From e8fb42f3a54e8b8d68ae216a48534fa745ea99f1 Mon Sep 17 00:00:00 2001
From: Martin Jansa <martin.jansa@gmail.com>
Date: Fri, 1 Jun 2018 10:29:38 +0000
Subject: qemu: refresh patches with devtool and make them applicable with git
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
...te-a64-treat-DISAS_UPDATE-as-variant-of-D.patch | 67 ------
...sdl.c-allow-user-to-disable-pointer-grabs.patch | 70 ++++++
...002-qemu-Add-missing-wacom-HID-descriptor.patch | 138 ++++++++++++
...age-ptest-which-runs-all-unit-test-cases-.patch | 32 +++
...dition-environment-space-to-boot-loader-q.patch | 32 +++
.../qemu/qemu/0005-qemu-disable-Valgrind.patch | 33 +++
...paths-searched-during-user-mode-emulation.patch | 145 ++++++++++++
...-set-ld.bfd-fix-cflags-and-set-some-envir.patch | 25 +++
...ardev-connect-socket-to-a-spawned-command.patch | 239 ++++++++++++++++++++
.../qemu/0009-apic-fixup-fallthrough-to-PIC.patch | 43 ++++
...-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch | 32 +++
.../qemu/qemu/0011-memfd-fix-configure-test.patch | 54 +++++
...te-a64-treat-DISAS_UPDATE-as-variant-of-D.patch | 64 ++++++
...ck-PS2Queue-pointers-in-post_load-routine.patch | 60 +++++
...14-fix-libcap-header-issue-on-some-distro.patch | 85 ++++++++
...error-messages-when-qemi_cpu_kick_thread-.patch | 73 +++++++
.../qemu/qemu/add-ptest-in-makefile-v10.patch | 28 ---
.../qemu/qemu/apic-fixup-fallthrough-to-PIC.patch | 43 ----
...ardev-connect-socket-to-a-spawned-command.patch | 242 ---------------------
...ck-PS2Queue-pointers-in-post_load-routine.patch | 63 ------
.../cpus.c-qemu_cpu_kick_thread_debugging.patch | 76 -------
.../recipes-devtools/qemu/qemu/disable-grabs.patch | 69 ------
.../fix-libcap-header-issue-on-some-distro.patch | 84 -------
...-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch | 35 ---
meta/recipes-devtools/qemu/qemu/memfd.patch | 57 -----
meta/recipes-devtools/qemu/qemu/no-valgrind.patch | 19 --
meta/recipes-devtools/qemu/qemu/pathlimit.patch | 137 ------------
.../qemu/qemu/qemu-2.5.0-cflags.patch | 15 --
.../qemu/qemu/qemu-enlarge-env-entry-size.patch | 31 ---
meta/recipes-devtools/qemu/qemu/wacom.patch | 130 -----------
meta/recipes-devtools/qemu/qemu_2.11.1.bb | 31 ++-
31 files changed, 1140 insertions(+), 1112 deletions(-)
delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile-v10.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/disable-grabs.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/memfd.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/no-valgrind.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/pathlimit.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/qemu-2.5.0-cflags.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/wacom.patch
diff --git a/meta/recipes-devtools/qemu/qemu/0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch b/meta/recipes-devtools/qemu/qemu/0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
deleted file mode 100644
index f90cae694c..0000000000
--- a/meta/recipes-devtools/qemu/qemu/0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From a75a52d62418dafe462be4fe30485501d1010bb9 Mon Sep 17 00:00:00 2001
-From: Victor Kamensky <kamensky@cisco.com>
-Date: Fri, 23 Mar 2018 18:26:45 +0000
-Subject: [PATCH] arm/translate-a64: treat DISAS_UPDATE as variant of
- DISAS_EXIT
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In OE project 4.15 linux kernel boot hang was observed under
-single cpu aarch64 qemu. Kernel code was in a loop waiting for
-vtimer arrival, spinning in TC generated blocks, while interrupt
-was pending unprocessed. This happened because when qemu tried to
-handle vtimer interrupt target had interrupts disabled, as
-result flag indicating TCG exit, cpu->icount_decr.u16.high,
-was cleared but arm_cpu_exec_interrupt function did not call
-arm_cpu_do_interrupt to process interrupt. Later when target
-reenabled interrupts, it happened without exit into main loop, so
-following code that waited for result of interrupt execution
-run in infinite loop.
-
-To solve the problem instructions that operate on CPU sys state
-(i.e enable/disable interrupt), and marked as DISAS_UPDATE,
-should be considered as DISAS_EXIT variant, and should be
-forced to exit back to main loop so qemu will have a chance
-processing pending CPU state updates, including pending
-interrupts.
-
-This change brings consistency with how DISAS_UPDATE is treated
-in aarch32 case.
-
-CC: Peter Maydell <peter.maydell@linaro.org>
-CC: Alex Bennée <alex.bennee@linaro.org>
-CC: qemu-stable@nongnu.org
-Suggested-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Victor Kamensky <kamensky@cisco.com>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 1521526368-1996-1-git-send-email-kamensky@cisco.com
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Upstream-Status: Backport
----
- target/arm/translate-a64.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
-index 31ff047..327513e 100644
---- a/target/arm/translate-a64.c
-+++ b/target/arm/translate-a64.c
-@@ -13378,12 +13378,12 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
- case DISAS_UPDATE:
- gen_a64_set_pc_im(dc->pc);
- /* fall through */
-- case DISAS_JUMP:
-- tcg_gen_lookup_and_goto_ptr();
-- break;
- case DISAS_EXIT:
- tcg_gen_exit_tb(0);
- break;
-+ case DISAS_JUMP:
-+ tcg_gen_lookup_and_goto_ptr();
-+ break;
- case DISAS_NORETURN:
- case DISAS_SWI:
- break;
---
-2.7.4
-
diff --git a/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch b/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
new file mode 100644
index 0000000000..add5d8b02f
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0001-sdl.c-allow-user-to-disable-pointer-grabs.patch
@@ -0,0 +1,70 @@
+From 273e1af49d3e0a58bb9464369deb2652f243e649 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Wed, 18 Sep 2013 14:04:54 +0100
+Subject: [PATCH] sdl.c: allow user to disable pointer grabs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When the pointer enters the Qemu window it calls SDL_WM_GrabInput, which calls
+XGrabPointer in a busyloop until it returns GrabSuccess. However if there's already
+a pointer grab (screen is locked, a menu is open) then qemu will hang until the
+grab can be taken. In the specific case of a headless X server on an autobuilder, once
+the screensaver has kicked in any qemu instance that appears underneath the
+pointer will hang.
+
+I'm not entirely sure why pointer grabs are required (the documentation
+explicitly says it doesn't do grabs when using a tablet, which we are) so wrap
+them in a conditional that can be set by the autobuilder environment, preserving
+the current grabbing behaviour for everyone else.
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Signed-off-by: Eric Bénard <eric@eukrea.com>
+---
+ ui/sdl.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/ui/sdl.c b/ui/sdl.c
+index 7b71a9a..29ce1b9 100644
+--- a/ui/sdl.c
++++ b/ui/sdl.c
+@@ -63,6 +63,10 @@ static SDL_PixelFormat host_format;
+ static int scaling_active = 0;
+ static Notifier mouse_mode_notifier;
+ static int idle_counter;
++#ifndef True
++#define True 1
++#endif
++static doing_grabs = True;
+
+ #define SDL_REFRESH_INTERVAL_BUSY 10
+ #define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \
+@@ -431,14 +435,16 @@ static void sdl_grab_start(void)
+ }
+ } else
+ sdl_hide_cursor();
+- SDL_WM_GrabInput(SDL_GRAB_ON);
++ if (doing_grabs)
++ SDL_WM_GrabInput(SDL_GRAB_ON);
+ gui_grab = 1;
+ sdl_update_caption();
+ }
+
+ static void sdl_grab_end(void)
+ {
+- SDL_WM_GrabInput(SDL_GRAB_OFF);
++ if (doing_grabs)
++ SDL_WM_GrabInput(SDL_GRAB_OFF);
+ gui_grab = 0;
+ sdl_show_cursor();
+ sdl_update_caption();
+@@ -986,6 +992,8 @@ void sdl_display_init(DisplayState *ds, int full_screen, int no_frame)
+ * This requires SDL >= 1.2.14. */
+ setenv("SDL_DISABLE_LOCK_KEYS", "1", 1);
+
++ doing_grabs = (getenv("QEMU_DONT_GRAB") == NULL);
++
+ flags = SDL_INIT_VIDEO | SDL_INIT_NOPARACHUTE;
+ if (SDL_Init (flags)) {
+ fprintf(stderr, "Could not initialize SDL(%s) - exiting\n",
diff --git a/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
new file mode 100644
index 0000000000..281803ecb5
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0002-qemu-Add-missing-wacom-HID-descriptor.patch
@@ -0,0 +1,138 @@
+From a42726e017605ed3ca2b3fc2b1cc8d01ccf34730 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Thu, 27 Nov 2014 14:04:29 +0000
+Subject: [PATCH] qemu: Add missing wacom HID descriptor
+
+The USB wacom device is missing a HID descriptor which causes it
+to fail to operate with recent kernels (e.g. 3.17).
