From 25eb494eb9ccf9b04d925616d6c32a560ffe7cb4 Mon Sep 17 00:00:00 2001 From: Robby Workman Date: Fri, 17 Feb 2012 22:16:26 -0600 Subject: system/qemu-kvm: Rename binary to "qemu-kvm" and other changes * Default group is now "users" * Option to build for all targets is now gone; this is only for KVM-enabled stuff now * Include a patch for a CVE Signed-off-by: Robby Workman --- system/qemu-kvm/README | 46 +++---- system/qemu-kvm/fixup_udev_rules.patch | 6 - .../patches/deprecate-time-drift-fix.patch | 150 +++++++++++++++++++++ system/qemu-kvm/patches/fixup_udev_rules.patch | 6 + .../patches/qemu-kvm-1.0-CVE-2012-029.patch | 37 +++++ system/qemu-kvm/qemu-kvm.SlackBuild | 56 ++++---- 6 files changed, 242 insertions(+), 59 deletions(-) delete mode 100644 system/qemu-kvm/fixup_udev_rules.patch create mode 100644 system/qemu-kvm/patches/deprecate-time-drift-fix.patch create mode 100644 system/qemu-kvm/patches/fixup_udev_rules.patch create mode 100644 system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch (limited to 'system/qemu-kvm') diff --git a/system/qemu-kvm/README b/system/qemu-kvm/README index 4c9a99a3008b4..f2db915c53945 100644 --- a/system/qemu-kvm/README +++ b/system/qemu-kvm/README @@ -1,29 +1,23 @@ -KVM (Kernel-based Virtual Machine) is a full virtualization solution -for Linux on x86 hardware containing virtualization extensions -(Intel VT or AMD-V). KVM is divided into the KVM-KMOD package -(kernel modules) and the QEMU-KVM package (slightly modified QEMU) -which are both available as separate Slackbuilds. +qemu-kvm is a generic and open source virtualizer. qemu-kvm achieves +near native performances by leveraging the kvm-kmod modules and +executing the guest code directly on the host CPU. Slackware provides +pre-built 32/64 bit x86 kvm-kmod modules or you can build different +versions with the kvm-kmod package. -QEMU-KVM is a generic and open source virtualizer. QEMU-KVM achieves -near native performances by leveraging the KVM-KMOD modules and -executing the guest code directly on the host CPU. QEMU-KVM can -virtualize many system guest types (e.g. alpha, arm, i386, ppc, x86_64, -s390, sparc). Slackware provides pre-built KVM-KMOD modules or you -can build different versions with the KVM-KMOD SlackBuild. +While qemu-kvm can virtualize many system guest types (e.g. alpha, arm, +i386, ppc, x86_64, s390, sparc), not all these system guest types utilize +the kvm-kmod modules. For those system guest types that don't utilize +the kvm-kmod modules, it is recommended to use the qemu package instead +of this qemu-kvm package. -QEMU-KVM requires a system group and uses 'kvm' as the default. If you -want to use a different group like 'users' then run the script like this: -KVMGROUP=users sh qemu-kvm.SlackBuild +The qemu-kvm SlackBuild renames the primary binary from 'qemu-system- +x86_64' to 'qemu-kvm' so that the qemu SlackBuild won't overwrite it +if both packages are installed on the same host system. The qemu-kvm +SlackBuild patches the installed udev rules so that you no longer are +required to use the system group 'kvm' as the default. The 'users' +group is set as the default in this SlackBuild. If you want to use a +different group, then run the SlackBuild like this: + KVMGROUP=group sh qemu-kvm.SlackBuild -After package installation, make sure you have the KVMGROUP present on -your system and that all desired users are members of that group. -Don't forget to load the KVM-INTEL or KVM-AMD module depending on your -processor. - -The script builds only x86 and x86_64 Linux Target CPU emulators by default. -If you need to emulate all target CPUs, set BUILD_ARCH to "all" but be -aware that the compilation will take a lot longer, and you should really -be using plain "qemu" for the others (since they can't use the KVM stuff -anyway. The default "x86_64" value works fine for for 32-bit or 64-bit -QEMU-KVM hosts providing