From 6c1454d3d0caea379f317683748ab1e00ca15a9a Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Fri, 15 Jan 2021 12:15:19 +0100 Subject: [PATCH] Update to enable edk2 as dependency and properly fix gcc 11 issues. --- 0012-Enable-make-check.patch | 24 +-- ...mber-of-devices-that-can-be-assigned.patch | 2 +- ...Add-support-statement-to-help-output.patch | 2 +- ...lly-limit-the-maximum-number-of-CPUs.patch | 2 +- ...documentation-instead-of-qemu-system.patch | 2 +- ...ct-scsi-cd-if-data-plane-enabled-RHE.patch | 2 +- ...e-at-least-64kiB-pages-for-downstrea.patch | 2 +- ...x-blockdev-reopen-API-with-feature-f.patch | 2 +- 0021-redhat-Define-hw_compat_8_3.patch | 2 +- ...r_machine_rhel_default_class_options.patch | 2 +- ...efine-pseries-rhel8.4.0-machine-type.patch | 2 +- ...-s390x-add-rhel-8.4.0-compat-machine.patch | 2 +- ...pc_open-read-the-full-dynamic-header.patch | 2 +- 0028-GCC-11-warnings-hacks.patch | 2 +- ...-problematic-tests-for-initial-build.patch | 18 +- 0030-Revert-GCC-11-warnings-hacks.patch | 166 +++++++++++++++ ...0x-Use-strpadcpy-for-copying-vm-name.patch | 84 ++++++++ ..._out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch | 138 ++++++++++++ ...th-Simplify-_eth_get_rss_ex_dst_addr.patch | 52 +++++ ...net-eth-Fix-stack-buffer-overflow-in.patch | 196 ++++++++++++++++++ qemu-kvm.spec | 24 +-- 21 files changed, 681 insertions(+), 47 deletions(-) create mode 100644 0030-Revert-GCC-11-warnings-hacks.patch create mode 100644 0031-s390x-Use-strpadcpy-for-copying-vm-name.patch create mode 100644 0032-tcg-Restrict-tcg_out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch create mode 100644 0033-net-eth-Simplify-_eth_get_rss_ex_dst_addr.patch create mode 100644 0034-net-eth-Fix-stack-buffer-overflow-in.patch diff --git a/0012-Enable-make-check.patch b/0012-Enable-make-check.patch index fa397df..906bb4e 100644 --- a/0012-Enable-make-check.patch +++ b/0012-Enable-make-check.patch @@ -1,4 +1,4 @@ -From 28d744b42d381b15254706f90fed3310ce4a5116 Mon Sep 17 00:00:00 2001 +From 7b8ca8c1cbd3763900e3e472556116c9832e06f8 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Wed, 2 Sep 2020 09:39:41 +0200 Subject: Enable make check @@ -31,19 +31,16 @@ Rebase changes (5.2.0 rc0): - Disable cdrom tests (unsupported devices) on x86_64 - disable fuzz test -Rebaes changes (RHEL 9): -- disable block-iothreads test - Merged patches (4.0.0): - f7ffd13 Remove 7 qcow2 and luks iotests that are taking > 25 sec to run during the fast train build proce Merged patches (4.1.0-rc0): - 41288ff redhat: Remove raw iotest 205 -Dissable problematic tests +Conflicts: + redhat/qemu-kvm.spec.template --- redhat/qemu-kvm.spec.template | 4 ++-- - tests/meson.build | 2 +- tests/qemu-iotests/051 | 12 ++++++------ tests/qtest/boot-serial-test.c | 6 +++++- tests/qtest/cdrom-test.c | 2 ++ @@ -54,21 +51,8 @@ Dissable problematic tests tests/qtest/prom-env-test.c | 4 ++++ tests/qtest/test-x86-cpuid-compat.c | 2 ++ tests/qtest/usb-hcd-xhci-test.c | 4 ++++ - 12 files changed, 36 insertions(+), 20 deletions(-) + 11 files changed, 35 insertions(+), 19 deletions(-) -diff --git a/tests/meson.build b/tests/meson.build -index afeb6be689..e562a0499e 100644 ---- a/tests/meson.build -+++ b/tests/meson.build -@@ -136,7 +136,7 @@ if have_block - 'test-blockjob': [testblock], - 'test-blockjob-txn': [testblock], - 'test-block-backend': [testblock], -- 'test-block-iothread': [testblock], -+# 'test-block-iothread': [testblock], - 'test-write-threshold': [testblock], - 'test-crypto-hash': [crypto], - 'test-crypto-hmac': [crypto], diff --git a/tests/qemu-iotests/051 b/tests/qemu-iotests/051 index bee26075b2..61d25c4ed7 100755 --- a/tests/qemu-iotests/051 diff --git a/0013-vfio-cap-number-of-devices-that-can-be-assigned.patch b/0013-vfio-cap-number-of-devices-that-can-be-assigned.patch index 90d78d2..9575257 100644 --- a/0013-vfio-cap-number-of-devices-that-can-be-assigned.patch +++ b/0013-vfio-cap-number-of-devices-that-can-be-assigned.patch @@ -1,4 +1,4 @@ -From 514eb840d98c8047e88fb503a4bba71455a2e8b0 Mon Sep 17 00:00:00 2001 +From da70823afbdbb904950068fe5f0323ff75b0d4fc Mon Sep 17 00:00:00 2001 From: Bandan Das Date: Tue, 3 Dec 2013 20:05:13 +0100 Subject: vfio: cap number of devices that can be assigned diff --git a/0014-Add-support-statement-to-help-output.patch b/0014-Add-support-statement-to-help-output.patch index 4ae3d79..04d89d8 100644 --- a/0014-Add-support-statement-to-help-output.patch +++ b/0014-Add-support-statement-to-help-output.patch @@ -1,4 +1,4 @@ -From f63ec823f8df7024f33c145b88a2b50c589cc633 Mon Sep 17 00:00:00 2001 +From f69c3b855ec419b4afe240bbd039141a59aad808 Mon Sep 17 00:00:00 2001 From: Eduardo Habkost Date: Wed, 4 Dec 2013 18:53:17 +0100 Subject: Add support