|
fi
|
||||||
|
|
||||||
|
DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools"
|
||||||
|
HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org"
|
||||||
|
|
||||||
|
LICENSE="GPL-2 LGPL-2 BSD-2"
|
||||||
|
SLOT="0"
|
||||||
|
IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt
|
||||||
|
glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux
|
||||||
|
kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png
|
||||||
|
pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy
|
||||||
|
spice ssh static static-user systemtap tci test usb usbredir vde
|
||||||
|
+vhost-net virgl virtfs +vnc vte xattr xen xfs"
|
||||||
|
|
||||||
|
COMMON_TARGETS="aarch64 alpha arm cris i386 m68k microblaze microblazeel
|
||||||
|
mips mips64 mips64el mipsel nios2 or1k ppc ppc64 s390x sh4 sh4eb sparc
|
||||||
|
sparc64 x86_64"
|
||||||
|
IUSE_SOFTMMU_TARGETS="${COMMON_TARGETS}
|
||||||
|
lm32 moxie ppcemb tricore unicore32 xtensa xtensaeb"
|
||||||
|
IUSE_USER_TARGETS="${COMMON_TARGETS}
|
||||||
|
armeb hppa mipsn32 mipsn32el ppc64abi32 ppc64le sparc32plus tilegx"
|
||||||
|
|
||||||
|
use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS})
|
||||||
|
use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS})
|
||||||
|
IUSE+=" ${use_softmmu_targets} ${use_user_targets}"
|
||||||
|
|
||||||
|
# Allow no targets to be built so that people can get a tools-only build.
|
||||||
|
# Block USE flag configurations known to not work.
|
||||||
|
REQUIRED_USE="${PYTHON_REQUIRED_USE}
|
||||||
|
gtk2? ( gtk )
|
||||||
|
qemu_softmmu_targets_arm? ( fdt )
|
||||||
|
qemu_softmmu_targets_microblaze? ( fdt )
|
||||||
|
qemu_softmmu_targets_mips64el? ( fdt )
|
||||||
|
qemu_softmmu_targets_ppc? ( fdt )
|
||||||
|
qemu_softmmu_targets_ppc64? ( fdt )
|
||||||
|
sdl2? ( sdl )
|
||||||
|
static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio )
|
||||||
|
virtfs? ( xattr )
|
||||||
|
vte? ( gtk )"
|
||||||
|
|
||||||
|
# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
|
||||||
|
# and user/softmmu targets (qemu-*, qemu-system-*).
|
||||||
|
#
|
||||||
|
# Yep, you need both libcap and libcap-ng since virtfs only uses libcap.
|
||||||
|
#
|
||||||
|
# The attr lib isn't always linked in (although the USE flag is always
|
||||||
|
# respected). This is because qemu supports using the C library's API
|
||||||
|
# when available rather than always using the extranl library.
|
||||||
|
ALL_DEPEND="
|
||||||
|
>=dev-libs/glib-2.0[static-libs(+)]
|
||||||
|
sys-libs/zlib[static-libs(+)]
|
||||||
|
python? ( ${PYTHON_DEPS} )
|
||||||
|
systemtap? ( dev-util/systemtap )
|
||||||
|
xattr? ( sys-apps/attr[static-libs(+)] )"
|
||||||
|
|
||||||
|
# Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...)
|
||||||
|
# softmmu targets (qemu-system-*).
|
||||||
|
SOFTMMU_TOOLS_DEPEND="
|
||||||
|
>=x11-libs/pixman-0.28.0[static-libs(+)]
|
||||||
|
accessibility? (
|
||||||
|
app-accessibility/brltty[api]
|
||||||
|
app-accessibility/brltty[static-libs(+)]
|
||||||
|
)
|
||||||
|
aio? ( dev-libs/libaio[static-libs(+)] )
|
||||||
|
alsa? ( >=media-libs/alsa-lib-1.0.13 )
|
||||||
|
bluetooth? ( net-wireless/bluez )
|
||||||
|
bzip2? ( app-arch/bzip2[static-libs(+)] )
|
||||||
|
caps? ( sys-libs/libcap-ng[static-libs(+)] )
|
||||||
|
curl? ( >=net-misc/curl-7.15.4[static-libs(+)] )
|
||||||
|
fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] )
|
||||||
|
glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] )
|
||||||
|
gnutls? (
|
||||||
|
dev-libs/nettle:=[static-libs(+)]
|
||||||
|
>=net-libs/gnutls-3.0:=[static-libs(+)]
|
||||||
|
)
|
||||||
|
gtk? (
|
