pool/qemu
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 885459 from home:bfrogers:branches:Virtualization

Browse Source 
- Include upstream patches designated as stable material and
  reviewed for applicability to include here. NOTE that the
  PIIX4 patch has migration implications: the change will also be
  applied to the SLE-15-SP2 qemu, and a live migration from that
  version to this SLE-15-SP3 qemu would require this patch to be
  applied for a successful migration if PIIX4 southbridge is used
  in the machine emulation (x86 i440fx)
  block-rbd-fix-memory-leak-in-qemu_rbd_co.patch
  block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch
  cpu-core-Fix-help-of-CPU-core-device-typ.patch
  hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch
  hw-block-fdc-Fix-fallback-property-on-sy.patch
  hw-isa-Kconfig-Add-missing-dependency-VI.patch
  hw-isa-piix4-Migrate-Reset-Control-Regis.patch
  hw-virtio-pci-Added-AER-capability.patch
  hw-virtio-pci-Added-counter-for-pcie-cap.patch
  s390x-css-report-errors-from-ccw_dstream.patch
  target-xtensa-fix-meson.build-rule-for-x.patch
  util-fix-use-after-free-in-module_load_o.patch
  virtio-pci-compat-page-aligned-ATS.patch

OBS-URL: https://build.opensuse.org/request/show/885459
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=634
This commit is contained in:
Bruce Rogers 2021-04-14 18:51:51 +00:00 committed by Git OBS Bridge
parent 86ffd40d11
commit 12286f39d2
18 changed files with 1161 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
README.PACKAGING
View File

@ -1,43 +1,54 @@
The qemu package includes a special maintenance workflow in order to support git
based patching. Please use it in order to have changes you make be acceptable to
the package maintainers.
based patching, including of submodules. Please use it in order to have changes
you make be acceptable to the package maintainers. A bash script (update_git.sh)
implements this workflow.
Currently a local clone of the upstream repo(s) is required for the packaging
workflow. It is anticipated that the need for any extra setup will be reduced or
even eliminated entirely in the future, but for now, you will need do so some
setup. See config.sh for details.
A local clone of the upstream repo(s) is required for the packaging workflow.
If none is found, the qemu superproject will be cloned as a shallow repo for the
workflow script's use. If you intend to do more than superficial work in the
qemu package, unshallow it. The submodule local repos aren't needed unless you
intend to do patch work there. See config.sh for the local repo paths.
The qemu.spec file is generated from a qemu.spec.in template, so to make changes
to the spec file beyond the patch name generation, patch reference and automated
versioning done by the scripts, you need to edit the template. Do not directly
edit the spec file. The spec file's version and patch references are added when
the update_git.sh script is passed certain commands, as described below.
The qemu.spec file is generated from a template file (qemu.spec.in), so to make
spec file changes outside of the patch file references (handled by the script),
you need to edit the template file, and NOT the qemu.spec file. The spec file's
version and patch references are added when update_git.sh is passed certain
commands, as described below.
If you are not modifying any patches or their order, but just need to update the
spec file from a changed template, run 'bash ./update_git.sh refresh'.
If the set of patches is being modified, including their order, you will want to
first run 'bash ./update_git.sh pkg2git', which makes the current package patch
queue available in a local git branch named frombundle (see config.sh for the
locations). This set of patches comes from a "bundle of git bundles", the
bundles.tar.xz file, which is included as a package source file. You will then
create an altered patch queue in the branch which corresponds to this release
(eg: opensuse-5.0), using the frombundle branch as the starting point for your
changes (eg perhaps start by doing git reset --hard frombundle, then cherry-pick
upstream patches from there). Once you have the patch queue ready to go run
'bash ./update_git.sh git2pkg' which updates the bundles.tar.xz file, as well as
the spec and patch files.
set available in a local git branch named 'frombundle' (see config.sh for the
locations). This incarnation of the package patches comes from a "bundle of git
bundles", included as a package source file named bundles.tar.xz, which the
script extracts to the corresponding local frombundle branch. To add, remove or
modify the package patches, you will then do that work in a local branch whose
name corresponds to that qemu package's release version as follows:
The qemu major and minor release numbers are part of the name, prefixed by
'opensuse-', so, for example, for the v5.2.0 based SLE-15-SP3 qemu, the branch
would be named 'opensuse-5.2'. You want to start your work based on the current
patchqueue as contained in 'frombundle', so one approach is to do (depending on
your local repo's current state), 'branch -B opensuse-5.2 frombundle', and then
cherry-pick upstream patches into it, or interactive rebase it to modify or
delete patches, etc. Be careful to keep the branch based on the upstream tag
which represents the package tarball however! Once you have the patch queue
ready to go, simply run 'bash ./update_git.sh git2pkg' (in your local obs branch
directory) to refresh the bundles.tar.xz file, as well as the package spec and
patch files. The package qemu.changes file is modified to list added or removed
patches as a starting point for documenting the change.
The default action for update_git.sh is git2pkg, which helps simplify repeated
package updates as you modify the patch queue from the local git repo.
The maintainer and automation use another workflow mode dealing with packaging
the latest upstream qemu. See 'LATEST' references in the scripts for details.
* * * * * * * * *
When you are ready to check in the package, using 'bash update_git.sh ci' is
provided as a convenience (and to help preserve correct spec file formatting,
since a 'normal osc check-in' messes up the spec file a bit).
Additional Notes:
The maintainer and automation use another workflow mode dealing with packaging
the latest upstream qemu. See 'LATEST' references in the scripts for details,
as this is an 'expert mode' and isn't documented here.
Patches which are from an upstream git repo should have the commit id recorded
just below the Subject line (after a blank line) as follows:
@ -47,13 +58,18 @@ If a patch is anticipated to be shortly included in upstream repo, mark that
fact by doing the above with 40 0's, which will flag it as needing to be updated
in the near future.
We try to maintain, if possible, patch ordering as follows: (tarball as base),
patches which come from upstream commits in commit order, patches which will
soon be upstream (as mentioned above), followed by our private patches.
Bug or feature tracking identifiers should also be added to the patch similarly,
using the abbreviations identified here:
http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines#Current_set_of_abbreviations
using the "Reference:" tag, with multiple entries comma separated.
The ability to provide a conditional inclusion of a patch (eg based on
architecture, is provided by using the "Include-If:" tag similarly, as follows:
architecture, is provided by this workflow by using the "Include-If:" tag, as
shown here:
Include-If: %ifarch aarch64

47
block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch Normal file
View File

