Accepting request 919019 from home:jziviani:branches:Virtualization

- Replace patch to fix hardcoded binfmt handler (bsc#1186256) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch * Patches added: qemu-binfmt-conf.sh-should-use-F-as-shor.patch - Stable fixes from upstream * Patches added: 9pfs-fix-crash-in-v9fs_walk.patch i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch plugins-do-not-limit-exported-symbols-if.patch plugins-execlog-removed-unintended-s-at-.patch qemu-sockets-fix-unix-socket-path-copy-a.patch target-i386-add-missing-bits-to-CR4_RESE.patch virtio-balloon-don-t-start-free-page-hin.patch OBS-URL: https://build.opensuse.org/request/show/919019 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=672
2021-09-14 22:18:25 +00:00 · 2021-09-14 22:18:25 +00:00 · 00b6d2ec43
commit 00b6d2ec43
parent 39abf6289b
13 changed files with 526 additions and 72 deletions
--- a/9pfs-fix-crash-in-v9fs_walk.patch
+++ b/9pfs-fix-crash-in-v9fs_walk.patch
@ -0,0 +1,74 @@
 From: Christian Schoenebeck <qemu_oss@crudebyte.com>
 Date: Wed, 1 Sep 2021 18:15:10 +0200
 Subject: 9pfs: fix crash in v9fs_walk()
 Git-commit: f83df00900816476cca41bb536e4d532b297d76e
 v9fs_walk() utilizes the v9fs_co_run_in_worker({...}) macro to run the
 supplied fs driver code block on a background worker thread.
 When either the 'Twalk' client request was interrupted or if the client
 requested fid for that 'Twalk' request caused a stat error then that
 fs driver code block was left by 'break' keyword, with the intention to
 return from worker thread back to main thread as well:
    v9fs_co_run_in_worker({
        if (v9fs_request_cancelled(pdu)) {
            err = -EINTR;
            break;
        }
        err = s->ops->lstat(&s->ctx, &dpath, &fidst);
        if (err < 0) {
            err = -errno;
            break;
        }
        ...
    });
 However that 'break;' statement also skipped the v9fs_co_run_in_worker()
 macro's final and mandatory
    /* re-enter back to qemu thread */
    qemu_coroutine_yield();
 call and thus caused the rest of v9fs_walk() to be continued being
 executed on the worker thread instead of main thread, eventually
 leading to a crash in the transport virtio transport driver.
 To fix this issue and to prevent the same error from happening again by
 other users of v9fs_co_run_in_worker() in future, auto wrap the supplied
 code block into its own
    do { } while (0);
 loop inside the 'v9fs_co_run_in_worker' macro definition.
 Full discussion and backtrace:
 https://lists.gnu.org/archive/html/qemu-devel/2021-08/msg05209.html
 https://lists.gnu.org/archive/html/qemu-devel/2021-09/msg00174.html
 Fixes: 8d6cb100731c4d28535adbf2a3c2d1f29be3fef4
 Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
 Cc: qemu-stable@nongnu.org
 Reviewed-by: Greg Kurz <groug@kaod.org>
 Message-Id: <E1mLTBg-0002Bh-2D@lizzy.crudebyte.com>
 Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
 ---
 hw/9pfs/coth.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h
 index c51289903d0df0ff65f9d3f2649b..f83c7dda7bb8df8295c6a6db59c5 100644
 --- a/hw/9pfs/coth.h
 +++ b/hw/9pfs/coth.h
@@ -51,7 +51,9 @@
          */                                                             \
         qemu_coroutine_yield();                                         \
         qemu_bh_delete(co_bh);                                          \
 -        code_block;                                                     \
 +        do {                                                            \
 +            code_block;                                                 \
 +        } while (0);                                                    \
         /* re-enter back to qemu thread */                              \
         qemu_coroutine_yield();                                         \
     } while (0)
--- a/6
+++ b/6
@ -8,7 +8,7 @@
    </conditions>
    <hardware>
      <disk>
-        <size unit="G">10</size>
+        <size unit="G">15</size>
      </disk>
    </hardware>
  </overwrite>
@ -32,7 +32,7 @@
    </conditions>
    <hardware>
      <memory>
-        <size unit="M">1200</size>
+        <size unit="M">4096</size>
      </memory>
    </hardware>
  </overwrite>
@ -42,6 +42,7 @@
      <arch>i586</arch>
      <arch>x86_64</arch>
      <arch>ppc64le</arch>
      <arch>s390x</arch>
      <package>qemu:testsuite</package>
    </conditions>
    <hardware>
@ -67,6 +68,7 @@
    <conditions>
      <arch>aarch64</arch>
      <arch>x86_64</arch>
      <arch>s390x</arch>
      <package>qemu</package>
    </conditions>
    <hardware>
--- a/bundles.tar.xz
+++ b/bundles.tar.xz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:142b72d25648f82d201e7f06f26f898478a776bbd79cd04c853bcf38b612c50e
+oid sha256:43c519c9991d32f0cb9babf8ac470a778ef80b428147c136264153915bd81130
-size 41228
+size 44228
--- a/i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
+++ b/i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
@ -0,0 +1,32 @@
 From: Yang Zhong <yang.zhong@intel.com>
 Date: Fri, 20 Aug 2021 13:46:11 +0800
 Subject: i386/cpu: Remove AVX_VNNI feature from Cooperlake cpu model
 Git-commit: f429dbf8fc526a9cacf531176b28d0c65701475a
 The AVX_VNNI feature is not in Cooperlake platform, remove it
 from cpu model.
