-
Notifications
You must be signed in to change notification settings - Fork 71
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #93 from crazy-max/qemu-v7.0.0
update qemu version to v7.0.0
- Loading branch information
Showing
9 changed files
with
554 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,8 @@ | ||
| 6.2.50,HEAD,CVE-2021-20196;CVE-2021-20263 | ||
| 6.1.90,742ae5da337deafbdff7976bd15cd050f9c28550,CVE-2021-20196;CVE-2021-20263 | ||
| 6.0.90,5e4ebee7797d3dc39464857886ea239ad4264ce0 | ||
| 5.2.90,da528ad1889bfc924189993463b4ee757d5514b6 | ||
| 5.1.90,29d5522ca4787e49f9c2e69c73f926433606d056 | ||
| 5.0.90,8d80ff4f0f066b5f6a2d02cf2691a0a6e5cc3481 | ||
| 7.0.50,5adbe4930461bef37687ee064aa82533a1bdf3c9 | ||
| 6.2.50,de650f84b869534b65356e97d4d469cea6fa6117,CVE-2021-20196;CVE-2021-20263 | ||
| 6.1.90,21734cf62bd20af5647d0179dfe867a1deb3a8d6,CVE-2021-20196;CVE-2021-20263 | ||
| 6.0.90,1ca04b35692f1b9b68ac623d65a4990f876bafe9 | ||
| 5.2.90,75a54675dc421cadfb9c2fbb567dc2b335e0a50e | ||
| 5.1.90,8ffc0fe905f21e472724f58b101d61271a6571ff | ||
| 5.0.90,87ee9a5a8a925d4d9e566a9829231781f80ebcc5 | ||
| 0.0.0,f238bdae4d755f6e7ab6ce0b9a2a71dc833eb106 |
88 changes: 88 additions & 0 deletions
88
...ildkit-direct-execve-v7.0/0001-linux-user-have-execve-call-qemu-via-proc-self-exe-t.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| From 4d6248d103cf749ab5a624903929d5d31754e09a Mon Sep 17 00:00:00 2001 | ||
| From: Tibor Vass <[email protected]> | ||
| Date: Mon, 1 Jun 2020 23:08:25 +0000 | ||
| Subject: [PATCH] linux-user: have execve call qemu via /proc/self/exe to not | ||
| rely on binfmt_misc | ||
|
|
||
| It is assumed that when a guest program calls execve syscall it wants to | ||
| execute a program on the same guest architecture and not the host architecture. | ||
|
|
||
| Previously, such a guest program would have execve syscall error out with: | ||
| "exec format error". | ||
|
|
||
| A common solution is to register the qemu binary in binfmt_misc but that is not a | ||
| userland-friendly solution, requiring to modify kernel state. | ||
|
|
||
| This patch injects /proc/self/exe as the first parameter and the qemu program name | ||
| as argv[0] to execve. | ||
|
|
||
| Signed-off-by: Tibor Vass <[email protected]> | ||
| --- | ||
| linux-user/syscall.c | 35 ++++++++++++++++++++++++++++++----- | ||
| 1 file changed, 30 insertions(+), 5 deletions(-) | ||
|
|
||
| diff --git a/linux-user/syscall.c b/linux-user/syscall.c | ||
| index f65045efe6..73054926a0 100644 | ||
| --- a/linux-user/syscall.c | ||
| +++ b/linux-user/syscall.c | ||
| @@ -8776,10 +8776,37 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, | ||
| envc++; | ||
| } | ||
|
|
||
| - argp = g_new0(char *, argc + 1); | ||
| + argp = g_new0(char *, argc + 4); | ||
| envp = g_new0(char *, envc + 1); | ||
|
|
||
| - for (gp = guest_argp, q = argp; gp; | ||
| + if (!(p = lock_user_string(arg1))) | ||
| + goto execve_efault; | ||
| + | ||
| + /* if pathname is /proc/self/exe then retrieve the path passed to qemu via command line */ | ||
| + if (is_proc_myself(p, "exe")) { | ||
| + CPUState *cpu = env_cpu((CPUArchState *)cpu_env); | ||
| + TaskState *ts = cpu->opaque; | ||
| + p = ts->bprm->filename; | ||
| + } | ||
| + | ||
| + /* retrieve guest argv0 */ | ||
| + if (get_user_ual(addr, guest_argp)) | ||
| + goto execve_efault; | ||
| + | ||
| + /* | ||
| + * From the guest, the call | ||
| + * execve(pathname, [argv0, argv1], envp) | ||
| + * on the host, becomes: | ||
| + * execve("/proc/self/exe", [qemu_progname, "-0", argv0, pathname, argv1], envp) | ||
| + * where qemu_progname is the error message prefix for qemu | ||
| + */ | ||
| + argp[0] = (char*)error_get_progname(); | ||
| + argp[1] = (char*)"-0"; | ||
| + argp[2] = (char*)lock_user_string(addr); | ||
| + argp[3] = p; | ||
| + | ||
| + /* copy guest argv1 onwards to host argv4 onwards */ | ||
| + for (gp = guest_argp + 1*sizeof(abi_ulong), q = argp + 4; gp; | ||
| gp += sizeof(abi_ulong), q++) { | ||
