!242 Automatically generate code patches with openeuler !88

From: @kuhnchen18 Reviewed-by: @zhanghailiang_lucky,@zhanghailiang_lucky Signed-off-by: @zhanghailiang_lucky,@zhanghailiang_lucky
2021-04-25 15:12:15 +08:00 · 2021-04-25 15:12:15 +08:00 · 289abf1b2b
commit 289abf1b2b
parent a70f4c6edc 6f1aa31d5f
9 changed files with 406 additions and 1 deletions
--- a/hw-pci-host-add-pci-intack-write-method.patch
+++ b/hw-pci-host-add-pci-intack-write-method.patch
@ -0,0 +1,50 @@
+From 80214941ed6ce24983d8f161a7c9532678acc6f1 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 25 Mar 2021 17:03:57 +0800
+Subject: [PATCH] hw/pci-host: add pci-intack write method
+
+fix CVE-2020-15469
+
+Add pci-intack mmio write method to avoid NULL pointer dereference
+issue.
+
+Reported-by: Lei Sun <slei.casper@gmail.com>
+Reviewed-by: Li Qiang <liq3ea@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+
+Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
+---
+ hw/pci-host/prep.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/pci-host/prep.c b/hw/pci-host/prep.c
+index c564f234af..f03c81f651 100644
+--- a/hw/pci-host/prep.c
+++ b/hw/pci-host/prep.c
+@@ -26,6 +26,7 @@
+ #include "qemu/osdep.h"
+ #include "qemu-common.h"
+ #include "qemu/units.h"
+#include "qemu/log.h"
+ #include "qapi/error.h"
+ #include "hw/hw.h"
+ #include "hw/pci/pci.h"
+@@ -117,8 +118,15 @@ static uint64_t raven_intack_read(void *opaque, hwaddr addr,
+     return pic_read_irq(isa_pic);
+ }
+ 
+static void raven_intack_write(void *opaque, hwaddr addr,
+                                        uint64_t data, unsigned size)
+{
+    qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+}
+
+ static const MemoryRegionOps raven_intack_ops = {
+     .read = raven_intack_read,
+    .write = raven_intack_write,
+     .valid = {
+         .max_access_size = 1,
+     },
+-- 
+2.27.0
+
--- a/imx7-ccm-add-digprog-mmio-write-method.patch
+++ b/imx7-ccm-add-digprog-mmio-write-method.patch
@ -0,0 +1,41 @@
+From 5979338f8fb4562f7af32c58b7e7542d7396954e Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 25 Mar 2021 17:29:28 +0800
+Subject: [PATCH] imx7-ccm: add digprog mmio write method
+
+fix CVE-2020-15469
+
+Add digprog mmio write method to avoid assert failure during
+initialisation.
+
+Reviewed-by: Li Qiang <liq3ea@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+
+Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
+---
+ hw/misc/imx7_ccm.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/misc/imx7_ccm.c b/hw/misc/imx7_ccm.c
+index d9bdcf1027..831311a7c8 100644
+--- a/hw/misc/imx7_ccm.c
+++ b/hw/misc/imx7_ccm.c
+@@ -130,8 +130,15 @@ static const struct MemoryRegionOps imx7_set_clr_tog_ops = {
+     },
+ };
+ 
+static void imx7_digprog_write(void *opaque, hwaddr addr,
+                                        uint64_t data, unsigned size)
+{
+    qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+}
+
+ static const struct MemoryRegionOps imx7_digprog_ops = {
+     .read = imx7_set_clr_tog_read,
+    .write = imx7_digprog_write,
+     .endianness = DEVICE_NATIVE_ENDIAN,
+     .impl = {
+         .min_access_size = 4,
+-- 
+2.27.0
+
--- a/nvram-add-nrf51_soc-flash-read-method.patch
+++ b/nvram-add-nrf51_soc-flash-read-method.patch
@ -0,0 +1,44 @@
+From 6f88633406e546eb6a01786b910a2ab12373abf8 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 25 Mar 2021 17:19:15 +0800
+Subject: [PATCH] nvram: add nrf51_soc flash read method
+
+fix CVE-2020-15469
+
+Add nrf51_soc mmio read method to avoid NULL pointer dereference
+issue.
