From 0e1ff0f605166527557ce589ebe75f7ec5c3386c Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Tue, 31 Mar 2020 09:50:30 +0200 Subject: [PATCH] app-emulation/qemu: update to 4.2.0-r2 Update qemu to 4.2.0-r2 to address the following issues: [CVE-2019-13164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13164) [CVE-2020-8608](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8608) --- .../app-emulation/qemu/Manifest | 3 +- ...ix-vpc-max_table_entries-computation.patch | 25 -- .../qemu-4.0.0-fix_infiniband_include.patch | 12 + .../files/qemu-4.0.0-linux-headers-5.2.patch | 334 ++++++++++++++++++ .../files/qemu-4.0.0-mkdir_systemtap.patch | 8 +- .../qemu/files/qemu-4.0.0-pc-q35-4.0.patch | 135 +++++++ .../qemu/files/qemu-4.0.0-xkbcommon.patch | 38 ++ .../qemu/files/qemu-4.2.0-cflags.patch | 16 + .../app-emulation/qemu/metadata.xml | 10 +- ...u-4.0.0-r3.ebuild => qemu-4.2.0-r2.ebuild} | 107 +++--- 10 files changed, 614 insertions(+), 74 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/0001-block-fix-vpc-max_table_entries-computation.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-linux-headers-5.2.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-pc-q35-4.0.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.2.0-cflags.patch rename sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/{qemu-4.0.0-r3.ebuild => qemu-4.2.0-r2.ebuild} (90%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest index 5cc79c7649..911250c7ed 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest @@ -1 +1,2 @@ -DIST qemu-4.0.0.tar.xz 55628624 BLAKE2B 8afd1f54aa13d2e61fd36c4f4544b7c4ffb1a7eee5c69d3aa1d40a432ca296ad8abe6cb83d7c66ac4045ca624d2a00e737f51e4e62ed46fef9766ef71f43b98b SHA512 952e94194ce9e64c15388c59035cb31fb9f761d30095c2fb9441012b609c18c9976285727b93bf37b95e15675802d73f8e1c4619ebecd23606675bb503646b13 +DIST qemu-4.2.0-patches-r1.tar.xz 14552 BLAKE2B e8832ce5b7ccda02dcd63fa60a458322a36ba754c8bc682839de4ee33cf21a83cde434bdc062916d3c83e81026b68ebf2fbe099dc6c54c191875f830d95c63ae SHA512 7495e4c9ca80fd25a1bc8244b384f88f3bc6d7190e2840b1614e3bc6fd51938e42792c6a4dbdb2d400a45532e558814462647f35d5ab21e175bec84868a4161d +DIST qemu-4.2.0.tar.xz 62222068 BLAKE2B 27c9fbcd5093af425764674817ab9299224bd03f37b5983786f6f437fff1fab3b7da247c55c4ca8b8c42726b9867005944a2f7f04f2d0d94d753961615f901ef SHA512 2a79973c2b07c53e8c57a808ea8add7b6b2cbca96488ed5d4b669ead8c9318907dec2b6109f180fc8ca8f04c0f73a56e82b3a527b5626b799d7e849f2474ec56 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/0001-block-fix-vpc-max_table_entries-computation.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/0001-block-fix-vpc-max_table_entries-computation.patch deleted file mode 100644 index b8b2bd8803..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/0001-block-fix-vpc-max_table_entries-computation.patch +++ /dev/null @@ -1,25 +0,0 @@ -From b737484f814da16b8e9d405219cc1c2e81321d6b Mon Sep 17 00:00:00 2001 -From: Nick Owens -Date: Mon, 28 Nov 2016 13:28:58 -0800 -Subject: [PATCH] block: fix vpc max_table_entries computation - ---- - block/vpc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/block/vpc.c b/block/vpc.c -index 43707ed22c..beca222b98 100644 ---- a/block/vpc.c -+++ b/block/vpc.c -@@ -787,7 +787,7 @@ static int create_dynamic_disk(BlockBackend *blk, uint8_t *buf, - - /* Write the footer (twice: at the beginning and at the end) */ - block_size = 0x200000; -- num_bat_entries = (total_sectors + block_size / 512) / (block_size / 512); -+ num_bat_entries = total_sectors / (block_size / 512); - - ret = blk_pwrite(blk, offset, buf, HEADER_SIZE, 0); - if (ret < 0) { --- -2.11.0.rc2 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch new file mode 100644 index 0000000000..2778cc8f4f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-fix_infiniband_include.patch @@ -0,0 +1,12 @@ +diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c +index d1660b64..86715bfd 100644 +--- a/hw/rdma/rdma_backend.c ++++ b/hw/rdma/rdma_backend.c +@@ -21,7 +21,6 @@ + #include "qapi/qapi-events-rdma.h" + + #include +-#include + #include + #include + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-linux-headers-5.2.