From 00b6d2ec43dd6e1e84d14af2373ec982a211479a87a4ac7bead37b8719e26787 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Ricardo=20Ziviani?= Date: Tue, 14 Sep 2021 22:18:25 +0000 Subject: [PATCH] Accepting request 919019 from home:jziviani:branches:Virtualization - Replace patch to fix hardcoded binfmt handler (bsc#1186256) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch * Patches added: qemu-binfmt-conf.sh-should-use-F-as-shor.patch - Stable fixes from upstream * Patches added: 9pfs-fix-crash-in-v9fs_walk.patch i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch plugins-do-not-limit-exported-symbols-if.patch plugins-execlog-removed-unintended-s-at-.patch qemu-sockets-fix-unix-socket-path-copy-a.patch target-i386-add-missing-bits-to-CR4_RESE.patch virtio-balloon-don-t-start-free-page-hin.patch OBS-URL: https://build.opensuse.org/request/show/919019 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=672 --- 9pfs-fix-crash-in-v9fs_walk.patch | 74 ++++++++++++ _constraints | 6 +- bundles.tar.xz | 4 +- ...-cpu-Remove-AVX_VNNI-feature-from-Co.patch | 32 +++++ ...ins-do-not-limit-exported-symbols-if.patch | 71 +++++++++++ ...ins-execlog-removed-unintended-s-at-.patch | 32 +++++ ...-binfmt-conf.sh-allow-overriding-SUS.patch | 64 ---------- ...-binfmt-conf.sh-should-use-F-as-shor.patch | 27 +++++ ...-sockets-fix-unix-socket-path-copy-a.patch | 83 +++++++++++++ qemu.changes | 19 +++ qemu.spec | 22 +++- ...et-i386-add-missing-bits-to-CR4_RESE.patch | 53 +++++++++ ...io-balloon-don-t-start-free-page-hin.patch | 111 ++++++++++++++++++ 13 files changed, 526 insertions(+), 72 deletions(-) create mode 100644 9pfs-fix-crash-in-v9fs_walk.patch create mode 100644 i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch create mode 100644 plugins-do-not-limit-exported-symbols-if.patch create mode 100644 plugins-execlog-removed-unintended-s-at-.patch delete mode 100644 qemu-binfmt-conf.sh-allow-overriding-SUS.patch create mode 100644 qemu-binfmt-conf.sh-should-use-F-as-shor.patch create mode 100644 qemu-sockets-fix-unix-socket-path-copy-a.patch create mode 100644 target-i386-add-missing-bits-to-CR4_RESE.patch create mode 100644 virtio-balloon-don-t-start-free-page-hin.patch diff --git a/9pfs-fix-crash-in-v9fs_walk.patch b/9pfs-fix-crash-in-v9fs_walk.patch new file mode 100644 index 00000000..4b5659c4 --- /dev/null +++ b/9pfs-fix-crash-in-v9fs_walk.patch @@ -0,0 +1,74 @@ +From: Christian Schoenebeck +Date: Wed, 1 Sep 2021 18:15:10 +0200 +Subject: 9pfs: fix crash in v9fs_walk() + +Git-commit: f83df00900816476cca41bb536e4d532b297d76e + +v9fs_walk() utilizes the v9fs_co_run_in_worker({...}) macro to run the +supplied fs driver code block on a background worker thread. + +When either the 'Twalk' client request was interrupted or if the client +requested fid for that 'Twalk' request caused a stat error then that +fs driver code block was left by 'break' keyword, with the intention to +return from worker thread back to main thread as well: + + v9fs_co_run_in_worker({ + if (v9fs_request_cancelled(pdu)) { + err = -EINTR; + break; + } + err = s->ops->lstat(&s->ctx, &dpath, &fidst); + if (err < 0) { + err = -errno; + break; + } + ... + }); + +However that 'break;' statement also skipped the v9fs_co_run_in_worker() +macro's final and mandatory + + /* re-enter back to qemu thread */ + qemu_coroutine_yield(); + +call and thus caused the rest of v9fs_walk() to