Update to enable edk2 as dependency and properly fix gcc 11 issues.
This commit is contained in:
parent
eea10ec917
commit
6c1454d3d0
@ -1,4 +1,4 @@
|
|||||||
From 28d744b42d381b15254706f90fed3310ce4a5116 Mon Sep 17 00:00:00 2001
|
From 7b8ca8c1cbd3763900e3e472556116c9832e06f8 Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
Date: Wed, 2 Sep 2020 09:39:41 +0200
|
Date: Wed, 2 Sep 2020 09:39:41 +0200
|
||||||
Subject: Enable make check
|
Subject: Enable make check
|
||||||
@ -31,19 +31,16 @@ Rebase changes (5.2.0 rc0):
|
|||||||
- Disable cdrom tests (unsupported devices) on x86_64
|
- Disable cdrom tests (unsupported devices) on x86_64
|
||||||
- disable fuzz test
|
- disable fuzz test
|
||||||
|
|
||||||
Rebaes changes (RHEL 9):
|
|
||||||
- disable block-iothreads test
|
|
||||||
|
|
||||||
Merged patches (4.0.0):
|
Merged patches (4.0.0):
|
||||||
- f7ffd13 Remove 7 qcow2 and luks iotests that are taking > 25 sec to run during the fast train build proce
|
- f7ffd13 Remove 7 qcow2 and luks iotests that are taking > 25 sec to run during the fast train build proce
|
||||||
|
|
||||||
Merged patches (4.1.0-rc0):
|
Merged patches (4.1.0-rc0):
|
||||||
- 41288ff redhat: Remove raw iotest 205
|
- 41288ff redhat: Remove raw iotest 205
|
||||||
|
|
||||||
Dissable problematic tests
|
Conflicts:
|
||||||
|
redhat/qemu-kvm.spec.template
|
||||||
---
|
---
|
||||||
redhat/qemu-kvm.spec.template | 4 ++--
|
redhat/qemu-kvm.spec.template | 4 ++--
|
||||||
tests/meson.build | 2 +-
|
|
||||||
tests/qemu-iotests/051 | 12 ++++++------
|
tests/qemu-iotests/051 | 12 ++++++------
|
||||||
tests/qtest/boot-serial-test.c | 6 +++++-
|
tests/qtest/boot-serial-test.c | 6 +++++-
|
||||||
tests/qtest/cdrom-test.c | 2 ++
|
tests/qtest/cdrom-test.c | 2 ++
|
||||||
@ -54,21 +51,8 @@ Dissable problematic tests
|
|||||||
tests/qtest/prom-env-test.c | 4 ++++
|
tests/qtest/prom-env-test.c | 4 ++++
|
||||||
tests/qtest/test-x86-cpuid-compat.c | 2 ++
|
tests/qtest/test-x86-cpuid-compat.c | 2 ++
|
||||||
tests/qtest/usb-hcd-xhci-test.c | 4 ++++
|
tests/qtest/usb-hcd-xhci-test.c | 4 ++++
|
||||||
12 files changed, 36 insertions(+), 20 deletions(-)
|
11 files changed, 35 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
diff --git a/tests/meson.build b/tests/meson.build
|
|
||||||
index afeb6be689..e562a0499e 100644
|
|
||||||
--- a/tests/meson.build
|
|
||||||
+++ b/tests/meson.build
|
|
||||||
@@ -136,7 +136,7 @@ if have_block
|
|
||||||
'test-blockjob': [testblock],
|
|
||||||
'test-blockjob-txn': [testblock],
|
|
||||||
'test-block-backend': [testblock],
|
|
||||||
- 'test-block-iothread': [testblock],
|
|
||||||
+# 'test-block-iothread': [testblock],
|
|
||||||
'test-write-threshold': [testblock],
|
|
||||||
'test-crypto-hash': [crypto],
|
|
||||||
'test-crypto-hmac': [crypto],
|
|
||||||
diff --git a/tests/qemu-iotests/051 b/tests/qemu-iotests/051
|
diff --git a/tests/qemu-iotests/051 b/tests/qemu-iotests/051
|
||||||
index bee26075b2..61d25c4ed7 100755
|
index bee26075b2..61d25c4ed7 100755
|
||||||
--- a/tests/qemu-iotests/051
|
--- a/tests/qemu-iotests/051
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 514eb840d98c8047e88fb503a4bba71455a2e8b0 Mon Sep 17 00:00:00 2001
|
From da70823afbdbb904950068fe5f0323ff75b0d4fc Mon Sep 17 00:00:00 2001
|
||||||
From: Bandan Das <bsd@redhat.com>
|
From: Bandan Das <bsd@redhat.com>
|
||||||
Date: Tue, 3 Dec 2013 20:05:13 +0100
|
Date: Tue, 3 Dec 2013 20:05:13 +0100
|
||||||
Subject: vfio: cap number of devices that can be assigned
|
Subject: vfio: cap number of devices that can be assigned
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From f63ec823f8df7024f33c145b88a2b50c589cc633 Mon Sep 17 00:00:00 2001
|
From f69c3b855ec419b4afe240bbd039141a59aad808 Mon Sep 17 00:00:00 2001
|
||||||
From: Eduardo Habkost <ehabkost@redhat.com>
|
From: Eduardo Habkost <ehabkost@redhat.com>
|
||||||
Date: Wed, 4 Dec 2013 18:53:17 +0100
|
Date: Wed, 4 Dec 2013 18:53:17 +0100
|
||||||
Subject: Add support statement to -help output
|
Subject: Add support statement to -help output
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 6eddce7d3e8cd95c4b848fe3f7c5ac27854dc0da Mon Sep 17 00:00:00 2001
|
From 9585c8927744d8b07b317063ef788e1f01773f0e Mon Sep 17 00:00:00 2001
|
||||||
From: Andrew Jones <drjones@redhat.com>
|
From: Andrew Jones <drjones@redhat.com>
|
||||||
Date: Tue, 21 Jan 2014 10:46:52 +0100
|
Date: Tue, 21 Jan 2014 10:46:52 +0100
|
||||||
Subject: globally limit the maximum number of CPUs
|
Subject: globally limit the maximum number of CPUs
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From c615fb7d219b7b88f6517d6772d92e233007aff3 Mon Sep 17 00:00:00 2001
|
From 091f9e47dc4609bfded5474cfe2797777cdd56f1 Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
Date: Wed, 8 Jul 2020 08:35:50 +0200
|
Date: Wed, 8 Jul 2020 08:35:50 +0200
|
||||||
Subject: Use qemu-kvm in documentation instead of qemu-system-<arch>
|
Subject: Use qemu-kvm in documentation instead of qemu-system-<arch>
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 5095570936ccd71ac82bf441c36e85bd16b8e459 Mon Sep 17 00:00:00 2001
|
From 4d69dc90e66deec6bc6b46074ee44ef8c902266b Mon Sep 17 00:00:00 2001
|
||||||
From: Fam Zheng <famz@redhat.com>
|
From: Fam Zheng <famz@redhat.com>
|
||||||
Date: Wed, 14 Jun 2017 15:37:01 +0200
|
Date: Wed, 14 Jun 2017 15:37:01 +0200
|
||||||
Subject: virtio-scsi: Reject scsi-cd if data plane enabled [RHEL only]
|
Subject: virtio-scsi: Reject scsi-cd if data plane enabled [RHEL only]
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 0619f89b5e0eb713e4d426c869e7a6a826a13728 Mon Sep 17 00:00:00 2001
