diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2019-12-13 09:51:16 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-12-13 09:51:16 +0000 |
| commit | 5d6567e1da25bec0b85d3de14893618c885d9889 (patch) | |
| tree | a6fd2b01b5650119b9d01b49de03b1bc98c2300a /community/qemu | |
| parent | 8da2624dad504d761040aee449a97941b1c4930c (diff) | |
| download | aports-5d6567e1da25bec0b85d3de14893618c885d9889.tar.bz2 aports-5d6567e1da25bec0b85d3de14893618c885d9889.tar.xz | |
community/{qemu*,ceph}: move to community
move qemu and ceph to community. Thi sis to reduce maintenenance
workload for security fixes. Upstream qemu appears to have less support
time than 2 years.
Diffstat (limited to 'community/qemu')
21 files changed, 961 insertions, 0 deletions
diff --git a/community/qemu/0001-elfload-load-PIE-executables-to-right-address.patch b/community/qemu/0001-elfload-load-PIE-executables-to-right-address.patch new file mode 100644 index 0000000000..1cf0c2bd1b --- /dev/null +++ b/community/qemu/0001-elfload-load-PIE-executables-to-right-address.patch @@ -0,0 +1,89 @@ +From 6818f32f74981d9bccec8afbab37c42b50ab58be Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Thu, 4 Jul 2013 15:50:36 +0300 +Subject: [RFC PATCH] elfload: load PIE executables to right address +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +PIE images are ET_DYN images. Check first for pinterp_name to make +sure the main executable always is loaded to correct place. + +See below for current behaviour of PIE executables: + +Reserved 0x7f000000 bytes of guest address space +host mmap_min_addr=0x1000 +guest_base 0x7f7cb41d5000 +start end size prot +0037f400-003fe400 0007f000 r-x +003fe400-003ff400 00001000 --- +003ff400-003fe400 fffff000 rw- +003fe400-003ff400 00001000 --- +003ff400-003ffc00 00000800 rw- +003ffc00-003fec00 fffff000 r-x +003fec00-003ffc00 00001000 --- +003ffc00-0007f000 ffc7f400 rw- +start_brk 0x00000000 +end_code 0x7eff7ac0 +start_code 0x7eff7000 +start_data 0x7efffac0 +end_data 0x7efffc18 +start_stack 0x7eff6dc8 +brk 0x7efffc34 +entry 0x7e799b30 +00000000-00005000 ---p 00000000 00:00 0 +00005000-00015000 rw-p 00000000 00:00 0 +00015000-7e77d000 ---p 00000000 00:00 0 +7e77d000-7e7ec000 r-xp 00000000 68:03 14326298 /lib/libc.so +7e7ec000-7e7f3000 ---p 00000000 00:00 0 +7e7f3000-7e7f4000 rw-p 0006e000 68:03 14326298 /lib/libc.so +7e7f4000-7e7f6000 rw-p 00000000 00:00 0 +7e7f6000-7e7f7000 ---p 00000000 00:00 0 +7e7f7000-7eff7000 rw-p 00000000 00:00 0 +7eff7000-7eff8000 r-xp 00000000 68:03 9731305 /usr/bin/brk +7eff8000-7efff000 ---p 00000000 00:00 0 +7e7f7000-7eff7000 rw-p 00000000 00:00 0 [stack] + +Showing how the main binary got loaded to wrong place. + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> +--- +I assume pinterp_name is only ever set for the main executable. +Quick grep would indicate that this is indeed the case. + + linux-user/elfload.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/linux-user/elfload.c b/linux-user/elfload.c +index ddef23e..d6e00cd 100644 +--- a/linux-user/elfload.c ++++ b/linux-user/elfload.c +@@ -1660,7 +1660,12 @@ static void load_elf_image(const char *image_name, int image_fd, + } + + load_addr = loaddr; +- if (ehdr->e_type == ET_DYN) { ++ if (pinterp_name != NULL) { ++ /* This is the main executable. Make sure that the low ++ address does not conflict with MMAP_MIN_ADDR or the ++ QEMU application itself. */ ++ probe_guest_base(image_name, loaddr, hiaddr); ++ } else if (ehdr->e_type == ET_DYN) { + /* The image indicates that it can be loaded anywhere. Find a + location that can hold the memory space required. If the + image is pre-linked, LOADDR will be non-zero. Since we do +@@ -1672,11 +1677,6 @@ static void load_elf_image(const char *image_name, int image_fd, + if (load_addr == -1) { + goto exit_perror; + } +- } else if (pinterp_name != NULL) { +- /* This is the main executable. Make sure that the low +- address does not conflict with MMAP_MIN_ADDR or the +- QEMU application itself. */ +- probe_guest_base(image_name, loaddr, hiaddr); + } + load_bias = load_addr - loaddr; + +-- +1.8.3.2 + diff --git a/community/qemu/0001-linux-user-fix-build-with-musl-on-aarch64.patch b/community/qemu/0001-linux-user-fix-build-with-musl-on-aarch64.patch new file mode 100644 index 0000000000..1bbae7deaa --- /dev/null +++ b/community/qemu/0001-linux-user-fix-build-with-musl-on-aarch64.patch @@ -0,0 +1,31 @@ +From 806cb2ed28a16cf2894fabef034347f426f1d04e Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Thu, 15 Dec 2016 11:53:07 +0100 +Subject: [PATCH] linux-user: fix build with musl on aarch64 + +Use the standard uint64_t instead of internal __u64. + +This fixes compiler error with musl libc on aarch64: +.../qemu-2.7.0/linux-user/host/aarch64/hostdep.h:28:5: +error: unknown type name '__u64' + __u64 *pcreg = &uc->uc_mcontext.pc; + ^~~~~ + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +--- + linux-user/host/aarch64/hostdep.