kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

- Update to 2008-03-02 snapshot [1]

Browse source 
- Fix unchecked block read/write vulnerability [2]

Submitted by:	nox [1]
Obtained from:	qemu cvs [2]
Security:	http://www.vuxml.org/freebsd/9cfbca7f-efb7-11dc-be01-0211060005df.html
This commit is contained in:
Juergen Lock 2008-03-11 23:34:14 +00:00
parent 9d5889dd37
commit cf1bcdae1c
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=208861
18 changed files with 335 additions and 338 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
emulators/qemu-devel/Makefile
View file

@ -6,8 +6,7 @@
#
PORTNAME= qemu
PORTVERSION= 0.9.0s.20070802
PORTREVISION= 1
PORTVERSION= 0.9.1s.20080302
CATEGORIES= emulators
MASTER_SITES= http://qemu.org/:release \
http://qemu-forum.ipi.fi/qemu-snapshots/:snapshot \
@ -16,7 +15,7 @@ MASTER_SITES= http://qemu.org/:release \
http://people.brandeis.edu/~jcoiner/qemu_idedma/:idedma \
http://people.freebsd.org/~maho/qemu/:misc
PKGNAMESUFFIX= -devel
DISTNAME= ${PORTNAME}-snapshot-2007-08-02_05
DISTNAME= ${PORTNAME}-snapshot-2008-03-02_05
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}:snapshot
DIST_SUBDIR= qemu
EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX}
@ -30,21 +29,27 @@ USE_GMAKE= yes
USE_GETOPT_LONG= yes
USE_PERL5= yes
USE_GCC= 3.4
PATCH_STRIP= -p1
PATCH_STRIP= -lp1
MAKE_ENV+= BSD_MAKE="${MAKE}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}"
MAN1= qemu.1 qemu-img.1
ONLY_FOR_ARCHS= amd64 i386
CONFLICTS= qemu-[0-9]*
OPTIONS= KQEMU "Build with (alpha!) accelerator module" Off \
HACKS_CIRRUS "Large display speedup (buggy!)" Off \
RTL8139_TIMER "allow use of re(4) nic with FreeBSD guests" Off \
SAMBA "samba dependency (for -smb)" Off \
SDL "SDL/X dependency (graphical output)" On \
GNUTLS "gnutls dependency (vnc encryption)" On \
CDROM_DMA "IDE CDROM DMA" On
.include <bsd.port.pre.mk>
.if ${OSVERSION} < 600000
# 5.x base gcc segfaults in target-mips/op_mem.c
BUILD_DEPENDS+= gcc34:${PORTSDIR}/lang/gcc34
CC= gcc34
.endif
WITHOUT_CPU_CFLAGS=yes #to avoid problems with register allocation
CFLAGS:= ${CFLAGS:C/-fno-tree-vrp//}
CONFIGURE_ARGS+= --prefix=${PREFIX} --cc=${CC}
@ -55,6 +60,12 @@ CONFIGURE_ARGS+= --disable-sdl --disable-gfx-check
USE_SDL= sdl
.endif
.if defined(WITHOUT_GNUTLS)
CONFIGURE_ARGS+= --disable-vnc-tls
.else
LIB_DEPENDS+= gnutls:${PORTSDIR}/security/gnutls
.endif
.if defined (WITH_HACKS_CIRRUS) || defined (WITH_HACKS)
DISTFILES+= patch3_cirrus:misc
.endif
@ -65,7 +76,6 @@ RUN_DEPENDS+= ${LOCALBASE}/sbin/smbd:${PORTSDIR}/net/samba3
.if defined(WITH_KQEMU)
BUILD_DEPENDS+= kqemu-kmod>=1.3.0pre5:${PORTSDIR}/emulators/kqemu-kmod
CONFIGURE_ARGS+= --enable-kqemu
.else
CONFIGURE_ARGS+= --disable-kqemu
.endif
@ -91,9 +101,6 @@ pre-patch:
done
post-patch:
.if defined(WITH_HACKS_CIRRUS) || defined (WITH_HACKS)
@cd ${WRKSRC} ; ${PATCH} --quiet < ${DISTDIR}/${DIST_SUBDIR}/patch3_cirrus
.endif
.if defined(WITH_RTL8139_TIMER)
@cd ${WRKSRC} && ${PATCH} --quiet < ${FILESDIR}/rtl8139-re-patch
.endif

