./emulators/qemu, CPU emulator using dynamic translation

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version:, Package name: qemu-, Maintainer: pkgsrc-users

QEMU is a FAST! processor emulator using dynamic translation to achieve
good emulation speed, QEMU has two operating modes:

* Full system emulation. In this mode, QEMU emulates a full system
(for example a PC), including a processor and various peripherals.
It can be used to launch different Operating Systems without rebooting
the PC or to debug system code.
* User mode emulation (Linux host only). In this mode, QEMU can launch
Linux processes compiled for one CPU on another CPU. It can be used
to launch the Wine Windows API emulator or to ease cross-compilation
and cross-debugging.

Required to run:
[devel/glib2] [devel/SDL] [devel/ncurses] [x11/pixman] [lang/python27]

Required to build:
[textproc/texi2html] [pkgtools/x11-links] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/fixesproto4]

Package options: sdl

Master sites:

SHA1: 10701fb6fbb44646b2f655c6ab097cf7a04b2b52
RMD160: 203d22967bc29de0767c07cbc87a74df09a20d4b
Filesize: 24481.011 KB

Version history: (Expand)

CVS history: (Expand)

   2015-09-25 16:57:59 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to

* net: avoid infinite loop when receiving packets(CVE-2015-5278)

Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 737d2b3c41d59eb8f94ab7eb419b957938f24943)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

* net: add checks to validate ring buffer pointers(CVE-2015-5279)

Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, which could lead to a
memory buffer overflow. Added other checks at initialisation.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 9bbdbc66e5765068dce76e9269dce4547afd8ad4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

* e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815)

While processing transmit descriptors, it could lead to an infinite
loop if 'bytes' was to become zero; Add a check to avoid it.

[The guest can force 'bytes' to 0 by setting the hdr_len and mss
descriptor fields to 0.

Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1441383666-6590-1-git-send-email-stefanha@redhat.com
(cherry picked from commit b947ac2bf26479e710489739c465c8af336599e7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

* vnc: fix memory corruption (CVE-2015-5225)

The _cmp_bytes variable added by commit "bea60dd ui/vnc: fix potential
memory corruption issues" can become negative.  Result is (possibly
exploitable) memory corruption.  Reason for that is it uses the stride
instead of bytes per scanline to apply limits.

For the server surface is is actually fine.  vnc creates that itself,
there is never any padding and thus scanline length always equals stride.

For the guest surface scanline length and stride are typically identical
too, but it doesn't has to be that way.  So add and use a new variable
(guest_ll) for the guest scanline length.  Also rename min_stride to
line_bytes to make more clear what it actually is.  Finally sprinkle
in an assert() to make sure we never use a negative _cmp_bytes again.

Reported-by: 范祚至(库特) <zuozhi.fzz@alibaba-inc.com>
Reviewed-by: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit eb8934b0418b3b1d125edddc4fc334a54334a49b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
   2015-08-18 09:31:20 by Thomas Klausner | Files touched by this commit (282)
Log message:
Bump all packages that depend on curses.bui* or terminfo.bui* since they
might incur ncurses dependencies on some platforms, and ncurses just bumped
its shlib.
Some packages were bumped twice now, sorry for that.
   2015-08-17 19:11:32 by Thomas Klausner | Files touched by this commit (178) | Package updated
Log message:
Bump PKGREVISION for ncurses shlib bump.
   2015-08-12 08:55:59 by Ryo ONODERA | Files touched by this commit (6) | Package updated
Log message:
Update to 2.4.0

# System emulation

## Incompatible changes
* The handling of the floppy device controller is different between <2.4 and \ 
>=2.4 machine types that use the Q35 chipset (e.g. "-M pc-q35-2.3" \ 
vs. "-M pc-q35-2.4"). This can cause problems if you are defining \ 
floppy drives with command-line options such as "-global isa-fdc.driveA=id.
* The ARM 'virt' board default interface type has changed from IDE to virtio. \ 
This means that some incorrect command lines that we previously silently \ 
accepted will now fail with an error message like "qemu-system-arm: -drive \ 
file=img.qcow2,id=foo: Drive 'foo' is already in use because it has been \ 
automatically connected to another device (did you need 'if=none' in the drive \ 
options?)". As the error message suggests, you should add \ 
"if=none" to the -drive option to fix this.