 Signed-off-by: Yang Zhong <yang.zhong@intel.com>
 Message-Id: <20210820054611.84303-1-yang.zhong@intel.com>
 Fixes: c1826ea6a052 ("i386/cpu: Expose AVX_VNNI instruction to guest")
 Cc: qemu-stable@nongnu.org
 Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
 Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
 ---
 target/i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/target/i386/cpu.c b/target/i386/cpu.c
 index 34a7ce865bba4dcf759c719a2bb6..24ddc5b92654534742f80ca571ce 100644
 --- a/target/i386/cpu.c
 +++ b/target/i386/cpu.c
@@ -3102,7 +3102,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
             MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO |
             MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO,
         .features[FEAT_7_1_EAX] =
 -            CPUID_7_1_EAX_AVX_VNNI | CPUID_7_1_EAX_AVX512_BF16,
 +            CPUID_7_1_EAX_AVX512_BF16,
         /* XSAVES is added in version 2 */
         .features[FEAT_XSAVE] =
             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
--- a/plugins-do-not-limit-exported-symbols-if.patch
+++ b/plugins-do-not-limit-exported-symbols-if.patch
@ -0,0 +1,71 @@
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Wed, 11 Aug 2021 12:05:50 +0200
 Subject: plugins: do not limit exported symbols if modules are active
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Git-commit: b906acace2d4f68b6ff8de73739a773cc4851436
 On Mac --enable-modules and --enable-plugins are currently incompatible, because the
 Apple -Wl,-exported_symbols_list command line options prevents the export of any
 symbols needed by the modules.  On x86 -Wl,--dynamic-list does not have this effect,
 but only because the -Wl,--export-dynamic option provided by gmodule-2.0.pc overrides
 it.  On Apple there is no -Wl,--export-dynamic, because it is the default, and thus
 no override.
 Either way, when modules are active there is no reason to include the plugin_ldflags.
 While at it, avoid the useless -Wl,--export-dynamic when --enable-plugins is
 specified but --enable-modules is not; this way, the GNU and Apple configurations
 are more similar.