@ -0,0 +1,47 @@
From: Stefano Garzarella <sgarzare@redhat.com>
Date: Mon, 29 Mar 2021 17:01:29 +0200
Subject: block/rbd: Fix memory leak in qemu_rbd_co_create_opts()
Git-commit: b084b420d9d6347dede328fbcf18c8e4c695f7e8
When we allocate 'q_namespace', we forgot to set 'has_q_namespace'
to true. This can cause several issues, including a memory leak,
since qapi_free_BlockdevCreateOptions() does not deallocate that
memory, as reported by valgrind:
13 bytes in 1 blocks are definitely lost in loss record 7 of 96
at 0x4839809: malloc (vg_replace_malloc.c:307)
by 0x48CEBB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x48E3FE3: g_strdup (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x180010: qemu_rbd_co_create_opts (rbd.c:446)
by 0x1AE72C: bdrv_create_co_entry (block.c:492)
by 0x241902: coroutine_trampoline (coroutine-ucontext.c:173)
by 0x57530AF: ??? (in /usr/lib64/libc-2.32.so)
by 0x1FFEFFFA6F: ???
Fix setting 'has_q_namespace' to true when we allocate 'q_namespace'.
Fixes: 19ae9ae014 ("block/rbd: Add support for ceph namespaces")
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20210329150129.121182-3-sgarzare@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[BR: Modified subject to acheive unique patchname]
---
block/rbd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/rbd.c b/block/rbd.c
index 15f1ac3b47d45e347a34579130ea..318e2826fc4180a1ad6837c81150 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -444,6 +444,7 @@ static int coroutine_fn qemu_rbd_co_create_opts(BlockDriver *drv,
loc->user = g_strdup(qdict_get_try_str(options, "user"));
loc->has_user = !!loc->user;
loc->q_namespace = g_strdup(qdict_get_try_str(options, "namespace"));
+ loc->has_q_namespace = !!loc->q_namespace;
loc->image = g_strdup(qdict_get_try_str(options, "image"));
keypairs = qdict_get_try_str(options, "=keyvalue-pairs");

74
block-rbd-fix-memory-leak-in-qemu_rbd_co.patch Normal file
View File

@ -0,0 +1,74 @@
From: Stefano Garzarella <sgarzare@redhat.com>
Date: Mon, 29 Mar 2021 17:01:28 +0200
Subject: block/rbd: fix memory leak in qemu_rbd_connect()
Git-commit: c1c1f6cf511496b985cb9a1c536d59c9be7b9317
In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host()
using g_strjoinv(), but it's only freed in the error path, leaking
memory in the success path as reported by valgrind:
80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516
at 0x4839809: malloc (vg_replace_malloc.c:307)
by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x87D07E: qemu_rbd_mon_host (rbd.c:538)
by 0x87D07E: qemu_rbd_connect (rbd.c:562)
by 0x87E1CE: qemu_rbd_open (rbd.c:740)
by 0x840EB1: bdrv_open_driver (block.c:1528)
by 0x8453A9: bdrv_open_common (block.c:1802)
by 0x8453A9: bdrv_open_inherit (block.c:3444)
by 0x8464C2: bdrv_open (block.c:3537)
by 0x8108CD: qmp_blockdev_add (blockdev.c:3569)
by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086)
by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131)
by 0x907EA4: aio_bh_poll (async.c:164)
Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly.
Fixes: 0a55679b4a5061f4d74bdb1a0e81611ba3390b00
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20210329150129.121182-2-sgarzare@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
block/rbd.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
index 9bd2bce71651b8612e37c5dc040d..15f1ac3b47d45e347a34579130ea 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -563,13 +563,13 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
if (local_err) {
error_propagate(errp, local_err);
r = -EINVAL;
- goto failed_opts;
+ goto out;
}
r = rados_create(cluster, opts->user);
if (r < 0) {
error_setg_errno(errp, -r, "error initializing");
- goto failed_opts;
+ goto out;
}
/* try default location when conf=NULL, but ignore failure */
@@ -626,11 +626,12 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
*/
rados_ioctx_set_namespace(*io_ctx, opts->q_namespace);
- return 0;
+ r = 0;
+ goto out;
failed_shutdown:
rados_shutdown(*cluster);
-failed_opts:
+out:
g_free(mon_host);
return r;
}

4
bundles.tar.xz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b1d2867d10746cf923467f5bddfbf443f001f1363dba4c9c099fc395ac8c2e75
size 100056
oid sha256:571e056a525b5f1ac55c4e4784a831f3bddb8cd1e0fa6fee750792a92681eb9b
size 108908

60
cpu-core-Fix-help-of-CPU-core-device-typ.patch Normal file
View File

@ -0,0 +1,60 @@
From: Greg Kurz <groug@kaod.org>
Date: Fri, 9 Apr 2021 18:03:39 +0200
Subject: cpu/core: Fix "help" of CPU core device types
Git-commit: 0b47ec4b95ad1952e55e639711d442f8ec6e1345
Calling qdev_get_machine() from a QOM instance_init function is
fragile because we can't be sure the machine object actually
exists. And this happens to break when passing ",help" on the
command line to get the list of properties for a CPU core
device types :
$ ./qemu-system-ppc64 -device power8_v2.0-spapr-cpu-core,help
qemu-system-ppc64: ../../hw/core/machine.c:1290:
qdev_get_machine: Assertion `machine != NULL' failed.
Aborted (core dumped)
This used to work before QEMU 5.0, but commit 3df261b6676b
unwillingly introduced a subtle regression : the above command
line needs to create an instance but the instance_init function
of the base class calls qdev_get_machine() before
qemu_create_machine() has been called, which is a programming bug.
Use current_machine instead. It is okay to skip the setting of
nr_thread in this case since only its type is displayed.
Fixes: 3df261b6676b ("softmmu/vl.c: Handle '-cpu help' and '-device help' before 'no default machine'")
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Cc: peter.maydell@linaro.org
Message-Id: <20210409160339.500167-3-groug@kaod.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/cpu/core.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/hw/cpu/core.c b/hw/cpu/core.c
index 92d3b2fbad62cc3dd7656f148bfd..9876075155743d8966a8383412fd 100644
--- a/hw/cpu/core.c
+++ b/hw/cpu/core.c
@@ -66,10 +66,16 @@ static void core_prop_set_nr_threads(Object *obj, Visitor *v, const char *name,
static void cpu_core_instance_init(Object *obj)
{
- MachineState *ms = MACHINE(qdev_get_machine());
CPUCore *core = CPU_CORE(obj);
- core->nr_threads = ms->smp.threads;
+ /*
+ * Only '-device something-cpu-core,help' can get us there before
+ * the machine has been created. We don't care to set nr_threads
+ * in this case since it isn't used afterwards.
+ */
+ if (current_machine) {
+ core->nr_threads = current_machine->smp.threads;
+ }
}
static void cpu_core_class_init(ObjectClass *oc, void *data)

36
hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch Normal file
View File

@ -0,0 +1,36 @@
From: Zenghui Yu <yuzenghui@huawei.com>
Date: Fri, 2 Apr 2021 16:47:31 +0800
Subject: hw/arm/virt-acpi-build: Fix GSIV values of the {GERR, Sync}
interrupts
Git-commit: 0c38f607836af40921ea2b58676b7c4a9fe33bef
The GSIV values in SMMUv3 IORT node are not correct as they don't match
the SMMUIrq enumeration, which describes the IRQ<->PIN mapping used by
our emulated vSMMU.
Fixes: a703b4f6c1ee ("hw/arm/virt-acpi-build: Add smmuv3 node in IORT table")
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Acked-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20210402084731.93-1-yuzenghui@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/arm/virt-acpi-build.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 9747a6458f0bfd34a3c2b3fda96a..6cd17c58c5535ee7277292b7372f 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -287,8 +287,8 @@ build_iort(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
smmu->flags = cpu_to_le32(ACPI_IORT_SMMU_V3_COHACC_OVERRIDE);
smmu->event_gsiv = cpu_to_le32(irq);
smmu->pri_gsiv = cpu_to_le32(irq + 1);
- smmu->gerr_gsiv = cpu_to_le32(irq + 2);
- smmu->sync_gsiv = cpu_to_le32(irq + 3);
+ smmu->sync_gsiv = cpu_to_le32(irq + 2);
+ smmu->gerr_gsiv = cpu_to_le32(irq + 3);
/* Identity RID mapping covering the whole input RID range */
idmap = &smmu->id_mapping_array[0];