## Future incompatible changes
* Three options are using different names on the command line and in \ 
configuration file. In particular:
** The "acpi" configuration file section matches command-line option \ 
** The "boot-opts" configuration file section matches command-line \ 
option "boot";
** The "smp-opts" configuration file section matches command-line \ 
option "smp".
-readconfig will standardize on the name for the command line option.

* Behavior of automatic calculation of SMP topology when some SMP topology \ 
options for -smp are omitted (sockets, cores, threads) will change in the \ 
future. If guest ABI needs to be preserved on upgrades while using the SMP \ 
topology options, users should either set set all options explicitly (sockets, \ 
cores, threads), or omit all of them.
* Image encryption is fatally flawed, and will be dropped entirely. It'll remain \ 
available only in qemu-img, so you can use 'qemu-img convert' to convert \ 
encrypted images to uncrypted ones.
* Host floppy device pass-through (block driver "host_floppy") is \ 
deprecated, and will be dropped in a future release.
* Block device parameter aio=native has no effect without cache.direct=on. It \ 
will be made an error.
* A few devices will be configured with explicit properties instead of \ 
implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
* QMP command blockdev-add is still a work in progress. It doesn't support all \ 
block drivers, it lacks a matching blockdev-del, and more. It might change \ 
* The configure option --disable-guest-base is unneeded and will be removed in a \ 
future release.

## Alpha
* Major fixes to the implementation of floating point exceptions.

## ARM
* New board model xlnx-ep108
* Support for ACPI v5.1 tables in the "-M virt" board.
* Support for instantiation sysbus devices from the command line (using \ 
"-device") in the "-M virt" board.
* Emulation of the stream ID for MSI writes, for use in GICv3.
* The "virt" board default drive type is now virtio; this means that \ 
drives created with if=virtio or with no if= specification will be created as \ 
drives plugged into a virtio-blk-pci device. Short form options like -hda will \ 
also create this kind of drive. (Note that at time of writing Linux only \ 
supports the virt board's PCI controller for 32-bit ARM kernels; support has not \ 
yet made it into the 64-bit kernels. So 64-bit guests will need to continue \ 
using long command lines and virtio-mmio for now.) Unfortunately this means that \ 
some old command lines will need to change -- see the "incompatible \ 
changes" section above for details.

* More accurate emulation of the dp8393x network card and RC4030 DMA/IOMMU \ 
* Support for microMIPS32 R6 emulation (enabled in new "-cpu \ 
* Support for unaligned R6 and MSA memory accesses in TCG
* Support for XPA in MIPS32 and LPA in MIPS64 (eXtended and Large Physical \ 
Addressing) emulation
* Support for MIPS UHI semihosting

## PowerPC
* The default RAM size for the pseries machine is 512 MB.
* Support of PCI device hotplug on SPAPR (pSeries).

## s390
* Channel I/O is now available when running with TCG. Thus, the default machine \ 
for qemu-system-s390x is now s390-ccw.
* Several other fixes for TCG (emulation) mode.
* Extended name and UUID in STSI 3.2.2 information block
* Support for reading/writing guest memory while holding the IPTE lock under \ 
KVM, including access register mode
* Various cleanups in the s390-virtio and virtio-ccw transports
* Support for diag288 watchdog (KVM only).
* Support for vector registers
* Add virtio-1 specific ccws to virtio-ccw (SET_REV and v1 version of SET_VQ)
** Revision 1 (and therefore virtio 1.0) is not yet enabled, however.
* The s390-ccw-virtio machine is now versioned; the first versioned machine is \ 
** The s390-ccw alias has been removed

## SH
* Optimizations to code generated by TCG.

* Fix SunOS 4.1.4 boot on sun4m with OpenBIOS

## x86
* Improvements to system management mode emulation, including support for high \ 
SMRAM and TSEG on machines using the Q35 chipset.
* q35 machine types starting with pc-q35-2.4.0 do not have a floppy disk \ 
controller. It will be created if you use "-drive if=floppy", \ 
"-fda" or "-fdb" to add a floppy disk drive, or it can be \ 
created if necessary with "-device isa-fdc".
* q35 now implements the TCO watchdog. Unlike real hardware, the watchdog is \ 
disabled when the virtual machine boot, so as to let existing firmware run with \ 
new QEMU. This may change in the future, but the change would be restricted to \ 
new machine types.

