Debian Patches

Status for qemu/1:10.0.3+ds-0+deb13u1

Patch Description Author Forwarded Bugs Origin Last update
microvm-default-machine-type.patch set default machine type to be microvm if CONFIG_MICROVM is defined
diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
index a8d354aabe..1806cde036 100644		 Michael Tokarev <mjt@tls.msk.ru> not-needed 2020-02-22
static-linux-user-stubs.diff static linux-user stubs
When building a static linux-user binaries, ld complains:

/usr/bin/ld: libglib-2.0.a(gutils.c.o): in function `g_get_user_database_entry':
warning: Using 'getpwuid' in statically linked applications requires...
warning: Using 'getpwnam_r' in statically linked applications requires...
warning: Using 'getpwuid_r' in statically linked applications requires...

This is because glib, in their "misc utils" unit (gutils.c), has functions
to return current user home directory and similar stuff, and this unit is
almost always included into the link, even if these particular functions
aren't used by the application.

Ideally this should be fixed on the glib side, by splitting gutils.c into
several files, so unused symbols wont be included in the link at all.
But this requires extra efforts from glib side, and static linkage with
glib is very rare.

So just stub-out a few getpw* symbols here, - this will eliminate the
warning and will make resulting binary quite a bit smaller.

It would be nice to eliminate whole dlopen() too.

diff --git a/linux-user/main.c b/linux-user/main.c		 Michael Tokarev <mjt@tls.msk.ru> not-needed 2024-04-25
linux-user-binfmt-P.diff [PATCH, HACK]: linux-user: handle binfmt-misc P flag as a separate exe name
A hackish way to distinguish the case when qemu-user binary is executed
using in-kernel binfmt-misc subsystem with P flag (preserve argv).
We register binfmt interpreter under name /usr/libexec/qemu-binfmt/qemu-foo-binfmt-P
(which is just a symlink to ../../bin/qemu-foo), and if run like that,
qemu-user binary will "know" it should interpret argv[1] & argv[2]
in a special way.

diff --git a/linux-user/main.c b/linux-user/main.c
index 9277df2e9d..bd323f70bc 100644		 Michael Tokarev <mjt@tls.msk.ru> yes 2021-02-13
note-missing-module-pkg-name.diff Note missing module package name
Debian ships different modules in different packages.
By default qemu ignores the fact that it can not load
a module, pretending this module never existed.
Give a useful hint about the package where the module
in question resides.

This is a hack, but it makes qemu packaged in debian
more user-friendly.

diff --git a/audio/audio.c b/audio/audio.c
index 7ac74f9e16..15f1071bdc 100644		 Michael Tokarev <mjt@tls.msk.ru> not-needed 2021-08-22
skip-unpack-edk2-blobs.patch skip unpacking of edk2 blobs
Debian strips the blobs from qemu.orig.tar.gz so the code
fails to unpack the missing files.

diff --git a/pc-bios/meson.build b/pc-bios/meson.build
index a7224ef469..ddaedd95af 100644		 Michael Tokarev <mjt@tls.msk.ru> not-needed 2023-04-01
qemu-bridge-helper-path.patch set proper path for qemu-bridge-helper binary in the docs
Upstream should propagate this path from the config option.
This is a dumb-n-quick fix.

diff --git a/qemu-options.hx b/qemu-options.hx
index b56f6b2fb2..fe138c83d3 100644		 Michael Tokarev <mjt@tls.msk.ru> no debian 2023-04-18
gnu-hurd.patch Add OS detection and support for GNU/Hurd
Adds minimal (just OS detection) "support" for
GNU/Hurd. Just a test for now.

diff --git a/configure b/configure
index 0aea9b113b..0648634636 100755		 Michael Tokarev <mjt@tls.msk.ru> not-needed 2024-08-24
qboot-Disable-LTO-for-ELF-binary-build-step.patch [PATCH] qboot: Disable LTO for ELF binary build step
If LTO is enabled by default qboot fails to link as it exposes
a few issues that break the build:

../code16.c: Assembler messages:
../code16.c:37: Error: redundant addr32 prefix
../code16.c:27: Error: redundant addr32 prefix
../code16.c:18: Error: redundant addr32 prefix

