diff --git a/README.PACKAGING b/README.PACKAGING index d11574cc..be6bcabc 100644 --- a/README.PACKAGING +++ b/README.PACKAGING @@ -1,43 +1,54 @@ The qemu package includes a special maintenance workflow in order to support git -based patching. Please use it in order to have changes you make be acceptable to -the package maintainers. +based patching, including of submodules. Please use it in order to have changes +you make be acceptable to the package maintainers. A bash script (update_git.sh) +implements this workflow. -Currently a local clone of the upstream repo(s) is required for the packaging -workflow. It is anticipated that the need for any extra setup will be reduced or -even eliminated entirely in the future, but for now, you will need do so some -setup. See config.sh for details. +A local clone of the upstream repo(s) is required for the packaging workflow. +If none is found, the qemu superproject will be cloned as a shallow repo for the +workflow script's use. If you intend to do more than superficial work in the +qemu package, unshallow it. The submodule local repos aren't needed unless you +intend to do patch work there. See config.sh for the local repo paths. -The qemu.spec file is generated from a qemu.spec.in template, so to make changes -to the spec file beyond the patch name generation, patch reference and automated -versioning done by the scripts, you need to edit the template. Do not directly -edit the spec file. The spec file's version and patch references are added when -the update_git.sh script is passed certain commands, as described below. +The qemu.spec file is generated from a template file (qemu.spec.in), so to make +spec file changes outside of the patch file references (handled by the script), +you need to edit the template file, and NOT the qemu.spec file. The spec file's +version and patch references are added when update_git.sh is passed certain +commands, as described below. If you are not modifying any patches or their order, but just need to update the spec file from a changed template, run 'bash ./update_git.sh refresh'. If the set of patches is being modified, including their order, you will want to first run 'bash ./update_git.sh pkg2git', which makes the current package patch -queue available in a local git branch named frombundle (see config.sh for the -locations). This set of patches comes from a "bundle of git bundles", the -bundles.tar.xz file, which is included as a package source file. You will then -create an altered patch queue in the branch which corresponds to this release -(eg: opensuse-5.0), using the frombundle branch as the starting point for your -changes (eg perhaps start by doing git reset --hard frombundle, then cherry-pick -upstream patches from there). Once you have the patch queue ready to go run -'bash ./update_git.sh git2pkg' which updates the bundles.tar.xz file, as well as -the spec and patch files. +set available in a local git branch named 'frombundle' (see config.sh for the +locations). This incarnation of the package patches comes from a "bundle of git +bundles", included as a package source file named bundles.tar.xz, which the +script extracts to the corresponding local frombundle branch. To add, remove or +modify the package patches, you will then do that work in a local branch whose +name corresponds to that qemu package's release version as follows: +The qemu major and minor release numbers are part of the name, prefixed by +'opensuse-', so, for example, for the v5.2.0 based SLE-15-SP3 qemu, the branch +would be named 'opensuse-5.2'. You want to start your work based on the current +patchqueue as contained in 'frombundle', so one approach is to do (depending on +your local repo's current state), 'branch -B opensuse-5.2 frombundle', and then +cherry-pick upstream patches into it, or interactive rebase it to modify or +delete patches, etc. Be careful to keep the branch based on the upstream tag +which represents the package tarball however! Once you have the patch queue +ready to go, simply run 'bash ./update_git.sh git2pkg' (in your local obs branch +directory) to refresh the bundles.tar.xz file, as well as the package spec and +patch