Merge pull request #299 from crazy-max/qemu-10.2.1

update qemu to 10.2.1

Author: crazy-max

docker-bake.hcl

@@ -5,7 +5,7 @@ variable "QEMU_REPO" {
   default = "https://github.com/qemu/qemu"
 }
 variable "QEMU_VERSION" {
-  default = "v10.1.3"
+  default = "v10.2.1"
 }
 variable "QEMU_PATCHES" {
   default = "cpu-max-arm"
@@ -70,7 +70,7 @@ target "buildkit" {
   inherits = ["mainline"]
   args = {
     BINARY_PREFIX = "buildkit-"
-    QEMU_PATCHES = "${QEMU_PATCHES},buildkit-direct-execve-v10.1"
+    QEMU_PATCHES = "${QEMU_PATCHES},buildkit-direct-execve-v10.2"
     QEMU_PRESERVE_ARGV0 = ""
   }
   cache-from = ["${REPO_SLUG}:buildkit-master"]

patches/aports.config

@@ -1,3 +1,4 @@
+10.2.1,7069a045cb08211a5871d7070125225fd6de8c58,linux-user-aarch64-target_fcntl.h-add-missing-TARGET
 10.1.3,4fabd1965b4d7469b4f1b63fd5d3b86838e923d7
 10.0.4,c9b4dbf9a02f4616c7e82fd4b97938da0f058c03
 9.2.2,334b162677f79271980f61d410dc136b98b93fc4

patches/buildkit-direct-execve-v10.2/0001-linux-user-have-execve-call-qemu-via-proc-self-exe-t.patch

@@ -0,0 +1,92 @@
+From b0ccc59b95c5520847354bd4ab57694e7510a4ea Mon Sep 17 00:00:00 2001
+From: CrazyMax <crazy-max@users.noreply.github.com>
+Date: Fri, 8 Sep 2023 10:47:29 +0200
+Subject: [PATCH 1/7] linux-user: have execve call qemu via /proc/self/exe to
+ not rely on binfmt_misc
+
+It is assumed that when a guest program calls execve syscall it wants to
+execute a program on the same guest architecture and not the host architecture.
+
+Previously, such a guest program would have execve syscall error out with:
+"exec format error".
+
+A common solution is to register the qemu binary in binfmt_misc but that is not a
+userland-friendly solution, requiring to modify kernel state.
+
+This patch injects /proc/self/exe as the first parameter and the qemu program name
+as argv[0] to execve.
+
+Signed-off-by: Tibor Vass <tibor@docker.com>
+Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
+---
+ linux-user/syscall.c | 44 +++++++++++++++++++++++++++++++-------------
+ 1 file changed, 31 insertions(+), 13 deletions(-)
+
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index 2edbd1ef15..b9808851e0 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -8489,10 +8489,37 @@ static int do_execv(CPUArchState *cpu_env, int dirfd,
+         envc++;
+     }
+ 
+-    argp = g_new0(char *, argc + 1);
++    argp = g_new0(char *, argc + 4);
+     envp = g_new0(char *, envc + 1);
+ 
+-    for (gp = guest_argp, q = argp; gp; gp += sizeof(abi_ulong), q++) {
++    if (!(p = lock_user_string(pathname)))
++        goto execve_efault;
++
++    /* if pathname is /proc/self/exe then retrieve the path passed to qemu via command line */
++    if (is_proc_myself(p, "exe")) {
++        CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
++        TaskState *ts = cpu->opaque;
++        p = ts->bprm->filename;
++    }
++
++    /* retrieve guest argv0 */
++    if (get_user_ual(addr, guest_argp))
++        goto execve_efault;
++
++    /*
++     * From the guest, the call
++     * 		execve(pathname, [argv0, argv1], envp)
++     * on the host, becomes:
++     * 		execve("/proc/self/exe", [qemu_progname, "-0", argv0, pathname, argv1], envp)
++     * where qemu_progname is the error message prefix for qemu
++    */
++    argp[0] = (char*)error_get_progname();
++    argp[1] = (char*)"-0";
++    argp[2] = (char*)lock_user_string(addr);
++    argp[3] = p;
++
++    /* copy guest argv1 onwards to host argv4 onwards */
++    for (gp = guest_argp + 1*sizeof(abi_ulong), q = argp + 4; gp; gp += sizeof(abi_ulong), q++) {
+         if (get_user_ual(addr, gp)) {
+             goto execve_efault;
+         }
+@@ -8531,18 +8558,9 @@ static int do_execv(CPUArchState *cpu_env, int dirfd,
+      * before the execve completes and makes it the other
+      * program's problem.
+      */
+-    p = lock_user_string(pathname);
+-    if (!p) {
+-        goto execve_efault;
+-    }
+-
+-    const char *exe = p;
+-    if (is_proc_myself(p, "exe")) {
+-        exe = exec_path;
+-    }
+     ret = is_execveat
+-        ? safe_execveat(dirfd, exe, argp, envp, flags)
+-        : safe_execve(exe, argp, envp);
++        ? safe_execveat(dirfd, "/proc/self/exe", argp, envp, flags)
++        : safe_execve("/proc/self/exe", argp, envp);
+     ret = get_errno(ret);
+ 
+     unlock_user(p, pathname, 0);
+-- 
+2.39.3 (Apple Git-146)
+