+
+Reported-by: Lei Sun <slei.casper@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+
+Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
+---
+ hw/nvram/nrf51_nvm.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/hw/nvram/nrf51_nvm.c b/hw/nvram/nrf51_nvm.c
+index eca0cb35b5..7b2b1351f4 100644
+--- a/hw/nvram/nrf51_nvm.c
+++ b/hw/nvram/nrf51_nvm.c
+@@ -271,6 +271,10 @@ static const MemoryRegionOps io_ops = {
+         .endianness = DEVICE_LITTLE_ENDIAN,
+ };
+ 
+static uint64_t flash_read(void *opaque, hwaddr offset, unsigned size)
+{
+    g_assert_not_reached();
+}
+ 
+ static void flash_write(void *opaque, hwaddr offset, uint64_t value,
+         unsigned int size)
+@@ -298,6 +302,7 @@ static void flash_write(void *opaque, hwaddr offset, uint64_t value,
+ 
+ 
+ static const MemoryRegionOps flash_ops = {
+    .read = flash_read,
+     .write = flash_write,
+     .valid.min_access_size = 4,
+     .valid.max_access_size = 4,
+-- 
+2.27.0
+
--- a/pci-host-add-pcie-msi-read-method.patch
+++ b/pci-host-add-pcie-msi-read-method.patch
@ -0,0 +1,56 @@
+From dd86dc83fcccc0d1773bd93c509e3a03e7ef9b38 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 25 Mar 2021 17:08:24 +0800
+Subject: [PATCH] pci-host: add pcie-msi read method
+
+fix CVE-2020-15469
+
+Add pcie-msi mmio read method to avoid NULL pointer dereference
+issue.
+
+Reported-by: Lei Sun <slei.casper@gmail.com>
+Reviewed-by: Li Qiang <liq3ea@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+
+Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
+---
+ hw/pci-host/designware.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/hw/pci-host/designware.c b/hw/pci-host/designware.c
+index 9ae8c0deb7..23e3de3cad 100644
+--- a/hw/pci-host/designware.c
+++ b/hw/pci-host/designware.c
+@@ -21,6 +21,7 @@
+ #include "qemu/osdep.h"
+ #include "qapi/error.h"
+ #include "qemu/module.h"
+#include "qemu/log.h"
+ #include "hw/pci/msi.h"
+ #include "hw/pci/pci_bridge.h"
+ #include "hw/pci/pci_host.h"
+@@ -60,6 +61,13 @@ designware_pcie_root_to_host(DesignwarePCIERoot *root)
+     return DESIGNWARE_PCIE_HOST(bus->parent);
+ }
+ 
+static uint64_t designware_pcie_root_msi_read(void *opaque, hwaddr addr,
+                                              unsigned size)
+{
+    qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+    return 0;
+}
+
+ static void designware_pcie_root_msi_write(void *opaque, hwaddr addr,
+                                            uint64_t val, unsigned len)
+ {
+@@ -74,6 +82,7 @@ static void designware_pcie_root_msi_write(void *opaque, hwaddr addr,
+ }
+ 
+ static const MemoryRegionOps designware_pci_host_msi_ops = {
+    .read = designware_pcie_root_msi_read,
+     .write = designware_pcie_root_msi_write,
+     .endianness = DEVICE_LITTLE_ENDIAN,
+     .valid = {
+-- 
+2.27.0
+
--- a/prep-add-ppc-parity-write-method.patch
+++ b/prep-add-ppc-parity-write-method.patch
@ -0,0 +1,50 @@
+From f4eed258b1b8b434927fbc9a18bbcb52d3f55ce6 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 25 Mar 2021 17:16:14 +0800
+Subject: [PATCH] prep: add ppc-parity write method
+
+fix CVE-2020-15469
+
+Add ppc-parity mmio write method to avoid NULL pointer dereference
+issue.
