aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--emulators/qemu-devel/Makefile1
-rw-r--r--emulators/qemu-devel/files/patch-tlb-vuln92
-rw-r--r--emulators/qemu/Makefile2
-rw-r--r--emulators/qemu/files/patch-tlb-vuln92
4 files changed, 186 insertions, 1 deletions
diff --git a/emulators/qemu-devel/Makefile b/emulators/qemu-devel/Makefile
index 8aa2fdd5bfc1..1d7b1e516788 100644
--- a/emulators/qemu-devel/Makefile
+++ b/emulators/qemu-devel/Makefile
@@ -7,6 +7,7 @@
PORTNAME= qemu
PORTVERSION= 0.9.0s.20070802
+PORTREVISION= 1
CATEGORIES= emulators
MASTER_SITES= http://qemu.org/:release \
http://qemu-forum.ipi.fi/qemu-snapshots/:snapshot \
diff --git a/emulators/qemu-devel/files/patch-tlb-vuln b/emulators/qemu-devel/files/patch-tlb-vuln
new file mode 100644
index 000000000000..491d88f86ca8
--- /dev/null
+++ b/emulators/qemu-devel/files/patch-tlb-vuln
@@ -0,0 +1,92 @@
+Index: qemu/cpu-exec.c
+diff -u qemu/cpu-exec.c:1.128 qemu/cpu-exec.c:1.129
+--- qemu/cpu-exec.c:1.128 Sun Dec 2 06:18:23 2007
++++ qemu/cpu-exec.c Tue Dec 11 19:35:45 2007
+@@ -133,7 +133,7 @@
+ tb->tc_ptr = tc_ptr;
+ tb->cs_base = cs_base;
+ tb->flags = flags;
+- cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
++ cpu_gen_code(env, tb, &code_gen_size);
+ code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
+
+ /* check next page if needed */
+Index: qemu/exec-all.h
+diff -u qemu/exec-all.h:1.72 qemu/exec-all.h:1.73
+--- qemu/exec-all.h:1.72 Mon Nov 19 00:38:33 2007
++++ qemu/exec-all.h Tue Dec 11 19:35:45 2007
+@@ -64,8 +64,9 @@
+ int gen_intermediate_code(CPUState *env, struct TranslationBlock *tb);
+ int gen_intermediate_code_pc(CPUState *env, struct TranslationBlock *tb);
+ void dump_ops(const uint16_t *opc_buf, const uint32_t *opparam_buf);
++unsigned long code_gen_max_block_size(void);
+ int cpu_gen_code(CPUState *env, struct TranslationBlock *tb,
+- int max_code_size, int *gen_code_size_ptr);
++ int *gen_code_size_ptr);
+ int cpu_restore_state(struct TranslationBlock *tb,
+ CPUState *env, unsigned long searched_pc,
+ void *puc);
+@@ -94,7 +95,6 @@
+ return tlb_set_page_exec(env, vaddr, paddr, prot, mmu_idx, is_softmmu);
+ }
+
+-#define CODE_GEN_MAX_SIZE 65536
+ #define CODE_GEN_ALIGN 16 /* must be >= of the size of a icache line */
+
+ #define CODE_GEN_PHYS_HASH_BITS 15
+Index: qemu/exec.c
+diff -u qemu/exec.c:1.117 qemu/exec.c:1.118
+--- qemu/exec.c:1.117 Sun Dec 9 02:22:56 2007
++++ qemu/exec.c Tue Dec 11 19:35:45 2007
+@@ -56,7 +56,7 @@
+ #endif
+
+ /* threshold to flush the translated code buffer */
+-#define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - CODE_GEN_MAX_SIZE)
++#define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - code_gen_max_block_size())
+
+ #define SMC_BITMAP_USE_THRESHOLD 10
+
+@@ -622,7 +622,7 @@
+ tb->cs_base = cs_base;
+ tb->flags = flags;
+ tb->cflags = cflags;
+- cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
++ cpu_gen_code(env, tb, &code_gen_size);
+ code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
+
+ /* check next page if needed */
+Index: qemu/translate-all.c
+diff -u qemu/translate-all.c:1.23 qemu/translate-all.c:1.24
+--- qemu/translate-all.c:1.23 Sun Dec 2 06:10:02 2007
++++ qemu/translate-all.c Tue Dec 11 19:35:45 2007
+@@ -132,14 +132,27 @@
+ }
+ }
+
++unsigned long code_gen_max_block_size(void)
++{
++ static unsigned long max;
++
++ if (max == 0) {
++#define DEF(s, n, copy_size) max = copy_size > max? copy_size : max;
++#include "opc.h"
++#undef DEF
++ max *= OPC_MAX_SIZE;
++ }
++
++ return max;
++}
++
+ /* return non zero if the very first instruction is invalid so that
+ the virtual CPU can trigger an exception.
+
+ '*gen_code_size_ptr' contains the size of the generated code (host
+ code).
