aboutsummaryrefslogtreecommitdiff
path: root/system/qemu-kvm
diff options
context:
space:
mode:
Diffstat (limited to 'system/qemu-kvm')
-rw-r--r--system/qemu-kvm/README46
-rw-r--r--system/qemu-kvm/patches/deprecate-time-drift-fix.patch150
-rw-r--r--system/qemu-kvm/patches/fixup_udev_rules.patch (renamed from system/qemu-kvm/fixup_udev_rules.patch)4
-rw-r--r--system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch37
-rw-r--r--system/qemu-kvm/qemu-kvm.SlackBuild56
5 files changed, 238 insertions, 55 deletions
diff --git a/system/qemu-kvm/README b/system/qemu-kvm/README
index 4c9a99a3008b4..f2db915c53945 100644
--- a/system/qemu-kvm/README
+++ b/system/qemu-kvm/README
@@ -1,29 +1,23 @@
-KVM (Kernel-based Virtual Machine) is a full virtualization solution
-for Linux on x86 hardware containing virtualization extensions
-(Intel VT or AMD-V). KVM is divided into the KVM-KMOD package
-(kernel modules) and the QEMU-KVM package (slightly modified QEMU)
-which are both available as separate Slackbuilds.
+qemu-kvm is a generic and open source virtualizer. qemu-kvm achieves
+near native performances by leveraging the kvm-kmod modules and
+executing the guest code directly on the host CPU. Slackware provides
+pre-built 32/64 bit x86 kvm-kmod modules or you can build different
+versions with the kvm-kmod package.
-QEMU-KVM is a generic and open source virtualizer. QEMU-KVM achieves
-near native performances by leveraging the KVM-KMOD modules and
-executing the guest code directly on the host CPU. QEMU-KVM can
-virtualize many system guest types (e.g. alpha, arm, i386, ppc, x86_64,
-s390, sparc). Slackware provides pre-built KVM-KMOD modules or you
-can build different versions with the KVM-KMOD SlackBuild.
+While qemu-kvm can virtualize many system guest types (e.g. alpha, arm,
+i386, ppc, x86_64, s390, sparc), not all these system guest types utilize
+the kvm-kmod modules. For those system guest types that don't utilize
+the kvm-kmod modules, it is recommended to use the qemu package instead
+of this qemu-kvm package.
-QEMU-KVM requires a system group and uses 'kvm' as the default. If you
-want to use a different group like 'users' then run the script like this:
-KVMGROUP=users sh qemu-kvm.SlackBuild
+The qemu-kvm SlackBuild renames the primary binary from 'qemu-system-
+x86_64' to 'qemu-kvm' so that the qemu SlackBuild won't overwrite it
+if both packages are installed on the same host system. The qemu-kvm
+SlackBuild patches the installed udev rules so that you no longer are
+required to use the system group 'kvm' as the default. The 'users'
+group is set as the default in this SlackBuild. If you want to use a
+different group, then run the SlackBuild like this:
+ KVMGROUP=group sh qemu-kvm.SlackBuild
-After package installation, make sure you have the KVMGROUP present on
-your system and that all desired users are members of that group.
-Don't forget to load the KVM-INTEL or KVM-AMD module depending on your
-processor.
-
-The script builds only x86 and x86_64 Linux Target CPU emulators by default.
-If you need to emulate all target CPUs, set BUILD_ARCH to "all" but be
-aware that the compilation will take a lot longer, and you should really
-be using plain "qemu" for the others (since they can't use the KVM stuff
-anyway. The default "x86_64" value works fine for for 32-bit or 64-bit
-QEMU-KVM hosts providing full system emulation supporting Linux, BSD, and
-Windows guests.
+Don't forget to load the 'kvm-intel' or 'kvm-amd' module (depending on
+your processor) prior to running 'qemu-kvm'.
diff --git a/system/qemu-kvm/patches/deprecate-time-drift-fix.patch b/system/qemu-kvm/patches/deprecate-time-drift-fix.patch
new file mode 100644
index 0000000000000..56def2d391a1f
--- /dev/null
+++ b/system/qemu-kvm/patches/deprecate-time-drift-fix.patch
@@ -0,0 +1,150 @@
+From d527b774878defc27f317cdde19b5c54fd0d5666 Mon Sep 17 00:00:00 2001
+From: Jan Kiszka <jan.kiszka@siemens.com>
+Date: Sun, 15 Jan 2012 12:06:12 +0100
+Subject: [PATCH] qemu-kvm: Deprecate time drift fix
+
+Remove this divergence from upstream. It is practically unused today as
+the default mode is in-kernel irqchip. We keep the command line switch
+for now, adding a warning that there is no effect anymore.