be continued being +executed on the worker thread instead of main thread, eventually +leading to a crash in the transport virtio transport driver. + +To fix this issue and to prevent the same error from happening again by +other users of v9fs_co_run_in_worker() in future, auto wrap the supplied +code block into its own + + do { } while (0); + +loop inside the 'v9fs_co_run_in_worker' macro definition. + +Full discussion and backtrace: +https://lists.gnu.org/archive/html/qemu-devel/2021-08/msg05209.html +https://lists.gnu.org/archive/html/qemu-devel/2021-09/msg00174.html + +Fixes: 8d6cb100731c4d28535adbf2a3c2d1f29be3fef4 +Signed-off-by: Christian Schoenebeck +Cc: qemu-stable@nongnu.org +Reviewed-by: Greg Kurz +Message-Id: +Signed-off-by: Jose R. Ziviani +--- + hw/9pfs/coth.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h +index c51289903d0df0ff65f9d3f2649b..f83c7dda7bb8df8295c6a6db59c5 100644 +--- a/hw/9pfs/coth.h ++++ b/hw/9pfs/coth.h +@@ -51,7 +51,9 @@ + */ \ + qemu_coroutine_yield(); \ + qemu_bh_delete(co_bh); \ +- code_block; \ ++ do { \ ++ code_block; \ ++ } while (0); \ + /* re-enter back to qemu thread */ \ + qemu_coroutine_yield(); \ + } while (0) diff --git a/_constraints b/_constraints index ba5965e1..5fc1b620 100644 --- a/_constraints +++ b/_constraints @@ -8,7 +8,7 @@ - 10 + 15 @@ -32,7 +32,7 @@ - 1200 + 4096 @@ -42,6 +42,7 @@ i586 x86_64 ppc64le + s390x qemu:testsuite @@ -67,6 +68,7 @@ aarch64 x86_64 + s390x qemu diff --git a/bundles.tar.xz b/bundles.tar.xz index ba5f757f..4659a48a 100644 --- a/bundles.tar.xz +++ b/bundles.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:142b72d25648f82d201e7f06f26f898478a776bbd79cd04c853bcf38b612c50e -size 41228 +oid sha256:43c519c9991d32f0cb9babf8ac470a778ef80b428147c136264153915bd81130 +size 44228 diff --git a/i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch b/i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch new file mode 100644 index 00000000..25697247 --- /dev/null +++ b/i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch @@ -0,0 +1,32 @@ +From: Yang Zhong +Date: Fri, 20 Aug 2021 13:46:11 +0800 +Subject: i386/cpu: Remove AVX_VNNI feature from Cooperlake cpu model + +Git-commit: f429dbf8fc526a9cacf531176b28d0c65701475a + +The AVX_VNNI feature is not in Cooperlake platform, remove it +from cpu model. + +Signed-off-by: Yang Zhong +Message-Id: <20210820054611.84303-1-yang.zhong@intel.com> +Fixes: c1826ea6a052 ("i386/cpu: Expose AVX_VNNI instruction to guest") +Cc: qemu-stable@nongnu.org +Signed-off-by: Eduardo Habkost +Signed-off-by: Jose R. Ziviani +--- + target/i386/cpu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 34a7ce865bba4dcf759c719a2bb6..24ddc5b92654534742f80ca571ce 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -3102,7 +3102,7 @@ static const X86CPUDefinition builtin_x86_defs[] = { + MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO | + MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO, + .features[FEAT_7_1_EAX] = +- CPUID_7_1_EAX_AVX_VNNI | CPUID_7_1_EAX_AVX512_BF16, ++ CPUID_7_1_EAX_AVX512_BF16, + /* XSAVES is added in version 2 */ + .features[FEAT_XSAVE] = + CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | diff --git a/plugins-do-not-limit-exported-symbols-if.patch b/plugins-do-not-limit-exported-symbols-if.patch new file mode 100644 index 00000000..4daff492 --- /dev/null +++ b/plugins-do-not-limit-exported-symbols-if.patch @@ -0,0 +1,71 @@ +From: Paolo Bonzini +Date: Wed, 11 Aug 2021 12:05:50 +0200 +Subject: plugins: do not limit exported symbols if modules are active +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: b906acace2d4f68b6ff8de73739a773cc4851436 + +On Mac --enable-modules and --enable-plugins are currently incompatible, because the +Apple -Wl,-exported_symbols_list command line options prevents the export of any +symbols needed by the modules. On x86 -Wl,--dynamic-list does not have this effect, +but only because the -Wl,--export-dynamic option provided by gmodule-2.0.pc overrides +it. On Apple there is no -Wl,--export-dynamic, because it is the default, and thus +no override. + +Either way, when modules are active there is no reason to include the plugin_ldflags. +While at it, avoid the useless -Wl,--export-dynamic when --enable-plugins is +specified but --enable-modules is not; this way, the GNU and Apple configurations +are more similar. + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/516 +Signed-off-by: Paolo Bonzini +[AJB: fix noexport to no-export] +Signed-off-by: Alex Bennée +Message-Id: <20210811100550.54714-1-pbonzini@redhat.com> +Cc: qemu-stable@nongnu.org +Signed-off-by: Jose R. Ziviani +--- + configure | 5 ++--- + plugins/meson.build | 14 ++++++++------ + 2 files changed, 10 insertions(+), 9 deletions(-) + +diff --git a/configure b/configure +index 26368a637f85c0667fa627f7cbd6..8b90f02927f3ea161be9af7a0e3f 100755 +--- a/configure ++++ b/configure +@@ -3187,9 +3187,8 @@ glib_req_ver=2.56 + glib_modules=gthread-2.0 + if test "$modules" = yes; then + glib_modules="$glib_modules gmodule-export-2.0" +-fi +-if test "$plugins" = "yes"; then +- glib_modules="$glib_modules gmodule-2.0" ++elif test "$plugins" = "yes"; then ++ glib_modules="$glib_modules gmodule-no-export-2.0" + fi + + for i in $glib_modules; do +diff --git a/plugins/meson.build b/plugins/meson.build +index e77723010e6ebbed7b4cdaca6207..bfd5c9822a68d001a0a333a130d8 100644 +--- a/plugins/meson.build ++++ b/plugins/meson.build +@@ -1,9 +1,11 @@ +-if 'CONFIG_HAS_LD_DYNAMIC_LIST' in config_host +- plugin_ldflags = ['-Wl,--dynamic-list=' + (meson.build_root() / 'qemu-plugins-ld.symbols')] +-elif 'CONFIG_HAS_LD_EXPORTED_SYMBOLS_LIST' in config_host +- plugin_ldflags = ['-Wl,-exported_symbols_list,' + (meson.build_root() / 'qemu-plugins-ld64.symbols')] +-else +- plugin_ldflags = [] ++plugin_ldflags = [] ++# Modules need more symbols than just those in plugins/qemu-plugins.symbols ++if not enable_modules ++ if 'CONFIG_HAS_LD_DYNAMIC_LIST' in config_host ++ plugin_ldflags = ['-Wl,--dynamic-list=' + (meson.build_root() / 'qemu-plugins-ld.symbols')] ++ elif 'CONFIG_HAS_LD_EXPORTED_SYMBOLS_LIST' in config_host ++ plugin_ldflags = ['-Wl,-exported_symbols_list,' + (meson.build_root() / 'qemu-plugins-ld64.symbols')] ++ endif + endif + + specific_ss.add(when: 'CONFIG_PLUGIN', if_true: [files( diff --git a/plugins-execlog-removed-unintended-s-at-.patch b/plugins-execlog-removed-unintended-s-at-.patch new file mode 100644 index 00000000..cbac590b --- /dev/null +++ b/plugins-execlog-removed-unintended-s-at-.patch @@ -0,0 +1,32 @@ +From: Mahmoud Mandour +Date: Fri, 6 Aug 2021 15:10:12 +0100 +Subject: plugins/execlog: removed unintended "s" at the end of log lines. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: b40310616d2bd550279dd22b05483c3c613a00ff + +Signed-off-by: Mahmoud Mandour +Signed-off-by: Alex Bennée +Message-Id: <20210803151428.125323-1-ma.mandourr@gmail.com> +Message-Id: <20210806141015.2487502-2-alex.bennee@linaro.org> +Cc: qemu-stable@nongnu.org +Signed-off-by: Jose R. Ziviani +--- + contrib/plugins/execlog.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/contrib/plugins/execlog.c b/contrib/plugins/execlog.c +index 2de9f0d7d4d46446f7e1dd6b32b0..a5275dcc15c221b0967106629a21 100644 +--- a/contrib/plugins/execlog.c ++++ b/contrib/plugins/execlog.c +@@ -67,7 +67,7 @@ static void vcpu_insn_exec(unsigned int cpu_index, void *udata) + /* Print previous instruction in cache */ + if (s->len) { + qemu_plugin_outs(s->str); +- qemu_plugin_outs("s\n"); ++ qemu_plugin_outs("\n"); + } + + /* Store new instruction in cache */ diff --git a/qemu-binfmt-conf.sh-allow-overriding-SUS.patch b/qemu-binfmt-conf.sh-allow-overriding-SUS.patch deleted file mode 100644 index d16519e7..00000000 --- a/qemu-binfmt-conf.sh-allow-overriding-SUS.patch +++ /dev/null @@ -1,64 +0,0 @@ -From: Martin Wilck -Date: Wed, 19 May 2021 17:24:45 +0200 -Subject: qemu-binfmt-conf.sh: allow overriding SUSE-specific argv[0] handling - -Git-commit: 0000000000000000000000000000000000000000 -References: bsc#1186256 - -Since abbc0ce ("qemu-binfmt-conf: use qemu-ARCH-binfmt"), -qemu-binfmt-conf.sh automatically replaces the default qemu binfmt wrapper -qemu-$ARCH with qemu-$ARCH-binfmt in order to ensure that argv[0] is -preserved; qemu-$ARCH-binfmt is a link to qemu-binfmt, which is just a -simple wrapper that mangles argv to achieve the desired result. - -This is inconvenient in some situations. In particular for running -foreign-arch containers, it's useful to use the binfmt_misc "F" ("fix -binary") flag to pre-load the qemu wrapper in the kernel. That way, -foreign-arch containers can be run just like native containers, without -having to bind-mount interpreters into the container. But that's impossible -with the SUSE binfmt wrapper that needs to exec() a different (native) -executable. - -As the qemu-binfmt-conf script supports the --qemu-suffix option anyway, -use it to set the "-binfmt" suffix, thus allowing admins to override the -SUSE default with the option "--qemu-suffix ''". - -Signed-off-by: Martin Wilck -Acked-by: Jose R Ziviani ---- - scripts/qemu-binfmt-conf.sh | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh -index c46e604fa6ef3faaecccaae835ba..76c96815c350d7646aca7877587a 100755 ---- a/scripts/qemu-binfmt-conf.sh -+++ b/scripts/qemu-binfmt-conf.sh -@@ -185,6 +185,7 @@ Usage: qemu-binfmt-conf.sh [--qemu-path PATH][--debian][--systemd CPU] - --help: display this usage - --qemu-path: set path to qemu interpreter ($QEMU_PATH) - --qemu-suffix: add a suffix to the default interpreter name -+ (default: "-binfmt") - --debian: don't write into /proc, - instead generate update-binfmts templates - --systemd: don't write into /proc, -@@ -316,9 +317,9 @@ qemu_set_binfmts() { - continue - fi - -- qemu="$QEMU_PATH/qemu-$cpu-binfmt" -+ qemu="$QEMU_PATH/qemu-$cpu" - if [ "$cpu" = "i486" ] ; then -- qemu="$QEMU_PATH/qemu-i386-binfmt" -+ qemu="$QEMU_PATH/qemu-i386" - fi - - qemu="$qemu$QEMU_SUFFIX" -@@ -338,7 +339,7 @@ QEMU_PATH=/usr/bin - CREDENTIAL=no - PERSISTENT=no - PRESERVE_ARG0=no --QEMU_SUFFIX="" -+QEMU_SUFFIX="-binfmt" - - options=$(getopt -o ds:Q:S:e:hc:p:g: -l debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,preserve-argv0: -- "$@") - eval set -- "$options" diff --git a/qemu-binfmt-conf.sh-should-use-F-as-shor.patch b/qemu-binfmt-conf.sh-should-use-F-as-shor.patch new file mode 100644 index 00000000..be4c8200 --- /dev/null +++ b/qemu-binfmt-conf.sh-should-use-F-as-shor.patch @@ -0,0 +1,27 @@ +From: Martin Wilck +Date: Tue, 14 Sep 2021 14:10:58 -0300 +Subject: =?UTF-8?q?qemu-binfmt-conf.sh=20should=20use=20"-F"=20as=20short?