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/linux-user/host/aarch64/hostdep.h b/linux-user/host/aarch64/hostdep.h +index 64f75cef49..6fd6e36b2a 100644 +--- a/linux-user/host/aarch64/hostdep.h ++++ b/linux-user/host/aarch64/hostdep.h +@@ -25,7 +25,7 @@ extern char safe_syscall_end[]; + static inline void rewind_if_in_safe_syscall(void *puc) + { + ucontext_t *uc = puc; +- __u64 *pcreg = &uc->uc_mcontext.pc; ++ uint64_t *pcreg = &uc->uc_mcontext.pc; + + if (*pcreg > (uintptr_t)safe_syscall_start + && *pcreg < (uintptr_t)safe_syscall_end) { diff --git a/community/qemu/0001-linux-user-fix-build-with-musl-on-ppc64le.patch b/community/qemu/0001-linux-user-fix-build-with-musl-on-ppc64le.patch new file mode 100644 index 0000000000..c3a918775a --- /dev/null +++ b/community/qemu/0001-linux-user-fix-build-with-musl-on-ppc64le.patch @@ -0,0 +1,67 @@ +--- a/linux-user/host/ppc64/hostdep.h ++++ b/linux-user/host/ppc64/hostdep.h +@@ -25,7 +25,11 @@ + static inline void rewind_if_in_safe_syscall(void *puc) + { + ucontext_t *uc = puc; ++#if defined(__GLIBC__) || defined(__UCLIBC__) + unsigned long *pcreg = &uc->uc_mcontext.gp_regs[PT_NIP]; ++#else // Musl ++ unsigned long *pcreg = &uc->uc_mcontext.gp_regs[32]; ++#endif + + if (*pcreg > (uintptr_t)safe_syscall_start + && *pcreg < (uintptr_t)safe_syscall_end) { +--- a/accel/tcg/user-exec.c ++++ a/accel/tcg/user-exec.c +@@ -228,6 +228,7 @@ + */ + #ifdef linux + /* All Registers access - only for local access */ ++#if defined(__GLIBC__) || defined(__UCLIBC__) + #define REG_sig(reg_name, context) \ + ((context)->uc_mcontext.regs->reg_name) + /* Gpr Registers access */ +@@ -245,15 +246,42 @@ + /* Condition register */ + #define CR_sig(context) REG_sig(ccr, context) + ++#else // Musl ++#define REG_sig(reg_num, context) \ ++ ((context)->uc_mcontext.gp_regs[reg_num]) ++/* Gpr Registers access */ ++#define GPR_sig(reg_num, context) REG_sig(gpr[reg_num], context) ++/* Program counter */ ++#define IAR_sig(context) REG_sig(32, context) ++/* Machine State Register (Supervisor) */ ++#define MSR_sig(context) REG_sig(33, context) ++/* Count register */ ++#define CTR_sig(context) REG_sig(35, context) ++/* User's integer exception register */ ++#define XER_sig(context) REG_sig(37, context) ++/* Link register */ ++#define LR_sig(context) REG_sig(36, context) ++/* Condition register */ ++#define CR_sig(context) REG_sig(38, context) ++#endif ++ ++ + /* Float Registers access */ + #define FLOAT_sig(reg_num, context) \ + (((double *)((char *)((context)->uc_mcontext.regs + 48 * 4)))[reg_num]) + #define FPSCR_sig(context) \ + (*(int *)((char *)((context)->uc_mcontext.regs + (48 + 32 * 2) * 4))) + /* Exception Registers access */ ++#if defined(__GLIBC__) || defined(__UCLIBC__) + #define DAR_sig(context) REG_sig(dar, context) + #define DSISR_sig(context) REG_sig(dsisr, context) + #define TRAP_sig(context) REG_sig(trap, context) ++#else // Musl ++#define DAR_sig(context) REG_sig(41, context) ++#define DSISR_sig(context) REG_sig(42, context) ++#define TRAP_sig(context) REG_sig(40, context) ++#endif ++ + #endif /* linux */ + + #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) diff --git a/community/qemu/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch b/community/qemu/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch new file mode 100644 index 0000000000..528b5d5d8b --- /dev/null +++ b/community/qemu/0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch @@ -0,0 +1,37 @@ +From 8fbb4e6797ed67310b74cbaaa061269db45a5b71 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Tue, 29 Apr 2014 15:51:31 +0200 +Subject: [PATCH] linux-user/signal.c: define __SIGRTMIN/MAX for non-GNU + platforms + +The __SIGRTMIN and __SIGRTMAX are glibc internals and are not available +on all platforms, so we define those if they are missing. + +This is needed for musl libc. + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +--- + linux-user/signal.