 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/516
 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 [AJB: fix noexport to no-export]
 Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
 Message-Id: <20210811100550.54714-1-pbonzini@redhat.com>
 Cc: qemu-stable@nongnu.org
 Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
 ---
 configure           |  5 ++---
 plugins/meson.build | 14 ++++++++------
 2 files changed, 10 insertions(+), 9 deletions(-)
 diff --git a/configure b/configure
 index 26368a637f85c0667fa627f7cbd6..8b90f02927f3ea161be9af7a0e3f 100755
 --- a/configure
 +++ b/configure
@@ -3187,9 +3187,8 @@ glib_req_ver=2.56
 glib_modules=gthread-2.0
 if test "$modules" = yes; then
     glib_modules="$glib_modules gmodule-export-2.0"
 -fi
 -if test "$plugins" = "yes"; then
 -    glib_modules="$glib_modules gmodule-2.0"
 +elif test "$plugins" = "yes"; then
 +    glib_modules="$glib_modules gmodule-no-export-2.0"
 fi
 for i in $glib_modules; do
 diff --git a/plugins/meson.build b/plugins/meson.build
 index e77723010e6ebbed7b4cdaca6207..bfd5c9822a68d001a0a333a130d8 100644
 --- a/plugins/meson.build
 +++ b/plugins/meson.build
@@ -1,9 +1,11 @@
 -if 'CONFIG_HAS_LD_DYNAMIC_LIST' in config_host
 -  plugin_ldflags = ['-Wl,--dynamic-list=' + (meson.build_root() / 'qemu-plugins-ld.symbols')]
 -elif 'CONFIG_HAS_LD_EXPORTED_SYMBOLS_LIST' in config_host
 -  plugin_ldflags = ['-Wl,-exported_symbols_list,' + (meson.build_root() / 'qemu-plugins-ld64.symbols')]
 -else
 -  plugin_ldflags = []
 +plugin_ldflags = []
 +# Modules need more symbols than just those in plugins/qemu-plugins.symbols
 +if not enable_modules
 +  if 'CONFIG_HAS_LD_DYNAMIC_LIST' in config_host
 +    plugin_ldflags = ['-Wl,--dynamic-list=' + (meson.build_root() / 'qemu-plugins-ld.symbols')]
 +  elif 'CONFIG_HAS_LD_EXPORTED_SYMBOLS_LIST' in config_host
 +    plugin_ldflags = ['-Wl,-exported_symbols_list,' + (meson.build_root() / 'qemu-plugins-ld64.symbols')]
 +  endif
 endif
 specific_ss.add(when: 'CONFIG_PLUGIN', if_true: [files(
--- a/plugins-execlog-removed-unintended-s-at-.patch
+++ b/plugins-execlog-removed-unintended-s-at-.patch
@ -0,0 +1,32 @@
 From: Mahmoud Mandour <ma.mandourr@gmail.com>
 Date: Fri, 6 Aug 2021 15:10:12 +0100
 Subject: plugins/execlog: removed unintended "s" at the end of log lines.
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Git-commit: b40310616d2bd550279dd22b05483c3c613a00ff
 Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com>
 Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
 Message-Id: <20210803151428.125323-1-ma.mandourr@gmail.com>
 Message-Id: <20210806141015.2487502-2-alex.bennee@linaro.org>
 Cc: qemu-stable@nongnu.org
 Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
 ---
 contrib/plugins/execlog.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/contrib/plugins/execlog.c b/contrib/plugins/execlog.c
 index 2de9f0d7d4d46446f7e1dd6b32b0..a5275dcc15c221b0967106629a21 100644
 --- a/contrib/plugins/execlog.c
 +++ b/contrib/plugins/execlog.c
@@ -67,7 +67,7 @@ static void vcpu_insn_exec(unsigned int cpu_index, void *udata)
     /* Print previous instruction in cache */
     if (s->len) {
         qemu_plugin_outs(s->str);
 -        qemu_plugin_outs("s\n");
 +        qemu_plugin_outs("\n");
     }
     /* Store new instruction in cache */
--- a/qemu-binfmt-conf.sh-allow-overriding-SUS.patch
+++ b/qemu-binfmt-conf.sh-allow-overriding-SUS.patch
@ -1,64 +0,0 @@
 From: Martin Wilck <mwilck@suse.com>
 Date: Wed, 19 May 2021 17:24:45 +0200
 Subject: qemu-binfmt-conf.sh: allow overriding SUSE-specific argv[0] handling
 Git-commit: 0000000000000000000000000000000000000000
 References: bsc#1186256
 Since abbc0ce ("qemu-binfmt-conf: use qemu-ARCH-binfmt"),
 qemu-binfmt-conf.sh automatically replaces the default qemu binfmt wrapper
 qemu-$ARCH with qemu-$ARCH-binfmt in order to ensure that argv[0] is
 preserved; qemu-$ARCH-binfmt is a link to qemu-binfmt, which is just a
 simple wrapper that mangles argv to achieve the desired result.
 This is inconvenient in some situations. In particular for running
 foreign-arch containers, it's useful to use the binfmt_misc "F" ("fix
 binary") flag to pre-load the qemu wrapper in the kernel. That way,
 foreign-arch containers can be run just like native containers, without
 having to bind-mount interpreters into the container. But that's impossible
 with the SUSE binfmt wrapper that needs to exec() a different (native)
 executable.
 As the qemu-binfmt-conf script supports the --qemu-suffix option anyway,
 use it to set the "-binfmt" suffix, thus allowing admins to override the
 SUSE default with the option "--qemu-suffix ''".