+
+This patch adds a HID desriptor to the device, based upon one from
+real wcom device.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted
+2014/11/27
+---
+ hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 93 insertions(+), 1 deletion(-)
+
+diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c
+index bf70013..2f6e129 100644
+--- a/hw/usb/dev-wacom.c
++++ b/hw/usb/dev-wacom.c
+@@ -72,6 +72,89 @@ static const USBDescStrings desc_strings = {
+ [STR_SERIALNUMBER] = "1",
+ };
+
++static const uint8_t qemu_tablet_hid_report_descriptor[] = {
++ 0x05, 0x01, /* Usage Page (Generic Desktop) */
++ 0x09, 0x02, /* Usage (Mouse) */
++ 0xa1, 0x01, /* Collection (Application) */
++ 0x85, 0x01, /* Report ID (1) */
++ 0x09, 0x01, /* Usage (Pointer) */
++ 0xa1, 0x00, /* Collection (Physical) */
++ 0x05, 0x09, /* Usage Page (Button) */
++ 0x19, 0x01, /* Usage Minimum (1) */
++ 0x29, 0x05, /* Usage Maximum (5) */
++ 0x15, 0x00, /* Logical Minimum (0) */
++ 0x25, 0x01, /* Logical Maximum (1) */
++ 0x95, 0x05, /* Report Count (5) */
++ 0x75, 0x01, /* Report Size (1) */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0x95, 0x01, /* Report Count (1) */
++ 0x75, 0x03, /* Report Size (3) */
++ 0x81, 0x01, /* Input (Constant) */
++ 0x05, 0x01, /* Usage Page (Generic Desktop) */
++ 0x09, 0x30, /* Usage (X) */
++ 0x09, 0x31, /* Usage (Y) */
++ 0x15, 0x81, /* Logical Minimum (-127) */
++ 0x25, 0x7f, /* Logical Maximum (127) */
++ 0x75, 0x08, /* Report Size (8) */
++ 0x95, 0x02, /* Report Count (2) */
++ 0x81, 0x06, /* Input (Data, Variable, Relative) */
++ 0xc0, /* End Collection */
++ 0xc0, /* End Collection */
++ 0x05, 0x0d, /* Usage Page (Digitizer) */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0xa1, 0x01, /* Collection (Application) */
++ 0x85, 0x02, /* Report ID (2) */
++ 0xa1, 0x00, /* Collection (Physical) */
++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0x15, 0x00, /* Logical Minimum (0) */
++ 0x26, 0xff, 0x00, /* Logical Maximum (255) */
++ 0x75, 0x08, /* Report Size (8) */
++ 0x95, 0x08, /* Report Count (8) */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0xc0, /* End Collection */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0x85, 0x02, /* Report ID (2) */
++ 0x95, 0x01, /* Report Count (1) */
++ 0xb1, 0x02, /* FEATURE (2) */
++ 0xc0, /* End Collection */
++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0xa1, 0x01, /* Collection (Application) */
++ 0x85, 0x02, /* Report ID (2) */
++ 0x05, 0x0d, /* Usage Page (Digitizer) */
++ 0x09, 0x22, /* Usage (Finger) */
++ 0xa1, 0x00, /* Collection (Physical) */
++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0x15, 0x00, /* Logical Minimum (0) */
++ 0x26, 0xff, 0x00, /* Logical Maximum */
++ 0x75, 0x08, /* Report Size (8) */
++ 0x95, 0x02, /* Report Count (2) */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0x05, 0x01, /* Usage Page (Generic Desktop) */
++ 0x09, 0x30, /* Usage (X) */
++ 0x35, 0x00, /* Physical Minimum */
++ 0x46, 0xe0, 0x2e, /* Physical Maximum */
++ 0x26, 0xe0, 0x01, /* Logical Maximum */
++ 0x75, 0x10, /* Report Size (16) */
++ 0x95, 0x01, /* Report Count (1) */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0x09, 0x31, /* Usage (Y) */
++ 0x46, 0x40, 0x1f, /* Physical Maximum */
++ 0x26, 0x40, 0x01, /* Logical Maximum */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0x26, 0xff, 0x00, /* Logical Maximum */
++ 0x75, 0x08, /* Report Size (8) */
++ 0x95, 0x0d, /* Report Count (13) */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0xc0, /* End Collection */
++ 0xc0, /* End Collection */
++};
++
++
+ static const USBDescIface desc_iface_wacom = {
+ .bInterfaceNumber = 0,
+ .bNumEndpoints = 1,
+@@ -89,7 +172,7 @@ static const USBDescIface desc_iface_wacom = {
+ 0x00, /* u8 country_code */
+ 0x01, /* u8 num_descriptors */
+ 0x22, /* u8 type: Report */
+- 0x6e, 0, /* u16 len */
++ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */
+ },
+ },
+ },
+@@ -269,6 +352,15 @@ static void usb_wacom_handle_control(USBDevice *dev, USBPacket *p,
+ }
+
+ switch (request) {
++ case InterfaceRequest | USB_REQ_GET_DESCRIPTOR:
++ switch (value >> 8) {
++ case 0x22:
++ memcpy(data, qemu_tablet_hid_report_descriptor,
++ sizeof(qemu_tablet_hid_report_descriptor));
++ p->actual_length = sizeof(qemu_tablet_hid_report_descriptor);
++ break;
++ }
++ break;
+ case WACOM_SET_REPORT:
+ if (s->mouse_grabbed) {
+ qemu_remove_mouse_event_handler(s->eh_entry);
diff --git a/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
new file mode 100644
index 0000000000..dc073000c9
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
@@ -0,0 +1,32 @@
+From fda1eee8bc717528d57f6ff454f72c5325043c31 Mon Sep 17 00:00:00 2001
+From: Juro Bystricky <juro.bystricky@intel.com>
+Date: Thu, 31 Aug 2017 11:06:56 -0700
+Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
+ qemu.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+---
+ tests/Makefile.include | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/tests/Makefile.include b/tests/Makefile.include
+index c002352..f557c26 100644
+--- a/tests/Makefile.include
++++ b/tests/Makefile.include
+@@ -935,4 +935,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
+ -include $(wildcard tests/*.d)
+ -include $(wildcard tests/libqos/*.d)
+
++buildtest-TESTS: $(check-unit-y)
++
++runtest-TESTS:
++ for f in $(check-unit-y); do \
++ nf=$$(echo $$f | sed 's/tests\//\.\//g'); \
++ $$nf; \
++ done
++
+ endif
diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
new file mode 100644
index 0000000000..4f28e1676b
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -0,0 +1,32 @@
+From ad70fdcaf75084da2e02474c61d1d441ca100ab2 Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Fri, 28 Mar 2014 17:42:43 +0800
+Subject: [PATCH] qemu: Add addition environment space to boot loader
+ qemu-system-mips
+
+Upstream-Status: Inappropriate - OE uses deep paths
+
+If you create a project with very long directory names like 128 characters
+deep and use NFS, the kernel arguments will be truncated. The kernel will
+accept longer strings such as 1024 bytes, but the qemu boot loader defaulted
+to only 256 bytes. This patch expands the limit.
+
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ hw/mips/mips_malta.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
+index ec6af4a..6e76166 100644
+--- a/hw/mips/mips_malta.c
++++ b/hw/mips/mips_malta.c
+@@ -61,7 +61,7 @@
+
+ #define ENVP_ADDR 0x80002000l
+ #define ENVP_NB_ENTRIES 16
+-#define ENVP_ENTRY_SIZE 256
++#define ENVP_ENTRY_SIZE 1024
+
+ /* Hardware addresses */
+ #define FLASH_ADDRESS 0x1e000000ULL
diff --git a/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
new file mode 100644
index 0000000000..b9e01834ef
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-disable-Valgrind.patch
@@ -0,0 +1,33 @@
+From e85ee3cc9988172662d6969af01f23fa8ffd5262 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 20 Oct 2015 22:19:08 +0100
+Subject: [PATCH] qemu: disable Valgrind
+
+There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+---
+ configure | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/configure b/configure
+index 0c6e757..c30fd45 100755
+--- a/configure
++++ b/configure
+@@ -4741,15 +4741,6 @@ fi
+ # check if we have valgrind/valgrind.h
+
+ valgrind_h=no
+-cat > $TMPC << EOF
+-#include <valgrind/valgrind.h>
+-int main(void) {
+- return 0;
+-}
+-EOF
+-if compile_prog "" "" ; then
+- valgrind_h=yes
+-fi
+
+ ########################################
+ # check if environ is declared
diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
new file mode 100644
index 0000000000..9315f8561a
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch
@@ -0,0 +1,145 @@
+From c79c48a79710d0e2ef68062435596ac455cd9f71 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Wed, 9 Mar 2016 22:49:02 +0000
+Subject: [PATCH] qemu: Limit paths searched during user mode emulation
+
+By default qemu builds a complete list of directories within the user
+emulation sysroot (-L option). The OE sysroot directory is large and
+this is confusing, for example it indexes all pkgdata. In particular this
+confuses strace of qemu binaries with tons of irrelevant paths.
+
+This patch stops the code indexing up front and instead only indexes
+things if/as/when it needs to. This drastically reduces the files it
+reads and reduces memory usage and cleans up strace.
+
+It would also avoid the infinite directory traversal bug in [YOCTO #6996]
+although the code could still be vulnerable if it parsed those specific
+paths.
+
+RP
+2016/3/9
+Upstream-Status: Pending
+---
+ util/path.c | 44 ++++++++++++++++++++++----------------------
+ 1 file changed, 22 insertions(+), 22 deletions(-)
+
+diff --git a/util/path.c b/util/path.c
+index 7f9fc27..a416cd4 100644
+--- a/util/path.c
++++ b/util/path.c
+@@ -15,6 +15,7 @@ struct pathelem
+ char *name;
+ /* Full path name, eg. /usr/gnemul/x86-linux/lib. */
+ char *pathname;
++ int populated_entries;
+ struct pathelem *parent;
+ /* Children */
+ unsigned int num_entries;
+@@ -45,6 +46,7 @@ static struct pathelem *new_entry(const char *root,
+ new->name = g_strdup(name);
+ new->pathname = g_strdup_printf("%s/%s", root, name);
+ new->num_entries = 0;
++ new->populated_entries = 0;
+ return new;
+ }
+
+@@ -53,15 +55,16 @@ static struct pathelem *new_entry(const char *root,
+ /* Not all systems provide this feature */
+ #if defined(DT_DIR) && defined(DT_UNKNOWN) && defined(DT_LNK)
+ # define dirent_type(dirent) ((dirent)->d_type)
+-# define is_dir_maybe(type) \
+- ((type) == DT_DIR || (type) == DT_UNKNOWN || (type) == DT_LNK)
++# define is_not_dir(type) \
++ ((type) != DT_DIR && (type) != DT_UNKNOWN && (type) != DT_LNK)
+ #else
+ # define dirent_type(dirent) (1)
+-# define is_dir_maybe(type) (type)
++# define is_not_dir(type) (0)
+ #endif
+
+ static struct pathelem *add_dir_maybe(struct pathelem *path)
+ {
++ unsigned int i;
+ DIR *dir;
+
+ if ((dir = opendir(path->pathname)) != NULL) {
+@@ -74,6 +77,11 @@ static struct pathelem *add_dir_maybe(struct pathelem *path)
+ }
+ closedir(dir);
+ }
++
++ for (i = 0; i < path->num_entries; i++)
++ (path->entries[i])->parent = path;
++
++ path->populated_entries = 1;
+ return path;
+ }
+
+@@ -89,26 +97,16 @@ static struct pathelem *add_entry(struct pathelem *root, const char *name,
+ e = &root->entries[root->num_entries-1];
+
+ *e = new_entry(root->pathname, root, name);
+- if (is_dir_maybe(type)) {
+- *e = add_dir_maybe(*e);
++ if (is_not_dir(type)) {
++ (*e)->populated_entries = 1;
+ }
+
+ return root;
+ }
+
+-/* This needs to be done after tree is stabilized (ie. no more reallocs!). */
+-static void set_parents(struct pathelem *child, struct pathelem *parent)
+-{
+- unsigned int i;
+-
+- child->parent = parent;
+- for (i = 0; i < child->num_entries; i++)
+- set_parents(child->entries[i], child);
+-}
+-
+ /* FIXME: Doesn't handle DIR/.. where DIR is not in emulated dir. */
+ static const char *
+-follow_path(const struct pathelem *cursor, const char *name)
++follow_path(struct pathelem *cursor, struct pathelem **source, const char *name)
+ {
+ unsigned int i, namelen;
+
+@@ -119,14 +117,18 @@ follow_path(const struct pathelem *cursor, const char *name)
+ return cursor->pathname;
+
+ if (strneq(name, namelen, ".."))
+- return follow_path(cursor->parent, name + namelen);
++ return follow_path(cursor->parent, &cursor->parent, name + namelen);
+
+ if (strneq(name, namelen, "."))