||||||
|
gtk2? (
|
||||||
|
x11-libs/gtk+:2
|
||||||
|
vte? ( x11-libs/vte:0 )
|
||||||
|
)
|
||||||
|
!gtk2? (
|
||||||
|
x11-libs/gtk+:3
|
||||||
|
vte? ( x11-libs/vte:2.91 )
|
||||||
|
)
|
||||||
|
)
|
||||||
|
infiniband? ( sys-fabric/librdmacm:=[static-libs(+)] )
|
||||||
|
iscsi? ( net-libs/libiscsi )
|
||||||
|
jpeg? ( virtual/jpeg:0=[static-libs(+)] )
|
||||||
|
lzo? ( dev-libs/lzo:2[static-libs(+)] )
|
||||||
|
ncurses? (
|
||||||
|
sys-libs/ncurses:0=[unicode]
|
||||||
|
sys-libs/ncurses:0=[static-libs(+)]
|
||||||
|
)
|
||||||
|
nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] )
|
||||||
|
numa? ( sys-process/numactl[static-libs(+)] )
|
||||||
|
opengl? (
|
||||||
|
virtual/opengl
|
||||||
|
media-libs/libepoxy[static-libs(+)]
|
||||||
|
media-libs/mesa[static-libs(+)]
|
||||||
|
media-libs/mesa[egl,gbm]
|
||||||
|
)
|
||||||
|
png? ( media-libs/libpng:0=[static-libs(+)] )
|
||||||
|
pulseaudio? ( media-sound/pulseaudio )
|
||||||
|
rbd? ( sys-cluster/ceph[static-libs(+)] )
|
||||||
|
sasl? ( dev-libs/cyrus-sasl[static-libs(+)] )
|
||||||
|
sdl? (
|
||||||
|
!sdl2? (
|
||||||
|
media-libs/libsdl[X]
|
||||||
|
>=media-libs/libsdl-1.2.11[static-libs(+)]
|
||||||
|
)
|
||||||
|
sdl2? (
|
||||||
|
media-libs/libsdl2[X]
|
||||||
|
media-libs/libsdl2[static-libs(+)]
|
||||||
|
)
|
||||||
|
)
|
||||||
|
seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] )
|
||||||
|
smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] )
|
||||||
|
snappy? ( app-arch/snappy:=[static-libs(+)] )
|
||||||
|
spice? (
|
||||||
|
>=app-emulation/spice-protocol-0.12.3
|
||||||
|
>=app-emulation/spice-0.12.0[static-libs(+)]
|
||||||
|
)
|
||||||
|
ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] )
|
||||||
|
usb? ( >=virtual/libusb-1-r2[static-libs(+)] )
|
||||||
|
usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] )
|
||||||
|
vde? ( net-misc/vde[static-libs(+)] )
|
||||||
|
virgl? ( media-libs/virglrenderer[static-libs(+)] )
|
||||||
|
virtfs? ( sys-libs/libcap )
|
||||||
|
xen? ( app-emulation/xen-tools:= )
|
||||||
|
xfs? ( sys-fs/xfsprogs[static-libs(+)] )"
|
||||||
|
|
||||||
|
X86_FIRMWARE_DEPEND="
|
||||||
|
pin-upstream-blobs? (
|
||||||
|
~sys-firmware/edk2-ovmf-2017_pre20170505[binary]
|
||||||
|
~sys-firmware/ipxe-1.0.0_p20160620
|
||||||
|
~sys-firmware/seabios-1.10.2[binary,seavgabios]
|
||||||
|
~sys-firmware/sgabios-0.1_pre8
|
||||||
|
)
|
||||||
|
!pin-upstream-blobs? (
|
||||||
|
sys-firmware/edk2-ovmf
|
||||||
|
sys-firmware/ipxe
|
||||||
|
>=sys-firmware/seabios-1.10.2[seavgabios]
|
||||||
|
sys-firmware/sgabios
|
||||||
|
)"
|
||||||
|
|
||||||
|
CDEPEND="
|
||||||
|
!static? (
|
||||||
|
${ALL_DEPEND//\[static-libs(+)]}
|
||||||
|
${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]}
|
||||||
|
)
|
||||||
|
qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} )
|
||||||
|
qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )"
|
||||||
|
DEPEND="${CDEPEND}
|
||||||
|
dev-lang/perl
|
||||||
|
=dev-lang/python-2*
|
||||||
|
sys-apps/texinfo
|
||||||
|
virtual/pkgconfig
|
||||||
|
kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 )
|
||||||
|
gtk? ( nls? ( sys-devel/gettext ) )
|
||||||
|
static? (
|
||||||
|
${ALL_DEPEND}
|
||||||
|
${SOFTMMU_TOOLS_DEPEND}
|
||||||
|
)
|
||||||
|
static-user? ( ${ALL_DEPEND} )
|
||||||
|
test? (
|
||||||
|
dev-libs/glib[utils]
|
||||||
|
sys-devel/bc
|
||||||
|
)"
|
||||||
|
RDEPEND="${CDEPEND}
|
||||||
|
selinux? ( sec-policy/selinux-qemu )"
|
||||||
|
|
||||||
|
PATCHES=(
|
||||||
|
"${FILESDIR}"/${PN}-2.5.0-cflags.patch
|
||||||
|
"${FILESDIR}"/${PN}-2.5.0-sysmacros.patch
