[oe-commits] [openembedded-core] 01/04: qemu: Upgrade from 3.1.0 to 4.0.0
git at git.openembedded.org
git at git.openembedded.org
Thu May 2 12:47:32 UTC 2019
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit fed2a0f37a76732cd3de1b127d6902fb16dd4e05
Author: Alistair Francis <Alistair.Francis at wdc.com>
AuthorDate: Thu May 2 04:09:27 2019 +0000
qemu: Upgrade from 3.1.0 to 4.0.0
This commit upgrade QEMU to the latest 4.0.0 release.
- The COPYING.LIB file has changed SHA to:
"Synchronize the LGPL 2.1 with the version from gnu.org"
- SDL 1.2 has been removed, along with the --with-sdlabi command line
arg
- The backported patches have been removed
- Al the other patches have been refreshed and the numbering has been
updated
Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/conf/distro/include/tcmode-default.inc | 2 +-
meta/recipes-devtools/qemu/qemu-native.inc | 4 +-
.../{qemu-native_3.1.0.bb => qemu-native_4.0.0.bb} | 0
...native_3.1.0.bb => qemu-system-native_4.0.0.bb} | 1 +
meta/recipes-devtools/qemu/qemu.inc | 41 +-
.../qemu/qemu/0001-Add-a-missing-X11-include.patch | 65 ---
.../0001-egl-headless-add-egl_create_context.patch | 50 ---
...01-qemu-Add-missing-wacom-HID-descriptor.patch} | 2 +-
...sdl.c-allow-user-to-disable-pointer-grabs.patch | 72 ---
...ge-ptest-which-runs-all-unit-test-cases-.patch} | 6 +-
...ition-environment-space-to-boot-loader-q.patch} | 6 +-
...rind.patch => 0004-qemu-disable-Valgrind.patch} | 6 +-
...aths-searched-during-user-mode-emulation.patch} | 2 +-
...set-ld.bfd-fix-cflags-and-set-some-envir.patch} | 6 +-
...rdev-connect-socket-to-a-spawned-command.patch} | 69 ++-
...ch => 0008-apic-fixup-fallthrough-to-PIC.patch} | 6 +-
...Fix-webkitgtk-hangs-on-32-bit-x86-target.patch} | 4 +-
...-user-fix-mmap-munmap-mprotect-mremap-sh.patch} | 20 +-
...1-fix-libcap-header-issue-on-some-distro.patch} | 2 +-
...rror-messages-when-qemi_cpu_kick_thread-.patch} | 10 +-
...et-arm-Use-vector-operations-for-saturati.patch | 493 +++++++++++++++++++++
.../qemu/qemu/0014-fix-CVE-2018-16872.patch | 85 ----
.../qemu/qemu/0015-fix-CVE-2018-20124.patch | 60 ---
.../qemu/qemu/0016-fix-CVE-2018-20125.patch | 54 ---
.../qemu/qemu/0017-fix-CVE-2018-20126.patch | 113 -----
.../qemu/qemu/0018-fix-CVE-2018-20191.patch | 47 --
.../qemu/qemu/0019-fix-CVE-2018-20216.patch | 85 ----
.../recipes-devtools/qemu/qemu/CVE-2019-3812.patch | 39 --
.../qemu/{qemu_3.1.0.bb => qemu_4.0.0.bb} | 2 -
29 files changed, 583 insertions(+), 769 deletions(-)
diff --git a/meta/conf/distro/include/tcmode-default.inc b/meta/conf/distro/include/tcmode-default.inc
index 04373cc..02e9ddd 100644
--- a/meta/conf/distro/include/tcmode-default.inc
+++ b/meta/conf/distro/include/tcmode-default.inc
@@ -24,7 +24,7 @@ BINUVERSION ?= "2.32%"
GDBVERSION ?= "8.2%"
GLIBCVERSION ?= "2.29%"
LINUXLIBCVERSION ?= "5.0%"
-QEMUVERSION ?= "3.1%"
+QEMUVERSION ?= "4.0%"
GOVERSION ?= "1.12%"
PREFERRED_VERSION_gcc ?= "${GCCVERSION}"
diff --git a/meta/recipes-devtools/qemu/qemu-native.inc b/meta/recipes-devtools/qemu/qemu-native.inc
index 4373ad9..34ab8e6 100644
--- a/meta/recipes-devtools/qemu/qemu-native.inc
+++ b/meta/recipes-devtools/qemu/qemu-native.inc
@@ -3,8 +3,8 @@ inherit native
require qemu.inc
SRC_URI_append = " \
- file://0012-fix-libcap-header-issue-on-some-distro.patch \
- file://0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
+ file://0011-fix-libcap-header-issue-on-some-distro.patch \
+ file://0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
"
EXTRA_OECONF_append = " --python=python2.7"
diff --git a/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-native_4.0.0.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-native_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu-native_4.0.0.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
similarity index 95%
rename from meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
index 5bf528b..820883d 100644
--- a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
+++ b/meta/recipes-devtools/qemu/qemu-system-native_4.0.0.bb
@@ -20,4 +20,5 @@ do_install_append() {
# The following is also installed by qemu-native
rm -f ${D}${datadir}/qemu/trace-events-all
rm -rf ${D}${datadir}/qemu/keymaps
+ rm -rf ${D}${datadir}/icons/
}
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 3ec1414..f7b4141 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -5,36 +5,27 @@ LICENSE = "GPLv2 & LGPLv2.1"
RDEPENDS_${PN}-ptest = "bash make"
LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
- file://COPYING.LIB;endline=24;md5=c04def7ae38850e7d3ef548588159913"
+ file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f"
SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://powerpc_rom.bin \
- file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \
- file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \
- file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
file://run-ptest \
- file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
- file://0005-qemu-disable-Valgrind.patch \
- file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
- file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
- file://0008-chardev-connect-socket-to-a-spawned-command.patch \
- file://0009-apic-fixup-fallthrough-to-PIC.patch \
- file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
- file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
- file://0001-Add-a-missing-X11-include.patch \
- file://0001-egl-headless-add-egl_create_context.patch \
- file://0014-fix-CVE-2018-16872.patch \
- file://0015-fix-CVE-2018-20124.patch \
- file://0016-fix-CVE-2018-20125.patch \
- file://0017-fix-CVE-2018-20126.patch \
- file://0018-fix-CVE-2018-20191.patch \
- file://0019-fix-CVE-2018-20216.patch \
- file://CVE-2019-3812.patch \
+ file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \
+ file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
+ file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
+ file://0004-qemu-disable-Valgrind.patch \
+ file://0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
+ file://0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
+ file://0007-chardev-connect-socket-to-a-spawned-command.patch \
+ file://0008-apic-fixup-fallthrough-to-PIC.patch \
+ file://0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
+ file://0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
+ file://0013-Revert-target-arm-Use-vector-operations-for-saturati.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
-SRC_URI[md5sum] = "fb687ce0b02d3bf4327e36d3b99427a8"
-SRC_URI[sha256sum] = "6a0508df079a0a33c2487ca936a56c12122f105b8a96a44374704bef6c69abfc"
+SRC_URI[md5sum] = "0afeca336fd57ae3d3086ec07f59d708"
+SRC_URI[sha256sum] = "13a93dfe75b86734326f8d5b475fde82ec692d5b5a338b4262aeeb6b0fa4e469"
COMPATIBLE_HOST_mipsarchn32 = "null"
COMPATIBLE_HOST_mipsarchn64 = "null"
@@ -133,7 +124,7 @@ make_qemu_wrapper() {
PACKAGECONFIG_remove_darwin = "kvm virglrenderer glx gtk+"
PACKAGECONFIG_remove_mingw32 = "kvm virglrenderer glx gtk+"
-PACKAGECONFIG[sdl] = "--enable-sdl --with-sdlabi=2.0,--disable-sdl,libsdl2"
+PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2"
PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr,--disable-virtfs,libcap attr,"
PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"
PACKAGECONFIG[xfs] = "--enable-xfsctl,--disable-xfsctl,xfsprogs,"
@@ -169,3 +160,5 @@ PACKAGECONFIG[usb-redir] = "--enable-usb-redir,--disable-usb-redir,usbredir"
PACKAGECONFIG[snappy] = "--enable-snappy,--disable-snappy,snappy"
INSANE_SKIP_${PN} = "arch"
+
+FILES_${PN} += "${datadir}/icons"
diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
deleted file mode 100644
index 192936e..0000000
--- a/meta/recipes-devtools/qemu/qemu/0001-Add-a-missing-X11-include.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From eb1a215a4f86dde4493c3e22ad9f6d698850915e Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin at gmail.com>
-Date: Thu, 20 Dec 2018 18:06:29 +0100
-Subject: [PATCH] egl-helpers.h: do not depend on X11 Window type, use
- EGLNativeWindowType
-
-It was assumed that mesa provides the necessary X11 includes,
-but it is not always the case, as it can be configured without x11 support.