statement to -help output diff --git a/0015-globally-limit-the-maximum-number-of-CPUs.patch b/0015-globally-limit-the-maximum-number-of-CPUs.patch index 5df16d4..4a65df5 100644 --- a/0015-globally-limit-the-maximum-number-of-CPUs.patch +++ b/0015-globally-limit-the-maximum-number-of-CPUs.patch @@ -1,4 +1,4 @@ -From 6eddce7d3e8cd95c4b848fe3f7c5ac27854dc0da Mon Sep 17 00:00:00 2001 +From 9585c8927744d8b07b317063ef788e1f01773f0e Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Tue, 21 Jan 2014 10:46:52 +0100 Subject: globally limit the maximum number of CPUs diff --git a/0016-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch b/0016-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch index 9c9d07d..67f920a 100644 --- a/0016-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch +++ b/0016-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch @@ -1,4 +1,4 @@ -From c615fb7d219b7b88f6517d6772d92e233007aff3 Mon Sep 17 00:00:00 2001 +From 091f9e47dc4609bfded5474cfe2797777cdd56f1 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Wed, 8 Jul 2020 08:35:50 +0200 Subject: Use qemu-kvm in documentation instead of qemu-system- diff --git a/0017-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch b/0017-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch index fc51351..7ab1831 100644 --- a/0017-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch +++ b/0017-virtio-scsi-Reject-scsi-cd-if-data-plane-enabled-RHE.patch @@ -1,4 +1,4 @@ -From 5095570936ccd71ac82bf441c36e85bd16b8e459 Mon Sep 17 00:00:00 2001 +From 4d69dc90e66deec6bc6b46074ee44ef8c902266b Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Wed, 14 Jun 2017 15:37:01 +0200 Subject: virtio-scsi: Reject scsi-cd if data plane enabled [RHEL only] diff --git a/0018-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch b/0018-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch index 44da707..6c16c93 100644 --- a/0018-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch +++ b/0018-BZ1653590-Require-at-least-64kiB-pages-for-downstrea.patch @@ -1,4 +1,4 @@ -From 0619f89b5e0eb713e4d426c869e7a6a826a13728 Mon Sep 17 00:00:00 2001 +From 18c5a8c24e22b7c2ba9f7e26cac190cefc7ecf26 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 6 Feb 2019 03:58:56 +0000 Subject: BZ1653590: Require at least 64kiB pages for downstream guests & hosts diff --git a/0019-block-Versioned-x-blockdev-reopen-API-with-feature-f.patch b/0019-block-Versioned-x-blockdev-reopen-API-with-feature-f.patch index 93eb976..c644891 100644 --- a/0019-block-Versioned-x-blockdev-reopen-API-with-feature-f.patch +++ b/0019-block-Versioned-x-blockdev-reopen-API-with-feature-f.patch @@ -1,4 +1,4 @@ -From e7321dc3f2159d2f4b7f93bd0f7ebb89752e8604 Mon Sep 17 00:00:00 2001 +From 989cfded8fdd5df3b6b1f1a304ca16c128d7561b Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Fri, 13 Mar 2020 12:34:32 +0000 Subject: block: Versioned x-blockdev-reopen API with feature flag diff --git a/0021-redhat-Define-hw_compat_8_3.patch b/0021-redhat-Define-hw_compat_8_3.patch index 742e81f..a5ca2c6 100644 --- a/0021-redhat-Define-hw_compat_8_3.patch +++ b/0021-redhat-Define-hw_compat_8_3.patch @@ -1,4 +1,4 @@ -From bd9e5c1703ef16727db863ba79f46ae9cb81cbfd Mon Sep 17 00:00:00 2001 +From fa0063ba67071384d8c749cee8f4f4e5bbc8ef91 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Fri, 20 Nov 2020 14:00:31 -0500 Subject: redhat: Define hw_compat_8_3 diff --git a/0022-redhat-Add-spapr_machine_rhel_default_class_options.patch b/0022-redhat-Add-spapr_machine_rhel_default_class_options.patch index e5fa8bc..f77916f 100644 --- a/0022-redhat-Add-spapr_machine_rhel_default_class_options.patch +++ b/0022-redhat-Add-spapr_machine_rhel_default_class_options.patch @@ -1,4 +1,4 @@ -From e5c00782e6f609b4f25dc214825c6491def46e15 Mon Sep 17 00:00:00 2001 +From 943c936df3b6b5c3197ad727f2105e61778e749a Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Fri, 20 Nov 2020 14:00:32 -0500 Subject: redhat: Add spapr_machine_rhel_default_class_options() diff --git a/0023-redhat-Define-pseries-rhel8.4.0-machine-type.patch b/0023-redhat-Define-pseries-rhel8.4.0-machine-type.patch index fa811f6..406c7e1 100644 --- a/0023-redhat-Define-pseries-rhel8.4.0-machine-type.patch +++ b/0023-redhat-Define-pseries-rhel8.4.0-machine-type.patch @@ -1,4 +1,4 @@ -From e5f8c128550c8e6020095152a9fa171cccc6aa18 Mon Sep 17 00:00:00 2001 +From 030b5e6fba510b8b9f8c8690ef6ea63f71628d25 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Fri, 20 Nov 2020 14:00:33 -0500 Subject: redhat: Define pseries-rhel8.4.0 machine type diff --git a/0024-redhat-s390x-add-rhel-8.4.0-compat-machine.patch b/0024-redhat-s390x-add-rhel-8.4.0-compat-machine.patch index 1db12e8..bedb835 100644 --- a/0024-redhat-s390x-add-rhel-8.4.0-compat-machine.patch +++ b/0024-redhat-s390x-add-rhel-8.4.0-compat-machine.patch @@ -1,4 +1,4 @@ -From a4ce96735ad8f1e07ded93e39e32e22bd9ac00ba Mon Sep 17 00:00:00 2001 +From a6ae745cceee1acc3667f5ba5e007ca6c083f8a8 Mon Sep 17 00:00:00 2001 From: Cornelia Huck Date: Tue, 1 Dec 2020 17:53:41 -0500 Subject: redhat: s390x: add rhel-8.4.0 compat machine diff --git a/0027-block-vpc-Make-vpc_open-read-the-full-dynamic-header.patch b/0027-block-vpc-Make-vpc_open-read-the-full-dynamic-header.patch index e33fe8f..7af0b8d 100644 --- a/0027-block-vpc-Make-vpc_open-read-the-full-dynamic-header.patch +++ b/0027-block-vpc-Make-vpc_open-read-the-full-dynamic-header.patch @@ -1,4 +1,4 @@ -From 8d3c826bca23d64cbb2f71bd3b506b43fc2b1c70 Mon Sep 17 00:00:00 2001 +From 974af930d4e5cae5611bb2e3a5ac18d3bda15a68 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Thu, 17 Dec 2020 17:58:43 +0100 Subject: block/vpc: Make vpc_open() read the full dynamic header diff --git a/0028-GCC-11-warnings-hacks.patch b/0028-GCC-11-warnings-hacks.patch index 9655f6b..86ae8c2 100644 --- a/0028-GCC-11-warnings-hacks.patch +++ b/0028-GCC-11-warnings-hacks.patch @@ -1,4 +1,4 @@ -From 0db17b3fa57012894e9e410f139703baf21f590a Mon Sep 17 00:00:00 2001 +From 6e9564986a00456c6748cf888d9ba9f7f0db01bf Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Mon, 4 Jan 2021 07:47:03 +0100 Subject: GCC 11 warnings hacks diff --git a/0029-Disable-problematic-tests-for-initial-build.patch b/0029-Disable-problematic-tests-for-initial-build.patch index c2eeb1a..84743b8 100644 --- a/0029-Disable-problematic-tests-for-initial-build.patch +++ b/0029-Disable-problematic-tests-for-initial-build.patch @@ -1,12 +1,26 @@ -From 6d129eac73fdc94b2712af5d402c0f2debd65600 Mon Sep 17 00:00:00 2001 +From bb42f8a495aa0da2410109de14aca901b8c4ac4f Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Tue, 5 Jan 2021 07:40:08 +0100 Subject: Disable problematic tests for initial build --- + tests/meson.build | 2 +- tests/qtest/meson.build | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) + 2 files changed, 3 insertions(+), 3 deletions(-) +diff --git a/tests/meson.build b/tests/meson.build +index afeb6be689..e562a0499e 100644 +--- a/tests/meson.build ++++ b/tests/meson.build +@@ -136,7 +136,7 @@ if have_block + 'test-blockjob': [testblock], + 'test-blockjob-txn': [testblock], + 'test-block-backend': [testblock], +- 'test-block-iothread': [testblock], ++# 'test-block-iothread': [testblock], + 'test-write-threshold': [testblock], + 'test-crypto-hash': [crypto], + 'test-crypto-hmac': [crypto], diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index 15ed460ff0..70ef8c236c 100644 --- a/tests/qtest/meson.build diff --git a/0030-Revert-GCC-11-warnings-hacks.patch b/0030-Revert-GCC-11-warnings-hacks.patch new file mode 100644 index 0000000..6f13efa --- /dev/null +++ b/0030-Revert-GCC-11-warnings-hacks.patch @@ -0,0 +1,166 @@ +From f488becdbb12c6001a2524d049371196a05f5256 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Fri, 15 Jan 2021 09:27:40 +0100 +Subject: Revert "GCC 11 warnings hacks" + +This reverts commit 6e9564986a00456c6748cf888d9ba9f7f0db01bf. + +Hacks solved upstream. Going to import upstream solutions. +--- + hw/scsi/scsi-disk.c | 13 ++++++------- + net/eth.c | 4 +--- + target/s390x/kvm.c | 2 +- + target/s390x/misc_helper.c | 2 +- + tcg/aarch64/tcg-target.c.inc | 3 ++- + tests/test-block-iothread.c | 12 ++++++------ + 6 files changed, 17 insertions(+), 19 deletions(-) + +diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c +index 8ce77777d3..90841ad791 100644 +--- a/hw/scsi/scsi-disk.c ++++ b/hw/scsi/scsi-disk.c +@@ -2578,15 +2578,14 @@ static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf) + int len = scsi_cdb_length(buf); + char *line_buffer, *p; + +- if (len > 0) { +- line_buffer = g_malloc(len * 5 + 1); +- for (i = 0, p = line_buffer; i < len; i++) { +- p += sprintf(p, " 0x%02x", buf[i]); +- } +- trace_scsi_disk_new_request(lun, tag, line_buffer); ++ line_buffer = g_malloc(len * 5 + 1); + +- g_free(line_buffer); ++ for (i = 0, p = line_buffer; i < len; i++) { ++ p += sprintf(p, " 0x%02x", buf[i]); + } ++ trace_scsi_disk_new_request(lun, tag, line_buffer); ++ ++ g_free(line_buffer); + } + + static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, +diff --git a/net/eth.c b/net/eth.c +index 041ac4865a..1e0821c5f8 100644 +--- a/net/eth.c ++++ b/net/eth.c +@@ -405,8 +405,6 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int pkt_frags, + struct ip6_ext_hdr *ext_hdr, + struct in6_address *dst_addr) + { +-#pragma GCC diagnostic push +-#pragma GCC diagnostic ignored "-Warray-bounds" + struct ip6_ext_hdr_routing *rthdr = (struct ip6_ext_hdr_routing *) ext_hdr; + + if ((rthdr->rtype == 2) && +@@ -426,7 +424,7 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int pkt_frags, + + return bytes_read == sizeof(*dst_addr); + } +-#pragma GCC diagnostic pop ++ + return false; + } + +diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c +index ab1ca6b1bf..1839cc6648 100644 +--- a/target/s390x/kvm.c ++++ b/target/s390x/kvm.c +@@ -1918,7 +1918,7 @@ static void insert_stsi_3_2_2(S390CPU *cpu, __u64 addr, uint8_t ar) + */ + if (qemu_name) { + strncpy((char *)sysib.ext_names[0], qemu_name, +- sizeof(sysib.ext_names[0])-1); ++ sizeof(sysib.ext_names[0])); + } else { + strcpy((char *)sysib.ext_names[0], "KVMguest"); + } +diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c +index adaf4145e6..58dbc023eb 100644 +--- a/target/s390x/misc_helper.c ++++ b/target/s390x/misc_helper.c +@@ -370,7 +370,7 @@ uint32_t HELPER(stsi)(CPUS390XState *env, uint64_t a0, uint64_t r0, uint64_t r1) + MIN(sizeof(sysib.sysib_322.vm[0].name), + strlen(qemu_name))); + strncpy((char *)sysib.sysib_322.ext_names[0], qemu_name, +- sizeof(sysib.sysib_322.ext_names[0])-1); ++ sizeof(sysib.sysib_322.ext_names[0])); + } else { + ebcdic_put(sysib.sysib_322.vm[0].name, "TCGguest", 8); + strcpy((char *)sysib.sysib_322.ext_names[0], "TCGguest"); +diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc +index fe6bdbf721..26f71cb599 100644 +--- a/tcg/aarch64/tcg-target.c.inc ++++ b/tcg/aarch64/tcg-target.c.inc +@@ -1852,7 +1852,8 @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data_reg, TCGReg addr_reg, + static tcg_insn_unit *tb_ret_addr; + + static void tcg_out_op(TCGContext *s, TCGOpcode opc, +- const TCGArg *args, const int *const_args) ++ const TCGArg args[TCG_MAX_OP_ARGS], ++ const int const_args[TCG_MAX_OP_ARGS]) + { + /* 99% of the time, we can signal the use of extension registers + by looking to see if the opcode handles 64-bit data. */ +diff --git a/tests/test-block-iothread.c b/tests/test-block-iothread.c +index bc64b50e66..3f866a35c6 100644 +--- a/tests/test-block-iothread.c ++++ b/tests/test-block-iothread.c +@@ -75,7 +75,7 @@ static BlockDriver bdrv_test = { + + static void test_sync_op_pread(BdrvChild *c) + { +- uint8_t buf[512] = {0}; ++ uint8_t buf[512]; + int ret; + + /* Success */ +@@ -89,7 +89,7 @@ static void test_sync_op_pread(BdrvChild *c) + + static void test_sync_op_pwrite(BdrvChild *c) + { +- uint8_t buf[512] = {0}; ++ uint8_t buf[512]; + int ret; + + /* Success */ +@@ -103,7 +103,7 @@ static void test_sync_op_pwrite(BdrvChild *c) + + static void test_sync_op_blk_pread(BlockBackend *blk) + { +- uint8_t buf[512] = {0}; ++ uint8_t buf[512]; + int ret; + + /* Success */ +@@ -117,7 +117,7 @@ static void test_sync_op_blk_pread(BlockBackend *blk) + + static void test_sync_op_blk_pwrite(BlockBackend *blk) + { +- uint8_t buf[512] = {0}; ++ uint8_t buf[512]; + int ret; + + /* Success */ +@@ -131,7 +131,7 @@ static void test_sync_op_blk_pwrite(BlockBackend *blk) + + static void test_sync_op_load_vmstate(BdrvChild *c) + { +- uint8_t buf[512] = {0}; ++ uint8_t buf[512]; + int ret; + + /* Error: Driver does not support snapshots */ +@@ -141,7 +141,7 @@ static void test_sync_op_load_vmstate(BdrvChild *c) + + static void test_sync_op_save_vmstate(BdrvChild *c) + { +- uint8_t buf[512] = {0}; ++ uint8_t buf[512]; + int ret; + + /* Error: Driver does not support snapshots */ +-- +2.18.4 + diff --git a/0031-s390x-Use-strpadcpy-for-copying-vm-name.patch b/0031-s390x-Use-strpadcpy-for-copying-vm-name.patch new file mode 100644 index 0000000..a7827ee --- /dev/null +++ b/0031-s390x-Use-strpadcpy-for-copying-vm-name.patch @@ -0,0 +1,84 @@ +From adbabd33e81f46c6b29c4b940c053e562e4f55fd Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Fri, 15 Jan 2021 09:28:59 +0100 +Subject: s390x: Use strpadcpy for copying vm name + +Using strncpy with length equal to the size of target array, GCC 11 +reports following warning: + + warning: '__builtin_strncpy' specified bound 256 equals destination size [-Wstringop-truncation] + +We can prevent this warning by using strpadcpy that copies string +up to specified length, zeroes target array after copied string +and does not raise warning when length is equal to target array +size (and ending '\0' is discarded). + +Signed-off-by: Miroslav Rezanina +--- + target/s390x/kvm.c | 12 +++++------- + target/s390x/misc_helper.c | 7 +++++-- + 2 files changed, 10 insertions(+), 9 deletions(-) + +diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c +index 1839cc6648..c08b5bc2de 100644 +--- a/target/s390x/kvm.c ++++ b/target/s390x/kvm.c +@@ -29,6 +29,7 @@ + #include "internal.h" + #include "kvm_s390x.h" + #include "sysemu/kvm_int.h" ++#include "qemu/cutils.h" + #include "qapi/error.h" + #include "qemu/error-report.h" + #include "qemu/timer.h" +@@ -1910,18 +1911,15 @@ static void insert_stsi_3_2_2(S390CPU *cpu, __u64 addr, uint8_t ar) + strlen(qemu_name))); + } + sysib.vm[0].ext_name_encoding = 2; /* 2 = UTF-8 */ +- memset(sysib.ext_names[0], 0, sizeof(sysib.ext_names[0])); + /* If hypervisor specifies zero Extended Name in STSI322 SYSIB, it's + * considered by s390 as not capable of providing any Extended Name. + * Therefore if no name was specified on qemu invocation, we go with the + * same "KVMguest" default, which KVM has filled into short name field. + */ +- if (qemu_name) { +- strncpy((char *)sysib.ext_names[0], qemu_name, +- sizeof(sysib.ext_names[0])); +- } else { +- strcpy((char *)sysib.ext_names[0], "KVMguest"); +- } ++ strpadcpy((char *)sysib.ext_names[0], ++ sizeof(sysib.ext_names[0]), ++ qemu_name ?: "KVMguest", '\0'); ++ + /* Insert UUID */ + memcpy(sysib.vm[0].uuid, &qemu_uuid, sizeof(sysib.vm[0].uuid)); + +diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c +index 58dbc023eb..7ea90d414a 100644 +--- a/target/s390x/misc_helper.c ++++ b/target/s390x/misc_helper.c +@@ -19,6 +19,7 @@ + */ + + #include "qemu/osdep.h" ++#include "qemu/cutils.h" + #include "qemu/main-loop.h" + #include "cpu.h" + #include "internal.h" +@@ -369,8 +370,10 @@ uint32_t HELPER(stsi)(CPUS390XState *env, uint64_t a0, uint64_t r0, uint64_t r1) + ebcdic_put(sysib.sysib_322.vm[0].name, qemu_name, + MIN(sizeof(sysib.sysib_322.vm[0].name), + strlen(qemu_name))); +- strncpy((char *)sysib.sysib_322.ext_names[0], qemu_name, +- sizeof(sysib.sysib_322.ext_names[0])); ++ strpadcpy((char *)sysib.sysib_322.ext_names[0], ++ sizeof(sysib.sysib_322.ext_names[0]), ++ qemu_name, '\0'); ++ + } else { + ebcdic_put(sysib.sysib_322.vm[0].name, "TCGguest", 8); + strcpy((char *)sysib.sysib_322.ext_names[0], "TCGguest"); +-- +2.18.4 + diff --git a/0032-tcg-Restrict-tcg_out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch b/0032-tcg-Restrict-tcg_out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch new file mode 100644 index 0000000..6cd75ce --- /dev/null +++ b/0032-tcg-Restrict-tcg_out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch @@ -0,0 +1,138 @@ +From 8773f3688ca87e5e7da2e1a5170d0bde9a54eae0 Mon Sep 17 00:00:00 2001 +From: Miroslav Rezanina +Date: Fri, 15 Jan 2021 09:38:53 +0100 +Subject: tcg: Restrict tcg_out_op() to arrays of TCG_MAX_OP_ARGS elements + +--- + tcg/aarch64/tcg-target.c.inc | 3 ++- + tcg/i386/tcg-target.c.inc | 6 ++++-- + tcg/ppc/tcg-target.c.inc | 8 +++++--- + tcg/s390/tcg-target.c.inc | 3 ++- + tcg/tcg.c | 19 +++++++++++-------- + 5 files changed, 24 insertions(+), 15 deletions(-) + +diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc +index 26f71cb599..ce8689e889 100644 +--- a/tcg/aarch64/tcg-target.c.inc ++++ b/tcg/aarch64/tcg-target.c.inc +@@ -2271,7 +2271,8 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, + + static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc, + unsigned vecl, unsigned vece, +- const TCGArg *args, const int *const_args) ++ const TCGArg args[TCG_MAX_OP_ARGS], ++ const int const_args[TCG_MAX_OP_ARGS]) + { + static const AArch64Insn cmp_insn[16] = { + [TCG_COND_EQ] = I3616_CMEQ, +diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc +index d8797ed398..0e557d177a 100644 +--- a/tcg/i386/tcg-target.c.inc ++++ b/tcg/i386/tcg-target.c.inc +@@ -2242,7 +2242,8 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64) + } + + static inline void tcg_out_op(TCGContext *s, TCGOpcode opc, +- const TCGArg *args, const int *const_args) ++ const TCGArg args[TCG_MAX_OP_ARGS], ++ const int const_args[TCG_MAX_OP_ARGS]) + { + TCGArg a0, a1, a2; + int c, const_a2, vexop, rexw = 0; +@@ -2679,7 +2680,8 @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc, + + static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc, + unsigned vecl, unsigned vece, +- const TCGArg *args, const int *const_args) ++ const TCGArg args[TCG_MAX_OP_ARGS], ++ const int const_args[TCG_MAX_OP_ARGS]) + { + static int const add_insn[4] = { + OPC_PADDB, OPC_PADDW, OPC_PADDD, OPC_PADDQ +diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc +index 18ee989f95..b2bc1fc0c4 100644 +--- a/tcg/ppc/tcg-target.c.inc ++++ b/tcg/ppc/tcg-target.c.inc +@@ -2353,8 +2353,9 @@ static void tcg_target_qemu_prologue(TCGContext *s) + tcg_out32(s, BCLR | BO_ALWAYS); + } + +-static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args, +- const int *const_args) ++static void tcg_out_op(TCGContext *s, TCGOpcode opc, ++ const TCGArg args[TCG_MAX_OP_ARGS], ++ const int const_args[TCG_MAX_OP_ARGS]) + { + TCGArg a0, a1, a2; + int c; +@@ -3151,7 +3152,8 @@ static bool tcg_out_dupm_vec(TCGContext *s, TCGType type, unsigned vece, + + static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc, + unsigned