Merge ~paelzer/ubuntu/+source/qemu:merge-6.0-2exp-impish into ubuntu/+source/qemu:ubuntu/devel
- Git
- lp:~paelzer/ubuntu/+source/qemu
- merge-6.0-2exp-impish
- Merge into ubuntu/devel
Status: | Superseded | ||||||||
---|---|---|---|---|---|---|---|---|---|
Proposed branch: | ~paelzer/ubuntu/+source/qemu:merge-6.0-2exp-impish | ||||||||
Merge into: | ubuntu/+source/qemu:ubuntu/devel | ||||||||
Diff against target: |
760 lines (+581/-5) (has conflicts) 14 files modified
debian/changelog (+109/-0) debian/control (+11/-0) debian/control-in (+13/-0) debian/optionrom.mak (+1/-1) debian/patches/pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch (+40/-0) debian/patches/pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch (+43/-0) debian/patches/pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch (+40/-0) debian/patches/series (+14/-0) debian/patches/target-ppc-fix-load-endianness-for-lxvwsx-lxvdsx.patch (+45/-0) debian/patches/ubuntu/avoid-fcf-clashing-with-i486.patch (+23/-0) debian/patches/ubuntu/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch (+119/-0) debian/patches/usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch (+37/-0) debian/patches/usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch (+54/-0) debian/rules (+32/-4) Conflict in debian/changelog Conflict in debian/control Conflict in debian/control-in Conflict in debian/patches/series Conflict in debian/rules |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Canonical Server | Pending | ||
Canonical Server Core Reviewers | Pending | ||
Review via email: mp+407156@code.launchpad.net |
This proposal has been superseded by a proposal from 2021-08-16.
Commit message
Description of the change
Unmerged commits
- 5abe357... by Christian Ehrhardt
-
changelog: 1:6.0+dfsg-
2expubuntu1 Signed-off-by: Christian Ehrhardt <email address hidden>
- d461655... by Christian Ehrhardt
-
d/p/u/lp-
1932175- s390x-cpumodel- add-3931- and-3932. patch: add new 3931 and 3932 machines (LP: #1932175) Signed-off-by: Christian Ehrhardt <email address hidden>
- be207da... by Christian Ehrhardt
-
d/optionrom.mak, d/p/u/avoid-
fcf-clashing- with-i486. patch: fix
-fcf-protection being unavailble on -march=i486 (LP: #1940029)Note: Can be dropped once fixed in the compiler toolchain.
Signed-off-by: Christian Ehrhardt <email address hidden>
- a75600c... by Christian Ehrhardt
-
d/control: regenerated from d/control-in
Signed-off-by: Christian Ehrhardt <email address hidden>
- 1315416... by Christian Ehrhardt
-
merge-changelogs
Signed-off-by: Christian Ehrhardt <email address hidden>
- fea132d... by Christian Ehrhardt
-
debian/
qemu-block- extra.postinst: enable mount unit on install/upgrade Note: this default-on behavior might stay Ubuntu-only as Debian would
prefer an opt-in, while we'd like it to work out of the box.Signed-off-by: Christian Ehrhardt <email address hidden>
- e58e184... by Christian Ehrhardt
-
d/p/ubuntu/
lp-1929926- target- s390x-Fix- translation- exception- on-illegal- in.patch: avoid segfaults by uretprobes (LP: #1929926) Signed-off-by: Christian Ehrhardt <email address hidden>
- 8a24cc3... by Christian Ehrhardt
-
d/p/ubuntu/
define- ubuntu- machine- types.patch: add ubuntu machine types for v6.0 Signed-off-by: Christian Ehrhardt <email address hidden>
- bba6c7b... by Christian Ehrhardt
-
d/p/ubuntu/
enable- svm-by- default. patch: update to match v6.0 Signed-off-by: Christian Ehrhardt <email address hidden>
- 0b0596c... by Christian Ehrhardt
-
d/control.in: Make qemu-system-
x86-microvm a transitional package (drop after 22.04) Signed-off-by: Christian Ehrhardt <email address hidden>
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 244f19a..32b8162 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,109 @@ |
6 | +<<<<<<< debian/changelog |
7 | +======= |
8 | +qemu (1:6.0+dfsg-2expubuntu1) impish; urgency=medium |
9 | + |
10 | + * Merge with Debian experimental, remaining changes: |
11 | + - qemu-kvm to systemd unit |
12 | + - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm, |
13 | + hugepages and architecture specifics |
14 | + - d/qemu-system-common.qemu-kvm.service: systemd unit to call |
15 | + qemu-kvm-init |
16 | + - d/qemu-system-common.install: install helper script |
17 | + - d/qemu-system-common.qemu-kvm.default: defaults for |
18 | + /etc/default/qemu-kvm |
19 | + - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm |
20 | + - Distribution specific machine type |
21 | + (LP: 1304107 1621042 1776189 1761372 1761372 1776189) |
22 | + - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine |
23 | + types containing release versioned machine attributes |
24 | + - d/qemu-system-x86.NEWS Info on fixed machine type defintions |
25 | + for host-phys-bits=true |
26 | + - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS |
27 | + - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type |
28 | + - Enable nesting by default |
29 | + - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default |