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/linux-user/signal.c b/linux-user/signal.c +index 5ca6d62b15..e917c16d91 100644 +--- a/linux-user/signal.c ++++ b/linux-user/signal.c +@@ -25,6 +25,13 @@ + #include "trace.h" + #include "signal-common.h" + ++#ifndef __SIGRTMIN ++#define __SIGRTMIN 32 ++#endif ++#ifndef __SIGRTMAX ++#define __SIGRTMAX (NSIG-1) ++#endif ++ + static struct target_sigaction sigact_table[TARGET_NSIG]; + + static void host_signal_handler(int host_signum, siginfo_t *info, +-- +2.23.0 + diff --git a/community/qemu/80-kvm.rules b/community/qemu/80-kvm.rules new file mode 100644 index 0000000000..e61b48ff32 --- /dev/null +++ b/community/qemu/80-kvm.rules @@ -0,0 +1 @@ +KERNEL=="kvm", GROUP="kvm", MODE="0666" diff --git a/community/qemu/APKBUILD b/community/qemu/APKBUILD new file mode 100644 index 0000000000..699786488d --- /dev/null +++ b/community/qemu/APKBUILD @@ -0,0 +1,409 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> +# Contributor: Valery Kartel <valery.kartel@gmail.com> +# Contributor: Jakub Jirutka <jakub@jirutka.cz> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=qemu +pkgver=4.1.1 +pkgrel=2 +pkgdesc="QEMU is a generic machine emulator and virtualizer" +url="https://qemu.org/" +arch="all" +license="GPL-2.0 LGPL-2" +makedepends=" + alsa-lib-dev + bison + curl-dev + flex + glib-dev + glib-static + gnutls-dev + gtk+3.0-dev + libaio-dev + libcap-dev + libcap-ng-dev + libjpeg-turbo-dev + libnfs-dev + libpng-dev + libseccomp-dev + libssh-dev + libusb-dev + libxml2-dev + linux-headers + lzo-dev + ncurses-dev + paxmark + perl + python3 + py3-sphinx + sdl2-dev + snappy-dev + spice-dev + texinfo + usbredir-dev + util-linux-dev + vde2-dev + virglrenderer-dev + vte3-dev + xfsprogs-dev + zlib-dev + zlib-static + " +pkggroups="qemu" +install="$pkgname.pre-install $pkgname.post-install" +# suid needed for qemu-bridge-helper +# strip fails on .img files +# some tests does not run on our builders +options="suid !strip !check" +subpackages="$pkgname-doc $pkgname-lang $pkgname-guest-agent:guest + ivshmem-tools:_ivshmem" + +_subsystems=" + aarch64 + aarch64_be + alpha + arm + armeb + cris + hppa + i386 + m68k + microblaze + microblazeel + mips + mips64 + mips64el + mipsel + mipsn32 + mipsn32el + nios2 + or1k + ppc + ppc64 + ppc64abi32 + ppc64le + riscv32 + riscv64 + s390x + sh4 + sh4eb + sparc + sparc32plus + sparc64 + system-aarch64 + system-alpha + system-arm + system-cris + system-hppa + system-i386 + system-lm32 + system-m68k + system-microblaze + system-microblazeel + system-mips + system-mips64 + system-mips64el + system-mipsel + system-moxie + system-nios2 + system-or1k + system-ppc + system-ppc64 + system-riscv32 + system-riscv64 + system-s390x + system-sh4 + system-sh4eb + system-sparc + system-sparc64 + system-tricore + system-unicore32 + system-x86_64 + system-xtensa + system-xtensaeb + tilegx + x86_64 + xtensa + xtensaeb + " +for _sub in $_subsystems; do + subpackages="$subpackages $pkgname-$_sub:_subsys" +done + +_modules=" + audio-alsa + audio-oss + audio-sdl + block-curl + block-dmg-bz2 + block-nfs + block-ssh + ui-curses + ui-gtk + ui-sdl + " +for _mod in $_modules; do + subpackages="$subpackages $pkgname-$_mod:_module" +done +subpackages="$subpackages qemu-modules:_all_modules" + +subpackages="$subpackages $pkgname-img" # -img must be declared the last + +source="https://wiki.qemu-project.org/download/$pkgname-$pkgver.tar.xz + 0001-elfload-load-PIE-executables-to-right-address.patch + 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch + 0001-linux-user-fix-build-with-musl-on-aarch64.patch + musl-F_SHLCK-and-F_EXLCK.patch + fix-sigevent-and-sigval_t.patch + xattr_size_max.patch + ncurses.patch + ignore-signals-33-and-64-to-allow-golang-emulation.patch + 0001-linux-user-fix-build-with-musl-on-ppc64le.patch + MAP_SYNC-fix.patch + fix-sockios-header.patch + test-crypto-ivgen-skip-essiv.patch + guest-agent-shutdown.patch + fix-statx-translation.patch + + $pkgname-guest-agent.confd + $pkgname-guest-agent.initd + 80-kvm.rules + bridge.conf + " +builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 2.8.1-r1: +# - CVE-2016-7994 +# - CVE-2016-7995 +# - CVE-2016-8576 +# - CVE-2016-8577 +# - CVE-2016-8578 +# - CVE-2016-8668 +# - CVE-2016-8909 +# - CVE-2016-8910 +# - CVE-2016-9101 +# - CVE-2016-9102 +# - CVE-2016-9103 +# - CVE-2016-9104 +# - CVE-2016-9105 +# - CVE-2016-9106 +# - CVE-2017-2615 +# - CVE-2017-2620 +# - CVE-2017-5525 +# - CVE-2017-5552 +# - CVE-2017-5578 +# - CVE-2017-5579 +# - CVE-2017-5667 +# - CVE-2017-5856 +# - CVE-2017-5857 +# - CVE-2017-5898 +# - CVE-2017-5931 + +prepare() { + default_prepare # apply patches + + sed -i 's/^VL_LDFLAGS=$/VL_LDFLAGS=-Wl,-z,execheap/' \ + Makefile.target +} + +_compile_common() { + CFLAGS="${CFLAGS/-Os/-O2}" "$builddir"/configure \ + --prefix=/usr \ + --localstatedir=/var \ + --sysconfdir=/etc \ + --libexecdir=/usr/lib/qemu \ + --python=/usr/bin/python3 \ + --disable-glusterfs \ + --disable-debug-info \ + --disable-bsd-user \ + --disable-werror \ + --disable-xen \ + --enable-kvm \ + --enable-seccomp \ + --cc="${CC:-gcc}" \ + "$@" + make ARFLAGS="rc" +} + +build() { + mkdir -p "$builddir"/build \ + "$builddir"/build-static + + cd "$builddir"/build-static + _compile_common \ + --enable-linux-user \ + --disable-system \ + --static \ + --disable-sdl \ + --disable-gtk \ + --disable-spice \ + --disable-tools \ + --disable-guest-agent \ + --disable-guest-agent-msi \ + --disable-curses \ + --disable-curl \ + --disable-gnutls \ + --disable-gcrypt \ + --disable-nettle \ + --disable-cap-ng \ + --disable-brlapi \ + --disable-mpath \ + --disable-libnfs \ + --disable-capstone + + cd "$builddir"/build + _compile_common \ + --disable-linux-user \ + --audio-drv-list=oss,alsa,sdl \ + --enable-cap-ng \ + --enable-curl \ + --enable-curses \ + --enable-docs \ + --enable-gtk \ + --enable-guest-agent \ + --enable-libnfs \ + --enable-libssh \ + --enable-linux-aio \ + --enable-lzo \ + --enable-modules \ + --enable-pie \ + --enable-sdl \ + --enable-snappy \ + --enable-spice \ + --enable-tpm \ + --enable-usb-redir \ + --enable-vde \ + --enable-vhost-net \ + --enable-virglrenderer \ + --enable-virtfs \ + --enable-vnc \ + --enable-vnc-jpeg \ + --enable-vnc-png \ + --tls-priority=@QEMU,SYSTEM +} + +check() { + cd "$builddir"/build + + # XXX: ESSIV crypto tests are disabled, see test-crypto-ivgen-skip-essiv.patch. + make check V=1 +} + +package() { + cd "$builddir"/build-static + make DESTDIR="$pkgdir" install + + cd "$builddir"/build + make DESTDIR="$pkgdir" install + paxmark -m "$pkgdir"/usr/bin/qemu-system-* + + install -Dm640 -g qemu "$srcdir"/bridge.conf \ + "$pkgdir"/etc/qemu/bridge.conf + + install -Dm644 "$srcdir"/80-kvm.rules \ + "$pkgdir"/lib/udev/rules.d/80-kvm.rules + + # qemu-bridge-helper needs suid to create tunX devices; + # allow only users in the qemu group to run it. + chmod 04710 "$pkgdir"/usr/lib/qemu/qemu-bridge-helper + chgrp qemu "$pkgdir"/usr/lib/qemu/qemu-bridge-helper + + # Do not install HTML docs. + rm "$pkgdir"/usr/share/doc/qemu/*.html +} + +_subsys() { + local name=${1:-"${subpkgname#$pkgname-}"} + pkgdesc="Qemu ${name/-/ } emulator" + options="" + depends="" + case "$name" in + system*) depends="qemu";; + esac + + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/qemu-$name "$subpkgdir"/usr/bin/ +} + +_ivshmem() { + pkgdesc="Client and server for QEMU ivshmem device" + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/ivshmem-* "$subpkgdir"/usr/bin/ +} + +img() { + pkgdesc="QEMU command line tool for manipulating disk images" + depends="" + options="" + + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/qemu-img \ + "$pkgdir"/usr/bin/qemu-io \ + "$pkgdir"/usr/bin/qemu-nbd \ + "$subpkgdir"/usr/bin/ + + # We exploit the fact that -img subpackage are created last + # and check that we done have new systems that belongs in + # subpackage. + local path= retval=0 + for path in "$pkgdir"/usr/bin/qemu-system-* "$pkgdir"/usr/lib/qemu/*.so; do + if [ -r "$path" ]; then + error "Please create a subpackage for ${path##*/}" + retval=1 + fi + done + return $retval +} + +guest() { + pkgdesc="QEMU guest agent" + depends="" + options="" + + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/qemu-ga "$subpkgdir"/usr/bin/ + + install -Dm755 "$srcdir"/$pkgname-guest-agent.initd \ + "$subpkgdir"/etc/init.d/$pkgname-guest-agent + install -Dm644 "$srcdir"/$pkgname-guest-agent.confd \ + "$subpkgdir"/etc/conf.d/$pkgname-guest-agent +} + +_module() { + local _mod=${subpkgname#qemu-} + local _class=${_mod%%-*} + local _m=${_mod#*-} + pkgdesc="Qemu $_m $_class module" + mkdir -p "$subpkgdir"/usr/lib/qemu + mv "$pkgdir"/usr/lib/qemu/$_mod.so \ + "$subpkgdir"/usr/lib/qemu/ +} + +_all_modules() { + pkgdesc="Meta package for all qemu modules" + local _i + for _i in $_modules; do + depends="$depends qemu-$_i" + done + mkdir -p "$subpkgdir" +} + +sha512sums="13c8420f74fd7f043f2dd0774b88262327d22864b3fc7b5d5e7e651fb163de03ac51483abec703cd9914511049b125165875c27566bebfd9b6482d8d2c2ff108 qemu-4.1.1.tar.xz +405008589cad1c8b609eca004d520bf944366e8525f85a19fc6e283c95b84b6c2429822ba064675823ab69f1406a57377266a65021623d1cd581e7db000134fd 0001-elfload-load-PIE-executables-to-right-address.patch +98db5e23397cfad4a7210f9f7e1c5fa5c48f065785439521c5b39325c429f2dc367c40925adff6aa8677b3192a1a98a30e93d5b9c879df523deb019c40edd9d9 0006-linux-user-signal.c-define-__SIGRTMIN-MAX-for-non-GN.patch +1ac043312864309e19f839a699ab2485bca51bbf3d5fdb39f1a87b87e3cbdd8cbda1a56e6b5c9ffccd65a8ac2f600da9ceb8713f4dbba26f245bc52bcd8a1c56 0001-linux-user-fix-build-with-musl-on-aarch64.patch +224f5b44da749921e8a821359478c5238d8b6e24a9c0b4c5738c34e82f3062ec4639d495b8b5883d304af4a0d567e38aa6623aac1aa3a7164a5757c036528ac0 musl-F_SHLCK-and-F_EXLCK.patch +5da8114b9bd2e62f0f1f0f73f393fdbd738c5dea827ea60cedffd6f6edd0f5a97489c7148d37a8ec5a148d4e65d75cbefe9353714ee6b6f51a600200133fc914 fix-sigevent-and-sigval_t.patch +4b1e26ba4d53f9f762cbd5cea8ef6f8062d827ae3ae07bc36c5b0c0be4e94fc1856ad2477e8e791b074b8a25d51ed6d0ddd75e605e54600e5dd0799143793ce4 xattr_size_max.patch +b6ed02aaf95a9bb30a5f107d35371207967edca058f3ca11348b0b629ea7a9c4baa618db68a3df72199eea6d86d14ced74a5a229d17604cc3f0adedcfeae7a73 ncurses.patch +fd178f2913639a0c33199b3880cb17536961f2b3ff171c12b27f4be6bca032d6b88fd16302d09c692bb34883346babef5c44407a6804b20a39a465bb2bc85136 ignore-signals-33-and-64-to-allow-golang-emulation.patch +d8933df9484158c2b4888254e62117d78f8ed7c18527b249419f39c2b2ab1afa148010884b40661f8965f1ef3105580fceffdfddbb2c9221dc1c62066722ba65 0001-linux-user-fix-build-with-musl-on-ppc64le.patch +d7de79ea74e36702cac4a59e472564a55f0a663be7e63c3755e32b4b5dfbc04b390ee79f09f43f6ae706ee2aec9e005eade3c0fd4a202db60d11f436874a17d7 MAP_SYNC-fix.patch +39590476a4ebd7c1e79a4f0451b24c75b1817a2a83abaa1f71bb60b225d772152f0af8f3e51ff65645e378c536ffa6ff551dade52884d03a14b7c6a19c5c97d4 fix-sockios-header.patch +8b8db136f78bd26b5da171effa9e11016ec2bc3e2fc8107228b5543b47aa370978ed883794aa4f917f334e284a5b49e82070e1da2d31d49301195b6713a48eff test-crypto-ivgen-skip-essiv.patch +b8e58bcc409f25cc6ff59967ed68f4de0a8656ec4db71ab663cc77761f8210b3f85c475fceb32dec934dc02a5c4f679a8313edbcf84e149692a81764c8904f67 guest-agent-shutdown.patch +41a33719e1d5cfc0d5554cd13d8177ebaa3be7986ce8a2f8641e0cf2922eeadeced5aa780f156861af2cceed5f4d9a4d996344816dfbebe071033ba51bb81d3c fix-statx-translation.patch +d90c034cae3f9097466854ed1a9f32ab4b02089fcdf7320e8f4da13b2b1ff65067233f48809911485e4431d7ec1a22448b934121bc9522a2dc489009e87e2b1f qemu-guest-agent.confd +1cd24c2444c5935a763c501af2b0da31635aad9cf62e55416d6477fcec153cddbe7de205d99616def11b085e0dd366ba22463d2270f831d884edbc307c7864a6 qemu-guest-agent.initd +9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2 80-kvm.rules +749efa2e764006555b4fd3a8e2f6d1118ad2ea4d45acf99104a41a93cfe66dc9685f72027c17d8211e5716246c2a52322c962cf4b73b27541b69393cd57f53bb bridge.conf" diff --git a/community/qemu/MAP_SYNC-fix.patch b/community/qemu/MAP_SYNC-fix.patch new file mode 100644 index 0000000000..e13609d731 --- /dev/null +++ b/community/qemu/MAP_SYNC-fix.patch @@ -0,0 +1,22 @@ +diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c +index f7f177d..7598960 100644 +--- a/util/mmap-alloc.c ++++ b/util/mmap-alloc.c +@@ -10,14 +10,16 @@ + * later. See the COPYING file in the top-level directory. + */ + ++#include "qemu/osdep.h" ++ + #ifdef CONFIG_LINUX + #include <linux/mman.h> ++#include <asm-generic/mman.h> /* for ppc64le */ + #else /* !CONFIG_LINUX */ + #define MAP_SYNC 0x0 + #define MAP_SHARED_VALIDATE 0x0 + #endif /* CONFIG_LINUX */ + +-#include "qemu/osdep.h" + #include "qemu/mmap-alloc.h" + #include "qemu/host-utils.h" + diff --git a/community/qemu/bridge.conf b/community/qemu/bridge.conf new file mode 100644 index 0000000000..27c31c38ab --- /dev/null +++ b/community/qemu/bridge.conf @@ -0,0 +1,9 @@ +# This should have the following permissions: root:qemu 0640 + +# Allow users in the "qemu" group to add devices to "br0". +#allow br0 + +# Uncomment the following line to allow users in the "bob" +# group to have permissions defined in it, iff it has the +# following permissions: root:bob 0640 +#include /etc/qemu/bob.conf diff --git a/community/qemu/fix-sigevent-and-sigval_t.patch b/community/qemu/fix-sigevent-and-sigval_t.patch new file mode 100644 