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-linux-headers-5.2.patch new file mode 100644 index 0000000000..43be8629df --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-linux-headers-5.2.patch @@ -0,0 +1,334 @@ +From 6d5d5dde9adb5acb32e6b8e3dfbf47fff0f308d2 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Thu, 18 Jul 2019 15:06:41 +0200 +Subject: [PATCH] linux-user: fix to handle variably sized SIOCGSTAMP with new + kernels +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +The SIOCGSTAMP symbol was previously defined in the +asm-generic/sockios.h header file. QEMU sees that header +indirectly via sys/socket.h + +In linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115 +the asm-generic/sockios.h header no longer defines SIOCGSTAMP. +Instead it provides only SIOCGSTAMP_OLD, which only uses a +32-bit time_t on 32-bit architectures. + +The linux/sockios.h header then defines SIOCGSTAMP using +either SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. If +SIOCGSTAMP_NEW is used, then the tv_sec field is 64-bit even +on 32-bit architectures + +To cope with this we must now convert the old and new type from +the target to the host one. + +Signed-off-by: Daniel P. Berrangé +Signed-off-by: Laurent Vivier +Reviewed-by: Arnd Bergmann +Message-Id: <20190718130641.15294-1-laurent@vivier.eu> +Signed-off-by: Laurent Vivier +--- + linux-user/ioctls.h | 21 ++++++- + linux-user/syscall.c | 140 ++++++++++++++++++++++++++++++++++++--------- + linux-user/syscall_defs.h | 30 +++++++++- + linux-user/syscall_types.h | 6 -- + 4 files changed, 159 insertions(+), 38 deletions(-) + +diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h +index ae895162..e6a27ad9 100644 +--- a/linux-user/ioctls.h ++++ b/linux-user/ioctls.h +@@ -219,8 +219,25 @@ + IOCTL(SIOCGRARP, IOC_R, MK_PTR(MK_STRUCT(STRUCT_arpreq))) + IOCTL(SIOCGIWNAME, IOC_W | IOC_R, MK_PTR(MK_STRUCT(STRUCT_char_ifreq))) + IOCTL(SIOCGPGRP, IOC_R, MK_PTR(TYPE_INT)) /* pid_t */ +- IOCTL(SIOCGSTAMP, IOC_R, MK_PTR(MK_STRUCT(STRUCT_timeval))) +- IOCTL(SIOCGSTAMPNS, IOC_R, MK_PTR(MK_STRUCT(STRUCT_timespec))) ++ ++ /* ++ * We can't use IOCTL_SPECIAL() because it will set ++ * host_cmd to XXX_OLD and XXX_NEW and these macros ++ * are not defined with kernel prior to 5.2. ++ * We must set host_cmd to the same value as in target_cmd ++ * otherwise the consistency check in syscall_init() ++ * will trigger an error. ++ * host_cmd is ignored by the do_ioctl_XXX() helpers. ++ * FIXME: create a macro to define this kind of entry ++ */ ++ { TARGET_SIOCGSTAMP_OLD, TARGET_SIOCGSTAMP_OLD, ++ "SIOCGSTAMP_OLD", IOC_R, do_ioctl_SIOCGSTAMP }, ++ { TARGET_SIOCGSTAMPNS_OLD, TARGET_SIOCGSTAMPNS_OLD, ++ "SIOCGSTAMPNS_OLD", IOC_R, do_ioctl_SIOCGSTAMPNS }, ++ { TARGET_SIOCGSTAMP_NEW, TARGET_SIOCGSTAMP_NEW, ++ "SIOCGSTAMP_NEW", IOC_R, do_ioctl_SIOCGSTAMP }, ++ { TARGET_SIOCGSTAMPNS_NEW, TARGET_SIOCGSTAMPNS_NEW, ++ "SIOCGSTAMPNS_NEW", IOC_R, do_ioctl_SIOCGSTAMPNS }, + + IOCTL(RNDGETENTCNT, IOC_R, MK_PTR(TYPE_INT)) + IOCTL(RNDADDTOENTCNT, IOC_W, MK_PTR(TYPE_INT)) +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index 96cd4bf8..6df480e1 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -37,6 +37,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -1139,8 +1140,9 @@ static inline abi_long copy_from_user_timeval(struct timeval *tv, + { + struct target_timeval *target_tv; + +- if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1)) ++ if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1)) { + return -TARGET_EFAULT; ++ } + + __get_user(tv->tv_sec, &target_tv->tv_sec); + __get_user(tv->tv_usec, &target_tv->tv_usec); +@@ -1155,8 +1157,26 @@ static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr, + { + struct target_timeval *target_tv; + +- if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) ++ if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) { ++ return -TARGET_EFAULT; ++ } ++ ++ __put_user(tv->tv_sec, &target_tv->tv_sec); ++ __put_user(tv->tv_usec, &target_tv->tv_usec); ++ ++ unlock_user_struct(target_tv, target_tv_addr, 1); ++ ++ return 0; ++} ++ ++static inline abi_long copy_to_user_timeval64(abi_ulong target_tv_addr, ++ const struct timeval *tv) ++{ ++ struct target__kernel_sock_timeval *target_tv; ++ ++ if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) { + return -TARGET_EFAULT; ++ } + + __put_user(tv->tv_sec, &target_tv->tv_sec); + __put_user(tv->tv_usec, &target_tv->tv_usec); +@@ -1166,6 +1186,48 @@ static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr, + return 