+ */
+-int cpu_gen_code(CPUState *env, TranslationBlock *tb,
+- int max_code_size, int *gen_code_size_ptr)
++int cpu_gen_code(CPUState *env, TranslationBlock *tb, int *gen_code_size_ptr)
+ {
+ uint8_t *gen_code_buf;
+ int gen_code_size;
diff --git a/emulators/qemu/Makefile b/emulators/qemu/Makefile
index 5578ef2b306f..8cadd3d041ec 100644
--- a/emulators/qemu/Makefile
+++ b/emulators/qemu/Makefile
@@ -7,7 +7,7 @@
PORTNAME= qemu
PORTVERSION= 0.9.0
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= emulators
MASTER_SITES= http://fabrice.bellard.free.fr/qemu/:release \
http://qemu.org/:release \
diff --git a/emulators/qemu/files/patch-tlb-vuln b/emulators/qemu/files/patch-tlb-vuln
new file mode 100644
index 000000000000..491d88f86ca8
--- /dev/null
+++ b/emulators/qemu/files/patch-tlb-vuln
@@ -0,0 +1,92 @@
+Index: qemu/cpu-exec.c
+diff -u qemu/cpu-exec.c:1.128 qemu/cpu-exec.c:1.129
+--- qemu/cpu-exec.c:1.128 Sun Dec 2 06:18:23 2007
++++ qemu/cpu-exec.c Tue Dec 11 19:35:45 2007
+@@ -133,7 +133,7 @@
+ tb->tc_ptr = tc_ptr;
+ tb->cs_base = cs_base;
+ tb->flags = flags;
+- cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
++ cpu_gen_code(env, tb, &code_gen_size);
+ code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
+
+ /* check next page if needed */
+Index: qemu/exec-all.h
+diff -u qemu/exec-all.h:1.72 qemu/exec-all.h:1.73
+--- qemu/exec-all.h:1.72 Mon Nov 19 00:38:33 2007
++++ qemu/exec-all.h Tue Dec 11 19:35:45 2007
+@@ -64,8 +64,9 @@
+ int gen_intermediate_code(CPUState *env, struct TranslationBlock *tb);
+ int gen_intermediate_code_pc(CPUState *env, struct TranslationBlock *tb);
+ void dump_ops(const uint16_t *opc_buf, const uint32_t *opparam_buf);
++unsigned long code_gen_max_block_size(void);
+ int cpu_gen_code(CPUState *env, struct TranslationBlock *tb,
+- int max_code_size, int *gen_code_size_ptr);
++ int *gen_code_size_ptr);
+ int cpu_restore_state(struct TranslationBlock *tb,
+ CPUState *env, unsigned long searched_pc,
+ void *puc);
+@@ -94,7 +95,6 @@
+ return tlb_set_page_exec(env, vaddr, paddr, prot, mmu_idx, is_softmmu);
+ }
+
+-#define CODE_GEN_MAX_SIZE 65536
+ #define CODE_GEN_ALIGN 16 /* must be >= of the size of a icache line */
+
+ #define CODE_GEN_PHYS_HASH_BITS 15
+Index: qemu/exec.c
+diff -u qemu/exec.c:1.117 qemu/exec.c:1.118
+--- qemu/exec.c:1.117 Sun Dec 9 02:22:56 2007
++++ qemu/exec.c Tue Dec 11 19:35:45 2007
+@@ -56,7 +56,7 @@
+ #endif
+
+ /* threshold to flush the translated code buffer */
+-#define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - CODE_GEN_MAX_SIZE)
++#define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - code_gen_max_block_size())
+
+ #define SMC_BITMAP_USE_THRESHOLD 10
+
+@@ -622,7 +622,7 @@
+ tb->cs_base = cs_base;
+ tb->flags = flags;
+ tb->cflags = cflags;
+- cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
++ cpu_gen_code(env, tb, &code_gen_size);
+ code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
+
+ /* check next page if needed */
+Index: qemu/translate-all.c
+diff -u qemu/translate-all.c:1.23 qemu/translate-all.c:1.24
+--- qemu/translate-all.c:1.23 Sun Dec 2 06:10:02 2007
++++ qemu/translate-all.c Tue Dec 11 19:35:45 2007
+@@ -132,14 +132,27 @@
+ }
+ }
+
++unsigned long code_gen_max_block_size(void)
++{
++ static unsigned long max;
++
++ if (max == 0) {
++#define DEF(s, n, copy_size) max = copy_size > max? copy_size : max;
++#include "opc.h"
++#undef DEF
++ max *= OPC_MAX_SIZE;
++ }
++
++ return max;
++}
++
+ /* return non zero if the very first instruction is invalid so that
+ the virtual CPU can trigger an exception.
+
+ '*gen_code_size_ptr' contains the size of the generated code (host
+ code).
+ */
+-int cpu_gen_code(CPUState *env, TranslationBlock *tb,
+- int max_code_size, int *gen_code_size_ptr)
++int cpu_gen_code(CPUState *env, TranslationBlock *tb, int *gen_code_size_ptr)
+ {
+ uint8_t *gen_code_buf;
+ int gen_code_size;