47
hw-block-fdc-Fix-fallback-property-on-sy.patch Normal file
View File

@ -0,0 +1,47 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Date: Wed, 7 Apr 2021 15:37:42 +0200
Subject: hw/block/fdc: Fix 'fallback' property on sysbus floppy disk
controllers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: da64789d3a16b2c5b5f1be9c75b00c2b8ae393a0
Setting the 'fallback' property corrupts the QOM instance state
(FDCtrlSysBus) because it accesses an incorrect offset (it uses
the offset of the FDCtrlISABus state).
Cc: qemu-stable@nongnu.org
Fixes: a73275dd6fc ("fdc: Add fallback option")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210407133742.1680424-1-f4bug@amsat.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/block/fdc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index d6ba6c8f730092632770cf66908b..11a43cd4a18c02e3492d3f171049 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -2961,7 +2961,7 @@ static Property sysbus_fdc_properties[] = {
DEFINE_PROP_SIGNED("fdtypeB", FDCtrlSysBus, state.qdev_for_drives[1].type,
FLOPPY_DRIVE_TYPE_AUTO, qdev_prop_fdc_drive_type,
FloppyDriveType),
- DEFINE_PROP_SIGNED("fallback", FDCtrlISABus, state.fallback,
+ DEFINE_PROP_SIGNED("fallback", FDCtrlSysBus, state.fallback,
FLOPPY_DRIVE_TYPE_144, qdev_prop_fdc_drive_type,
FloppyDriveType),
DEFINE_PROP_END_OF_LIST(),
@@ -2987,7 +2987,7 @@ static Property sun4m_fdc_properties[] = {
DEFINE_PROP_SIGNED("fdtype", FDCtrlSysBus, state.qdev_for_drives[0].type,
FLOPPY_DRIVE_TYPE_AUTO, qdev_prop_fdc_drive_type,
FloppyDriveType),
- DEFINE_PROP_SIGNED("fallback", FDCtrlISABus, state.fallback,
+ DEFINE_PROP_SIGNED("fallback", FDCtrlSysBus, state.fallback,
FLOPPY_DRIVE_TYPE_144, qdev_prop_fdc_drive_type,
FloppyDriveType),
DEFINE_PROP_END_OF_LIST(),

33
hw-isa-Kconfig-Add-missing-dependency-VI.patch Normal file
View File

@ -0,0 +1,33 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Date: Tue, 2 Mar 2021 09:00:42 +0100
Subject: hw/isa/Kconfig: Add missing dependency VIA VT82C686 -> APM
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 50fab4cc672233fee22fff2cf51543af57602c7d
TYPE_VIA_PM calls apm_init() in via_pm_realize(), so
requires APM to be selected.
Reported-by: BALATON Zoltan <balaton@eik.bme.hu>
Fixes: dd0ff8191ab ("isa: express SuperIO dependencies with Kconfig")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210302080531.913802-1-f4bug@amsat.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/isa/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig
index c7f07854f7e7777a03c7dd1db0d0..9c026d0c5103b87b3e8c9348a8d0 100644
--- a/hw/isa/Kconfig
+++ b/hw/isa/Kconfig
@@ -47,6 +47,7 @@ config VT82C686
select ACPI_SMBUS
select SERIAL_ISA
select FDC
+ select APM
config SMC37C669
bool

62
hw-isa-piix4-Migrate-Reset-Control-Regis.patch Normal file
View File

@ -0,0 +1,62 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Date: Wed, 24 Mar 2021 14:54:43 +0100
Subject: hw/isa/piix4: Migrate Reset Control Register
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 62271205bcfaee440d06c06060ee79dac657caff
When adding the Reset register in commit 5790b757cfb we
forgot to migrate it.
While it is possible a VM using the PIIX4 is migrated just
after requesting a system shutdown, it is very unlikely.
However when restoring a migrated VM, we might have the
RCR bit #4 set on the stack and when the VM resume it
directly shutdowns.
Add a post_load() migration handler and set the default
RCR value to 0 for earlier versions, assuming the VM was
not going to shutdown before migration.
Fixes: 5790b757cfb ("piix4: Add the Reset Control Register")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20210324200334.729899-1-f4bug@amsat.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/isa/piix4.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index a50d97834c760e3ebc5103614ee9..b3b6a4378a334b1a4bf0105a6857 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -93,12 +93,25 @@ static void piix4_isa_reset(DeviceState *dev)
pci_conf[0xae] = 0x00;
}
+static int piix4_ide_post_load(void *opaque, int version_id)
+{
+ PIIX4State *s = opaque;
+
+ if (version_id == 2) {
+ s->rcr = 0;
+ }
+
+ return 0;
+}
+
static const VMStateDescription vmstate_piix4 = {
.name = "PIIX4",
- .version_id = 2,
+ .version_id = 3,
.minimum_version_id = 2,
+ .post_load = piix4_ide_post_load,
.fields = (VMStateField[]) {
VMSTATE_PCI_DEVICE(dev, PIIX4State),
+ VMSTATE_UINT8_V(rcr, PIIX4State, 3),
VMSTATE_END_OF_LIST()
}
};