30 | + in qemu64 on amd |
31 | + [ No more strictly needed, but required for backward compatibility ] |
32 | + - improved dependencies |
33 | + - Make qemu-system-common depend on qemu-block-extra |
34 | + - Make qemu-utils depend on qemu-block-extra |
35 | + - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490) |
36 | + - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types |
37 | + reference 256k path |
38 | + - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to |
39 | + handle incoming migrations from former releases. |
40 | + - d/qemu-system-x86.README.Debian: add info about updated nesting changes |
41 | + - d/control*, d/rules: disable xen by default, but provide universe |
42 | + package qemu-system-x86-xen as alternative |
43 | + [includes compat links changes of 5.0-5ubuntu4] |
44 | + - d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0 |
45 | + - d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types |
46 | + for v6.0 |
47 | + - d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP 1929926) |
48 | + - Ease the use of module retention on upgrades (LP 1913421) |
49 | + - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade |
50 | + * Dropped Changes [in 1:6.0+dfsg-2exp]: |
51 | + - d/control-in: Disable capstone disassembler library support (universe) |
52 | + - Disable fuse export (universe dependency) |
53 | + - Ease the use of module retention on upgrades (LP 1913421) |
54 | + - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra |
55 | + - d/rules: only save modules if /run/qemu isn't noexec |
56 | + - d/rules: clear all (current and former) modules on purge |
57 | + - d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial |
58 | + upgrade issues (LP 1932264) |
59 | + - Enable SDL as secondary UI backend (LP 1256185) |
60 | + - d/control: add build dependency libsdl2-dev |
61 | + - d/control: enable sdl graphics on build |
62 | + - d/qemu-system-gui.install: add ui-sdl.so |
63 | + - d/control: add runtime dependency to libgl1 |
64 | + * Dropped Changes [no more needed] |
65 | + - let qemu-utils recommend sharutils |
66 | + * Added changes: |
67 | + - d/optionrom.mak, d/p/u/avoid-fcf-clashing-with-i486.patch: fix |
68 | + -fcf-protection being unavailble on -march=i486 (LP: #1940029) |
69 | + - d/p/u/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch: add new 3931 |
70 | + and 3932 machines (LP: #1932175) |
71 | + |
72 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 12 Aug 2021 15:35:12 +0200 |
73 | + |
74 | +qemu (1:6.0+dfsg-2exp) experimental; urgency=medium |
75 | + |
76 | + [ Christian Ehrhardt ] |
77 | + * qemu 6.0 broke libvirt <7.2, add a Breaks |
78 | + to avoid partial upgrade issues (LP: #1932264) |
79 | + * enable SDL as secondary UI backend (LP: #1256185) |
80 | + * clear all (current and former) modules on purge |
81 | + * only save modules if /run/qemu isn't noexec |
82 | + * provide run-qemu.mount in qemu-block-extra |
83 | + (disabled in debian for now) |
84 | + * Disable capstone disassembler library support in ubuntu (universe) |
85 | + |
86 | + [ Michael Tokarev ] |
87 | + * qemu does not ship Changelog file anymore |
88 | + * drop version from libfuse-dev build-depends (noticed by Ville Skyttä) |
89 | + * a few patches from upstream stable: |
90 | + - target-ppc-fix-load-endianness-for-lxvwsx-lxvdsx.patch |
91 | + fix various crashes in ppc system emulation. |
92 | + Thanks to Christian Ehrhardt for pointing this out |
93 | + - pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch |
94 | + (Closes: #990565, CVE-2021-3582) |
95 | + - pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch |
96 | + (Closes: #990564, CVE-2021-3607) |
97 | + - pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch |
98 | + (Closes: #990563, CVE-2021-3608) |
99 | + - usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch |
100 | + usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch |
101 | + (Closes: #988157, CVE-2021-3527) |
102 | + * mention closing of 3 bugs in am53c974 (ESP) device emulation by 6.0 |
103 | + (Closes: #979679, CVE-2020-35504) |
104 | + (Closes: #984455, CVE-2020-35505) |
105 | + (Closes: #984454, CVE-2020-35506) |
106 | + * make fuse debian-only, since libfuse3 in ubuntu is in universe |
107 | + * fix microvm default machine type for a new build system (LP: #1936894) |
108 | + |
109 | + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 21 Jul 2021 19:43:37 +0300 |
110 | + |
111 | +>>>>>>> debian/changelog |
112 | qemu (1:6.0+dfsg-1~ubuntu3) impish; urgency=medium |
113 | |
114 | * d/p/u/lp-1935617-target-ppc-Fix-load-endianness-for-lxvwsx-lxvdsx.patch: |
115 | @@ -99,6 +205,9 @@ qemu (1:6.0+dfsg-1~ubuntu1) impish; urgency=medium |
116 | qemu (1:6.0+dfsg-1~exp0) experimental; urgency=medium |
117 | |
118 | * new upstream release |
119 | + Closes: #979679, CVE-2020-35504 |
120 | + Closes: #984455, CVE-2020-35505 |
121 | + Closes: #984454, CVE-2020-35506 |
122 | * remove obsolete patches, refresh use-fixed-data-path.patch |
