!411 Automatically generate code patches with openeuler !208 !213 !211

Merge pull request !411 from KuhnChen/master
2022-01-18 08:41:57 +00:00 · 2022-01-18 08:41:57 +00:00 · cff59dc576
commit cff59dc576
parent 774b9773fa ff7588196f
5 changed files with 195 additions and 1 deletions
--- a/add-Phytium-s-CPU-models-FT-2000-and-Tengyun-S2500.patch
+++ b/add-Phytium-s-CPU-models-FT-2000-and-Tengyun-S2500.patch
@ -0,0 +1,73 @@
+From ea7a395de920cfecd9bf99f0cf55914d47718edf Mon Sep 17 00:00:00 2001
+From: Jiadong Zeng <zengjiadong@phytium.com.cn>
+Date: Thu, 11 Nov 2021 14:25:38 +0800
+Subject: [PATCH] add Phytium's CPU models: FT-2000+ and Tengyun-S2500.
+
+Signed-off-by: Jiadong Zeng <zengjiadong@phytium.com.cn>
+---
+ hw/arm/virt.c      |  2 ++
+ target/arm/cpu64.c | 28 ++++++++++++++++++++++++++++
+ 2 files changed, 30 insertions(+)
+
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index 7506d0ff32..0e46260116 100644
+--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
+@@ -195,6 +195,8 @@ static const char *valid_cpus[] = {
+     ARM_CPU_TYPE_NAME("cortex-a57"),
+     ARM_CPU_TYPE_NAME("cortex-a72"),
+     ARM_CPU_TYPE_NAME("Kunpeng-920"),
+    ARM_CPU_TYPE_NAME("FT-2000+"),
+    ARM_CPU_TYPE_NAME("Tengyun-S2500"),
+     ARM_CPU_TYPE_NAME("host"),
+     ARM_CPU_TYPE_NAME("max"),
+ };
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index a1649f8844..4cf5b89db0 100644
+--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
+@@ -327,6 +327,32 @@ static void cpu_max_set_sve_vq(Object *obj, Visitor *v, const char *name,
+     error_propagate(errp, err);
+ }
+ 
+static void aarch64_max_ft2000plus_initfn(Object *obj)
+{
+    ARMCPU *cpu = ARM_CPU(obj);
+
+    if (kvm_enabled()) {
+        kvm_arm_set_cpu_features_from_host(cpu);
+        kvm_arm_add_vcpu_properties(obj);
+    } else {
+        aarch64_a72_initfn(obj);
+        cpu->midr = 0x70186622;
+    }
+}
+
+static void aarch64_max_tengyun_s2500_initfn(Object *obj)
+{
+    ARMCPU *cpu = ARM_CPU(obj);
+
+    if (kvm_enabled()) {
+        kvm_arm_set_cpu_features_from_host(cpu);
+        kvm_arm_add_vcpu_properties(obj);
+    } else {
+        aarch64_a72_initfn(obj);
+        cpu->midr = 0x70186632;
+    }
+}
+
+ /* -cpu max: if KVM is enabled, like -cpu host (best possible with this host);
+  * otherwise, a CPU with as many features enabled as our emulation supports.
+  * The version of '-cpu max' for qemu-system-arm is defined in cpu.c;
+@@ -442,6 +468,8 @@ static const ARMCPUInfo aarch64_cpus[] = {
+     { .name = "cortex-a53",         .initfn = aarch64_a53_initfn },
+     { .name = "cortex-a72",         .initfn = aarch64_a72_initfn },
+     { .name = "Kunpeng-920",        .initfn = aarch64_kunpeng_920_initfn },
+    { .name = "FT-2000+",           .initfn = aarch64_max_ft2000plus_initfn },
+    { .name = "Tengyun-S2500",      .initfn = aarch64_max_tengyun_s2500_initfn },
+     { .name = "max",                .initfn = aarch64_max_initfn },
+     { .name = NULL }
+ };
+-- 
+2.27.0
+
--- a/fix-cve-2020-35504.patch
+++ b/fix-cve-2020-35504.patch
@ -0,0 +1,30 @@
+From dc8416b55d69e70912acd2364494a490b02e3198 Mon Sep 17 00:00:00 2001
+From: imxcc <xingchaochao@huawei.com>
+Date: Mon, 21 Jun 2021 17:15:39 +0800
+Subject: [PATCH] fix cve-2020-35504
+
+esp: always check current_req is not NULL before use in DMA callbacks
+
+Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
+Signed-off-by: imxcc <xingchaochao@huawei.com>
+---
+ hw/scsi/esp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
+index 7508d035ca..d1f13b350e 100644
+--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
+@@ -253,6 +253,9 @@ static void esp_do_dma(ESPState *s)
+         s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
+         return;
+     }
+    if (!s->current_req) {
+        return;
+    }
+     if (s->async_len == 0) {
+         /* Defer until data is available.  */
+         return;
+-- 
+2.27.0
+
--- a/fix-cve-2020-35505.patch
+++ b/fix-cve-2020-35505.patch
@ -0,0 +1,46 @@
+From a1c9b6747da5f3d2815a0c186473dc76d9e4f682 Mon Sep 17 00:00:00 2001
+From: imxcc <xingchaochao@huawei.com>
+Date: Mon, 21 Jun 2021 17:20:55 +0800
+Subject: [PATCH] fix cve-2020-35505
+
+esp: ensure cmdfifo is not empty and current_dev is non-NULL
+
+Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
+Signed-off-by: imxcc <xingchaochao@huawei.com>
+---
+ hw/scsi/esp.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
+index d1f13b350e..db6bed4f00 100644
+--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
+@@ -79,6 +79,7 @@ void esp_request_cancelled(SCSIRequest *req)
+         scsi_req_unref(s->current_req);
+         s->current_req = NULL;
+         s->current_dev = NULL;
+        s->async_len = 0;
+     }
+ }
+ 
+@@ -113,7 +114,6 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
+     if (s->current_req) {
+         /* Started a new command before the old one finished.  Cancel it.  */
+         scsi_req_cancel(s->current_req);
+-        s->async_len = 0;
+     }
+ 
+     s->current_dev = scsi_device_find(&s->bus, 0, target, 0);
+@@ -136,6 +136,9 @@ static void do_busid_cmd(ESPState *s, uint8_t *buf, uint8_t busid)
+ 
+     trace_esp_do_busid_cmd(busid);
+     lun = busid & 7;
+    if (!s->current_dev) {
+        return;
+    }
+     current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, lun);
+     s->current_req = scsi_req_new(current_lun, 0, lun, buf, s);
+     datalen = scsi_req_enqueue(s->current_req);
+-- 
+2.27.0
+
--- a/qemu.spec
+++ b/qemu.spec
@ -1,6 +1,6 @@
 Name: qemu
 Version: 4.1.0
-Release: 84
+Release: 85
 Epoch: 2
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@ -566,6 +566,10 @@ Patch0553: bootp-check-bootp_input-buffer-size.patch
 Patch0554: upd6-check-udp6_input-buffer-size.patch
 Patch0555: tftp-check-tftp_input-buffer-size.patch
 Patch0556: tftp-introduce-a-header-structure.patch
+Patch0557: fix-cve-2020-35504.patch
+Patch0558: fix-cve-2020-35505.patch
+Patch0559: virtio-balloon-apply-upstream-patch.patch
+Patch0560: add-Phytium-s-CPU-models-FT-2000-and-Tengyun-S2500.patch