9
emulators/qemu-devel/distinfo
View file

@ -1,6 +1,3 @@
MD5 (qemu/qemu-snapshot-2007-08-02_05.tar.bz2) = 35332948d2a3647c4b29b27c9fc9b5a5
SHA256 (qemu/qemu-snapshot-2007-08-02_05.tar.bz2) = b3931bf1d3787cf854b2687bd8bd568aba1d5bb2fde798189a56935cb502cd56
SIZE (qemu/qemu-snapshot-2007-08-02_05.tar.bz2) = 2054955
MD5 (qemu/patch3_cirrus) = ebe7ed9fce804c49e024bc93bfdfc810
SHA256 (qemu/patch3_cirrus) = e862371834b7d895a896fbdb84fd9f70d17b5729a6f6789a48a61504fc941e11
SIZE (qemu/patch3_cirrus) = 8817
MD5 (qemu/qemu-snapshot-2008-03-02_05.tar.bz2) = 832923647bb52f1f0408a707e98479ca
SHA256 (qemu/qemu-snapshot-2008-03-02_05.tar.bz2) = d4159530d7f6b7261a16346b013f303cfa703403e749ca49ce003ef61d7eaff1
SIZE (qemu/qemu-snapshot-2008-03-02_05.tar.bz2) = 2394602

11
emulators/qemu-devel/files/patch-90_security
View file

@ -163,18 +163,13 @@ Index: qemu-0.8.2/hw/dma.c
}
Index: qemu-0.8.2/hw/fdc.c
===================================================================
--- qemu-0.8.2.orig/hw/fdc.c 2006-07-22 20:23:34.000000000 +0300
+++ qemu-0.8.2/hw/fdc.c 2007-04-20 06:05:59.000000000 +0300
@@ -1110,8 +1110,13 @@ static uint32_t fdctrl_read_data (fdctrl
@@ -1247,7 +1247,12 @@
len = fdctrl->data_len - fdctrl->data_pos;
if (len > FD_SECTOR_LEN)
len = FD_SECTOR_LEN;
- bdrv_read(cur_drv->bs, fd_sector(cur_drv),
- fdctrl->fifo, len);
- bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1);
+ if (cur_drv->bs) {
+ bdrv_read(cur_drv->bs, fd_sector(cur_drv),
+ fdctrl->fifo, len);
+ bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1);
+ } else {
+ FLOPPY_ERROR("can't read data from drive\n");
+ return 0;