 Signed-off-by: Martin Wilck <mwilck@suse.com>
 Acked-by: Jose R Ziviani <jose.ziviani@suse.com>
 ---
 scripts/qemu-binfmt-conf.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
 diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
 index c46e604fa6ef3faaecccaae835ba..76c96815c350d7646aca7877587a 100755
 --- a/scripts/qemu-binfmt-conf.sh
 +++ b/scripts/qemu-binfmt-conf.sh
@@ -185,6 +185,7 @@ Usage: qemu-binfmt-conf.sh [--qemu-path PATH][--debian][--systemd CPU]
        --help:          display this usage
        --qemu-path:     set path to qemu interpreter ($QEMU_PATH)
        --qemu-suffix:   add a suffix to the default interpreter name
 +                        (default: "-binfmt")
        --debian:        don't write into /proc,
                         instead generate update-binfmts templates
        --systemd:       don't write into /proc,
@@ -316,9 +317,9 @@ qemu_set_binfmts() {
             continue
         fi
 -        qemu="$QEMU_PATH/qemu-$cpu-binfmt"
 +        qemu="$QEMU_PATH/qemu-$cpu"
         if [ "$cpu" = "i486" ] ; then
 -            qemu="$QEMU_PATH/qemu-i386-binfmt"
 +            qemu="$QEMU_PATH/qemu-i386"
         fi
         qemu="$qemu$QEMU_SUFFIX"
@@ -338,7 +339,7 @@ QEMU_PATH=/usr/bin
 CREDENTIAL=no
 PERSISTENT=no
 PRESERVE_ARG0=no
 -QEMU_SUFFIX=""
 +QEMU_SUFFIX="-binfmt"
 options=$(getopt -o ds:Q:S:e:hc:p:g: -l debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,preserve-argv0: -- "$@")
 eval set -- "$options"
--- a/qemu-binfmt-conf.sh-should-use-F-as-shor.patch
+++ b/qemu-binfmt-conf.sh-should-use-F-as-shor.patch
@ -0,0 +1,27 @@
 From: Martin Wilck <mwilck@suse.com>
 Date: Tue, 14 Sep 2021 14:10:58 -0300
 Subject: =?UTF-8?q?qemu-binfmt-conf.sh=20should=20use=20"-F"=20as=20short?=
 =?UTF-8?q?=20option=20for=20"--qemu-suffix".=0AFix=20the=20getopt=20call?=
 =?UTF-8?q?=20to=20make=20this=20work.?=
 Git-commit: 00000000000000000000000000000000000000000
 References: bsc#1186256
 Signed-off-by: Martin Wilck <mwilck@suse.com>
 ---
 scripts/qemu-binfmt-conf.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
 index c46e604fa6ef3faaecccaae835ba..a73232edfd7f9dedb3a7c32218fb 100755
 --- a/scripts/qemu-binfmt-conf.sh
 +++ b/scripts/qemu-binfmt-conf.sh
@@ -340,7 +340,7 @@ PERSISTENT=no
 PRESERVE_ARG0=no
 QEMU_SUFFIX=""
 -options=$(getopt -o ds:Q:S:e:hc:p:g: -l debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,preserve-argv0: -- "$@")
 +options=$(getopt -o ds:Q:S:e:hc:p:g:F: -l debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,preserve-argv0: -- "$@")
 eval set -- "$options"
 while true ; do
--- a/qemu-sockets-fix-unix-socket-path-copy-a.patch
+++ b/qemu-sockets-fix-unix-socket-path-copy-a.patch
@ -0,0 +1,83 @@
 From: Michael Tokarev <mjt@tls.msk.ru>
 Date: Wed, 1 Sep 2021 16:16:24 +0300
 Subject: qemu-sockets: fix unix socket path copy (again)
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Git-commit: 118d527f2e4baec5fe8060b22a6212468b8e4d3f
 Commit 4cfd970ec188558daa6214f26203fe553fb1e01f added an
 assert which ensures the path within an address of a unix
 socket returned from the kernel is at least one byte and
 does not exceed sun_path buffer. Both of this constraints
 are wrong:
 A unix socket can be unnamed, in this case the path is
 completely empty (not even \0)
 And some implementations (notable linux) can add extra
 trailing byte (\0) _after_ the sun_path buffer if we
 passed buffer larger than it (and we do).