+
+The feature can be reintroduced to upstream once we have IRQ paths with
+feedback support.
+
+Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+---
+ hw/i8254.c | 28 ++--------------------------
+ hw/i8259.c | 17 -----------------
+ qemu-options.hx | 4 ++--
+ vl.c | 4 ++--
+ 4 files changed, 6 insertions(+), 47 deletions(-)
+
+diff --git a/hw/i8254.c b/hw/i8254.c
+index d73a5f2..50ecceb 100644
+--- a/hw/i8254.c
++++ b/hw/i8254.c
+@@ -347,11 +347,6 @@ static uint32_t pit_ioport_read(void *opaque, uint32_t addr)
+ return ret;
+ }
+
+-/* global counters for time-drift fix */
+-int64_t timer_acks=0, timer_interrupts=0, timer_ints_to_push=0;
+-
+-extern int time_drift_fix;
+-
+ static void pit_irq_timer_update(PITChannelState *s, int64_t current_time)
+ {
+ int64_t expire_time;
+@@ -362,35 +357,16 @@ static void pit_irq_timer_update(PITChannelState *s, int64_t current_time)
+ expire_time = pit_get_next_transition_time(s, current_time);
+ irq_level = pit_get_out1(s, current_time);
+ qemu_set_irq(s->irq, irq_level);
+- if (time_drift_fix && irq_level==1) {
+- /* FIXME: fine tune timer_max_fix (max fix per tick).
+- * Should it be 1 (double time), 2 , 4, 10 ?
+- * Currently setting it to 5% of PIT-ticks-per-second (per PIT-tick)
+- */
+- const long pit_ticks_per_sec = (s->count>0) ? (PIT_FREQ/s->count) : 0;
+- const long timer_max_fix = pit_ticks_per_sec/20;
+- const long delta = timer_interrupts - timer_acks;
+- const long max_delta = pit_ticks_per_sec * 60; /* one minute */
+- if ((delta > max_delta) && (pit_ticks_per_sec > 0)) {
+- printf("time drift is too long, %ld seconds were lost\n", delta/pit_ticks_per_sec);
+- timer_acks = timer_interrupts;
+- timer_ints_to_push = 0;
+- } else if (delta > 0) {
+- timer_ints_to_push = MIN(delta, timer_max_fix);
+- }
+- timer_interrupts++;
+- }
+ #ifdef DEBUG_PIT
+ printf("irq_level=%d next_delay=%f\n",
+ irq_level,
+ (double)(expire_time - current_time) / get_ticks_per_sec());
+ #endif
+ s->next_transition_time = expire_time;
+- if (expire_time != -1) {
++ if (expire_time != -1)
+ qemu_mod_timer(s->irq_timer, expire_time);
+- } else {
++ else
+ qemu_del_timer(s->irq_timer);
+- }
+ }
+
+ static void pit_irq_timer(void *opaque)
+diff --git a/hw/i8259.c b/hw/i8259.c
+index 7e17071..0632ea2 100644
+--- a/hw/i8259.c
++++ b/hw/i8259.c
+@@ -210,9 +210,6 @@ static void pic_intack(PicState *s, int irq)
+ pic_update_irq(s);
+ }
+
+-extern int time_drift_fix;
+-extern int64_t timer_acks, timer_ints_to_push;
+-
+ int pic_read_irq(PicState *s)
+ {
+ int irq, irq2, intno;
+@@ -232,20 +229,6 @@ int pic_read_irq(PicState *s)
+ intno = s->irq_base + irq;
+ }
+ pic_intack(s, irq);
+-
+- /* FIXME: limit to x86, or better, to platforms where irq0 is the
+- * timer interrupts. */
+-
+- if (time_drift_fix && s->master && irq == 0) {
+- timer_acks++;
+- if (timer_ints_to_push > 0) {
+- timer_ints_to_push--;
+- /* simulate an edge irq0, like the one generated by i8254 */
+- pic_set_irq(s, 0, 0);
+- pic_set_irq(s, 0, 1);
+- }
+- }
+-
+ } else {
+ /* spurious IRQ on host controller */
+ irq = 7;
+diff --git a/qemu-options.hx b/qemu-options.hx
+index c645f87..d567ba3 100644
+--- a/qemu-options.hx
++++ b/qemu-options.hx
+@@ -2633,8 +2633,8 @@ DEF("no-kvm-pit-reinjection", 0, QEMU_OPTION_no_kvm_pit_reinjection,
+ "-no-kvm-pit-reinjection\n"
+ " disable KVM kernel mode PIT interrupt reinjection\n",
+ QEMU_ARCH_I386)
+-DEF("tdf", 0, QEMU_OPTION_tdf,
+- "-tdf enable guest time drift compensation\n", QEMU_ARCH_ALL)
++HXCOMM -tdf is deprecated and ignored today
++DEF("tdf", 0, QEMU_OPTION_tdf, "", QEMU_ARCH_ALL)
+ DEF("kvm-shadow-memory", HAS_ARG, QEMU_OPTION_kvm_shadow_memory,