|
From 18c5a8c24e22b7c2ba9f7e26cac190cefc7ecf26 Mon Sep 17 00:00:00 2001
|
||||||
From: David Gibson <dgibson@redhat.com>
|
From: David Gibson <dgibson@redhat.com>
|
||||||
Date: Wed, 6 Feb 2019 03:58:56 +0000
|
Date: Wed, 6 Feb 2019 03:58:56 +0000
|
||||||
Subject: BZ1653590: Require at least 64kiB pages for downstream guests & hosts
|
Subject: BZ1653590: Require at least 64kiB pages for downstream guests & hosts
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From e7321dc3f2159d2f4b7f93bd0f7ebb89752e8604 Mon Sep 17 00:00:00 2001
|
From 989cfded8fdd5df3b6b1f1a304ca16c128d7561b Mon Sep 17 00:00:00 2001
|
||||||
From: Kevin Wolf <kwolf@redhat.com>
|
From: Kevin Wolf <kwolf@redhat.com>
|
||||||
Date: Fri, 13 Mar 2020 12:34:32 +0000
|
Date: Fri, 13 Mar 2020 12:34:32 +0000
|
||||||
Subject: block: Versioned x-blockdev-reopen API with feature flag
|
Subject: block: Versioned x-blockdev-reopen API with feature flag
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From bd9e5c1703ef16727db863ba79f46ae9cb81cbfd Mon Sep 17 00:00:00 2001
|
From fa0063ba67071384d8c749cee8f4f4e5bbc8ef91 Mon Sep 17 00:00:00 2001
|
||||||
From: Greg Kurz <gkurz@redhat.com>
|
From: Greg Kurz <gkurz@redhat.com>
|
||||||
Date: Fri, 20 Nov 2020 14:00:31 -0500
|
Date: Fri, 20 Nov 2020 14:00:31 -0500
|
||||||
Subject: redhat: Define hw_compat_8_3
|
Subject: redhat: Define hw_compat_8_3
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From e5c00782e6f609b4f25dc214825c6491def46e15 Mon Sep 17 00:00:00 2001
|
From 943c936df3b6b5c3197ad727f2105e61778e749a Mon Sep 17 00:00:00 2001
|
||||||
From: Greg Kurz <gkurz@redhat.com>
|
From: Greg Kurz <gkurz@redhat.com>
|
||||||
Date: Fri, 20 Nov 2020 14:00:32 -0500
|
Date: Fri, 20 Nov 2020 14:00:32 -0500
|
||||||
Subject: redhat: Add spapr_machine_rhel_default_class_options()
|
Subject: redhat: Add spapr_machine_rhel_default_class_options()
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From e5f8c128550c8e6020095152a9fa171cccc6aa18 Mon Sep 17 00:00:00 2001
|
From 030b5e6fba510b8b9f8c8690ef6ea63f71628d25 Mon Sep 17 00:00:00 2001
|
||||||
From: Greg Kurz <gkurz@redhat.com>
|
From: Greg Kurz <gkurz@redhat.com>
|
||||||
Date: Fri, 20 Nov 2020 14:00:33 -0500
|
Date: Fri, 20 Nov 2020 14:00:33 -0500
|
||||||
Subject: redhat: Define pseries-rhel8.4.0 machine type
|
Subject: redhat: Define pseries-rhel8.4.0 machine type
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From a4ce96735ad8f1e07ded93e39e32e22bd9ac00ba Mon Sep 17 00:00:00 2001
|
From a6ae745cceee1acc3667f5ba5e007ca6c083f8a8 Mon Sep 17 00:00:00 2001
|
||||||
From: Cornelia Huck <cohuck@redhat.com>
|
From: Cornelia Huck <cohuck@redhat.com>
|
||||||
Date: Tue, 1 Dec 2020 17:53:41 -0500
|
Date: Tue, 1 Dec 2020 17:53:41 -0500
|
||||||
Subject: redhat: s390x: add rhel-8.4.0 compat machine
|
Subject: redhat: s390x: add rhel-8.4.0 compat machine
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 8d3c826bca23d64cbb2f71bd3b506b43fc2b1c70 Mon Sep 17 00:00:00 2001
|
From 974af930d4e5cae5611bb2e3a5ac18d3bda15a68 Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
Date: Thu, 17 Dec 2020 17:58:43 +0100
|
Date: Thu, 17 Dec 2020 17:58:43 +0100
|
||||||
Subject: block/vpc: Make vpc_open() read the full dynamic header
|
Subject: block/vpc: Make vpc_open() read the full dynamic header
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 0db17b3fa57012894e9e410f139703baf21f590a Mon Sep 17 00:00:00 2001
|
From 6e9564986a00456c6748cf888d9ba9f7f0db01bf Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
Date: Mon, 4 Jan 2021 07:47:03 +0100
|
Date: Mon, 4 Jan 2021 07:47:03 +0100
|
||||||
Subject: GCC 11 warnings hacks
|
Subject: GCC 11 warnings hacks
|
||||||
|
@ -1,12 +1,26 @@
|
|||||||
From 6d129eac73fdc94b2712af5d402c0f2debd65600 Mon Sep 17 00:00:00 2001
|
From bb42f8a495aa0da2410109de14aca901b8c4ac4f Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
Date: Tue, 5 Jan 2021 07:40:08 +0100
|
Date: Tue, 5 Jan 2021 07:40:08 +0100
|
||||||
Subject: Disable problematic tests for initial build
|
Subject: Disable problematic tests for initial build
|
||||||
|
|
||||||
---
|
---
|
||||||
|
tests/meson.build | 2 +-
|
||||||
tests/qtest/meson.build | 4 ++--
|
tests/qtest/meson.build | 4 ++--
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/meson.build b/tests/meson.build
|
||||||
|
index afeb6be689..e562a0499e 100644
|
||||||
|
--- a/tests/meson.build
|
||||||
|
+++ b/tests/meson.build
|
||||||
|
@@ -136,7 +136,7 @@ if have_block
|
||||||
|
'test-blockjob': [testblock],
|
||||||
|
'test-blockjob-txn': [testblock],
|
||||||
|
'test-block-backend': [testblock],
|
||||||
|
- 'test-block-iothread': [testblock],
|
||||||
|
+# 'test-block-iothread': [testblock],
|
||||||
|
'test-write-threshold': [testblock],
|
||||||
|
'test-crypto-hash': [crypto],
|
||||||
|
'test-crypto-hmac': [crypto],
|
||||||
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
|
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
|
||||||
index 15ed460ff0..70ef8c236c 100644
|
index 15ed460ff0..70ef8c236c 100644
|
||||||
--- a/tests/qtest/meson.build
|
--- a/tests/qtest/meson.build
|
||||||
|
166
0030-Revert-GCC-11-warnings-hacks.patch
Normal file
166
0030-Revert-GCC-11-warnings-hacks.patch
Normal file
@ -0,0 +1,166 @@
|
|||||||
|
From f488becdbb12c6001a2524d049371196a05f5256 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
Date: Fri, 15 Jan 2021 09:27:40 +0100
|
||||||
|
Subject: Revert "GCC 11 warnings hacks"
|
||||||
|
|
||||||
|
This reverts commit 6e9564986a00456c6748cf888d9ba9f7f0db01bf.