+- return follow_path(cursor, name + namelen);
++ return follow_path(cursor, source, name + namelen);
++
++ if (!cursor->populated_entries)
++ *source = add_dir_maybe(cursor);
++ cursor = *source;
+
+ for (i = 0; i < cursor->num_entries; i++)
+ if (strneq(name, namelen, cursor->entries[i]->name))
+- return follow_path(cursor->entries[i], name + namelen);
++ return follow_path(cursor->entries[i], &cursor->entries[i], name + namelen);
+
+ /* Not found */
+ return NULL;
+@@ -160,8 +162,6 @@ void init_paths(const char *prefix)
+ g_free(base->name);
+ g_free(base);
+ base = NULL;
+- } else {
+- set_parents(base, base);
+ }
+ }
+
+@@ -173,5 +173,5 @@ const char *path(const char *name)
+ if (!base || !name || name[0] != '/')
+ return name;
+
+- return follow_path(base, name) ?: name;
++ return follow_path(base, &base, name) ?: name;
+ }
diff --git a/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
new file mode 100644
index 0000000000..ad52f37d9b
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
@@ -0,0 +1,25 @@
+From 4b21a8db60c32f93df56e6111bb926c91680d6f2 Mon Sep 17 00:00:00 2001
+From: Stephen Arnold <sarnold@vctlabs.com>
+Date: Sun, 12 Jun 2016 18:09:56 -0700
+Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
+
+Upstream-Status: Pending
+---
+ configure | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/configure b/configure
+index c30fd45..b5312f4 100755
+--- a/configure
++++ b/configure
+@@ -5115,10 +5115,6 @@ fi
+ if test "$gcov" = "yes" ; then
+ CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
+ LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
+-elif test "$fortify_source" = "yes" ; then
+- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
+-elif test "$debug" = "no"; then
+- CFLAGS="-O2 $CFLAGS"
+ fi
+
+ ##########################################
diff --git a/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
new file mode 100644
index 0000000000..f0c0fa19b4
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0008-chardev-connect-socket-to-a-spawned-command.patch
@@ -0,0 +1,239 @@
+From 55c9510311b7481a0c8f3f71b3ce130cc25563f9 Mon Sep 17 00:00:00 2001
+From: Alistair Francis <alistair.francis@xilinx.com>
+Date: Thu, 21 Dec 2017 11:35:16 -0800
+Subject: [PATCH] chardev: connect socket to a spawned command
+
+The command is started in a shell (sh -c) with stdin connect to QEMU
+via a Unix domain stream socket. QEMU then exchanges data via its own
+end of the socket, just like it normally does.
+
+"-chardev socket" supports some ways of connecting via protocols like
+telnet, but that is only a subset of the functionality supported by
+tools socat. To use socat instead, for example to connect via a socks
+proxy, use:
+
+ -chardev 'socket,id=socat,cmd=exec socat FD:0 SOCKS4A:socks-proxy.localdomain:example.com:9999,,socksuser=nobody' \
+ -device usb-serial,chardev=socat
+
+Beware that commas in the command must be escaped as double commas.
+
+Or interactively in the console:
+ (qemu) chardev-add socket,id=cat,cmd=cat
+ (qemu) device_add usb-serial,chardev=cat
+ ^ac
+ # cat >/dev/ttyUSB0
+ hello
+ hello
+
+Another usage is starting swtpm from inside QEMU. swtpm will
+automatically shut down once it looses the connection to the parent
+QEMU, so there is no risk of lingering processes:
+
+ -chardev 'socket,id=chrtpm0,cmd=exec swtpm socket --terminate --ctrl type=unixio,,clientfd=0 --tpmstate dir=... --log file=swtpm.log' \
+ -tpmdev emulator,id=tpm0,chardev=chrtpm0 \
+ -device tpm-tis,tpmdev=tpm0
+
+The patch was discussed upstream, but QEMU developers believe that the
+code calling QEMU should be responsible for managing additional
+processes. In OE-core, that would imply enhancing runqemu and
+oeqa. This patch is a simpler solution.
+
+Because it is not going upstream, the patch was written so that it is
+as simple as possible.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
+---
+ chardev/char-socket.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ chardev/char.c | 3 ++
+ qapi/char.json | 5 +++
+ 3 files changed, 107 insertions(+)
+
+diff --git a/chardev/char-socket.c b/chardev/char-socket.c
+index 53eda8e..6c63555 100644
+--- a/chardev/char-socket.c
++++ b/chardev/char-socket.c
+@@ -852,6 +852,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
+ return false;
+ }
+
++#ifndef _WIN32
++static void chardev_open_socket_cmd(Chardev *chr,
++ const char *cmd,
++ Error **errp)
++{
++ int fds[2] = { -1, -1 };
++ QIOChannelSocket *sioc = NULL;
++ pid_t pid = -1;
++ const char *argv[] = { "/bin/sh", "-c", cmd, NULL };
++
++ /*
++ * We need a Unix domain socket for commands like swtpm and a single
++ * connection, therefore we cannot use qio_channel_command_new_spawn()
++ * without patching it first. Duplicating the functionality is easier.
++ */
++ if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds)) {
++ error_setg_errno(errp, errno, "Error creating socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC)");
++ goto error;
++ }
++
++ pid = qemu_fork(errp);
++ if (pid < 0) {
++ goto error;
++ }
++
++ if (!pid) {
++ /* child */
++ dup2(fds[1], STDIN_FILENO);
++ execv(argv[0], (char * const *)argv);
++ _exit(1);
++ }
++
++ /*
++ * Hand over our end of the socket pair to the qio channel.
++ *
++ * We don't reap the child because it is expected to keep
++ * running. We also don't support the "reconnect" option for the
++ * same reason.
++ */
++ sioc = qio_channel_socket_new_fd(fds[0], errp);
++ if (!sioc) {
++ goto error;
++ }
++ fds[0] = -1;
++
++ g_free(chr->filename);
++ chr->filename = g_strdup_printf("cmd:%s", cmd);
++ tcp_chr_new_client(chr, sioc);
++
++ error:
++ if (fds[0] >= 0) {
++ close(fds[0]);
++ }
++ if (fds[1] >= 0) {
++ close(fds[1]);
++ }
++ if (sioc) {
++ object_unref(OBJECT(sioc));
++ }
++}
++#endif
++
+ static void qmp_chardev_open_socket(Chardev *chr,
+ ChardevBackend *backend,
+ bool *be_opened,
+@@ -859,6 +921,9 @@ static void qmp_chardev_open_socket(Chardev *chr,
+ {
+ SocketChardev *s = SOCKET_CHARDEV(chr);
+ ChardevSocket *sock = backend->u.socket.data;
++#ifndef _WIN32
++ const char *cmd = sock->cmd;
++#endif
+ bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
+ bool is_listen = sock->has_server ? sock->server : true;
+ bool is_telnet = sock->has_telnet ? sock->telnet : false;
+@@ -925,7 +990,14 @@ static void qmp_chardev_open_socket(Chardev *chr,
+ } else if (reconnect > 0) {
+ s->reconnect_time = reconnect;
+ }
++#ifndef _WIN32
++ if (cmd) {
++ chardev_open_socket_cmd(chr, cmd, errp);
+
++ /* everything ready (or failed permanently) before we return */
++ *be_opened = true;
++ } else
++#endif
+ if (s->reconnect_time) {
+ sioc = qio_channel_socket_new();
+ tcp_chr_set_client_ioc_name(chr, sioc);
+@@ -985,10 +1057,26 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
+ const char *host = qemu_opt_get(opts, "host");
+ const char *port = qemu_opt_get(opts, "port");
+ const char *tls_creds = qemu_opt_get(opts, "tls-creds");
++#ifndef _WIN32
++ const char *cmd = qemu_opt_get(opts, "cmd");
++#endif
+ SocketAddressLegacy *addr;
+ ChardevSocket *sock;
+
+ backend->type = CHARDEV_BACKEND_KIND_SOCKET;
++#ifndef _WIN32
++ if (cmd) {
++ /*
++ * Here we have to ensure that no options are set which are incompatible with
++ * spawning a command, otherwise unmodified code that doesn't know about
++ * command spawning (like socket_reconnect_timeout()) might get called.
++ */
++ if (path || is_listen || is_telnet || is_tn3270 || reconnect || host || port || tls_creds) {
++ error_setg(errp, "chardev: socket: cmd does not support any additional options");
++ return;
++ }
++ } else
++#endif
+ if (!path) {
+ if (!host) {
+ error_setg(errp, "chardev: socket: no host given");
+@@ -1021,13 +1109,24 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
+ sock->has_reconnect = true;
+ sock->reconnect = reconnect;
+ sock->tls_creds = g_strdup(tls_creds);
++#ifndef _WIN32
++ sock->cmd = g_strdup(cmd);
++#endif
+
+ addr = g_new0(SocketAddressLegacy, 1);
++#ifndef _WIN32
++ if (path || cmd) {
++#else
+ if (path) {
++#endif
+ UnixSocketAddress *q_unix;
+ addr->type = SOCKET_ADDRESS_LEGACY_KIND_UNIX;
+ q_unix = addr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
++#ifndef _WIN32
++ q_unix->path = cmd ? g_strdup_printf("cmd:%s", cmd) : g_strdup(path);
++#else
+ q_unix->path = g_strdup(path);
++#endif
+ } else {
+ addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
+ addr->u.inet.data = g_new(InetSocketAddress, 1);
+diff --git a/chardev/char.c b/chardev/char.c
+index 2ae4f46..5d52cd5 100644
+--- a/chardev/char.c
++++ b/chardev/char.c
+@@ -793,6 +793,9 @@ QemuOptsList qemu_chardev_opts = {
+ .name = "path",
+ .type = QEMU_OPT_STRING,
+ },{
++ .name = "cmd",
++ .type = QEMU_OPT_STRING,
++ },{
+ .name = "host",
+ .type = QEMU_OPT_STRING,
+ },{
+diff --git a/qapi/char.json b/qapi/char.json
+index ae19dcd..6de0f29 100644
+--- a/qapi/char.json
++++ b/qapi/char.json
+@@ -241,6 +241,10 @@
+ #
+ # @addr: socket address to listen on (server=true)
+ # or connect to (server=false)
++# @cmd: command to run via "sh -c" with stdin as one end of
++# a AF_UNIX SOCK_DSTREAM socket pair. The other end
++# is used by the chardev. Either an addr or a cmd can
++# be specified, but not both.
+ # @tls-creds: the ID of the TLS credentials object (since 2.6)
+ # @server: create server socket (default: true)
+ # @wait: wait for incoming connection on server
+@@ -258,6 +262,7 @@
+ # Since: 1.4
+ ##
+ { 'struct': 'ChardevSocket', 'data': { 'addr' : 'SocketAddressLegacy',
++ '*cmd' : 'str',
+ '*tls-creds' : 'str',
+ '*server' : 'bool',
+ '*wait' : 'bool',
diff --git a/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
new file mode 100644
index 0000000000..915bfdac58
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0009-apic-fixup-fallthrough-to-PIC.patch
@@ -0,0 +1,43 @@
+From 945f428016f278fa8e38bc8d153397c3195f85a5 Mon Sep 17 00:00:00 2001
+From: Mark Asselstine <mark.asselstine@windriver.com>
+Date: Tue, 26 Feb 2013 11:43:28 -0500
+Subject: [PATCH] apic: fixup fallthrough to PIC
+
+Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC
+interrupts through the local APIC if the local APIC config says so.]
+missed a check to ensure the local APIC is enabled. Since if the local
+APIC is disabled it doesn't matter what the local APIC config says.
+
+If this check isn't done and the guest has disabled the local APIC the
+guest will receive a general protection fault, similar to what is seen
+here:
+
+https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02304.html
+
+The GPF is caused by an attempt to service interrupt 0xffffffff. This
+comes about since cpu_get_pic_interrupt() calls apic_accept_pic_intr()
+(with the local APIC disabled apic_get_interrupt() returns -1).
+apic_accept_pic_intr() returns 0 and thus the interrupt number which
+is returned from cpu_get_pic_interrupt(), and which is attempted to be
+serviced, is -1.