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11434.patch # bug 625614
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-11334.patch # bug 621292
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-1.patch # bug 621292
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9524-2.patch
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-1.patch # bug 621184
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-9503-2.patch
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10664.patch # bug 623016
|
||||||
|
"${FILESDIR}"/${PN}-2.9.0-CVE-2017-10806.patch # bug 624088
|
||||||
|
)
|
||||||
|
|
||||||
|
STRIP_MASK="/usr/share/qemu/palcode-clipper"
|
||||||
|
|
||||||
|
QA_PREBUILT="
|
||||||
|
usr/share/qemu/openbios-ppc
|
||||||
|
usr/share/qemu/openbios-sparc64
|
||||||
|
usr/share/qemu/openbios-sparc32
|
||||||
|
usr/share/qemu/palcode-clipper
|
||||||
|
usr/share/qemu/s390-ccw.img
|
||||||
|
usr/share/qemu/u-boot.e500"
|
||||||
|
|
||||||
|
QA_WX_LOAD="usr/bin/qemu-i386
|
||||||
|
usr/bin/qemu-x86_64
|
||||||
|
usr/bin/qemu-alpha
|
||||||
|
usr/bin/qemu-arm
|
||||||
|
usr/bin/qemu-cris
|
||||||
|
usr/bin/qemu-m68k
|
||||||
|
usr/bin/qemu-microblaze
|
||||||
|
usr/bin/qemu-microblazeel
|
||||||
|
usr/bin/qemu-mips
|
||||||
|
usr/bin/qemu-mipsel
|
||||||
|
usr/bin/qemu-or1k
|
||||||
|
usr/bin/qemu-ppc
|
||||||
|
usr/bin/qemu-ppc64
|
||||||
|
usr/bin/qemu-ppc64abi32
|
||||||
|
usr/bin/qemu-sh4
|
||||||
|
usr/bin/qemu-sh4eb
|
||||||
|
usr/bin/qemu-sparc
|
||||||
|
usr/bin/qemu-sparc64
|
||||||
|
usr/bin/qemu-armeb
|
||||||
|
usr/bin/qemu-sparc32plus
|
||||||
|
usr/bin/qemu-s390x
|
||||||
|
usr/bin/qemu-unicore32"
|
||||||
|
|
||||||
|
DOC_CONTENTS="If you don't have kvm compiled into the kernel, make sure you have the
|
||||||
|
kernel module loaded before running kvm. The easiest way to ensure that the
|
||||||
|
kernel module is loaded is to load it on boot.
|
||||||
|
For AMD CPUs the module is called 'kvm-amd'.
|
||||||
|
For Intel CPUs the module is called 'kvm-intel'.
|
||||||
|
Please review /etc/conf.d/modules for how to load these.
|
||||||
|
|
||||||
|
Make sure your user is in the 'kvm' group. Just run
|
||||||
|
$ gpasswd -a <USER> kvm
|
||||||
|
then have <USER> re-login.
|
||||||
|
|
||||||
|
For brand new installs, the default permissions on /dev/kvm might not let
|
||||||
|
you access it. You can tell udev to reset ownership/perms:
|
||||||
|
$ udevadm trigger -c add /dev/kvm
|
||||||
|
|
||||||
|
If you want to register binfmt handlers for qemu user targets:
|
||||||
|
For openrc:
|
||||||
|
# rc-update add qemu-binfmt
|
||||||
|
For systemd:
|
||||||
|
# ln -s /usr/share/qemu/binfmt.d/qemu.conf /etc/binfmt.d/qemu.conf"
|
||||||
|
|
||||||
|
pkg_pretend() {
|
||||||
|
if use kernel_linux && kernel_is lt 2 6 25; then
|
||||||
|
eerror "This version of KVM requres a host kernel of 2.6.25 or higher."
|
||||||
|
elif use kernel_linux; then
|
||||||
|
if ! linux_config_exists; then
|
||||||
|
eerror "Unable to check your kernel for KVM support"
|
||||||
|
else
|
||||||
|
CONFIG_CHECK="~KVM ~TUN ~BRIDGE"
|
||||||
|
ERROR_KVM="You must enable KVM in your kernel to continue"
|
||||||
|
ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
|
||||||
|
ERROR_KVM_AMD+=" your kernel configuration."
|
||||||
|
ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
|
||||||
|
ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
|
||||||
|
ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
|
||||||
|
ERROR_TUN+=" into your kernel or loaded as a module to use the"
|
||||||
|
ERROR_TUN+=" virtual network device if using -net tap."