123 | * use libncurses-dev, not old libncursesw5-dev |
124 | * enable fuse export (and build-depend on libfuse3-dev) |
125 | diff --git a/debian/control b/debian/control |
126 | index 28a2e35..638cfe8 100644 |
127 | --- a/debian/control |
128 | +++ b/debian/control |
129 | @@ -18,6 +18,10 @@ Build-Depends: debhelper-compat (= 12), |
130 | texinfo, python3-sphinx, |
131 | # iasl (from acpica-tools) is used only in a single test these days, not for building |
132 | # acpica-tools, |
133 | +<<<<<<< debian/control |
134 | +======= |
135 | +# libcapstone is in universe in ubuntu |
136 | +>>>>>>> debian/control |
137 | # --enable-linux-aio linux-* |
138 | libaio-dev [linux-any], |
139 | # --audio-drv-list=pa,alsa,oss,sdl linux-* |
140 | @@ -37,6 +41,10 @@ Build-Depends: debhelper-compat (= 12), |
141 | # --enable-fdt |
142 | # libfdt #931046 |
143 | libfdt-dev (>> 1.5.0-2~), |
144 | +<<<<<<< debian/control |
145 | +======= |
146 | +# in ubuntu libfuse3 is in universe |
147 | +>>>>>>> debian/control |
148 | # --enable-gnutls |
149 | gnutls-dev, |
150 | # --enable-gtk --enable-vte |
151 | @@ -460,7 +468,10 @@ Multi-Arch: foreign |
152 | Breaks: qemu-system-common (<< 1:3.1+dfsg-3~) |
153 | Depends: ${shlibs:Depends}, ${misc:Depends}, |
154 | qemu-block-extra (= ${binary:Version}) |
155 | +<<<<<<< debian/control |
156 | Recommends: sharutils |
157 | +======= |
158 | +>>>>>>> debian/control |
159 | Suggests: debootstrap, |
160 | Description: QEMU utilities |
161 | QEMU is a fast processor emulator: currently the package supports |
162 | diff --git a/debian/control-in b/debian/control-in |
163 | index 9dcf5bb..ceb03ab 100644 |
164 | --- a/debian/control-in |
165 | +++ b/debian/control-in |
166 | @@ -18,6 +18,10 @@ Build-Depends: debhelper-compat (= 12), |
167 | texinfo, python3-sphinx, |
168 | # iasl (from acpica-tools) is used only in a single test these days, not for building |
169 | # acpica-tools, |
170 | +<<<<<<< debian/control-in |
171 | +======= |
172 | +# libcapstone is in universe in ubuntu |
173 | +>>>>>>> debian/control-in |
174 | :debian:# --enable-capstone=system |
175 | :debian: libcapstone-dev (>> 4.0.2~), |
176 | # --enable-linux-aio linux-* |
177 | @@ -39,6 +43,12 @@ Build-Depends: debhelper-compat (= 12), |
178 | # --enable-fdt |
179 | # libfdt #931046 |
180 | libfdt-dev (>> 1.5.0-2~), |
181 | +<<<<<<< debian/control-in |
182 | +======= |
183 | +# in ubuntu libfuse3 is in universe |
184 | +:debian:# --enable-fuse |
185 | +:debian: libfuse3-dev, |
186 | +>>>>>>> debian/control-in |
187 | # --enable-gnutls |
188 | gnutls-dev, |
189 | # --enable-gtk --enable-vte |
190 | @@ -471,7 +481,10 @@ Multi-Arch: foreign |
191 | Breaks: qemu-system-common (<< 1:3.1+dfsg-3~) |
192 | Depends: ${shlibs:Depends}, ${misc:Depends}, |
193 | :ubuntu: qemu-block-extra (= ${binary:Version}) |
194 | +<<<<<<< debian/control-in |
195 | :ubuntu:Recommends: sharutils |
196 | +======= |
197 | +>>>>>>> debian/control-in |
198 | Suggests: debootstrap, |
199 | :debian: qemu-block-extra (= ${binary:Version}), |
200 | Description: QEMU utilities |
201 | diff --git a/debian/optionrom.mak b/debian/optionrom.mak |
202 | index 4d45238..204caa0 100644 |
203 | --- a/debian/optionrom.mak |
204 | +++ b/debian/optionrom.mak |
205 | @@ -1,7 +1,7 @@ |
206 | LD = ld |
207 | OBJCOPY = objcopy |
208 | CC = cc |
209 | -CFLAGS = -O2 -m16 -Wa,-32 -march=i486 \ |
210 | +CFLAGS = -O2 -m16 -Wa,-32 -march=i486 -fcf-protection=none \ |
211 | -ffreestanding -fno-stack-protector -fno-pie \ |
212 | -I${SRC_PATH}/include |
213 | VPATH = ${SRC_PATH}/pc-bios/optionrom |
214 | diff --git a/debian/patches/pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch b/debian/patches/pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch |
215 | new file mode 100644 |
216 | index 0000000..888301a |
217 | --- /dev/null |
218 | +++ b/debian/patches/pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch |
219 | @@ -0,0 +1,40 @@ |
220 | +Commit-ID: 32e5703cfea07c91e6e84bcb0313f633bb146534 |
221 | +From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> |
222 | +Date: Wed, 30 Jun 2021 14:46:34 +0300 |
223 | +Subject: pvrdma: Ensure correct input on ring init (CVE-2021-3607) |
224 | +Bug-Debian: https://bugs.debian.org/990564 |
225 | + |
226 | +Check the guest passed a non zero page count |
227 | +for pvrdma device ring buffers. |
228 | + |
229 | +Fixes: CVE-2021-3607 |
230 | +Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> |
231 | +Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> |
232 | +Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> |
233 | +Message-Id: <20210630114634.2168872-1-marcel@redhat.com> |
234 | +Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> |
235 | +Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> |
236 | +Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> |
237 | +--- |
238 | + hw/rdma/vmw/pvrdma_main.c | 5 +++++ |
239 | + 1 file changed, 5 insertions(+) |
240 | + |
241 | +diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c |
