From a5d2ec2d8e1c509727234ef518333fce64ed57e2 Mon Sep 17 00:00:00 2001 From: zhanghailiang Date: Sat, 20 Jun 2020 15:25:58 +0800 Subject: [PATCH 1/3] patch: fix patch format problem which can lead git am failed Signed-off-by: zhanghailiang --- ...ose-host-CPU-frequency-info-to-guest.patch | 27 ++++++++++--------- ...os-tables-test-disable-this-testcase.patch | 6 ++--- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/hw-arm-expose-host-CPU-frequency-info-to-guest.patch b/hw-arm-expose-host-CPU-frequency-info-to-guest.patch index 17c4eb39..f0093812 100644 --- a/hw-arm-expose-host-CPU-frequency-info-to-guest.patch +++ b/hw-arm-expose-host-CPU-frequency-info-to-guest.patch @@ -54,7 +54,7 @@ index 9bb2101e..1a720c38 100644 common-obj-$(CONFIG_ACPI_PCI) += pci.o common-obj-$(CONFIG_TPM) += tpm.o +common-obj-$(CONFIG_CPUFREQ) += cpufreq.o - + common-obj-$(CONFIG_IPMI) += ipmi.o common-obj-$(call lnot,$(CONFIG_IPMI)) += ipmi-stub.o diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c @@ -64,7 +64,7 @@ index 555c24f2..73f97751 100644 @@ -1369,6 +1369,28 @@ Aml *aml_sleep(uint64_t msec) return var; } - + +/* ACPI 5.0b: 6.4.3.7 Generic Register Descriptor */ +Aml *aml_generic_register(AmlRegionSpace rs, uint8_t reg_width, + uint8_t reg_offset, AmlAccessType type, uint64_t addr) @@ -392,10 +392,10 @@ index 0afb3727..29494ebd 100644 #include "sysemu/numa.h" #include "kvm_arm.h" +#include "hw/acpi/acpi-defs.h" - + #define ARM_SPI_BASE 32 #define ACPI_POWER_BUTTON_DEVICE "PWRB" - + -static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus) +static void acpi_dsdt_add_psd(Aml *dev, int cpus) +{ @@ -461,7 +461,7 @@ index 0afb3727..29494ebd 100644 + const MemMapEntry *cppc_memmap) { uint16_t i; - + @@ -57,6 +119,18 @@ static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus) Aml *dev = aml_device("C%.03X", i); aml_append(dev, aml_name_decl("_HID", aml_string("ACPI0007"))); @@ -505,7 +505,7 @@ index d9496c93..0fa355ba 100644 @@ -731,6 +732,16 @@ static void create_uart(const VirtMachineState *vms, qemu_irq *pic, int uart, g_free(nodename); } - + +static void create_cpufreq(const VirtMachineState *vms, MemoryRegion *mem) +{ + hwaddr base = vms->memmap[VIRT_CPUFREQ].base; @@ -520,9 +520,9 @@ index d9496c93..0fa355ba 100644 { char *nodename; @@ -1682,6 +1693,8 @@ static void machvirt_init(MachineState *machine) - + create_uart(vms, pic, VIRT_UART, sysmem, serial_hd(0)); - + + create_cpufreq(vms, sysmem); + if (vms->secure) { @@ -533,7 +533,7 @@ index 40e7a8b8..2f61bf53 100644 --- a/hw/char/Kconfig +++ b/hw/char/Kconfig @@ -46,3 +46,7 @@ config SCLPCONSOLE - + config TERMINAL3270 bool + @@ -547,7 +547,7 @@ index 57a3f58b..39ae91d3 100644 @@ -634,4 +634,42 @@ struct AcpiIortRC { } QEMU_PACKED; typedef struct AcpiIortRC AcpiIortRC; - + +/* + * CPPC register definition from kernel header + * include/acpi/cppc_acpi.h @@ -598,7 +598,7 @@ index 1a563ad7..375335ab 100644 +Aml *aml_generic_register(AmlRegionSpace rs, uint8_t reg_width, + uint8_t reg_offset, AmlAccessType type, + uint64_t addr); - + /* Block AML object primitives */ Aml *aml_scope(const char *name_format, ...) GCC_FMT_ATTR(1, 2); diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h @@ -613,5 +613,6 @@ index a7209420..43a6ce91 100644 VIRT_MMIO, VIRT_RTC, VIRT_FW_CFG, --- -2.19.1 +-- +2.23.0 + diff --git a/tests-bios-tables-test-disable-this-testcase.patch b/tests-bios-tables-test-disable-this-testcase.patch index 2e57c6fa..993fee93 100644 --- a/tests-bios-tables-test-disable-this-testcase.patch +++ b/tests-bios-tables-test-disable-this-testcase.patch @@ -33,7 +33,7 @@ index fd7fdb86..d8cf00c1 100644 -check-qtest-aarch64-y += tests/bios-tables-test$(EXESUF) +#check-qtest-aarch64-y += tests/bios-tables-test$(EXESUF) endif - + check-qtest-microblazeel-y += $(check-qtest-microblaze-y) @@ -783,7 +783,7 @@ tests/ipmi-bt-test$(EXESUF): tests/ipmi-bt-test.o