index 0000000000..1f99eacb60 --- /dev/null +++ b/community/qemu/fix-sigevent-and-sigval_t.patch @@ -0,0 +1,24 @@ +--- qemu-2.2.1/linux-user/syscall.c.orig 2015-04-10 07:10:06.305662505 +0000 ++++ qemu-2.2.1/linux-user/syscall.c 2015-04-10 07:36:53.801871968 +0000 +@@ -5020,9 +5020,20 @@ + return 0; + } + +-static inline abi_long target_to_host_sigevent(struct sigevent *host_sevp, ++struct host_sigevent { ++ union sigval sigev_value; ++ int sigev_signo; ++ int sigev_notify; ++ union { ++ int _pad[64-sizeof(int) * 2 + sizeof(union sigval)]; ++ int _tid; ++ } _sigev_un; ++}; ++ ++static inline abi_long target_to_host_sigevent(struct sigevent *sevp, + abi_ulong target_addr) + { ++ struct host_sigevent *host_sevp = (struct host_sigevent *) sevp; + struct target_sigevent *target_sevp; + + if (!lock_user_struct(VERIFY_READ, target_sevp, target_addr, 1)) { diff --git a/community/qemu/fix-sockios-header.patch b/community/qemu/fix-sockios-header.patch new file mode 100644 index 0000000000..1f3cd767c1 --- /dev/null +++ b/community/qemu/fix-sockios-header.patch @@ -0,0 +1,13 @@ +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index 43d0562..afa0ac4 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -59,6 +59,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base, + #include <linux/icmp.h> + #include <linux/icmpv6.h> + #include <linux/errqueue.h> ++#include <linux/sockios.h> + #include <linux/random.h> + #include "qemu-common.h" + #ifdef CONFIG_TIMERFD + #include <sys/timerfd.h> diff --git a/community/qemu/fix-statx-translation.patch b/community/qemu/fix-statx-translation.patch new file mode 100644 index 0000000000..2f6b3cfc39 --- /dev/null +++ b/community/qemu/fix-statx-translation.patch @@ -0,0 +1,39 @@ +From 5c39af4d742e06eb8af4822f26d5f389df37ce91 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill <ariadne@dereferenced.org> +Date: Fri, 22 Nov 2019 11:13:32 -0600 +Subject: [PATCH] linux-user: fix translation of statx structures + +All timestamps were copied to atime instead of to their respective +fields. + +Signed-off-by: Ariadne Conill <ariadne@dereferenced.org> +--- + linux-user/syscall.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index ce399a55f0..171c0caef3 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -6743,12 +6743,12 @@ static inline abi_long host_to_target_statx(struct target_statx *host_stx, + __put_user(host_stx->stx_attributes_mask, &target_stx->stx_attributes_mask); + __put_user(host_stx->stx_atime.tv_sec, &target_stx->stx_atime.tv_sec); + __put_user(host_stx->stx_atime.tv_nsec, &target_stx->stx_atime.tv_nsec); +- __put_user(host_stx->stx_btime.tv_sec, &target_stx->stx_atime.tv_sec); +- __put_user(host_stx->stx_btime.tv_nsec, &target_stx->stx_atime.tv_nsec); +- __put_user(host_stx->stx_ctime.tv_sec, &target_stx->stx_atime.tv_sec); +- __put_user(host_stx->stx_ctime.tv_nsec, &target_stx->stx_atime.tv_nsec); +- __put_user(host_stx->stx_mtime.tv_sec, &target_stx->stx_atime.tv_sec); +- __put_user(host_stx->stx_mtime.tv_nsec, &target_stx->stx_atime.tv_nsec); ++ __put_user(host_stx->stx_btime.tv_sec, &target_stx->stx_btime.tv_sec); ++ __put_user(host_stx->stx_btime.tv_nsec, &target_stx->stx_btime.tv_nsec); ++ __put_user(host_stx->stx_ctime.tv_sec, &target_stx->stx_ctime.tv_sec); ++ __put_user(host_stx->stx_ctime.tv_nsec, &target_stx->stx_ctime.tv_nsec); ++ __put_user(host_stx->stx_mtime.tv_sec, &target_stx->stx_mtime.tv_sec); ++ __put_user(host_stx->stx_mtime.tv_nsec, &target_stx->stx_mtime.tv_nsec); + __put_user(host_stx->stx_rdev_major, &target_stx->stx_rdev_major); + __put_user(host_stx->stx_rdev_minor, &target_stx->stx_rdev_minor); + __put_user(host_stx->stx_dev_major, &target_stx->stx_dev_major); +-- +2.24.0 + diff --git a/community/qemu/guest-agent-shutdown.patch b/community/qemu/guest-agent-shutdown.patch new file mode 100644 index 0000000000..742f281447 --- /dev/null +++ b/community/qemu/guest-agent-shutdown.patch @@ -0,0 +1,34 @@ +diff --git a/qga/commands-posix.c b/qga/commands-posix.c +index 1877976..7915aab 100644 +--- a/qga/commands-posix.c ++++ b/qga/commands-posix.c +@@ -82,6 +82,7 @@ static void ga_wait_child(pid_t pid, int *status, Error **errp) + void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp) + { + const char *shutdown_flag; ++ const char *fallback_cmd = NULL; + Error *local_err = NULL; + pid_t pid; + int status; +@@ -89,10 +90,13 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp) + slog("guest-shutdown