84
hw-virtio-pci-Added-AER-capability.patch Normal file
View File

@ -0,0 +1,84 @@
From: Andrew Melnychenko <andrew@daynix.com>
Date: Thu, 3 Dec 2020 13:07:13 +0200
Subject: hw/virtio-pci Added AER capability.
Git-commit: fdfa3b1d6f9edd97c807df496a0d8e9ea49240da
Added AER capability for virtio-pci devices.
Also added property for devices, by default AER is disabled.
Signed-off-by: Andrew Melnychenko <andrew@daynix.com>
Message-Id: <20201203110713.204938-3-andrew@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[BR: needed for stable commit d83f46d189a26fa32434139954d264326f199a45]
---
hw/virtio/virtio-pci.c | 16 ++++++++++++++++
hw/virtio/virtio-pci.h | 4 ++++
2 files changed, 20 insertions(+)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index ceaa233129c529b604f461e45336..f863f69ede4f4bf1c09fc39a5035 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1817,6 +1817,12 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp)
*/
pci_set_word(pci_dev->config + pos + PCI_PM_PMC, 0x3);
+ if (proxy->flags & VIRTIO_PCI_FLAG_AER) {
+ pcie_aer_init(pci_dev, PCI_ERR_VER, last_pcie_cap_offset,
+ PCI_ERR_SIZEOF, NULL);
+ last_pcie_cap_offset += PCI_ERR_SIZEOF;
+ }
+
if (proxy->flags & VIRTIO_PCI_FLAG_INIT_DEVERR) {
/* Init error enabling flags */
pcie_cap_deverr_init(pci_dev);
@@ -1858,7 +1864,15 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp)
static void virtio_pci_exit(PCIDevice *pci_dev)
{
+ VirtIOPCIProxy *proxy = VIRTIO_PCI(pci_dev);
+ bool pcie_port = pci_bus_is_express(pci_get_bus(pci_dev)) &&
+ !pci_bus_is_root(pci_get_bus(pci_dev));
+
msix_uninit_exclusive_bar(pci_dev);
+ if (proxy->flags & VIRTIO_PCI_FLAG_AER && pcie_port &&
+ pci_is_express(pci_dev)) {
+ pcie_aer_exit(pci_dev);
+ }
}
static void virtio_pci_reset(DeviceState *qdev)
@@ -1911,6 +1925,8 @@ static Property virtio_pci_properties[] = {
VIRTIO_PCI_FLAG_INIT_PM_BIT, true),
DEFINE_PROP_BIT("x-pcie-flr-init", VirtIOPCIProxy, flags,
VIRTIO_PCI_FLAG_INIT_FLR_BIT, true),
+ DEFINE_PROP_BIT("aer", VirtIOPCIProxy, flags,
+ VIRTIO_PCI_FLAG_AER_BIT, false),
DEFINE_PROP_END_OF_LIST(),
};
diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h
index 06e2af12de64c32f8c26c7f9e858..d7d5d403a9483f5f7e0f0f9b4110 100644
--- a/hw/virtio/virtio-pci.h
+++ b/hw/virtio/virtio-pci.h
@@ -41,6 +41,7 @@ enum {
VIRTIO_PCI_FLAG_INIT_LNKCTL_BIT,
VIRTIO_PCI_FLAG_INIT_PM_BIT,
VIRTIO_PCI_FLAG_INIT_FLR_BIT,
+ VIRTIO_PCI_FLAG_AER_BIT,
};
/* Need to activate work-arounds for buggy guests at vmstate load. */
@@ -80,6 +81,9 @@ enum {
/* Init Function Level Reset capability */
#define VIRTIO_PCI_FLAG_INIT_FLR (1 << VIRTIO_PCI_FLAG_INIT_FLR_BIT)
+/* Advanced Error Reporting capability */
+#define VIRTIO_PCI_FLAG_AER (1 << VIRTIO_PCI_FLAG_AER_BIT)
+
typedef struct {
MSIMessage msg;
int virq;

41
hw-virtio-pci-Added-counter-for-pcie-cap.patch Normal file
View File

@ -0,0 +1,41 @@
From: Andrew Melnychenko <andrew@daynix.com>
Date: Thu, 3 Dec 2020 13:07:12 +0200
Subject: hw/virtio-pci Added counter for pcie capabilities offsets.
Git-commit: 06e97442420b03a1e0ff05e8eb554fac684ca736
Removed hardcoded offset for ats. Added cap offset counter
for future capabilities like AER.
Signed-off-by: Andrew Melnychenko <andrew@daynix.com>
Message-Id: <20201203110713.204938-2-andrew@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[BR: needed for stable commit d83f46d189a26fa32434139954d264326f199a45]
---
hw/virtio/virtio-pci.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 36524a5728e40da961b4db862558..ceaa233129c529b604f461e45336 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1798,6 +1798,7 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp)
if (pcie_port && pci_is_express(pci_dev)) {
int pos;
+ uint16_t last_pcie_cap_offset = PCI_CONFIG_SPACE_SIZE;
pos = pcie_endpoint_cap_init(pci_dev, 0);
assert(pos > 0);
@@ -1833,7 +1834,8 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp)
}
if (proxy->flags & VIRTIO_PCI_FLAG_ATS) {
- pcie_ats_init(pci_dev, 256);
+ pcie_ats_init(pci_dev, last_pcie_cap_offset);
+ last_pcie_cap_offset += PCI_EXT_CAP_ATS_SIZEOF;
}
if (proxy->flags & VIRTIO_PCI_FLAG_INIT_FLR) {

24
qemu.changes
View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Tue Apr 13 19:17:26 UTC 2021 - Bruce Rogers <brogers@suse.com>
- Include upstream patches designated as stable material and
reviewed for applicability to include here. NOTE that the
PIIX4 patch has migration implications: the change will also be
applied to the SLE-15-SP2 qemu, and a live migration from that
version to this SLE-15-SP3 qemu would require this patch to be
applied for a successful migration if PIIX4 southbridge is used
in the machine emulation (x86 i440fx)
block-rbd-fix-memory-leak-in-qemu_rbd_co.patch
block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch
cpu-core-Fix-help-of-CPU-core-device-typ.patch
hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch
hw-block-fdc-Fix-fallback-property-on-sy.patch
hw-isa-Kconfig-Add-missing-dependency-VI.patch
hw-isa-piix4-Migrate-Reset-Control-Regis.patch
hw-virtio-pci-Added-AER-capability.patch
hw-virtio-pci-Added-counter-for-pcie-cap.patch
s390x-css-report-errors-from-ccw_dstream.patch
target-xtensa-fix-meson.build-rule-for-x.patch
util-fix-use-after-free-in-module_load_o.patch
virtio-pci-compat-page-aligned-ATS.patch
-------------------------------------------------------------------
Tue Mar 30 17:30:11 UTC 2021 - Bruce Rogers <brogers@suse.com>