+
+Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html]
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ hw/intc/apic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/intc/apic.c b/hw/intc/apic.c
+index fe15fb6..8352c39 100644
+--- a/hw/intc/apic.c
++++ b/hw/intc/apic.c
+@@ -591,7 +591,7 @@ int apic_accept_pic_intr(DeviceState *dev)
+ APICCommonState *s = APIC(dev);
+ uint32_t lvt0;
+
+- if (!s)
++ if (!s || !(s->spurious_vec & APIC_SV_ENABLE))
+ return -1;
+
+ lvt0 = s->lvt[APIC_LVT_LINT0];
diff --git a/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
new file mode 100644
index 0000000000..ceb3980fc5
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
@@ -0,0 +1,32 @@
+From 4333b2b269d997a719e19f00d044105e17700be2 Mon Sep 17 00:00:00 2001
+From: Alistair Francis <alistair.francis@xilinx.com>
+Date: Wed, 17 Jan 2018 10:51:49 -0800
+Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
+
+Since commit "linux-user: Tidy and enforce reserved_va initialization"
+(18e80c55bb6ec17c05ec0ba717ec83933c2bfc07) the Yocto webkitgtk build
+hangs when cross compiling for 32-bit x86 on a 64-bit x86 machine using
+musl.
+
+To fix the issue reduce the MAX_RESERVED_VA macro to be a closer match
+to what it was before the problematic commit.
+
+Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html
+Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
+---
+ linux-user/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/linux-user/main.c b/linux-user/main.c
+index 146ee3e..1332b5c 100644
+--- a/linux-user/main.c
++++ b/linux-user/main.c
+@@ -78,7 +78,7 @@ do { \
+ (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
+ /* There are a number of places where we assign reserved_va to a variable
+ of type abi_ulong and expect it to fit. Avoid the last page. */
+-# define MAX_RESERVED_VA (0xfffffffful & TARGET_PAGE_MASK)
++# define MAX_RESERVED_VA (0x7ffffffful & TARGET_PAGE_MASK)
+ # else
+ # define MAX_RESERVED_VA (1ul << TARGET_VIRT_ADDR_SPACE_BITS)
+ # endif
diff --git a/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch b/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch
new file mode 100644
index 0000000000..880cb980a0
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0011-memfd-fix-configure-test.patch
@@ -0,0 +1,54 @@
+From 0c8af3f651a125d636a71d93bafd35ff5240431a Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 28 Nov 2017 11:51:27 +0100
+Subject: [PATCH] memfd: fix configure test
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Recent glibc added memfd_create in sys/mman.h. This conflicts with
+the definition in util/memfd.c:
+
+ /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration
+
+Fix the configure test, and remove the sys/memfd.h inclusion since the
+file actually does not exist---it is a typo in the memfd_create(2) man
+page.
+
+Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ configure | 2 +-
+ util/memfd.c | 4 +---
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/configure b/configure
+index b5312f4..ec12f36 100755
+--- a/configure
++++ b/configure
+@@ -3920,7 +3920,7 @@ fi
+ # check if memfd is supported
+ memfd=no
+ cat > $TMPC << EOF
+-#include <sys/memfd.h>
++#include <sys/mman.h>
+
+ int main(void)
+ {
+diff --git a/util/memfd.c b/util/memfd.c
+index 4571d1a..412e94a 100644
+--- a/util/memfd.c
++++ b/util/memfd.c
+@@ -31,9 +31,7 @@
+
+ #include "qemu/memfd.h"
+
+-#ifdef CONFIG_MEMFD
+-#include <sys/memfd.h>
+-#elif defined CONFIG_LINUX
++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD
+ #include <sys/syscall.h>
+ #include <asm/unistd.h>
+
diff --git a/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch b/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
new file mode 100644
index 0000000000..be92502095
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch
@@ -0,0 +1,64 @@
+From 7354b9b24c36ee712bb6e881d39504bf1b6a4c8b Mon Sep 17 00:00:00 2001
+From: Victor Kamensky <kamensky@cisco.com>
+Date: Fri, 23 Mar 2018 18:26:45 +0000
+Subject: [PATCH] arm/translate-a64: treat DISAS_UPDATE as variant of
+ DISAS_EXIT
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In OE project 4.15 linux kernel boot hang was observed under
+single cpu aarch64 qemu. Kernel code was in a loop waiting for
+vtimer arrival, spinning in TC generated blocks, while interrupt
+was pending unprocessed. This happened because when qemu tried to
+handle vtimer interrupt target had interrupts disabled, as
+result flag indicating TCG exit, cpu->icount_decr.u16.high,
+was cleared but arm_cpu_exec_interrupt function did not call
+arm_cpu_do_interrupt to process interrupt. Later when target
+reenabled interrupts, it happened without exit into main loop, so
+following code that waited for result of interrupt execution
+run in infinite loop.
+
+To solve the problem instructions that operate on CPU sys state
+(i.e enable/disable interrupt), and marked as DISAS_UPDATE,
+should be considered as DISAS_EXIT variant, and should be
+forced to exit back to main loop so qemu will have a chance
+processing pending CPU state updates, including pending
+interrupts.
+
+This change brings consistency with how DISAS_UPDATE is treated
+in aarch32 case.
+
+CC: Peter Maydell <peter.maydell@linaro.org>
+CC: Alex Bennée <alex.bennee@linaro.org>
+CC: qemu-stable@nongnu.org
+Suggested-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Victor Kamensky <kamensky@cisco.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 1521526368-1996-1-git-send-email-kamensky@cisco.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Upstream-Status: Backport
+---
+ target/arm/translate-a64.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+index 625ef2d..c381091 100644
+--- a/target/arm/translate-a64.c
++++ b/target/arm/translate-a64.c
+@@ -11384,12 +11384,12 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
+ case DISAS_UPDATE:
+ gen_a64_set_pc_im(dc->pc);
+ /* fall through */
+- case DISAS_JUMP:
+- tcg_gen_lookup_and_goto_ptr();
+- break;
+ case DISAS_EXIT:
+ tcg_gen_exit_tb(0);
+ break;
++ case DISAS_JUMP:
++ tcg_gen_lookup_and_goto_ptr();
++ break;
+ case DISAS_NORETURN:
+ case DISAS_SWI:
+ break;
diff --git a/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch b/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch
new file mode 100644
index 0000000000..d2bdf6b017
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch
@@ -0,0 +1,60 @@
+From 065061dca34fa5b91be6dce9a87a8755d8826c78 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 16 Nov 2017 13:21:55 +0530
+Subject: [PATCH] ps2: check PS2Queue pointers in post_load routine
+
+During Qemu guest migration, a destination process invokes ps2
+post_load function. In that, if 'rptr' and 'count' values were
+invalid, it could lead to OOB access or infinite loop issue.
+Add check to avoid it.
+
+Reported-by: Cyrille Chatras <cyrille.chatras@orange.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20171116075155.22378-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+CVE: CVE-2017-16845
+Upstream-Status: Backport
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ hw/input/ps2.c | 21 +++++++++------------
+ 1 file changed, 9 insertions(+), 12 deletions(-)
+
+diff --git a/hw/input/ps2.c b/hw/input/ps2.c
+index f388a23..de171a2 100644
+--- a/hw/input/ps2.c
++++ b/hw/input/ps2.c
+@@ -1225,24 +1225,21 @@ static void ps2_common_reset(PS2State *s)
+ static void ps2_common_post_load(PS2State *s)
+ {
+ PS2Queue *q = &s->queue;
+- int size;
+- int i;
+- int tmp_data[PS2_QUEUE_SIZE];
++ uint8_t i, size;
++ uint8_t tmp_data[PS2_QUEUE_SIZE];
+
+ /* set the useful data buffer queue size, < PS2_QUEUE_SIZE */
+- size = q->count > PS2_QUEUE_SIZE ? 0 : q->count;
++ size = (q->count < 0 || q->count > PS2_QUEUE_SIZE) ? 0 : q->count;
+
+ /* move the queue elements to the start of data array */
+- if (size > 0) {
+- for (i = 0; i < size; i++) {
+- /* move the queue elements to the temporary buffer */
+- tmp_data[i] = q->data[q->rptr];
+- if (++q->rptr == 256) {
+- q->rptr = 0;
+- }
++ for (i = 0; i < size; i++) {
++ if (q->rptr < 0 || q->rptr >= sizeof(q->data)) {
++ q->rptr = 0;
+ }
+- memcpy(q->data, tmp_data, size);
++ tmp_data[i] = q->data[q->rptr++];
+ }
++ memcpy(q->data, tmp_data, size);
++
+ /* reset rptr/wptr/count */
+ q->rptr = 0;
+ q->wptr = size;
diff --git a/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch b/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch
new file mode 100644
index 0000000000..b662a41508
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0014-fix-libcap-header-issue-on-some-distro.patch
@@ -0,0 +1,85 @@
+From 47fdb0b6e2e393194a8c81544c647fdd997aec7f Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 12 Mar 2013 09:54:06 +0800
+Subject: [PATCH] fix libcap header issue on some distro
+
+1, When build qemu-native on SLED 11.2, there is an error:
+...
+| In file included from /usr/include/bits/sigcontext.h:28,
+| from /usr/include/signal.h:339,
+| from /buildarea2/tmp/work/i686-linux/qemu-native/1.4.0-r0/
+qemu-1.4.0/include/qemu-common.h:42,
+| from fsdev/virtfs-proxy-helper.c:23:
+| /usr/include/asm/sigcontext.h:28: error: expected specifier-
+qualifier-list before '__u64'
+| /usr/include/asm/sigcontext.h:191: error: expected specifier-
+qualifier-list before '__u64'
+...
+
+2, The virtfs-proxy-helper.c includes <sys/capability.h> and
+qemu-common.h in sequence. The header include map is:
+(`-->' presents `include')
+...
+"virtfs-proxy-helper.c" --> <sys/capability.h>
+...
+"virtfs-proxy-helper.c" --> "qemu-common.h" --> <signal.h> -->
+<bits/sigcontext.h> --> <asm/sigcontext.h> --> <linux/types.h> -->
+<asm/types.h> --> <asm-generic/types.h> --> <asm-generic/int-ll64.h>
+...
+
+3, The bug is found on SLED 11.2 x86. In libcap header file
+/usr/include/sys/capability.h, it does evil stuff like this:
+...
+ 25 /*
+ 26 * Make sure we can be included from userland by preventing
+ 27 * capability.h from including other kernel headers
+ 28 */
+ 29 #define _LINUX_TYPES_H
+ 30 #define _LINUX_FS_H
+ 31 #define __LINUX_COMPILER_H
+ 32 #define __user
+ 33
+ 34 typedef unsigned int __u32;
+ 35 typedef __u32 __le32;
+...
+This completely prevents including /usr/include/linux/types.h.
+The above `<asm/sigcontext.h> --> <linux/types.h>' is prevented,
+and '__u64' is defined in <asm-generic/int-ll64.h>.
+
+4, Modify virtfs-proxy-helper.c to include <sys/capability.h>
+last to workaround the issue.
+
+http://www.linuxtv.org/pipermail/vdr/2009-August/021194.html
+http://patchwork.linuxtv.org/patch/12748/
+
+Upstream-Status: Pending
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ fsdev/virtfs-proxy-helper.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
+index 8e48500..6490030 100644
+--- a/fsdev/virtfs-proxy-helper.c
++++ b/fsdev/virtfs-proxy-helper.c
+@@ -13,7 +13,6 @@
+ #include <sys/resource.h>
+ #include <getopt.h>
+ #include <syslog.h>
+-#include <sys/capability.h>
+ #include <sys/fsuid.h>
+ #include <sys/vfs.h>
+ #include <sys/ioctl.h>
+@@ -27,7 +26,11 @@
+ #include "9p-iov-marshal.h"
+ #include "hw/9pfs/9p-proxy.h"
+ #include "fsdev/9p-iov-marshal.h"
+-
++/*
++ * Include this one last due to some versions of it being buggy:
++ * http://www.linuxtv.org/pipermail/vdr/2009-August/021194.html
++ */
++#include <sys/capability.h>
+ #define PROGNAME "virtfs-proxy-helper"
+
+ #ifndef XFS_SUPER_MAGIC
diff --git a/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch b/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
new file mode 100644
index 0000000000..a5621caa95
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch
@@ -0,0 +1,73 @@
+From db914e0f93a32b6731a636517002ecadc207718b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
+Date: Wed, 12 Aug 2015 15:11:30 -0500
+Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Add custom_debug.h with function for print backtrace information.