full system emulation supporting Linux, BSD, and -Windows guests. +Don't forget to load the 'kvm-intel' or 'kvm-amd' module (depending on +your processor) prior to running 'qemu-kvm'. diff --git a/system/qemu-kvm/fixup_udev_rules.patch b/system/qemu-kvm/fixup_udev_rules.patch deleted file mode 100644 index 0c5e7890248e6..0000000000000 --- a/system/qemu-kvm/fixup_udev_rules.patch +++ /dev/null @@ -1,6 +0,0 @@ -diff -Nur qemu-kvm-0.12.4.orig//kvm/scripts/65-kvm.rules qemu-kvm-0.12.4/kvm/scripts/65-kvm.rules ---- qemu-kvm-0.12.4.orig//kvm/scripts/65-kvm.rules 2010-05-09 06:05:19.000000000 -0500 -+++ qemu-kvm-0.12.4/kvm/scripts/65-kvm.rules 2010-06-17 18:05:29.158571682 -0500 -@@ -1 +1 @@ --KERNEL=="kvm", NAME="%k", GROUP="kvm", MODE="0660" -+KERNEL=="kvm", GROUP="@GROUP@", MODE="0660" diff --git a/system/qemu-kvm/patches/deprecate-time-drift-fix.patch b/system/qemu-kvm/patches/deprecate-time-drift-fix.patch new file mode 100644 index 0000000000000..56def2d391a1f --- /dev/null +++ b/system/qemu-kvm/patches/deprecate-time-drift-fix.patch @@ -0,0 +1,150 @@ +From d527b774878defc27f317cdde19b5c54fd0d5666 Mon Sep 17 00:00:00 2001 +From: Jan Kiszka +Date: Sun, 15 Jan 2012 12:06:12 +0100 +Subject: [PATCH] qemu-kvm: Deprecate time drift fix + +Remove this divergence from upstream. It is practically unused today as +the default mode is in-kernel irqchip. We keep the command line switch +for now, adding a warning that there is no effect anymore. + +The feature can be reintroduced to upstream once we have IRQ paths with +feedback support. + +Signed-off-by: Jan Kiszka +Signed-off-by: Marcelo Tosatti +--- + hw/i8254.c | 28 ++-------------------------- + hw/i8259.c | 17 ----------------- + qemu-options.hx | 4 ++-- + vl.c | 4 ++-- + 4 files changed, 6 insertions(+), 47 deletions(-) + +diff --git a/hw/i8254.c b/hw/i8254.c +index d73a5f2..50ecceb 100644 +--- a/hw/i8254.c ++++ b/hw/i8254.c +@@ -347,11 +347,6 @@ static uint32_t pit_ioport_read(void *opaque, uint32_t addr) + return ret; + } + +-/* global counters for time-drift fix */ +-int64_t timer_acks=0, timer_interrupts=0, timer_ints_to_push=0; +- +-extern int time_drift_fix; +- + static void pit_irq_timer_update(PITChannelState *s, int64_t current_time) + { + int64_t expire_time; +@@ -362,35 +357,16 @@ static void pit_irq_timer_update(PITChannelState *s, int64_t current_time) + expire_time = pit_get_next_transition_time(s, current_time); + irq_level = pit_get_out1(s, current_time); + qemu_set_irq(s->irq, irq_level); +- if (time_drift_fix && irq_level==1) { +- /* FIXME: fine tune timer_max_fix (max fix per tick). +- * Should it be 1 (double time), 2 , 4, 10 ? +- * Currently setting it to 5% of PIT-ticks-per-second (per PIT-tick) +- */ +- const long pit_ticks_per_sec = (s->count>0) ? (PIT_FREQ/s->count) : 0; +- const long timer_max_fix = pit_ticks_per_sec/20; +- const long delta = timer_interrupts - timer_acks; +- const long max_delta = pit_ticks_per_sec * 60; /* one minute */ +- if ((delta > max_delta) && (pit_ticks_per_sec > 0)) { +- printf("time drift is too long, %ld seconds were lost\n", delta/pit_ticks_per_sec); +- timer_acks = timer_interrupts; +- timer_ints_to_push = 0; +- } else if (delta > 0) { +- timer_ints_to_push = MIN(delta, timer_max_fix); +- } +- timer_interrupts++; +- } + #ifdef DEBUG_PIT + printf("irq_level=%d next_delay=%f\n", + irq_level, + (double)(expire_time - current_time) / get_ticks_per_sec()); + #endif + s->next_transition_time = expire_time; +- if (expire_time != -1) { ++ if (expire_time != -1) + qemu_mod_timer(s->irq_timer, expire_time); +- } else { ++ else + qemu_del_timer(s->irq_timer); +- } + } + + static void pit_irq_timer(void *opaque) +diff --git a/hw/i8259.c b/hw/i8259.c +index 7e17071..0632ea2 100644 +--- a/hw/i8259.c ++++ b/hw/i8259.c +@@ -210,9 +210,6 @@ static void pic_intack(PicState *s, int irq) + pic_update_irq(s); + } + +-extern int time_drift_fix; +-extern