patches/buildkit-direct-execve-v10.2/0002-linux-user-lookup-user-program-in-PATH.patch

@@ -0,0 +1,76 @@
+From 4a12f3c8b2d145ccbd5a437fbdf03e84f7b43b49 Mon Sep 17 00:00:00 2001
+From: Tibor Vass <tibor@docker.com>
+Date: Tue, 2 Jun 2020 10:39:48 +0000
+Subject: [PATCH 2/7] linux-user: lookup user program in PATH
+
+Signed-off-by: Tibor Vass <tibor@docker.com>
+---
+ linux-user/main.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 44 insertions(+), 1 deletion(-)
+
+diff --git a/linux-user/main.c b/linux-user/main.c
+index 149e35432e..dd70ee10f1 100644
+--- a/linux-user/main.c
++++ b/linux-user/main.c
+@@ -600,6 +600,45 @@ static void usage(int exitcode)
+     exit(exitcode);
+ }
+ 
++/*
++ * path_lookup searches for an executable filename in the directories named by the PATH environment variable.
++ * Returns a copy of filename if it is an absolute path or could not find a match.
++ * Caller is responsible to free returned string.
++ * Adapted from musl's execvp implementation.
++ */
++static char *path_lookup(char *filename) {
++    const char *p, *z, *path = getenv("PATH");
++    size_t l, k;
++    struct stat buf;
++
++    /* if PATH is not set or filename is absolute path return filename */
++    if (!path || !filename || filename[0] == '/')
++        return strndup(filename, NAME_MAX+1);
++
++    k = strnlen(filename, NAME_MAX+1);
++    if (k > NAME_MAX) {
++        errno = ENAMETOOLONG;
++        return NULL;
++    }
++    l = strnlen(path, PATH_MAX-1)+1;
++
++    for (p = path; ; p = z) {
++        char *b = calloc(l+k+1, sizeof(char));
++        z = strchrnul(p, ':');
++        if (z-p >= l) {
++            if (!*z++) break;
++            continue;
++        }
++        memcpy(b, p, z-p);
++        b[z-p] = '/';
++        memcpy(b+(z-p)+(z>p), filename, k+1);
++        if (!stat(b, &buf) && !(buf.st_mode & S_IFDIR) && (buf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)))
++            return b;
++        if (!*z++) break;
++    }
++    return strndup(filename, NAME_MAX+1);
++}
++
+ static int parse_args(int argc, char **argv)
+ {
+     const char *r;
+@@ -665,7 +704,11 @@ static int parse_args(int argc, char **argv)
+         exit(EXIT_FAILURE);
+     }
+ 
+-    exec_path = argv[optind];
++    /* not freeing exec_path as it is needed for the lifetime of the process */
++    if (!(exec_path = path_lookup(argv[optind]))) {
++        (void) fprintf(stderr, "qemu: could not find user program %s: %s\n", exec_path, strerror(errno));
++        exit(EXIT_FAILURE);
++    }
+ 
+     return optind;
+ }
+-- 
+2.39.3 (Apple Git-146)
+

patches/buildkit-direct-execve-v10.2/0003-linux-user-path-in-execve-should-be-relative-to-work.patch