0; + } + ++static inline abi_long target_to_host_timespec(struct timespec *host_ts, ++ abi_ulong target_addr) ++{ ++ struct target_timespec *target_ts; ++ ++ if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) { ++ return -TARGET_EFAULT; ++ } ++ __get_user(host_ts->tv_sec, &target_ts->tv_sec); ++ __get_user(host_ts->tv_nsec, &target_ts->tv_nsec); ++ unlock_user_struct(target_ts, target_addr, 0); ++ return 0; ++} ++ ++static inline abi_long host_to_target_timespec(abi_ulong target_addr, ++ struct timespec *host_ts) ++{ ++ struct target_timespec *target_ts; ++ ++ if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) { ++ return -TARGET_EFAULT; ++ } ++ __put_user(host_ts->tv_sec, &target_ts->tv_sec); ++ __put_user(host_ts->tv_nsec, &target_ts->tv_nsec); ++ unlock_user_struct(target_ts, target_addr, 1); ++ return 0; ++} ++ ++static inline abi_long host_to_target_timespec64(abi_ulong target_addr, ++ struct timespec *host_ts) ++{ ++ struct target__kernel_timespec *target_ts; ++ ++ if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) { ++ return -TARGET_EFAULT; ++ } ++ __put_user(host_ts->tv_sec, &target_ts->tv_sec); ++ __put_user(host_ts->tv_nsec, &target_ts->tv_nsec); ++ unlock_user_struct(target_ts, target_addr, 1); ++ return 0; ++} ++ + static inline abi_long copy_from_user_timezone(struct timezone *tz, + abi_ulong target_tz_addr) + { +@@ -4790,6 +4852,54 @@ static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp, + return get_errno(safe_ioctl(fd, ie->host_cmd, sig)); + } + ++static abi_long do_ioctl_SIOCGSTAMP(const IOCTLEntry *ie, uint8_t *buf_temp, ++ int fd, int cmd, abi_long arg) ++{ ++ struct timeval tv; ++ abi_long ret; ++ ++ ret = get_errno(safe_ioctl(fd, SIOCGSTAMP, &tv)); ++ if (is_error(ret)) { ++ return ret; ++ } ++ ++ if (cmd == (int)TARGET_SIOCGSTAMP_OLD) { ++ if (copy_to_user_timeval(arg, &tv)) { ++ return -TARGET_EFAULT; ++ } ++ } else { ++ if (copy_to_user_timeval64(arg, &tv)) { ++ return -TARGET_EFAULT; ++ } ++ } ++ ++ return ret; ++} ++ ++static abi_long do_ioctl_SIOCGSTAMPNS(const IOCTLEntry *ie, uint8_t *buf_temp, ++ int fd, int cmd, abi_long arg) ++{ ++ struct timespec ts; ++ abi_long ret; ++ ++ ret = get_errno(safe_ioctl(fd, SIOCGSTAMPNS, &ts)); ++ if (is_error(ret)) { ++ return ret; ++ } ++ ++ if (cmd == (int)TARGET_SIOCGSTAMPNS_OLD) { ++ if (host_to_target_timespec(arg, &ts)) { ++ return -TARGET_EFAULT; ++ } ++ } else{ ++ if (host_to_target_timespec64(arg, &ts)) { ++ return -TARGET_EFAULT; ++ } ++ } ++ ++ return ret; ++} ++ + #ifdef TIOCGPTPEER + static abi_long do_ioctl_tiocgptpeer(const IOCTLEntry *ie, uint8_t *buf_temp, + int fd, int cmd, abi_long arg) +@@ -6160,32 +6270,6 @@ static inline abi_long target_ftruncate64(void *cpu_env, abi_long arg1, + } + #endif + +-static inline abi_long target_to_host_timespec(struct timespec *host_ts, +- abi_ulong target_addr) +-{ +- struct target_timespec *target_ts; +- +- if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) +- return -TARGET_EFAULT; +- __get_user(host_ts->tv_sec, &target_ts->tv_sec); +- __get_user(host_ts->tv_nsec, &target_ts->tv_nsec); +- unlock_user_struct(target_ts, target_addr, 0); +- return 0; +-} +- +-static inline abi_long host_to_target_timespec(abi_ulong target_addr, +- struct timespec *host_ts) +-{ +- struct target_timespec *target_ts; +- +- if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) +- return -TARGET_EFAULT; +- __put_user(host_ts->tv_sec, &target_ts->tv_sec); +- __put_user(host_ts->tv_nsec, &target_ts->tv_nsec); +- unlock_user_struct(target_ts, target_addr, 1); +- return 0; +-} +- + static inline abi_long target_to_host_itimerspec(struct itimerspec *host_itspec, + abi_ulong target_addr) + { +diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h +index 12c84071..cfb3eeec 100644 +--- a/linux-user/syscall_defs.h ++++ b/linux-user/syscall_defs.h +@@ -208,16 +208,34 @@ struct target_linger { + abi_int l_linger; /* How long to linger for */ + }; + ++#if defined(TARGET_SPARC64) && !defined(TARGET_ABI32) ++struct target_timeval { ++ abi_long tv_sec; ++ abi_int tv_usec; ++}; ++#define target__kernel_sock_timeval target_timeval ++#else + struct target_timeval { + abi_long tv_sec; + abi_long tv_usec; + }; + ++struct target__kernel_sock_timeval { ++ abi_llong tv_sec; ++ abi_llong tv_usec; ++}; ++#endif ++ + struct target_timespec { + abi_long