- Update to 2008-03-02 snapshot [1]

- Fix unchecked block read/write vulnerability [2]

Submitted by:	nox [1]
Obtained from:	qemu cvs [2]
Security:	http://www.vuxml.org/freebsd/9cfbca7f-efb7-11dc-be01-0211060005df.html

1 files changed, 0 insertions, 92 deletions

diff --git a/emulators/qemu-devel/files/patch-tlb-vuln b/emulators/qemu-devel/files/patch-tlb-vuln
deleted file mode 100644
index 491d88f86ca8..000000000000
--- a/emulators/qemu-devel/files/patch-tlb-vuln
+++ /dev/null
@@ -1,92 +0,0 @@
-Index: qemu/cpu-exec.c
-diff -u qemu/cpu-exec.c:1.128 qemu/cpu-exec.c:1.129
---- qemu/cpu-exec.c:1.128	Sun Dec  2 06:18:23 2007
-+++ qemu/cpu-exec.c	Tue Dec 11 19:35:45 2007
-@@ -133,7 +133,7 @@
-     tb->tc_ptr = tc_ptr;
-     tb->cs_base = cs_base;
-     tb->flags = flags;
--    cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
-+    cpu_gen_code(env, tb, &code_gen_size);
-     code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
- 
-     /* check next page if needed */
-Index: qemu/exec-all.h
-diff -u qemu/exec-all.h:1.72 qemu/exec-all.h:1.73
---- qemu/exec-all.h:1.72	Mon Nov 19 00:38:33 2007
-+++ qemu/exec-all.h	Tue Dec 11 19:35:45 2007
-@@ -64,8 +64,9 @@
- int gen_intermediate_code(CPUState *env, struct TranslationBlock *tb);
- int gen_intermediate_code_pc(CPUState *env, struct TranslationBlock *tb);
- void dump_ops(const uint16_t *opc_buf, const uint32_t *opparam_buf);
-+unsigned long code_gen_max_block_size(void);
- int cpu_gen_code(CPUState *env, struct TranslationBlock *tb,
--                 int max_code_size, int *gen_code_size_ptr);
-+                 int *gen_code_size_ptr);
- int cpu_restore_state(struct TranslationBlock *tb, 
-                       CPUState *env, unsigned long searched_pc,
-                       void *puc);
-@@ -94,7 +95,6 @@
-     return tlb_set_page_exec(env, vaddr, paddr, prot, mmu_idx, is_softmmu);
- }
- 
--#define CODE_GEN_MAX_SIZE        65536
- #define CODE_GEN_ALIGN           16 /* must be >= of the size of a icache line */
- 
- #define CODE_GEN_PHYS_HASH_BITS     15
-Index: qemu/exec.c
-diff -u qemu/exec.c:1.117 qemu/exec.c:1.118
---- qemu/exec.c:1.117	Sun Dec  9 02:22:56 2007
-+++ qemu/exec.c	Tue Dec 11 19:35:45 2007
-@@ -56,7 +56,7 @@
- #endif
- 
- /* threshold to flush the translated code buffer */
--#define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - CODE_GEN_MAX_SIZE)
-+#define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - code_gen_max_block_size())
- 
- #define SMC_BITMAP_USE_THRESHOLD 10
- 
-@@ -622,7 +622,7 @@
-     tb->cs_base = cs_base;
-     tb->flags = flags;
-     tb->cflags = cflags;
--    cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
-+    cpu_gen_code(env, tb, &code_gen_size);
-     code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
- 
-     /* check next page if needed */
-Index: qemu/translate-all.c
-diff -u qemu/translate-all.c:1.23 qemu/translate-all.c:1.24
---- qemu/translate-all.c:1.23	Sun Dec  2 06:10:02 2007
-+++ qemu/translate-all.c	Tue Dec 11 19:35:45 2007
-@@ -132,14 +132,27 @@
-     }
- }
- 
-+unsigned long code_gen_max_block_size(void)
-+{
-+    static unsigned long max;
-+
-+    if (max == 0) {
-+#define DEF(s, n, copy_size) max = copy_size > max? copy_size : max;
-+#include "opc.h"
-+#undef DEF
-+        max *= OPC_MAX_SIZE;
-+    }
-+
-+    return max;
-+}
-+
- /* return non zero if the very first instruction is invalid so that
-    the virtual CPU can trigger an exception. 
- 
-    '*gen_code_size_ptr' contains the size of the generated code (host
-    code).
- */
--int cpu_gen_code(CPUState *env, TranslationBlock *tb,
--                 int max_code_size, int *gen_code_size_ptr)
-+int cpu_gen_code(CPUState *env, TranslationBlock *tb, int *gen_code_size_ptr)
- {
-     uint8_t *gen_code_buf;
-     int gen_code_size;