Until fixed suppress this behavior by adding -fno-lto to the end
of the linker flags.		 Christian Ehrhardt <christian.ehrhardt@canonical.com> yes upstream https://gitlab.com/bonzini/qboot/-/merge_requests/32 2022-07-06
u-boot-sam460ex-fdi.patch u-boot-sam460ex: fdi fix
Fix the missing extern in a variable declaration,
resulting in this variable being repeated each time
this header is included, so the link with modern gcc
fails.


diff --git a/roms/u-boot-sam460ex/board/ACube/common/vesa.h b/roms/u-boot-sam460ex/board/ACube/common/vesa.h
index a6c32c3c2c..99672aa67b 100644		 Michael Tokarev <mjt@tls.msk.ru> yes 2023-04-01
u-boot-sam460ex-mstring.patch u-boot-sam460ex: remove obsolete -mstring gcc option
Modern gcc complains about it.


diff --git a/roms/u-boot-sam460ex/arch/powerpc/cpu/ppc4xx/config.mk b/roms/u-boot-sam460ex/arch/powerpc/cpu/ppc4xx/config.mk
index 8f47c9b728..cf4414cee6 100644		 Michael Tokarev <mjt@tls.msk.ru> yes 2023-10-22
u-boot-sam460ex-build.patch u-boot-sam460ex: build fixes
Fixes or works around numerous build issues and one real bug.

Most are due to new defaults in gcc (in debian), like
-Werror=implicit-function-declarations (there are a lot of missing decls)
-Werror=incompatible-pointer-types (function types mismatches)
-Werror=int-conversion (free int <=> pointer conversion)


diff --git a/roms/u-boot-sam460ex/board/ACube/Sam460ex/Sam460ex.c b/roms/u-boot-sam460ex/board/ACube/Sam460ex/Sam460ex.c
index 4d5b953c02..5ecf16dbe2 100644		 Michael Tokarev <mjt@tls.msk.ru> yes debian 2024-08-03
openbios-use-source_date_epoch-in-makefile.patch roms/openbios: Use SOURCE_DATE_EPOCH in Makefile.
Embedding the build time breaks reproducibility. Instead, use the date
specified by the SOURCE_DATE_EPOCH environment variable:

https://reproducible-builds.org/docs/source-date-epoch/

This patch relies on features of GNU date, and will need further
changes for portability to other systems.		 Vagrant Cascadian <vagrant@reproducible-builds.org> no 2020-06-21
seabios-hppa-use-consistent-date-and-remove-hostname.patch roms/seabios-hppa: Use consistent date and remove hostname.
Two issues break reproducibility; the time and hostname get embedded
in the resulting seabios binary.

Simply drop the hostname from the embedded version string, as it
shouldn't be needed in Debian package builds.

Use the SOURCE_DATE_EPOCH environment variable to set the build date
rather than the current time:

https://reproducible-builds.org/docs/source-date-epoch/		 Vagrant Cascadian <vagrant@reproducible-builds.org> no 2020-06-21
slof-remove-user-and-host-from-release-version.patch roms/SLOF/Makefile.gen: Remove user and host from release version.
This version string ends up in the slof.bin, leading to
reproducibility issues.		 Vagrant Cascadian <vagrant@reproducible-builds.org> no 2020-06-22
slof-ensure-ld-is-called-with-C-locale.patch slof/Makefile.gen: Ensure ld is called with the C locale.
The output of "ld -V" changes based on the environment's locale.		 Vagrant Cascadian <vagrant@reproducible-builds.org> no 2020-06-22
qemu-img-options.patch qemu-img options rework
This is a patchset which has been sent to qemu upstream for review
a number of times, but the review stalled.

diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst		 Michael Tokarev <mjt@tls.msk.ru> yes
disable-pycotap.patch disable pycotap for now
pycotap is only needed for functional tests.
Disable it for now for building qemu.

diff --git a/pythondeps.toml b/pythondeps.toml		 Michael Tokarev <mjt@tls.msk.ru> not-needed 2024-12-27
hw-display-qxl-render.c-fix-qxl_unpack_chunks-chunk-.patch hw/display/qxl-render.c: fix qxl_unpack_chunks() chunk size calculation
In case of multiple chunks, code in qxl_unpack_chunks() takes size of the
wrong (next in the chain) chunk, instead of using current chunk size.
This leads to wrong number of bytes being copied, and to crashes if next
chunk size is larger than the current one.