-
-Upstream-Status: Submitted [http://lists.nongnu.org/archive/html/qemu-devel/2019-01/msg03706.html]
-Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
-
----
- include/ui/egl-helpers.h | 2 +-
- ui/egl-helpers.c | 4 ++--
- ui/gtk-egl.c | 2 +-
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/include/ui/egl-helpers.h b/include/ui/egl-helpers.h
-index 9db7293b..3fc656a7 100644
---- a/include/ui/egl-helpers.h
-+++ b/include/ui/egl-helpers.h
-@@ -43,7 +43,7 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf);
-
- #endif
-
--EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win);
-+EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win);
-
- int qemu_egl_init_dpy_x11(EGLNativeDisplayType dpy, DisplayGLMode mode);
- int qemu_egl_init_dpy_mesa(EGLNativeDisplayType dpy, DisplayGLMode mode);
-diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c
-index 4f475142..5e115b3f 100644
---- a/ui/egl-helpers.c
-+++ b/ui/egl-helpers.c
-@@ -273,14 +273,14 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf)
-
- /* ---------------------------------------------------------------------- */
-
--EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, Window win)
-+EGLSurface qemu_egl_init_surface_x11(EGLContext ectx, EGLNativeWindowType win)
- {
- EGLSurface esurface;
- EGLBoolean b;
-
- esurface = eglCreateWindowSurface(qemu_egl_display,
- qemu_egl_config,
-- (EGLNativeWindowType)win, NULL);
-+ win, NULL);
- if (esurface == EGL_NO_SURFACE) {
- error_report("egl: eglCreateWindowSurface failed");
- return NULL;
-diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c
-index 5420c236..1f941162 100644
---- a/ui/gtk-egl.c
-+++ b/ui/gtk-egl.c
-@@ -54,7 +54,7 @@ void gd_egl_init(VirtualConsole *vc)
- }
-
- vc->gfx.ectx = qemu_egl_init_ctx();
-- vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, x11_window);
-+ vc->gfx.esurface = qemu_egl_init_surface_x11(vc->gfx.ectx, (EGLNativeWindowType)x11_window);
-
- assert(vc->gfx.esurface);
- }
diff --git a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch b/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
deleted file mode 100644
index d9326c0..0000000
--- a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 952e5d584f5aabe41298c278065fe628f3f7aa7a Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel at redhat.com>
-Date: Thu, 29 Nov 2018 13:35:02 +0100
-Subject: [PATCH] egl-headless: add egl_create_context
-
-We must set the correct context (via eglMakeCurrent) before
-calling qemu_egl_create_context, so we need a thin wrapper and can't
-hook qemu_egl_create_context directly as ->dpy_gl_ctx_create callback.
-
-Reported-by: Frederik Carlier <frederik.carlier at quamotion.mobi>
-Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
-Message-id: 20181129123502.30129-1-kraxel at redhat.com
-
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=952e5d584f5aabe41298c278065fe628f3f7aa7a]
-Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
----
- ui/egl-headless.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/ui/egl-headless.c b/ui/egl-headless.c
-index 4cf3bbc0e4..519e7bad32 100644
---- a/ui/egl-headless.c
-+++ b/ui/egl-headless.c
-@@ -38,6 +38,14 @@ static void egl_gfx_switch(DisplayChangeListener *dcl,
- edpy->ds = new_surface;
- }
-
-+static QEMUGLContext egl_create_context(DisplayChangeListener *dcl,
-+ QEMUGLParams *params)
-+{
-+ eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE,
-+ qemu_egl_rn_ctx);
-+ return qemu_egl_create_context(dcl, params);
-+}
-+
- static void egl_scanout_disable(DisplayChangeListener *dcl)
- {
- egl_dpy *edpy = container_of(dcl, egl_dpy, dcl);
-@@ -150,7 +158,7 @@ static const DisplayChangeListenerOps egl_ops = {
- .dpy_gfx_update = egl_gfx_update,
- .dpy_gfx_switch = egl_gfx_switch,
-
-- .dpy_gl_ctx_create = qemu_egl_create_context,
-+ .dpy_gl_ctx_create = egl_create_context,
- .dpy_gl_ctx_destroy = qemu_egl_destroy_context,
- .dpy_gl_ctx_make_current = qemu_egl_make_context_current,
- .dpy_gl_ctx_get_current = qemu_egl_get_current_context,
---
-2.17.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
similarity index 98%
rename from meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
rename to meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
index 4de2688..5373915 100644
--- a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
+++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
@@ -1,4 +1,4 @@
-From 7ac3c84f28866491c58cc0f52a25a706949c8ef3 Mon Sep 17 00:00:00 2001
+From 1cb804cf0e47116202011f3386b4739af668224a Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Thu, 27 Nov 2014 14:04:29 +0000
Subject: [PATCH] qemu: Add missing wacom HID descriptor
diff --git a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch b/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
deleted file mode 100644
index 5b9a1f9..0000000
--- a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From c53ddb5acbee56db6423f369b9f9a9b62501b4af Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton at intel.com>
-Date: Wed, 18 Sep 2013 14:04:54 +0100
-Subject: [PATCH] sdl.c: allow user to disable pointer grabs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When the pointer enters the Qemu window it calls SDL_WM_GrabInput, which calls
-XGrabPointer in a busyloop until it returns GrabSuccess. However if there's already
-a pointer grab (screen is locked, a menu is open) then qemu will hang until the
-grab can be taken. In the specific case of a headless X server on an autobuilder, once
-the screensaver has kicked in any qemu instance that appears underneath the
-pointer will hang.
-
-I'm not entirely sure why pointer grabs are required (the documentation
-explicitly says it doesn't do grabs when using a tablet, which we are) so wrap
-them in a conditional that can be set by the autobuilder environment, preserving
-the current grabbing behaviour for everyone else.
-
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton at intel.com>
-Signed-off-by: Eric Bénard <eric at eukrea.com>
-
----
- ui/sdl.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/ui/sdl.c b/ui/sdl.c
-index 190b16f5..aa89471d 100644
---- a/ui/sdl.c
-+++ b/ui/sdl.c
-@@ -69,6 +69,11 @@ static int idle_counter;
- static const guint16 *keycode_map;
- static size_t keycode_maplen;
-
-+#ifndef True
-+#define True 1
-+#endif
-+static doing_grabs = True;
-+
- #define SDL_REFRESH_INTERVAL_BUSY 10
- #define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \
- / SDL_REFRESH_INTERVAL_BUSY + 1)
-@@ -399,14 +404,16 @@ static void sdl_grab_start(void)
- }
- } else
- sdl_hide_cursor();
-- SDL_WM_GrabInput(SDL_GRAB_ON);
-+ if (doing_grabs)
-+ SDL_WM_GrabInput(SDL_GRAB_ON);
- gui_grab = 1;
- sdl_update_caption();
- }
-
- static void sdl_grab_end(void)
- {
-- SDL_WM_GrabInput(SDL_GRAB_OFF);
-+ if (doing_grabs)
-+ SDL_WM_GrabInput(SDL_GRAB_OFF);
- gui_grab = 0;
- sdl_show_cursor();
- sdl_update_caption();
-@@ -945,6 +952,8 @@ static void sdl1_display_init(DisplayState *ds, DisplayOptions *o)
- * This requires SDL >= 1.2.14. */
- setenv("SDL_DISABLE_LOCK_KEYS", "1", 1);
-
-+ doing_grabs = (getenv("QEMU_DONT_GRAB") == NULL);
-+
- flags = SDL_INIT_VIDEO | SDL_INIT_NOPARACHUTE;
- if (SDL_Init (flags)) {
- fprintf(stderr, "Could not initialize SDL(%s) - exiting\n",
diff --git a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
similarity index 83%
rename from meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
rename to meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
index 668fc46..7b7c5d7 100644
--- a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
+++ b/meta/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
@@ -1,4 +1,4 @@
-From aac8834bfd5b79e724f2593895847b50968a1223 Mon Sep 17 00:00:00 2001
+From 281116b31981b0b9e174bda8abe00f4eaa33c2ae Mon Sep 17 00:00:00 2001
From: Juro Bystricky <juro.bystricky at intel.com>
Date: Thu, 31 Aug 2017 11:06:56 -0700
Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
@@ -15,10 +15,10 @@ Signed-off-by: Juro Bystricky <juro.bystricky at intel.com>
1 file changed, 8 insertions(+)
diff --git a/tests/Makefile.include b/tests/Makefile.include
-index fb0b449c..afedabd4 100644
+index 36fc73fe..01fecd4d 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
-@@ -967,4 +967,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
+@@ -1184,4 +1184,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
-include $(wildcard tests/*.d)
-include $(wildcard tests/libqos/*.d)
diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
similarity index 89%
rename from meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
rename to meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
index b4d4c58..9a18ca1 100644