= + =?UTF-8?q?=20option=20for=20"--qemu-suffix".=0AFix=20the=20getopt=20call?= + =?UTF-8?q?=20to=20make=20this=20work.?= + +Git-commit: 00000000000000000000000000000000000000000 +References: bsc#1186256 + +Signed-off-by: Martin Wilck +--- + scripts/qemu-binfmt-conf.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh +index c46e604fa6ef3faaecccaae835ba..a73232edfd7f9dedb3a7c32218fb 100755 +--- a/scripts/qemu-binfmt-conf.sh ++++ b/scripts/qemu-binfmt-conf.sh +@@ -340,7 +340,7 @@ PERSISTENT=no + PRESERVE_ARG0=no + QEMU_SUFFIX="" + +-options=$(getopt -o ds:Q:S:e:hc:p:g: -l debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,preserve-argv0: -- "$@") ++options=$(getopt -o ds:Q:S:e:hc:p:g:F: -l debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,preserve-argv0: -- "$@") + eval set -- "$options" + + while true ; do diff --git a/qemu-sockets-fix-unix-socket-path-copy-a.patch b/qemu-sockets-fix-unix-socket-path-copy-a.patch new file mode 100644 index 00000000..47559723 --- /dev/null +++ b/qemu-sockets-fix-unix-socket-path-copy-a.patch @@ -0,0 +1,83 @@ +From: Michael Tokarev +Date: Wed, 1 Sep 2021 16:16:24 +0300 +Subject: qemu-sockets: fix unix socket path copy (again) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: 118d527f2e4baec5fe8060b22a6212468b8e4d3f + +Commit 4cfd970ec188558daa6214f26203fe553fb1e01f added an +assert which ensures the path within an address of a unix +socket returned from the kernel is at least one byte and +does not exceed sun_path buffer. Both of this constraints +are wrong: + +A unix socket can be unnamed, in this case the path is +completely empty (not even \0) + +And some implementations (notable linux) can add extra +trailing byte (\0) _after_ the sun_path buffer if we +passed buffer larger than it (and we do). + +So remove the assertion (since it causes real-life breakage) +but at the same time fix the usage of sun_path. Namely, +we should not access sun_path[0] if kernel did not return +it at all (this is the case for unnamed sockets), +and use the returned salen when copyig actual path as an +upper constraint for the amount of bytes to copy - this +will ensure we wont exceed the information provided by +the kernel, regardless whenever there is a trailing \0 +or not. This also helps with unnamed sockets. + +Note the case of abstract socket, the sun_path is actually +a blob and can contain \0 characters, - it should not be +passed to g_strndup and the like, it should be accessed by +memcpy-like functions. + +Fixes: 4cfd970ec188558daa6214f26203fe553fb1e01f +Fixes: http://bugs.debian.org/993145 +Signed-off-by: Michael Tokarev +Reviewed-by: Daniel P. Berrangé +Reviewed-by: Marc-André Lureau +CC: qemu-stable@nongnu.org +Signed-off-by: Jose R. Ziviani +--- + util/qemu-sockets.