|
||||||
|
ERROR_BRIDGE="You will also need support for 802.1d"
|
||||||
|
ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
|
||||||
|
use vhost-net && CONFIG_CHECK+=" ~VHOST_NET"
|
||||||
|
ERROR_VHOST_NET="You must enable VHOST_NET to have vhost-net"
|
||||||
|
ERROR_VHOST_NET+=" support"
|
||||||
|
|
||||||
|
if use amd64 || use x86 || use amd64-linux || use x86-linux; then
|
||||||
|
CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL"
|
||||||
|
fi
|
||||||
|
|
||||||
|
use python && CONFIG_CHECK+=" ~DEBUG_FS"
|
||||||
|
ERROR_DEBUG_FS="debugFS support required for kvm_stat"
|
||||||
|
|
||||||
|
# Now do the actual checks setup above
|
||||||
|
check_extra_config
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if grep -qs '/usr/bin/qemu-kvm' "${EROOT}"/etc/libvirt/qemu/*.xml; then
|
||||||
|
eerror "The kvm/qemu-kvm wrappers no longer exist, but your libvirt"
|
||||||
|
eerror "instances are still pointing to it. Please update your"
|
||||||
|
eerror "configs in /etc/libvirt/qemu/ to use the -enable-kvm flag"
|
||||||
|
eerror "and the right system binary (e.g. qemu-system-x86_64)."
|
||||||
|
die "update your virt configs to not use qemu-kvm"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
pkg_setup() {
|
||||||
|
enewgroup kvm 78
|
||||||
|
}
|
||||||
|
|
||||||
|
# Sanity check to make sure target lists are kept up-to-date.
|
||||||
|
check_targets() {
|
||||||
|
local var=$1 mak=$2
|
||||||
|
local detected sorted
|
||||||
|
|
||||||
|
pushd "${S}"/default-configs >/dev/null || die
|
||||||
|
|
||||||
|
# Force C locale until glibc is updated. #564936
|
||||||
|
detected=$(echo $(printf '%s\n' *-${mak}.mak | sed "s:-${mak}.mak::" | LC_COLLATE=C sort -u))
|
||||||
|
sorted=$(echo $(printf '%s\n' ${!var} | LC_COLLATE=C sort -u))
|
||||||
|
if [[ ${sorted} != "${detected}" ]] ; then
|
||||||
|
eerror "The ebuild needs to be kept in sync."
|
||||||
|
eerror "${var}: ${sorted}"
|
||||||
|
eerror "$(printf '%-*s' ${#var} configure): ${detected}"
|
||||||
|
die "sync ${var} to the list of targets"
|
||||||
|
fi
|
||||||
|
|
||||||
|
popd >/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
|
handle_locales() {
|
||||||
|
# Make sure locale list is kept up-to-date.
|
||||||
|
local detected sorted
|
||||||
|
detected=$(echo $(cd po && printf '%s\n' *.po | grep -v messages.po | sed 's:.po$::' | sort -u))
|
||||||
|
sorted=$(echo $(printf '%s\n' ${PLOCALES} | sort -u))
|
||||||
|
if [[ ${sorted} != "${detected}" ]] ; then
|
||||||
|
eerror "The ebuild needs to be kept in sync."
|
||||||
|
eerror "PLOCALES: ${sorted}"
|
||||||
|
eerror " po/*.po: ${detected}"
|
||||||
|
die "sync PLOCALES"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Deal with selective install of locales.
|
||||||
|
if use nls ; then
|
||||||
|
# Delete locales the user does not want. #577814
|
||||||
|
rm_loc() { rm po/$1.po || die; }
|
||||||
|
l10n_for_each_disabled_locale_do rm_loc
|
||||||
|
else
|
||||||
|
# Cheap hack to disable gettext .mo generation.
|
||||||
|
rm -f po/*.po
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
src_prepare() {
|
||||||
|
check_targets IUSE_SOFTMMU_TARGETS softmmu
|
||||||
|
check_targets IUSE_USER_TARGETS linux-user
|
||||||
|
|
||||||
|
# Alter target makefiles to accept CFLAGS set via flag-o
|
||||||
|
sed -i -r \
|
||||||
|
-e 's/^(C|OP_C|HELPER_C)FLAGS=/\1FLAGS+=/' \
|
||||||
|
Makefile Makefile.target || die
|
||||||
|
|
||||||
|
default
|
||||||
|
|
||||||
|
# Fix ld and objcopy being called directly
|
||||||
|
tc-export AR LD OBJCOPY
|
||||||
|
|
||||||
|
# Verbose builds
|
||||||
|
MAKEOPTS+=" V=1"