+ "-kvm-shadow-memory MEGABYTES\n"
+ " allocate MEGABYTES for kvm mmu shadowing\n",
+diff --git a/vl.c b/vl.c
+index c009eb8..1a77de1 100644
+--- a/vl.c
++++ b/vl.c
+@@ -222,7 +222,6 @@ const char *watchdog;
+ QEMUOptionRom option_rom[MAX_OPTION_ROMS];
+ int nb_option_roms;
+ int semihosting_enabled = 0;
+-int time_drift_fix = 0;
+ unsigned int kvm_shadow_memory = 0;
+ int old_param = 0;
+ const char *qemu_name;
+@@ -2955,7 +2954,8 @@ int main(int argc, char **argv, char **envp)
+ semihosting_enabled = 1;
+ break;
+ case QEMU_OPTION_tdf:
+- time_drift_fix = 1;
++ fprintf(stderr, "Warning: user space PIT time drift fix "
++ "is no longer supported.\n");
+ break;
+ case QEMU_OPTION_kvm_shadow_memory:
+ kvm_shadow_memory = (int64_t)atoi(optarg) * 1024 * 1024 / 4096;
+--
+1.7.6.5
+
diff --git a/system/qemu-kvm/fixup_udev_rules.patch b/system/qemu-kvm/patches/fixup_udev_rules.patch
index 0c5e7890248e6..98be6f0927ce4 100644
--- a/system/qemu-kvm/fixup_udev_rules.patch
+++ b/system/qemu-kvm/patches/fixup_udev_rules.patch
@@ -1,5 +1,5 @@
-diff -Nur qemu-kvm-0.12.4.orig//kvm/scripts/65-kvm.rules qemu-kvm-0.12.4/kvm/scripts/65-kvm.rules
---- qemu-kvm-0.12.4.orig//kvm/scripts/65-kvm.rules 2010-05-09 06:05:19.000000000 -0500
+diff -Nur qemu-kvm-0.12.4.orig/kvm/scripts/65-kvm.rules qemu-kvm-0.12.4/kvm/scripts/65-kvm.rules
+--- qemu-kvm-0.12.4.orig/kvm/scripts/65-kvm.rules 2010-05-09 06:05:19.000000000 -0500
+++ qemu-kvm-0.12.4/kvm/scripts/65-kvm.rules 2010-06-17 18:05:29.158571682 -0500
@@ -1 +1 @@
-KERNEL=="kvm", NAME="%k", GROUP="kvm", MODE="0660"
diff --git a/system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch b/system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch
new file mode 100644
index 0000000000000..bd2bdc7425df2
--- /dev/null
+++ b/system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch
@@ -0,0 +1,37 @@
+From d0ed2d2e8e863a9a64c9fc9c08fa68bee546ad00 Mon Sep 17 00:00:00 2001
+From: Anthony Liguori <aliguori@us.ibm.com>
+Date: Mon, 23 Jan 2012 07:30:43 -0600
+Subject: [PATCH 26/26] e1000: bounds packet size against buffer size
+
+Otherwise we can write beyond the buffer and corrupt memory. This is tracked
+as CVE-2012-0029.
+
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+---
+ hw/e1000.c | 3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/hw/e1000.c b/hw/e1000.c
+index 986ed9c..e164d79 100644
+--- a/hw/e1000.c
++++ b/hw/e1000.c
+@@ -466,6 +466,8 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
+ bytes = split_size;
+ if (tp->size + bytes > msh)
+ bytes = msh - tp->size;
++
++ bytes = MIN(sizeof(tp->data) - tp->size, bytes);
+ pci_dma_read(&s->dev, addr, tp->data + tp->size, bytes);
+ if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
+ memmove(tp->header, tp->data, hdr);
+@@ -481,6 +483,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
+ // context descriptor TSE is not set, while data descriptor TSE is set
+ DBGOUT(TXERR, "TCP segmentaion Error\n");
+ } else {
++ split_size = MIN(sizeof(tp->data) - tp->size, split_size);
+ pci_dma_read(&s->dev, addr, tp->data + tp->size, split_size);
+ tp->size += split_size;
+ }
+--
+1.7.7.6
+
diff --git a/system/qemu-kvm/qemu-kvm.SlackBuild b/system/qemu-kvm/qemu-kvm.SlackBuild
index 2858fe03e63ae..b271df276b4c0 100644
--- a/system/qemu-kvm/qemu-kvm.SlackBuild
+++ b/system/qemu-kvm/qemu-kvm.SlackBuild
@@ -26,7 +26,7 @@ VERSION=${VERSION:-1.0}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
-KVMGROUP=${KVMGROUP:-kvm}
+KVMGROUP=${KVMGROUP:-users}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
@@ -36,24 +36,6 @@ if [ -z "$ARCH" ]; then
esac
fi
-# The script builds only x86 and x86_64 Linux Target CPU emulators by default.