tv_sec; + abi_long tv_nsec; + }; + ++struct target__kernel_timespec { ++ abi_llong tv_sec; ++ abi_llong tv_nsec; ++}; ++ + struct target_timezone { + abi_int tz_minuteswest; + abi_int tz_dsttime; +@@ -743,8 +761,17 @@ struct target_pollfd { + #define TARGET_SIOCATMARK 0x8905 + #define TARGET_SIOCGPGRP 0x8904 + #endif +-#define TARGET_SIOCGSTAMP 0x8906 /* Get stamp (timeval) */ +-#define TARGET_SIOCGSTAMPNS 0x8907 /* Get stamp (timespec) */ ++ ++#if defined(TARGET_SH4) ++#define TARGET_SIOCGSTAMP_OLD TARGET_IOR('s', 100, struct target_timeval) ++#define TARGET_SIOCGSTAMPNS_OLD TARGET_IOR('s', 101, struct target_timespec) ++#else ++#define TARGET_SIOCGSTAMP_OLD 0x8906 ++#define TARGET_SIOCGSTAMPNS_OLD 0x8907 ++#endif ++ ++#define TARGET_SIOCGSTAMP_NEW TARGET_IOR(0x89, 0x06, abi_llong[2]) ++#define TARGET_SIOCGSTAMPNS_NEW TARGET_IOR(0x89, 0x07, abi_llong[2]) + + /* Networking ioctls */ + #define TARGET_SIOCADDRT 0x890B /* add routing table entry */ +diff --git a/linux-user/syscall_types.h b/linux-user/syscall_types.h +index b98a23b0..4e369838 100644 +--- a/linux-user/syscall_types.h ++++ b/linux-user/syscall_types.h +@@ -14,12 +14,6 @@ STRUCT(serial_icounter_struct, + STRUCT(sockaddr, + TYPE_SHORT, MK_ARRAY(TYPE_CHAR, 14)) + +-STRUCT(timeval, +- MK_ARRAY(TYPE_LONG, 2)) +- +-STRUCT(timespec, +- MK_ARRAY(TYPE_LONG, 2)) +- + STRUCT(rtentry, + TYPE_ULONG, MK_STRUCT(STRUCT_sockaddr), MK_STRUCT(STRUCT_sockaddr), MK_STRUCT(STRUCT_sockaddr), + TYPE_SHORT, TYPE_SHORT, TYPE_ULONG, TYPE_PTRVOID, TYPE_SHORT, TYPE_PTRVOID, diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-mkdir_systemtap.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-mkdir_systemtap.patch index abfcbd1b9a..95ccdd7a4b 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-mkdir_systemtap.patch +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-mkdir_systemtap.patch @@ -2,11 +2,11 @@ diff --git a/Makefile b/Makefile index 04a0d450..e0013a59 100644 --- a/Makefile +++ b/Makefile -@@ -760,6 +760,7 @@ ifneq ($(TOOLS),) - $(INSTALL_DATA) qemu-nbd.8 "$(DESTDIR)$(mandir)/man8" +@@ -803,6 +802,7 @@ + $(call install-prog,$(HELPERS-y),$(DESTDIR)$(libexecdir)) endif ifdef CONFIG_TRACE_SYSTEMTAP + mkdir -p $(DESTDIR)$(bindir) - $(INSTALL_DATA) scripts/qemu-trace-stap.1 "$(DESTDIR)$(mandir)/man1" + $(INSTALL_PROG) "scripts/qemu-trace-stap" $(DESTDIR)$(bindir) endif - ifneq (,$(findstring qemu-ga,$(TOOLS))) + ifneq ($(BLOBS),) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-pc-q35-4.0.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-pc-q35-4.0.patch new file mode 100644 index 0000000000..ebabc0c4c2 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-pc-q35-4.0.patch @@ -0,0 +1,135 @@ +Backport of QEMU v4.1 commit for stable v4.0.1 release + +commit c87759ce876a7a0b17c2bf4f0b964bd51f0ee871 +Author: Alex Williamson +Date: Tue May 14 14:14:41 2019 -0600 + + q35: Revert to kernel irqchip + + Commit b2fc91db8447 ("q35: set split kernel irqchip as default") changed + the default for the pc-q35-4.0 machine type to use split irqchip, which + turned out to have disasterous effects on vfio-pci INTx support. KVM + resampling irqfds are registered for handling these interrupts, but + these are non-functional in split irqchip mode. We can't simply test + for split irqchip in QEMU as userspace handling of this interrupt is a + significant performance regression versus KVM handling (GeForce GPUs + assigned to Windows VMs are non-functional without forcing MSI mode or + re-enabling kernel irqchip). + + The resolution is to revert the change in default irqchip mode in the + pc-q35-4.1 machine and create a pc-q35-4.0.1 machine for the 4.0-stable + branch. The qemu-q35-4.0 machine type should not be used in vfio-pci + configurations for devices requiring legacy INTx support without + explicitly modifying the VM configuration to use kernel irqchip. + +Link: https://bugs.launchpad.net/qemu/+bug/1826422 +Fixes: b2fc91db8447 ("q35: set split kernel irqchip as default") +Cc: address@hidden +Reviewed-by: Peter Xu +Signed-off-by: Alex Williamson +--- + +Same code as v1, just updating the commit log as a formal backport of +the merged 4.1 commit. + + hw/core/machine.c | 3 +++ + hw/i386/pc.c | 3 +++ + hw/i386/pc_q35.c | 16 ++++++++++++++-- + include/hw/boards.h | 3 +++ + include/hw/i386/pc.h | 3 +++ + 5 files changed, 26 insertions(+), 