242
emulators/qemu-devel/files/patch-CVE-2008-0928 Normal file
View file

@ -0,0 +1,242 @@
Index: qemu/block-qcow.c
===================================================================
RCS file: /sources/qemu/qemu/block-qcow.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -p -u -p -r1.15 -r1.16
--- block-qcow.c 11 Nov 2007 02:51:16 -0000 1.15
+++ block-qcow.c 11 Mar 2008 17:17:58 -0000 1.16
@@ -95,7 +95,7 @@ static int qcow_open(BlockDriverState *b
int len, i, shift, ret;
QCowHeader header;
- ret = bdrv_file_open(&s->hd, filename, flags);
+ ret = bdrv_file_open(&s->hd, filename, flags | BDRV_O_AUTOGROW);
if (ret < 0)
return ret;
if (bdrv_pread(s->hd, 0, &header, sizeof(header)) != sizeof(header))
Index: qemu/block-qcow2.c
===================================================================
RCS file: /sources/qemu/qemu/block-qcow2.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -p -u -p -r1.10 -r1.11
--- block-qcow2.c 11 Nov 2007 02:51:16 -0000 1.10
+++ block-qcow2.c 11 Mar 2008 17:17:58 -0000 1.11
@@ -191,7 +191,7 @@ static int qcow_open(BlockDriverState *b
int len, i, shift, ret;
QCowHeader header;
- ret = bdrv_file_open(&s->hd, filename, flags);
+ ret = bdrv_file_open(&s->hd, filename, flags | BDRV_O_AUTOGROW);
if (ret < 0)
return ret;
if (bdrv_pread(s->hd, 0, &header, sizeof(header)) != sizeof(header))
Index: qemu/block-vmdk.c
===================================================================
RCS file: /sources/qemu/qemu/block-vmdk.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -p -u -p -r1.19 -r1.20
--- block-vmdk.c 14 Jan 2008 03:48:37 -0000 1.19
+++ block-vmdk.c 11 Mar 2008 17:17:58 -0000 1.20
@@ -378,7 +378,7 @@ static int vmdk_open(BlockDriverState *b
flags = BDRV_O_RDONLY;
fprintf(stderr, "(VMDK) image open: flags=0x%x filename=%s\n", flags, bs->filename);
- ret = bdrv_file_open(&s->hd, filename, flags);
+ ret = bdrv_file_open(&s->hd, filename, flags | BDRV_O_AUTOGROW);
if (ret < 0)
return ret;
if (bdrv_pread(s->hd, 0, &magic, sizeof(magic)) != sizeof(magic))
Index: qemu/block.c
===================================================================
RCS file: /sources/qemu/qemu/block.c,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -p -u -p -r1.54 -r1.55
--- block.c 10 Mar 2008 00:05:34 -0000 1.54
+++ block.c 11 Mar 2008 17:17:58 -0000 1.55
@@ -123,6 +123,60 @@ void path_combine(char *dest, int dest_s
}
}
+static int bdrv_rd_badreq_sectors(BlockDriverState *bs,
+ int64_t sector_num, int nb_sectors)
+{
+ return
+ nb_sectors < 0 ||
+ sector_num < 0 ||
+ nb_sectors > bs->total_sectors ||
+ sector_num > bs->total_sectors - nb_sectors;
+}
+
+static int bdrv_rd_badreq_bytes(BlockDriverState *bs,
+ int64_t offset, int count)
+{
+ int64_t size = bs->total_sectors << SECTOR_BITS;
+ return
+ count < 0 ||
+ size < 0 ||
+ count > size ||
+ offset > size - count;
+}
+
+static int bdrv_wr_badreq_sectors(BlockDriverState *bs,
+ int64_t sector_num, int nb_sectors)
+{
+ if (sector_num < 0 ||
+ nb_sectors < 0)
+ return 1;
+
+ if (sector_num > bs->total_sectors - nb_sectors) {
+ if (bs->autogrow)
+ bs->total_sectors = sector_num + nb_sectors;
+ else
+ return 1;
+ }
+ return 0;
+}
+
+static int bdrv_wr_badreq_bytes(BlockDriverState *bs,
+ int64_t offset, int count)
+{
+ int64_t size = bs->total_sectors << SECTOR_BITS;
+ if (count < 0 ||
+ offset < 0)
+ return 1;
+
+ if (offset > size - count) {
+ if (bs->autogrow)
+ bs->total_sectors = (offset + count + SECTOR_SIZE - 1) >> SECTOR_BITS;
+ else
+ return 1;
+ }
+ return 0;
+}
+
static void bdrv_register(BlockDriver *bdrv)
{
@@ -335,6 +389,10 @@ int bdrv_open2(BlockDriverState *bs, con
bs->read_only = 0;
bs->is_temporary = 0;
bs->encrypted = 0;
+ bs->autogrow = 0;
+
+ if (flags & BDRV_O_AUTOGROW)
+ bs->autogrow = 1;