int64_t timer_acks, timer_ints_to_push; +- + int pic_read_irq(PicState *s) + { + int irq, irq2, intno; +@@ -232,20 +229,6 @@ int pic_read_irq(PicState *s) + intno = s->irq_base + irq; + } + pic_intack(s, irq); +- +- /* FIXME: limit to x86, or better, to platforms where irq0 is the +- * timer interrupts. */ +- +- if (time_drift_fix && s->master && irq == 0) { +- timer_acks++; +- if (timer_ints_to_push > 0) { +- timer_ints_to_push--; +- /* simulate an edge irq0, like the one generated by i8254 */ +- pic_set_irq(s, 0, 0); +- pic_set_irq(s, 0, 1); +- } +- } +- + } else { + /* spurious IRQ on host controller */ + irq = 7; +diff --git a/qemu-options.hx b/qemu-options.hx +index c645f87..d567ba3 100644 +--- a/qemu-options.hx ++++ b/qemu-options.hx +@@ -2633,8 +2633,8 @@ DEF("no-kvm-pit-reinjection", 0, QEMU_OPTION_no_kvm_pit_reinjection, + "-no-kvm-pit-reinjection\n" + " disable KVM kernel mode PIT interrupt reinjection\n", + QEMU_ARCH_I386) +-DEF("tdf", 0, QEMU_OPTION_tdf, +- "-tdf enable guest time drift compensation\n", QEMU_ARCH_ALL) ++HXCOMM -tdf is deprecated and ignored today ++DEF("tdf", 0, QEMU_OPTION_tdf, "", QEMU_ARCH_ALL) + DEF("kvm-shadow-memory", HAS_ARG, QEMU_OPTION_kvm_shadow_memory, + "-kvm-shadow-memory MEGABYTES\n" + " allocate MEGABYTES for kvm mmu shadowing\n", +diff --git a/vl.c b/vl.c +index c009eb8..1a77de1 100644 +--- a/vl.c ++++ b/vl.c +@@ -222,7 +222,6 @@ const char *watchdog; + QEMUOptionRom option_rom[MAX_OPTION_ROMS]; + int nb_option_roms; + int semihosting_enabled = 0; +-int time_drift_fix = 0; + unsigned int kvm_shadow_memory = 0; + int old_param = 0; + const char *qemu_name; +@@ -2955,7 +2954,8 @@ int main(int argc, char **argv, char **envp) + semihosting_enabled = 1; + break; + case QEMU_OPTION_tdf: +- time_drift_fix = 1; ++ fprintf(stderr, "Warning: user space PIT time drift fix " ++ "is no longer supported.\n"); + break; + case QEMU_OPTION_kvm_shadow_memory: + kvm_shadow_memory = (int64_t)atoi(optarg) * 1024 * 1024 / 4096; +-- +1.7.6.5 + diff --git a/system/qemu-kvm/patches/fixup_udev_rules.patch b/system/qemu-kvm/patches/fixup_udev_rules.patch new file mode 100644 index 0000000000000..98be6f0927ce4 --- /dev/null +++ b/system/qemu-kvm/patches/fixup_udev_rules.patch @@ -0,0 +1,6 @@ +diff -Nur qemu-kvm-0.12.4.orig/kvm/scripts/65-kvm.rules qemu-kvm-0.12.4/kvm/scripts/65-kvm.rules +--- qemu-kvm-0.12.4.orig/kvm/scripts/65-kvm.rules 2010-05-09 06:05:19.000000000 -0500 ++++ qemu-kvm-0.12.4/kvm/scripts/65-kvm.rules 2010-06-17 18:05:29.158571682 -0500 +@@ -1 +1 @@ +-KERNEL=="kvm", NAME="%k", GROUP="kvm", MODE="0660" ++KERNEL=="kvm", GROUP="@GROUP@", MODE="0660" diff --git a/system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch b/system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch new file mode 100644 index 0000000000000..bd2bdc7425df2 --- /dev/null +++ b/system/qemu-kvm/patches/qemu-kvm-1.0-CVE-2012-029.patch @@ -0,0 +1,37 @@ +From d0ed2d2e8e863a9a64c9fc9c08fa68bee546ad00 Mon Sep 17 00:00:00 2001 +From: Anthony Liguori +Date: Mon, 23 Jan 2012 07:30:43 -0600 +Subject: [PATCH 26/26] e1000: bounds packet size against buffer size + +Otherwise we can write beyond the buffer and corrupt memory. This is tracked +as CVE-2012-0029. + +Signed-off-by: Anthony Liguori +--- + hw/e1000.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/hw/e1000.c b/hw/e1000.c +index 986ed9c..e164d79 100644 +--- a/hw/e1000.c ++++ b/hw/e1000.c +@@ -466,6 +466,8 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) + bytes = split_size; + if (tp->size + bytes > msh) + bytes = msh - tp->size; ++ ++ bytes = MIN(sizeof(tp->data) - tp->size, bytes); + pci_dma_read(&s->dev, addr, tp->data + tp->size, bytes); + if ((sz = tp->size + bytes) >= hdr && tp->size < hdr) + memmove(tp->header, tp->data, hdr); +@@ -481,6 +483,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) + // context descriptor TSE is not