## KVM
* Support for MMIO operations outside the "big QEMU lock". For now, \ 
this only applies to the ACPI PM timer, which can alone improve performance \ 
substantially for very large Windows guests as long as they do not span multiple \ 
NUMA nodes in the host. For guests that span multiple NUMA nodes more kernel \ 
changes are required.
* Support for system management mode (requires Linux 4.1).
* When running under KVM, CPUID information includes the ARAT ("Always \ 
running APIC timer") bit

# Device emulation and assignment
* Support for memory hot-unplug.
* S3/S4 states can be disabled for boards using the Q35 machine type via \ 
"-global ICH9_LPC.disable_s3=on" and"-global \ 

## Block devices
* Minimal support in NVMe emulation for the NVME_VOLATILE_WRITE_CACHE feature.
* The infamous floppy device controller is not added to Q35 boards if not \ 
explicitly requested and no floppy drives are specified with "-drive \ 
* I/O throttling now supports "groups" so multiple disks can use share \ 
a budget (use -drive groups=<name>)
* Performance of the parallels image format block driver has been improved

## Character devices
* Improved support for flow control in virtio-serial.

## IDE
* Fix macio CDROM detection for PPC
* Fix macio data corruption bug under Darwin/OS X PPC
* AHCI support rerror=stop and werror=stop.

## Mouse/keyboard
* Support for virtio-keyboard, virtio-mouse, virtio-tablet.

## Network
* Support for the "rocker" L2 switch device.

* scsi-generic now supports migration.

* Support for extra PCI root buses using PCI expander bridge devices. Unlike \ 
PCI-PCI bridges, a PCI expander bridge's bus can be associated with a NUMA node, \ 
allowing the guest OS to recognize the proximity of a device to RAM and CPUs.

## TPM
* Support for TPM 2

* Support for resetting AMD Bonaire and Hawaii GPUs
* Platform device passthrough support for Calxeda xgmac devices

## virtio
* Support for up to 1024 queues.
* Support for ioeventfd in virtio-mmio.
* FIXME: virtio 1
* New virtio-gpu device (only supports accelerated 2D for now)
* New virtio-input-host, virtio-keyboard, virtio-mouse and virtio-tablet devices \ 
(and corresponding virtio-*-pci devices for use on a PCI bus).
* Support for cross-endian vhost (i.e. little-endian host and big-endian guest, \ 
or vice versa).
* vhost can now be enabled even if MSI-X is not
* virtio-balloon can tell the guest that it should deflate the balloon on OOM \ 

## VGA
* Support for virtio-vga, a VGA device that also supports the virtio-gpu interface.

## Character devices
* Improved support for flow control in spice-char.

## GUI
* Support for OpenGL-based display rendering in the SDL2 and GTK+ backend. This \ 
is preparatory work for 3D acceleration.
* Improvements to the Cocoa front-end, fixing full-screen mode and adding a list \ 
of consoles to the View menu.
* The two extra keys in Brazilian 107-key keyboards are now usable.

## Monitor
* qmp: New MIGRATION event to communicate change in the migration state

## Migration
* Support for compression of RAM data using multiple threads for compression and \ 
decompression (using migration capability "compress" and migration \ 
parameters "compress_threads", "compress_level" and \ 

## Network
* Support for multi-queue vhost-user backends.

## Block devices in system emulation
* The BLOCK_IMAGE_CORRUPTED event has a new "node-name" field.
* FIXME: Throttle groups
* Block device mirroring supports concurrent unmap (aka discard or trim) \ 
operations on the source device and can create a thin-provisioned image in this \ 
* Block device mirroring can use discard or "write zero" operations to \ 
speed up copying of large zero regions.
* FIXME: incremental backup?

## Command-line options
* A longhand version of -global (-global driver=DRIVER,property=PROP,value=VAL) \ 
is introduced, to set properties globally for devices that have a period in \ 
their name. The older syntax -global DRIVER.PROP=VAL did not allow this.
* New option -fw_cfg to pass arbitrary binary data to the guest.