 So remove the assertion (since it causes real-life breakage)
 but at the same time fix the usage of sun_path. Namely,
 we should not access sun_path[0] if kernel did not return
 it at all (this is the case for unnamed sockets),
 and use the returned salen when copyig actual path as an
 upper constraint for the amount of bytes to copy - this
 will ensure we wont exceed the information provided by
 the kernel, regardless whenever there is a trailing \0
 or not. This also helps with unnamed sockets.
 Note the case of abstract socket, the sun_path is actually
 a blob and can contain \0 characters, - it should not be
 passed to g_strndup and the like, it should be accessed by
 memcpy-like functions.
 Fixes: 4cfd970ec188558daa6214f26203fe553fb1e01f
 Fixes: http://bugs.debian.org/993145
 Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
 Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
 CC: qemu-stable@nongnu.org
 Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
 ---
 util/qemu-sockets.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)
 diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
 index f2f3676d1f71d1cdd6acb6c4b3b9..c5043999e9d47116a89511d82b23 100644
 --- a/util/qemu-sockets.c
 +++ b/util/qemu-sockets.c
@@ -1345,25 +1345,22 @@ socket_sockaddr_to_address_unix(struct sockaddr_storage *sa,
     SocketAddress *addr;
     struct sockaddr_un *su = (struct sockaddr_un *)sa;
 -    assert(salen >= sizeof(su->sun_family) + 1 &&
 -           salen <= sizeof(struct sockaddr_un));
 -
     addr = g_new0(SocketAddress, 1);
     addr->type = SOCKET_ADDRESS_TYPE_UNIX;
 +    salen -= offsetof(struct sockaddr_un, sun_path);
 #ifdef CONFIG_LINUX
 -    if (!su->sun_path[0]) {
 +    if (salen > 0 && !su->sun_path[0]) {
         /* Linux abstract socket */
 -        addr->u.q_unix.path = g_strndup(su->sun_path + 1,
 -                                        salen - sizeof(su->sun_family) - 1);
 +        addr->u.q_unix.path = g_strndup(su->sun_path + 1, salen - 1);
         addr->u.q_unix.has_abstract = true;
         addr->u.q_unix.abstract = true;
         addr->u.q_unix.has_tight = true;
 -        addr->u.q_unix.tight = salen < sizeof(*su);
 +        addr->u.q_unix.tight = salen < sizeof(su->sun_path);
         return addr;
     }
 #endif
 -    addr->u.q_unix.path = g_strndup(su->sun_path, sizeof(su->sun_path));
 +    addr->u.q_unix.path = g_strndup(su->sun_path, salen);
     return addr;
 }
 #endif /* WIN32 */
--- a/qemu.changes
+++ b/qemu.changes
@ -1,3 +1,22 @@
 -------------------------------------------------------------------
 Tue Sep 14 17:19:23 UTC 2021 - José Ricardo Ziviani <jose.ziviani@suse.com>
 - Replace patch to fix hardcoded binfmt handler
  (bsc#1186256)
 * Patches dropped:
  qemu-binfmt-conf.sh-allow-overriding-SUS.patch
 * Patches added:
  qemu-binfmt-conf.sh-should-use-F-as-shor.patch
 - Stable fixes from upstream
 * Patches added:
  9pfs-fix-crash-in-v9fs_walk.patch
  i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
  plugins-do-not-limit-exported-symbols-if.patch
  plugins-execlog-removed-unintended-s-at-.patch
  qemu-sockets-fix-unix-socket-path-copy-a.patch
  target-i386-add-missing-bits-to-CR4_RESE.patch
  virtio-balloon-don-t-start-free-page-hin.patch
 -------------------------------------------------------------------
 Wed Sep  8 17:51:18 UTC 2021 - José Ricardo Ziviani <jose.ziviani@suse.com>
--- a/qemu.spec
+++ b/qemu.spec
@ -176,10 +176,17 @@ Patch00040:     roms-Makefile-add-cross-file-to-qboot-me.patch
 Patch00041:     usb-Help-compiler-out-to-avoid-a-warning.patch
 Patch00042:     qom-handle-case-of-chardev-spice-module-.patch
 Patch00043:     doc-add-our-support-doc-to-the-main-proj.patch
-Patch00044:     qemu-binfmt-conf.sh-allow-overriding-SUS.patch
+Patch00044:     Revert-qemu-img-Improve-error-for-rebase.patch
-Patch00045:     Revert-qemu-img-Improve-error-for-rebase.patch
+Patch00045:     Revert-qemu-img-Require-F-with-b-backing.patch
-Patch00046:     Revert-qemu-img-Require-F-with-b-backing.patch
+Patch00046:     tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
-Patch00047:     tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
+Patch00047:     i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
 Patch00048:     plugins-execlog-removed-unintended-s-at-.patch
 Patch00049:     plugins-do-not-limit-exported-symbols-if.patch
 Patch00050:     9pfs-fix-crash-in-v9fs_walk.patch
 Patch00051:     virtio-balloon-don-t-start-free-page-hin.patch
 Patch00052:     qemu-sockets-fix-unix-socket-path-copy-a.patch
 Patch00053:     target-i386-add-missing-bits-to-CR4_RESE.patch
 Patch00054:     qemu-binfmt-conf.sh-should-use-F-as-shor.patch
 # Patches applied in roms/seabios/:
 Patch01000:     seabios-use-python2-explicitly-as-needed.patch
 Patch01001:     seabios-switch-to-python3-as-needed.patch
@ -1118,6 +1125,13 @@ This package records qemu testsuite results and represents successful testing.