--- a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
+++ b/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -1,4 +1,4 @@
-From 3de7a5635093c31dcb960ce9dff27da629b85d4d Mon Sep 17 00:00:00 2001
+From bf04acef9ec31ddcc18ddbb4ac5b7b1e7368bf7d Mon Sep 17 00:00:00 2001
From: Jason Wessel <jason.wessel at windriver.com>
Date: Fri, 28 Mar 2014 17:42:43 +0800
Subject: [PATCH] qemu: Add addition environment space to boot loader
@@ -19,10 +19,10 @@ Signed-off-by: Roy Li <rongqing.li at windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
-index c1cf0fe1..decffd2f 100644
+index 439665ab..285c78ef 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
-@@ -62,7 +62,7 @@
+@@ -60,7 +60,7 @@
#define ENVP_ADDR 0x80002000l
#define ENVP_NB_ENTRIES 16
diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
similarity index 85%
rename from meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
rename to meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
index f0cf814..9e32608 100644
--- a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
+++ b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
@@ -1,4 +1,4 @@
-From 32e8a94b6ae664d9b5689e19d495e304c0f41954 Mon Sep 17 00:00:00 2001
+From e40f797548bc3ff06c71b6cbe042a46406894d18 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton at intel.com>
Date: Tue, 20 Oct 2015 22:19:08 +0100
Subject: [PATCH] qemu: disable Valgrind
@@ -13,10 +13,10 @@ Signed-off-by: Ross Burton <ross.burton at intel.com>
1 file changed, 9 deletions(-)
diff --git a/configure b/configure
-index 0a3c6a72..069e0daa 100755
+index 1c563a70..eaf9bb5e 100755
--- a/configure
+++ b/configure
-@@ -5044,15 +5044,6 @@ fi
+@@ -5311,15 +5311,6 @@ fi
# check if we have valgrind/valgrind.h
valgrind_h=no
diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
similarity index 98%
rename from meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
rename to meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
index 4b2f013..819720a 100644
--- a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
+++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-Limit-paths-searched-during-user-mode-emulation.patch
@@ -1,4 +1,4 @@
-From 02f80ee81681b6307a8032128a07686183662270 Mon Sep 17 00:00:00 2001
+From 547c3710a1493d2fd6bb56b819cf162db433756a Mon Sep 17 00:00:00 2001
From: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Wed, 9 Mar 2016 22:49:02 +0000
Subject: [PATCH] qemu: Limit paths searched during user mode emulation
diff --git a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
similarity index 82%
rename from meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
rename to meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
index 4163e51..b62a588 100644
--- a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
+++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
@@ -1,4 +1,4 @@
-From 74bce35b71f4733c13e96f96e25956ff943fae20 Mon Sep 17 00:00:00 2001
+From 107fd860529a3c1319d54c3c225758457b0d9394 Mon Sep 17 00:00:00 2001
From: Stephen Arnold <sarnold at vctlabs.com>
Date: Sun, 12 Jun 2016 18:09:56 -0700
Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
@@ -10,10 +10,10 @@ Upstream-Status: Pending
1 file changed, 4 deletions(-)
diff --git a/configure b/configure
-index 069e0daa..5b97f3c1 100755
+index eaf9bb5e..de2933d1 100755
--- a/configure
+++ b/configure
-@@ -5622,10 +5622,6 @@ write_c_skeleton
+@@ -5928,10 +5928,6 @@ write_c_skeleton
if test "$gcov" = "yes" ; then
CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
diff --git a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
similarity index 80%
rename from meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
rename to meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
index e5a2d4a..f3f3dc3 100644
--- a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
+++ b/meta/recipes-devtools/qemu/qemu/0007-chardev-connect-socket-to-a-spawned-command.patch
@@ -1,4 +1,4 @@
-From 9c1e976290e87a83ab1bfe38eb7ff3521ff0d684 Mon Sep 17 00:00:00 2001
+From 136e159482a1bc8676cbe6e767055d0c3fb20065 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis at xilinx.com>
Date: Thu, 21 Dec 2017 11:35:16 -0800
Subject: [PATCH] chardev: connect socket to a spawned command
@@ -46,17 +46,17 @@ Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Patrick Ohly <patrick.ohly at intel.com>
---
- chardev/char-socket.c | 102 ++++++++++++++++++++++++++++++++++++++++++
+ chardev/char-socket.c | 101 ++++++++++++++++++++++++++++++++++++++++++
chardev/char.c | 3 ++
qapi/char.json | 5 +++
- 3 files changed, 110 insertions(+)
+ 3 files changed, 109 insertions(+)
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
-index eaa8e8b6..959ed183 100644
+index 3916505d..a8e9dce8 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
-@@ -987,6 +987,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
- return false;
+@@ -1273,6 +1273,67 @@ static bool qmp_chardev_validate_socket(ChardevSocket *sock,
+ return true;
}
+#ifndef _WIN32
@@ -120,11 +120,10 @@ index eaa8e8b6..959ed183 100644
+ }
+}
+#endif
-+
+
static void qmp_chardev_open_socket(Chardev *chr,
ChardevBackend *backend,
- bool *be_opened,
-@@ -994,6 +1056,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
+@@ -1281,6 +1342,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
{
SocketChardev *s = SOCKET_CHARDEV(chr);
ChardevSocket *sock = backend->u.socket.data;
@@ -134,9 +133,9 @@ index eaa8e8b6..959ed183 100644
bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
bool is_listen = sock->has_server ? sock->server : true;
bool is_telnet = sock->has_telnet ? sock->telnet : false;
-@@ -1072,6 +1137,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
- s->reconnect_time = reconnect;
- }
+@@ -1346,6 +1410,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
+
+ update_disconnected_filename(s);
+#ifndef _WIN32
+ if (cmd) {
@@ -146,13 +145,13 @@ index eaa8e8b6..959ed183 100644
+ *be_opened = true;
+ } else
+#endif
- if (s->reconnect_time) {
- tcp_chr_connect_async(chr);
- } else {
-@@ -1131,9 +1204,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
+ if (s->is_listen) {
+ if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270,
+ is_waitconnect, errp) < 0) {
+@@ -1365,9 +1437,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
+ const char *host = qemu_opt_get(opts, "host");
const char *port = qemu_opt_get(opts, "port");
const char *fd = qemu_opt_get(opts, "fd");
- const char *tls_creds = qemu_opt_get(opts, "tls-creds");
+#ifndef _WIN32
+ const char *cmd = qemu_opt_get(opts, "cmd");
+#endif
@@ -166,7 +165,7 @@ index eaa8e8b6..959ed183 100644
+ * spawning a command, otherwise unmodified code that doesn't know about
+ * command spawning (like socket_reconnect_timeout()) might get called.
+ */
-+ if (path || is_listen || is_telnet || is_tn3270 || reconnect || host || port || tls_creds) {
++ if (path || sock->server || sock->has_telnet || sock->has_tn3270 || sock->reconnect || host || port || sock->tls_creds) {
+ error_setg(errp, "chardev: socket: cmd does not support any additional options");
+ return;
+ }
@@ -176,14 +175,14 @@ index eaa8e8b6..959ed183 100644
if ((!!path + !!fd + !!host) != 1) {
error_setg(errp,
"Exactly one of 'path', 'fd' or 'host' required");
-@@ -1180,12 +1270,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
- sock->reconnect = reconnect;
- sock->tls_creds = g_strdup(tls_creds);
+@@ -1410,12 +1499,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
+ sock->has_tls_authz = qemu_opt_get(opts, "tls-authz");
+ sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz"));
+#ifndef _WIN32
+ sock->cmd = g_strdup(cmd);
+#endif
-+
++
addr = g_new0(SocketAddressLegacy, 1);
+#ifndef _WIN32
+ if (path || cmd) {
@@ -202,10 +201,10 @@ index eaa8e8b6..959ed183 100644
addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
addr->u.inet.data = g_new(InetSocketAddress, 1);
diff --git a/chardev/char.c b/chardev/char.c
-index 152dde53..62d5b578 100644
+index 514cd6b0..36a40d67 100644
--- a/chardev/char.c
+++ b/chardev/char.c
-@@ -818,6 +818,9 @@ QemuOptsList qemu_chardev_opts = {
+@@ -835,6 +835,9 @@ QemuOptsList qemu_chardev_opts = {
},{
.name = "path",
.type = QEMU_OPT_STRING,
@@ -216,10 +215,10 @@ index 152dde53..62d5b578 100644
.name = "host",
.type = QEMU_OPT_STRING,
diff --git a/qapi/char.json b/qapi/char.json
-index 79bac598..97bd161a 100644
+index a6e81ac7..517962c6 100644
--- a/qapi/char.json
+++ b/qapi/char.json
-@@ -242,6 +242,10 @@
+@@ -247,6 +247,10 @@
#
# @addr: socket address to listen on (server=true)
# or connect to (server=false)
@@ -228,13 +227,13 @@ index 79bac598..97bd161a 100644
+# is used by the chardev. Either an addr or a cmd can
+# be specified, but not both.