+When pthread_kill fails in qemu_cpu_kick_thread display backtrace and
+current cpu information.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
+---
+ cpus.c | 5 +++++
+ custom_debug.h | 24 ++++++++++++++++++++++++
+ 2 files changed, 29 insertions(+)
+ create mode 100644 custom_debug.h
+
+diff --git a/cpus.c b/cpus.c
+index 114c29b..c3dd2e0 100644
+--- a/cpus.c
++++ b/cpus.c
+@@ -1510,6 +1510,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
+ return NULL;
+ }
+
++#include "custom_debug.h"
++
+ static void qemu_cpu_kick_thread(CPUState *cpu)
+ {
+ #ifndef _WIN32
+@@ -1522,6 +1524,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
+ err = pthread_kill(cpu->thread->thread, SIG_IPI);
+ if (err) {
+ fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
++ fprintf(stderr, "CPU #%d:\n", cpu->cpu_index);
++ cpu_dump_state(cpu, stderr, fprintf, 0);
++ backtrace_print();
+ exit(1);
+ }
+ #else /* _WIN32 */
+diff --git a/custom_debug.h b/custom_debug.h
+new file mode 100644
+index 0000000..f029e45
+--- /dev/null
++++ b/custom_debug.h
+@@ -0,0 +1,24 @@
++#include <execinfo.h>
++#include <stdio.h>
++#define BACKTRACE_MAX 128
++static void backtrace_print(void)
++{
++ int nfuncs = 0;
++ void *buf[BACKTRACE_MAX];
++ char **symbols;
++ int i;
++
++ nfuncs = backtrace(buf, BACKTRACE_MAX);
++
++ symbols = backtrace_symbols(buf, nfuncs);
++ if (symbols == NULL) {
++ fprintf(stderr, "backtrace_print failed to get symbols");
++ return;
++ }
++
++ fprintf(stderr, "Backtrace ...\n");
++ for (i = 0; i < nfuncs; i++)
++ fprintf(stderr, "%s\n", symbols[i]);
++
++ free(symbols);
++}
diff --git a/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile-v10.patch b/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile-v10.patch
deleted file mode 100644
index e9639820be..0000000000
--- a/meta/recipes-devtools/qemu/qemu/add-ptest-in-makefile-v10.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 4201a5791fc4798a45a9b9f881602d7bacb74ed1 Mon Sep 17 00:00:00 2001
-From: Juro Bystricky <juro.bystricky@intel.com>
-Date: Thu, 31 Aug 2017 11:06:56 -0700
-Subject: Add subpackage -ptest which runs all unit test cases for qemu.
-
-Upstream-Status: Pending
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
-
-diff --git a/tests/Makefile.include b/tests/Makefile.include
-index f08b741..3d1b3e9 100644
---- a/tests/Makefile.include
-+++ b/tests/Makefile.include
-@@ -924,4 +924,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
- -include $(wildcard tests/*.d)
- -include $(wildcard tests/libqos/*.d)
-
-+buildtest-TESTS: $(check-unit-y)
-+
-+runtest-TESTS:
-+ for f in $(check-unit-y); do \
-+ nf=$$(echo $$f | sed 's/tests\//\.\//g'); \
-+ $$nf; \
-+ done
-+
- endif
diff --git a/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch
deleted file mode 100644
index d6a3522eda..0000000000
--- a/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From bef93bb81588b5323a52d2e1886f2a77b64a976b Mon Sep 17 00:00:00 2001
-From: Mark Asselstine <mark.asselstine@windriver.com>
-Date: Tue, 26 Feb 2013 11:43:28 -0500
-Subject: [PATCH 03/18] apic: fixup fallthrough to PIC
-
-Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC
-interrupts through the local APIC if the local APIC config says so.]
-missed a check to ensure the local APIC is enabled. Since if the local
-APIC is disabled it doesn't matter what the local APIC config says.
-
-If this check isn't done and the guest has disabled the local APIC the
-guest will receive a general protection fault, similar to what is seen
-here:
-
-https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02304.html
-
-The GPF is caused by an attempt to service interrupt 0xffffffff. This
-comes about since cpu_get_pic_interrupt() calls apic_accept_pic_intr()
-(with the local APIC disabled apic_get_interrupt() returns -1).
-apic_accept_pic_intr() returns 0 and thus the interrupt number which
-is returned from cpu_get_pic_interrupt(), and which is attempted to be
-serviced, is -1.
-
-Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
-Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html]
-Signed-off-by: He Zhe <zhe.he@windriver.com>
----
- hw/intc/apic.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: qemu-2.11.1/hw/intc/apic.c
-===================================================================
---- qemu-2.11.1.orig/hw/intc/apic.c
-+++ qemu-2.11.1/hw/intc/apic.c
-@@ -591,7 +591,7 @@ int apic_accept_pic_intr(DeviceState *de
- APICCommonState *s = APIC(dev);
- uint32_t lvt0;
-
-- if (!s)
-+ if (!s || !(s->spurious_vec & APIC_SV_ENABLE))
- return -1;
-
- lvt0 = s->lvt[APIC_LVT_LINT0];
diff --git a/meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch
deleted file mode 100644
index 6e6bf95c18..0000000000
--- a/meta/recipes-devtools/qemu/qemu/chardev-connect-socket-to-a-spawned-command.patch
+++ /dev/null
@@ -1,242 +0,0 @@
-From 3bb3100c22eb30146a69656480bdffeef8663575 Mon Sep 17 00:00:00 2001
-From: Alistair Francis <alistair.francis@xilinx.com>
-Date: Thu, 21 Dec 2017 11:35:16 -0800
-Subject: [PATCH] chardev: connect socket to a spawned command
-
-The command is started in a shell (sh -c) with stdin connect to QEMU
-via a Unix domain stream socket. QEMU then exchanges data via its own
-end of the socket, just like it normally does.
-
-"-chardev socket" supports some ways of connecting via protocols like
-telnet, but that is only a subset of the functionality supported by
-tools socat. To use socat instead, for example to connect via a socks
-proxy, use:
-
- -chardev 'socket,id=socat,cmd=exec socat FD:0 SOCKS4A:socks-proxy.localdomain:example.com:9999,,socksuser=nobody' \
- -device usb-serial,chardev=socat
-
-Beware that commas in the command must be escaped as double commas.
-
-Or interactively in the console:
- (qemu) chardev-add socket,id=cat,cmd=cat
- (qemu) device_add usb-serial,chardev=cat
- ^ac
- # cat >/dev/ttyUSB0
- hello
- hello
-
-Another usage is starting swtpm from inside QEMU. swtpm will
-automatically shut down once it looses the connection to the parent
-QEMU, so there is no risk of lingering processes:
-
- -chardev 'socket,id=chrtpm0,cmd=exec swtpm socket --terminate --ctrl type=unixio,,clientfd=0 --tpmstate dir=... --log file=swtpm.log' \
- -tpmdev emulator,id=tpm0,chardev=chrtpm0 \
- -device tpm-tis,tpmdev=tpm0
-
-The patch was discussed upstream, but QEMU developers believe that the
-code calling QEMU should be responsible for managing additional
-processes. In OE-core, that would imply enhancing runqemu and
-oeqa. This patch is a simpler solution.
-
-Because it is not going upstream, the patch was written so that it is
-as simple as possible.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
----
- chardev/char-socket.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++---
- chardev/char.c | 3 ++
- qapi/char.json | 5 +++
- 3 files changed, 90 insertions(+), 4 deletions(-)
-
-diff --git a/chardev/char-socket.c b/chardev/char-socket.c
-index 53eda8ef00..f566107c35 100644
---- a/chardev/char-socket.c
-+++ b/chardev/char-socket.c
-@@ -852,6 +852,68 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
- return false;
- }
-
-+#ifndef _WIN32
-+static void chardev_open_socket_cmd(Chardev *chr,
-+ const char *cmd,
-+ Error **errp)
-+{
-+ int fds[2] = { -1, -1 };
-+ QIOChannelSocket *sioc = NULL;
-+ pid_t pid = -1;
-+ const char *argv[] = { "/bin/sh", "-c", cmd, NULL };
-+
-+ /*
-+ * We need a Unix domain socket for commands like swtpm and a single
-+ * connection, therefore we cannot use qio_channel_command_new_spawn()
-+ * without patching it first. Duplicating the functionality is easier.
-+ */
-+ if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds)) {
-+ error_setg_errno(errp, errno, "Error creating socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC)");
-+ goto error;
-+ }
-+
-+ pid = qemu_fork(errp);
-+ if (pid < 0) {
-+ goto error;
-+ }
-+
-+ if (!pid) {
-+ /* child */
-+ dup2(fds[1], STDIN_FILENO);
-+ execv(argv[0], (char * const *)argv);
-+ _exit(1);
-+ }
-+
-+ /*
-+ * Hand over our end of the socket pair to the qio channel.
-+ *
-+ * We don't reap the child because it is expected to keep
-+ * running. We also don't support the "reconnect" option for the
-+ * same reason.
-+ */
-+ sioc = qio_channel_socket_new_fd(fds[0], errp);
-+ if (!sioc) {
-+ goto error;
-+ }
-+ fds[0] = -1;
-+
-+ g_free(chr->filename);
-+ chr->filename = g_strdup_printf("cmd:%s", cmd);
-+ tcp_chr_new_client(chr, sioc);
-+
-+ error:
-+ if (fds[0] >= 0) {
-+ close(fds[0]);
-+ }
-+ if (fds[1] >= 0) {
-+ close(fds[1]);
-+ }
-+ if (sioc) {
-+ object_unref(OBJECT(sioc));
-+ }
-+}
-+#endif
-+
- static void qmp_chardev_open_socket(Chardev *chr,
- ChardevBackend *backend,
- bool *be_opened,
-@@ -859,6 +921,9 @@
- {
- SocketChardev *s = SOCKET_CHARDEV(chr);
- ChardevSocket *sock = backend->u.socket.data;
-+#ifndef _WIN32
-+ const char *cmd = sock->cmd;
-+#endif
- bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
- bool is_listen = sock->has_server ? sock->server : true;
- bool is_telnet = sock->has_telnet ? sock->telnet : false;
-@@ -925,7 +990,14 @@
- } else if (reconnect > 0) {
- s->reconnect_time = reconnect;
- }
--
-+#ifndef _WIN32
-+ if (cmd) {
-+ chardev_open_socket_cmd(chr, cmd, errp);
-+
-+ /* everything ready (or failed permanently) before we return */
-+ *be_opened = true;
-+ } else
-+#endif
- if (s->reconnect_time) {
- sioc = qio_channel_socket_new();
- tcp_chr_set_client_ioc_name(chr, sioc);
-@@ -985,10 +1057,26 @@
- const char *host = qemu_opt_get(opts, "host");
- const char *port = qemu_opt_get(opts, "port");
- const char *tls_creds = qemu_opt_get(opts, "tls-creds");
-+#ifndef _WIN32
-+ const char *cmd = qemu_opt_get(opts, "cmd");
-+#endif
- SocketAddressLegacy *addr;
- ChardevSocket *sock;
-
- backend->type = CHARDEV_BACKEND_KIND_SOCKET;
-+#ifndef _WIN32
-+ if (cmd) {
-+ /*
-+ * Here we have to ensure that no options are set which are incompatible with
-+ * spawning a command, otherwise unmodified code that doesn't know about
-+ * command spawning (like socket_reconnect_timeout()) might get called.