 %patch00045 -p1
 %patch00046 -p1
 %patch00047 -p1
 %patch00048 -p1
 %patch00049 -p1
 %patch00050 -p1
 %patch00051 -p1
 %patch00052 -p1
 %patch00053 -p1
 %patch00054 -p1
 %patch01000 -p1
 %patch01001 -p1
 %patch01002 -p1
--- a/target-i386-add-missing-bits-to-CR4_RESE.patch
+++ b/target-i386-add-missing-bits-to-CR4_RESE.patch
@ -0,0 +1,53 @@
 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
 Date: Tue, 31 Aug 2021 18:50:33 +0100
 Subject: target/i386: add missing bits to CR4_RESERVED_MASK
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Git-commit: 69e3895f9d37ca39536775b13ce63e8c291427ba
 Booting Fedora kernels with -cpu max hangs very early in boot. Disabling
 the la57 CPUID bit fixes the problem. git bisect traced the regression to
  commit 213ff024a2f92020290296cb9dc29c2af3d4a221 (HEAD, refs/bisect/bad)
  Author: Lara Lazier <laramglazier@gmail.com>
  Date:   Wed Jul 21 17:26:50 2021 +0200
    target/i386: Added consistency checks for CR4
    All MBZ bits in CR4 must be zero. (APM2 15.5)
    Added reserved bitmask and added checks in both
    helper_vmrun and helper_write_crN.
    Signed-off-by: Lara Lazier <laramglazier@gmail.com>
    Message-Id: <20210721152651.14683-2-laramglazier@gmail.com>
    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 In this commit CR4_RESERVED_MASK is missing CR4_LA57_MASK and
 two others. Adding this lets Fedora kernels boot once again.
 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
 Tested-by: Richard W.M. Jones <rjones@redhat.com>
 Message-Id: <20210831175033.175584-1-berrange@redhat.com>
 [Removed VMXE/SMXE, matching the commit message. - Paolo]
 Fixes: 213ff024a2 ("target/i386: Added consistency checks for CR4", 2021-07-22)
 Cc: qemu-stable@nongnu.org
 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
 ---
 target/i386/cpu.h | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/target/i386/cpu.h b/target/i386/cpu.h
 index 6c50d3ab4f1d38b4cbaf78c84ac0..21b33fbe2e696dabe06228b20d2e 100644
 --- a/target/i386/cpu.h
 +++ b/target/i386/cpu.h
@@ -257,6 +257,7 @@ typedef enum X86Seg {
                 | CR4_DE_MASK | CR4_PSE_MASK | CR4_PAE_MASK \
                 | CR4_MCE_MASK | CR4_PGE_MASK | CR4_PCE_MASK \
                 | CR4_OSFXSR_MASK | CR4_OSXMMEXCPT_MASK |CR4_UMIP_MASK \
 +                | CR4_LA57_MASK \
                 | CR4_FSGSBASE_MASK | CR4_PCIDE_MASK | CR4_OSXSAVE_MASK \
                 | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK))
--- a/virtio-balloon-don-t-start-free-page-hin.patch
+++ b/virtio-balloon-don-t-start-free-page-hin.patch
@ -0,0 +1,111 @@
 From: David Hildenbrand <david@redhat.com>
 Date: Thu, 8 Jul 2021 11:53:38 +0200
 Subject: virtio-balloon: don't start free page hinting if postcopy is possible
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Git-commit: fd51e54fa10221e5a8add894c38cc1cf199f4bc4
 Postcopy never worked properly with 'free-page-hint=on', as there are
 at least two issues:
 1) With postcopy, the guest will never receive a VIRTIO_BALLOON_CMD_ID_DONE
   and consequently won't release free pages back to the OS once
   migration finishes.