|
||||||
|
|
||||||
|
# Run after we've applied all patches.
|
||||||
|
handle_locales
|
||||||
|
|
||||||
|
#remove bundled copy of libfdt
|
||||||
|
rm -r dtc || die
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
# configures qemu based on the build directory and the build type
|
||||||
|
# we are using.
|
||||||
|
#
|
||||||
|
qemu_src_configure() {
|
||||||
|
debug-print-function ${FUNCNAME} "$@"
|
||||||
|
|
||||||
|
local buildtype=$1
|
||||||
|
local builddir="${S}/${buildtype}-build"
|
||||||
|
|
||||||
|
mkdir "${builddir}"
|
||||||
|
|
||||||
|
local conf_opts=(
|
||||||
|
--prefix=/usr
|
||||||
|
--sysconfdir=/etc
|
||||||
|
--libdir=/usr/$(get_libdir)
|
||||||
|
--docdir=/usr/share/doc/${PF}/html
|
||||||
|
--disable-bsd-user
|
||||||
|
--disable-guest-agent
|
||||||
|
--disable-strip
|
||||||
|
--disable-werror
|
||||||
|
# We support gnutls/nettle for crypto operations. It is possible
|
||||||
|
# to use gcrypt when gnutls/nettle are disabled (but not when they
|
||||||
|
# are enabled), but it's not really worth the hassle. Disable it
|
||||||
|
# all the time to avoid automatically detecting it. #568856
|
||||||
|
--disable-gcrypt
|
||||||
|
--python="${PYTHON}"
|
||||||
|
--cc="$(tc-getCC)"
|
||||||
|
--cxx="$(tc-getCXX)"
|
||||||
|
--host-cc="$(tc-getBUILD_CC)"
|
||||||
|
$(use_enable debug debug-info)
|
||||||
|
$(use_enable debug debug-tcg)
|
||||||
|
--enable-docs
|
||||||
|
$(use_enable tci tcg-interpreter)
|
||||||
|
$(use_enable xattr attr)
|
||||||
|
)
|
||||||
|
|
||||||
|
# Disable options not used by user targets. This simplifies building
|
||||||
|
# static user targets (USE=static-user) considerably.
|
||||||
|
conf_notuser() {
|
||||||
|
if [[ ${buildtype} == "user" ]] ; then
|
||||||
|
echo "--disable-${2:-$1}"
|
||||||
|
else
|
||||||
|
use_enable "$@"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
conf_opts+=(
|
||||||
|
$(conf_notuser accessibility brlapi)
|
||||||
|
$(conf_notuser aio linux-aio)
|
||||||
|
$(conf_notuser bzip2)
|
||||||
|
$(conf_notuser bluetooth bluez)
|
||||||
|
$(conf_notuser caps cap-ng)
|
||||||
|
$(conf_notuser curl)
|
||||||
|
$(conf_notuser fdt)
|
||||||
|
$(conf_notuser glusterfs)
|
||||||
|
$(conf_notuser gnutls)
|
||||||
|
$(conf_notuser gnutls nettle)
|
||||||
|
$(conf_notuser gtk)
|
||||||
|
$(conf_notuser infiniband rdma)
|
||||||
|
$(conf_notuser iscsi libiscsi)
|
||||||
|
$(conf_notuser jpeg vnc-jpeg)
|
||||||
|
$(conf_notuser kernel_linux kvm)
|
||||||
|
$(conf_notuser lzo)
|
||||||
|
$(conf_notuser ncurses curses)
|
||||||
|
$(conf_notuser nfs libnfs)
|
||||||
|
$(conf_notuser numa)
|
||||||
|
$(conf_notuser opengl)
|
||||||
|
$(conf_notuser png vnc-png)
|
||||||
|
$(conf_notuser rbd)
|
||||||
|
$(conf_notuser sasl vnc-sasl)
|
||||||
|
$(conf_notuser sdl)
|
||||||
|
$(conf_notuser seccomp)
|
||||||
|
$(conf_notuser smartcard)
|
||||||
|
$(conf_notuser snappy)
|
||||||
|
$(conf_notuser spice)
|
||||||
|
$(conf_notuser ssh libssh2)
|
||||||
|
$(conf_notuser usb libusb)
|
||||||
|
$(conf_notuser usbredir usb-redir)
|
||||||
|
$(conf_notuser vde)
|
||||||
|
$(conf_notuser vhost-net)
|
||||||
|
$(conf_notuser virgl virglrenderer)
|
||||||
|
$(conf_notuser virtfs)
|
||||||
|
$(conf_notuser vnc)
|
||||||
|
$(conf_notuser vte)
|
||||||
|
$(conf_notuser xen)
|
||||||
|
$(conf_notuser xen xen-pci-passthrough)
|
||||||
|
$(conf_notuser xfs xfsctl)
|
||||||
|
)
|
||||||
|
|
||||||
|
if [[ ! ${buildtype} == "user" ]] ; then
|
||||||
|
# audio options
|
||||||
|
local audio_opts="oss"
|
||||||
|
use alsa && audio_opts="alsa,${audio_opts}"
|
||||||
|
use sdl && audio_opts="sdl,${audio_opts}"
|
||||||
|
use pulseaudio && audio_opts="pa,${audio_opts}"
|
||||||
|
conf_opts+=(
|
||||||
|
--audio-drv-list="${audio_opts}"
|
||||||
|
)
|
||||||
|
use gtk && conf_opts+=( --with-gtkabi=$(usex gtk2 2.0 3.0) )
|
||||||
|