-+ */
-+ if (path || is_listen || is_telnet || is_tn3270 || reconnect || host || port || tls_creds) {
-+ error_setg(errp, "chardev: socket: cmd does not support any additional options");
-+ return;
-+ }
-+ } else
-+#endif
- if (!path) {
- if (!host) {
- error_setg(errp, "chardev: socket: no host given");
-@@ -1021,13 +1109,24 @@
- sock->has_reconnect = true;
- sock->reconnect = reconnect;
- sock->tls_creds = g_strdup(tls_creds);
-+#ifndef _WIN32
-+ sock->cmd = g_strdup(cmd);
-+#endif
-
- addr = g_new0(SocketAddressLegacy, 1);
-+#ifndef _WIN32
-+ if (path || cmd) {
-+#else
- if (path) {
-+#endif
- UnixSocketAddress *q_unix;
- addr->type = SOCKET_ADDRESS_LEGACY_KIND_UNIX;
- q_unix = addr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
-+#ifndef _WIN32
-+ q_unix->path = cmd ? g_strdup_printf("cmd:%s", cmd) : g_strdup(path);
-+#else
- q_unix->path = g_strdup(path);
-+#endif
- } else {
- addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
- addr->u.inet.data = g_new(InetSocketAddress, 1);
-diff --git a/chardev/char.c b/chardev/char.c
-index 2ae4f465ec..5d52cd5de5 100644
---- a/chardev/char.c
-+++ b/chardev/char.c
-@@ -792,6 +792,9 @@ QemuOptsList qemu_chardev_opts = {
- },{
- .name = "path",
- .type = QEMU_OPT_STRING,
-+ },{
-+ .name = "cmd",
-+ .type = QEMU_OPT_STRING,
- },{
- .name = "host",
- .type = QEMU_OPT_STRING,
-diff --git a/qapi/char.json b/qapi/char.json
-index ae19dcd1ed..6de0f29bcd 100644
---- a/qapi/char.json
-+++ b/qapi/char.json
-@@ -241,6 +241,10 @@
- #
- # @addr: socket address to listen on (server=true)
- # or connect to (server=false)
-+# @cmd: command to run via "sh -c" with stdin as one end of
-+# a AF_UNIX SOCK_DSTREAM socket pair. The other end
-+# is used by the chardev. Either an addr or a cmd can
-+# be specified, but not both.
- # @tls-creds: the ID of the TLS credentials object (since 2.6)
- # @server: create server socket (default: true)
- # @wait: wait for incoming connection on server
-@@ -258,6 +262,7 @@
- # Since: 1.4
- ##
- { 'struct': 'ChardevSocket', 'data': { 'addr' : 'SocketAddressLegacy',
-+ '*cmd' : 'str',
- '*tls-creds' : 'str',
- '*server' : 'bool',
- '*wait' : 'bool',
---
-2.14.1
diff --git a/meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch b/meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch
deleted file mode 100644
index f8d7f66ace..0000000000
--- a/meta/recipes-devtools/qemu/qemu/check-PS2Queue-pointers-in-post_load-routine.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From ee9a17d0e12143971a9676227cce953c0dbe52fb Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 16 Nov 2017 13:21:55 +0530
-Subject: [PATCH] ps2: check PS2Queue pointers in post_load routine
-
-During Qemu guest migration, a destination process invokes ps2
-post_load function. In that, if 'rptr' and 'count' values were
-invalid, it could lead to OOB access or infinite loop issue.
-Add check to avoid it.
-
-Reported-by: Cyrille Chatras <cyrille.chatras@orange.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 20171116075155.22378-1-ppandit@redhat.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-
-CVE: CVE-2017-16845
-Upstream-Status: Backport
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- hw/input/ps2.c | 21 +++++++++------------
- 1 file changed, 9 insertions(+), 12 deletions(-)
-
-diff --git a/hw/input/ps2.c b/hw/input/ps2.c
-index f388a23..de171a2 100644
---- a/hw/input/ps2.c
-+++ b/hw/input/ps2.c
-@@ -1225,24 +1225,21 @@ static void ps2_common_reset(PS2State *s)
- static void ps2_common_post_load(PS2State *s)
- {
- PS2Queue *q = &s->queue;
-- int size;
-- int i;
-- int tmp_data[PS2_QUEUE_SIZE];
-+ uint8_t i, size;
-+ uint8_t tmp_data[PS2_QUEUE_SIZE];
-
- /* set the useful data buffer queue size, < PS2_QUEUE_SIZE */
-- size = q->count > PS2_QUEUE_SIZE ? 0 : q->count;
-+ size = (q->count < 0 || q->count > PS2_QUEUE_SIZE) ? 0 : q->count;
-
- /* move the queue elements to the start of data array */
-- if (size > 0) {
-- for (i = 0; i < size; i++) {
-- /* move the queue elements to the temporary buffer */
-- tmp_data[i] = q->data[q->rptr];
-- if (++q->rptr == 256) {
-- q->rptr = 0;
-- }
-+ for (i = 0; i < size; i++) {
-+ if (q->rptr < 0 || q->rptr >= sizeof(q->data)) {
-+ q->rptr = 0;
- }
-- memcpy(q->data, tmp_data, size);
-+ tmp_data[i] = q->data[q->rptr++];
- }
-+ memcpy(q->data, tmp_data, size);
-+
- /* reset rptr/wptr/count */
- q->rptr = 0;
- q->wptr = size;
---
-2.7.4
-
diff --git a/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch b/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch
deleted file mode 100644
index 6822132541..0000000000
--- a/meta/recipes-devtools/qemu/qemu/cpus.c-qemu_cpu_kick_thread_debugging.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 697a834c35d19447b7dcdb9e1d9434bc6ce17c21 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
-Date: Wed, 12 Aug 2015 15:11:30 -0500
-Subject: [PATCH] cpus.c: Add error messages when qemi_cpu_kick_thread fails.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Add custom_debug.h with function for print backtrace information.
-When pthread_kill fails in qemu_cpu_kick_thread display backtrace and
-current cpu information.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
----
- cpus.c | 5 +++++
- custom_debug.h | 24 ++++++++++++++++++++++++
- 2 files changed, 29 insertions(+)
- create mode 100644 custom_debug.h
-
-diff --git a/cpus.c b/cpus.c
-index a822ce3..7e4786e 100644
---- a/cpus.c
-+++ b/cpus.c
-@@ -1080,6 +1080,8 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
- return NULL;
- }
-
-+#include "custom_debug.h"
-+
- static void qemu_cpu_kick_thread(CPUState *cpu)
- {
- #ifndef _WIN32
-@@ -1088,6 +1090,9 @@ static void qemu_cpu_kick_thread(CPUState *cpu)
- err = pthread_kill(cpu->thread->thread, SIG_IPI);
- if (err) {
- fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
-+ fprintf(stderr, "CPU #%d:\n", cpu->cpu_index);
-+ cpu_dump_state(cpu, stderr, fprintf, 0);
-+ backtrace_print();
- exit(1);
- }
- #else /* _WIN32 */
-diff --git a/custom_debug.h b/custom_debug.h
-new file mode 100644
-index 0000000..f029e45
---- /dev/null
-+++ b/custom_debug.h
-@@ -0,0 +1,24 @@
-+#include <execinfo.h>
-+#include <stdio.h>
-+#define BACKTRACE_MAX 128
-+static void backtrace_print(void)
-+{
-+ int nfuncs = 0;
-+ void *buf[BACKTRACE_MAX];
-+ char **symbols;
-+ int i;
-+
-+ nfuncs = backtrace(buf, BACKTRACE_MAX);
-+
-+ symbols = backtrace_symbols(buf, nfuncs);
-+ if (symbols == NULL) {
-+ fprintf(stderr, "backtrace_print failed to get symbols");
-+ return;
-+ }
-+
-+ fprintf(stderr, "Backtrace ...\n");
-+ for (i = 0; i < nfuncs; i++)
-+ fprintf(stderr, "%s\n", symbols[i]);
-+
-+ free(symbols);
-+}
---
-1.9.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/disable-grabs.patch b/meta/recipes-devtools/qemu/qemu/disable-grabs.patch
deleted file mode 100644
index 77117890f4..0000000000
--- a/meta/recipes-devtools/qemu/qemu/disable-grabs.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-When the pointer enters the Qemu window it calls SDL_WM_GrabInput, which calls
-XGrabPointer in a busyloop until it returns GrabSuccess. However if there's already
-a pointer grab (screen is locked, a menu is open) then qemu will hang until the
-grab can be taken. In the specific case of a headless X server on an autobuilder, once
-the screensaver has kicked in any qemu instance that appears underneath the
-pointer will hang.
-
-I'm not entirely sure why pointer grabs are required (the documentation
-explicitly says it doesn't do grabs when using a tablet, which we are) so wrap
-them in a conditional that can be set by the autobuilder environment, preserving
-the current grabbing behaviour for everyone else.
-
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 4b1988ecb01a178269ec0513a75f2ec620c7ef6a Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Wed, 18 Sep 2013 14:04:54 +0100
-Subject: [PATCH] sdl.c: allow user to disable pointer grabs
-
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-Signed-off-by: Eric Bénard <eric@eukrea.com>
----
- ui/sdl.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-Index: qemu-2.11.1/ui/sdl.c
-===================================================================
---- qemu-2.11.1.orig/ui/sdl.c
-+++ qemu-2.11.1/ui/sdl.c
-@@ -63,6 +63,10 @@ static SDL_PixelFormat host_format;
- static int scaling_active = 0;
- static Notifier mouse_mode_notifier;
- static int idle_counter;
-+#ifndef True
-+#define True 1
-+#endif
-+static doing_grabs = True;
-
- #define SDL_REFRESH_INTERVAL_BUSY 10
- #define SDL_MAX_IDLE_COUNT (2 * GUI_REFRESH_INTERVAL_DEFAULT \
-@@ -431,14 +435,16 @@ static void sdl_grab_start(void)
- }
- } else
- sdl_hide_cursor();
-- SDL_WM_GrabInput(SDL_GRAB_ON);
-+ if (doing_grabs)
-+ SDL_WM_GrabInput(SDL_GRAB_ON);
- gui_grab = 1;
- sdl_update_caption();
- }
-
- static void sdl_grab_end(void)
- {
-- SDL_WM_GrabInput(SDL_GRAB_OFF);
-+ if (doing_grabs)
-+ SDL_WM_GrabInput(SDL_GRAB_OFF);
- gui_grab = 0;
- sdl_show_cursor();
- sdl_update_caption();
-@@ -986,6 +992,8 @@ void sdl_display_init(DisplayState *ds,
- * This requires SDL >= 1.2.14. */
- setenv("SDL_DISABLE_LOCK_KEYS", "1", 1);
-
-+ doing_grabs = (getenv("QEMU_DONT_GRAB") == NULL);
-+
- flags = SDL_INIT_VIDEO | SDL_INIT_NOPARACHUTE;
- if (SDL_Init (flags)) {
- fprintf(stderr, "Could not initialize SDL(%s) - exiting\n",
diff --git a/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch b/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch
deleted file mode 100644
index cee6a676ab..0000000000
--- a/meta/recipes-devtools/qemu/qemu/fix-libcap-header-issue-on-some-distro.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-fix libcap header issue on some distro
-
-1, When build qemu-native on SLED 11.2, there is an error:
-...