if (flags & BDRV_O_SNAPSHOT) {
BlockDriverState *bs1;
@@ -379,6 +437,7 @@ int bdrv_open2(BlockDriverState *bs, con
}
bs->drv = drv;
bs->opaque = qemu_mallocz(drv->instance_size);
+ bs->total_sectors = 0; /* driver will set if it does not do getlength */
if (bs->opaque == NULL && drv->instance_size > 0)
return -1;
/* Note: for compatibility, we open disk image files as RDWR, and
@@ -444,6 +503,7 @@ void bdrv_close(BlockDriverState *bs)
bs->drv = NULL;
/* call the change callback */
+ bs->total_sectors = 0;
bs->media_changed = 1;
if (bs->change_cb)
bs->change_cb(bs->change_opaque);
@@ -509,6 +569,8 @@ int bdrv_read(BlockDriverState *bs, int6
if (!drv)
return -ENOMEDIUM;
+ if (bdrv_rd_badreq_sectors(bs, sector_num, nb_sectors))
+ return -EDOM;
if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
memcpy(buf, bs->boot_sector_data, 512);
sector_num++;
@@ -549,6 +611,8 @@ int bdrv_write(BlockDriverState *bs, int
return -ENOMEDIUM;
if (bs->read_only)
return -EACCES;
+ if (bdrv_wr_badreq_sectors(bs, sector_num, nb_sectors))
+ return -EDOM;
if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
memcpy(bs->boot_sector_data, buf, 512);
}
@@ -674,6 +738,8 @@ int bdrv_pread(BlockDriverState *bs, int
return -ENOMEDIUM;
if (!drv->bdrv_pread)
return bdrv_pread_em(bs, offset, buf1, count1);
+ if (bdrv_rd_badreq_bytes(bs, offset, count1))
+ return -EDOM;
return drv->bdrv_pread(bs, offset, buf1, count1);
}
@@ -689,6 +755,8 @@ int bdrv_pwrite(BlockDriverState *bs, in
return -ENOMEDIUM;
if (!drv->bdrv_pwrite)
return bdrv_pwrite_em(bs, offset, buf1, count1);
+ if (bdrv_wr_badreq_bytes(bs, offset, count1))
+ return -EDOM;
return drv->bdrv_pwrite(bs, offset, buf1, count1);
}
@@ -955,6 +1023,8 @@ int bdrv_write_compressed(BlockDriverSta
return -ENOMEDIUM;
if (!drv->bdrv_write_compressed)
return -ENOTSUP;
+ if (bdrv_wr_badreq_sectors(bs, sector_num, nb_sectors))
+ return -EDOM;
return drv->bdrv_write_compressed(bs, sector_num, buf, nb_sectors);
}
@@ -1101,6 +1171,8 @@ BlockDriverAIOCB *bdrv_aio_read(BlockDri
if (!drv)
return NULL;
+ if (bdrv_rd_badreq_sectors(bs, sector_num, nb_sectors))
+ return NULL;
/* XXX: we assume that nb_sectors == 0 is suppored by the async read */
if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
@@ -1132,6 +1204,8 @@ BlockDriverAIOCB *bdrv_aio_write(BlockDr
return NULL;
if (bs->read_only)
return NULL;
+ if (bdrv_wr_badreq_sectors(bs, sector_num, nb_sectors))
+ return NULL;
if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
memcpy(bs->boot_sector_data, buf, 512);
}
Index: qemu/block.h
===================================================================
RCS file: /sources/qemu/qemu/block.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -p -u -p -r1.6 -r1.7
--- block.h 24 Dec 2007 16:10:43 -0000 1.6
+++ block.h 11 Mar 2008 17:17:59 -0000 1.7
@@ -45,6 +45,7 @@ typedef struct QEMUSnapshotInfo {
it (default for
bdrv_file_open()) */
#define BDRV_O_DIRECT 0x0020
+#define BDRV_O_AUTOGROW 0x0040 /* Allow backing file to extend when writing past end of file */
#ifndef QEMU_IMG
void bdrv_info(void);
Index: qemu/block_int.h
===================================================================
RCS file: /sources/qemu/qemu/block_int.h,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -p -u -p -r1.16 -r1.17
--- block_int.h 24 Dec 2007 16:10:43 -0000 1.16
+++ block_int.h 11 Mar 2008 17:17:59 -0000 1.17
@@ -97,6 +97,7 @@ struct BlockDriverState {
int locked; /* if true, the media cannot temporarily be ejected */
int encrypted; /* if true, the media is encrypted */
int sg; /* if true, the device is a /dev/sg* */
+ int autogrow; /* if true, the backing store can auto-extend to allocate new extents */
/* event callback when inserting/removing */
void (*change_cb)(void *opaque);
void *change_opaque;