|
||||||
|
|
||||||
|
Hacks solved upstream. Going to import upstream solutions.
|
||||||
|
---
|
||||||
|
hw/scsi/scsi-disk.c | 13 ++++++-------
|
||||||
|
net/eth.c | 4 +---
|
||||||
|
target/s390x/kvm.c | 2 +-
|
||||||
|
target/s390x/misc_helper.c | 2 +-
|
||||||
|
tcg/aarch64/tcg-target.c.inc | 3 ++-
|
||||||
|
tests/test-block-iothread.c | 12 ++++++------
|
||||||
|
6 files changed, 17 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
|
||||||
|
index 8ce77777d3..90841ad791 100644
|
||||||
|
--- a/hw/scsi/scsi-disk.c
|
||||||
|
+++ b/hw/scsi/scsi-disk.c
|
||||||
|
@@ -2578,15 +2578,14 @@ static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf)
|
||||||
|
int len = scsi_cdb_length(buf);
|
||||||
|
char *line_buffer, *p;
|
||||||
|
|
||||||
|
- if (len > 0) {
|
||||||
|
- line_buffer = g_malloc(len * 5 + 1);
|
||||||
|
- for (i = 0, p = line_buffer; i < len; i++) {
|
||||||
|
- p += sprintf(p, " 0x%02x", buf[i]);
|
||||||
|
- }
|
||||||
|
- trace_scsi_disk_new_request(lun, tag, line_buffer);
|
||||||
|
+ line_buffer = g_malloc(len * 5 + 1);
|
||||||
|
|
||||||
|
- g_free(line_buffer);
|
||||||
|
+ for (i = 0, p = line_buffer; i < len; i++) {
|
||||||
|
+ p += sprintf(p, " 0x%02x", buf[i]);
|
||||||
|
}
|
||||||
|
+ trace_scsi_disk_new_request(lun, tag, line_buffer);
|
||||||
|
+
|
||||||
|
+ g_free(line_buffer);
|
||||||
|
}
|
||||||
|
|
||||||
|
static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
|
||||||
|
diff --git a/net/eth.c b/net/eth.c
|
||||||
|
index 041ac4865a..1e0821c5f8 100644
|
||||||
|
--- a/net/eth.c
|
||||||
|
+++ b/net/eth.c
|
||||||
|
@@ -405,8 +405,6 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int pkt_frags,
|
||||||
|
struct ip6_ext_hdr *ext_hdr,
|
||||||
|
struct in6_address *dst_addr)
|
||||||
|
{
|
||||||
|
-#pragma GCC diagnostic push
|
||||||
|
-#pragma GCC diagnostic ignored "-Warray-bounds"
|
||||||
|
struct ip6_ext_hdr_routing *rthdr = (struct ip6_ext_hdr_routing *) ext_hdr;
|
||||||
|
|
||||||
|
if ((rthdr->rtype == 2) &&
|
||||||
|
@@ -426,7 +424,7 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int pkt_frags,
|
||||||
|
|
||||||
|
return bytes_read == sizeof(*dst_addr);
|
||||||
|
}
|
||||||
|
-#pragma GCC diagnostic pop
|
||||||
|
+
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
|
||||||
|
index ab1ca6b1bf..1839cc6648 100644
|
||||||
|
--- a/target/s390x/kvm.c
|
||||||
|
+++ b/target/s390x/kvm.c
|
||||||
|
@@ -1918,7 +1918,7 @@ static void insert_stsi_3_2_2(S390CPU *cpu, __u64 addr, uint8_t ar)
|
||||||
|
*/
|
||||||
|
if (qemu_name) {
|
||||||
|
strncpy((char *)sysib.ext_names[0], qemu_name,
|
||||||
|
- sizeof(sysib.ext_names[0])-1);
|
||||||
|
+ sizeof(sysib.ext_names[0]));
|
||||||
|
} else {
|
||||||
|
strcpy((char *)sysib.ext_names[0], "KVMguest");
|
||||||
|
}
|
||||||
|
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
|
||||||
|
index adaf4145e6..58dbc023eb 100644
|
||||||
|
--- a/target/s390x/misc_helper.c
|
||||||
|
+++ b/target/s390x/misc_helper.c
|
||||||
|
@@ -370,7 +370,7 @@ uint32_t HELPER(stsi)(CPUS390XState *env, uint64_t a0, uint64_t r0, uint64_t r1)
|
||||||
|
MIN(sizeof(sysib.sysib_322.vm[0].name),
|
||||||
|
strlen(qemu_name)));
|
||||||
|
strncpy((char *)sysib.sysib_322.ext_names[0], qemu_name,
|
||||||
|
- sizeof(sysib.sysib_322.ext_names[0])-1);
|
||||||
|
+ sizeof(sysib.sysib_322.ext_names[0]));
|
||||||
|
} else {
|
||||||
|
ebcdic_put(sysib.sysib_322.vm[0].name, "TCGguest", 8);
|
||||||
|
strcpy((char *)sysib.sysib_322.ext_names[0], "TCGguest");
|
||||||
|
diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
|
||||||
|
index fe6bdbf721..26f71cb599 100644
|
||||||
|
--- a/tcg/aarch64/tcg-target.c.inc
|
||||||
|
+++ b/tcg/aarch64/tcg-target.c.inc
|
||||||
|
@@ -1852,7 +1852,8 @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
|
||||||
|
static tcg_insn_unit *tb_ret_addr;
|
||||||
|
|
||||||
|
static void tcg_out_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
- const TCGArg *args, const int *const_args)
|
||||||
|
+ const TCGArg args[TCG_MAX_OP_ARGS],
|
||||||
|
+ const int const_args[TCG_MAX_OP_ARGS])
|
||||||
|
{
|
||||||
|
/* 99% of the time, we can signal the use of extension registers
|
||||||
|
by looking to see if the opcode handles 64-bit data. */
|
||||||