2 deletions(-) + +diff --git a/hw/core/machine.c b/hw/core/machine.c +index 743fef28982c..5d046a43e3d2 100644 +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -24,6 +24,9 @@ + #include "hw/pci/pci.h" + #include "hw/mem/nvdimm.h" + ++GlobalProperty hw_compat_4_0[] = {}; ++const size_t hw_compat_4_0_len = G_N_ELEMENTS(hw_compat_4_0); ++ + GlobalProperty hw_compat_3_1[] = { + { "pcie-root-port", "x-speed", "2_5" }, + { "pcie-root-port", "x-width", "1" }, +diff --git a/hw/i386/pc.c b/hw/i386/pc.c +index f2c15bf1f2c3..d98b737b8f3b 100644 +--- a/hw/i386/pc.c ++++ b/hw/i386/pc.c +@@ -115,6 +115,9 @@ struct hpet_fw_config hpet_cfg = {.count = UINT8_MAX}; + /* Physical Address of PVH entry point read from kernel ELF NOTE */ + static size_t pvh_start_addr; + ++GlobalProperty pc_compat_4_0[] = {}; ++const size_t pc_compat_4_0_len = G_N_ELEMENTS(pc_compat_4_0); ++ + GlobalProperty pc_compat_3_1[] = { + { "intel-iommu", "dma-drain", "off" }, + { "Opteron_G3" "-" TYPE_X86_CPU, "rdtscp", "off" }, +diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c +index 372c6b73bebd..45cc29d1adb7 100644 +--- a/hw/i386/pc_q35.c ++++ b/hw/i386/pc_q35.c +@@ -357,7 +357,7 @@ static void pc_q35_machine_options(MachineClass *m) + m->units_per_default_bus = 1; + m->default_machine_opts = "firmware=bios-256k.bin"; + m->default_display = "std"; +- m->default_kernel_irqchip_split = true; ++ m->default_kernel_irqchip_split = false; + m->no_floppy = 1; + machine_class_allow_dynamic_sysbus_dev(m, TYPE_AMD_IOMMU_DEVICE); + machine_class_allow_dynamic_sysbus_dev(m, TYPE_INTEL_IOMMU_DEVICE); +@@ -365,12 +365,24 @@ static void pc_q35_machine_options(MachineClass *m) + m->max_cpus = 288; + } + +-static void pc_q35_4_0_machine_options(MachineClass *m) ++static void pc_q35_4_0_1_machine_options(MachineClass *m) + { + pc_q35_machine_options(m); + m->alias = "q35"; + } + ++DEFINE_Q35_MACHINE(v4_0_1, "pc-q35-4.0.1", NULL, ++ pc_q35_4_0_1_machine_options); ++ ++static void pc_q35_4_0_machine_options(MachineClass *m) ++{ ++ pc_q35_4_0_1_machine_options(m); ++ m->default_kernel_irqchip_split = true; ++ m->alias = NULL; ++ compat_props_add(m->compat_props, hw_compat_4_0, hw_compat_4_0_len); ++ compat_props_add(m->compat_props, pc_compat_4_0, pc_compat_4_0_len); ++} ++ + DEFINE_Q35_MACHINE(v4_0, "pc-q35-4.0", NULL, + pc_q35_4_0_machine_options); + +diff --git a/include/hw/boards.h b/include/hw/boards.h +index e231860666a1..fe1885cbffa0 100644 +--- a/include/hw/boards.h ++++ b/include/hw/boards.h +@@ -293,6 +293,9 @@ struct MachineState { + } \ + type_init(machine_initfn##_register_types) + ++extern GlobalProperty hw_compat_4_0[]; ++extern const size_t hw_compat_4_0_len; ++ + extern GlobalProperty hw_compat_3_1[]; + extern const size_t hw_compat_3_1_len; + +diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h +index ca65ef18afb4..43df7230a22b 100644 +--- a/include/hw/i386/pc.h ++++ b/include/hw/i386/pc.h +@@ -293,6 +293,9 @@ int e820_add_entry(uint64_t, uint64_t, uint32_t); + int e820_get_num_entries(void); + bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *); + ++extern GlobalProperty pc_compat_4_0[]; ++extern const size_t pc_compat_4_0_len; ++ + extern GlobalProperty pc_compat_3_1[]; + extern const size_t pc_compat_3_1_len; diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch new file mode 100644 index 0000000000..3d9a5163ec --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.0.0-xkbcommon.patch @@ -0,0 +1,38 @@ +From cef396dc0b11a09ede85b275ed1ceee71b60a4b3 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Sat, 14 Sep 2019 15:47:20 +0100 +Subject: [PATCH] configure: Add xkbcommon configure options + +This dependency is currently "automagic", which is bad for distributions. + +Signed-off-by: James Le Cuirot +--- + configure | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/configure b/configure +index 30aad233d1..30544f52e6 100755 +--- a/configure ++++ b/configure +@@ -1521,6 +1521,10 @@ for opt do + ;; + --disable-libpmem) libpmem=no + ;; ++ --enable-xkbcommon) xkbcommon=yes ++ ;; ++ --disable-xkbcommon) xkbcommon=no ++ ;; + *) + echo "ERROR: unknown option $opt" + echo "Try '$0 --help' for more information" +@@ -1804,6 +1808,7 @@ disabled with --disable-FEATURE, default is enabled if available: + capstone capstone disassembler support + debug-mutex mutex debugging support + libpmem libpmem support ++ xkbcommon xkbcommon support + + NOTE: The object files are built at the place where configure is launched + EOF +-- +2.23.0 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.2.0-cflags.