vecl, unsigned vece, +- const TCGArg *args, const int *const_args) ++ const TCGArg args[TCG_MAX_OP_ARGS], ++ const int const_args[TCG_MAX_OP_ARGS]) + { + static const uint32_t + add_op[4] = { VADDUBM, VADDUHM, VADDUWM, VADDUDM }, +diff --git a/tcg/s390/tcg-target.c.inc b/tcg/s390/tcg-target.c.inc +index c5e096449b..79753c8af7 100644 +--- a/tcg/s390/tcg-target.c.inc ++++ b/tcg/s390/tcg-target.c.inc +@@ -1746,7 +1746,8 @@ static void tcg_out_qemu_st(TCGContext* s, TCGReg data_reg, TCGReg addr_reg, + case glue(glue(INDEX_op_,x),_i64) + + static inline void tcg_out_op(TCGContext *s, TCGOpcode opc, +- const TCGArg *args, const int *const_args) ++ const TCGArg args[TCG_MAX_OP_ARGS], ++ const int const_args[TCG_MAX_OP_ARGS]) + { + S390Opcode op, op2; + TCGArg a0, a1, a2; +diff --git a/tcg/tcg.c b/tcg/tcg.c +index 43c6cf8f52..2d0116d29f 100644 +--- a/tcg/tcg.c ++++ b/tcg/tcg.c +@@ -109,8 +109,9 @@ static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg1, + static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg); + static void tcg_out_movi(TCGContext *s, TCGType type, + TCGReg ret, tcg_target_long arg); +-static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args, +- const int *const_args); ++static void tcg_out_op(TCGContext *s, TCGOpcode opc, ++ const TCGArg args[TCG_MAX_OP_ARGS], ++ const int const_args[TCG_MAX_OP_ARGS]); + #if TCG_TARGET_MAYBE_vec + static bool tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece, + TCGReg dst, TCGReg src); +@@ -118,9 +119,10 @@ static bool tcg_out_dupm_vec(TCGContext *s, TCGType type, unsigned vece, + TCGReg dst, TCGReg base, intptr_t offset); + static void tcg_out_dupi_vec(TCGContext *s, TCGType type, + TCGReg dst, tcg_target_long arg); +-static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc, unsigned vecl, +- unsigned vece, const TCGArg *args, +- const int *const_args); ++static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc, ++ unsigned vecl, unsigned vece, ++ const TCGArg args[TCG_MAX_OP_ARGS], ++ const int const_args[TCG_MAX_OP_ARGS]); + #else + static inline bool tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece, + TCGReg dst, TCGReg src) +@@ -137,9 +139,10 @@ static inline void tcg_out_dupi_vec(TCGContext *s, TCGType type, + { + g_assert_not_reached(); + } +-static inline void tcg_out_vec_op(TCGContext *s, TCGOpcode opc, unsigned vecl, +- unsigned vece, const TCGArg *args, +- const int *const_args) ++static inline void tcg_out_vec_op(TCGContext *s, TCGOpcode opc, ++ unsigned vecl, unsigned vece, ++ const TCGArg args[TCG_MAX_OP_ARGS], ++ const int const_args[TCG_MAX_OP_ARGS]) + { + g_assert_not_reached(); + } +-- +2.18.4 + diff --git a/0033-net-eth-Simplify-_eth_get_rss_ex_dst_addr.patch b/0033-net-eth-Simplify-_eth_get_rss_ex_dst_addr.patch new file mode 100644 index 0000000..29a1b7e --- /dev/null +++ b/0033-net-eth-Simplify-_eth_get_rss_ex_dst_addr.patch @@ -0,0 +1,52 @@ +From 76ed390a52769c5ca64db5496a2adcb43df72035 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Fri, 15 Jan 2021 09:42:33 +0100 +Subject: net/eth: Simplify _eth_get_rss_ex_dst_addr() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The length field is already contained in the ip6_ext_hdr structure. +Check it direcly in eth_parse_ipv6_hdr() before calling +_eth_get_rss_ex_dst_addr(), which gets a bit simplified. + +Signed-off-by: Philippe Mathieu-Daudé +--- + net/eth.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/net/eth.c b/net/eth.c +index 1e0821c5f8..7d4dd48c1f 100644 +--- a/net/eth.c ++++ b/net/eth.c +@@ -407,9 +407,7 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int pkt_frags, + { + struct ip6_ext_hdr_routing *rthdr = (struct ip6_ext_hdr_routing *) ext_hdr; + +- if ((rthdr->rtype == 2) && +- (rthdr->len == sizeof(struct in6_address) / 8) && +- (rthdr->segleft == 1)) { ++ if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) { + + size_t input_size = iov_size(pkt, pkt_frags); + size_t bytes_read; +@@ -528,10 +526,12 @@ bool eth_parse_ipv6_hdr(const struct iovec *pkt, int pkt_frags, + } + + if (curr_ext_hdr_type == IP6_ROUTING) { +- info->rss_ex_dst_valid = +- _eth_get_rss_ex_dst_addr(pkt, pkt_frags, +- ip6hdr_off + info->full_hdr_len, +- &ext_hdr, &info->rss_ex_dst); ++ if (ext_hdr.ip6r_len == sizeof(struct in6_address) / 8) { ++ info->rss_ex_dst_valid = ++ _eth_get_rss_ex_dst_addr(pkt, pkt_frags, ++ ip6hdr_off + info->full_hdr_len, ++ &ext_hdr, &info->rss_ex_dst); ++ } + } else if (curr_ext_hdr_type == IP6_DESTINATON) { + info->rss_ex_src_valid = + _eth_get_rss_ex_src_addr(pkt, pkt_frags, +-- +2.18.4 + diff --git a/0034-net-eth-Fix-stack-buffer-overflow-in.patch b/0034-net-eth-Fix-stack-buffer-overflow-in.patch new file mode 100644 index 0000000..5be9d9e --- /dev/null +++ b/0034-net-eth-Fix-stack-buffer-overflow-in.patch @@ -0,0 +1,196 @@ +From 9abf30d739cfe5a7808f1e30ec85c0cfd73b67cb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Fri, 15 Jan 2021 09:43:31 +0100 +Subject: net/eth: Fix stack-buffer-overflow in +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +QEMU fuzzer reported a buffer overflow in _eth_get_rss_ex_dst_addr() +reproducible as: + + $ cat << EOF | ./qemu-system-i386 -M pc-q35-5.0 \ + -accel qtest -monitor none \ + -serial none -nographic -qtest stdio + outl 0xcf8 0x80001010 + outl 0xcfc 0xe1020000 + outl 0xcf8 0x80001004 + outw 0xcfc 0x7 + write 0x25 0x1 0x86 + write 0x26 0x1 0xdd + write 0x4f 0x1 0x2b + write 0xe1020030 0x4 0x190002e1 + write 0xe102003a 0x2 0x0807 + write 0xe1020048 0x4 0x12077cdd + write 0xe1020400 0x4 0xba077cdd + write 0xe1020420 0x4 0x190002e1 + write 0xe1020428 0x4 0x3509d807 + write 0xe1020438 0x1 0xe2 + EOF + ================================================================= + ==2859770==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdef904902 at pc 0x561ceefa78de bp 0x7ffdef904820 sp 0x7ffdef904818 + READ of size 1 at 0x7ffdef904902 thread T0 + #0 0x561ceefa78dd in _eth_get_rss_ex_dst_addr net/eth.c:410:17 + #1 0x561ceefa41fb in eth_parse_ipv6_hdr net/eth.c:532:17 + #2 0x561cef7de639 in net_tx_pkt_parse_headers hw/net/net_tx_pkt.c:228:14 + #3 0x561cef7dbef4 in net_tx_pkt_parse hw/net/net_tx_pkt.c:273:9 + #4 0x561ceec29f22 in e1000e_process_tx_desc hw/net/e1000e_core.c:730:29 + #5 0x561ceec28eac in e1000e_start_xmit hw/net/e1000e_core.c:927:9 + #6 0x561ceec1baab in e1000e_set_tdt hw/net/e1000e_core.c:2444:9 + #7 0x561ceebf300e in e1000e_core_write hw/net/e1000e_core.c:3256:9 + #8 0x561cef3cd4cd in e1000e_mmio_write hw/net/e1000e.c:110:5 + + Address 0x7ffdef904902 is located in stack of thread T0 at offset 34 in frame + #0 0x561ceefa320f in eth_parse_ipv6_hdr net/eth.c:486 + + This frame has 1 object(s): + [32, 34) 'ext_hdr' (line 487) <== Memory access at offset 34 overflows this variable + HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork + (longjmp and C++ exceptions *are* supported) + SUMMARY: AddressSanitizer: stack-buffer-overflow net/eth.c:410:17 in _eth_get_rss_ex_dst_addr + Shadow bytes around the buggy address: + 0x10003df188d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x10003df188e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x10003df188f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x10003df18900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x10003df18910: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 + =>0x10003df18920:[02]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 + 0x10003df18930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x10003df18940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x10003df18950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x10003df18960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x10003df18970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + Shadow byte legend (one shadow byte represents 8 application bytes): + Addressable: 00 + Partially addressable: 01 02 03 04 05 06 07 + Stack left redzone: f1 + Stack right redzone: f3 + ==2859770==ABORTING + +Similarly GCC 11 reports: + + net/eth.c: In function 'eth_parse_ipv6_hdr': + net/eth.c:410:15: error: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside array bounds of 'struct ip6_ext_hdr[1]' [-Werror=array-bounds] + 410 | if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) { + | ~~~~~^~~~~~~ + net/eth.c:485:24: note: while referencing 'ext_hdr' + 485 | struct ip6_ext_hdr ext_hdr; + | ^~~~~~~ + net/eth.c:410:38: error: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside array bounds of 'struct ip6_ext_hdr[1]' [-Werror=array-bounds] + 410 | if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) { + | ~~~~~^~~~~~~~~ + net/eth.c:485:24: note: while referencing 'ext_hdr' + 485 | struct ip6_ext_hdr ext_hdr; + | ^~~~~~~ + +In eth_parse_ipv6_hdr() we called iov_to_buf() to fill the 2 bytes of +the 'ext_hdr' buffer, then _eth_get_rss_ex_dst_addr() tries to access +beside the 2 filled bytes. + +Fix by reworking the function, filling the full rt_hdr buffer on the +stack calling iov_to_buf() again. + +Cc: qemu-stable@nongnu.org +Buglink: https://bugs.launchpad.net/qemu/+bug/1879531 +Reported-by: Alexander Bulekov +Reported-by: Miroslav Rezanina +Fixes: eb700029c78 ("net_pkt: Extend packet abstraction as required by e1000e functionality") +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: Miroslav Rezanina +--- + net/eth.c | 25 +++++++++++-------------- + tests/qtest/fuzz-test.c | 29 +++++++++++++++++++++++++++++ + 2 files changed, 40 insertions(+), 14 deletions(-) + +diff --git a/net/eth.c b/net/eth.c +index 7d4dd48c1f..ae4db37888 100644 +--- a/net/eth.c ++++ b/net/eth.c +@@ -401,26 +401,23 @@ eth_is_ip6_extension_header_type(uint8_t hdr_type) + + static bool + _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int pkt_frags, +- size_t rthdr_offset, ++ size_t ext_hdr_offset, + struct ip6_ext_hdr *ext_hdr, + struct in6_address *dst_addr) + { +- struct ip6_ext_hdr_routing *rthdr = (struct ip6_ext_hdr_routing *) ext_hdr; +- +- if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) { +- +- size_t input_size = iov_size(pkt, pkt_frags); +- size_t bytes_read; ++ struct ip6_ext_hdr_routing rt_hdr; ++ size_t input_size = iov_size(pkt, pkt_frags); ++ size_t bytes_read; + +- if (input_size < rthdr_offset + sizeof(*ext_hdr)) { +- return false; +- } ++ if (input_size < ext_hdr_offset + sizeof(rt_hdr)) { ++ return false; ++ } + +- bytes_read = iov_to_buf(pkt, pkt_frags, +- rthdr_offset + sizeof(*ext_hdr), +- dst_addr, sizeof(*dst_addr)); ++ bytes_read = iov_to_buf(pkt, pkt_frags, ext_hdr_offset, ++ &rt_hdr, sizeof(rt_hdr)); + +- return bytes_read == sizeof(*dst_addr); ++ if ((rt_hdr.rtype == 2) && (rt_hdr.segleft == 1)) { ++ return bytes_read == sizeof(*ext_hdr) + sizeof(*dst_addr); + } + + return false; +diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c +index 9cb4c42bde..2692d556d9 100644 +--- a/tests/qtest/fuzz-test.c ++++ b/tests/qtest/fuzz-test.c +@@ -47,6 +47,32 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void) + qtest_outl(s, 0x5d02, 0xebed205d); + } + ++/* ++ * https://bugs.launchpad.net/qemu/+bug/1879531 ++ */ ++static void test_lp1879531_eth_get_rss_ex_dst_addr(void) ++{ ++ QTestState *s; ++ ++ s = qtest_init("-nographic -monitor none -serial none -M pc-q35-5.0"); ++ ++ qtest_outl(s, 0xcf8 0x80001010); ++ qtest_outl(s, 0xcfc 0xe1020000); ++ qtest_outl(s, 0xcf8 0x80001004); ++ qtest_outw(s, 0xcfc 0x7); ++ qtest_writeb(s, 0x25 0x1 0x86); ++ qtest_writeb(s, 0x26 0x1 0xdd); ++ qtest_writeb(s, 0x4f 0x1 0x2b); ++ qtest_writel(s, 0xe1020030, 0x190002e1); ++ qtest_writew(s, 0xe102003a, 0x0807); ++ qtest_writel(s, 0xe1020048, 0x12077cdd); ++ qtest_writel(s, 0xe1020400, 0xba077cdd); ++ qtest_writel(s, 0xe1020420, 0x190002e1); ++ qtest_writel(s, 0xe1020428, 0x3509d807); ++ qtest_writeb(s, 0xe1020438, 0xe2); ++ qtest_quit(s); ++} ++ + int main(int argc, char **argv) + { + const char *arch = qtest_get_arch(); +@@ -58,6 +84,9 @@ int main(int argc, char **argv) + test_lp1878263_megasas_zero_iov_cnt); + qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert", + test_lp1878642_pci_bus_get_irq_level_assert); ++ qtest_add_func("fuzz/test_lp1879531_eth_get_rss_ex_dst_addr", ++ test_lp1879531_eth_get_rss_ex_dst_addr); ++ + } + + return g_test_run(); +-- +2.18.4 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index ab130d0..9c7c40a 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -64,7 +64,7 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release} Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 5.2.0 -Release: 2%{?dist} +Release: 2.1%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 15 License: GPLv2 and GPLv2+ and CC-BY @@ -124,6 +124,11 @@ Patch0024: 0024-redhat-s390x-add-rhel-8.4.0-compat-machine.patch Patch0027: 0027-block-vpc-Make-vpc_open-read-the-full-dynamic-header.patch Patch0028: 0028-GCC-11-warnings-hacks.patch Patch0029: 0029-Disable-problematic-tests-for-initial-build.patch +Patch0030: 0030-Revert-GCC-11-warnings-hacks.patch +Patch0031: 0031-s390x-Use-strpadcpy-for-copying-vm-name.patch +Patch0032: 0032-tcg-Restrict-tcg_out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch +Patch0033: 0033-net-eth-Simplify-_eth_get_rss_ex_dst_addr.patch +Patch0034: 0034-net-eth-Fix-stack-buffer-overflow-in.patch BuildRequires: wget BuildRequires: rpm-build @@ -253,14 +258,12 @@ hardware for a full system such as a PC and its associated peripherals. Summary: qemu-kvm core components Requires: %{name}-common = %{epoch}:%{version}-%{release} Requires: qemu-img = %{epoch}:%{version}-%{release} - -# Temporary disable edk2 dependency as there's no edk2 available yet -#%ifarch %{ix86} x86_64 -#Requires: edk2-ovmf -#%endif -#%ifarch aarch64 -#Requires: edk2-aarch64 -#%endif +%ifarch %{ix86} x86_64 +Requires: edk2-ovmf +%endif +%ifarch aarch64 +Requires: edk2-aarch64 +%endif %ifarch %{power64} Requires: SLOF >= %{SLOF_gittagdate}-1.git%{SLOF_gittagcommit} @@ -1306,9 +1309,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %changelog -* Tue Jan 05 2021 Miroslav Rezanina - 5.2.0-2.el9 -- Rebuild for RHEL 9 - * Tue Dec 15 2020 Danilo Cesar Lemes de Paula - 5.2.0-2.el8 - kvm-redhat-Define-hw_compat_8_3.patch [bz#1893935] - kvm-redhat-Add-spapr_machine_rhel_default_class_options.patch [bz#1893935]