242 | +index 84ae8024fc..7c0c3551a8 100644 |
243 | +--- a/hw/rdma/vmw/pvrdma_main.c |
244 | ++++ b/hw/rdma/vmw/pvrdma_main.c |
245 | +@@ -92,6 +92,11 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state, |
246 | + uint64_t *dir, *tbl; |
247 | + int rc = 0; |
248 | + |
249 | ++ if (!num_pages) { |
250 | ++ rdma_error_report("Ring pages count must be strictly positive"); |
251 | ++ return -EINVAL; |
252 | ++ } |
253 | ++ |
254 | + dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE); |
255 | + if (!dir) { |
256 | + rdma_error_report("Failed to map to page directory (ring %s)", name); |
257 | +-- |
258 | +2.30.2 |
259 | + |
260 | diff --git a/debian/patches/pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch b/debian/patches/pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch |
261 | new file mode 100644 |
262 | index 0000000..bd450ff |
263 | --- /dev/null |
264 | +++ b/debian/patches/pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch |
265 | @@ -0,0 +1,43 @@ |
266 | +Commit-Id: 284f191b4abad213aed04cb0458e1600fd18d7c4 |
267 | +From: Marcel Apfelbaum <marcel@redhat.com> |
268 | +Date: Wed, 16 Jun 2021 14:06:00 +0300 |
269 | +Subject: hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582) |
270 | +Bug-Debian: https://bugs.debian.org/990565 |
271 | + |
272 | +Ensure mremap boundaries not trusting the guest kernel to |
273 | +pass the correct buffer length. |
274 | + |
275 | +Fixes: CVE-2021-3582 |
276 | +Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> |
277 | +Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> |
278 | +Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> |
279 | +Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com> |
280 | +Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> |
281 | +Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> |
282 | +Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> |
283 | +Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> |
284 | +--- |
285 | + hw/rdma/vmw/pvrdma_cmd.c | 7 +++++++ |
286 | + 1 file changed, 7 insertions(+) |
287 | + |
288 | +diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c |
289 | +index f59879e257..da7ddfa548 100644 |
290 | +--- a/hw/rdma/vmw/pvrdma_cmd.c |
291 | ++++ b/hw/rdma/vmw/pvrdma_cmd.c |
292 | +@@ -38,6 +38,13 @@ static void *pvrdma_map_to_pdir(PCIDevice *pdev, uint64_t pdir_dma, |
293 | + return NULL; |
294 | + } |
295 | + |
296 | ++ length = ROUND_UP(length, TARGET_PAGE_SIZE); |
297 | ++ if (nchunks * TARGET_PAGE_SIZE != length) { |
298 | ++ rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks, |
299 | ++ (unsigned long)length); |
300 | ++ return NULL; |
301 | ++ } |
302 | ++ |
303 | + dir = rdma_pci_dma_map(pdev, pdir_dma, TARGET_PAGE_SIZE); |
304 | + if (!dir) { |
305 | + rdma_error_report("Failed to map to page directory"); |
306 | +-- |
307 | +2.30.2 |
308 | + |
309 | diff --git a/debian/patches/pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch b/debian/patches/pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch |
310 | new file mode 100644 |
311 | index 0000000..abaab08 |
312 | --- /dev/null |
313 | +++ b/debian/patches/pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch |
314 | @@ -0,0 +1,40 @@ |
315 | +Commit-Id: 66ae37d8cc313f89272e711174a846a229bcdbd3 |
316 | +From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> |
317 | +Date: Wed, 30 Jun 2021 14:52:46 +0300 |
318 | +Subject: pvrdma: Fix the ring init error flow (CVE-2021-3608) |
319 | +MIME-Version: 1.0 |
320 | +Content-Type: text/plain; charset=UTF-8 |
321 | +Content-Transfer-Encoding: 8bit |
322 | +Bug-Debian: https://bugs.debian.org/990563 |
323 | + |
324 | +Do not unmap uninitialized dma addresses. |
325 | + |
326 | +Fixes: CVE-2021-3608 |
327 | +Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> |
328 | +Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> |
329 | +Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> |
330 | +Message-Id: <20210630115246.2178219-1-marcel@redhat.com> |
331 | +Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> |
332 | +Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> |
333 | +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> |
334 | +Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> |
335 | +--- |
336 | + hw/rdma/vmw/pvrdma_dev_ring.c | 2 +- |
337 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
338 | + |
339 | +diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c |
340 | +index 074ac59b84..42130667a7 100644 |
341 | +--- a/hw/rdma/vmw/pvrdma_dev_ring.c |
342 | ++++ b/hw/rdma/vmw/pvrdma_dev_ring.c |
343 | +@@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, const char *name, PCIDevice *dev, |
344 | + qatomic_set(&ring->ring_state->cons_head, 0); |
345 | + */ |
346 | + ring->npages = npages; |
347 | +- ring->pages = g_malloc(npages * sizeof(void *)); |
348 | ++ ring->pages = g_malloc0(npages * sizeof(void *)); |
349 | + |
350 | + for (i = 0; i < npages; i++) { |