@@ -0,0 +1,106 @@
+From b05369333c5e7899e88fb1e7863b06c5690990bf Mon Sep 17 00:00:00 2001
+From: CrazyMax <crazy-max@users.noreply.github.com>
+Date: Wed, 3 May 2023 20:54:37 +0200
+Subject: [PATCH 3/7] linux-user: path in execve should be relative to working
+ dir
+
+Fixes regression introduced in parent commit where PATH handling was introduced.
+
+When guest calls execve(filename, argp, envp) filename can be relative in which
+case Linux makes it relative to the working directory.
+
+However, since execve is now handled by exec-ing qemu process again, filename
+would first get looked up in PATH in main() before calling host's execve.
+
+With this change, if filename is relative and exists in working directory as
+well as in PATH, working directory will get precedence over PATH if guest is
+doing an execve syscall, but not if relative filename comes from qemu's argv.
+
+Signed-off-by: Tibor Vass <tibor@docker.com>
+Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
+Signed-off-by: Zewei Yang <yangzewei@loongson.cn>
+---
+ include/qemu/path.h  |  1 +
+ linux-user/syscall.c |  9 +++++++--
+ util/path.c          | 33 +++++++++++++++++++++++++++++++++
+ 3 files changed, 41 insertions(+), 2 deletions(-)
+
+diff --git a/include/qemu/path.h b/include/qemu/path.h
+index c6292a9..a81fb51 100644
+--- a/include/qemu/path.h
++++ b/include/qemu/path.h
+@@ -3,5 +3,6 @@
+ 
+ void init_paths(const char *prefix);
+ const char *path(const char *pathname);
++const char *prepend_workdir_if_relative(const char *path);
+ 
+ #endif
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index bd8f64e..7a23639 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -8641,12 +8641,17 @@ static int do_execv(CPUArchState *cpu_env, int dirfd,
+      * 		execve(pathname, [argv0, argv1], envp)
+      * on the host, becomes:
+      * 		execve("/proc/self/exe", [qemu_progname, "-0", argv0, pathname, argv1], envp)
+-     * where qemu_progname is the error message prefix for qemu
++     * where qemu_progname is the error message prefix for qemu.
++     * Note: if pathname is relative, it will be prepended with the current working directory.
+     */
+     argp[0] = (char*)error_get_progname();
+     argp[1] = (char*)"-0";
+     argp[2] = (char*)lock_user_string(addr);
+-    argp[3] = p;
++    argp[3] = (char*)prepend_workdir_if_relative(p);
++    if (!argp[3]) {
++        ret = -host_to_target_errno(errno);
++        goto execve_end;
++    }
+ 
+     /* copy guest argv1 onwards to host argv4 onwards */
+     for (gp = guest_argp + 1*sizeof(abi_ulong), q = argp + 4; gp; gp += sizeof(abi_ulong), q++) {
+diff --git a/util/path.c b/util/path.c
+index 8e174eb..a5afd52 100644
+--- a/util/path.c
++++ b/util/path.c
+@@ -68,3 +68,36 @@ const char *path(const char *name)
+     qemu_mutex_unlock(&lock);
+     return ret;
+ }
++
++/* Prepends working directory if path is relative.
++ * If path is absolute, it is returned as-is without any allocation.
++ * Otherwise, caller is responsible to free returned path.
++ * Returns NULL and sets errno upon error.
++ * Note: realpath is not called to let the kernel do the rest of the resolution.
++ */
++const char *prepend_workdir_if_relative(const char *path)
++{
++    char buf[PATH_MAX];
++    char *p;
++    int i, j, k;
++
++    if (!path || path[0] == '/') return path;
++
++    if (!getcwd(buf, PATH_MAX)) return NULL;
++    i = strlen(buf);
++    j = strlen(path);
++    k = i + 1 + j + 1; /* workdir + '/' + path + '\0' */
++    if (i + j > PATH_MAX) {
++        errno = ERANGE;
++        return NULL;
++    }
++    if (!(p = malloc(k * sizeof(char)))) return NULL;
++
++    p[0] = '\0';
++
++    memcpy(p, buf, i);
++    p[i] = '/';
++    memcpy(p + i + 1, path, j);
++    p[i + 1 + j] = '\0';
++    return p;
++}
+-- 
+2.47.3
+