# @tls-creds: the ID of the TLS credentials object (since 2.6)
- # @server: create server socket (default: true)
- # @wait: wait for incoming connection on server
-@@ -261,6 +265,7 @@
- # Since: 1.4
+ # @tls-authz: the ID of the QAuthZ authorization object against which
+ # the client's x509 distinguished name will be validated. This
+@@ -272,6 +276,7 @@
##
- { 'struct': 'ChardevSocket', 'data': { 'addr' : 'SocketAddressLegacy',
-+ '*cmd' : 'str',
- '*tls-creds' : 'str',
- '*server' : 'bool',
- '*wait' : 'bool',
+ { 'struct': 'ChardevSocket',
+ 'data': { 'addr': 'SocketAddressLegacy',
++ '*cmd': 'str',
+ '*tls-creds': 'str',
+ '*tls-authz' : 'str',
+ '*server': 'bool',
diff --git a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
similarity index 90%
rename from meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
rename to meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
index 1d3a2b5..13037f3 100644
--- a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
+++ b/meta/recipes-devtools/qemu/qemu/0008-apic-fixup-fallthrough-to-PIC.patch
@@ -1,4 +1,4 @@
-From 4829da131996548dc86775b8b97a29c436f3d130 Mon Sep 17 00:00:00 2001
+From 1b3f264e2ba18caf658fae27293c426c8366c6a3 Mon Sep 17 00:00:00 2001
From: Mark Asselstine <mark.asselstine at windriver.com>
Date: Tue, 26 Feb 2013 11:43:28 -0500
Subject: [PATCH] apic: fixup fallthrough to PIC
@@ -30,10 +30,10 @@ Signed-off-by: He Zhe <zhe.he at windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/intc/apic.c b/hw/intc/apic.c
-index 97ffdd82..ef23430e 100644
+index 6ea619c3..f892811e 100644
--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
-@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *dev)
+@@ -604,7 +604,7 @@ int apic_accept_pic_intr(DeviceState *dev)
APICCommonState *s = APIC(dev);
uint32_t lvt0;
diff --git a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
similarity index 93%
rename from meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
rename to meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
index c0d7914..c572ff9 100644
--- a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
+++ b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
@@ -1,4 +1,4 @@
-From bce25c9cda73569963615ffd31ed949cbe3a3781 Mon Sep 17 00:00:00 2001
+From a33ae91504ea4d254b5ace64a84791d3c96c9773 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis at xilinx.com>
Date: Wed, 17 Jan 2018 10:51:49 -0800
Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
@@ -19,7 +19,7 @@ Signed-off-by: Alistair Francis <alistair.francis at xilinx.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux-user/main.c b/linux-user/main.c
-index 923cbb75..fe0b9ff4 100644
+index a0aba9cb..34c54924 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -69,7 +69,7 @@ int have_guest_base;
diff --git a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch b/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
similarity index 90%
rename from meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
rename to meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
index 066ea78..3418eb7 100644
--- a/meta/recipes-devtools/qemu/qemu/0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
+++ b/meta/recipes-devtools/qemu/qemu/0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch
@@ -1,4 +1,4 @@
-From 496231774f8bc17ecfaf543a6603e3cad3f3f74e Mon Sep 17 00:00:00 2001
+From 2a66bd95c856de6950fbd802c5b99075207c1d76 Mon Sep 17 00:00:00 2001
From: Martin Jansa <martin.jansa at lge.com>
Date: Fri, 1 Jun 2018 08:41:07 +0000
Subject: [PATCH] Revert "linux-user: fix mmap/munmap/mprotect/mremap/shmat"
@@ -23,7 +23,7 @@ Upstream-Status: Pending
4 files changed, 15 insertions(+), 29 deletions(-)
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
-index 117d2fbb..90558c14 100644
+index b16c9ec5..612db6a0 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -163,12 +163,8 @@ extern unsigned long guest_base;
@@ -41,7 +41,7 @@ index 117d2fbb..90558c14 100644
#include "exec/hwaddr.h"
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
-index 95906849..ed17b3f6 100644
+index d78041d7..845639f7 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -62,13 +62,15 @@ typedef uint64_t abi_ptr;
@@ -68,7 +68,7 @@ index 95906849..ed17b3f6 100644
#define h2g_nocheck(x) ({ \
unsigned long __ret = (unsigned long)(x) - guest_base; \
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
-index 41e0983c..d0ee1c53 100644
+index e0249efe..cfe34b35 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -79,7 +79,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
@@ -81,9 +81,9 @@ index 41e0983c..d0ee1c53 100644
}
prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
@@ -490,8 +490,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
- * It can fail only on 64-bit host with 32-bit target.
- * On any other target/host host mmap() handles this error correctly.
- */
+ * It can fail only on 64-bit host with 32-bit target.
+ * On any other target/host host mmap() handles this error correctly.
+ */
- if (!guest_range_valid(start, len)) {
- errno = ENOMEM;
+ if ((unsigned long)start + len - 1 > (abi_ulong) -1) {
@@ -118,10 +118,10 @@ index 41e0983c..d0ee1c53 100644
if (flags & MREMAP_FIXED) {
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index 280137da..efdd0006 100644
+index 96cd4bf8..e6754772 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
-@@ -3818,9 +3818,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
+@@ -3860,9 +3860,6 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
return -TARGET_EINVAL;
}
}
@@ -131,7 +131,7 @@ index 280137da..efdd0006 100644
mmap_lock();
-@@ -6582,7 +6579,7 @@ static int open_self_maps(void *cpu_env, int fd)
+@@ -6633,7 +6630,7 @@ static int open_self_maps(void *cpu_env, int fd)
}
if (h2g_valid(min)) {
int flags = page_get_flags(h2g(min));
diff --git a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch b/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
similarity index 97%
rename from meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
rename to meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
index 9cbe838..3a7d7bb 100644
--- a/meta/recipes-devtools/qemu/qemu/0012-fix-libcap-header-issue-on-some-distro.patch
+++ b/meta/recipes-devtools/qemu/qemu/0011-fix-libcap-header-issue-on-some-distro.patch
@@ -1,4 +1,4 @@
-From d3e0b8dac7c2eb20d7fcff747bc98b981f4398ef Mon Sep 17 00:00:00 2001
+From 9125afb733d8c96416bb83c5adad39bb8d0803a1 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia at windriver.com>
Date: Tue, 12 Mar 2013 09:54:06 +0800
Subject: [PATCH] fix libcap header issue on some distro
diff --git a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
similarity index 87%
rename from meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
rename to meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
index 27e508c..0466419 100644
--- a/meta/recipes-devtools/qemu/qemu/0013-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
+++ b/meta/recipes-devtools/qemu/qemu/0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
@@ -1,4 +1,4 @@
-From 861c522df7791d7e93743d5641f3ef2a5a3c4632 Mon Sep 17 00:00:00 2001
+From 0a53e906510cce1f32bc04a11e81ea40f834dac4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon at linux.intel.com>
Date: Wed, 12 Aug 2015 15:11:30 -0500
Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
@@ -20,10 +20,10 @@ Signed-off-by: Aníbal Limón <anibal.limon at linux.intel.com>
create mode 100644 custom_debug.h
diff --git a/cpus.c b/cpus.c
-index 0ddeeefc..4f3a5624 100644
+index e83f72b4..e6e2576e 100644
--- a/cpus.c
+++ b/cpus.c
-@@ -1768,6 +1768,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
+@@ -1769,6 +1769,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
return NULL;
}
@@ -32,9 +32,9 @@ index 0ddeeefc..4f3a5624 100644
static void qemu_cpu_kick_thread(CPUState *cpu)
{
#ifndef _WIN32
-@@ -1780,6 +1782,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
+@@ -1781,6 +1783,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
err = pthread_kill(cpu->thread->thread, SIG_IPI);
- if (err) {
+ if (err && err != ESRCH) {
fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
+ fprintf(stderr, "CPU #%d:\n", cpu->cpu_index);
+ cpu_dump_state(cpu, stderr, fprintf, 0);
diff --git a/meta/recipes-devtools/qemu/qemu/0013-Revert-target-arm-Use-vector-operations-for-saturati.patch b/meta/recipes-devtools/qemu/qemu/0013-Revert-target-arm-Use-vector-operations-for-saturati.patch
new file mode 100644
index 0000000..c38b547
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0013-Revert-target-arm-Use-vector-operations-for-saturati.patch
@@ -0,0 +1,493 @@
+From b46cdcdeb762c1f0eef68dc4a7d90f8176152e07 Mon Sep 17 00:00:00 2001
+From: Alistair Francis <alistair.francis at wdc.com>
+Date: Wed, 1 May 2019 19:51:27 -0700
+Subject: [PATCH] Revert "target/arm: Use vector operations for saturation"
+
+This reverts commit 89e68b575e138d0af1435f11a8ffcd8779c237bd.
+
+This fixes QEMU aborts when running the qemuarm machine.