113
emulators/qemu-devel/files/patch-PRId64
View file

@ -1,113 +0,0 @@
Index: qemu/vl.h
@@ -30,6 +30,12 @@
#include <stdarg.h>
#include <string.h>
#include <inttypes.h>
+#ifndef PRId64
+#define PRId64 "lld" /* int64_t */
+#define PRIo64 "llo" /* int64_t */
+#define PRIx64 "llx" /* int64_t */
+#define PRIu64 "llu" /* int64_t */
+#endif
#include <limits.h>
#include <time.h>
#include <ctype.h>
Index: qemu/dis-asm.h
@@ -13,6 +13,12 @@
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
+#ifndef PRId64
+#define PRId64 "lld" /* int64_t */
+#define PRIo64 "llo" /* int64_t */
+#define PRIx64 "llx" /* int64_t */
+#define PRIu64 "llu" /* int64_t */
+#endif
#define PARAMS(x) x
typedef void *PTR;
Index: qemu/kqemu.c
@@ -33,6 +33,12 @@
#include <errno.h>
#include <unistd.h>
#include <inttypes.h>
+#ifndef PRId64
+#define PRId64 "lld" /* int64_t */
+#define PRIo64 "llo" /* int64_t */
+#define PRIx64 "llx" /* int64_t */
+#define PRIu64 "llu" /* int64_t */
+#endif
#include "cpu.h"
#include "exec-all.h"
Index: qemu/translate-all.c
@@ -22,6 +22,12 @@
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
+#ifndef PRId64
+#define PRId64 "lld" /* int64_t */
+#define PRIo64 "llo" /* int64_t */
+#define PRIx64 "llx" /* int64_t */
+#define PRIu64 "llu" /* int64_t */
+#endif
#include "config.h"
Index: qemu/target-i386/helper.c
@@ -21,6 +21,13 @@
//#define DEBUG_PCALL
+#ifndef PRId64
+#define PRId64 "lld" /* int64_t */
+#define PRIo64 "llo" /* int64_t */
+#define PRIx64 "llx" /* int64_t */
+#define PRIu64 "llu" /* int64_t */
+#endif
+
#if 0
#define raise_exception_err(a, b)\
do {\
Index: qemu/target-i386/helper2.c
@@ -22,6 +22,12 @@
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
+#ifndef PRId64
+#define PRId64 "lld" /* int64_t */
+#define PRIo64 "llo" /* int64_t */
+#define PRIx64 "llx" /* int64_t */
+#define PRIu64 "llu" /* int64_t */
+#endif
#include <signal.h>
#include <assert.h>
Index: qemu/target-ppc/translate.c
@@ -22,6 +22,12 @@
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
+#ifndef PRId64
+#define PRId64 "lld" /* int64_t */
+#define PRIo64 "llo" /* int64_t */
+#define PRIx64 "llx" /* int64_t */
+#define PRIu64 "llu" /* int64_t */
+#endif
#include "cpu.h"
#include "exec-all.h"
Index: qemu/target-sparc/helper.c
@@ -22,6 +22,12 @@
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
+#ifndef PRId64
+#define PRId64 "lld" /* int64_t */
+#define PRIo64 "llo" /* int64_t */
+#define PRIx64 "llx" /* int64_t */
+#define PRIu64 "llu" /* int64_t */
+#endif
#include <signal.h>
#include <assert.h>

4
emulators/qemu-devel/files/patch-bg
View file

@ -9,10 +9,10 @@ Index: qemu/Makefile.target
ifndef CONFIG_USER_ONLY
LIBS+=-lz
Index: qemu/vl.c
@@ -89,10 +89,12 @@
#include "exec-all.h"
@@ -133,10 +133,12 @@
#define DEFAULT_NETWORK_SCRIPT "/etc/qemu-ifup"
#define DEFAULT_NETWORK_DOWN_SCRIPT "/etc/qemu-ifdown"
+#ifndef SMBD_COMMAND
#ifdef __sun__
#define SMBD_COMMAND "/usr/sfw/sbin/smbd"