| if (get_user_ual(addr, gp)) | ||
| goto execve_efault; | ||
| @@ -8801,8 +8828,6 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, | ||
| } | ||
| *q = NULL; | ||
|
|
||
| - if (!(p = lock_user_string(arg1))) | ||
| - goto execve_efault; | ||
| /* Although execve() is not an interruptible syscall it is | ||
| * a special case where we must use the safe_syscall wrapper: | ||
| * if we allow a signal to happen before we make the host | ||
| @@ -8813,7 +8838,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, | ||
| * before the execve completes and makes it the other | ||
| * program's problem. | ||
| */ | ||
| - ret = get_errno(safe_execve(p, argp, envp)); | ||
| + ret = get_errno(safe_execve("/proc/self/exe", argp, envp)); | ||
| unlock_user(p, arg1, 0); | ||
|
|
||
| goto execve_end; | ||
| -- | ||
| 2.34.0 | ||
|
|
76 changes: 76 additions & 0 deletions
76
patches/buildkit-direct-execve-v7.0/0002-linux-user-lookup-user-program-in-PATH.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| From d83023eb7a0574cad224c7d88ac8dcf9d745afa3 Mon Sep 17 00:00:00 2001 | ||
| From: Tibor Vass <[email protected]> | ||
| Date: Tue, 2 Jun 2020 10:39:48 +0000 | ||
| Subject: [PATCH] linux-user: lookup user program in PATH | ||
|
|
||
| Signed-off-by: Tibor Vass <[email protected]> | ||
| --- | ||
| linux-user/main.c | 45 ++++++++++++++++++++++++++++++++++++++++++++- | ||
| 1 file changed, 44 insertions(+), 1 deletion(-) | ||
|
|
||
| diff --git a/linux-user/main.c b/linux-user/main.c | ||
| index fbc9bcfd5f..30f163de81 100644 | ||
| --- a/linux-user/main.c | ||
| +++ b/linux-user/main.c | ||
| @@ -558,6 +558,45 @@ static void usage(int exitcode) | ||
| exit(exitcode); | ||
| } | ||
|
|
||
| +/* | ||
| + * path_lookup searches for an executable filename in the directories named by the PATH environment variable. | ||
| + * Returns a copy of filename if it is an absolute path or could not find a match. | ||
| + * Caller is responsible to free returned string. | ||
| + * Adapted from musl's execvp implementation. | ||
| + */ | ||
| +static char *path_lookup(char *filename) { | ||
| + const char *p, *z, *path = getenv("PATH"); | ||
| + size_t l, k; | ||
| + struct stat buf; | ||
| + | ||
| + /* if PATH is not set or filename is absolute path return filename */ | ||
| + if (!path || !filename || filename[0] == '/') | ||
| + return strndup(filename, NAME_MAX+1); | ||
| + | ||
| + k = strnlen(filename, NAME_MAX+1); | ||
| + if (k > NAME_MAX) { | ||
| + errno = ENAMETOOLONG; | ||
| + return NULL; | ||
| + } | ||
| + l = strnlen(path, PATH_MAX-1)+1; | ||
| + | ||
| + for (p = path; ; p = z) { | ||
| + char *b = calloc(l+k+1, sizeof(char)); | ||
| + z = strchrnul(p, ':'); | ||
| + if (z-p >= l) { | ||
| + if (!*z++) break; | ||
| + continue; | ||
| + } | ||
| + memcpy(b, p, z-p); | ||
| + b[z-p] = '/'; | ||
| + memcpy(b+(z-p)+(z>p), filename, k+1); | ||
| + if (!stat(b, &buf) && !(buf.st_mode & S_IFDIR) && (buf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH))) | ||
| + return b; | ||
| + if (!*z++) break; | ||
| + } | ||
| + return strndup(filename, NAME_MAX+1); | ||
| +} | ||
| + | ||
| static int parse_args(int argc, char **argv) | ||
| { | ||
| const char *r; | ||
| @@ -623,7 +662,11 @@ static int parse_args(int argc, char **argv) | ||
| exit(EXIT_FAILURE); | ||
| } | ||
|
|
||
| - exec_path = argv[optind]; | ||
| + /* not freeing exec_path as it is needed for the lifetime of the process */ | ||
| + if (!(exec_path = path_lookup(argv[optind]))) { | ||
| + (void) fprintf(stderr, "qemu: could not find user program %s: %s\n", exec_path, strerror(errno)); | ||
| + exit(EXIT_FAILURE); | ||
| + } | ||
|
|
||
| return optind; | ||
| } | ||
| -- | ||
| 2.34.0 | ||
|
|
100 changes: 100 additions & 0 deletions
100
...ildkit-direct-execve-v7.0/0003-linux-user-path-in-execve-should-be-relative-to-work.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,100 @@ | ||
| From 1f69e640ec9a5a9f8b7ab9101f4807808f59bc1d Mon Sep 17 00:00:00 2001 | ||