+
+Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
+Upstream-status: Pending
+---
+ target/arm/helper.h | 33 -------
+ target/arm/translate-a64.c | 36 ++++----
+ target/arm/translate.c | 172 ++++++-------------------------------
+ target/arm/translate.h | 4 -
+ target/arm/vec_helper.c | 130 ----------------------------
+ 5 files changed, 44 insertions(+), 331 deletions(-)
+
+diff --git a/target/arm/helper.h b/target/arm/helper.h
+index 50cb036378..b2669f140f 100644
+--- a/target/arm/helper.h
++++ b/target/arm/helper.h
+@@ -646,39 +646,6 @@ DEF_HELPER_FLAGS_6(gvec_fmla_idx_s, TCG_CALL_NO_RWG,
+ DEF_HELPER_FLAGS_6(gvec_fmla_idx_d, TCG_CALL_NO_RWG,
+ void, ptr, ptr, ptr, ptr, ptr, i32)
+
+-DEF_HELPER_FLAGS_5(gvec_uqadd_b, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_uqadd_h, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_uqadd_s, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_uqadd_d, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_sqadd_b, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_sqadd_h, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_sqadd_s, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_sqadd_d, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_uqsub_b, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_uqsub_h, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_uqsub_s, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_uqsub_d, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_sqsub_b, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_sqsub_h, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_sqsub_s, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-DEF_HELPER_FLAGS_5(gvec_sqsub_d, TCG_CALL_NO_RWG,
+- void, ptr, ptr, ptr, ptr, i32)
+-
+ DEF_HELPER_FLAGS_5(gvec_fmlal_a32, TCG_CALL_NO_RWG,
+ void, ptr, ptr, ptr, ptr, i32)
+ DEF_HELPER_FLAGS_5(gvec_fmlal_a64, TCG_CALL_NO_RWG,
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+index 9dcc5ff3a3..428211f92f 100644
+--- a/target/arm/translate-a64.c
++++ b/target/arm/translate-a64.c
+@@ -11230,22 +11230,6 @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
+ }
+
+ switch (opcode) {
+- case 0x01: /* SQADD, UQADD */
+- tcg_gen_gvec_4(vec_full_reg_offset(s, rd),
+- offsetof(CPUARMState, vfp.qc),
+- vec_full_reg_offset(s, rn),
+- vec_full_reg_offset(s, rm),
+- is_q ? 16 : 8, vec_full_reg_size(s),
+- (u ? uqadd_op : sqadd_op) + size);
+- return;
+- case 0x05: /* SQSUB, UQSUB */
+- tcg_gen_gvec_4(vec_full_reg_offset(s, rd),
+- offsetof(CPUARMState, vfp.qc),
+- vec_full_reg_offset(s, rn),
+- vec_full_reg_offset(s, rm),
+- is_q ? 16 : 8, vec_full_reg_size(s),
+- (u ? uqsub_op : sqsub_op) + size);
+- return;
+ case 0x0c: /* SMAX, UMAX */
+ if (u) {
+ gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umax, size);
+@@ -11341,6 +11325,16 @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
+ genfn = fns[size][u];
+ break;
+ }
++ case 0x1: /* SQADD, UQADD */
++ {
++ static NeonGenTwoOpEnvFn * const fns[3][2] = {
++ { gen_helper_neon_qadd_s8, gen_helper_neon_qadd_u8 },
++ { gen_helper_neon_qadd_s16, gen_helper_neon_qadd_u16 },
++ { gen_helper_neon_qadd_s32, gen_helper_neon_qadd_u32 },
++ };
++ genenvfn = fns[size][u];
++ break;
++ }
+ case 0x2: /* SRHADD, URHADD */
+ {
+ static NeonGenTwoOpFn * const fns[3][2] = {
+@@ -11361,6 +11355,16 @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
+ genfn = fns[size][u];
+ break;
+ }
++ case 0x5: /* SQSUB, UQSUB */
++ {
++ static NeonGenTwoOpEnvFn * const fns[3][2] = {
++ { gen_helper_neon_qsub_s8, gen_helper_neon_qsub_u8 },
++ { gen_helper_neon_qsub_s16, gen_helper_neon_qsub_u16 },
++ { gen_helper_neon_qsub_s32, gen_helper_neon_qsub_u32 },
++ };
++ genenvfn = fns[size][u];
++ break;
++ }
+ case 0x8: /* SSHL, USHL */
+ {
+ static NeonGenTwoOpFn * const fns[3][2] = {
+diff --git a/target/arm/translate.c b/target/arm/translate.c
+index 10bc53f91c..cf675cef3f 100644
+--- a/target/arm/translate.c
++++ b/target/arm/translate.c
+@@ -6242,142 +6242,6 @@ const GVecGen3 cmtst_op[4] = {
+ .vece = MO_64 },
+ };
+
+-static void gen_uqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
+- TCGv_vec a, TCGv_vec b)
+-{
+- TCGv_vec x = tcg_temp_new_vec_matching(t);
+- tcg_gen_add_vec(vece, x, a, b);
+- tcg_gen_usadd_vec(vece, t, a, b);
+- tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
+- tcg_gen_or_vec(vece, sat, sat, x);
+- tcg_temp_free_vec(x);
+-}
+-
+-const GVecGen4 uqadd_op[4] = {
+- { .fniv = gen_uqadd_vec,
+- .fno = gen_helper_gvec_uqadd_b,
+- .opc = INDEX_op_usadd_vec,
+- .write_aofs = true,
+- .vece = MO_8 },
+- { .fniv = gen_uqadd_vec,
+- .fno = gen_helper_gvec_uqadd_h,
+- .opc = INDEX_op_usadd_vec,
+- .write_aofs = true,
+- .vece = MO_16 },
+- { .fniv = gen_uqadd_vec,
+- .fno = gen_helper_gvec_uqadd_s,
+- .opc = INDEX_op_usadd_vec,
+- .write_aofs = true,
+- .vece = MO_32 },
+- { .fniv = gen_uqadd_vec,
+- .fno = gen_helper_gvec_uqadd_d,
+- .opc = INDEX_op_usadd_vec,
+- .write_aofs = true,
+- .vece = MO_64 },
+-};
+-
+-static void gen_sqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
+- TCGv_vec a, TCGv_vec b)
+-{
+- TCGv_vec x = tcg_temp_new_vec_matching(t);
+- tcg_gen_add_vec(vece, x, a, b);
+- tcg_gen_ssadd_vec(vece, t, a, b);
+- tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
+- tcg_gen_or_vec(vece, sat, sat, x);
+- tcg_temp_free_vec(x);
+-}
+-
+-const GVecGen4 sqadd_op[4] = {
+- { .fniv = gen_sqadd_vec,
+- .fno = gen_helper_gvec_sqadd_b,
+- .opc = INDEX_op_ssadd_vec,
+- .write_aofs = true,
+- .vece = MO_8 },
+- { .fniv = gen_sqadd_vec,
+- .fno = gen_helper_gvec_sqadd_h,
+- .opc = INDEX_op_ssadd_vec,
+- .write_aofs = true,
+- .vece = MO_16 },
+- { .fniv = gen_sqadd_vec,
+- .fno = gen_helper_gvec_sqadd_s,
+- .opc = INDEX_op_ssadd_vec,
+- .write_aofs = true,
+- .vece = MO_32 },
+- { .fniv = gen_sqadd_vec,
+- .fno = gen_helper_gvec_sqadd_d,
+- .opc = INDEX_op_ssadd_vec,
+- .write_aofs = true,
+- .vece = MO_64 },
+-};
+-
+-static void gen_uqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
+- TCGv_vec a, TCGv_vec b)
+-{
+- TCGv_vec x = tcg_temp_new_vec_matching(t);
+- tcg_gen_sub_vec(vece, x, a, b);
+- tcg_gen_ussub_vec(vece, t, a, b);
+- tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
+- tcg_gen_or_vec(vece, sat, sat, x);
+- tcg_temp_free_vec(x);
+-}
+-
+-const GVecGen4 uqsub_op[4] = {
+- { .fniv = gen_uqsub_vec,
+- .fno = gen_helper_gvec_uqsub_b,
+- .opc = INDEX_op_ussub_vec,
+- .write_aofs = true,
+- .vece = MO_8 },
+- { .fniv = gen_uqsub_vec,
+- .fno = gen_helper_gvec_uqsub_h,
+- .opc = INDEX_op_ussub_vec,
+- .write_aofs = true,
+- .vece = MO_16 },
+- { .fniv = gen_uqsub_vec,
+- .fno = gen_helper_gvec_uqsub_s,
+- .opc = INDEX_op_ussub_vec,
+- .write_aofs = true,
+- .vece = MO_32 },
+- { .fniv = gen_uqsub_vec,
+- .fno = gen_helper_gvec_uqsub_d,
+- .opc = INDEX_op_ussub_vec,
+- .write_aofs = true,
+- .vece = MO_64 },
+-};
+-
+-static void gen_sqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
+- TCGv_vec a, TCGv_vec b)
+-{
+- TCGv_vec x = tcg_temp_new_vec_matching(t);
+- tcg_gen_sub_vec(vece, x, a, b);
+- tcg_gen_sssub_vec(vece, t, a, b);
+- tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
+- tcg_gen_or_vec(vece, sat, sat, x);
+- tcg_temp_free_vec(x);
+-}
+-
+-const GVecGen4 sqsub_op[4] = {
+- { .fniv = gen_sqsub_vec,
+- .fno = gen_helper_gvec_sqsub_b,
+- .opc = INDEX_op_sssub_vec,
+- .write_aofs = true,
+- .vece = MO_8 },
+- { .fniv = gen_sqsub_vec,
+- .fno = gen_helper_gvec_sqsub_h,
+- .opc = INDEX_op_sssub_vec,
+- .write_aofs = true,
+- .vece = MO_16 },
+- { .fniv = gen_sqsub_vec,
+- .fno = gen_helper_gvec_sqsub_s,
+- .opc = INDEX_op_sssub_vec,
+- .write_aofs = true,
+- .vece = MO_32 },
+- { .fniv = gen_sqsub_vec,
+- .fno = gen_helper_gvec_sqsub_d,
+- .opc = INDEX_op_sssub_vec,
+- .write_aofs = true,
+- .vece = MO_64 },
+-};
+-
+ /* Translate a NEON data processing instruction. Return nonzero if the
+ instruction is invalid.