+
+Reported-by: Lei Sun <slei.casper@gmail.com>
+Acked-by: David Gibson <david@gibson.dropbear.id.au>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+
+Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
+---
+ hw/ppc/prep_systemio.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/ppc/prep_systemio.c b/hw/ppc/prep_systemio.c
+index df7603b986..67244ed48c 100644
+--- a/hw/ppc/prep_systemio.c
+++ b/hw/ppc/prep_systemio.c
+@@ -23,6 +23,7 @@
+  */
+ 
+ #include "qemu/osdep.h"
+#include "qemu/log.h"
+ #include "hw/isa/isa.h"
+ #include "exec/address-spaces.h"
+ #include "qemu/error-report.h" /* for error_report() */
+@@ -232,8 +233,15 @@ static uint64_t ppc_parity_error_readl(void *opaque, hwaddr addr,
+     return val;
+ }
+ 
+static void ppc_parity_error_writel(void *opaque, hwaddr addr,
+                                    uint64_t data, unsigned size)
+{
+    qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid write access\n", __func__);
+}
+
+ static const MemoryRegionOps ppc_parity_error_ops = {
+     .read = ppc_parity_error_readl,
+    .write = ppc_parity_error_writel,
+     .valid = {
+         .min_access_size = 4,
+         .max_access_size = 4,
+-- 
+2.27.0
+
--- a/qemu.spec
+++ b/qemu.spec
@ -1,6 +1,6 @@
 Name: qemu
 Version: 4.1.0
-Release: 53
+Release: 54
 Epoch: 2
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@ -316,6 +316,14 @@ Patch0303: migration-tls-fix-inverted-semantics-in-multifd_chan.patch
 Patch0304: migration-tls-add-error-handling-in-multifd_tls_hand.patch
 Patch0305: net-vmxnet3-validate-configuration-values-during-act.patch
 Patch0306: block-Add-sanity-check-when-setting-retry-parameters.patch
+Patch0307: hw-pci-host-add-pci-intack-write-method.patch
+Patch0308: pci-host-add-pcie-msi-read-method.patch
+Patch0309: vfio-add-quirk-device-write-method.patch
+Patch0310: prep-add-ppc-parity-write-method.patch
+Patch0311: nvram-add-nrf51_soc-flash-read-method.patch
+Patch0312: spapr_pci-add-spapr-msi-read-method.patch
+Patch0313: tz-ppc-add-dummy-read-write-methods.patch
+Patch0314: imx7-ccm-add-digprog-mmio-write-method.patch

 BuildRequires: flex
 BuildRequires: bison
@ -705,6 +713,16 @@ getent passwd qemu >/dev/null || \
 %endif

 %changelog
+* Fri Mar 26 2021 Chen Qun <kuhn.chenqun@huawei.com>
+- hw/pci-host: add pci-intack write method
+- pci-host: add pcie-msi read method
+- vfio: add quirk device write method
+- prep: add ppc-parity write method
+- nvram: add nrf51_soc flash read method
+- spapr_pci: add spapr msi read method
+- tz-ppc: add dummy read/write methods
+- imx7-ccm: add digprog mmio write method
+
 * Thu Mar 18 2021 Chen Qun <kuhn.chenqun@huawei.com>
 - block: Add sanity check when setting retry parameters

--- a/spapr_pci-add-spapr-msi-read-method.patch
+++ b/spapr_pci-add-spapr-msi-read-method.patch
@ -0,0 +1,61 @@
+From cbbcd56e090a59d0eaa4e35ed0efb24d6dd1003e Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 25 Mar 2021 17:23:24 +0800
+Subject: [PATCH] spapr_pci: add spapr msi read method
+
+fix CVE-2020-15469
+
+Add spapr msi mmio read method to avoid NULL pointer dereference
+issue.
+
+Reported-by: Lei Sun <slei.casper@gmail.com>
+Acked-by: David Gibson <david@gibson.dropbear.id.au>
+Reviewed-by: Li Qiang <liq3ea@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+
+Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
+---
+ hw/ppc/spapr_pci.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
+index 9003fe9010..1571e049ab 100644
+--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
+@@ -50,6 +50,7 @@
+ #include "sysemu/kvm.h"
+ #include "sysemu/hostmem.h"
+ #include "sysemu/numa.h"
+#include "qemu/log.h"
+ 
+ /* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */
+ #define RTAS_QUERY_FN           0
+@@ -743,6 +744,12 @@ static PCIINTxRoute spapr_route_intx_pin_to_irq(void *opaque, int pin)
+     return route;
+ }
+ 
+static uint64_t spapr_msi_read(void *opaque, hwaddr addr, unsigned size)
+{
+    qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+    return 0;
+}
+
+ /*
+  * MSI/MSIX memory region implementation.