 BuildRequires: flex
 BuildRequires: gcc
@ -970,6 +974,16 @@ getent passwd qemu >/dev/null || \
 %endif

 %changelog
+* Tue Dec 21 2021 Chen Qun <kuhn.chenqun@huawei.com>
+- add Phytium's CPU models: FT-2000+ and Tengyun-S2500.
+
+* Tue Dec 21 2021 Chen Qun <kuhn.chenqun@huawei.com>
+- virtio-balloon: apply upstream patch.
+
+* Tue Dec 21 2021 Chen Qun <kuhn.chenqun@huawei.com>
+- fix cve-2020-35504
+- fix cve-2020-35505
+
 * Tue Oct 26 2021 imxcc <xingchaochao@huawei.com>
 - fix cve-2021-3592 cve-2021-3593 cve-2021-3595

--- a/virtio-balloon-apply-upstream-patch.patch
+++ b/virtio-balloon-apply-upstream-patch.patch
@ -0,0 +1,31 @@
+From 0d86ceed3cef76334c39d879dd8b532ca258eb65 Mon Sep 17 00:00:00 2001
+From: Ming Yang <yangming73@huawei.com>
+Date: Tue, 16 Nov 2021 17:21:09 +0800
+Subject: [PATCH] virtio-balloon: apply upstream patch.
+
+Signed-off-by: Ming Yang <yangming73@huawei.com>
+---
+ hw/virtio/virtio-balloon.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
+index 25de154307..17fa767483 100644
+--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
+@@ -830,6 +830,13 @@ static void virtio_balloon_device_unrealize(DeviceState *dev, Error **errp)
+     }
+     balloon_stats_destroy_timer(s);
+     qemu_remove_balloon_handler(s);
+    
+    virtio_del_queue(vdev, 0);
+    virtio_del_queue(vdev, 1);
+    virtio_del_queue(vdev, 2);
+    if (s->free_page_vq) {
+        virtio_del_queue(vdev, 3);
+    }
+     virtio_cleanup(vdev);
+ }
+ 
+-- 
+2.27.0
+