+ We process data in a mixture of 32-bit and 64-bit chunks.
+@@ -6561,18 +6425,6 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
+ }
+ return 0;
+
+- case NEON_3R_VQADD:
+- tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
+- rn_ofs, rm_ofs, vec_size, vec_size,
+- (u ? uqadd_op : sqadd_op) + size);
+- break;
+-
+- case NEON_3R_VQSUB:
+- tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
+- rn_ofs, rm_ofs, vec_size, vec_size,
+- (u ? uqsub_op : sqsub_op) + size);
+- break;
+-
+ case NEON_3R_VMUL: /* VMUL */
+ if (u) {
+ /* Polynomial case allows only P8 and is handled below. */
+@@ -6637,6 +6489,24 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
+ neon_load_reg64(cpu_V0, rn + pass);
+ neon_load_reg64(cpu_V1, rm + pass);
+ switch (op) {
++ case NEON_3R_VQADD:
++ if (u) {
++ gen_helper_neon_qadd_u64(cpu_V0, cpu_env,
++ cpu_V0, cpu_V1);
++ } else {
++ gen_helper_neon_qadd_s64(cpu_V0, cpu_env,
++ cpu_V0, cpu_V1);
++ }
++ break;
++ case NEON_3R_VQSUB:
++ if (u) {
++ gen_helper_neon_qsub_u64(cpu_V0, cpu_env,
++ cpu_V0, cpu_V1);
++ } else {
++ gen_helper_neon_qsub_s64(cpu_V0, cpu_env,
++ cpu_V0, cpu_V1);
++ }
++ break;
+ case NEON_3R_VSHL:
+ if (u) {
+ gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
+@@ -6752,12 +6622,18 @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
+ case NEON_3R_VHADD:
+ GEN_NEON_INTEGER_OP(hadd);
+ break;
++ case NEON_3R_VQADD:
++ GEN_NEON_INTEGER_OP_ENV(qadd);
++ break;
+ case NEON_3R_VRHADD:
+ GEN_NEON_INTEGER_OP(rhadd);
+ break;
+ case NEON_3R_VHSUB:
+ GEN_NEON_INTEGER_OP(hsub);
+ break;
++ case NEON_3R_VQSUB:
++ GEN_NEON_INTEGER_OP_ENV(qsub);
++ break;
+ case NEON_3R_VSHL:
+ GEN_NEON_INTEGER_OP(shl);
+ break;
+diff --git a/target/arm/translate.h b/target/arm/translate.h
+index c2348def0d..07055c9449 100644
+--- a/target/arm/translate.h
++++ b/target/arm/translate.h
+@@ -248,10 +248,6 @@ extern const GVecGen2i ssra_op[4];
+ extern const GVecGen2i usra_op[4];
+ extern const GVecGen2i sri_op[4];
+ extern const GVecGen2i sli_op[4];
+-extern const GVecGen4 uqadd_op[4];
+-extern const GVecGen4 sqadd_op[4];
+-extern const GVecGen4 uqsub_op[4];
+-extern const GVecGen4 sqsub_op[4];
+ void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b);
+
+ /*
+diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
+index dedef62403..be3271659f 100644
+--- a/target/arm/vec_helper.c
++++ b/target/arm/vec_helper.c
+@@ -769,136 +769,6 @@ DO_FMLA_IDX(gvec_fmla_idx_d, float64, )
+
+ #undef DO_FMLA_IDX
+
+-#define DO_SAT(NAME, WTYPE, TYPEN, TYPEM, OP, MIN, MAX) \
+-void HELPER(NAME)(void *vd, void *vq, void *vn, void *vm, uint32_t desc) \
+-{ \
+- intptr_t i, oprsz = simd_oprsz(desc); \
+- TYPEN *d = vd, *n = vn; TYPEM *m = vm; \
+- bool q = false; \
+- for (i = 0; i < oprsz / sizeof(TYPEN); i++) { \
+- WTYPE dd = (WTYPE)n[i] OP m[i]; \
+- if (dd < MIN) { \
+- dd = MIN; \
+- q = true; \
+- } else if (dd > MAX) { \
+- dd = MAX; \
+- q = true; \
+- } \
+- d[i] = dd; \
+- } \
+- if (q) { \
+- uint32_t *qc = vq; \
+- qc[0] = 1; \
+- } \
+- clear_tail(d, oprsz, simd_maxsz(desc)); \
+-}
+-
+-DO_SAT(gvec_uqadd_b, int, uint8_t, uint8_t, +, 0, UINT8_MAX)
+-DO_SAT(gvec_uqadd_h, int, uint16_t, uint16_t, +, 0, UINT16_MAX)
+-DO_SAT(gvec_uqadd_s, int64_t, uint32_t, uint32_t, +, 0, UINT32_MAX)
+-
+-DO_SAT(gvec_sqadd_b, int, int8_t, int8_t, +, INT8_MIN, INT8_MAX)
+-DO_SAT(gvec_sqadd_h, int, int16_t, int16_t, +, INT16_MIN, INT16_MAX)
+-DO_SAT(gvec_sqadd_s, int64_t, int32_t, int32_t, +, INT32_MIN, INT32_MAX)
+-
+-DO_SAT(gvec_uqsub_b, int, uint8_t, uint8_t, -, 0, UINT8_MAX)
+-DO_SAT(gvec_uqsub_h, int, uint16_t, uint16_t, -, 0, UINT16_MAX)
+-DO_SAT(gvec_uqsub_s, int64_t, uint32_t, uint32_t, -, 0, UINT32_MAX)
+-
+-DO_SAT(gvec_sqsub_b, int, int8_t, int8_t, -, INT8_MIN, INT8_MAX)
+-DO_SAT(gvec_sqsub_h, int, int16_t, int16_t, -, INT16_MIN, INT16_MAX)
+-DO_SAT(gvec_sqsub_s, int64_t, int32_t, int32_t, -, INT32_MIN, INT32_MAX)
+-
+-#undef DO_SAT
+-
+-void HELPER(gvec_uqadd_d)(void *vd, void *vq, void *vn,
+- void *vm, uint32_t desc)
+-{
+- intptr_t i, oprsz = simd_oprsz(desc);
+- uint64_t *d = vd, *n = vn, *m = vm;
+- bool q = false;
+-
+- for (i = 0; i < oprsz / 8; i++) {
+- uint64_t nn = n[i], mm = m[i], dd = nn + mm;
+- if (dd < nn) {
+- dd = UINT64_MAX;
+- q = true;
+- }
+- d[i] = dd;
+- }
+- if (q) {
+- uint32_t *qc = vq;
+- qc[0] = 1;
+- }
+- clear_tail(d, oprsz, simd_maxsz(desc));
+-}
+-
+-void HELPER(gvec_uqsub_d)(void *vd, void *vq, void *vn,
+- void *vm, uint32_t desc)
+-{
+- intptr_t i, oprsz = simd_oprsz(desc);
+- uint64_t *d = vd, *n = vn, *m = vm;
+- bool q = false;
+-
+- for (i = 0; i < oprsz / 8; i++) {
+- uint64_t nn = n[i], mm = m[i], dd = nn - mm;
+- if (nn < mm) {
+- dd = 0;
+- q = true;
+- }
+- d[i] = dd;
+- }
+- if (q) {
+- uint32_t *qc = vq;
+- qc[0] = 1;
+- }
+- clear_tail(d, oprsz, simd_maxsz(desc));
+-}
+-
+-void HELPER(gvec_sqadd_d)(void *vd, void *vq, void *vn,
+- void *vm, uint32_t desc)
+-{
+- intptr_t i, oprsz = simd_oprsz(desc);
+- int64_t *d = vd, *n = vn, *m = vm;
+- bool q = false;
+-
+- for (i = 0; i < oprsz / 8; i++) {
+- int64_t nn = n[i], mm = m[i], dd = nn + mm;
+- if (((dd ^ nn) & ~(nn ^ mm)) & INT64_MIN) {
+- dd = (nn >> 63) ^ ~INT64_MIN;
+- q = true;
+- }
+- d[i] = dd;
+- }
+- if (q) {
+- uint32_t *qc = vq;
+- qc[0] = 1;
+- }
+- clear_tail(d, oprsz, simd_maxsz(desc));
+-}
+-
+-void HELPER(gvec_sqsub_d)(void *vd, void *vq, void *vn,
+- void *vm, uint32_t desc)
+-{
+- intptr_t i, oprsz = simd_oprsz(desc);
+- int64_t *d = vd, *n = vn, *m = vm;
+- bool q = false;
+-
+- for (i = 0; i < oprsz / 8; i++) {
+- int64_t nn = n[i], mm = m[i], dd = nn - mm;
+- if (((dd ^ nn) & (nn ^ mm)) & INT64_MIN) {
+- dd = (nn >> 63) ^ ~INT64_MIN;
+- q = true;
+- }
+- d[i] = dd;
+- }
+- if (q) {
+- uint32_t *qc = vq;
+- qc[0] = 1;
+- }
+- clear_tail(d, oprsz, simd_maxsz(desc));
+-}
+-
+ /*
+ * Convert float16 to float32, raising no exceptions and
+ * preserving exceptional values, including SNaN.