   The issue is that for postcopy, we won't do a final bitmap sync while
   the guest is stopped on the source and
   virtio_balloon_free_page_hint_notify() will only call
   virtio_balloon_free_page_done() on the source during
   PRECOPY_NOTIFY_CLEANUP, after the VM state was already migrated to
   the destination.
 2) Once the VM touches a page on the destination that has been excluded
   from migration on the source via qemu_guest_free_page_hint() while
   postcopy is active, that thread will stall until postcopy finishes
   and all threads are woken up. (with older Linux kernels that won't
   retry faults when woken up via userfaultfd, we might actually get a
   SEGFAULT)
   The issue is that the source will refuse to migrate any pages that
   are not marked as dirty in the dirty bmap -- for example, because the
   page might just have been sent. Consequently, the faulting thread will
   stall, waiting for the page to be migrated -- which could take quite
   a while and result in guest OS issues.
 While we could fix 1) comparatively easily, 2) is harder to get right and
 might require more involved RAM migration changes on source and destination
 [1].
 As it never worked properly, let's not start free page hinting in the
 precopy notifier if the postcopy migration capability was enabled to fix
 it easily. Capabilities cannot be enabled once migration is already
 running.
 Note 1: in the future we might either adjust migration code on the source
        to track pages that have actually been sent or adjust
        migration code on source and destination  to eventually send
        pages multiple times from the source and and deal with pages
        that are sent multiple times on the destination.
 Note 2: virtio-mem has similar issues, however, access to "unplugged"
        memory by the guest is very rare and we would have to be very
        lucky for it to happen during migration. The spec states
        "The driver SHOULD NOT read from unplugged memory blocks ..."
        and "The driver MUST NOT write to unplugged memory blocks".
        virtio-mem will move away from virtio_balloon_free_page_done()
        soon and handle this case explicitly on the destination.
 [1] https://lkml.kernel.org/r/e79fd18c-aa62-c1d8-c7f3-ba3fc2c25fc8@redhat.com
 Fixes: c13c4153f76d ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
 Cc: qemu-stable@nongnu.org
 Cc: Wei Wang <wei.w.wang@intel.com>
 Cc: Michael S. Tsirkin <mst@redhat.com>
 Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
 Cc: Alexander Duyck <alexander.duyck@gmail.com>
 Cc: Juan Quintela <quintela@redhat.com>
 Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
 Cc: Peter Xu <peterx@redhat.com>
 Signed-off-by: David Hildenbrand <david@redhat.com>
 Message-Id: <20210708095339.20274-2-david@redhat.com>
 Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 Reviewed-by: Peter Xu <peterx@redhat.com>
 Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
 ---
 hw/virtio/virtio-balloon.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
 index 4b5d9e5e5037acd592d4bdc645d2..ae7867a8db6e6f6875b656128973 100644
 --- a/hw/virtio/virtio-balloon.c
 +++ b/hw/virtio/virtio-balloon.c
@@ -30,6 +30,7 @@
 #include "trace.h"
 #include "qemu/error-report.h"
 #include "migration/misc.h"
 +#include "migration/migration.h"
 #include "hw/virtio/virtio-bus.h"
 #include "hw/virtio/virtio-access.h"
@@ -662,6 +663,18 @@ virtio_balloon_free_page_hint_notify(NotifierWithReturn *n, void *data)
         return 0;
     }
 +    /*
 +     * Pages hinted via qemu_guest_free_page_hint() are cleared from the dirty
 +     * bitmap and will not get migrated, especially also not when the postcopy
 +     * destination starts using them and requests migration from the source; the
 +     * faulting thread will stall until postcopy migration finishes and
 +     * all threads are woken up. Let's not start free page hinting if postcopy
 +     * is possible.
 +     */
 +    if (migrate_postcopy_ram()) {
 +        return 0;
 +    }
 +
     switch (pnd->reason) {
     case PRECOPY_NOTIFY_BEFORE_BITMAP_SYNC:
         virtio_balloon_free_page_stop(dev);