+  * The handler handles both MSI and MSIX.
+@@ -760,8 +767,10 @@ static void spapr_msi_write(void *opaque, hwaddr addr,
+ }
+ 
+ static const MemoryRegionOps spapr_msi_ops = {
+-    /* There is no .read as the read result is undefined by PCI spec */
+-    .read = NULL,
+    /* .read result is undefined by PCI spec
+     * define .read method to avoid assert failure in memory_region_init_io
+     */
+    .read = spapr_msi_read,
+     .write = spapr_msi_write,
+     .endianness = DEVICE_LITTLE_ENDIAN
+ };
+-- 
+2.27.0
+
--- a/tz-ppc-add-dummy-read-write-methods.patch
+++ b/tz-ppc-add-dummy-read-write-methods.patch
@ -0,0 +1,45 @@
+From 52d1c1a258aef2b8ace50bb202ee7338ed0060f0 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 25 Mar 2021 17:27:07 +0800
+Subject: [PATCH] tz-ppc: add dummy read/write methods
+
+fix CVE-2020-15469
+
+Add tz-ppc-dummy mmio read/write methods to avoid assert failure
+during initialisation.
+
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+
+Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
+---
+ hw/misc/tz-ppc.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/hw/misc/tz-ppc.c b/hw/misc/tz-ppc.c
+index 2a14a26f29..5b7b883866 100644
+--- a/hw/misc/tz-ppc.c
+++ b/hw/misc/tz-ppc.c
+@@ -193,7 +193,20 @@ static bool tz_ppc_dummy_accepts(void *opaque, hwaddr addr,
+     g_assert_not_reached();
+ }
+ 
+static uint64_t tz_ppc_dummy_read(void *opaque, hwaddr addr, unsigned size)
+{
+    g_assert_not_reached();
+}
+
+static void tz_ppc_dummy_write(void *opaque, hwaddr addr,
+                                        uint64_t data, unsigned size)
+{
+    g_assert_not_reached();
+}
+
+ static const MemoryRegionOps tz_ppc_dummy_ops = {
+    .read = tz_ppc_dummy_read,
+    .write = tz_ppc_dummy_write,
+     .valid.accepts = tz_ppc_dummy_accepts,
+ };
+ 
+-- 
+2.27.0
+
--- a/vfio-add-quirk-device-write-method.patch
+++ b/vfio-add-quirk-device-write-method.patch
@ -0,0 +1,40 @@
+From 95ee5273e25ed606aa86f8a154c06887efc20494 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 25 Mar 2021 17:12:57 +0800
+Subject: [PATCH] vfio: add quirk device write method
+
+---
+ hw/vfio/pci-quirks.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
+index b35a640030..9ce790bdd2 100644
+--- a/hw/vfio/pci-quirks.c
+++ b/hw/vfio/pci-quirks.c
+@@ -12,6 +12,7 @@
+ 
+ #include "qemu/osdep.h"
+ #include "qemu/units.h"
+#include "qemu/log.h"
+ #include "qemu/error-report.h"
+ #include "qemu/main-loop.h"
+ #include "qemu/module.h"
+@@ -275,8 +276,15 @@ static uint64_t vfio_ati_3c3_quirk_read(void *opaque,
+     return data;
+ }
+ 
+static void vfio_ati_3c3_quirk_write(void *opaque, hwaddr addr,
+                                        uint64_t data, unsigned size)
+{
+    qemu_log_mask(LOG_GUEST_ERROR, "%s not implemented\n", __func__);
+}
+
+ static const MemoryRegionOps vfio_ati_3c3_quirk = {
+     .read = vfio_ati_3c3_quirk_read,
+    .write = vfio_ati_3c3_quirk_write,
+     .endianness = DEVICE_LITTLE_ENDIAN,
+ };
+ 
+-- 
+2.27.0
+