tests/hd-geo-test$(EXESUF): tests/hd-geo-test.o @@ -41,8 +41,8 @@ index fd7fdb86..d8cf00c1 100644 tests/boot-serial-test$(EXESUF): tests/boot-serial-test.o $(libqos-obj-y) -tests/bios-tables-test$(EXESUF): tests/bios-tables-test.o \ +#tests/bios-tables-test$(EXESUF): tests/bios-tables-test.o \ - tests/boot-sector.o tests/acpi-utils.o $(libqos-obj-y) + tests/boot-sector.o tests/acpi-utils.o $(libqos-obj-y) tests/pxe-test$(EXESUF): tests/pxe-test.o tests/boot-sector.o $(libqos-obj-y) tests/microbit-test$(EXESUF): tests/microbit-test.o --- +-- 2.23.0 -- Gitee From f261f58550fc7ddbf4764bbd36cb3e4f1764be12 Mon Sep 17 00:00:00 2001 From: zhanghailiang Date: Sat, 20 Jun 2020 15:27:07 +0800 Subject: [PATCH 2/3] target/arm: Fix PAuth sbox functions Fix CVE-2020-10702 bug Signed-off-by: zhanghailiang --- target-arm-Fix-PAuth-sbox-functions.patch | 49 +++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 target-arm-Fix-PAuth-sbox-functions.patch diff --git a/target-arm-Fix-PAuth-sbox-functions.patch b/target-arm-Fix-PAuth-sbox-functions.patch new file mode 100644 index 00000000..ac8d0506 --- /dev/null +++ b/target-arm-Fix-PAuth-sbox-functions.patch @@ -0,0 +1,49 @@ +From a7149fc18020c3d432c31838069dcfcb745299bf Mon Sep 17 00:00:00 2001 +From: zhanghailiang +Date: Sat, 20 Jun 2020 12:01:30 +0800 +Subject: [PATCH] target/arm: Fix PAuth sbox functions + +In the PAC computation, sbox was applied over wrong bits. +As this is a 4-bit sbox, bit index should be incremented by 4 instead of 16. + +Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf) was +used to verify one computation of the pauth_computepac() function which +uses sbox2. + +Launchpad: https://bugs.launchpad.net/bugs/1859713 +Reviewed-by: Richard Henderson +Signed-off-by: Vincent DEHORS +Signed-off-by: Adrien GRASSEIN +Message-id: 20200116230809.19078-2-richard.henderson@linaro.org +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +Signed-off-by: zhanghailiang +--- + target/arm/pauth_helper.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c +index d3194f20..0a5f41e1 100644 +--- a/target/arm/pauth_helper.c ++++ b/target/arm/pauth_helper.c +@@ -89,7 +89,7 @@ static uint64_t pac_sub(uint64_t i) + uint64_t o = 0; + int b; + +- for (b = 0; b < 64; b += 16) { ++ for (b = 0; b < 64; b += 4) { + o |= (uint64_t)sub[(i >> b) & 0xf] << b; + } + return o; +@@ -104,7 +104,7 @@ static uint64_t pac_inv_sub(uint64_t i) + uint64_t o = 0; + int b; + +- for (b = 0; b < 64; b += 16) { ++ for (b = 0; b < 64; b += 4) { + o |= (uint64_t)inv_sub[(i >> b) & 0xf] << b; + } + return o; +-- +2.23.0 + -- Gitee From 6855f47eb2c06737b0e5f71af4605cc84387edf2 Mon Sep 17 00:00:00 2001 From: zhanghailiang Date: Sat, 20 Jun 2020 15:39:31 +0800 Subject: [PATCH 3/3] spec: increase release number Signed-off-by: zhanghailiang --- qemu.spec | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/qemu.spec b/qemu.spec index 579f5c2b..97165d8c 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,6 +1,6 @@ Name: qemu Version: 4.1.0 -Release: 13 +Release: 14 Epoch: 2 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY @@ -174,6 +174,7 @@ Patch0161: hw-arm-virt-add-missing-compat-for-kvm-no-adjvtime.patch Patch0162: migration-Compat-virtual-timer-adjust-for-v4.0.1-and.patch Patch0163: vtimer-Drop-vtimer-virtual-timer-adjust.patch Patch0164: target-arm-Add-the-kvm_adjvtime-vcpu-property-for-Co.patch +Patch0165: target-arm-Fix-PAuth-sbox-functions.patch BuildRequires: flex BuildRequires: bison @@ -519,7 +520,11 @@ getent passwd qemu >/dev/null || \ %endif %changelog -* Fri May 29 Huawei Technologies Co., Ltd +* Sat Jun 20 2020 Huawei Technologies Co., Ltd +- target/arm: Fix PAuth sbox functions +- fix two patches' format which can cause git am failed + +* Fri May 29 2020 Huawei Technologies Co., Ltd - target/arm: Add the kvm_adjvtime vcpu property for Cortex-A72 * Wed May 27 2020 Huawei Technologies Co., Ltd. -- Gitee