130
qemu.spec
View File

@ -200,52 +200,65 @@ Patch00064: hw-arm-virt-Disable-pl011-clock-migratio.patch
Patch00065: s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch
Patch00066: s390x-add-have_virtio_ccw.patch
Patch00067: s390x-modularize-virtio-gpu-ccw.patch
Patch00068: net-vmxnet3-validate-configuration-value.patch
Patch00069: XXX-dont-dump-core-on-sigabort.patch
Patch00070: qemu-binfmt-conf-Modify-default-path.patch
Patch00071: qemu-cvs-gettimeofday.patch
Patch00072: qemu-cvs-ioctl_debug.patch
Patch00073: qemu-cvs-ioctl_nodirection.patch
Patch00074: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00075: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00076: linux-user-binfmt-support-host-binaries.patch
Patch00077: linux-user-Fake-proc-cpuinfo.patch
Patch00078: linux-user-use-target_ulong.patch
Patch00079: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00080: linux-user-lseek-explicitly-cast-non-set.patch
Patch00081: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00082: xen_disk-Add-suse-specific-flush-disable.patch
Patch00083: qemu-bridge-helper-reduce-security-profi.patch
Patch00084: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00085: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00086: Raise-soft-address-space-limit-to-hard-l.patch
Patch00087: increase-x86_64-physical-bits-to-42.patch
Patch00088: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00089: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00090: Make-installed-scripts-explicitly-python.patch
Patch00091: hw-smbios-handle-both-file-formats-regar.patch
Patch00092: xen-add-block-resize-support-for-xen-dis.patch
Patch00093: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00094: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00095: xen-ignore-live-parameter-from-xen-save-.patch
Patch00096: tests-change-error-message-in-test-162.patch
Patch00097: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00098: configure-only-populate-roms-if-softmmu.patch
Patch00099: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00100: roms-change-cross-compiler-naming-to-be-.patch
Patch00101: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00102: configure-remove-pkgversion-from-CONFIG_.patch
Patch00103: docs-add-SUSE-support-statements-to-html.patch
Patch00104: s390x-Fix-stringop-truncation-issue-repo.patch
Patch00105: Revert-qht-constify-qht_statistics_init.patch
Patch00106: qht-Revert-some-constification-in-qht.c.patch
Patch00107: meson-install-ivshmem-client-and-ivshmem.patch
Patch00108: Revert-roms-efirom-tests-uefi-test-tools.patch
Patch00109: Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Patch00110: roms-Makefile-add-cross-file-to-qboot-me.patch
Patch00111: usb-Help-compiler-out-to-avoid-a-warning.patch
Patch00112: module-for-virtio-gpu-pre-load-module-to.patch
Patch00113: qom-handle-case-of-chardev-spice-module-.patch
Patch00068: util-fix-use-after-free-in-module_load_o.patch
Patch00069: target-xtensa-fix-meson.build-rule-for-x.patch
Patch00070: hw-virtio-pci-Added-counter-for-pcie-cap.patch
Patch00071: hw-virtio-pci-Added-AER-capability.patch
Patch00072: virtio-pci-compat-page-aligned-ATS.patch
Patch00073: s390x-css-report-errors-from-ccw_dstream.patch
Patch00074: block-rbd-fix-memory-leak-in-qemu_rbd_co.patch
Patch00075: block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch
Patch00076: hw-block-fdc-Fix-fallback-property-on-sy.patch
Patch00077: cpu-core-Fix-help-of-CPU-core-device-typ.patch
Patch00078: hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch
Patch00079: hw-isa-Kconfig-Add-missing-dependency-VI.patch
Patch00080: hw-isa-piix4-Migrate-Reset-Control-Regis.patch
Patch00081: net-vmxnet3-validate-configuration-value.patch
Patch00082: XXX-dont-dump-core-on-sigabort.patch
Patch00083: qemu-binfmt-conf-Modify-default-path.patch
Patch00084: qemu-cvs-gettimeofday.patch
Patch00085: qemu-cvs-ioctl_debug.patch
Patch00086: qemu-cvs-ioctl_nodirection.patch
Patch00087: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00088: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00089: linux-user-binfmt-support-host-binaries.patch
Patch00090: linux-user-Fake-proc-cpuinfo.patch
Patch00091: linux-user-use-target_ulong.patch
Patch00092: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00093: linux-user-lseek-explicitly-cast-non-set.patch
Patch00094: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00095: xen_disk-Add-suse-specific-flush-disable.patch
Patch00096: qemu-bridge-helper-reduce-security-profi.patch
Patch00097: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00098: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00099: Raise-soft-address-space-limit-to-hard-l.patch
Patch00100: increase-x86_64-physical-bits-to-42.patch
Patch00101: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00102: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00103: Make-installed-scripts-explicitly-python.patch
Patch00104: hw-smbios-handle-both-file-formats-regar.patch
Patch00105: xen-add-block-resize-support-for-xen-dis.patch
Patch00106: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00107: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00108: xen-ignore-live-parameter-from-xen-save-.patch
Patch00109: tests-change-error-message-in-test-162.patch
Patch00110: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00111: configure-only-populate-roms-if-softmmu.patch
Patch00112: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00113: roms-change-cross-compiler-naming-to-be-.patch
Patch00114: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00115: configure-remove-pkgversion-from-CONFIG_.patch
Patch00116: docs-add-SUSE-support-statements-to-html.patch
Patch00117: s390x-Fix-stringop-truncation-issue-repo.patch
Patch00118: Revert-qht-constify-qht_statistics_init.patch
Patch00119: qht-Revert-some-constification-in-qht.c.patch
Patch00120: meson-install-ivshmem-client-and-ivshmem.patch
Patch00121: Revert-roms-efirom-tests-uefi-test-tools.patch
Patch00122: Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Patch00123: roms-Makefile-add-cross-file-to-qboot-me.patch
Patch00124: usb-Help-compiler-out-to-avoid-a-warning.patch
Patch00125: module-for-virtio-gpu-pre-load-module-to.patch
Patch00126: qom-handle-case-of-chardev-spice-module-.patch
# Patches applied in roms/seabios/:
Patch01000: seabios-use-python2-explicitly-as-needed.patch
Patch01001: seabios-switch-to-python3-as-needed.patch
@ -1177,23 +1190,36 @@ This package records qemu testsuite results and represents successful testing.
%patch00100 -p1
%patch00101 -p1
%patch00102 -p1
%if %{legacy_qemu_kvm}
%patch00103 -p1
%endif
%patch00104 -p1
%patch00105 -p1
%patch00106 -p1
%patch00107 -p1
%patch00108 -p1
%patch00109 -p1
%ifarch aarch64
%patch00110 -p1
%endif
%ifarch %arm %ix86 ppc
%patch00111 -p1
%endif
%patch00112 -p1
%patch00113 -p1
%patch00114 -p1
%patch00115 -p1
%if %{legacy_qemu_kvm}
%patch00116 -p1
%endif
%patch00117 -p1
%patch00118 -p1
%patch00119 -p1
%patch00120 -p1
%patch00121 -p1
%patch00122 -p1
%ifarch aarch64
%patch00123 -p1
%endif
%ifarch %arm %ix86 ppc
%patch00124 -p1
%endif
%patch00125 -p1
%patch00126 -p1
%patch01000 -p1
%patch01001 -p1
%patch01002 -p1