351 | + if (!tbl[i]) { |
352 | +-- |
353 | +2.30.2 |
354 | + |
355 | diff --git a/debian/patches/series b/debian/patches/series |
356 | index 32d6bad..e2e69fd 100644 |
357 | --- a/debian/patches/series |
358 | +++ b/debian/patches/series |
359 | @@ -11,10 +11,24 @@ slof-remove-user-and-host-from-release-version.patch |
360 | slof-ensure-ld-is-called-with-C-locale.patch |
361 | vnc-spelling.patch |
362 | spelling-addtional.patch |
363 | +<<<<<<< debian/patches/series |
364 | +======= |
365 | +target-ppc-fix-load-endianness-for-lxvwsx-lxvdsx.patch |
366 | +pvrdma-fix-possible-mremap-overflow-in-pvrdma-device-CVE-2021-3582.patch |
367 | +pvrdma-ensure-correct-input-on-ring-init-CVE-2021-3607.patch |
368 | +pvrdma-fix-the-ring-init-error-flow-CVE-2021-3608.patch |
369 | +usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch |
370 | +usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch |
371 | +>>>>>>> debian/patches/series |
372 | |
373 | # ubuntu patches |
374 | ubuntu/enable-svm-by-default.patch |
375 | ubuntu/define-ubuntu-machine-types.patch |
376 | ubuntu/pre-bionic-256k-ipxe-efi-roms.patch |
377 | ubuntu/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch |
378 | +<<<<<<< debian/patches/series |
379 | ubuntu/lp-1935617-target-ppc-Fix-load-endianness-for-lxvwsx-lxvdsx.patch |
380 | +======= |
381 | +ubuntu/avoid-fcf-clashing-with-i486.patch |
382 | +ubuntu/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch |
383 | +>>>>>>> debian/patches/series |
384 | diff --git a/debian/patches/target-ppc-fix-load-endianness-for-lxvwsx-lxvdsx.patch b/debian/patches/target-ppc-fix-load-endianness-for-lxvwsx-lxvdsx.patch |
385 | new file mode 100644 |
386 | index 0000000..2adc1a2 |
387 | --- /dev/null |
388 | +++ b/debian/patches/target-ppc-fix-load-endianness-for-lxvwsx-lxvdsx.patch |
389 | @@ -0,0 +1,45 @@ |
390 | +Commit-Id: 861f10fd528263a507476b8c4dda93a9588dfa5c |
391 | +From: Giuseppe Musacchio <thatlemon@gmail.com> |
392 | +Date: Tue, 18 May 2021 15:30:20 +0200 |
393 | +Subject: target/ppc: Fix load endianness for lxvwsx/lxvdsx |
394 | + |
395 | +TARGET_WORDS_BIGENDIAN may not match the machine endianness if that's a |
396 | +runtime-configurable parameter. |
397 | + |
398 | +Fixes: bcb0b7b1a1c05707304f80ca6f523d557816f85c |
399 | +Fixes: afae37d98ae991c0792c867dbd9f32f988044318 |
400 | +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/212 |
401 | + |
402 | +Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com> |
403 | +Message-Id: <20210518133020.58927-1-thatlemon@gmail.com> |
404 | +Tested-by: Paul A. Clarke <pc@us.ibm.com> |
405 | +Signed-off-by: David Gibson <david@gibson.dropbear.id.au> |
406 | +--- |
407 | + target/ppc/translate/vsx-impl.c.inc | 4 ++-- |
408 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
409 | + |
410 | +diff --git a/target/ppc/translate/vsx-impl.c.inc b/target/ppc/translate/vsx-impl.c.inc |
411 | +index b817d31260..57a7f73bba 100644 |
412 | +--- a/target/ppc/translate/vsx-impl.c.inc |
413 | ++++ b/target/ppc/translate/vsx-impl.c.inc |
414 | +@@ -139,7 +139,7 @@ static void gen_lxvwsx(DisasContext *ctx) |
415 | + gen_addr_reg_index(ctx, EA); |
416 | + |
417 | + data = tcg_temp_new_i32(); |
418 | +- tcg_gen_qemu_ld_i32(data, EA, ctx->mem_idx, MO_TEUL); |
419 | ++ tcg_gen_qemu_ld_i32(data, EA, ctx->mem_idx, DEF_MEMOP(MO_UL)); |
420 | + tcg_gen_gvec_dup_i32(MO_UL, vsr_full_offset(xT(ctx->opcode)), 16, 16, data); |
421 | + |
422 | + tcg_temp_free(EA); |
423 | +@@ -162,7 +162,7 @@ static void gen_lxvdsx(DisasContext *ctx) |
424 | + gen_addr_reg_index(ctx, EA); |
425 | + |
426 | + data = tcg_temp_new_i64(); |
427 | +- tcg_gen_qemu_ld_i64(data, EA, ctx->mem_idx, MO_TEQ); |
428 | ++ tcg_gen_qemu_ld_i64(data, EA, ctx->mem_idx, DEF_MEMOP(MO_Q)); |
429 | + tcg_gen_gvec_dup_i64(MO_Q, vsr_full_offset(xT(ctx->opcode)), 16, 16, data); |
430 | + |
431 | + tcg_temp_free(EA); |
432 | +-- |
433 | +2.30.2 |
434 | + |
435 | diff --git a/debian/patches/ubuntu/avoid-fcf-clashing-with-i486.patch b/debian/patches/ubuntu/avoid-fcf-clashing-with-i486.patch |
436 | new file mode 100644 |
437 | index 0000000..8af232f |
438 | --- /dev/null |
439 | +++ b/debian/patches/ubuntu/avoid-fcf-clashing-with-i486.patch |
440 | @@ -0,0 +1,23 @@ |
441 | +Description: Disable fcf protection in i486 rom builds |
442 | + Some of the qemu roms build really old coe with -march=i486 -m16, but |
443 | + in this more -fcf-protection isn't available, but recently enabled. |
444 | + That causes: |
445 | + cc1: error: ‘-fcf-protection’ is not compatible with this target |
446 | + Avoid that by disabling the feature in these compile calls until the |
447 | + problem is resolved on the toolchain level. |
448 | +Forwarded: no |
449 | +X-Not-Forwarded-Reason: Only a problem of the Ubuntu compiler defaults |
450 | +Author: Christian Ehrhardt <christian.ehrhardt@canonical.com> |
451 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1940029 |
452 | +Last-Update: 2021-08-16 |
453 | +--- a/pc-bios/optionrom/Makefile |