+--
+2.21.0
+
diff --git a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch b/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
deleted file mode 100644
index 412aa16..0000000
--- a/meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-CVE: CVE-2018-16872
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35]
-
-Signed-off-by: Kai Kang <kai.kang at windriver.com>
-
-From bab9df35ce73d1c8e19a37e2737717ea1c984dc1 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel at redhat.com>
-Date: Thu, 13 Dec 2018 13:25:11 +0100
-Subject: [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.
-
-Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
-While being at it also add O_CLOEXEC.
-
-usb-mtp only handles regular files and directories and ignores
-everything else, so users should not see a difference.
-
-Because qemu ignores symlinks, carrying out a successful symlink attack
-requires swapping an existing file or directory below rootdir for a
-symlink and winning the race against the inotify notification to qemu.
-
-Fixes: CVE-2018-16872
-Cc: Prasad J Pandit <ppandit at redhat.com>
-Cc: Bandan Das <bsd at redhat.com>
-Reported-by: Michael Hanselmann <public at hansmi.ch>
-Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
-Reviewed-by: Michael Hanselmann <public at hansmi.ch>
-Message-id: 20181213122511.13853-1-kraxel at redhat.com
----
- hw/usb/dev-mtp.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
-index 100b7171f4..36c43b8c20 100644
---- a/hw/usb/dev-mtp.c
-+++ b/hw/usb/dev-mtp.c
-@@ -653,13 +653,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o)
- {
- struct dirent *entry;
- DIR *dir;
-+ int fd;
-
- if (o->have_children) {
- return;
- }
- o->have_children = true;
-
-- dir = opendir(o->path);
-+ fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
-+ if (fd < 0) {
-+ return;
-+ }
-+ dir = fdopendir(fd);
- if (!dir) {
- return;
- }
-@@ -1007,7 +1012,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,
-
- trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);
-
-- d->fd = open(o->path, O_RDONLY);
-+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
- if (d->fd == -1) {
- usb_mtp_data_free(d);
- return NULL;
-@@ -1031,7 +1036,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c,
- c->argv[1], c->argv[2]);
-
- d = usb_mtp_data_alloc(c);
-- d->fd = open(o->path, O_RDONLY);
-+ d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
- if (d->fd == -1) {
- usb_mtp_data_free(d);
- return NULL;
-@@ -1658,7 +1663,7 @@ static void usb_mtp_write_data(MTPState *s)
- 0, 0, 0, 0);
- goto done;
- }
-- d->fd = open(path, O_CREAT | O_WRONLY, mask);
-+ d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask);
- if (d->fd == -1) {
- usb_mtp_queue_result(s, RES_STORE_FULL, d->trans,
- 0, 0, 0, 0);
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch b/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
deleted file mode 100644
index 985b819..0000000
--- a/meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-CVE: CVE-2018-20124
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373]
-
-Backport patch to fix CVE-2018-20124. Update context and stay with current
-function comp_handler() which has been replaced with complete_work() in latest
-git repo.
-
-Signed-off-by: Kai Kang <kai.kang at windriver.com>
-
-From 0e68373cc2b3a063ce067bc0cc3edaf370752890 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp at fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:34 +0530
-Subject: [PATCH] rdma: check num_sge does not exceed MAX_SGE
-
-rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set
-to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element
-with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue.
-Add check to avoid it.
-
-Reported-by: Saar Amar <saaramar5 at gmail.com>
-Signed-off-by: Prasad J Pandit <pjp at fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia at oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum at gmail.com>
----
- hw/rdma/rdma_backend.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
-index d7a4bbd9..7f8028f8 100644
---- a/hw/rdma/rdma_backend.c
-+++ b/hw/rdma/rdma_backend.c
-@@ -311,9 +311,9 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev,
- }
-
- pr_dbg("num_sge=%d\n", num_sge);
-- if (!num_sge) {
-- pr_dbg("num_sge=0\n");
-- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
-+ if (!num_sge || num_sge > MAX_SGE) {
-+ pr_dbg("invalid num_sge=%d\n", num_sge);
-+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
- return;
- }
-
-@@ -390,9 +390,9 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
- }
-
- pr_dbg("num_sge=%d\n", num_sge);
-- if (!num_sge) {
-- pr_dbg("num_sge=0\n");
-- comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
-+ if (!num_sge || num_sge > MAX_SGE) {
-+ pr_dbg("invalid num_sge=%d\n", num_sge);
-+ comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx);
- return;
- }
-
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch b/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
deleted file mode 100644
index 56559c8..0000000
--- a/meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-CVE: CVE-2018-20125
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce]
-
-Signed-off-by: Kai Kang <kai.kang at windriver.com>
-
-From 2c858ce5da8ae6689c75182b73bc455a291cad41 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp at fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:36 +0530
-Subject: [PATCH] pvrdma: check number of pages when creating rings
-
-When creating CQ/QP rings, an object can have up to
-PVRDMA_MAX_FAST_REG_PAGES 8 pages. Check 'npages' parameter
-to avoid excessive memory allocation or a null dereference.
-
-Reported-by: Li Qiang <liq3ea at 163.com>
-Signed-off-by: Prasad J Pandit <pjp at fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia at oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum at gmail.com>
----
- hw/rdma/vmw/pvrdma_cmd.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
-index 3b94545761..f236ac4795 100644
---- a/hw/rdma/vmw/pvrdma_cmd.c
-+++ b/hw/rdma/vmw/pvrdma_cmd.c
-@@ -259,6 +259,11 @@ static int create_cq_ring(PCIDevice *pci_dev , PvrdmaRing **ring,
- int rc = -EINVAL;
- char ring_name[MAX_RING_NAME_SZ];
-
-+ if (!nchunks || nchunks > PVRDMA_MAX_FAST_REG_PAGES) {
-+ pr_dbg("invalid nchunks: %d\n", nchunks);
-+ return rc;
-+ }
-+
- pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
- dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
- if (!dir) {
-@@ -372,6 +377,12 @@ static int create_qp_rings(PCIDevice *pci_dev, uint64_t pdir_dma,
- char ring_name[MAX_RING_NAME_SZ];
- uint32_t wqe_sz;
-
-+ if (!spages || spages > PVRDMA_MAX_FAST_REG_PAGES
-+ || !rpages || rpages > PVRDMA_MAX_FAST_REG_PAGES) {
-+ pr_dbg("invalid pages: %d, %d\n", spages, rpages);
-+ return rc;
-+ }
-+
- pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma);
- dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);
- if (!dir) {
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch b/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
deleted file mode 100644
index 8329f2c..0000000
--- a/meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-CVE: CVE-2018-20126
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c]
-
-Backport and rebase patch to fix CVE-2018-20126.
-
-Signed-off-by: Kai Kang <kai.kang at windriver.com>
-
-From 509f57c98e7536905bb4902363d0cba66ce7e089 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp at fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:37 +0530
-Subject: [PATCH] pvrdma: release ring object in case of an error
-
-create_cq and create_qp routines allocate ring object, but it's
-not released in case of an error, leading to memory leakage.