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.2.0-cflags.patch new file mode 100644 index 0000000000..101926589a --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-4.2.0-cflags.patch @@ -0,0 +1,16 @@ +diff --git i/configure w/configure +index a72a5def57..546d757603 100755 +--- i/configure ++++ w/configure +@@ -6093,10 +6093,6 @@ write_c_skeleton + if test "$gcov" = "yes" ; then + QEMU_CFLAGS="-fprofile-arcs -ftest-coverage -g $QEMU_CFLAGS" + QEMU_LDFLAGS="-fprofile-arcs -ftest-coverage $QEMU_LDFLAGS" +-elif test "$fortify_source" = "yes" ; then +- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" +-elif test "$debug" = "no"; then +- CFLAGS="-O2 $CFLAGS" + fi + + if test "$have_asan" = "yes"; then + diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml index e6ed85bf1f..07244b5def 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml @@ -5,6 +5,10 @@ tamiko@gentoo.org Matthias Maier + + slyfox@gentoo.org + Sergei Trofimovich + virtualization@gentoo.org Gentoo Virtualization Project @@ -30,22 +34,25 @@ Pin the versions of BIOS firmware to the version included in the upstream release. This is needed to sanely support migration/suspend/resume/snapshotting/etc... of instances. When the blobs are different, random corruption/bugs/crashes/etc... may be observed. + Enable qemu plugin API via shared library loading. Enable pulseaudio output for sound emulation Enable rados block device backend support, see http://ceph.newdream.net/wiki/QEMU-RBD Enable the SDL-based console + SDL Image support for icons Enable Spice protocol support via app-emulation/spice Enable SSH based block device support via net-libs/libssh2 Build the User targets as static binaries Build the User and Software MMU (system) targets as well as tools as static binaries - Enable support for snappy compression Enable SystemTAP/DTrace tracing Enable the TCG Interpreter which can speed up or slowdown workloads depending on the host and guest CPUs being emulated. In the future it will be a runtime option but for now its compile time. + Enable jemalloc allocator support Enable jpeg image support for the VNC console server Enable png image support for the VNC console server Enable USB passthrough via dev-libs/libusb Use sys-apps/usbredir to redirect USB devices to another machine over TCP Enable VDE-based networking Enable accelerated networking using vhost-net, see http://www.linux-kvm.org/page/VhostNet + Enable shared file system access using the FUSE protocol carried over virtio. Enable experimental Virgil 3d (virtual software GPU) Enable VirtFS via virtio-9p-pci / fsdev. See http://wiki.qemu.org/Documentation/9psetup Enable terminal support (x11-libs/vte) in the GTK+ interface @@ -55,5 +62,6 @@ Enables support for Xen backends Support xfsctl() notification and syncing for XFS backed virtual disks. + Depend on x11-libs/libxkbcommon to build qemu-keymap tool for converting xkb keymaps diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-4.0.0-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-4.2.0-r2.ebuild similarity index 90% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-4.0.0-r3.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-4.2.0-r2.ebuild index 60e2a687f6..e67734093d 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-4.0.0-r3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-4.2.0-r2.ebuild @@ -1,25 +1,31 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" -PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} ) +PYTHON_COMPAT=( python{3_6,3_7} ) PYTHON_REQ_USE="ncurses,readline" PLOCALES="bg de_DE fr_FR hu it tr zh_CN" -FIRMWARE_ABI_VERSION="2.11.1-r50" +FIRMWARE_ABI_VERSION="4.0.0-r50" inherit eutils linux-info toolchain-funcs multilib python-r1 \ - user udev fcaps readme.gentoo-r1 pax-utils l10n xdg-utils + udev fcaps readme.gentoo-r1 pax-utils l10n xdg-utils if [[ ${PV} = *9999* ]]; then - EGIT_REPO_URI="git://git.qemu.org/qemu.git" + EGIT_REPO_URI="https://git.qemu.org/git/qemu.git" + EGIT_SUBMODULES=( + slirp + tests/fp/berkeley-{test,soft}float-3 + ui/keycodemapdb + ) inherit git-r3 SRC_URI="" else - SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.xz" - KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" + SRC_URI="https://download.qemu.org/${P}.tar.xz + https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz" + KEYWORDS="amd64 ~arm64 ~ppc ~ppc64 x86" fi DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" @@ -27,12 +33,14 @@ HOMEPAGE="http://www.qemu.org http://www.linux-kvm.org" LICENSE="GPL-2 LGPL-2 BSD-2" SLOT="0" + IUSE="accessibility +aio alsa bzip2 capstone +caps +curl debug doc - +fdt glusterfs gnutls gtk infiniband iscsi +jpeg kernel_linux - kernel_FreeBSD lzo ncurses nfs nls numa opengl pin-upstream-blobs +png - pulseaudio python rbd sasl +seccomp sdl selinux smartcard snappy - spice ssh static static-user systemtap tci test usb usbredir vde - +vhost-net virgl virtfs +vnc vte xattr xen xfs" + +fdt glusterfs gnutls gtk infiniband iscsi jemalloc +jpeg kernel_linux + kernel_FreeBSD lzo ncurses nfs nls numa opengl +oss +pin-upstream-blobs + plugins +png pulseaudio python rbd sasl +seccomp sdl sdl-image selinux + smartcard snappy spice ssh static static-user systemtap tci test usb + usbredir vde +vhost-net vhost-user-fs virgl virtfs +vnc vte xattr xen + xfs +xkb" COMMON_TARGETS="aarch64 alpha arm cris hppa i386 m68k microblaze microblazeel mips mips64 mips64el mipsel nios2 or1k ppc ppc64 riscv32 riscv64 s390x @@ -47,6 +55,7 @@ use_softmmu_targets=$(printf ' qemu_softmmu_targets_%s' ${IUSE_SOFTMMU_TARGETS}) use_user_targets=$(printf ' qemu_user_targets_%s' ${IUSE_USER_TARGETS}) IUSE+=" ${use_softmmu_targets} ${use_user_targets}" +RESTRICT="!test? ( test )" # Allow no targets to be built so that people can get a tools-only build. # Block USE flag configurations known to not work. REQUIRED_USE="${PYTHON_REQUIRED_USE} @@ -57,9 +66,12 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE} qemu_softmmu_targets_ppc? ( fdt ) qemu_softmmu_targets_riscv32? ( fdt ) qemu_softmmu_targets_riscv64? ( fdt ) - static? ( static-user !alsa !gtk !opengl !pulseaudio !snappy ) + static? ( static-user !alsa !gtk !opengl !pulseaudio !plugins !rbd !snappy ) + static-user? ( !plugins ) virtfs? ( xattr ) - vte? ( gtk )" + vte? ( gtk ) + plugins? ( !static !static-user ) +" # Dependencies required for qemu tools (qemu-nbd, qemu-img, qemu-io, ...) # and user/softmmu targets (qemu-*, qemu-system-*). @@ -80,6 +92,7 @@ ALL_DEPEND=" # softmmu targets (qemu-system-*). SOFTMMU_TOOLS_DEPEND=" dev-libs/libxml2[static-libs(+)] + xkb? ( x11-libs/libxkbcommon[static-libs(+)] ) >=x11-libs/pixman-0.28.0[static-libs(+)] accessibility? ( app-accessibility/brltty[api] @@ -107,6 +120,7 @@ SOFTMMU_TOOLS_DEPEND=" sys-fabric/librdmacm:=[static-libs(+)] ) iscsi? ( net-libs/libiscsi ) + jemalloc? ( dev-libs/jemalloc ) jpeg? ( virtual/jpeg:0=[static-libs(+)] ) lzo? ( dev-libs/lzo:2[static-libs(+)] ) ncurses? ( @@ -123,12 +137,13 @@ SOFTMMU_TOOLS_DEPEND=" ) png? ( media-libs/libpng:0=[static-libs(+)] ) pulseaudio? ( media-sound/pulseaudio ) - rbd? ( sys-cluster/ceph[static-libs(+)] ) + rbd? ( sys-cluster/ceph ) sasl? ( dev-libs/cyrus-sasl[static-libs(+)] ) sdl? ( media-libs/libsdl2[X] media-libs/libsdl2[static-libs(+)] ) + sdl-image? ( media-libs/sdl2-image[static-libs(+)] ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) snappy? ( app-arch/snappy:= ) @@ -136,7 +151,7 @@ SOFTMMU_TOOLS_DEPEND=" >=app-emulation/spice-protocol-0.12.3 >=app-emulation/spice-0.12.0[static-libs(+)] ) - ssh? ( >=net-libs/libssh2-1.2.8[static-libs(+)] ) + ssh? ( >=net-libs/libssh-0.8.6[static-libs(+)] ) usb? ( >=virtual/libusb-1-r2[static-libs(+)] ) usbredir? ( >=sys-apps/usbredir-0.6[static-libs(+)] ) vde? ( net-misc/vde[static-libs(+)] ) @@ -147,9 +162,9 @@ SOFTMMU_TOOLS_DEPEND=" X86_FIRMWARE_DEPEND=" pin-upstream-blobs? ( - ~sys-firmware/edk2-ovmf-2017_p20180211[binary] - ~sys-firmware/ipxe-1.0.0_p20180211[binary] - ~sys-firmware/seabios-1.11.0[binary,seavgabios] + ~sys-firmware/edk2-ovmf-201905[binary] + ~sys-firmware/ipxe-1.0.0_p20190728[binary] + ~sys-firmware/seabios-1.12.0[binary,seavgabios] ~sys-firmware/sgabios-0.1_pre8[binary] ) !pin-upstream-blobs? ( @@ -160,7 +175,7 @@ X86_FIRMWARE_DEPEND=" )" PPC64_FIRMWARE_DEPEND=" pin-upstream-blobs? ( - ~sys-firmware/seabios-1.11.0[binary,seavgabios] + ~sys-firmware/seabios-1.12.0[binary,seavgabios] ) !pin-upstream-blobs? ( >=sys-firmware/seabios-1.10.2[seavgabios] @@ -168,7 +183,7 @@ PPC64_FIRMWARE_DEPEND=" " BDEPEND=" - ${PYTHON_DEPS} + $(python_gen_impl_dep) dev-lang/perl sys-apps/texinfo virtual/pkgconfig @@ -189,7 +204,6 @@ CDEPEND=" qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} ) " DEPEND="${CDEPEND} - ${PYTHON_DEPS} kernel_linux? ( >=sys-kernel/linux-headers-2.6.35 ) static? ( ${ALL_DEPEND} @@ -197,18 +211,16 @@ DEPEND="${CDEPEND} ) static-user? ( ${ALL_DEPEND} )" RDEPEND="${CDEPEND} + acct-group/kvm selinux? ( sec-policy/selinux-qemu )" PATCHES=( "${FILESDIR}"/${PN}-2.5.0-cflags.patch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch "${FILESDIR}"/${PN}-2.11.1-capstone_include_path.patch - "${FILESDIR}"/${P}-sanitize-interp_info.patch - "${FILESDIR}"/${PN}-3.1.0-md-clear-md-no.patch + "${FILESDIR}"/${PN}-4.0.0-sanitize-interp_info.patch "${FILESDIR}"/${PN}-4.0.0-mkdir_systemtap.patch #684902 - - # COREOS: fix for vpc creation in qemu-img - "${FILESDIR}"/0001-block-fix-vpc-max_table_entries-computation.patch + "${WORKDIR}"/patches ) QA_PREBUILT=" @@ -312,10 +324,6 @@ pkg_pretend() { fi } -pkg_setup() { - enewgroup kvm 78 -} - # Sanity check to make sure target lists are kept up-to-date. check_targets() { local var=$1 mak=$2 @@ -365,8 +373,9 @@ src_prepare() { default - # Fix ld and objcopy being called directly - tc-export AR LD OBJCOPY + # Use correct toolchain to fix cross-compiling + tc-export AR LD NM OBJCOPY PKG_CONFIG + export WINDRES=${CHOST}-windres # Verbose builds MAKEOPTS+=" V=1" @@ -393,8 +402,13 @@ qemu_src_configure() { local conf_opts=( --prefix=/usr --sysconfdir=/etc + --bindir=/usr/bin --libdir=/usr/$(get_libdir) + --datadir=/usr/share --docdir=/usr/share/doc/${PF}/html + --mandir=/usr/share/man + --with-confsuffix=/qemu + --localstatedir=/var --disable-bsd-user --disable-guest-agent --disable-strip @@ -411,6 +425,7 @@ qemu_src_configure() { $(use_enable debug debug-info) $(use_enable debug debug-tcg) $(use_enable doc docs) + $(use_enable plugins) $(use_enable tci tcg-interpreter) $(use_enable xattr attr) ) @@ -439,6 +454,7 @@ qemu_src_configure() { $(conf_notuser gtk) $(conf_notuser infiniband rdma) $(conf_notuser iscsi libiscsi) + $(conf_notuser jemalloc jemalloc) $(conf_notuser jpeg vnc-jpeg) $(conf_notuser kernel_linux kvm) $(conf_notuser lzo) @@ -450,15 +466,17 @@ qemu_src_configure() { $(conf_notuser rbd) $(conf_notuser sasl vnc-sasl) $(conf_notuser sdl) + $(conf_notuser sdl-image) $(conf_notuser seccomp) $(conf_notuser smartcard) $(conf_notuser snappy) $(conf_notuser spice) - $(conf_notuser ssh libssh2) + $(conf_notuser ssh libssh) $(conf_notuser usb libusb) $(conf_notuser usbredir usb-redir) $(conf_notuser vde) $(conf_notuser vhost-net) + $(conf_notuser vhost-user-fs) $(conf_notuser virgl virglrenderer) $(conf_notuser virtfs) $(conf_notuser vnc) @@ -466,6 +484,7 @@ qemu_src_configure() { $(conf_notuser xen) $(conf_notuser xen xen-pci-passthrough) $(conf_notuser xfs xfsctl) + $(conf_notuser xkb xkbcommon) ) if [[ ${buildtype} == "user" ]] ; then @@ -476,12 +495,14 @@ qemu_src_configure() { if [[ ! ${buildtype} == "user" ]] ; then # audio options - local audio_opts="oss" - use alsa && audio_opts="alsa,${audio_opts}" - use sdl && audio_opts="sdl,${audio_opts}" - use pulseaudio && audio_opts="pa,${audio_opts}" + local audio_opts=( + $(usev alsa) + $(usev oss) + $(usev sdl) + $(usex pulseaudio pa "") + ) conf_opts+=( - --audio-drv-list="${audio_opts}" + --audio-drv-list=$(printf "%s," "${audio_opts[@]}") ) fi @@ -594,7 +615,7 @@ src_test() { } qemu_python_install() { - python_domodule "${S}/python/qemu/qmp.py" + python_domodule "${S}/python/qemu" python_doscript "${S}/scripts/kvm/vmxcap" python_doscript "${S}/scripts/qmp/qmp-shell" @@ -673,7 +694,7 @@ src_install() { emake DESTDIR="${ED}" install # This might not exist if the test failed. #512010 - [[ -e check-report.html ]] && dohtml check-report.html + [[ -e check-report.html ]] && dodoc check-report.html if use kernel_linux; then udev_newrules "${FILESDIR}"/65-kvm.rules-r1 65-kvm.rules @@ -768,8 +789,8 @@ pkg_postinst() { xdg_icon_cache_update - [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \ - fcaps cap_net_admin /usr/libexec/qemu-bridge-helper + [[ -z ${EPREFIX} ]] && [[ -f ${EROOT}/usr/libexec/qemu-bridge-helper ]] && \ + fcaps cap_net_admin ${EROOT}/usr/libexec/qemu-bridge-helper DISABLE_AUTOFORMATTING=true readme.gentoo_print_elog