51
emulators/qemu-devel/files/patch-block-raw.c
View file

@ -1,51 +0,0 @@
Index: qemu/block-raw.c
@@ -51,7 +51,10 @@
#include <linux/cdrom.h>
#include <linux/fd.h>
#endif
#ifdef __FreeBSD__
+#include <signal.h>
+#endif
+#if defined(__FreeBSD__) && __FreeBSD__ > 4
#include <sys/disk.h>
#endif
@@ -167,9 +167,20 @@
static int aio_sig_num = SIGUSR2;
static RawAIOCB *first_aio; /* AIO issued */
static int aio_initialized = 0;
+// FreeBSD 4.x doesn't have sigwait
+#if defined(__FreeBSD__) && __FreeBSD__ <= 4
+static int sigaio_dont = 0;
+#endif
static void aio_signal_handler(int signum)
{
+// FreeBSD 4.x doesn't have sigwait
+#if defined(__FreeBSD__) && __FreeBSD__ <= 4
+ if (sigaio_dont) {
+ --sigaio_dont;
+ return;
+ }
+#endif
#ifndef QEMU_TOOL
CPUState *env = cpu_single_env;
if (env) {
@@ -284,9 +295,17 @@
if (qemu_bh_poll())
return;
#endif
+// FreeBSD 4.x doesn't have sigwait
+#if defined(__FreeBSD__) && __FreeBSD__ <= 4
+ ++sigaio_dont;
+ do
+ sigsuspend(&wait_oset);
+ while (sigaio_dont);
+#else
sigemptyset(&set);
sigaddset(&set, aio_sig_num);
sigwait(&set, &nb_sigs);
+#endif
qemu_aio_poll();
}

23
emulators/qemu-devel/files/patch-bsdusb.patch
View file

@ -35,16 +35,16 @@ Index: qemu/configure
for target in $target_list; do
target_dir="$target"
Index: qemu/Makefile.target
@@ -408,7 +408,7 @@
VL_OBJS+= scsi-disk.o cdrom.o lsi53c895a.o
Index: qemu/Makefile
@@ -58,7 +58,7 @@
OBJS+=ssd0303.o ssd0323.o ads7846.o stellaris_input.o
OBJS+=scsi-disk.o cdrom.o
OBJS+=scsi-generic.o
-OBJS+=usb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-wacom.o usb-serial.o
+OBJS+=usb.o usb-hub.o usb-$(HOST_USB).o usb-hid.o usb-msd.o usb-wacom.o usb-serial.o
OBJS+=sd.o ssi-sd.o
# USB layer
-VL_OBJS+= usb.o usb-hub.o usb-linux.o usb-hid.o usb-ohci.o usb-msd.o
+VL_OBJS+= usb.o usb-hub.o usb-$(HOST_USB).o usb-hid.o usb-ohci.o usb-msd.o
VL_OBJS+= usb-wacom.o
# EEPROM emulation
ifdef CONFIG_WIN32
Index: qemu/usb-stub.c
@@ -0,0 +1,11 @@
+#include "vl.h"
@ -59,7 +59,7 @@ Index: qemu/usb-stub.c
+ return NULL;
+}
Index: qemu/usb-bsd.c
@@ -0,0 +1,600 @@
@@ -0,0 +1,601 @@
+/*
+ * BSD host USB redirector
+ *
@ -86,7 +86,8 @@ Index: qemu/usb-bsd.c
+ * THE SOFTWARE.
+ */
+
+#include "vl.h"
+#include "qemu-common.h"
+#include "hw/usb.h"
+
+/* usb.h declares these */
+#undef USB_SPEED_HIGH

29
emulators/qemu-devel/files/patch-cpu-exec.c Normal file
View file

@ -0,0 +1,29 @@
--- qemu.orig/cpu-exec.c Mon Jan 14 11:11:02 2008
+++ qemu/cpu-exec.c Thu Jan 17 23:03:00 2008
@@ -449,16 +449,18 @@ int cpu_exec(CPUState *env1)
(env->eflags & IF_MASK || env->hflags & HF_HIF_MASK) &&
!(env->hflags & HF_INHIBIT_IRQ_MASK)) {
int intno;
- svm_check_intercept(SVM_EXIT_INTR);
env->interrupt_request &= ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_VIRQ);
intno = cpu_get_pic_interrupt(env);
- if (loglevel & CPU_LOG_TB_IN_ASM) {
- fprintf(logfile, "Servicing hardware INT=0x%02x\n", intno);
- }
- do_interrupt(intno, 0, 0, 0, 1);
- /* ensure that no TB jump will be modified as
- the program flow was changed */
- BREAK_CHAIN;
+ if(intno>=0) {
+ svm_check_intercept(SVM_EXIT_INTR);
+ if (loglevel & CPU_LOG_TB_IN_ASM) {
+ fprintf(logfile, "Servicing hardware INT=0x%02x\n", intno);
+ }
+ do_interrupt(intno, 0, 0, 0, 1);
+ /* ensure that no TB jump will be modified as
+ the program flow was changed */
+ BREAK_CHAIN;
+ }
#if !defined(CONFIG_USER_ONLY)
} else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
(env->eflags & IF_MASK) && !(env->hflags & HF_INHIBIT_IRQ_MASK)) {