use sdl && conf_opts+=( --with-sdlabi=$(usex sdl2 2.0 1.2) )
|
||||||
|
fi
|
||||||
|
|
||||||
|
case ${buildtype} in
|
||||||
|
user)
|
||||||
|
conf_opts+=(
|
||||||
|
--enable-linux-user
|
||||||
|
--disable-system
|
||||||
|
--disable-blobs
|
||||||
|
--disable-tools
|
||||||
|
)
|
||||||
|
local static_flag="static-user"
|
||||||
|
;;
|
||||||
|
softmmu)
|
||||||
|
conf_opts+=(
|
||||||
|
--disable-linux-user
|
||||||
|
--enable-system
|
||||||
|
--disable-tools
|
||||||
|
--with-system-pixman
|
||||||
|
)
|
||||||
|
local static_flag="static"
|
||||||
|
;;
|
||||||
|
tools)
|
||||||
|
conf_opts+=(
|
||||||
|
--disable-linux-user
|
||||||
|
--disable-system
|
||||||
|
--disable-blobs
|
||||||
|
--enable-tools
|
||||||
|
)
|
||||||
|
local static_flag="static"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
local targets="${buildtype}_targets"
|
||||||
|
[[ -n ${targets} ]] && conf_opts+=( --target-list="${!targets}" )
|
||||||
|
|
||||||
|
# Add support for SystemTAP
|
||||||
|
use systemtap && conf_opts+=( --enable-trace-backend=dtrace )
|
||||||
|
|
||||||
|
# We always want to attempt to build with PIE support as it results
|
||||||
|
# in a more secure binary. But it doesn't work with static or if
|
||||||
|
# the current GCC doesn't have PIE support.
|
||||||
|
if use ${static_flag}; then
|
||||||
|
conf_opts+=( --static --disable-pie )
|
||||||
|
else
|
||||||
|
tc-enables-pie && conf_opts+=( --enable-pie )
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "../configure ${conf_opts[*]}"
|
||||||
|
cd "${builddir}"
|
||||||
|
../configure "${conf_opts[@]}" || die "configure failed"
|
||||||
|
|
||||||
|
# FreeBSD's kernel does not support QEMU assigning/grabbing
|
||||||
|
# host USB devices yet
|
||||||
|
use kernel_FreeBSD && \
|
||||||
|
sed -i -E -e "s|^(HOST_USB=)bsd|\1stub|" "${S}"/config-host.mak
|
||||||
|
}
|
||||||
|
|
||||||
|
src_configure() {
|
||||||
|
local target
|
||||||
|
|
||||||
|
python_setup
|
||||||
|
|
||||||
|
softmmu_targets= softmmu_bins=()
|
||||||
|
user_targets= user_bins=()
|
||||||
|
|
||||||
|
for target in ${IUSE_SOFTMMU_TARGETS} ; do
|
||||||
|
if use "qemu_softmmu_targets_${target}"; then
|
||||||
|
softmmu_targets+=",${target}-softmmu"
|
||||||
|
softmmu_bins+=( "qemu-system-${target}" )
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
for target in ${IUSE_USER_TARGETS} ; do
|
||||||
|
if use "qemu_user_targets_${target}"; then
|
||||||
|
user_targets+=",${target}-linux-user"
|
||||||
|
user_bins+=( "qemu-${target}" )
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
softmmu_targets=${softmmu_targets#,}
|
||||||
|
user_targets=${user_targets#,}
|
||||||
|
|
||||||
|
[[ -n ${softmmu_targets} ]] && qemu_src_configure "softmmu"
|
||||||
|
[[ -n ${user_targets} ]] && qemu_src_configure "user"
|
||||||
|
qemu_src_configure "tools"
|
||||||
|
}
|
||||||
|
|
||||||
|
src_compile() {
|
||||||
|
if [[ -n ${user_targets} ]]; then
|
||||||
|
cd "${S}/user-build"
|
||||||
|
default
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -n ${softmmu_targets} ]]; then
|
||||||
|
cd "${S}/softmmu-build"
|
||||||
|
default
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd "${S}/tools-build"
|
||||||
|
default
|
||||||
|
}
|
||||||
|
|
||||||
|
src_test() {
|
||||||
|
if [[ -n ${softmmu_targets} ]]; then
|
||||||
|
cd "${S}/softmmu-build"
|
||||||
|
pax-mark m */qemu-system-* #515550
|
||||||
|
emake -j1 check
|
||||||
|
emake -j1 check-report.html
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
qemu_python_install() {
|
||||||
|
python_domodule "${S}/scripts/qmp/qmp.py"
|
||||||
|
|
||||||
|
python_doscript "${S}/scripts/kvm/vmxcap"
|
||||||
|
python_doscript "${S}/scripts/qmp/qmp-shell"
|
||||||
|
python_doscript "${S}/scripts/qmp/qemu-ga-client"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Generate binfmt support files.