|
diff --git a/tests/test-block-iothread.c b/tests/test-block-iothread.c
|
||||||
|
index bc64b50e66..3f866a35c6 100644
|
||||||
|
--- a/tests/test-block-iothread.c
|
||||||
|
+++ b/tests/test-block-iothread.c
|
||||||
|
@@ -75,7 +75,7 @@ static BlockDriver bdrv_test = {
|
||||||
|
|
||||||
|
static void test_sync_op_pread(BdrvChild *c)
|
||||||
|
{
|
||||||
|
- uint8_t buf[512] = {0};
|
||||||
|
+ uint8_t buf[512];
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
/* Success */
|
||||||
|
@@ -89,7 +89,7 @@ static void test_sync_op_pread(BdrvChild *c)
|
||||||
|
|
||||||
|
static void test_sync_op_pwrite(BdrvChild *c)
|
||||||
|
{
|
||||||
|
- uint8_t buf[512] = {0};
|
||||||
|
+ uint8_t buf[512];
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
/* Success */
|
||||||
|
@@ -103,7 +103,7 @@ static void test_sync_op_pwrite(BdrvChild *c)
|
||||||
|
|
||||||
|
static void test_sync_op_blk_pread(BlockBackend *blk)
|
||||||
|
{
|
||||||
|
- uint8_t buf[512] = {0};
|
||||||
|
+ uint8_t buf[512];
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
/* Success */
|
||||||
|
@@ -117,7 +117,7 @@ static void test_sync_op_blk_pread(BlockBackend *blk)
|
||||||
|
|
||||||
|
static void test_sync_op_blk_pwrite(BlockBackend *blk)
|
||||||
|
{
|
||||||
|
- uint8_t buf[512] = {0};
|
||||||
|
+ uint8_t buf[512];
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
/* Success */
|
||||||
|
@@ -131,7 +131,7 @@ static void test_sync_op_blk_pwrite(BlockBackend *blk)
|
||||||
|
|
||||||
|
static void test_sync_op_load_vmstate(BdrvChild *c)
|
||||||
|
{
|
||||||
|
- uint8_t buf[512] = {0};
|
||||||
|
+ uint8_t buf[512];
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
/* Error: Driver does not support snapshots */
|
||||||
|
@@ -141,7 +141,7 @@ static void test_sync_op_load_vmstate(BdrvChild *c)
|
||||||
|
|
||||||
|
static void test_sync_op_save_vmstate(BdrvChild *c)
|
||||||
|
{
|
||||||
|
- uint8_t buf[512] = {0};
|
||||||
|
+ uint8_t buf[512];
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
/* Error: Driver does not support snapshots */
|
||||||
|
--
|
||||||
|
2.18.4
|
||||||
|
|
84
0031-s390x-Use-strpadcpy-for-copying-vm-name.patch
Normal file
84
0031-s390x-Use-strpadcpy-for-copying-vm-name.patch
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
From adbabd33e81f46c6b29c4b940c053e562e4f55fd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
Date: Fri, 15 Jan 2021 09:28:59 +0100
|
||||||
|
Subject: s390x: Use strpadcpy for copying vm name
|
||||||
|
|
||||||
|
Using strncpy with length equal to the size of target array, GCC 11
|
||||||
|
reports following warning:
|
||||||
|
|
||||||
|
warning: '__builtin_strncpy' specified bound 256 equals destination size [-Wstringop-truncation]
|
||||||
|
|
||||||
|
We can prevent this warning by using strpadcpy that copies string
|
||||||
|
up to specified length, zeroes target array after copied string
|
||||||
|
and does not raise warning when length is equal to target array
|
||||||
|
size (and ending '\0' is discarded).
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
target/s390x/kvm.c | 12 +++++-------
|
||||||
|
target/s390x/misc_helper.c | 7 +++++--
|
||||||
|
2 files changed, 10 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
|
||||||
|
index 1839cc6648..c08b5bc2de 100644
|
||||||
|
--- a/target/s390x/kvm.c
|
||||||
|
+++ b/target/s390x/kvm.c
|
||||||
|
@@ -29,6 +29,7 @@
|
||||||
|
#include "internal.h"
|
||||||
|
#include "kvm_s390x.h"
|
||||||
|
#include "sysemu/kvm_int.h"
|
||||||
|
+#include "qemu/cutils.h"
|
||||||
|
#include "qapi/error.h"
|
||||||
|
#include "qemu/error-report.h"
|
||||||
|
#include "qemu/timer.h"
|
||||||
|
@@ -1910,18 +1911,15 @@ static void insert_stsi_3_2_2(S390CPU *cpu, __u64 addr, uint8_t ar)
|
||||||
|
strlen(qemu_name)));
|
||||||
|
}
|
||||||
|
sysib.vm[0].ext_name_encoding = 2; /* 2 = UTF-8 */
|
||||||
|
- memset(sysib.ext_names[0], 0, sizeof(sysib.ext_names[0]));
|
||||||
|
/* If hypervisor specifies zero Extended Name in STSI322 SYSIB, it's
|
||||||
|
* considered by s390 as not capable of providing any Extended Name.
|
||||||
|
* Therefore if no name was specified on qemu invocation, we go with the
|
||||||
|
* same "KVMguest" default, which KVM has filled into short name field.