16
emulators/qemu-devel/files/patch-fbsd
View file

@ -20,17 +20,17 @@ Index: qemu/Makefile
rm -f *.o *.a $(TOOLS) dyngen$(EXESUF) TAGS *.pod *~ */*~
$(MAKE) -C tests clean
Index: qemu/Makefile.target
@@ -465,8 +465,8 @@
SDL_LIBS := $(filter-out -mwindows, $(SDL_LIBS)) -mconsole
@@ -649,8 +649,8 @@
main.o: CFLAGS+=-p
endif
-$(QEMU_SYSTEM): $(VL_OBJS) libqemu.a
- $(CC) $(VL_LDFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(VL_LIBS)
+$(QEMU_SYSTEM): $(VL_OBJS) libqemu.a ../bsd/libmath.a
+ $(CC) $(VL_LDFLAGS) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(VL_LIBS) ../bsd/libmath.a
-$(QEMU_PROG): $(OBJS) ../libqemu_common.a libqemu.a
- $(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(CURSES_LIBS)
+$(QEMU_PROG): $(OBJS) ../libqemu_common.a libqemu.a ../bsd/libmath.a
+ $(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(CURSES_LIBS) ../bsd/libmath.a
endif # !CONFIG_USER_ONLY
cocoa.o: cocoa.m
$(CC) $(CFLAGS) $(CPPFLAGS) $(BASE_CFLAGS) -c -o $@ $<
Index: qemu/fpu/softfloat-native.c
@@ -2,11 +2,16 @@
context is supported */

11
emulators/qemu-devel/files/patch-hw-pxa2xx_gpio.c
View file

@ -1,11 +0,0 @@
Index: qemu/hw/pxa2xx_gpio.c
@@ -152,6 +152,9 @@
case GPDR: /* GPIO Pin-Direction registers */
return s->dir[bank];
+ case GPSR: /* GPIO Pin-Output Set registers */
+ return s->olevel[bank];
+
case GRER: /* GPIO Rising-Edge Detect Enable registers */
return s->rising[bank];

10
emulators/qemu-devel/files/patch-qemu-img.c
View file

@ -1,10 +0,0 @@
Index: qemu/qemu-img.c
@@ -134,7 +134,7 @@
"Command syntax:\n"
" create [-e] [-b base_image] [-f fmt] filename [size]\n"
" commit [-f fmt] filename\n"
- " convert [-c] [-e] [-f fmt] filename [-O output_fmt] output_filename\n"
+ " convert [-c] [-e] [-f fmt] [-O output_fmt] filename output_filename\n"
" info [-f fmt] filename\n"
"\n"
"Command parameters:\n"

6
emulators/qemu-devel/files/patch-qemu-img.texi
View file

@ -1,10 +1,10 @@
Index: qemu/qemu-img.texi
@@ -10,7 +10,7 @@
@table @option
@item create [-e] [-b @var{base_image}] [-f @var{fmt}] @var{filename} [@var{size}]
@item create [-e] [-6] [-b @var{base_image}] [-f @var{fmt}] @var{filename} [@var{size}]
@item commit [-f @var{fmt}] @var{filename}
-@item convert [-c] [-e] [-f @var{fmt}] @var{filename} [-O @var{output_fmt}] @var{output_filename}
+@item convert [-c] [-e] [-f @var{fmt}] [-O @var{output_fmt}] @var{filename} @var{output_filename}
-@item convert [-c] [-e] [-6] [-f @var{fmt}] @var{filename} [-O @var{output_fmt}] @var{output_filename}
+@item convert [-c] [-e] [-6] [-f @var{fmt}] [-O @var{output_fmt}] @var{filename} @var{output_filename}
@item info [-f @var{fmt}] @var{filename}
@end table