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c +index f2f3676d1f71d1cdd6acb6c4b3b9..c5043999e9d47116a89511d82b23 100644 +--- a/util/qemu-sockets.c ++++ b/util/qemu-sockets.c +@@ -1345,25 +1345,22 @@ socket_sockaddr_to_address_unix(struct sockaddr_storage *sa, + SocketAddress *addr; + struct sockaddr_un *su = (struct sockaddr_un *)sa; + +- assert(salen >= sizeof(su->sun_family) + 1 && +- salen <= sizeof(struct sockaddr_un)); +- + addr = g_new0(SocketAddress, 1); + addr->type = SOCKET_ADDRESS_TYPE_UNIX; ++ salen -= offsetof(struct sockaddr_un, sun_path); + #ifdef CONFIG_LINUX +- if (!su->sun_path[0]) { ++ if (salen > 0 && !su->sun_path[0]) { + /* Linux abstract socket */ +- addr->u.q_unix.path = g_strndup(su->sun_path + 1, +- salen - sizeof(su->sun_family) - 1); ++ addr->u.q_unix.path = g_strndup(su->sun_path + 1, salen - 1); + addr->u.q_unix.has_abstract = true; + addr->u.q_unix.abstract = true; + addr->u.q_unix.has_tight = true; +- addr->u.q_unix.tight = salen < sizeof(*su); ++ addr->u.q_unix.tight = salen < sizeof(su->sun_path); + return addr; + } + #endif + +- addr->u.q_unix.path = g_strndup(su->sun_path, sizeof(su->sun_path)); ++ addr->u.q_unix.path = g_strndup(su->sun_path, salen); + return addr; + } + #endif /* WIN32 */ diff --git a/qemu.changes b/qemu.changes index 012e6a0a..34d2d9f6 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Sep 14 17:19:23 UTC 2021 - José Ricardo Ziviani + +- Replace patch to fix hardcoded binfmt handler + (bsc#1186256) +* Patches dropped: + qemu-binfmt-conf.sh-allow-overriding-SUS.patch +* Patches added: + qemu-binfmt-conf.sh-should-use-F-as-shor.patch +- Stable fixes from upstream +* Patches added: + 9pfs-fix-crash-in-v9fs_walk.patch + i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch + plugins-do-not-limit-exported-symbols-if.patch + plugins-execlog-removed-unintended-s-at-.patch + qemu-sockets-fix-unix-socket-path-copy-a.patch + target-i386-add-missing-bits-to-CR4_RESE.patch + virtio-balloon-don-t-start-free-page-hin.patch + ------------------------------------------------------------------- Wed Sep 8 17:51:18 UTC 2021 - José Ricardo Ziviani diff --git a/qemu.spec b/qemu.spec index dbef7042..36578884 100644 --- a/qemu.spec +++ b/qemu.spec @@ -176,10 +176,17 @@ Patch00040: roms-Makefile-add-cross-file-to-qboot-me.patch Patch00041: usb-Help-compiler-out-to-avoid-a-warning.patch Patch00042: qom-handle-case-of-chardev-spice-module-.patch Patch00043: doc-add-our-support-doc-to-the-main-proj.patch -Patch00044: qemu-binfmt-conf.sh-allow-overriding-SUS.patch -Patch00045: Revert-qemu-img-Improve-error-for-rebase.patch -Patch00046: Revert-qemu-img-Require-F-with-b-backing.patch -Patch00047: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch +Patch00044: Revert-qemu-img-Improve-error-for-rebase.patch +Patch00045: Revert-qemu-img-Require-F-with-b-backing.patch +Patch00046: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch +Patch00047: i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch +Patch00048: plugins-execlog-removed-unintended-s-at-.patch +Patch00049: plugins-do-not-limit-exported-symbols-if.patch +Patch00050: 9pfs-fix-crash-in-v9fs_walk.patch +Patch00051: virtio-balloon-don-t-start-free-page-hin.patch +Patch00052: qemu-sockets-fix-unix-socket-path-copy-a.patch +Patch00053: target-i386-add-missing-bits-to-CR4_RESE.patch +Patch00054: qemu-binfmt-conf.sh-should-use-F-as-shor.patch # Patches applied in roms/seabios/: Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch @@ -1118,6 +1125,13 @@ This package records qemu testsuite results and represents successful testing. %patch00045 -p1 %patch00046 -p1 %patch00047 -p1 +%patch00048 -p1 +%patch00049 -p1 +%patch00050 -p1 +%patch00051 -p1 +%patch00052 -p1 +%patch00053 -p1 +%patch00054 -p1 %patch01000 -p1 %patch01001 -p1 %patch01002 -p1 diff --git a/target-i386-add-missing-bits-to-CR4_RESE.patch b/target-i386-add-missing-bits-to-CR4_RESE.patch new file mode 100644 index 00000000..8d0a9123 --- /dev/null +++ b/target-i386-add-missing-bits-to-CR4_RESE.patch @@ -0,0 +1,53 @@ +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 31 Aug 2021 18:50:33 +0100 +Subject: target/i386: add missing bits to CR4_RESERVED_MASK +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: 69e3895f9d37ca39536775b13ce63e8c291427ba + +Booting Fedora kernels with -cpu max hangs very early in boot. Disabling +the la57 CPUID bit fixes the problem. git bisect traced the regression to + + commit 213ff024a2f92020290296cb9dc29c2af3d4a221 (HEAD, refs/bisect/bad) + Author: Lara Lazier + Date: Wed Jul 21 17:26:50 2021 +0200 + + target/i386: Added consistency checks for CR4 + + All MBZ bits in CR4 must be zero. (APM2 15.5) + Added reserved bitmask and added checks in both + helper_vmrun and helper_write_crN. + + Signed-off-by: Lara Lazier + Message-Id: <20210721152651.14683-2-laramglazier@gmail.com> + Signed-off-by: Paolo Bonzini + +In this commit CR4_RESERVED_MASK is missing CR4_LA57_MASK and +two others. Adding this lets Fedora kernels boot once again. + +Signed-off-by: Daniel P. Berrangé +Tested-by: Richard W.M. Jones +Message-Id: <20210831175033.175584-1-berrange@redhat.com> +[Removed VMXE/SMXE, matching the commit message. - Paolo] +Fixes: 213ff024a2 ("target/i386: Added consistency checks for CR4", 2021-07-22) +Cc: qemu-stable@nongnu.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Jose R. Ziviani +--- + target/i386/cpu.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 6c50d3ab4f1d38b4cbaf78c84ac0..21b33fbe2e696dabe06228b20d2e 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -257,6 +257,7 @@ typedef enum X86Seg { + | CR4_DE_MASK | CR4_PSE_MASK | CR4_PAE_MASK \ + | CR4_MCE_MASK | CR4_PGE_MASK | CR4_PCE_MASK \ + | CR4_OSFXSR_MASK | CR4_OSXMMEXCPT_MASK |CR4_UMIP_MASK \ ++ | CR4_LA57_MASK \ + | CR4_FSGSBASE_MASK | CR4_PCIDE_MASK | CR4_OSXSAVE_MASK \ + | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK)) + diff --git a/virtio-balloon-don-t-start-free-page-hin.patch b/virtio-balloon-don-t-start-free-page-hin.patch new file mode 100644 index 00000000..9f083851 --- /dev/null +++ b/virtio-balloon-don-t-start-free-page-hin.patch @@ -0,0 +1,111 @@ +From: David Hildenbrand +Date: Thu, 8 Jul 2021 11:53:38 +0200 +Subject: virtio-balloon: don't start free page hinting if postcopy is possible +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: fd51e54fa10221e5a8add894c38cc1cf199f4bc4 + +Postcopy never worked properly with 'free-page-hint=on', as there are +at least two issues: + +1) With postcopy, the guest will never receive a VIRTIO_BALLOON_CMD_ID_DONE + and consequently won't release free pages back to the OS once + migration finishes. + + The issue is that for postcopy, we won't do a final bitmap sync while + the guest is stopped on the source and + virtio_balloon_free_page_hint_notify() will only call + virtio_balloon_free_page_done() on the source during + PRECOPY_NOTIFY_CLEANUP, after the VM state was already migrated to + the destination. + +2) Once the VM touches a page on the destination that has been