|
||||||
|
*/
|
||||||
|
- if (qemu_name) {
|
||||||
|
- strncpy((char *)sysib.ext_names[0], qemu_name,
|
||||||
|
- sizeof(sysib.ext_names[0]));
|
||||||
|
- } else {
|
||||||
|
- strcpy((char *)sysib.ext_names[0], "KVMguest");
|
||||||
|
- }
|
||||||
|
+ strpadcpy((char *)sysib.ext_names[0],
|
||||||
|
+ sizeof(sysib.ext_names[0]),
|
||||||
|
+ qemu_name ?: "KVMguest", '\0');
|
||||||
|
+
|
||||||
|
/* Insert UUID */
|
||||||
|
memcpy(sysib.vm[0].uuid, &qemu_uuid, sizeof(sysib.vm[0].uuid));
|
||||||
|
|
||||||
|
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
|
||||||
|
index 58dbc023eb..7ea90d414a 100644
|
||||||
|
--- a/target/s390x/misc_helper.c
|
||||||
|
+++ b/target/s390x/misc_helper.c
|
||||||
|
@@ -19,6 +19,7 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "qemu/osdep.h"
|
||||||
|
+#include "qemu/cutils.h"
|
||||||
|
#include "qemu/main-loop.h"
|
||||||
|
#include "cpu.h"
|
||||||
|
#include "internal.h"
|
||||||
|
@@ -369,8 +370,10 @@ uint32_t HELPER(stsi)(CPUS390XState *env, uint64_t a0, uint64_t r0, uint64_t r1)
|
||||||
|
ebcdic_put(sysib.sysib_322.vm[0].name, qemu_name,
|
||||||
|
MIN(sizeof(sysib.sysib_322.vm[0].name),
|
||||||
|
strlen(qemu_name)));
|
||||||
|
- strncpy((char *)sysib.sysib_322.ext_names[0], qemu_name,
|
||||||
|
- sizeof(sysib.sysib_322.ext_names[0]));
|
||||||
|
+ strpadcpy((char *)sysib.sysib_322.ext_names[0],
|
||||||
|
+ sizeof(sysib.sysib_322.ext_names[0]),
|
||||||
|
+ qemu_name, '\0');
|
||||||
|
+
|
||||||
|
} else {
|
||||||
|
ebcdic_put(sysib.sysib_322.vm[0].name, "TCGguest", 8);
|
||||||
|
strcpy((char *)sysib.sysib_322.ext_names[0], "TCGguest");
|
||||||
|
--
|
||||||
|
2.18.4
|
||||||
|
|
138
0032-tcg-Restrict-tcg_out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch
Normal file
138
0032-tcg-Restrict-tcg_out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch
Normal file
@ -0,0 +1,138 @@
|
|||||||
|
From 8773f3688ca87e5e7da2e1a5170d0bde9a54eae0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
Date: Fri, 15 Jan 2021 09:38:53 +0100
|
||||||
|
Subject: tcg: Restrict tcg_out_op() to arrays of TCG_MAX_OP_ARGS elements
|
||||||
|
|
||||||
|
---
|
||||||
|
tcg/aarch64/tcg-target.c.inc | 3 ++-
|
||||||
|
tcg/i386/tcg-target.c.inc | 6 ++++--
|
||||||
|
tcg/ppc/tcg-target.c.inc | 8 +++++---
|
||||||
|
tcg/s390/tcg-target.c.inc | 3 ++-
|
||||||
|
tcg/tcg.c | 19 +++++++++++--------
|
||||||
|
5 files changed, 24 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
|
||||||
|
index 26f71cb599..ce8689e889 100644
|
||||||
|
--- a/tcg/aarch64/tcg-target.c.inc
|
||||||
|
+++ b/tcg/aarch64/tcg-target.c.inc
|
||||||
|
@@ -2271,7 +2271,8 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
|
||||||
|
static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
unsigned vecl, unsigned vece,
|
||||||
|
- const TCGArg *args, const int *const_args)
|
||||||
|
+ const TCGArg args[TCG_MAX_OP_ARGS],
|
||||||
|
+ const int const_args[TCG_MAX_OP_ARGS])
|
||||||
|
{
|
||||||
|
static const AArch64Insn cmp_insn[16] = {
|
||||||
|
[TCG_COND_EQ] = I3616_CMEQ,
|
||||||
|
diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
|
||||||
|
index d8797ed398..0e557d177a 100644
|
||||||
|
--- a/tcg/i386/tcg-target.c.inc
|
||||||
|
+++ b/tcg/i386/tcg-target.c.inc
|
||||||
|
@@ -2242,7 +2242,8 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64)
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
- const TCGArg *args, const int *const_args)
|
||||||
|
+ const TCGArg args[TCG_MAX_OP_ARGS],
|
||||||
|
+ const int const_args[TCG_MAX_OP_ARGS])
|
||||||
|
{
|
||||||
|
TCGArg a0, a1, a2;
|
||||||
|
int c, const_a2, vexop, rexw = 0;
|
||||||
|
@@ -2679,7 +2680,8 @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
|
||||||
|
static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
unsigned vecl, unsigned vece,
|
||||||
|
- const TCGArg *args, const int *const_args)
|
||||||
|
+ const TCGArg args[TCG_MAX_OP_ARGS],
|
||||||
|
+ const int const_args[TCG_MAX_OP_ARGS])
|
||||||
|
{
|
||||||
|
static int const add_insn[4] = {
|
||||||
|
OPC_PADDB, OPC_PADDW, OPC_PADDD, OPC_PADDQ
|
||||||
|
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
|
||||||
|
index 18ee989f95..b2bc1fc0c4 100644
|
||||||
|
--- a/tcg/ppc/tcg-target.c.inc
|
||||||
|
+++ b/tcg/ppc/tcg-target.c.inc
|
||||||
|
@@ -2353,8 +2353,9 @@ static void tcg_target_qemu_prologue(TCGContext *s)
|
||||||
|
tcg_out32(s, BCLR | BO_ALWAYS);
|
||||||
|
}
|
||||||
|
|
||||||
|
-static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args,
|
||||||
|
- const int *const_args)
|
||||||
|
+static void tcg_out_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
+ const TCGArg args[TCG_MAX_OP_ARGS],
|
||||||
|
+ const int const_args[TCG_MAX_OP_ARGS])
|
||||||
|
{
|
||||||
|
TCGArg a0, a1, a2;
|
||||||
|
int c;
|
||||||
|
@@ -3151,7 +3152,8 @@ static bool tcg_out_dupm_vec(TCGContext *s, TCGType type, unsigned vece,
|
||||||
|
|
||||||
|
static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
unsigned vecl, unsigned vece,
|
||||||
|
- const TCGArg *args, const int *const_args)
|
||||||
|
+ const TCGArg args[TCG_MAX_OP_ARGS],
|
||||||
|
+ const int const_args[TCG_MAX_OP_ARGS])
|
||||||
|
{
|
||||||
|
static const uint32_t
|
||||||
|
add_op[4] = { VADDUBM, VADDUHM, VADDUWM, VADDUDM },
|
||||||
|
diff --git a/tcg/s390/tcg-target.c.inc b/tcg/s390/tcg-target.c.inc
|
||||||
|
index c5e096449b..79753c8af7 100644
|
||||||
|
--- a/tcg/s390/tcg-target.c.inc
|
||||||
|
+++ b/tcg/s390/tcg-target.c.inc
|
||||||
|
@@ -1746,7 +1746,8 @@ static void tcg_out_qemu_st(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
|
||||||
|
case glue(glue(INDEX_op_,x),_i64)
|
||||||
|
|
||||||
|
static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