-| In file included from /usr/include/bits/sigcontext.h:28,
-| from /usr/include/signal.h:339,
-| from /buildarea2/tmp/work/i686-linux/qemu-native/1.4.0-r0/
-qemu-1.4.0/include/qemu-common.h:42,
-| from fsdev/virtfs-proxy-helper.c:23:
-| /usr/include/asm/sigcontext.h:28: error: expected specifier-
-qualifier-list before '__u64'
-| /usr/include/asm/sigcontext.h:191: error: expected specifier-
-qualifier-list before '__u64'
-...
-
-2, The virtfs-proxy-helper.c includes <sys/capability.h> and
-qemu-common.h in sequence. The header include map is:
-(`-->' presents `include')
-...
-"virtfs-proxy-helper.c" --> <sys/capability.h>
-...
-"virtfs-proxy-helper.c" --> "qemu-common.h" --> <signal.h> -->
-<bits/sigcontext.h> --> <asm/sigcontext.h> --> <linux/types.h> -->
-<asm/types.h> --> <asm-generic/types.h> --> <asm-generic/int-ll64.h>
-...
-
-3, The bug is found on SLED 11.2 x86. In libcap header file
-/usr/include/sys/capability.h, it does evil stuff like this:
-...
- 25 /*
- 26 * Make sure we can be included from userland by preventing
- 27 * capability.h from including other kernel headers
- 28 */
- 29 #define _LINUX_TYPES_H
- 30 #define _LINUX_FS_H
- 31 #define __LINUX_COMPILER_H
- 32 #define __user
- 33
- 34 typedef unsigned int __u32;
- 35 typedef __u32 __le32;
-...
-This completely prevents including /usr/include/linux/types.h.
-The above `<asm/sigcontext.h> --> <linux/types.h>' is prevented,
-and '__u64' is defined in <asm-generic/int-ll64.h>.
-
-4, Modify virtfs-proxy-helper.c to include <sys/capability.h>
-last to workaround the issue.
-
-http://www.linuxtv.org/pipermail/vdr/2009-August/021194.html
-http://patchwork.linuxtv.org/patch/12748/
-
-Upstream-Status: Pending
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- fsdev/virtfs-proxy-helper.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
---- a/fsdev/virtfs-proxy-helper.c
-+++ b/fsdev/virtfs-proxy-helper.c
-@@ -12,7 +12,6 @@
- #include <sys/resource.h>
- #include <getopt.h>
- #include <syslog.h>
--#include <sys/capability.h>
- #include <sys/fsuid.h>
- #include <sys/vfs.h>
- #include <sys/ioctl.h>
-@@ -26,7 +25,11 @@
- #include "9p-iov-marshal.h"
- #include "hw/9pfs/9p-proxy.h"
- #include "fsdev/9p-iov-marshal.h"
--
-+/*
-+ * Include this one last due to some versions of it being buggy:
-+ * http://www.linuxtv.org/pipermail/vdr/2009-August/021194.html
-+ */
-+#include <sys/capability.h>
- #define PROGNAME "virtfs-proxy-helper"
-
- #ifndef XFS_SUPER_MAGIC
---
-1.7.10.4
-
diff --git a/meta/recipes-devtools/qemu/qemu/linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta/recipes-devtools/qemu/qemu/linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
deleted file mode 100644
index d2c52252f6..0000000000
--- a/meta/recipes-devtools/qemu/qemu/linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 4fa4aae4176ef6d8f4d4b8323d061e2433918a26 Mon Sep 17 00:00:00 2001
-From: Alistair Francis <alistair.francis@xilinx.com>
-Date: Wed, 17 Jan 2018 10:51:49 -0800
-Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
-
-Since commit "linux-user: Tidy and enforce reserved_va initialization"
-(18e80c55bb6ec17c05ec0ba717ec83933c2bfc07) the Yocto webkitgtk build
-hangs when cross compiling for 32-bit x86 on a 64-bit x86 machine using
-musl.
-
-To fix the issue reduce the MAX_RESERVED_VA macro to be a closer match
-to what it was before the problematic commit.
-
-Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html
-Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
----
- linux-user/main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/linux-user/main.c b/linux-user/main.c
-index 450eb3ce65..c7cc0a184e 100644
---- a/linux-user/main.c
-+++ b/linux-user/main.c
-@@ -77,7 +77,7 @@ do { \
- (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
- /* There are a number of places where we assign reserved_va to a variable
- of type abi_ulong and expect it to fit. Avoid the last page. */
--# define MAX_RESERVED_VA (0xfffffffful & TARGET_PAGE_MASK)
-+# define MAX_RESERVED_VA (0x7ffffffful & TARGET_PAGE_MASK)
- # else
- # define MAX_RESERVED_VA (1ul << TARGET_VIRT_ADDR_SPACE_BITS)
- # endif
---
-2.14.1
-
diff --git a/meta/recipes-devtools/qemu/qemu/memfd.patch b/meta/recipes-devtools/qemu/qemu/memfd.patch
deleted file mode 100644
index 62e8d3800b..0000000000
--- a/meta/recipes-devtools/qemu/qemu/memfd.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Tue, 28 Nov 2017 11:51:27 +0100
-Subject: [PATCH] memfd: fix configure test
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Recent glibc added memfd_create in sys/mman.h. This conflicts with
-the definition in util/memfd.c:
-
- /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration
-
-Fix the configure test, and remove the sys/memfd.h inclusion since the
-file actually does not exist---it is a typo in the memfd_create(2) man
-page.
-
-Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- configure | 2 +-
- util/memfd.c | 4 +---
- 2 files changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/configure b/configure
-index 9c8aa5a98b..99ccc1725a 100755
---- a/configure
-+++ b/configure
-@@ -3923,7 +3923,7 @@ fi
- # check if memfd is supported
- memfd=no
- cat > $TMPC << EOF
--#include <sys/memfd.h>
-+#include <sys/mman.h>
-
- int main(void)
- {
-diff --git a/util/memfd.c b/util/memfd.c
-index 4571d1aba8..412e94a405 100644
---- a/util/memfd.c
-+++ b/util/memfd.c
-@@ -31,9 +31,7 @@
-
- #include "qemu/memfd.h"
-
--#ifdef CONFIG_MEMFD
--#include <sys/memfd.h>
--#elif defined CONFIG_LINUX
-+#if defined CONFIG_LINUX && !defined CONFIG_MEMFD
- #include <sys/syscall.h>
- #include <asm/unistd.h>
-
---
-2.11.0
diff --git a/meta/recipes-devtools/qemu/qemu/no-valgrind.patch b/meta/recipes-devtools/qemu/qemu/no-valgrind.patch
deleted file mode 100644
index 91f728042d..0000000000
--- a/meta/recipes-devtools/qemu/qemu/no-valgrind.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-diff --git a/configure b/configure
-index b3c4f51..4d3929e 100755
---- a/configure
-+++ b/configure
-@@ -4193,9 +4192,0 @@ valgrind_h=no
--cat > $TMPC << EOF
--#include <valgrind/valgrind.h>
--int main(void) {
-- return 0;
--}
--EOF
--if compile_prog "" "" ; then
-- valgrind_h=yes
--fi
diff --git a/meta/recipes-devtools/qemu/qemu/pathlimit.patch b/meta/recipes-devtools/qemu/qemu/pathlimit.patch
deleted file mode 100644
index 57ab981c61..0000000000
--- a/meta/recipes-devtools/qemu/qemu/pathlimit.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-By default qemu builds a complete list of directories within the user
-emulation sysroot (-L option). The OE sysroot directory is large and
-this is confusing, for example it indexes all pkgdata. In particular this
-confuses strace of qemu binaries with tons of irrelevant paths.
-
-This patch stops the code indexing up front and instead only indexes
-things if/as/when it needs to. This drastically reduces the files it
-reads and reduces memory usage and cleans up strace.
-
-It would also avoid the infinite directory traversal bug in [YOCTO #6996]
-although the code could still be vulnerable if it parsed those specific
-paths.
-
-RP
-2016/3/9
-Upstream-Status: Pending
-
-Index: qemu-2.5.0/util/path.c
-===================================================================
---- qemu-2.5.0.orig/util/path.c
-+++ qemu-2.5.0/util/path.c
-@@ -19,6 +19,7 @@ struct pathelem
- char *name;
- /* Full path name, eg. /usr/gnemul/x86-linux/lib. */
- char *pathname;
-+ int populated_entries;
- struct pathelem *parent;
- /* Children */
- unsigned int num_entries;
-@@ -49,6 +50,7 @@ static struct pathelem *new_entry(const
- new->name = g_strdup(name);
- new->pathname = g_strdup_printf("%s/%s", root, name);
- new->num_entries = 0;
-+ new->populated_entries = 0;
- return new;
- }
-
-@@ -57,15 +59,16 @@ static struct pathelem *new_entry(const
- /* Not all systems provide this feature */
- #if defined(DT_DIR) && defined(DT_UNKNOWN) && defined(DT_LNK)
- # define dirent_type(dirent) ((dirent)->d_type)
--# define is_dir_maybe(type) \
-- ((type) == DT_DIR || (type) == DT_UNKNOWN || (type) == DT_LNK)
-+# define is_not_dir(type) \
-+ ((type) != DT_DIR && (type) != DT_UNKNOWN && (type) != DT_LNK)
- #else
- # define dirent_type(dirent) (1)
--# define is_dir_maybe(type) (type)
-+# define is_not_dir(type) (0)
- #endif
-
- static struct pathelem *add_dir_maybe(struct pathelem *path)
- {
-+ unsigned int i;
- DIR *dir;
-
- if ((dir = opendir(path->pathname)) != NULL) {
-@@ -78,6 +81,11 @@ static struct pathelem *add_dir_maybe(st
- }
- closedir(dir);
- }
-+
-+ for (i = 0; i < path->num_entries; i++)
-+ (path->entries[i])->parent = path;
-+
-+ path->populated_entries = 1;
- return path;
- }
-
-@@ -93,26 +101,16 @@ static struct pathelem *add_entry(struct
- e = &root->entries[root->num_entries-1];
-
- *e = new_entry(root->pathname, root, name);
-- if (is_dir_maybe(type)) {
-- *e = add_dir_maybe(*e);
-+ if (is_not_dir(type)) {
-+ (*e)->populated_entries = 1;
- }
-
- return root;
- }
-
--/* This needs to be done after tree is stabilized (ie. no more reallocs!). */
--static void set_parents(struct pathelem *child, struct pathelem *parent)
--{
-- unsigned int i;
--
-- child->parent = parent;
-- for (i = 0; i < child->num_entries; i++)
-- set_parents(child->entries[i], child);
--}
--
- /* FIXME: Doesn't handle DIR/.. where DIR is not in emulated dir. */
- static const char *
--follow_path(const struct pathelem *cursor, const char *name)
-+follow_path(struct pathelem *cursor, struct pathelem **source, const char *name)
- {
- unsigned int i, namelen;
-
-@@ -123,14 +121,18 @@ follow_path(const struct pathelem *curso
- return cursor->pathname;
-
- if (strneq(name, namelen, ".."))
-- return follow_path(cursor->parent, name + namelen);
-+ return follow_path(cursor->parent, &cursor->parent, name + namelen);
-
- if (strneq(name, namelen, "."))