269
s390x-css-report-errors-from-ccw_dstream.patch Normal file
View File

@ -0,0 +1,269 @@
From: Pierre Morel <pmorel@linux.ibm.com>
Date: Thu, 8 Apr 2021 18:32:09 +0200
Subject: s390x: css: report errors from ccw_dstream_read/write
Git-commit: d895d25ae2bb8519aa715dd2a97f09d4a66b189d
ccw_dstream_read/write functions returned values are sometime
not taking into account and reported back to the upper level
of interpretation of CCW instructions.
It follows that accessing an invalid address does not trigger
a subchannel status program check to the guest as it should.
Let's test the return values of ccw_dstream_write[_buf] and
ccw_dstream_read[_buf] and report it to the caller.
Cc: qemu-stable@nongnu.org
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <1617899529-9329-2-git-send-email-pmorel@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/char/terminal3270.c | 11 +++++--
hw/s390x/3270-ccw.c | 5 +++-
hw/s390x/css.c | 14 +++++----
hw/s390x/virtio-ccw.c | 66 ++++++++++++++++++++++++++++++------------
4 files changed, 69 insertions(+), 27 deletions(-)
diff --git a/hw/char/terminal3270.c b/hw/char/terminal3270.c
index d77981bb6d52a2af651bfa2b6ecb..f969ee57fd85164073f98c3285b5 100644
--- a/hw/char/terminal3270.c
+++ b/hw/char/terminal3270.c
@@ -199,9 +199,13 @@ static int read_payload_3270(EmulatedCcw3270Device *dev)
{
Terminal3270 *t = TERMINAL_3270(dev);
int len;
+ int ret;
len = MIN(ccw_dstream_avail(get_cds(t)), t->in_len);
- ccw_dstream_write_buf(get_cds(t), t->inv, len);
+ ret = ccw_dstream_write_buf(get_cds(t), t->inv, len);
+ if (ret < 0) {
+ return ret;
+ }
t->in_len -= len;
return len;
@@ -259,7 +263,10 @@ static int write_payload_3270(EmulatedCcw3270Device *dev, uint8_t cmd)
t->outv[out_len++] = cmd;
do {
- ccw_dstream_read_buf(get_cds(t), &t->outv[out_len], len);
+ retval = ccw_dstream_read_buf(get_cds(t), &t->outv[out_len], len);
+ if (retval < 0) {
+ return retval;
+ }
count = ccw_dstream_avail(get_cds(t));
out_len += len;
diff --git a/hw/s390x/3270-ccw.c b/hw/s390x/3270-ccw.c
index 821319eee6d1066d7cf3113d3ab3..f3e7342b1e8eadc1938b5ad024c7 100644
--- a/hw/s390x/3270-ccw.c
+++ b/hw/s390x/3270-ccw.c
@@ -31,6 +31,9 @@ static int handle_payload_3270_read(EmulatedCcw3270Device *dev, CCW1 *ccw)
}
len = ck->read_payload_3270(dev);
+ if (len < 0) {
+ return len;
+ }
ccw_dev->sch->curr_status.scsw.count = ccw->count - len;
return 0;
@@ -50,7 +53,7 @@ static int handle_payload_3270_write(EmulatedCcw3270Device *dev, CCW1 *ccw)
len = ck->write_payload_3270(dev, ccw->cmd_code);
if (len <= 0) {
- return -EIO;
+ return len ? len : -EIO;
}
ccw_dev->sch->curr_status.scsw.count = ccw->count - len;
diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index 9961cfe7bf67460924ea68cb72bd..1ad6069ceacfc7459c25307c1fd9 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -1055,10 +1055,11 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr,
}
}
len = MIN(ccw.count, sizeof(sch->sense_data));
- ccw_dstream_write_buf(&sch->cds, sch->sense_data, len);
+ ret = ccw_dstream_write_buf(&sch->cds, sch->sense_data, len);
sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
- memset(sch->sense_data, 0, sizeof(sch->sense_data));
- ret = 0;
+ if (!ret) {
+ memset(sch->sense_data, 0, sizeof(sch->sense_data));
+ }
break;
case CCW_CMD_SENSE_ID:
{
@@ -1083,9 +1084,10 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr,
} else {
sense_id[0] = 0;
}
- ccw_dstream_write_buf(&sch->cds, sense_id, len);
- sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
- ret = 0;
+ ret = ccw_dstream_write_buf(&sch->cds, sense_id, len);
+ if (!ret) {
+ sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds);
+ }
break;
}
case CCW_CMD_TIC:
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index 82ec2889b0c7ce64bb96b9c67212..43db5b93e1125d5ef806abfebb32 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -288,14 +288,20 @@ static int virtio_ccw_handle_set_vq(SubchDev *sch, CCW1 ccw, bool check_len,
return -EFAULT;
}
if (is_legacy) {
- ccw_dstream_read(&sch->cds, linfo);
+ ret = ccw_dstream_read(&sch->cds, linfo);
+ if (ret) {
+ return ret;
+ }
linfo.queue = be64_to_cpu(linfo.queue);
linfo.align = be32_to_cpu(linfo.align);
linfo.index = be16_to_cpu(linfo.index);
linfo.num = be16_to_cpu(linfo.num);
ret = virtio_ccw_set_vqs(sch, NULL, &linfo);
} else {
- ccw_dstream_read(&sch->cds, info);
+ ret = ccw_dstream_read(&sch->cds, info);
+ if (ret) {
+ return ret;
+ }
info.desc = be64_to_cpu(info.desc);
info.index = be16_to_cpu(info.index);
info.num = be16_to_cpu(info.num);
@@ -364,7 +370,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
ccw_dstream_advance(&sch->cds, sizeof(features.features));
- ccw_dstream_read(&sch->cds, features.index);
+ ret = ccw_dstream_read(&sch->cds, features.index);
+ if (ret) {
+ break;
+ }
if (features.index == 0) {
if (dev->revision >= 1) {
/* Don't offer legacy features for modern devices. */
@@ -385,9 +394,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
}
ccw_dstream_rewind(&sch->cds);
features.features = cpu_to_le32(features.features);
- ccw_dstream_write(&sch->cds, features.features);
- sch->curr_status.scsw.count = ccw.count - sizeof(features);
- ret = 0;
+ ret = ccw_dstream_write(&sch->cds, features.features);
+ if (!ret) {
+ sch->curr_status.scsw.count = ccw.count - sizeof(features);
+ }
}
break;
case CCW_CMD_WRITE_FEAT:
@@ -404,7 +414,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
if (!ccw.cda) {
ret = -EFAULT;
} else {
- ccw_dstream_read(&sch->cds, features);
+ ret = ccw_dstream_read(&sch->cds, features);
+ if (ret) {
+ break;
+ }
features.features = le32_to_cpu(features.features);
if (features.index == 0) {
virtio_set_features(vdev,
@@ -447,9 +460,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
ret = -EFAULT;
} else {
virtio_bus_get_vdev_config(&dev->bus, vdev->config);
- ccw_dstream_write_buf(&sch->cds, vdev->config, len);
- sch->curr_status.scsw.count = ccw.count - len;
- ret = 0;
+ ret = ccw_dstream_write_buf(&sch->cds, vdev->config, len);
+ if (ret) {
+ sch->curr_status.scsw.count = ccw.count - len;
+ }
}
break;
case CCW_CMD_WRITE_CONF:
@@ -504,7 +518,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
if (!ccw.cda) {
ret = -EFAULT;
} else {
- ccw_dstream_read(&sch->cds, status);
+ ret = ccw_dstream_read(&sch->cds, status);
+ if (ret) {
+ break;
+ }
if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) {
virtio_ccw_stop_ioeventfd(dev);
}
@@ -547,7 +564,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
if (!ccw.cda) {
ret = -EFAULT;
} else {
- ccw_dstream_read(&sch->cds, indicators);
+ ret = ccw_dstream_read(&sch->cds, indicators);
+ if (ret) {
+ break;
+ }
indicators = be64_to_cpu(indicators);
dev->indicators = get_indicator(indicators, sizeof(uint64_t));
sch->curr_status.scsw.count = ccw.count - sizeof(indicators);
@@ -568,7 +588,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
if (!ccw.cda) {
ret = -EFAULT;
} else {
- ccw_dstream_read(&sch->cds, indicators);
+ ret = ccw_dstream_read(&sch->cds, indicators);
+ if (ret) {
+ break;
+ }
indicators = be64_to_cpu(indicators);
dev->indicators2 = get_indicator(indicators, sizeof(uint64_t));
sch->curr_status.scsw.count = ccw.count - sizeof(indicators);
@@ -589,7 +612,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
if (!ccw.cda) {
ret = -EFAULT;
} else {
- ccw_dstream_read(&sch->cds, vq_config.index);
+ ret = ccw_dstream_read(&sch->cds, vq_config.index);
+ if (ret) {
+ break;
+ }
vq_config.index = be16_to_cpu(vq_config.index);
if (vq_config.index >= VIRTIO_QUEUE_MAX) {
ret = -EINVAL;
@@ -598,9 +624,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
vq_config.num_max = virtio_queue_get_num(vdev,
vq_config.index);
vq_config.num_max = cpu_to_be16(vq_config.num_max);
- ccw_dstream_write(&sch->cds, vq_config.num_max);
- sch->curr_status.scsw.count = ccw.count - sizeof(vq_config);
- ret = 0;
+ ret = ccw_dstream_write(&sch->cds, vq_config.num_max);
+ if (!ret) {
+ sch->curr_status.scsw.count = ccw.count - sizeof(vq_config);
+ }
}
break;
case CCW_CMD_SET_IND_ADAPTER:
@@ -657,7 +684,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
ret = -EFAULT;
break;
}
- ccw_dstream_read_buf(&sch->cds, &revinfo, 4);
+ ret = ccw_dstream_read_buf(&sch->cds, &revinfo, 4);
+ if (ret < 0) {
+ break;
+ }
revinfo.revision = be16_to_cpu(revinfo.revision);
revinfo.length = be16_to_cpu(revinfo.length);
if (ccw.count < len + revinfo.length ||