- const TCGArg *args, const int *const_args)
|
||||||
|
+ const TCGArg args[TCG_MAX_OP_ARGS],
|
||||||
|
+ const int const_args[TCG_MAX_OP_ARGS])
|
||||||
|
{
|
||||||
|
S390Opcode op, op2;
|
||||||
|
TCGArg a0, a1, a2;
|
||||||
|
diff --git a/tcg/tcg.c b/tcg/tcg.c
|
||||||
|
index 43c6cf8f52..2d0116d29f 100644
|
||||||
|
--- a/tcg/tcg.c
|
||||||
|
+++ b/tcg/tcg.c
|
||||||
|
@@ -109,8 +109,9 @@ static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg1,
|
||||||
|
static bool tcg_out_mov(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg);
|
||||||
|
static void tcg_out_movi(TCGContext *s, TCGType type,
|
||||||
|
TCGReg ret, tcg_target_long arg);
|
||||||
|
-static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args,
|
||||||
|
- const int *const_args);
|
||||||
|
+static void tcg_out_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
+ const TCGArg args[TCG_MAX_OP_ARGS],
|
||||||
|
+ const int const_args[TCG_MAX_OP_ARGS]);
|
||||||
|
#if TCG_TARGET_MAYBE_vec
|
||||||
|
static bool tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece,
|
||||||
|
TCGReg dst, TCGReg src);
|
||||||
|
@@ -118,9 +119,10 @@ static bool tcg_out_dupm_vec(TCGContext *s, TCGType type, unsigned vece,
|
||||||
|
TCGReg dst, TCGReg base, intptr_t offset);
|
||||||
|
static void tcg_out_dupi_vec(TCGContext *s, TCGType type,
|
||||||
|
TCGReg dst, tcg_target_long arg);
|
||||||
|
-static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc, unsigned vecl,
|
||||||
|
- unsigned vece, const TCGArg *args,
|
||||||
|
- const int *const_args);
|
||||||
|
+static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
+ unsigned vecl, unsigned vece,
|
||||||
|
+ const TCGArg args[TCG_MAX_OP_ARGS],
|
||||||
|
+ const int const_args[TCG_MAX_OP_ARGS]);
|
||||||
|
#else
|
||||||
|
static inline bool tcg_out_dup_vec(TCGContext *s, TCGType type, unsigned vece,
|
||||||
|
TCGReg dst, TCGReg src)
|
||||||
|
@@ -137,9 +139,10 @@ static inline void tcg_out_dupi_vec(TCGContext *s, TCGType type,
|
||||||
|
{
|
||||||
|
g_assert_not_reached();
|
||||||
|
}
|
||||||
|
-static inline void tcg_out_vec_op(TCGContext *s, TCGOpcode opc, unsigned vecl,
|
||||||
|
- unsigned vece, const TCGArg *args,
|
||||||
|
- const int *const_args)
|
||||||
|
+static inline void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
|
||||||
|
+ unsigned vecl, unsigned vece,
|
||||||
|
+ const TCGArg args[TCG_MAX_OP_ARGS],
|
||||||
|
+ const int const_args[TCG_MAX_OP_ARGS])
|
||||||
|
{
|
||||||
|
g_assert_not_reached();
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.18.4
|
||||||
|
|
52
0033-net-eth-Simplify-_eth_get_rss_ex_dst_addr.patch
Normal file
52
0033-net-eth-Simplify-_eth_get_rss_ex_dst_addr.patch
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
From 76ed390a52769c5ca64db5496a2adcb43df72035 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||||
|
Date: Fri, 15 Jan 2021 09:42:33 +0100
|
||||||
|
Subject: net/eth: Simplify _eth_get_rss_ex_dst_addr()
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The length field is already contained in the ip6_ext_hdr structure.
|
||||||
|
Check it direcly in eth_parse_ipv6_hdr() before calling
|
||||||
|
_eth_get_rss_ex_dst_addr(), which gets a bit simplified.
|
||||||
|
|
||||||
|
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
---
|
||||||
|
net/eth.c | 14 +++++++-------
|
||||||
|
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/net/eth.c b/net/eth.c
|
||||||
|
index 1e0821c5f8..7d4dd48c1f 100644
|
||||||
|
--- a/net/eth.c
|
||||||
|
+++ b/net/eth.c
|
||||||
|
@@ -407,9 +407,7 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int pkt_frags,
|
||||||
|
{
|
||||||
|
struct ip6_ext_hdr_routing *rthdr = (struct ip6_ext_hdr_routing *) ext_hdr;
|
||||||
|
|
||||||
|
- if ((rthdr->rtype == 2) &&
|
||||||
|
- (rthdr->len == sizeof(struct in6_address) / 8) &&
|
||||||
|
- (rthdr->segleft == 1)) {
|
||||||
|
+ if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) {
|
||||||
|
|
||||||
|
size_t input_size = iov_size(pkt, pkt_frags);
|
||||||
|
size_t bytes_read;
|
||||||
|
@@ -528,10 +526,12 @@ bool eth_parse_ipv6_hdr(const struct iovec *pkt, int pkt_frags,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (curr_ext_hdr_type == IP6_ROUTING) {
|
||||||
|
- info->rss_ex_dst_valid =
|
||||||
|
- _eth_get_rss_ex_dst_addr(pkt, pkt_frags,
|
||||||
|
- ip6hdr_off + info->full_hdr_len,
|
||||||
|
- &ext_hdr, &info->rss_ex_dst);
|
||||||
|
+ if (ext_hdr.ip6r_len == sizeof(struct in6_address) / 8) {
|
||||||
|
+ info->rss_ex_dst_valid =
|
||||||
|
+ _eth_get_rss_ex_dst_addr(pkt, pkt_frags,
|
||||||
|
+ ip6hdr_off + info->full_hdr_len,
|
||||||
|
+ &ext_hdr, &info->rss_ex_dst);
|
||||||
|
+ }
|
||||||
|
} else if (curr_ext_hdr_type == IP6_DESTINATON) {
|
||||||
|
info->rss_ex_src_valid =
|
||||||
|
_eth_get_rss_ex_src_addr(pkt, pkt_frags,
|
||||||
|
--
|
||||||
|
2.18.4
|
||||||
|
|
196
0034-net-eth-Fix-stack-buffer-overflow-in.patch
Normal file
196
0034-net-eth-Fix-stack-buffer-overflow-in.patch
Normal file
@ -0,0 +1,196 @@
|
|||||||
|
From 9abf30d739cfe5a7808f1e30ec85c0cfd73b67cb Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||||
|
Date: Fri, 15 Jan 2021 09:43:31 +0100
|
||||||
|
Subject: net/eth: Fix stack-buffer-overflow in
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
QEMU fuzzer reported a buffer overflow in _eth_get_rss_ex_dst_addr()
|
||||||
|
reproducible as:
|
||||||
|
|
||||||
|
$ cat << EOF | ./qemu-system-i386 -M pc-q35-5.0 \
|
||||||
|
-accel qtest -monitor none \
|
||||||
|
-serial none -nographic -qtest stdio
|
||||||
|
outl 0xcf8 0x80001010
|
||||||
|
outl 0xcfc 0xe1020000
|
||||||
|
outl 0xcf8 0x80001004
|
||||||
|
outw 0xcfc 0x7
|
||||||
|
write 0x25 0x1 0x86
|
||||||
|
write 0x26 0x1 0xdd
|