454 | ++++ b/pc-bios/optionrom/Makefile |
455 | +@@ -13,7 +13,7 @@ CFLAGS = -O2 -g |
456 | + quiet-command = $(if $(V),$1,$(if $(2),@printf " %-7s %s\n" $2 $3 && $1, @$1)) |
457 | + cc-option = $(if $(shell $(CC) $1 -c -o /dev/null -xc /dev/null >/dev/null 2>&1 && echo OK), $1, $2) |
458 | + |
459 | +-override CFLAGS += -march=i486 -Wall |
460 | ++override CFLAGS += -march=i486 -Wall -fcf-protection=none |
461 | + |
462 | + # Flags for dependency generation |
463 | + override CPPFLAGS += -MMD -MP -MT $@ -MF $(@D)/$(*F).d |
464 | diff --git a/debian/patches/ubuntu/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch b/debian/patches/ubuntu/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch |
465 | new file mode 100644 |
466 | index 0000000..6c82066 |
467 | --- /dev/null |
468 | +++ b/debian/patches/ubuntu/lp-1932175-s390x-cpumodel-add-3931-and-3932.patch |
469 | @@ -0,0 +1,119 @@ |
470 | +From fb4a08121695a88acefcbcd86f1376df079eefee Mon Sep 17 00:00:00 2001 |
471 | +From: Christian Borntraeger <borntraeger@de.ibm.com> |
472 | +Date: Tue, 22 Jun 2021 22:19:23 +0200 |
473 | +Subject: [PATCH] s390x/cpumodel: add 3931 and 3932 |
474 | + |
475 | +This defines 5 new facilities and the new 3931 and 3932 machines. |
476 | +As before the name is not yet known and we do use gen16a and gen16b. |
477 | +The new features are part of the full model. |
478 | + |
479 | +The default model is still empty (same as z15) and will be added |
480 | +in a separate patch at a later point in time. |
481 | + |
482 | +Also add the dependencies of new facilities and as a fix for z15 add |
483 | +a dependency from S390_FEAT_VECTOR_PACKED_DECIMAL_ENH to |
484 | +S390_VECTOR_PACKED_DECIMAL. |
485 | + |
486 | +[merged <20210701084348.26556-1-borntraeger@de.ibm.com>] |
487 | +Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> |
488 | +Message-Id: <20210622201923.150205-2-borntraeger@de.ibm.com> |
489 | +Reviewed-by: David Hildenbrand <david@redhat.com> |
490 | +Signed-off-by: Cornelia Huck <cohuck@redhat.com> |
491 | + |
492 | +Origin: backport, https://git.qemu.org/?p=qemu.git;a=commit;h=fb4a081216 |
493 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1932175 |
494 | +Last-Update: 2021-08-16 |
495 | + |
496 | +--- |
497 | + target/s390x/cpu_features_def.h.inc | 5 +++++ |
498 | + target/s390x/cpu_models.c | 6 ++++++ |
499 | + target/s390x/gen-features.c | 14 ++++++++++++++ |
500 | + 3 files changed, 25 insertions(+) |
501 | + |
502 | +--- a/target/s390x/cpu_features_def.h.inc |
503 | ++++ b/target/s390x/cpu_features_def.h.inc |
504 | +@@ -109,6 +109,11 @@ DEF_FEAT(VECTOR_PACKED_DECIMAL_ENH, "vxp |
505 | + DEF_FEAT(MSA_EXT_9, "msa9-base", STFL, 155, "Message-security-assist-extension-9 facility (excluding subfunctions)") |
506 | + DEF_FEAT(ETOKEN, "etoken", STFL, 156, "Etoken facility") |
507 | + DEF_FEAT(UNPACK, "unpack", STFL, 161, "Unpack facility") |
508 | ++DEF_FEAT(NNPA, "nnpa", STFL, 165, "NNPA facility") |
509 | ++DEF_FEAT(VECTOR_PACKED_DECIMAL_ENH2, "vxpdeh2", STFL, 192, "Vector-Packed-Decimal-Enhancement facility 2") |
510 | ++DEF_FEAT(BEAR_ENH, "beareh", STFL, 193, "BEAR-enhancement facility") |
511 | ++DEF_FEAT(RDP, "rdp", STFL, 194, "Reset-DAT-protection facility") |
512 | ++DEF_FEAT(PAI, "pai", STFL, 196, "Processor-Activity-Instrumentation facility") |
513 | + |
514 | + /* Features exposed via SCLP SCCB Byte 80 - 98 (bit numbers relative to byte-80) */ |
515 | + DEF_FEAT(SIE_GSLS, "gsls", SCLP_CONF_CHAR, 40, "SIE: Guest-storage-limit-suppression facility") |
516 | +--- a/target/s390x/cpu_models.c |
517 | ++++ b/target/s390x/cpu_models.c |
518 | +@@ -88,6 +88,8 @@ static S390CPUDef s390_cpu_defs[] = { |
519 | + CPUDEF_INIT(0x3907, 14, 1, 47, 0x08000000U, "z14ZR1", "IBM z14 Model ZR1 GA1"), |
520 | + CPUDEF_INIT(0x8561, 15, 1, 47, 0x08000000U, "gen15a", "IBM z15 T01 GA1"), |
521 | + CPUDEF_INIT(0x8562, 15, 1, 47, 0x08000000U, "gen15b", "IBM z15 T02 GA1"), |
522 | ++ CPUDEF_INIT(0x3931, 16, 1, 47, 0x08000000U, "gen16a", "IBM 3931 GA1"), |
523 | ++ CPUDEF_INIT(0x3932, 16, 1, 47, 0x08000000U, "gen16b", "IBM 3932 GA1"), |
524 | + }; |
525 | + |
526 | + #define QEMU_MAX_CPU_TYPE 0x2964 |
527 | +@@ -812,6 +814,8 @@ static void check_consistency(const S390 |
528 | + { S390_FEAT_MSA_EXT_9, S390_FEAT_MSA_EXT_4 }, |
529 | + { S390_FEAT_MULTIPLE_EPOCH, S390_FEAT_TOD_CLOCK_STEERING }, |
530 | + { S390_FEAT_VECTOR_PACKED_DECIMAL, S390_FEAT_VECTOR }, |
531 | ++ { S390_FEAT_VECTOR_PACKED_DECIMAL_ENH, S390_FEAT_VECTOR_PACKED_DECIMAL }, |
532 | ++ { S390_FEAT_VECTOR_PACKED_DECIMAL_ENH2, S390_FEAT_VECTOR_PACKED_DECIMAL_ENH }, |
533 | + { S390_FEAT_VECTOR_ENH, S390_FEAT_VECTOR }, |
534 | + { S390_FEAT_INSTRUCTION_EXEC_PROT, S390_FEAT_SIDE_EFFECT_ACCESS_ESOP2 }, |
535 | + { S390_FEAT_SIDE_EFFECT_ACCESS_ESOP2, S390_FEAT_ESOP }, |
536 | +@@ -843,6 +847,8 @@ static void check_consistency(const S390 |
537 | + { S390_FEAT_PTFF_STOUE, S390_FEAT_MULTIPLE_EPOCH }, |
538 | + { S390_FEAT_AP_QUEUE_INTERRUPT_CONTROL, S390_FEAT_AP }, |