54
target-xtensa-fix-meson.build-rule-for-x.patch Normal file
View File

@ -0,0 +1,54 @@
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Tue, 30 Mar 2021 00:25:24 -0700
Subject: target/xtensa: fix meson.build rule for xtensa cores
Git-commit: 84317d57e8c61ff68eeaa1f2de93472fa930a6a4
import_core.sh tries to change Makefile.objs when importing new xtensa
core, but that file no longer exists. Rewrite meson.build rule to pick
up all source files that match core-*.c pattern and drop commands that
change Makefile.objs.
Cc: qemu-stable@nongnu.org # v5.2.0
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/xtensa/import_core.sh | 3 ---
target/xtensa/meson.build | 13 ++++---------
2 files changed, 4 insertions(+), 12 deletions(-)
diff --git a/target/xtensa/import_core.sh b/target/xtensa/import_core.sh
index c8626a8c02ebb41e2ab9aab3648f..1120a4a2a5e1ca6568d27a8eb06e 100755
--- a/target/xtensa/import_core.sh
+++ b/target/xtensa/import_core.sh
@@ -65,6 +65,3 @@ static XtensaConfig $NAME __attribute__((unused)) = {
REGISTER_CORE($NAME)
EOF
-
-grep -q core-${NAME}.o "$BASE"/Makefile.objs || \
- echo "obj-y += core-${NAME}.o" >> "$BASE"/Makefile.objs
diff --git a/target/xtensa/meson.build b/target/xtensa/meson.build
index dd750a977ef9c046a12e16415b58..7c4efa6c6290d68abb68d9fc9016 100644
--- a/target/xtensa/meson.build
+++ b/target/xtensa/meson.build
@@ -1,14 +1,9 @@
xtensa_ss = ss.source_set()
+
+xtensa_cores = run_command('sh', '-c', 'cd $MESON_SOURCE_ROOT/$MESON_SUBDIR ; ls -1 core-*.c')
+xtensa_ss.add(files(xtensa_cores.stdout().strip().split('\n')))
+
xtensa_ss.add(files(
- 'core-dc232b.c',
- 'core-dc233c.c',
- 'core-de212.c',
- 'core-de233_fpu.c',
- 'core-dsp3400.c',
- 'core-fsf.c',
- 'core-sample_controller.c',
- 'core-test_kc705_be.c',
- 'core-test_mmuhifi_c3.c',
'cpu.c',
'exc_helper.c',
'fpu_helper.c',

25
update_git.sh
View File

@ -7,17 +7,11 @@ set -e
# git2pkg (update package spec file and patches from git)
# pkg2git (update git (frombundle branch) from the package "bundleofbundles")
# refresh (refresh spec file from spec file template and "bundlofbundles")
# ci (check-in to obs, avoiding some spec file formatting issues)
# initbundle (Update/Create bundle only)
#
# (default is git2pkg)
# As an aid to bypassing issues with our multibuild package and obs (see code
# below following the osc localrun of osc service localrun format_spec_file),
# provide an automated way to checkin without needing to type so much
if [ "$1" = "ci" ]; then
osc ci -f -n --noservice
exit
fi
#==============================================================================
check_requirements() {
@ -59,6 +53,8 @@ echo "description: package maintenance using a git-based workflow. Commands:"
echo " git2pkg (update package spec file and patches from git. Is default)"
echo " pkg2git (update git (frombundle branch) from the package "bundleofbundles")"
echo " refresh (refresh spec file from spec file template and "bundlofbundles")"
echo " ci (check-in to build service, avoiding some spec file formatting issues)"
echo " initbundle (Update/Create bundle only)"
echo "(See script for details on doing 'LATEST' workflow)"
check_requirements
}
@ -77,7 +73,7 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" != "LATEST" ]; then
usage
exit
;;
initbundle | git2pkg | pkg2git | refresh )
initbundle | git2pkg | pkg2git | refresh | ci)
;;
* )
echo "Unknown command"
@ -90,6 +86,14 @@ fi
check_requirements
# As an aid to bypassing issues with our multibuild package and obs (see code
# below following the osc localrun of osc service localrun format_spec_file),
# provide an automated way to checkin without needing to type so much
if [ "$1" = "ci" ]; then
osc ci -f -n --noservice
exit
fi
# TODO: Here we should validate the variables that should be set in config.sh
@ -1011,12 +1015,11 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then
echo "SUCCESS"
tail -9 ~/latest.log
else # not LATEST
#NOTNEEDED? git -C ${LOCAL_REPO_MAP[0]} checkout $GIT_UPSTREAM_COMMIT_ISH --recurse-submodules -f &> /dev/null
NEW_COMMIT_ISH=
WRITE_LOG=1
case $1 in
initbundle )
echo "Updating the bundle using the $GIT_BRANCH branch of the local repos."
echo "Updating/creating the bundle using the $GIT_BRANCH branch of the local repos."
echo "(If SUCCESS is not printed upon completion, see ~/initbundle.log for issues)"
initbundle &> ~/initbundle.log
echo "SUCCESS"

58
util-fix-use-after-free-in-module_load_o.patch Normal file
View File

@ -0,0 +1,58 @@
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Tue, 16 Mar 2021 17:44:56 +0400
Subject: util: fix use-after-free in module_load_one
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 64e16fbbf49ce81b37841480d14b0caf5753c98e
g_hash_table_add always retains ownership of the pointer passed in as
the key. Its return status merely indicates whether the added entry was
new, or replaced an existing entry. Thus key must never be freed after
this method returns.
Spotted by ASAN:
==2407186==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020003ac4f0 at pc 0x7ffff766659c bp 0x7fffffffd1d0 sp 0x7fffffffc980
READ of size 1 at 0x6020003ac4f0 thread T0
#0 0x7ffff766659b (/lib64/libasan.so.6+0x8a59b)
#1 0x7ffff6bfa843 in g_str_equal ../glib/ghash.c:2303
#2 0x7ffff6bf8167 in g_hash_table_lookup_node ../glib/ghash.c:493
#3 0x7ffff6bf9b78 in g_hash_table_insert_internal ../glib/ghash.c:1598
#4 0x7ffff6bf9c32 in g_hash_table_add ../glib/ghash.c:1689
#5 0x5555596caad4 in module_load_one ../util/module.c:233
#6 0x5555596ca949 in module_load_one ../util/module.c:225
#7 0x5555596ca949 in module_load_one ../util/module.c:225
#8 0x5555596cbdf4 in module_load_qom_all ../util/module.c:349
Typical C bug...
Fixes: 90629122d2e ("module: use g_hash_table_add()")
Cc: qemu-stable@nongnu.org
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210316134456.3243102-1-marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
util/module.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/util/module.c b/util/module.c
index cbe89fede628c3674e49194ee688..7661d0f6234d952f375ad09f67d7 100644
--- a/util/module.c
+++ b/util/module.c
@@ -230,10 +230,11 @@ bool module_load_one(const char *prefix, const char *lib_name, bool mayfail)
}
}
- if (!g_hash_table_add(loaded_modules, module_name)) {
+ if (g_hash_table_contains(loaded_modules, module_name)) {
g_free(module_name);
return true;
}
+ g_hash_table_add(loaded_modules, module_name);
search_dir = getenv("QEMU_MODULE_DIR");
if (search_dir != NULL) {