||||||
|
write 0x4f 0x1 0x2b
|
||||||
|
write 0xe1020030 0x4 0x190002e1
|
||||||
|
write 0xe102003a 0x2 0x0807
|
||||||
|
write 0xe1020048 0x4 0x12077cdd
|
||||||
|
write 0xe1020400 0x4 0xba077cdd
|
||||||
|
write 0xe1020420 0x4 0x190002e1
|
||||||
|
write 0xe1020428 0x4 0x3509d807
|
||||||
|
write 0xe1020438 0x1 0xe2
|
||||||
|
EOF
|
||||||
|
=================================================================
|
||||||
|
==2859770==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdef904902 at pc 0x561ceefa78de bp 0x7ffdef904820 sp 0x7ffdef904818
|
||||||
|
READ of size 1 at 0x7ffdef904902 thread T0
|
||||||
|
#0 0x561ceefa78dd in _eth_get_rss_ex_dst_addr net/eth.c:410:17
|
||||||
|
#1 0x561ceefa41fb in eth_parse_ipv6_hdr net/eth.c:532:17
|
||||||
|
#2 0x561cef7de639 in net_tx_pkt_parse_headers hw/net/net_tx_pkt.c:228:14
|
||||||
|
#3 0x561cef7dbef4 in net_tx_pkt_parse hw/net/net_tx_pkt.c:273:9
|
||||||
|
#4 0x561ceec29f22 in e1000e_process_tx_desc hw/net/e1000e_core.c:730:29
|
||||||
|
#5 0x561ceec28eac in e1000e_start_xmit hw/net/e1000e_core.c:927:9
|
||||||
|
#6 0x561ceec1baab in e1000e_set_tdt hw/net/e1000e_core.c:2444:9
|
||||||
|
#7 0x561ceebf300e in e1000e_core_write hw/net/e1000e_core.c:3256:9
|
||||||
|
#8 0x561cef3cd4cd in e1000e_mmio_write hw/net/e1000e.c:110:5
|
||||||
|
|
||||||
|
Address 0x7ffdef904902 is located in stack of thread T0 at offset 34 in frame
|
||||||
|
#0 0x561ceefa320f in eth_parse_ipv6_hdr net/eth.c:486
|
||||||
|
|
||||||
|
This frame has 1 object(s):
|
||||||
|
[32, 34) 'ext_hdr' (line 487) <== Memory access at offset 34 overflows this variable
|
||||||
|
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
|
||||||
|
(longjmp and C++ exceptions *are* supported)
|
||||||
|
SUMMARY: AddressSanitizer: stack-buffer-overflow net/eth.c:410:17 in _eth_get_rss_ex_dst_addr
|
||||||
|
Shadow bytes around the buggy address:
|
||||||
|
0x10003df188d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
0x10003df188e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
0x10003df188f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
0x10003df18900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
0x10003df18910: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
|
||||||
|
=>0x10003df18920:[02]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
0x10003df18930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
0x10003df18940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
0x10003df18950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
0x10003df18960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
0x10003df18970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
||||||
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
||||||
|
Addressable: 00
|
||||||
|
Partially addressable: 01 02 03 04 05 06 07
|
||||||
|
Stack left redzone: f1
|
||||||
|
Stack right redzone: f3
|
||||||
|
==2859770==ABORTING
|
||||||
|
|
||||||
|
Similarly GCC 11 reports:
|
||||||
|
|
||||||
|
net/eth.c: In function 'eth_parse_ipv6_hdr':
|
||||||
|
net/eth.c:410:15: error: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside array bounds of 'struct ip6_ext_hdr[1]' [-Werror=array-bounds]
|
||||||
|
410 | if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) {
|
||||||
|
| ~~~~~^~~~~~~
|
||||||
|
net/eth.c:485:24: note: while referencing 'ext_hdr'
|
||||||
|
485 | struct ip6_ext_hdr ext_hdr;
|
||||||
|
| ^~~~~~~
|
||||||
|
net/eth.c:410:38: error: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside array bounds of 'struct ip6_ext_hdr[1]' [-Werror=array-bounds]
|
||||||
|
410 | if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) {
|
||||||
|
| ~~~~~^~~~~~~~~
|
||||||
|
net/eth.c:485:24: note: while referencing 'ext_hdr'
|
||||||
|
485 | struct ip6_ext_hdr ext_hdr;
|
||||||
|
| ^~~~~~~
|
||||||
|
|
||||||
|
In eth_parse_ipv6_hdr() we called iov_to_buf() to fill the 2 bytes of
|
||||||
|
the 'ext_hdr' buffer, then _eth_get_rss_ex_dst_addr() tries to access
|
||||||
|
beside the 2 filled bytes.
|
||||||
|
|
||||||
|
Fix by reworking the function, filling the full rt_hdr buffer on the
|
||||||
|
stack calling iov_to_buf() again.
|
||||||
|
|
||||||
|
Cc: qemu-stable@nongnu.org
|
||||||
|
Buglink: https://bugs.launchpad.net/qemu/+bug/1879531
|
||||||
|
Reported-by: Alexander Bulekov <alxndr@bu.edu>
|
||||||
|
Reported-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
Fixes: eb700029c78 ("net_pkt: Extend packet abstraction as required by e1000e functionality")
|
||||||
|
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
net/eth.c | 25 +++++++++++--------------
|
||||||
|
tests/qtest/fuzz-test.c | 29 +++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 40 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/net/eth.c b/net/eth.c
|
||||||
|
index 7d4dd48c1f..ae4db37888 100644
|
||||||
|
--- a/net/eth.c
|
||||||
|
+++ b/net/eth.c
|
||||||
|
@@ -401,26 +401,23 @@ eth_is_ip6_extension_header_type(uint8_t hdr_type)
|
||||||
|
|
||||||
|
static bool
|
||||||
|
_eth_get_rss_ex_dst_addr(const struct iovec *pkt, int pkt_frags,
|
||||||
|
- size_t rthdr_offset,
|
||||||
|
+ size_t ext_hdr_offset,
|
||||||
|
struct ip6_ext_hdr *ext_hdr,
|
||||||
|
struct in6_address *dst_addr)
|
||||||
|
{
|
||||||
|
- struct ip6_ext_hdr_routing *rthdr = (struct ip6_ext_hdr_routing *) ext_hdr;
|
||||||
|
-
|
||||||
|
- if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) {
|
||||||
|
-
|
||||||
|
- size_t input_size = iov_size(pkt, pkt_frags);
|
||||||
|
- size_t bytes_read;
|
||||||
|
+ struct ip6_ext_hdr_routing rt_hdr;
|
||||||
|
+ size_t input_size = iov_size(pkt, pkt_frags);
|
||||||
|
+ size_t bytes_read;
|
||||||
|
|
||||||
|
- if (input_size < rthdr_offset + sizeof(*ext_hdr)) {
|
||||||
|
- return false;