|
||||||
|
# - /etc/init.d/qemu-binfmt script which registers the user handlers (openrc)
|
||||||
|
# - /usr/share/qemu/binfmt.d/qemu.conf (for use with systemd-binfmt)
|
||||||
|
generate_initd() {
|
||||||
|
local out="${T}/qemu-binfmt"
|
||||||
|
local out_systemd="${T}/qemu.conf"
|
||||||
|
local d="${T}/binfmt.d"
|
||||||
|
|
||||||
|
einfo "Generating qemu binfmt scripts and configuration files"
|
||||||
|
|
||||||
|
# Generate the debian fragments first.
|
||||||
|
mkdir -p "${d}"
|
||||||
|
"${S}"/scripts/qemu-binfmt-conf.sh \
|
||||||
|
--debian \
|
||||||
|
--exportdir "${d}" \
|
||||||
|
--qemu-path "${EPREFIX}/usr/bin" \
|
||||||
|
|| die
|
||||||
|
# Then turn the fragments into a shell script we can source.
|
||||||
|
sed -E -i \
|
||||||
|
-e 's:^([^ ]+) (.*)$:\1="\2":' \
|
||||||
|
"${d}"/* || die
|
||||||
|
|
||||||
|
# Generate the init.d script by assembling the fragments from above.
|
||||||
|
local f qcpu package interpreter magic mask
|
||||||
|
cat "${FILESDIR}"/qemu-binfmt.initd.head >"${out}" || die
|
||||||
|
for f in "${d}"/qemu-* ; do
|
||||||
|
source "${f}"
|
||||||
|
|
||||||
|
# Normalize the cpu logic like we do in the init.d for the native cpu.
|
||||||
|
qcpu=${package#qemu-}
|
||||||
|
case ${qcpu} in
|
||||||
|
arm*) qcpu="arm";;
|
||||||
|
mips*) qcpu="mips";;
|
||||||
|
ppc*) qcpu="ppc";;
|
||||||
|
s390*) qcpu="s390";;
|
||||||
|
sh*) qcpu="sh";;
|
||||||
|
sparc*) qcpu="sparc";;
|
||||||
|
esac
|
||||||
|
|
||||||
|
cat <<EOF >>"${out}"
|
||||||
|
if [ "\${cpu}" != "${qcpu}" -a -x "${interpreter}" ] ; then
|
||||||
|
echo ':${package}:M::${magic}:${mask}:${interpreter}:'"\${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo ":${package}:M::${magic}:${mask}:${interpreter}:OC" >>"${out_systemd}"
|
||||||
|
|
||||||
|
done
|
||||||
|
cat "${FILESDIR}"/qemu-binfmt.initd.tail >>"${out}" || die
|
||||||
|
}
|
||||||
|
|
||||||
|
src_install() {
|
||||||
|
if [[ -n ${user_targets} ]]; then
|
||||||
|
cd "${S}/user-build"
|
||||||
|
emake DESTDIR="${ED}" install
|
||||||
|
|
||||||
|
# Install binfmt handler init script for user targets.
|
||||||
|
generate_initd
|
||||||
|
doinitd "${T}/qemu-binfmt"