134
virtio-pci-compat-page-aligned-ATS.patch Normal file
View File

@ -0,0 +1,134 @@
From: Jason Wang <jasowang@redhat.com>
Date: Tue, 6 Apr 2021 12:03:30 +0800
Subject: virtio-pci: compat page aligned ATS
Git-commit: d83f46d189a26fa32434139954d264326f199a45
Commit 4c70875372b8 ("pci: advertise a page aligned ATS") advertises
the page aligned via ATS capability (RO) to unbrek recent Linux IOMMU
drivers since 5.2. But it forgot the compat the capability which
breaks the migration from old machine type:
(qemu) qemu-kvm: get_pci_config_device: Bad config data: i=0x104 read:
0 device: 20 cmask: ff wmask: 0 w1cmask:0
This patch introduces a new parameter "x-ats-page-aligned" for
virtio-pci device and turns it on for machine type which is newer than
5.1.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: qemu-stable@nongnu.org
Fixes: 4c70875372b8 ("pci: advertise a page aligned ATS")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20210406040330.11306-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/core/machine.c | 1 +
hw/pci/pcie.c | 10 ++++++----
hw/virtio/virtio-pci.c | 5 ++++-
hw/virtio/virtio-pci.h | 5 +++++
include/hw/pci/pcie.h | 2 +-
5 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 72ceba57def38ca9dd5c683a71c4..7e99d0a05bdf1a7c898bc8923a77 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -37,6 +37,7 @@ GlobalProperty hw_compat_5_1[] = {
{ "nvme", "use-intel-id", "on"},
{ "pvpanic", "events", "1"}, /* PVPANIC_PANICKED */
{ "pl011", "migrate-clk", "off" },
+ { "virtio-pci", "x-ats-page-aligned", "off"},
};
const size_t hw_compat_5_1_len = G_N_ELEMENTS(hw_compat_5_1);
diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
index d4010cf8f36178758315627d56bb..8bbabd6e2bb7b03c0f786e977fbf 100644
--- a/hw/pci/pcie.c
+++ b/hw/pci/pcie.c
@@ -964,16 +964,18 @@ void pcie_dev_ser_num_init(PCIDevice *dev, uint16_t offset, uint64_t ser_num)
pci_set_quad(dev->config + offset + pci_dsn_cap, ser_num);
}
-void pcie_ats_init(PCIDevice *dev, uint16_t offset)
+void pcie_ats_init(PCIDevice *dev, uint16_t offset, bool aligned)
{
pcie_add_capability(dev, PCI_EXT_CAP_ID_ATS, 0x1,
offset, PCI_EXT_CAP_ATS_SIZEOF);
dev->exp.ats_cap = offset;
- /* Invalidate Queue Depth 0, Page Aligned Request 1 */
- pci_set_word(dev->config + offset + PCI_ATS_CAP,
- PCI_ATS_CAP_PAGE_ALIGNED);
+ /* Invalidate Queue Depth 0 */
+ if (aligned) {
+ pci_set_word(dev->config + offset + PCI_ATS_CAP,
+ PCI_ATS_CAP_PAGE_ALIGNED);
+ }
/* STU 0, Disabled by default */
pci_set_word(dev->config + offset + PCI_ATS_CTRL, 0);
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index f863f69ede4f4bf1c09fc39a5035..b7ab325ae99176ae18ee64a0bfa5 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1840,7 +1840,8 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp)
}
if (proxy->flags & VIRTIO_PCI_FLAG_ATS) {
- pcie_ats_init(pci_dev, last_pcie_cap_offset);
+ pcie_ats_init(pci_dev, last_pcie_cap_offset,
+ proxy->flags & VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED);
last_pcie_cap_offset += PCI_EXT_CAP_ATS_SIZEOF;
}
@@ -1917,6 +1918,8 @@ static Property virtio_pci_properties[] = {
ignore_backend_features, false),
DEFINE_PROP_BIT("ats", VirtIOPCIProxy, flags,
VIRTIO_PCI_FLAG_ATS_BIT, false),
+ DEFINE_PROP_BIT("x-ats-page-aligned", VirtIOPCIProxy, flags,
+ VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED_BIT, true),
DEFINE_PROP_BIT("x-pcie-deverr-init", VirtIOPCIProxy, flags,
VIRTIO_PCI_FLAG_INIT_DEVERR_BIT, true),
DEFINE_PROP_BIT("x-pcie-lnkctl-init", VirtIOPCIProxy, flags,
diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h
index d7d5d403a9483f5f7e0f0f9b4110..2446dcd9aef197964b59f83b6183 100644
--- a/hw/virtio/virtio-pci.h
+++ b/hw/virtio/virtio-pci.h
@@ -42,6 +42,7 @@ enum {
VIRTIO_PCI_FLAG_INIT_PM_BIT,
VIRTIO_PCI_FLAG_INIT_FLR_BIT,
VIRTIO_PCI_FLAG_AER_BIT,
+ VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED_BIT,
};
/* Need to activate work-arounds for buggy guests at vmstate load. */
@@ -84,6 +85,10 @@ enum {
/* Advanced Error Reporting capability */
#define VIRTIO_PCI_FLAG_AER (1 << VIRTIO_PCI_FLAG_AER_BIT)
+/* Page Aligned Address space Translation Service */
+#define VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED \
+ (1 << VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED_BIT)
+
typedef struct {
MSIMessage msg;
int virq;
diff --git a/include/hw/pci/pcie.h b/include/hw/pci/pcie.h
index 14c58ebdb6ec1fd5dc3c8563fed9..6063bee0ec632c563f236f520aef 100644
--- a/include/hw/pci/pcie.h
+++ b/include/hw/pci/pcie.h
@@ -137,7 +137,7 @@ void pcie_acs_reset(PCIDevice *dev);
void pcie_ari_init(PCIDevice *dev, uint16_t offset, uint16_t nextfn);
void pcie_dev_ser_num_init(PCIDevice *dev, uint16_t offset, uint64_t ser_num);
-void pcie_ats_init(PCIDevice *dev, uint16_t offset);
+void pcie_ats_init(PCIDevice *dev, uint16_t offset, bool aligned);
void pcie_cap_slot_pre_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev,
Error **errp);