539 | + { S390_FEAT_DIAG_318, S390_FEAT_EXTENDED_LENGTH_SCCB }, |
540 | ++ { S390_FEAT_NNPA, S390_FEAT_VECTOR }, |
541 | ++ { S390_FEAT_RDP, S390_FEAT_LOCAL_TLB_CLEARING }, |
542 | + }; |
543 | + int i; |
544 | + |
545 | +--- a/target/s390x/gen-features.c |
546 | ++++ b/target/s390x/gen-features.c |
547 | +@@ -424,6 +424,8 @@ static uint16_t base_GEN15_GA1[] = { |
548 | + S390_FEAT_MISC_INSTRUCTION_EXT3, |
549 | + }; |
550 | + |
551 | ++#define base_GEN16_GA1 EmptyFeat |
552 | ++ |
553 | + /* Full features (in order of release) |
554 | + * Automatically includes corresponding base features. |
555 | + * Full features are all features this hardware supports even if kvm/QEMU do not |
556 | +@@ -567,6 +569,15 @@ static uint16_t full_GEN15_GA1[] = { |
557 | + S390_FEAT_UNPACK, |
558 | + }; |
559 | + |
560 | ++static uint16_t full_GEN16_GA1[] = { |
561 | ++ S390_FEAT_NNPA, |
562 | ++ S390_FEAT_VECTOR_PACKED_DECIMAL_ENH2, |
563 | ++ S390_FEAT_BEAR_ENH, |
564 | ++ S390_FEAT_RDP, |
565 | ++ S390_FEAT_PAI, |
566 | ++}; |
567 | ++ |
568 | ++ |
569 | + /* Default features (in order of release) |
570 | + * Automatically includes corresponding base features. |
571 | + * Default features are all features this version of QEMU supports for this |
572 | +@@ -652,6 +663,8 @@ static uint16_t default_GEN15_GA1[] = { |
573 | + S390_FEAT_ETOKEN, |
574 | + }; |
575 | + |
576 | ++#define default_GEN16_GA1 EmptyFeat |
577 | ++ |
578 | + /* QEMU (CPU model) features */ |
579 | + |
580 | + static uint16_t qemu_V2_11[] = { |
581 | +@@ -782,6 +795,7 @@ static CpuFeatDefSpec CpuFeatDef[] = { |
582 | + CPU_FEAT_INITIALIZER(GEN14_GA1), |
583 | + CPU_FEAT_INITIALIZER(GEN14_GA2), |
584 | + CPU_FEAT_INITIALIZER(GEN15_GA1), |
585 | ++ CPU_FEAT_INITIALIZER(GEN16_GA1), |
586 | + }; |
587 | + |
588 | + #define FEAT_GROUP_INITIALIZER(_name) \ |
589 | diff --git a/debian/patches/usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch b/debian/patches/usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch |
590 | new file mode 100644 |
591 | index 0000000..9212ada |
592 | --- /dev/null |
593 | +++ b/debian/patches/usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch |
594 | @@ -0,0 +1,37 @@ |
595 | +Commit-Id: 05a40b172e4d691371534828078be47e7fff524c |
596 | +From: Gerd Hoffmann <kraxel@redhat.com> |
597 | +Date: Mon, 3 May 2021 15:29:15 +0200 |
598 | +Subject: usb: limit combined packets to 1 MiB (CVE-2021-3527) |
599 | +Bug-Debian: https://bugs.debian.org/988157 |
600 | + |
601 | +usb-host and usb-redirect try to batch bulk transfers by combining many |
602 | +small usb packets into a single, large transfer request, to reduce the |
603 | +overhead and improve performance. |
604 | + |
605 | +This patch adds a size limit of 1 MiB for those combined packets to |
606 | +restrict the host resources the guest can bind that way. |
607 | + |
608 | +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |
609 | +Message-Id: <20210503132915.2335822-6-kraxel@redhat.com> |
610 | +--- |
611 | + hw/usb/combined-packet.c | 4 +++- |
612 | + 1 file changed, 3 insertions(+), 1 deletion(-) |
613 | + |
614 | +diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c |
615 | +index 5d57e883dc..e56802f89a 100644 |
616 | +--- a/hw/usb/combined-packet.c |
617 | ++++ b/hw/usb/combined-packet.c |
618 | +@@ -171,7 +171,9 @@ void usb_ep_combine_input_packets(USBEndpoint *ep) |
619 | + if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok || |
620 | + next == NULL || |
621 | + /* Work around for Linux usbfs bulk splitting + migration */ |
622 | +- (totalsize == (16 * KiB - 36) && p->int_req)) { |
623 | ++ (totalsize == (16 * KiB - 36) && p->int_req) || |
624 | ++ /* Next package may grow combined package over 1MiB */ |
625 | ++ totalsize > 1 * MiB - ep->max_packet_size) { |
626 | + usb_device_handle_data(ep->dev, first); |
627 | + assert(first->status == USB_RET_ASYNC); |
628 | + if (first->combined) { |
629 | +-- |
630 | +2.30.2 |
631 | + |
632 | diff --git a/debian/patches/usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch b/debian/patches/usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch |
633 | new file mode 100644 |
634 | index 0000000..4725d63 |
635 | --- /dev/null |
636 | +++ b/debian/patches/usb-redir-avoid-dynamic-stack-allocation-CVE-2021-3527.patch |
637 | @@ -0,0 +1,54 @@ |
638 | +Commit-Id: 7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 |
639 | +From: Gerd Hoffmann <kraxel@redhat.com> |
640 | +Date: Mon, 3 May 2021 15:29:12 +0200 |
641 | +Subject: usb/redir: avoid dynamic stack allocation (CVE-2021-3527) |
642 | +MIME-Version: 1.0 |
643 | +Content-Type: text/plain; charset=UTF-8 |
644 | +Content-Transfer-Encoding: 8bit |
645 | +Bug-Debian: https://bugs.debian.org/988157 |
646 | + |
647 | +Use autofree heap allocation instead. |
648 | + |
649 | +Fixes: 4f4321c11ff ("usb: use iovecs in USBPacket") |
650 | +Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> |
651 | +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> |
