This patch breaks the qemu build: https://errors.yoctoproject.org/Errors/Details/677989/
TLDR: TOPDIR/tmp/work/i686-nativesdk-pokysdk-linux/nativesdk-qemu/4.2.0-r0/recipe-sysroot-native/usr/bin/i686-pokysdk-linux/../../libexec/i686-pokysdk-linux/gcc/i686-pokysdk-linux/9.5.0/ld: ../hw/block/fdc.o: in function `get_cur_drv': /usr/src/debug/nativesdk-qemu/4.2.0-r0/qemu-4.2.0/hw/block/fdc.c:1369: undefined reference to `blk_create_empty_drive' collect2: error: ld returned 1 exit status Steve On Thu, Nov 17, 2022 at 2:21 AM vkumbhar <[email protected]> wrote: > > From: Vivek Kumbhar <[email protected]> > > Upstream-Status: Backport > [https://gitlab.com/qemu-project/qemu/-/commit/1ab95af033a419e7a64e2d58e67dd96b20af5233] > > Signed-off-by: Vivek Kumbhar <[email protected]> > --- > meta/recipes-devtools/qemu/qemu.inc | 1 + > .../qemu/qemu/CVE-2021-20196.patch | 50 +++++++++++++++++++ > 2 files changed, 51 insertions(+) > create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-20196.patch > > diff --git a/meta/recipes-devtools/qemu/qemu.inc > b/meta/recipes-devtools/qemu/qemu.inc > index 28caefef07..e601cee890 100644 > --- a/meta/recipes-devtools/qemu/qemu.inc > +++ b/meta/recipes-devtools/qemu/qemu.inc > @@ -112,6 +112,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ > file://CVE-2022-0216-1.patch \ > file://CVE-2022-0216-2.patch \ > file://CVE-2021-3750.patch \ > + file://CVE-2021-20196.patch \ > " > UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" > > diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-20196.patch > b/meta/recipes-devtools/qemu/qemu/CVE-2021-20196.patch > new file mode 100644 > index 0000000000..3d65c1b2f1 > --- /dev/null > +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-20196.patch > @@ -0,0 +1,50 @@ > +From b983146dcebd7dee9a727f3b83ad86361ef58637 Mon Sep 17 00:00:00 2001 > +From: Vivek Kumbhar <[email protected]> > +Date: Thu, 17 Nov 2022 17:37:08 +0530 > +Subject: [PATCH] CVE-2021-20196 > + > +Upstream-Status: > https://gitlab.com/qemu-project/qemu/-/commit/1ab95af033a419e7a64e2d58e67dd96b20af5233 > +CVE: CVE-2021-20196 > +Signed-off-by: Vivek Kumbhar <[email protected]> > + > +hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 > + > +Guest might select another drive on the bus by setting the > +DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR). > +The current controller model doesn't expect a BlockBackend > +to be NULL. A simple way to fix CVE-2021-20196 is to create > +an empty BlockBackend when it is missing. All further > +accesses will be safely handled, and the controller state > +machines keep behaving correctly. > +--- > + hw/block/fdc.c | 14 +++++++++++++- > + 1 file changed, 13 insertions(+), 1 deletion(-) > + > +diff --git a/hw/block/fdc.c b/hw/block/fdc.c > +index ac5d31e8..a887369c 100644 > +--- a/hw/block/fdc.c > ++++ b/hw/block/fdc.c > +@@ -1356,7 +1356,19 @@ static FDrive *get_drv(FDCtrl *fdctrl, int unit) > + > + static FDrive *get_cur_drv(FDCtrl *fdctrl) > + { > +- return get_drv(fdctrl, fdctrl->cur_drv); > ++ FDrive *cur_drv = get_drv(fdctrl, fdctrl->cur_drv); > ++ > ++ if (!cur_drv->blk) { > ++ /* > ++ * Kludge: empty drive line selected. Create an anonymous > ++ * BlockBackend to avoid NULL deref with various BlockBackend > ++ * API calls within this model (CVE-2021-20196). > ++ * Due to the controller QOM model limitations, we don't > ++ * attach the created to the controller device. > ++ */ > ++ cur_drv->blk = blk_create_empty_drive(); > ++ } > ++ return cur_drv; > + } > + > + /* Status A register : 0x00 (read-only) */ > +-- > +2.25.1 > + > -- > 2.25.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173446): https://lists.openembedded.org/g/openembedded-core/message/173446 Mute This Topic: https://lists.openembedded.org/mt/95088297/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