|
||||||
|
- }
|
||||||
|
+ if (input_size < ext_hdr_offset + sizeof(rt_hdr)) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- bytes_read = iov_to_buf(pkt, pkt_frags,
|
||||||
|
- rthdr_offset + sizeof(*ext_hdr),
|
||||||
|
- dst_addr, sizeof(*dst_addr));
|
||||||
|
+ bytes_read = iov_to_buf(pkt, pkt_frags, ext_hdr_offset,
|
||||||
|
+ &rt_hdr, sizeof(rt_hdr));
|
||||||
|
|
||||||
|
- return bytes_read == sizeof(*dst_addr);
|
||||||
|
+ if ((rt_hdr.rtype == 2) && (rt_hdr.segleft == 1)) {
|
||||||
|
+ return bytes_read == sizeof(*ext_hdr) + sizeof(*dst_addr);
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c
|
||||||
|
index 9cb4c42bde..2692d556d9 100644
|
||||||
|
--- a/tests/qtest/fuzz-test.c
|
||||||
|
+++ b/tests/qtest/fuzz-test.c
|
||||||
|
@@ -47,6 +47,32 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void)
|
||||||
|
qtest_outl(s, 0x5d02, 0xebed205d);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * https://bugs.launchpad.net/qemu/+bug/1879531
|
||||||
|
+ */
|
||||||
|
+static void test_lp1879531_eth_get_rss_ex_dst_addr(void)
|
||||||
|
+{
|
||||||
|
+ QTestState *s;
|
||||||
|
+
|
||||||
|
+ s = qtest_init("-nographic -monitor none -serial none -M pc-q35-5.0");
|
||||||
|
+
|
||||||
|
+ qtest_outl(s, 0xcf8 0x80001010);
|
||||||
|
+ qtest_outl(s, 0xcfc 0xe1020000);
|
||||||
|
+ qtest_outl(s, 0xcf8 0x80001004);
|
||||||
|
+ qtest_outw(s, 0xcfc 0x7);
|
||||||
|
+ qtest_writeb(s, 0x25 0x1 0x86);
|
||||||
|
+ qtest_writeb(s, 0x26 0x1 0xdd);
|
||||||
|
+ qtest_writeb(s, 0x4f 0x1 0x2b);
|
||||||
|
+ qtest_writel(s, 0xe1020030, 0x190002e1);
|
||||||
|
+ qtest_writew(s, 0xe102003a, 0x0807);
|
||||||
|
+ qtest_writel(s, 0xe1020048, 0x12077cdd);
|
||||||
|
+ qtest_writel(s, 0xe1020400, 0xba077cdd);
|
||||||
|
+ qtest_writel(s, 0xe1020420, 0x190002e1);
|
||||||
|
+ qtest_writel(s, 0xe1020428, 0x3509d807);
|
||||||
|
+ qtest_writeb(s, 0xe1020438, 0xe2);
|
||||||
|
+ qtest_quit(s);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int main(int argc, char **argv)
|
||||||
|
{
|
||||||
|
const char *arch = qtest_get_arch();
|
||||||
|
@@ -58,6 +84,9 @@ int main(int argc, char **argv)
|
||||||
|
test_lp1878263_megasas_zero_iov_cnt);
|
||||||
|
qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert",
|
||||||
|
test_lp1878642_pci_bus_get_irq_level_assert);
|
||||||
|
+ qtest_add_func("fuzz/test_lp1879531_eth_get_rss_ex_dst_addr",
|
||||||
|
+ test_lp1879531_eth_get_rss_ex_dst_addr);
|
||||||
|
+
|
||||||
|
}
|
||||||
|
|
||||||
|
return g_test_run();
|
||||||
|
--
|
||||||
|
2.18.4
|
||||||
|
|
@ -64,7 +64,7 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release}
|
|||||||
Summary: QEMU is a machine emulator and virtualizer
|
Summary: QEMU is a machine emulator and virtualizer
|
||||||
Name: qemu-kvm
|
Name: qemu-kvm
|
||||||
Version: 5.2.0
|
Version: 5.2.0
|
||||||
Release: 2%{?dist}
|
Release: 2.1%{?dist}
|
||||||
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
||||||
Epoch: 15
|
Epoch: 15
|
||||||
License: GPLv2 and GPLv2+ and CC-BY
|
License: GPLv2 and GPLv2+ and CC-BY
|
||||||
@ -124,6 +124,11 @@ Patch0024: 0024-redhat-s390x-add-rhel-8.4.0-compat-machine.patch
|
|||||||
Patch0027: 0027-block-vpc-Make-vpc_open-read-the-full-dynamic-header.patch
|
Patch0027: 0027-block-vpc-Make-vpc_open-read-the-full-dynamic-header.patch
|
||||||
Patch0028: 0028-GCC-11-warnings-hacks.patch
|
Patch0028: 0028-GCC-11-warnings-hacks.patch
|
||||||
Patch0029: 0029-Disable-problematic-tests-for-initial-build.patch
|
Patch0029: 0029-Disable-problematic-tests-for-initial-build.patch
|
||||||
|
Patch0030: 0030-Revert-GCC-11-warnings-hacks.patch
|
||||||
|
Patch0031: 0031-s390x-Use-strpadcpy-for-copying-vm-name.patch
|
||||||
|
Patch0032: 0032-tcg-Restrict-tcg_out_op-to-arrays-of-TCG_MAX_OP_ARGS.patch
|
||||||
|
Patch0033: 0033-net-eth-Simplify-_eth_get_rss_ex_dst_addr.patch
|
||||||
|
Patch0034: 0034-net-eth-Fix-stack-buffer-overflow-in.patch
|
||||||
|
|
||||||
BuildRequires: wget
|
BuildRequires: wget
|
||||||
BuildRequires: rpm-build
|
BuildRequires: rpm-build
|
||||||
@ -253,14 +258,12 @@ hardware for a full system such as a PC and its associated peripherals.
|
|||||||
Summary: qemu-kvm core components
|
Summary: qemu-kvm core components
|
||||||
Requires: %{name}-common = %{epoch}:%{version}-%{release}
|
Requires: %{name}-common = %{epoch}:%{version}-%{release}
|
||||||
Requires: qemu-img = %{epoch}:%{version}-%{release}
|
Requires: qemu-img = %{epoch}:%{version}-%{release}
|
||||||
|
%ifarch %{ix86} x86_64
|
||||||
# Temporary disable edk2 dependency as there's no edk2 available yet
|
Requires: edk2-ovmf
|
||||||
#%ifarch %{ix86} x86_64
|
%endif
|
||||||
#Requires: edk2-ovmf
|
%ifarch aarch64
|
||||||
#%endif
|
Requires: edk2-aarch64
|
||||||
#%ifarch aarch64
|
%endif
|
||||||
#Requires: edk2-aarch64
|
|
||||||
#%endif
|
|
||||||
|
|
||||||
%ifarch %{power64}
|
%ifarch %{power64}
|
||||||
Requires: SLOF >= %{SLOF_gittagdate}-1.git%{SLOF_gittagcommit}
|
Requires: SLOF >= %{SLOF_gittagdate}-1.git%{SLOF_gittagcommit}
|
||||||
@ -1306,9 +1309,6 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jan 05 2021 Miroslav Rezanina <mrezanin@redhat.com> - 5.2.0-2.el9
|
|
||||||
- Rebuild for RHEL 9
|
|
||||||
|
|
||||||
* Tue Dec 15 2020 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.2.0-2.el8
|
* Tue Dec 15 2020 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 5.2.0-2.el8
|
||||||
- kvm-redhat-Define-hw_compat_8_3.patch [bz#1893935]
|
- kvm-redhat-Define-hw_compat_8_3.patch [bz#1893935]
|
||||||
- kvm-redhat-Add-spapr_machine_rhel_default_class_options.patch [bz#1893935]
|
- kvm-redhat-Add-spapr_machine_rhel_default_class_options.patch [bz#1893935]
|
||||||
|
Loading…
Reference in New Issue
Block a user