-
-Reported-by: Li Qiang <liq3ea at 163.com>
-Signed-off-by: Prasad J Pandit <pjp at fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia at oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum at gmail.com>
----
- hw/rdma/vmw/pvrdma_cmd.c | 41 ++++++++++++++++++++++++++++++-----------
- 1 file changed, 30 insertions(+), 11 deletions(-)
-
-diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
-index 4faeb21..9b6796f 100644
---- a/hw/rdma/vmw/pvrdma_cmd.c
-+++ b/hw/rdma/vmw/pvrdma_cmd.c
-@@ -310,6 +310,14 @@ out:
- return rc;
- }
-
-+static void destroy_cq_ring(PvrdmaRing *ring)
-+{
-+ pvrdma_ring_free(ring);
-+ /* ring_state was in slot 1, not 0 so need to jump back */
-+ rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE);
-+ g_free(ring);
-+}
-+
- static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
- union pvrdma_cmd_resp *rsp)
- {
-@@ -333,6 +341,10 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
-
- resp->hdr.err = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev,
- cmd->cqe, &resp->cq_handle, ring);
-+ if (resp->hdr.err) {
-+ destroy_cq_ring(ring);
-+ }
-+
- resp->cqe = cmd->cqe;
-
- out:
-@@ -356,10 +368,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req,
- }
-
- ring = (PvrdmaRing *)cq->opaque;
-- pvrdma_ring_free(ring);
-- /* ring_state was in slot 1, not 0 so need to jump back */
-- rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE);
-- g_free(ring);
-+ destroy_cq_ring(ring);
-
- rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle);
-
-@@ -451,6 +460,17 @@ out:
- return rc;
- }
-
-+static void destroy_qp_rings(PvrdmaRing *ring)
-+{
-+ pr_dbg("sring=%p\n", &ring[0]);
-+ pvrdma_ring_free(&ring[0]);
-+ pr_dbg("rring=%p\n", &ring[1]);
-+ pvrdma_ring_free(&ring[1]);
-+
-+ rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE);
-+ g_free(ring);
-+}
-+
- static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
- union pvrdma_cmd_resp *rsp)
- {
-@@ -482,6 +502,11 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
- cmd->max_recv_wr, cmd->max_recv_sge,
- cmd->recv_cq_handle, rings, &resp->qpn);
-
-+ if (resp->hdr.err) {
-+ destroy_qp_rings(rings);
-+ return resp->hdr.err;
-+ }
-+
- resp->max_send_wr = cmd->max_send_wr;
- resp->max_recv_wr = cmd->max_recv_wr;
- resp->max_send_sge = cmd->max_send_sge;
-@@ -555,13 +580,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req,
- rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle);
-
- ring = (PvrdmaRing *)qp->opaque;
-- pr_dbg("sring=%p\n", &ring[0]);
-- pvrdma_ring_free(&ring[0]);
-- pr_dbg("rring=%p\n", &ring[1]);
-- pvrdma_ring_free(&ring[1]);
--
-- rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE);
-- g_free(ring);
-+ destroy_qp_rings(ring);
-
- return 0;
- }
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch b/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
deleted file mode 100644
index 8f8ff05..0000000
--- a/meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-CVE: CVE-2018-20191
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=2aa8645]
-
-Signed-off-by: Kai Kang <kai.kang at windriver.com>
-
-From 2aa86456fb938a11f2b7bd57c8643c213218681c Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp at fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:35 +0530
-Subject: [PATCH] pvrdma: add uar_read routine
-
-Define skeleton 'uar_read' routine. Avoid NULL dereference.
-
-Reported-by: Li Qiang <liq3ea at 163.com>
-Signed-off-by: Prasad J Pandit <pjp at fedoraproject.org>
-Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum at gmail.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum at gmail.com>
----
- hw/rdma/vmw/pvrdma_main.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
-index 64de16fb52..838ad8a949 100644
---- a/hw/rdma/vmw/pvrdma_main.c
-+++ b/hw/rdma/vmw/pvrdma_main.c
-@@ -448,6 +448,11 @@ static const MemoryRegionOps regs_ops = {
- },
- };
-
-+static uint64_t uar_read(void *opaque, hwaddr addr, unsigned size)
-+{
-+ return 0xffffffff;
-+}
-+
- static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
- {
- PVRDMADev *dev = opaque;
-@@ -489,6 +494,7 @@ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size)
- }
-
- static const MemoryRegionOps uar_ops = {
-+ .read = uar_read,
- .write = uar_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .impl = {
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch b/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
deleted file mode 100644
index c02bad3..0000000
--- a/meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-CVE: CVE-2018-20216
-Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38]
-
-Signed-off-by: Kai Kang <kai.kang at windriver.com>
-
-From f1e2e38ee0136b7710a2caa347049818afd57a1b Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp at fedoraproject.org>
-Date: Thu, 13 Dec 2018 01:00:39 +0530
-Subject: [PATCH] pvrdma: check return value from pvrdma_idx_ring_has_ routines
-
-pvrdma_idx_ring_has_[data/space] routines also return invalid
-index PVRDMA_INVALID_IDX[=-1], if ring has no data/space. Check
-return value from these routines to avoid plausible infinite loops.
-
-Reported-by: Li Qiang <liq3ea at 163.com>
-Signed-off-by: Prasad J Pandit <pjp at fedoraproject.org>
-Reviewed-by: Yuval Shaia <yuval.shaia at oracle.com>
-Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum at gmail.com>
----
- hw/rdma/vmw/pvrdma_dev_ring.c | 29 +++++++++++------------------
- 1 file changed, 11 insertions(+), 18 deletions(-)
-
-diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
-index 01247fc041..e8e5b502f6 100644
---- a/hw/rdma/vmw/pvrdma_dev_ring.c
-+++ b/hw/rdma/vmw/pvrdma_dev_ring.c
-@@ -73,23 +73,16 @@ out:
-
- void *pvrdma_ring_next_elem_read(PvrdmaRing *ring)
- {
-+ int e;
- unsigned int idx = 0, offset;
-
-- /*
-- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
-- ring->ring_state->cons_head);
-- */
--
-- if (!pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx)) {
-+ e = pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx);
-+ if (e <= 0) {
- pr_dbg("No more data in ring\n");
- return NULL;
- }
-
- offset = idx * ring->elem_sz;
-- /*
-- pr_dbg("idx=%d\n", idx);
-- pr_dbg("offset=%d\n", offset);
-- */
- return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
- }
-
-@@ -105,20 +98,20 @@ void pvrdma_ring_read_inc(PvrdmaRing *ring)
-
- void *pvrdma_ring_next_elem_write(PvrdmaRing *ring)
- {
-- unsigned int idx, offset, tail;
-+ int idx;
-+ unsigned int offset, tail;
-
-- /*
-- pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
-- ring->ring_state->cons_head);
-- */
--
-- if (!pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail)) {
-+ idx = pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail);
-+ if (idx <= 0) {
- pr_dbg("CQ is full\n");
- return NULL;
- }
-
- idx = pvrdma_idx(&ring->ring_state->prod_tail, ring->max_elems);
-- /* TODO: tail == idx */
-+ if (idx < 0 || tail != idx) {
-+ pr_dbg("invalid idx\n");
-+ return NULL;
-+ }
-
- offset = idx * ring->elem_sz;
- return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
---
-2.20.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
deleted file mode 100644
index 7de5882..0000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an
-out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc()
-function. A local attacker with permission to execute i2c commands could exploit
-this to read stack memory of the qemu process on the host.
-
-CVE: CVE-2019-3812
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton at intel.com>
-
-From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel at redhat.com>
-Date: Tue, 8 Jan 2019 11:23:01 +0100
-Subject: [PATCH] i2c-ddc: fix oob read
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Suggested-by: Michael Hanselmann <public at hansmi.ch>
-Signed-off-by: Gerd Hoffmann <kraxel at redhat.com>
-Reviewed-by: Michael Hanselmann <public at hansmi.ch>
-Reviewed-by: Philippe Mathieu-Daudé <philmd at redhat.com>
-Message-id: 20190108102301.1957-1-kraxel at redhat.com
----
- hw/i2c/i2c-ddc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
-index be34fe072cf..0a0367ff38f 100644
---- a/hw/i2c/i2c-ddc.c
-+++ b/hw/i2c/i2c-ddc.c
-@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
- I2CDDCState *s = I2CDDC(i2c);
-
- int value;
-- value = s->edid_blob[s->reg];
-+ value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
- s->reg++;
- return value;
- }
diff --git a/meta/recipes-devtools/qemu/qemu_3.1.0.bb b/meta/recipes-devtools/qemu/qemu_4.0.0.bb
similarity index 99%
rename from meta/recipes-devtools/qemu/qemu_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu_4.0.0.bb
index 04d8bee..247e031 100644
--- a/meta/recipes-devtools/qemu/qemu_3.1.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_4.0.0.bb
@@ -18,5 +18,3 @@ PACKAGECONFIG ??= " \
${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \
"
PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm"
-
-
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list