(From OE-Core rev: 93efa56fb87217035275dcb04c4a19b79b95ccaf)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A DMA-MMIO reentrancy problem may lead to memory corruption bugs
like stack overflow or use-after-free.
Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
Reference:
https://gitlab.com/qemu-project/qemu/-/issues/556
qemu.git$ git log --no-merges --oneline --grep CVE-2023-0330
b987718bbb hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
a2e1753b80 memory: prevent dma-reentracy issues
Included second commit as well as commit log of a2e1753b80 says it
resolves CVE-2023-0330
(From OE-Core rev: 45ce9885351a2344737170e6e810dc67ab3e7ea9)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The patch for CVE-2021-3929 applied on dunfell returns a value for a
void function. This results in the following compiler warning/error:
hw/block/nvme.c:77:6: error: void function
'nvme_addr_read' should not return a value [-Wreturn-type]
return NVME_DATA_TRAS_ERROR;
^ ~~~~~~~~~~~~~~~~~~~~
In newer versions of qemu, the functions is changed to have a return
value, but that is not present in the version of qemu used in “dunfell”.
Backport some of the patches to correct this.
(From OE-Core rev: 4ad98f0b27615ad59ae61110657cf69004c61ef4)
Signed-off-by: Gaurav Gupta <gauragup@cisco.com>
Signed-off-by: Gaurav Gupta <gauragup@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
import patches from ubuntu to fix
CVE-2020-15469
CVE-2020-15859
CVE-2020-17380
CVE-2020-35504
CVE-2020-35505
CVE-2021-3409
CVE-2022-26354
https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches?h=ubuntu/focal-security
Combine patches for both CVE-2020-25085 and CVE-2021-3409 also fix CVE-2020-17380.
so mark CVE-2020-17380 fixed by CVE-2021-3409 patches. CVE-2020-17380 patch backported since
oecore rev 6b4c58a31ec11e557d40c31f2532985dd53e61eb.
(From OE-Core rev: 3ee2e9027d57dd5ae9f8795436c1acd18a9f1e24)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a PACKAGECONFIG option for slirp, defaulting to internal. This avoids
the presence of libslirp on the host causing qemu to link against that
instead breaking reproducibility and usability of the binary on hosts
where the library isn't present.
We need to add it to PACKAGECONFIG by default since users do expect slirp
to be enabled in the wider community.
Note: qemu version 4.2.0 doesn't support an "internal" option for
enable-slirp, so use "git" instead which uses the same configure
code path, avoids host libslirp contamination and forces use of the
qemu internal slirp implementation.
(From OE-Core rev: e5dc03e4a3b71ff144896a8ce56a34b8677e8e27)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5a9a64132bf5ecac9d611d29751226a466c4a2c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Avoid accidentally linking to the rdma library from the host by
adding a PACKAGECONFIG for the option. This was found on new
Fedora 36 autobuilder workers.
(From OE-Core rev: aa9d0c2b777c10bb6c68b0232d54cbcd1af1493f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a0f3cb225e4d5471155abbcd05d09bd6bf1620f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Avoid accidentally linking to the rbd library from the host by
adding a PACKAGECONFIG for the option.
(From OE-Core rev: bb32854dbe68335d834aaa80e42d6a524ea4e1b2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Avoid accidentally linking to the vde library from the host by
adding a PACKAGECONFIG for the option.
(From OE-Core rev: cc979908beec8a40a636d00a1fdcf2769358377f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8839e9540528b0b46c4fb4f95e508f038bcef8b9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The upstream qemu recipe uses host's pkg-config files as a solution to
detecting host's SDL. This has a side effect of using other host
libraries that are later queried by the configure script. This can get
into a situation when the host provides libnfs (for example) and because
later this dependency is not in place anymore, qemu will fail at
runtime.
This change adds a PACKAGECONFIG definition for libnfs that is disabled
by default, in turn disabling the pkgconfig autodetection in configure.
(From OE-Core rev: 9badcf0261f6b735d65a5498bb8fbb9979d7a07f)
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 42b364a25fdbc987c85dd46b8427045033924d99)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Source: https://github.com/qemu/qemu
MR: 119832
Type: Security Fix
Disposition: Backport from 418ade7849
ChangeID: 1246afd7bb950d2d5fe2e198961797c0fa14ac00
Description:
CVE-2022-35414 qemu: can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.
(From OE-Core rev: 7c3043df56b3090138fe56f8c06df5ca08cafd26)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Autobuilder workers were non-deterministically enabling capstone
depending on whether the worker had libcapstone installed.
Add PACKAGECONFIG for capstone with default off, since qemu does not
require capstone support.
Qemu version in dunfell has capstone in the source tree as a submodule
and has configure options to enable it using that source code or using
the system libcapstone.
Qemu versions in master and kirkstone have removed the capstone
submodule and configure options, but added libcapstone autodetection to
meson.
In all cases using PACKAGECONFIG will allow a deterministic build.
(From OE-Core rev: af25fff399fa623b4fd6efbca21e01ea6b4d1fd7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 052ef1f14d1e6a5ee34f742f65e51b20b416f79f)
Signed-off-by: Steve Sakoman <steve@sakoman.com
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the seccomp PACKAGECONFIG option to allow building seccomp features
in QEMU. The libseccomp library is available in additional layers (e.g.
meta-security).
Additionally this serves as a way to disable seccomp by default to avoid
the configure of QEMU automatically finding it (via pkg-config) on the
build host when building qemu-system-native and auto enabling the
feature.
(From OE-Core rev: 80d79ca651b03a3a7d65d25065af3fa5d85925b3)
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ruslan Babayev <fib@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The issues were investigated and found not to be an issue therefore
exclude from checks.
(From OE-Core rev: 05f39301ab19a968916163b2d8f65beda7c09852)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ee6ee9bd489c126b99d15c1011560df2f840a6e9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE applies to the built-in VNC server but we don't enable this by default.
(From OE-Core rev: f0e0787265d9d8bd01629f2b56a0eb57d950c037)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d62b9974a5f3a0f462434ce2763c28a4b4bbcfc6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