Based on the code by Gao Yong.		 Michael Tokarev <mjt@tls.msk.ru> yes upstream 2025-02-21
system-physmem-fix-use-after-free-with-dispatch.patch system/physmem: fix use-after-free with dispatch
A use-after-free bug was reported when booting a Linux kernel during the
pci setup phase. It's quite hard to reproduce (needs smp, and favored by
having several pci devices with BAR and specific Linux config, which
is Debian default one in this case).

After investigation (see the associated bug ticket), it appears that,
under specific conditions, we might access a cached AddressSpaceDispatch
that was reclaimed by RCU thread meanwhile.
In the Linux boot scenario, during the pci phase, memory region are
destroyed/recreated, resulting in exposition of the bug.

The core of the issue is that we cache the dispatch associated to
current cpu in cpu->cpu_ases[asidx].memory_dispatch. It is updated with
tcg_commit, which runs asynchronously on a given cpu.
At some point, we leave the rcu critial section, and the RCU thread
starts reclaiming it, but tcg_commit is not yet invoked, resulting in
the use-after-free.

It's not the first problem around this area, and this patch [1] already
tried to address it. It did a good job, but it seems that we found a
specific situation where it's not enough.

This patch takes a simple approach: remove the cached value creating the
issue, and make sure we always get the current mapping for address
space, using address_space_to_dispatch(cpu->cpu_ases[asidx].as).
It's equivalent to qatomic_rcu_read(&as->current_map)->dispatch;
This is not really costly, we just need two dereferences,
including one atomic (rcu) read, which is negligible considering we are
already on mmu slow path anyway.

Note that tcg_commit is still needed, as it's taking care of flushing
TLB, removing previously mapped entries.

Another solution would be to cache directly values under the dispatch
(dispatch themselves are not ref counted), keep an active reference on
associated memory section, and release it when appropriate (tricky).
Given the time already spent debugging this area now and previously, I
strongly prefer eliminating the root of the issue, instead of adding
more complexity for a hypothetical performance gain. RCU is precisely
used to ensure good performance when reading data, so caching is not as
beneficial as it might seem IMHO.

[1] https://gitlab.com/qemu-project/qemu/-/commit/0d58c660689f6da1e3feff8a997014003d928b3b		 Pierrick Bouvier <pierrick.bouvier@linaro.org> not-needed debian upstream, https://lore.kernel.org/qemu-devel/afddf3fc-5561-40b4-b61c-1301b079b0b8@tls.msk.ru/T/#t 2025-07-24
pcie_sriov-Fix-configuration-and-state-synchronizati.patch pcie_sriov: Fix configuration and state synchronization
Fix issues in PCIe SR-IOV configuration register handling that caused
inconsistent internal state due to improper write mask handling and
incorrect migration behavior.

Two main problems were identified:

1. VF Enable bit write mask handling:
pcie_sriov_config_write() incorrectly assumed that its val parameter
was already masked, causing it to ignore the actual write mask.
This led to the VF Enable bit being processed even when masked,
resulting in incorrect VF registration/unregistration. It is
identified as CVE-2025-54567.

2. Migration state inconsistency:
pcie_sriov_pf_post_load() unconditionally called register_vfs()
regardless of the VF Enable bit state, creating inconsistent
internal state when VFs should not be enabled. Additionally,
it failed to properly update the NumVFs write mask based on
the current configuration. It is identified as CVE-2025-54566.

Root cause analysis revealed that both functions relied on incorrect
special-case assumptions instead of properly reading and consuming
the actual configuration values. This change introduces a unified
consume_config() function that reads actual configuration values and
synchronize the internal state without special-case assumptions.

The solution only adds register read overhead in non-hot-path code
while ensuring correct SR-IOV state management across configuration
writes and migration scenarios.

(cherry picked from commit cad9aa6fbdccd95e56e10cfa57c354a20a333717)
(Mjt: context fix)		 Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp> not-needed debian upstream, https://gitlab.com/qemu-project/qemu/-/commit/cad9aa6fbdccd95e56e10cfa57c354a20a333717 2025-07-27

All known versions for source package 'qemu'

Links