92
emulators/qemu-devel/files/patch-tlb-vuln
View file

@ -1,92 +0,0 @@
Index: qemu/cpu-exec.c
diff -u qemu/cpu-exec.c:1.128 qemu/cpu-exec.c:1.129
--- qemu/cpu-exec.c:1.128 Sun Dec 2 06:18:23 2007
+++ qemu/cpu-exec.c Tue Dec 11 19:35:45 2007
@@ -133,7 +133,7 @@
tb->tc_ptr = tc_ptr;
tb->cs_base = cs_base;
tb->flags = flags;
- cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
+ cpu_gen_code(env, tb, &code_gen_size);
code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
/* check next page if needed */
Index: qemu/exec-all.h
diff -u qemu/exec-all.h:1.72 qemu/exec-all.h:1.73
--- qemu/exec-all.h:1.72 Mon Nov 19 00:38:33 2007
+++ qemu/exec-all.h Tue Dec 11 19:35:45 2007
@@ -64,8 +64,9 @@
int gen_intermediate_code(CPUState *env, struct TranslationBlock *tb);
int gen_intermediate_code_pc(CPUState *env, struct TranslationBlock *tb);
void dump_ops(const uint16_t *opc_buf, const uint32_t *opparam_buf);
+unsigned long code_gen_max_block_size(void);
int cpu_gen_code(CPUState *env, struct TranslationBlock *tb,
- int max_code_size, int *gen_code_size_ptr);
+ int *gen_code_size_ptr);
int cpu_restore_state(struct TranslationBlock *tb,
CPUState *env, unsigned long searched_pc,
void *puc);
@@ -94,7 +95,6 @@
return tlb_set_page_exec(env, vaddr, paddr, prot, mmu_idx, is_softmmu);
}
-#define CODE_GEN_MAX_SIZE 65536
#define CODE_GEN_ALIGN 16 /* must be >= of the size of a icache line */
#define CODE_GEN_PHYS_HASH_BITS 15
Index: qemu/exec.c
diff -u qemu/exec.c:1.117 qemu/exec.c:1.118
--- qemu/exec.c:1.117 Sun Dec 9 02:22:56 2007
+++ qemu/exec.c Tue Dec 11 19:35:45 2007
@@ -56,7 +56,7 @@
#endif
/* threshold to flush the translated code buffer */
-#define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - CODE_GEN_MAX_SIZE)
+#define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - code_gen_max_block_size())
#define SMC_BITMAP_USE_THRESHOLD 10
@@ -622,7 +622,7 @@
tb->cs_base = cs_base;
tb->flags = flags;
tb->cflags = cflags;
- cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
+ cpu_gen_code(env, tb, &code_gen_size);
code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
/* check next page if needed */
Index: qemu/translate-all.c
diff -u qemu/translate-all.c:1.23 qemu/translate-all.c:1.24
--- qemu/translate-all.c:1.23 Sun Dec 2 06:10:02 2007
+++ qemu/translate-all.c Tue Dec 11 19:35:45 2007
@@ -132,14 +132,27 @@
}
}
+unsigned long code_gen_max_block_size(void)
+{
+ static unsigned long max;
+
+ if (max == 0) {
+#define DEF(s, n, copy_size) max = copy_size > max? copy_size : max;
+#include "opc.h"
+#undef DEF
+ max *= OPC_MAX_SIZE;
+ }
+
+ return max;
+}
+
/* return non zero if the very first instruction is invalid so that
the virtual CPU can trigger an exception.
'*gen_code_size_ptr' contains the size of the generated code (host
code).
*/
-int cpu_gen_code(CPUState *env, TranslationBlock *tb,
- int max_code_size, int *gen_code_size_ptr)
+int cpu_gen_code(CPUState *env, TranslationBlock *tb, int *gen_code_size_ptr)
{
uint8_t *gen_code_buf;
int gen_code_size;

3
emulators/qemu-devel/pkg-plist
View file

@ -1,6 +1,7 @@
bin/qemu
bin/qemu-img
bin/qemu-system-arm
bin/qemu-system-cris
bin/qemu-system-m68k
bin/qemu-system-mips
bin/qemu-system-mips64
@ -9,6 +10,8 @@ bin/qemu-system-mipsel
bin/qemu-system-ppc
bin/qemu-system-ppc64
bin/qemu-system-ppcemb
bin/qemu-system-sh4
bin/qemu-system-sh4eb
bin/qemu-system-sparc
bin/qemu-system-x86_64
%%PORTDOCS%%%%DOCSDIR%%/qemu-doc.html