|
||||||
|
|
||||||
|
# Install binfmt/qemu.conf.
|
||||||
|
insinto "/usr/share/qemu/binfmt.d"
|
||||||
|
doins "${T}/qemu.conf"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -n ${softmmu_targets} ]]; then
|
||||||
|
cd "${S}/softmmu-build"
|
||||||
|
emake DESTDIR="${ED}" install
|
||||||
|
|
||||||
|
# This might not exist if the test failed. #512010
|
||||||
|
[[ -e check-report.html ]] && dohtml check-report.html
|
||||||
|
|
||||||
|
if use kernel_linux; then
|
||||||
|
udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules
|
||||||
|
fi
|
||||||
|
|
||||||
|
if use python; then
|
||||||
|
python_foreach_impl qemu_python_install
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd "${S}/tools-build"
|
||||||
|
emake DESTDIR="${ED}" install
|
||||||
|
|
||||||
|
# Disable mprotect on the qemu binaries as they use JITs to be fast #459348
|
||||||
|
pushd "${ED}"/usr/bin >/dev/null
|
||||||
|
pax-mark mr "${softmmu_bins[@]}" "${user_bins[@]}" # bug 575594
|
||||||
|
popd >/dev/null
|
||||||
|
|
||||||
|
# Install config file example for qemu-bridge-helper
|
||||||
|
insinto "/etc/qemu"
|
||||||
|
doins "${FILESDIR}/bridge.conf"
|
||||||
|
|
||||||
|
cd "${S}"
|
||||||
|
dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt
|
||||||
|
newdoc pc-bios/README README.pc-bios
|
||||||
|
dodoc docs/qmp-*.txt
|
||||||
|
|
||||||
|
if [[ -n ${softmmu_targets} ]]; then
|
||||||
|
# Remove SeaBIOS since we're using the SeaBIOS packaged one
|
||||||
|
rm "${ED}/usr/share/qemu/bios.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/bios-256k.bin"
|
||||||
|
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||||
|
dosym ../seabios/bios.bin /usr/share/qemu/bios.bin
|
||||||
|
dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove vgabios since we're using the seavgabios packaged one
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios-cirrus.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios-qxl.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios-stdvga.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios-virtio.bin"
|
||||||
|
rm "${ED}/usr/share/qemu/vgabios-vmware.bin"
|
||||||
|
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||||
|
dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin
|
||||||
|
dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin
|
||||||
|
dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin
|
||||||
|
dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin
|
||||||
|
dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin
|
||||||
|
dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove sgabios since we're using the sgabios packaged one
|
||||||
|
rm "${ED}/usr/share/qemu/sgabios.bin"
|
||||||
|
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||||
|
dosym ../sgabios/sgabios.bin /usr/share/qemu/sgabios.bin
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove iPXE since we're using the iPXE packaged one
|
||||||
|
rm "${ED}"/usr/share/qemu/pxe-*.rom
|
||||||
|
if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then
|
||||||
|
dosym ../ipxe/8086100e.rom /usr/share/qemu/pxe-e1000.rom
|
||||||
|
dosym ../ipxe/80861209.rom /usr/share/qemu/pxe-eepro100.rom
|
||||||
|
dosym ../ipxe/10500940.rom /usr/share/qemu/pxe-ne2k_pci.rom
|
||||||
|
dosym ../ipxe/10222000.rom /usr/share/qemu/pxe-pcnet.rom
|
||||||
|
dosym ../ipxe/10ec8139.rom /usr/share/qemu/pxe-rtl8139.rom
|
||||||
|
dosym ../ipxe/1af41000.rom /usr/share/qemu/pxe-virtio.rom
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
DISABLE_AUTOFORMATTING=true
|
||||||
|
readme.gentoo_create_doc
|
||||||
|
}
|
||||||
|
|
||||||
|
firmware_abi_change() {
|
||||||
|
local pv
|
||||||
|
for pv in ${REPLACING_VERSIONS}; do
|
||||||
|
if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
pkg_postinst() {
|
||||||
|
if [[ -n ${softmmu_targets} ]] && use kernel_linux; then
|
||||||
|
udev_reload
|
||||||
|
fi
|
||||||
|
|
||||||
|
fcaps cap_net_admin /usr/libexec/qemu-bridge-helper
|
||||||
|
|
||||||
|
DISABLE_AUTOFORMATTING=true
|
||||||
|
readme.gentoo_print_elog
|
||||||
|
|
||||||
|
if use pin-upstream-blobs && firmware_abi_change; then
|
||||||
|
ewarn "This version of qemu pins new versions of firmware blobs:"
|
||||||
|
ewarn " $(best_version sys-firmware/edk2-ovmf)"
|
||||||
|
ewarn " $(best_version sys-firmware/ipxe)"
|
||||||
|
ewarn " $(best_version sys-firmware/seabios)"
|
||||||
|
ewarn " $(best_version sys-firmware/sgabios)"
|
||||||
|
ewarn "This might break resume of hibernated guests (started with a different"
|
||||||
|
ewarn "firmware version) and live migration to/from qemu versions with different"
|
||||||
|
ewarn "firmware. Please (cold) restart all running guests. For functional"
|
||||||
|
ewarn "guest migration ensure that all"
|
||||||
|
ewarn "hosts run at least"
|
||||||
|
ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
pkg_info() {
|
||||||
|
echo "Using:"
|
||||||
|
echo " $(best_version app-emulation/spice-protocol)"
|
||||||
|
echo " $(best_version sys-firmware/edk2-ovmf)"
|
||||||
|
if has_version 'sys-firmware/edk2-ovmf[binary]'; then
|
||||||
|
echo " USE=binary"
|
||||||
|
else
|
||||||
|
echo " USE=''"
|
||||||
|
fi
|
||||||
|
echo " $(best_version sys-firmware/ipxe)"
|
||||||
|
echo " $(best_version sys-firmware/seabios)"
|
||||||
|
if has_version 'sys-firmware/seabios[binary]'; then
|
||||||
|
echo " USE=binary"
|
||||||
|
else
|
||||||
|
echo " USE=''"
|
||||||
|
fi
|
||||||
|
echo " $(best_version sys-firmware/sgabios)"
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user