## TCG
* New command line option "-icount sleep=no". The option will run \ 
emulation at the maximum possible speed: every time the CPU would go to sleep, \ 
the virtual clock will move to the next timer deadline. For virtual machines \ 
that have no other sources of non-determinism (e.g. asynchronous block I/O, \ 
character devices or user input) this will also make execution deterministic.

# Block devices and tools
* The "null" block device now has a new "latency-ns" option \ 
to delay the answer from the block device.
* The iscsi driver can use the target's FUA capabilities to greatly improve \ 
roundtrip times in write-through caching modes (cache.writeback=off). These \ 
modes are recommended when the storage has a non-volatile (battery-backed) \ 
* Parallels format driver now supports image creation and write to the image. \ 
Performance is significantly improved.
* qcow2 performance improvements.
* qemu-io supports encrypted qcow2 images (which are deprecated).

# Audio
* Obsolete audio backends have been removed: esd (superseded by pulseaudio), \ 
winwave (superseded by dsound), fmod (not compatible with the GPL)

# Guest agent
* Support for building a .msi file with the Windows version of the guest agent \ 
("make msi"). This requires msitools.
* qemu-ga implements guest-get-fsinfo and guest-network-get-interfaces on Windows too

# User-mode emulation
* The default CPU for qemu-sh4 and qemu-sh4eb is the sh7785.

# Build dependencies
* QEMU now requires a minimum glib version of 2.22. (In particular, we will no \ 
longer build on a stock RHEL5 or Centos 5 system.)
* QEMU can now optionally be linked against tcmalloc.
* QEMU now compiles using clang 3.5 without warnings, which includes disabling \ 
GCC features not supported by clang.
* QEMU now compiles with ICC.
* libepoxy is required to compile QEMU with OpenGL support.
* Building on Mac OS X versions earlier than 10.5 is no longer supported.
* Sound on Windows now requires DirectSound (the old 'winwave' default audio \ 
backend has been dropped).

# Known issues
* SDL audio only works with SDL 1.x.
* Problems with QEMU for Windows and builds from newer versions of MinGW-w64, \ 
see this thread on qemu-devel (this is not a regression, other versions are also \ 
** Crash of 64-bit QEMU (Fix)
** Broken networking (Fix)
* Incomplete translations for GTK user interface
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
   2015-06-10 22:40:11 by Ryo ONODERA | Files touched by this commit (2)
Log message:
Remove tricore usermode.
According to linux-user directory, tricore usermode is not provided.
May fix PR pkg/49808.
   2015-05-16 05:19:54 by Pierre Pronchery | Files touched by this commit (3)
Log message:
Add patch for CVE-2015-3456.

fdc: force the fifo access to be in bounds of the allocated buffer

During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.

Fix this by making sure that the index is always bounded by the
allocated memory.

XXX pull-up where applicable
   2015-04-29 22:30:53 by Ryo ONODERA | Files touched by this commit (4) | Package updated
Log message:
Update to 2.3.0

 * Support for 32-bit KVM guests on 64-bit ARM hosts
 * Support for running KVM under valgrind
 * New IvyBridge CPU model for x86 guests
 * Xen: support for ioreq-server API
 * New 5KEc and 5KEf MIPS64r2, and M14K and M14Kc MIPS32r2
   microMIPS CPU models for MIPS guests
 * Basic support for transactional memory extentions in PowerPC guests
 * Improved VGA support for little-endian PPC/pSeries guests
 * PCI bus support for s390x guests
 * Support for automatic guest device unplug when passthrough devices
   are unbound from VFIO host driver
 * Improved UI performance/support for GTK+/VNC/SDL/Spice, and VNC
   support for multiseat
 * Performance improvements for virtio-blk emulation: asynchronous SCSI
   request handling, and disk read merging.
 * QEMU Guest Agent: now also supports file operations in Windows guests,
   can be used to enable/disable memory blocks in linux guests in
   support for memory hotplug.
 * Migration can now include a JSON description of migration stream to aid
   in identifying incompatibilities betweens guests/hosts.
 * And lots more...