set, while data descriptor TSE is set + DBGOUT(TXERR, "TCP segmentaion Error\n"); + } else { ++ split_size = MIN(sizeof(tp->data) - tp->size, split_size); + pci_dma_read(&s->dev, addr, tp->data + tp->size, split_size); + tp->size += split_size; + } +-- +1.7.7.6 + diff --git a/system/qemu-kvm/qemu-kvm.SlackBuild b/system/qemu-kvm/qemu-kvm.SlackBuild index 2858fe03e63ae..b271df276b4c0 100644 --- a/system/qemu-kvm/qemu-kvm.SlackBuild +++ b/system/qemu-kvm/qemu-kvm.SlackBuild @@ -26,7 +26,7 @@ VERSION=${VERSION:-1.0} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} -KVMGROUP=${KVMGROUP:-kvm} +KVMGROUP=${KVMGROUP:-users} if [ -z "$ARCH" ]; then case "$( uname -m )" in @@ -36,24 +36,6 @@ if [ -z "$ARCH" ]; then esac fi -# The script builds only x86 and x86_64 Linux Target CPU emulators by default. -# Available Linux Target CPUs for full system emulation are: -# i386 x86_64 arm cris m68k microblaze mips mipsel mips64 mips64el -# ppc ppcemb ppc64 sh4 sh4eb sparc sparc64 -# Available Linux Target CPUs for user mode emulation are: -# i386 x86_64 alpha arm armeb cris m68k microblaze mips mipsel -# ppc ppc64 ppc64abi32 sh4 sh4eb sparc sparc64 sparc32plus -# -# If you need to emulate all target CPUs, set BUILD_ARCH to "all" but be -# aware that the compilation will take a lot longer, and you should really -# be using plain "qemu" for the others (since they can't use the KVM stuff -# anyway. The default "x86_64" value works fine for for 32-bit or 64-bit -# QEMU-KVM hosts providing full system emulation supporting Linux, BSD, and -# Windows guests. - -BUILD_ARCH=${BUILD_ARCH:-x86_64} -[ "$BUILD_ARCH" = "all" ] && unset BUILD_ARCH - CWD=$(pwd) TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM @@ -70,7 +52,7 @@ elif [ "$ARCH" = "x86_64" ]; then LIBDIRSUFFIX="64" fi -# Needed to build man pages if build is ran from su +# Needed to build man pages if build with plain "su" export PATH=$PATH:/usr/share/texmf/bin set -e @@ -88,29 +70,49 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \; -# Fixup the udev rules file to remove the NAME="%k" and allow for a different -# group to be used (no real need to require a kvm group) -patch -p1 < $CWD/fixup_udev_rules.patch +# Fixup udev rules file to remove NAME="%k" and allow use of a different group +patch -p1 < $CWD/patches/fixup_udev_rules.patch + +# Fix build on recent kernels +patch -p1 < $CWD/patches/deprecate-time-drift-fix.patch -# This translates the possible targets into the correct format for configure -TARGETS="$(for i in $BUILD_ARCH ; do printf "$i-softmmu " ; done)" +# Fix CVE-2012-029 +patch -p1 < $CWD/patches/qemu-kvm-1.0-CVE-2012-029.patch + +# Disable debug (hardcoded) and remove double CFLAGS +sed -i "s|^CFLAGS=\"-g\ |CFLAGS=\"|" configure +sed -i "s|^LDFLAGS=\"-g\ |LDFLAGS=\"|" configure +sed -i "s|^\ \ CFLAGS=\"-O2\ | CFLAGS=\"|" configure + +# The script builds only the 32/64 bit x86 compatible Linux Target CPU emulator. +# If you need to emulate other available architectures you should install the +# "qemu" package, not the "qemu-kvm" package. This package will only be useful +# for x86 architectures that can make use of KVM-KMOD kernel modules which are +# the kvm-intel, kvm-amd, and kvm modules. CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --enable-mixemu \ - --audio-drv-list=oss,alsa,sdl,esd \ + --audio-drv-list=alsa,oss,sdl,esd \ --enable-system \ - --target-list="$TARGETS" + --target-list="x86_64-softmmu" make V=1 \ + OS_CFLAGS="$SLKCFLAGS" \ mandir=/usr/man \ docdir=/usr/doc/$PRGNAM-$VERSION make install \ mandir=/usr/man \ docdir=/usr/doc/$PRGNAM-$VERSION \ DESTDIR=$PKG + +# Rename the primary binary from "qemu-system-x86_64" to "qemu-kvm" so that the +# regular "qemu" package won't overwrite it. +mv $PKG/usr/bin/qemu-system-x86_64 $PKG/usr/bin/qemu-kvm + +# Copy a missed binary cp -a kvm/kvm_stat $PKG/usr/bin/ mkdir -p $PKG/lib/udev/rules.d/ -- cgit v1.2.3