-# Available Linux Target CPUs for full system emulation are:
-# i386 x86_64 arm cris m68k microblaze mips mipsel mips64 mips64el
-# ppc ppcemb ppc64 sh4 sh4eb sparc sparc64
-# Available Linux Target CPUs for user mode emulation are:
-# i386 x86_64 alpha arm armeb cris m68k microblaze mips mipsel
-# ppc ppc64 ppc64abi32 sh4 sh4eb sparc sparc64 sparc32plus
-#
-# If you need to emulate all target CPUs, set BUILD_ARCH to "all" but be
-# aware that the compilation will take a lot longer, and you should really
-# be using plain "qemu" for the others (since they can't use the KVM stuff
-# anyway. The default "x86_64" value works fine for for 32-bit or 64-bit
-# QEMU-KVM hosts providing full system emulation supporting Linux, BSD, and
-# Windows guests.
-
-BUILD_ARCH=${BUILD_ARCH:-x86_64}
-[ "$BUILD_ARCH" = "all" ] && unset BUILD_ARCH
-
CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
@@ -70,7 +52,7 @@ elif [ "$ARCH" = "x86_64" ]; then
LIBDIRSUFFIX="64"
fi
-# Needed to build man pages if build is ran from su
+# Needed to build man pages if build with plain "su"
export PATH=$PATH:/usr/share/texmf/bin
set -e
@@ -88,29 +70,49 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
-# Fixup the udev rules file to remove the NAME="%k" and allow for a different
-# group to be used (no real need to require a kvm group)
-patch -p1 < $CWD/fixup_udev_rules.patch
+# Fixup udev rules file to remove NAME="%k" and allow use of a different group
+patch -p1 < $CWD/patches/fixup_udev_rules.patch
+
+# Fix build on recent kernels
+patch -p1 < $CWD/patches/deprecate-time-drift-fix.patch
-# This translates the possible targets into the correct format for configure
-TARGETS="$(for i in $BUILD_ARCH ; do printf "$i-softmmu " ; done)"
+# Fix CVE-2012-029
+patch -p1 < $CWD/patches/qemu-kvm-1.0-CVE-2012-029.patch
+
+# Disable debug (hardcoded) and remove double CFLAGS
+sed -i "s|^CFLAGS=\"-g\ |CFLAGS=\"|" configure
+sed -i "s|^LDFLAGS=\"-g\ |LDFLAGS=\"|" configure
+sed -i "s|^\ \ CFLAGS=\"-O2\ | CFLAGS=\"|" configure
+
+# The script builds only the 32/64 bit x86 compatible Linux Target CPU emulator.
+# If you need to emulate other available architectures you should install the
+# "qemu" package, not the "qemu-kvm" package. This package will only be useful
+# for x86 architectures that can make use of KVM-KMOD kernel modules which are
+# the kvm-intel, kvm-amd, and kvm modules.
CFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--enable-mixemu \
- --audio-drv-list=oss,alsa,sdl,esd \
+ --audio-drv-list=alsa,oss,sdl,esd \
--enable-system \
- --target-list="$TARGETS"
+ --target-list="x86_64-softmmu"
make V=1 \
+ OS_CFLAGS="$SLKCFLAGS" \
mandir=/usr/man \
docdir=/usr/doc/$PRGNAM-$VERSION
make install \
mandir=/usr/man \
docdir=/usr/doc/$PRGNAM-$VERSION \
DESTDIR=$PKG
+
+# Rename the primary binary from "qemu-system-x86_64" to "qemu-kvm" so that the
+# regular "qemu" package won't overwrite it.
+mv $PKG/usr/bin/qemu-system-x86_64 $PKG/usr/bin/qemu-kvm
+
+# Copy a missed binary
cp -a kvm/kvm_stat $PKG/usr/bin/
mkdir -p $PKG/lib/udev/rules.d/