652 | +Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> |
653 | +Message-Id: <20210503132915.2335822-3-kraxel@redhat.com> |
654 | +--- |
655 | + hw/usb/redirect.c | 6 +++--- |
656 | + 1 file changed, 3 insertions(+), 3 deletions(-) |
657 | + |
658 | +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c |
659 | +index 17f06f3417..6a75b0dc4a 100644 |
660 | +--- a/hw/usb/redirect.c |
661 | ++++ b/hw/usb/redirect.c |
662 | +@@ -620,7 +620,7 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, |
663 | + .endpoint = ep, |
664 | + .length = p->iov.size |
665 | + }; |
666 | +- uint8_t buf[p->iov.size]; |
667 | ++ g_autofree uint8_t *buf = g_malloc(p->iov.size); |
668 | + /* No id, we look at the ep when receiving a status back */ |
669 | + usb_packet_copy(p, buf, p->iov.size); |
670 | + usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet, |
671 | +@@ -818,7 +818,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p, |
672 | + usbredirparser_send_bulk_packet(dev->parser, p->id, |
673 | + &bulk_packet, NULL, 0); |
674 | + } else { |
675 | +- uint8_t buf[size]; |
676 | ++ g_autofree uint8_t *buf = g_malloc(size); |
677 | + usb_packet_copy(p, buf, size); |
678 | + usbredir_log_data(dev, "bulk data out:", buf, size); |
679 | + usbredirparser_send_bulk_packet(dev->parser, p->id, |
680 | +@@ -923,7 +923,7 @@ static void usbredir_handle_interrupt_out_data(USBRedirDevice *dev, |
681 | + USBPacket *p, uint8_t ep) |
682 | + { |
683 | + struct usb_redir_interrupt_packet_header interrupt_packet; |
684 | +- uint8_t buf[p->iov.size]; |
685 | ++ g_autofree uint8_t *buf = g_malloc(p->iov.size); |
686 | + |
687 | + DPRINTF("interrupt-out ep %02X len %zd id %"PRIu64"\n", ep, |
688 | + p->iov.size, p->id); |
689 | +-- |
690 | +2.30.2 |
691 | + |
692 | diff --git a/debian/rules b/debian/rules |
693 | index ab302ed..7b8f6cb 100755 |
694 | --- a/debian/rules |
695 | +++ b/debian/rules |
696 | @@ -128,8 +128,9 @@ ifneq ($(filter $(DEB_HOST_ARCH),amd64),) |
697 | # microvm system |
698 | rm -rf b/qemu-microvm; mkdir -p b/qemu-microvm |
699 | cd b/qemu-microvm && \ |
700 | - ../../configure ${common_configure_opts} --disable-user \ |
701 | - --enable-system --enable-kvm \ |
702 | + ../../configure ${common_configure_opts} \ |
703 | + --extra-cflags="$(CFLAGS) $(CPPFLAGS) -DCONFIG_MICROVM_DEFAULT=1" \ |
704 | + --disable-user --enable-system --enable-kvm \ |
705 | --disable-linux-user --disable-modules --disable-docs \ |
706 | --disable-libssh --disable-tcmalloc --disable-glusterfs \ |
707 | --disable-seccomp --disable-bzip2 --disable-slirp --disable-vde \ |
708 | @@ -155,7 +156,30 @@ ifneq ($(filter $(DEB_HOST_ARCH),amd64),) |
709 | --without-default-devices \ |
710 | $(QEMU_CONFIGURE_OPTIONS) || \ |
711 | { echo ===== CONFIGURE FAILED ===; tail -n 50 config.log; exit 1; } |
712 | - echo "#define CONFIG_MICROVM_DEFAULT 1" >> b/qemu-microvm/x86_64-softmmu/config-target.h |
713 | +endif |
714 | + |
715 | +ifeq ($(VENDOR),UBUNTU) |
716 | +ifneq ($(filter $(DEB_HOST_ARCH),amd64 i386),) |
717 | +# like above but with: |
718 | +# --enable-xen |
719 | +# --disable-linux-user (not needed for this binary) |
720 | +# reduced --target-list as needed for xen |
721 | +# xen can only be configured on x86, so skip other build architectures |
722 | + # system build for qemu-system-x86-xen |
723 | + rm -rf b/qemu-xen; mkdir -p b/qemu-xen |
724 | + cd b/qemu-xen && \ |
725 | + ../../configure ${common_configure_opts} --disable-user \ |
726 | + --${enable_system}-system \ |
727 | + --disable-linux-user \ |
728 | + --enable-xen \ |
729 | + --target-list="aarch64-softmmu arm-softmmu i386-softmmu x86_64-softmmu" |
730 | + --enable-modules \ |
731 | + --enable-module-upgrades \ |
732 | + $(shell sh debian/extract-config-opts \ |
733 | + $(DEB_HOST_ARCH_OS)-$(DEB_HOST_ARCH) debian/control) \ |
734 | + $(QEMU_CONFIGURE_OPTIONS) || \ |
735 | + { echo ===== CONFIGURE FAILED ===; tail -n 50 config.log; exit 1; } |
736 | +endif |
737 | endif |
738 | |
739 | ifeq ($(VENDOR),UBUNTU) |
740 | @@ -402,7 +426,7 @@ endif # enable_linux_user |
741 | dh_install -a |
742 | dh_missing --list-missing |
743 | dh_installdocs -a -Nqemu-user-binfmt |
744 | - dh_installchangelogs -a -Nqemu-user-binfmt -XChangelog |
745 | + dh_installchangelogs -a -Nqemu-user-binfmt |
746 | dh_installdocs -a -pqemu-user-binfmt --link-doc=qemu-user |
747 | dh_installman -a |
748 | dh_installudev -a |
749 | @@ -417,7 +441,11 @@ endif |
750 | dh_installsystemd -a -pqemu-system-common --no-restart-on-upgrade --name=qemu-kvm |
751 | dh_installinit -a -pqemu-guest-agent |
752 | dh_installsystemd -a -pqemu-guest-agent --no-start --no-enable |
753 | +<<<<<<< debian/rules |
754 | dh_installsystemd -a -pqemu-block-extra --no-restart-on-upgrade --name=run-qemu.mount |
755 | +======= |
756 | + dh_installsystemd -a -pqemu-block-extra --no-start --no-enable --no-restart-on-upgrade --name=run-qemu.mount |
757 | +>>>>>>> debian/rules |
758 | dh_link -a |
759 | dh_lintian -a |
760 | dh_strip -a |