called, mode: %s", mode); + if (!has_mode || strcmp(mode, "powerdown") == 0) { + shutdown_flag = "-P"; ++ fallback_cmd = "/sbin/poweroff"; + } else if (strcmp(mode, "halt") == 0) { + shutdown_flag = "-H"; ++ fallback_cmd = "/sbin/halt"; + } else if (strcmp(mode, "reboot") == 0) { + shutdown_flag = "-r"; ++ fallback_cmd = "/sbin/reboot"; + } else { + error_setg(errp, + "mode is invalid (valid values are: halt|powerdown|reboot"); +@@ -109,6 +113,7 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp) + + execle("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0", + "hypervisor initiated shutdown", (char*)NULL, environ); ++ execle(fallback_cmd, fallback_cmd, (char*)NULL, environ); + _exit(EXIT_FAILURE); + } else if (pid < 0) { + error_setg_errno(errp, errno, "failed to create child process"); diff --git a/community/qemu/ignore-signals-33-and-64-to-allow-golang-emulation.patch b/community/qemu/ignore-signals-33-and-64-to-allow-golang-emulation.patch new file mode 100644 index 0000000000..1162542233 --- /dev/null +++ b/community/qemu/ignore-signals-33-and-64-to-allow-golang-emulation.patch @@ -0,0 +1,56 @@ +From db186a3f83454268c43fc793a48bc28c41368a6c Mon Sep 17 00:00:00 2001 +From: Petros Angelatos <petrosagg@gmail.com> +Date: Thu, 3 Mar 2016 23:58:53 -0800 +Subject: [PATCH] linux-user: ignore signals 33 and 64 to allow golang + emulation + +Signal 33 will always fail. This causes golang crash since +https://github.com/golang/go/commit/675eb72c285cd0dd44a5f280bb3fa456ddf6de16 + +As explained in that commit, these signals are very rarely used in a +way that causes problems, so it's ok-ish to ignore one of them. + +Signal 64 will fail because QEMU uses SIGRTMAX for itself. This causes +golang to crash for versions earlier than +https://github.com/golang/go/commit/d10675089d74db0408f2432eae3bd89a8e1c2d6a + +Since after that commit golang ignores that signal, we also ignore it here to +allow earlier versions to run as well. + +Signed-off-by: Petros Angelatos <petrosagg@gmail.com> +--- + linux-user/signal.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/linux-user/signal.c b/linux-user/signal.c +index 9a4d894..90aca55 100644 +--- a/linux-user/signal.c ++++ b/linux-user/signal.c +@@ -744,6 +744,27 @@ int do_sigaction(int sig, const struct target_sigaction *act, + } + + k = &sigact_table[sig - 1]; ++ ++ /* This signal will always fail. This causes golang crash since ++ * https://github.com/golang/go/commit/675eb72c285cd0dd44a5f280bb3fa456ddf6de16 ++ * ++ * As explained in that commit, these signals are very rarely used in a ++ * way that causes problems, so it's ok-ish to ignore one of them here. ++ */ ++ if (sig == 33) { ++ return 0; ++ } ++ /* This signal will fail because QEMU uses SIGRTMAX for itself. This causes ++ * golang to crash for versions earlier than ++ * https://github.com/golang/go/commit/d10675089d74db0408f2432eae3bd89a8e1c2d6a ++ * ++ * Since after that commit golang ignores that signal, we also ignore it here to ++ * allow earlier versions to run as well. ++ */ ++ if (sig == 64) { ++ return 0; ++ } ++ + if (oact) { + __put_user(k->_sa_handler, &oact->_sa_handler); + __put_user(k->sa_flags, &oact->sa_flags); diff --git a/community/qemu/musl-F_SHLCK-and-F_EXLCK.patch b/community/qemu/musl-F_SHLCK-and-F_EXLCK.patch new file mode 100644 index 0000000000..316819afab --- /dev/null +++ b/community/qemu/musl-F_SHLCK-and-F_EXLCK.patch @@ -0,0 +1,19 @@ +This patch was not upstreamed to qemu as those should probably be +defined in musl libc. + +--- ./linux-user/syscall.c.orig ++++ ./linux-user/syscall.c +@@ -114,6 +114,13 @@ + + #include "qemu.h" + ++#ifndef F_SHLCK ++#define F_SHLCK 8 ++#endif ++#ifndef F_EXLCK ++#define F_EXLCK 4 ++#endif ++ + #ifndef CLONE_IO + #define CLONE_IO 0x80000000 /* Clone io context */ + #endif diff --git a/community/qemu/ncurses.patch b/community/qemu/ncurses.patch new file mode 100644 index 0000000000..2e9eb2a90d --- /dev/null +++ b/community/qemu/ncurses.patch @@ -0,0 +1,13 @@ +diff --git a/configure b/configure +index 3770d7c..3fe8281 100755 +--- a/configure ++++ b/configure +@@ -2928,7 +2928,7 @@ if test "$curses" != "no" ; then + curses_inc_list="$($pkg_config --cflags ncurses 2>/dev/null):" + curses_lib_list="$($pkg_config --libs ncurses 2>/dev/null):-lpdcurses" + else +- curses_inc_list="$($pkg_config --cflags ncursesw 2>/dev/null):-I/usr/include/ncursesw:" ++ curses_inc_list="-DNCURSES_WIDECHAR=1 $($pkg_config --cflags ncursesw 2>/dev/null):-I/usr/include/ncursesw:" + curses_lib_list="$($pkg_config --libs ncursesw 2>/dev/null):-lncursesw:-lcursesw" + fi + curses_found=no diff --git a/community/qemu/qemu-guest-agent.confd b/community/qemu/qemu-guest-agent.confd new file mode 100644 index 0000000000..228c032544 --- /dev/null +++ b/community/qemu/qemu-guest-agent.confd @@ -0,0 +1,7 @@ +# Specifies the transport method used to communicate to QEMU on the host side +# Default: virtio-serial +#GA_METHOD="virtio-serial" + +# Specifies the device path for the communications back to QEMU on the host +# Default: /dev/virtio-ports/org.qemu.guest_agent.0 +#GA_PATH="/dev/virtio-ports/org.qemu.guest_agent.0" diff --git a/community/qemu/qemu-guest-agent.initd b/community/qemu/qemu-guest-agent.initd new file mode 100644 index 0000000000..aaf7de3f2a --- /dev/null +++ b/community/qemu/qemu-guest-agent.initd @@ -0,0 +1,6 @@ +#!/sbin/openrc-run + +name="QEMU Guest Agent" +pidfile="/run/qemu-ga.pid" +command="/usr/bin/qemu-ga" +command_args="-m ${GA_METHOD:-virtio-serial} -p ${GA_PATH:-/dev/virtio-ports/org.qemu.guest_agent.0} -l /var/log/qemu-ga.log -d" diff --git a/community/qemu/qemu.post-install b/community/qemu/qemu.post-install new file mode 100644 index 0000000000..025f7304c6 --- /dev/null +++ b/community/qemu/qemu.post-install @@ -0,0 +1,10 @@ +#!/bin/sh + +cat 1>&2 <<EOF +* +* If you want to run VM as unprivileged user and let Qemu create tunX devices, +* then you must add that user to the group "qemu". +* If you use KVM for hardware-assisted virtualization, then you may also need +* to add that user to the group "kvm". +* +EOF diff --git a/community/qemu/qemu.pre-install b/community/qemu/qemu.pre-install new file mode 100644 index 0000000000..2ef9b5366d --- /dev/null +++ b/community/qemu/qemu.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S -g 34 kvm 2>/dev/null +addgroup -S -g 36 qemu 2>/dev/null + +exit 0 diff --git a/community/qemu/test-crypto-ivgen-skip-essiv.patch b/community/qemu/test-crypto-ivgen-skip-essiv.patch new file mode 100644 index 0000000000..e72f489be1 --- /dev/null +++ b/community/qemu/test-crypto-ivgen-skip-essiv.patch @@ -0,0 +1,54 @@ +These tests fail with Illegal instruction and I don't have a clue why, +so skip them for now. + +--- a/tests/test-crypto-ivgen.c ++++ b/tests/test-crypto-ivgen.c +@@ -88,48 +88,6 @@ + "\x00\x00\x00\x00\x00\x00\x00\x00", + .niv = 16, + }, +- /* Small */ +- { +- "/crypto/ivgen/essiv/1", +- .sector = 0x1, +- .ivalg = QCRYPTO_IVGEN_ALG_ESSIV, +- .cipheralg = QCRYPTO_CIPHER_ALG_AES_128, +- .hashalg = QCRYPTO_HASH_ALG_SHA256, +- .key = (const uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07" +- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", +- .nkey = 16, +- .iv = (const uint8_t *)"\xd4\x83\x71\xb2\xa1\x94\x53\x88" +- "\x1c\x7a\x2d\06\x2d\x0b\x65\x46", +- .niv = 16, +- }, +- /* Big ! */ +- { +- "/crypto/ivgen/essiv/1f2e3d4c", +- .sector = 0x1f2e3d4cULL, +- .ivalg = QCRYPTO_IVGEN_ALG_ESSIV, +- .cipheralg = QCRYPTO_CIPHER_ALG_AES_128, +- .hashalg = QCRYPTO_HASH_ALG_SHA256, +- .key = (const uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07" +- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", +- .nkey = 16, +- .iv = (const uint8_t *)"\x5d\x36\x09\x5d\xc6\x9e\x5e\xe9" +- "\xe3\x02\x8d\xd8\x7a\x3d\xe7\x8f", +- .niv = 16, +- }, +- /* No Truncation */ +- { +- "/crypto/ivgen/essiv/1f2e3d4c5b6a7988", +- .sector = 0x1f2e3d4c5b6a7988ULL, +- .ivalg = QCRYPTO_IVGEN_ALG_ESSIV, +- .cipheralg = QCRYPTO_CIPHER_ALG_AES_128, +- .hashalg = QCRYPTO_HASH_ALG_SHA256, +- .key = (const uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07" +- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", +- .nkey = 16, +- .iv = (const uint8_t *)"\x58\xbb\x81\x94\x51\x83\x23\x23" +- "\x7a\x08\x93\xa9\xdc\xd2\xd9\xab", +- .niv = 16, +- }, + }; + + diff --git a/community/qemu/xattr_size_max.patch b/community/qemu/xattr_size_max.patch new file mode 100644 index 0000000000..1a33cbf5e8 --- /dev/null +++ b/community/qemu/xattr_size_max.patch @@ -0,0 +1,15 @@ +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index faebd91..a0f15b6 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -25,6 +25,10 @@ + #include "trace.h" + #include "migration/migration.h" + ++#ifdef __linux__ ++#include <linux/limits.h> /* for XATTR_SIZE_MAX */ ++#endif ++ + int open_fd_hw; + int total_open_fd; + static int open_fd_rc; |