excluded + from migration on the source via qemu_guest_free_page_hint() while + postcopy is active, that thread will stall until postcopy finishes + and all threads are woken up. (with older Linux kernels that won't + retry faults when woken up via userfaultfd, we might actually get a + SEGFAULT) + + The issue is that the source will refuse to migrate any pages that + are not marked as dirty in the dirty bmap -- for example, because the + page might just have been sent. Consequently, the faulting thread will + stall, waiting for the page to be migrated -- which could take quite + a while and result in guest OS issues. + +While we could fix 1) comparatively easily, 2) is harder to get right and +might require more involved RAM migration changes on source and destination +[1]. + +As it never worked properly, let's not start free page hinting in the +precopy notifier if the postcopy migration capability was enabled to fix +it easily. Capabilities cannot be enabled once migration is already +running. + +Note 1: in the future we might either adjust migration code on the source + to track pages that have actually been sent or adjust + migration code on source and destination to eventually send + pages multiple times from the source and and deal with pages + that are sent multiple times on the destination. + +Note 2: virtio-mem has similar issues, however, access to "unplugged" + memory by the guest is very rare and we would have to be very + lucky for it to happen during migration. The spec states + "The driver SHOULD NOT read from unplugged memory blocks ..." + and "The driver MUST NOT write to unplugged memory blocks". + virtio-mem will move away from virtio_balloon_free_page_done() + soon and handle this case explicitly on the destination. + +[1] https://lkml.kernel.org/r/e79fd18c-aa62-c1d8-c7f3-ba3fc2c25fc8@redhat.com + +Fixes: c13c4153f76d ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT") +Cc: qemu-stable@nongnu.org +Cc: Wei Wang +Cc: Michael S. Tsirkin +Cc: Philippe Mathieu-Daudé +Cc: Alexander Duyck +Cc: Juan Quintela +Cc: "Dr. David Alan Gilbert" +Cc: Peter Xu +Signed-off-by: David Hildenbrand +Message-Id: <20210708095339.20274-2-david@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Peter Xu +Signed-off-by: Jose R. Ziviani +--- + hw/virtio/virtio-balloon.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c +index 4b5d9e5e5037acd592d4bdc645d2..ae7867a8db6e6f6875b656128973 100644 +--- a/hw/virtio/virtio-balloon.c ++++ b/hw/virtio/virtio-balloon.c +@@ -30,6 +30,7 @@ + #include "trace.h" + #include "qemu/error-report.h" + #include "migration/misc.h" ++#include "migration/migration.h" + + #include "hw/virtio/virtio-bus.h" + #include "hw/virtio/virtio-access.h" +@@ -662,6 +663,18 @@ virtio_balloon_free_page_hint_notify(NotifierWithReturn *n, void *data) + return 0; + } + ++ /* ++ * Pages hinted via qemu_guest_free_page_hint() are cleared from the dirty ++ * bitmap and will not get migrated, especially also not when the postcopy ++ * destination starts using them and requests migration from the source; the ++ * faulting thread will stall until postcopy migration finishes and ++ * all threads are woken up. Let's not start free page hinting if postcopy ++ * is possible. ++ */ ++ if (migrate_postcopy_ram()) { ++ return 0; ++ } ++ + switch (pnd->reason) { + case PRECOPY_NOTIFY_BEFORE_BITMAP_SYNC: + virtio_balloon_free_page_stop(dev);