| From: Tibor Vass <[email protected]> | ||
| Date: Sat, 27 Jun 2020 21:42:51 +0000 | ||
| Subject: [PATCH] linux-user: path in execve should be relative to working dir | ||
|
|
||
| Fixes regression introduced in parent commit where PATH handling was introduced. | ||
|
|
||
| When guest calls execve(filename, argp, envp) filename can be relative in which | ||
| case Linux makes it relative to the working directory. | ||
|
|
||
| However, since execve is now handled by exec-ing qemu process again, filename | ||
| would first get looked up in PATH in main() before calling host's execve. | ||
|
|
||
| With this change, if filename is relative and exists in working directory as | ||
| well as in PATH, working directory will get precedence over PATH if guest is | ||
| doing an execve syscall, but not if relative filename comes from qemu's argv. | ||
|
|
||
| Signed-off-by: Tibor Vass <[email protected]> | ||
| --- | ||
| include/qemu/path.h | 1 + | ||
| linux-user/syscall.c | 9 +++++++-- | ||
| util/path.c | 30 ++++++++++++++++++++++++++++++ | ||
| 3 files changed, 38 insertions(+), 2 deletions(-) | ||
|
|
||
| diff --git a/include/qemu/path.h b/include/qemu/path.h | ||
| index c6292a9709..a81fb51e1f 100644 | ||
| --- a/include/qemu/path.h | ||
| +++ b/include/qemu/path.h | ||
| @@ -3,5 +3,6 @@ | ||
|
|
||
| void init_paths(const char *prefix); | ||
| const char *path(const char *pathname); | ||
| +const char *prepend_workdir_if_relative(const char *path); | ||
|
|
||
| #endif | ||
| diff --git a/linux-user/syscall.c b/linux-user/syscall.c | ||
| index 73054926a0..b92be0963e 100644 | ||
| --- a/linux-user/syscall.c | ||
| +++ b/linux-user/syscall.c | ||
| @@ -8798,12 +8798,17 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, | ||
| * execve(pathname, [argv0, argv1], envp) | ||
| * on the host, becomes: | ||
| * execve("/proc/self/exe", [qemu_progname, "-0", argv0, pathname, argv1], envp) | ||
| - * where qemu_progname is the error message prefix for qemu | ||
| + * where qemu_progname is the error message prefix for qemu. | ||
| + * Note: if pathname is relative, it will be prepended with the current working directory. | ||
| */ | ||
| argp[0] = (char*)error_get_progname(); | ||
| argp[1] = (char*)"-0"; | ||
| argp[2] = (char*)lock_user_string(addr); | ||
| - argp[3] = p; | ||
| + argp[3] = (char*)prepend_workdir_if_relative(p); | ||
| + if (!argp[3]) { | ||
| + ret = -host_to_target_errno(errno); | ||
| + goto execve_end; | ||
| + } | ||
|
|
||
| /* copy guest argv1 onwards to host argv4 onwards */ | ||
| for (gp = guest_argp + 1*sizeof(abi_ulong), q = argp + 4; gp; | ||
| diff --git a/util/path.c b/util/path.c | ||
| index 8e174eb436..f7907b8238 100644 | ||
| --- a/util/path.c | ||
| +++ b/util/path.c | ||
| @@ -68,3 +68,33 @@ const char *path(const char *name) | ||
| qemu_mutex_unlock(&lock); | ||
| return ret; | ||
| } | ||
| + | ||
| +/* Prepends working directory if path is relative. | ||
| + * If path is absolute, it is returned as-is without any allocation. | ||
| + * Otherwise, caller is responsible to free returned path. | ||
| + * Returns NULL and sets errno upon error. | ||
| + * Note: realpath is not called to let the kernel do the rest of the resolution. | ||
| + */ | ||
| +const char *prepend_workdir_if_relative(const char *path) | ||
| +{ | ||
| + char buf[PATH_MAX]; | ||
| + char *p; | ||
| + int i, j, k; | ||
| + | ||
| + if (!path || path[0] == '/') return path; | ||
| + | ||
| + if (!getcwd(buf, PATH_MAX)) return NULL; | ||
| + i = strlen(buf); | ||
| + j = strlen(path); | ||
| + k = i + 1 + j + 1; /* workdir + '/' + path + '\0' */ | ||
| + if (i + j > PATH_MAX) { | ||
| + errno = ERANGE; | ||
| + return NULL; | ||
| + } | ||
| + if (!(p = malloc(k * sizeof(char*)))) return NULL; | ||
| + | ||
| + if (!strncat(p, buf, i)) return NULL; | ||
| + if (!strncat(p, "/", 1)) return NULL; | ||
| + if (!strncat(p, path, j)) return NULL; | ||
| + return p; | ||
| +} | ||
| -- | ||
| 2.34.0 | ||
|
|
Oops, something went wrong.