While receiving packets via e1000e_write_packet_to_guest an infinite
loop could be triggered if the receive descriptor had a NULL buffer
address.
A privileged guest user could use this to induce a DoS Scenario.
Fixes: CVE-2020-28916
An assert(3) failure issue was found in the networking helper functions of QEMU. It could occur in the eth_get_gso_type() routine, if a packet does not have a valid networking L3 protocol (ex. IPv4, IPv6) value. A guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
Fixes: CVE-2020-27617
Applications using a different GTK version than the user session don't
work well, and people often run NixOS VM tests on different channels.
Wrapping these GTK binaries is a common way to fix this.
Fixes#69158
Our VM tests and everything related to our virtualisation infrastructure
is currently broken if used with kernel 4.19 or later.
The reason for this is that since 4.19, overlayfs uses the O_NOATIME
flag when opening files in lowerdir and this doesn't play nice with the
way we pass the Nix store to our QEMU guests.
On a NixOS system, paths in the Nix store are typically owned by root
but the QEMU process is usually run by an ordinary user. Using O_NOATIME
on a file where you're not the owner (or superuser) will return with
EPERM (Operation not permitted).
This is exactly what happens in our VM tests, because we're using
overlayfs in the guests to allow writes to the store.
Another implication of this is that the default kernel version for NixOS
19.03 has been reverted to Linux 4.14.
Work on getting this upstream is still ongoing and the patch I posted
previously was incomplete, needs rework and also some more review from
upstream maintainers - in summary: This will take a while.
So instead of rushing in a kernel patch to nixpkgs, which will affect
all users of overlayfs, not just NixOS VM tests, I opted to patch QEMU
for now to ignore the O_NOATIME flag in 9p.
I think this is also the least impacting change, because even if you
care about whether access times are written or not, you get the same
behaviour as with Linux 4.19 in conjunction with QEMU.
Signed-off-by: aszlig <aszlig@nix.build>
Fixes: https://github.com/NixOS/nixpkgs/issues/54509
You can use stdenv.hostPlatform.emulator to get an executable that
runs cross-built binaries. This could be any emulator. For instance,
we use QEMU to emulate Linux targets and Wine to emulate Windows
targets. To work with qemu, we need to support custom targets.
I’ve reworked the cross tests in pkgs/test/cross to use this
functionality.
Also, I’ve used talloc to cross-execute with the emulator. There
appears to be a cross-execute for all waf builds. In the future, it
would be nice to set this for all waf builds.
Adds stdenv.hostPlatform.qemuArch attrbute to get the qemuArch for
each platform.
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
This obsoletes two of the included patches, one of them RISC-V specific,
since they've been picked up by upstream.
This build has been confirmed as being able to build and run an (extremely
recent) RISC-V Fedora 28 Rawhide image, available from:
https://fedorapeople.org/groups/risc-v/disk-images/
Signed-off-by: Austin Seipp <aseipp@pobox.com>
* $out/bin/qemu-kvm should point to qemu-system-aarch64 on aarch64, libvirt expect it
* makeWrapper codes are separated as some architectures might require additional command flags (https://github.com/NixOS/nixpkgs/issues/31606#issuecomment-349675127)
* x86_64-on-i686 is not a native emulation and not supported by KVM, so it is removed from the list
This reverts commit 3a4e2376e4.
The reverted commit caused the fix for CVE-2016-9602 not to be applied
for qemu_test because it conflicts with the force-uid0-on-9p.patch.
So with the rebase of the patch on top of the changes of the
CVE-2016-9602.patch, both patches no longer conflict with each other.
I've tested this with the "misc" NixOS test and it succeeds.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
New upstream patch function and patches for fixing a bug in the patch for
CVE-2017-5667 and the following security issues:
* CVE-2016-7907
* CVE-2016-9602
* CVE-2016-10155
* CVE-2017-2620
* CVE-2017-2630
* CVE-2017-5525
* CVE-2017-5526
* CVE-2017-5579
* CVE-2017-5856
* CVE-2017-5857
* CVE-2017-5987
* CVE-2017-6058