-- return follow_path(cursor, name + namelen);
-+ return follow_path(cursor, source, name + namelen);
-+
-+ if (!cursor->populated_entries)
-+ *source = add_dir_maybe(cursor);
-+ cursor = *source;
-
- for (i = 0; i < cursor->num_entries; i++)
- if (strneq(name, namelen, cursor->entries[i]->name))
-- return follow_path(cursor->entries[i], name + namelen);
-+ return follow_path(cursor->entries[i], &cursor->entries[i], name + namelen);
-
- /* Not found */
- return NULL;
-@@ -164,8 +166,6 @@ void init_paths(const char *prefix)
- g_free(base->name);
- g_free(base);
- base = NULL;
-- } else {
-- set_parents(base, base);
- }
- }
-
-@@ -177,5 +177,5 @@ const char *path(const char *name)
- if (!base || !name || name[0] != '/')
- return name;
-
-- return follow_path(base, name) ?: name;
-+ return follow_path(base, &base, name) ?: name;
- }
diff --git a/meta/recipes-devtools/qemu/qemu/qemu-2.5.0-cflags.patch b/meta/recipes-devtools/qemu/qemu/qemu-2.5.0-cflags.patch
deleted file mode 100644
index eb99d14639..0000000000
--- a/meta/recipes-devtools/qemu/qemu/qemu-2.5.0-cflags.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Pending
-
---- a/configure
-+++ b/configure
-@@ -4468,10 +4468,6 @@ fi
- if test "$gcov" = "yes" ; then
- CFLAGS="-fprofile-arcs -ftest-coverage -g $CFLAGS"
- LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
--elif test "$fortify_source" = "yes" ; then
-- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
--elif test "$debug" = "no"; then
-- CFLAGS="-O2 $CFLAGS"
- fi
-
- ##########################################
diff --git a/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch b/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch
deleted file mode 100644
index c7425ab8d4..0000000000
--- a/meta/recipes-devtools/qemu/qemu/qemu-enlarge-env-entry-size.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-qemu: Add addition environment space to boot loader qemu-system-mips
-
-Upstream-Status: Inappropriate - OE uses deep paths
-
-If you create a project with very long directory names like 128 characters
-deep and use NFS, the kernel arguments will be truncated. The kernel will
-accept longer strings such as 1024 bytes, but the qemu boot loader defaulted
-to only 256 bytes. This patch expands the limit.
-
-Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
-Signed-off-by: Roy Li <rongqing.li@windriver.com>
----
- hw/mips/mips_malta.c | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
-index 9d521cc..17c0391 100644
---- a/hw/mips/mips_malta.c
-+++ b/hw/mips/mips_malta.c
-@@ -53,7 +53,7 @@
-
- #define ENVP_ADDR 0x80002000l
- #define ENVP_NB_ENTRIES 16
--#define ENVP_ENTRY_SIZE 256
-+#define ENVP_ENTRY_SIZE 1024
-
- /* Hardware addresses */
- #define FLASH_ADDRESS 0x1e000000ULL
---
-1.7.10.4
-
diff --git a/meta/recipes-devtools/qemu/qemu/wacom.patch b/meta/recipes-devtools/qemu/qemu/wacom.patch
deleted file mode 100644
index cd06aa4ac6..0000000000
--- a/meta/recipes-devtools/qemu/qemu/wacom.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-The USB wacom device is missing a HID descriptor which causes it
-to fail to operate with recent kernels (e.g. 3.17).
-
-This patch adds a HID desriptor to the device, based upon one from
-real wcom device.
-
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-
-Upstream-Status: Submitted
-2014/11/27
-
-Index: qemu-2.1.0/hw/usb/dev-wacom.c
-===================================================================
---- qemu-2.1.0.orig/hw/usb/dev-wacom.c 2014-08-01 15:12:17.000000000 +0100
-+++ qemu-2.1.0/hw/usb/dev-wacom.c 2014-10-12 12:13:30.540306042 +0100
-@@ -68,6 +68,89 @@
- [STR_SERIALNUMBER] = "1",
- };
-
-+static const uint8_t qemu_tablet_hid_report_descriptor[] = {
-+ 0x05, 0x01, /* Usage Page (Generic Desktop) */
-+ 0x09, 0x02, /* Usage (Mouse) */
-+ 0xa1, 0x01, /* Collection (Application) */
-+ 0x85, 0x01, /* Report ID (1) */
-+ 0x09, 0x01, /* Usage (Pointer) */
-+ 0xa1, 0x00, /* Collection (Physical) */
-+ 0x05, 0x09, /* Usage Page (Button) */
-+ 0x19, 0x01, /* Usage Minimum (1) */
-+ 0x29, 0x05, /* Usage Maximum (5) */
-+ 0x15, 0x00, /* Logical Minimum (0) */
-+ 0x25, 0x01, /* Logical Maximum (1) */
-+ 0x95, 0x05, /* Report Count (5) */
-+ 0x75, 0x01, /* Report Size (1) */
-+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
-+ 0x95, 0x01, /* Report Count (1) */
-+ 0x75, 0x03, /* Report Size (3) */
-+ 0x81, 0x01, /* Input (Constant) */
-+ 0x05, 0x01, /* Usage Page (Generic Desktop) */
-+ 0x09, 0x30, /* Usage (X) */
-+ 0x09, 0x31, /* Usage (Y) */
-+ 0x15, 0x81, /* Logical Minimum (-127) */
-+ 0x25, 0x7f, /* Logical Maximum (127) */
-+ 0x75, 0x08, /* Report Size (8) */
-+ 0x95, 0x02, /* Report Count (2) */
-+ 0x81, 0x06, /* Input (Data, Variable, Relative) */
-+ 0xc0, /* End Collection */
-+ 0xc0, /* End Collection */
-+ 0x05, 0x0d, /* Usage Page (Digitizer) */
-+ 0x09, 0x01, /* Usage (Digitizer) */
-+ 0xa1, 0x01, /* Collection (Application) */
-+ 0x85, 0x02, /* Report ID (2) */
-+ 0xa1, 0x00, /* Collection (Physical) */
-+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
-+ 0x09, 0x01, /* Usage (Digitizer) */
-+ 0x15, 0x00, /* Logical Minimum (0) */
-+ 0x26, 0xff, 0x00, /* Logical Maximum (255) */
-+ 0x75, 0x08, /* Report Size (8) */
-+ 0x95, 0x08, /* Report Count (8) */
-+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
-+ 0xc0, /* End Collection */
-+ 0x09, 0x01, /* Usage (Digitizer) */
-+ 0x85, 0x02, /* Report ID (2) */
-+ 0x95, 0x01, /* Report Count (1) */
-+ 0xb1, 0x02, /* FEATURE (2) */
-+ 0xc0, /* End Collection */
-+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
-+ 0x09, 0x01, /* Usage (Digitizer) */
-+ 0xa1, 0x01, /* Collection (Application) */
-+ 0x85, 0x02, /* Report ID (2) */
-+ 0x05, 0x0d, /* Usage Page (Digitizer) */
-+ 0x09, 0x22, /* Usage (Finger) */
-+ 0xa1, 0x00, /* Collection (Physical) */
-+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
-+ 0x09, 0x01, /* Usage (Digitizer) */
-+ 0x15, 0x00, /* Logical Minimum (0) */
-+ 0x26, 0xff, 0x00, /* Logical Maximum */
-+ 0x75, 0x08, /* Report Size (8) */
-+ 0x95, 0x02, /* Report Count (2) */
-+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
-+ 0x05, 0x01, /* Usage Page (Generic Desktop) */
-+ 0x09, 0x30, /* Usage (X) */
-+ 0x35, 0x00, /* Physical Minimum */
-+ 0x46, 0xe0, 0x2e, /* Physical Maximum */
-+ 0x26, 0xe0, 0x01, /* Logical Maximum */
-+ 0x75, 0x10, /* Report Size (16) */
-+ 0x95, 0x01, /* Report Count (1) */
-+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
-+ 0x09, 0x31, /* Usage (Y) */
-+ 0x46, 0x40, 0x1f, /* Physical Maximum */
-+ 0x26, 0x40, 0x01, /* Logical Maximum */
-+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
-+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
-+ 0x09, 0x01, /* Usage (Digitizer) */
-+ 0x26, 0xff, 0x00, /* Logical Maximum */
-+ 0x75, 0x08, /* Report Size (8) */
-+ 0x95, 0x0d, /* Report Count (13) */
-+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
-+ 0xc0, /* End Collection */
-+ 0xc0, /* End Collection */
-+};
-+
-+
- static const USBDescIface desc_iface_wacom = {
- .bInterfaceNumber = 0,
- .bNumEndpoints = 1,
-@@ -85,7 +168,7 @@
- 0x00, /* u8 country_code */
- 0x01, /* u8 num_descriptors */
- 0x22, /* u8 type: Report */
-- 0x6e, 0, /* u16 len */
-+ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */
- },
- },
- },
-@@ -265,6 +350,15 @@
- }
-
- switch (request) {
-+ case InterfaceRequest | USB_REQ_GET_DESCRIPTOR:
-+ switch (value >> 8) {
-+ case 0x22:
-+ memcpy(data, qemu_tablet_hid_report_descriptor,
-+ sizeof(qemu_tablet_hid_report_descriptor));
-+ p->actual_length = sizeof(qemu_tablet_hid_report_descriptor);
-+ break;
-+ }
-+ break;
- case WACOM_SET_REPORT:
- if (s->mouse_grabbed) {
- qemu_remove_mouse_event_handler(s->eh_entry);
diff --git a/meta/recipes-devtools/qemu/qemu_2.11.1.bb b/meta/recipes-devtools/qemu/qemu_2.11.1.bb
index ab82c5fe56..2314262d7a 100644
--- a/meta/recipes-devtools/qemu/qemu_2.11.1.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.11.1.bb
@@ -9,27 +9,26 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
SRC_URI = "http://wiki.qemu-project.org/download/${BP}.tar.bz2 \
file://powerpc_rom.bin \
- file://disable-grabs.patch \
- file://wacom.patch \
- file://add-ptest-in-makefile-v10.patch \
+ file://0001-sdl.c-allow-user-to-disable-pointer-grabs.patch \
+ file://0002-qemu-Add-missing-wacom-HID-descriptor.patch \
+ file://0003-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
file://run-ptest \
- file://qemu-enlarge-env-entry-size.patch \
- file://no-valgrind.patch \
- file://pathlimit.patch \
- file://qemu-2.5.0-cflags.patch \
- file://chardev-connect-socket-to-a-spawned-command.patch \
- file://apic-fixup-fallthrough-to-PIC.patch \
- file://linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
- file://memfd.patch \
- file://0001-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch \
- file://check-PS2Queue-pointers-in-post_load-routine.patch \
+ file://0004-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
+ file://0005-qemu-disable-Valgrind.patch \
+ file://0006-qemu-Limit-paths-searched-during-user-mode-emulation.patch \
+ file://0007-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
+ file://0008-chardev-connect-socket-to-a-spawned-command.patch \
+ file://0009-apic-fixup-fallthrough-to-PIC.patch \
+ file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
+ file://0011-memfd-fix-configure-test.patch \
+ file://0012-arm-translate-a64-treat-DISAS_UPDATE-as-variant-of-D.patch \
+ file://0013-ps2-check-PS2Queue-pointers-in-post_load-routine.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+\..*)\.tar"
-
SRC_URI_append_class-native = " \
- file://fix-libcap-header-issue-on-some-distro.patch \
- file://cpus.c-qemu_cpu_kick_thread_debugging.patch \
+ file://0014-fix-libcap-header-issue-on-some-distro.patch \
+ file://0015-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \
"
SRC_URI[md5sum] = "61cf862b6007eba4ac98247776af2e27"
--
cgit v1.2.3