files. The package qemu.changes file is modified to list added or removed +patches as a starting point for documenting the change. -The default action for update_git.sh is git2pkg, which helps simplify repeated -package updates as you modify the patch queue from the local git repo. - -The maintainer and automation use another workflow mode dealing with packaging -the latest upstream qemu. See 'LATEST' references in the scripts for details. - -* * * * * * * * * +When you are ready to check in the package, using 'bash update_git.sh ci' is +provided as a convenience (and to help preserve correct spec file formatting, +since a 'normal osc check-in' messes up the spec file a bit). Additional Notes: +The maintainer and automation use another workflow mode dealing with packaging +the latest upstream qemu. See 'LATEST' references in the scripts for details, +as this is an 'expert mode' and isn't documented here. + Patches which are from an upstream git repo should have the commit id recorded just below the Subject line (after a blank line) as follows: @@ -47,13 +58,18 @@ If a patch is anticipated to be shortly included in upstream repo, mark that fact by doing the above with 40 0's, which will flag it as needing to be updated in the near future. +We try to maintain, if possible, patch ordering as follows: (tarball as base), +patches which come from upstream commits in commit order, patches which will +soon be upstream (as mentioned above), followed by our private patches. + Bug or feature tracking identifiers should also be added to the patch similarly, using the abbreviations identified here: http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines#Current_set_of_abbreviations using the "Reference:" tag, with multiple entries comma separated. The ability to provide a conditional inclusion of a patch (eg based on -architecture, is provided by using the "Include-If:" tag similarly, as follows: +architecture, is provided by this workflow by using the "Include-If:" tag, as +shown here: Include-If: %ifarch aarch64 diff --git a/block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch b/block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch new file mode 100644 index 00000000..c9f6f299 --- /dev/null +++ b/block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch @@ -0,0 +1,47 @@ +From: Stefano Garzarella +Date: Mon, 29 Mar 2021 17:01:29 +0200 +Subject: block/rbd: Fix memory leak in qemu_rbd_co_create_opts() + +Git-commit: b084b420d9d6347dede328fbcf18c8e4c695f7e8 + +When we allocate 'q_namespace', we forgot to set 'has_q_namespace' +to true. This can cause several issues, including a memory leak, +since qapi_free_BlockdevCreateOptions() does not deallocate that +memory, as reported by valgrind: + + 13 bytes in 1 blocks are definitely lost in loss record 7 of 96 + at 0x4839809: malloc (vg_replace_malloc.c:307) + by 0x48CEBB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8) + by 0x48E3FE3: g_strdup (in /usr/lib64/libglib-2.0.so.0.6600.8) + by 0x180010: qemu_rbd_co_create_opts (rbd.c:446) + by 0x1AE72C: bdrv_create_co_entry (block.c:492) + by 0x241902: coroutine_trampoline (coroutine-ucontext.c:173) + by 0x57530AF: ??? (in /usr/lib64/libc-2.32.so) + by 0x1FFEFFFA6F: ??? + +Fix setting 'has_q_namespace' to true when we allocate 'q_namespace'. + +Fixes: 19ae9ae014 ("block/rbd: Add support for ceph namespaces") +Signed-off-by: Stefano Garzarella +Message-Id: <20210329150129.121182-3-sgarzare@redhat.com> +Reviewed-by: Markus Armbruster +Reviewed-by: Max Reitz +Signed-off-by: Kevin Wolf +Signed-off-by: Bruce Rogers +[BR: Modified subject to acheive unique patchname] +--- + block/rbd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/block/rbd.c b/block/rbd.c +index 15f1ac3b47d45e347a34579130ea..318e2826fc4180a1ad6837c81150 100644 +--- a/block/rbd.c ++++ b/block/rbd.c +@@ -444,6 +444,7 @@ static int coroutine_fn qemu_rbd_co_create_opts(BlockDriver *drv, + loc->user = g_strdup(qdict_get_try_str(options, "user")); + loc->has_user = !!loc->user; + loc->q_namespace = g_strdup(qdict_get_try_str(options, "namespace")); ++ loc->has_q_namespace = !!loc->q_namespace; + loc->image = g_strdup(qdict_get_try_str(options, "image")); + keypairs = qdict_get_try_str(options, "=keyvalue-pairs"); + diff --git a/block-rbd-fix-memory-leak-in-qemu_rbd_co.patch b/block-rbd-fix-memory-leak-in-qemu_rbd_co.patch new file mode 100644 index 00000000..b990660a --- /dev/null +++ b/block-rbd-fix-memory-leak-in-qemu_rbd_co.patch @@ -0,0 +1,74 @@ +From: Stefano Garzarella +Date: Mon, 29 Mar 2021 17:01:28 +0200 +Subject: block/rbd: fix memory leak in qemu_rbd_connect() + +Git-commit: c1c1f6cf511496b985cb9a1c536d59c9be7b9317 + +In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host() +using g_strjoinv(), but it's only freed in the error path, leaking +memory in the success path as reported by valgrind: + + 80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516 + at 0x4839809: malloc (vg_replace_malloc.c:307) + by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8) + by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8) + by 0x87D07E: qemu_rbd_mon_host (rbd.c:538) + by 0x87D07E: qemu_rbd_connect (rbd.c:562) + by 0x87E1CE: qemu_rbd_open (rbd.c:740) + by 0x840EB1: bdrv_open_driver (block.c:1528) + by 0x8453A9: bdrv_open_common (block.c:1802) + by 0x8453A9: bdrv_open_inherit (block.c:3444) + by 0x8464C2: bdrv_open (block.c:3537) + by 0x8108CD: qmp_blockdev_add (blockdev.c:3569) + by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086) + by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131) + by 0x907EA4: aio_bh_poll (async.c:164) + +Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly. + +Fixes: 0a55679b4a5061f4d74bdb1a0e81611ba3390b00 +Signed-off-by: Stefano Garzarella +Message-Id: <20210329150129.121182-2-sgarzare@redhat.com> +Reviewed-by: Markus Armbruster +Reviewed-by: Max Reitz +Signed-off-by: Kevin Wolf +Signed-off-by: Bruce Rogers +--- + block/rbd.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/block/rbd.c b/block/rbd.c +index 9bd2bce71651b8612e37c5dc040d..15f1ac3b47d45e347a34579130ea 100644 +--- a/block/rbd.c ++++ b/block/rbd.c +@@ -563,13 +563,13 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx, + if (local_err) { + error_propagate(errp, local_err); + r = -EINVAL; +- goto failed_opts; ++ goto out; + } + + r = rados_create(cluster, opts->user); + if (r < 0) { + error_setg_errno(errp, -r, "error initializing"); +- goto failed_opts; ++ goto out; + } + + /* try default location when conf=NULL, but ignore failure */ +@@ -626,11 +626,12 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx, + */ + rados_ioctx_set_namespace(*io_ctx, opts->q_namespace); + +- return 0; ++ r = 0; ++ goto out; + + failed_shutdown: + rados_shutdown(*cluster); +-failed_opts: ++out: + g_free(mon_host); + return r; + } diff --git a/bundles.tar.xz b/bundles.tar.xz index 70b10930..63ab3691 100644 --- a/bundles.tar.xz +++ b/bundles.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b1d2867d10746cf923467f5bddfbf443f001f1363dba4c9c099fc395ac8c2e75 -size 100056 +oid sha256:571e056a525b5f1ac55c4e4784a831f3bddb8cd1e0fa6fee750792a92681eb9b +size 108908 diff --git a/cpu-core-Fix-help-of-CPU-core-device-typ.patch b/cpu-core-Fix-help-of-CPU-core-device-typ.patch new file mode 100644 index 00000000..1cd7f8f0 --- /dev/null +++ b/cpu-core-Fix-help-of-CPU-core-device-typ.patch @@ -0,0 +1,60 @@ +From: Greg Kurz +Date: Fri, 9 Apr 2021 18:03:39 +0200 +Subject: cpu/core: Fix "help" of CPU core device types + +Git-commit: 0b47ec4b95ad1952e55e639711d442f8ec6e1345 + +Calling qdev_get_machine() from a QOM instance_init function is +fragile because we can't be sure the machine object actually +exists. And this happens to break when passing ",help" on the +command line to get the list of properties for a CPU core +device types : + +$ ./qemu-system-ppc64 -device power8_v2.0-spapr-cpu-core,help +qemu-system-ppc64: ../../hw/core/machine.c:1290: + qdev_get_machine: Assertion `machine != NULL' failed. +Aborted (core dumped) + +This used to work before QEMU 5.0, but commit 3df261b6676b +unwillingly introduced a subtle regression : the above command +line needs to create an instance but the instance_init function +of the base class calls qdev_get_machine() before +qemu_create_machine() has been called, which is a programming bug. + +Use current_machine instead. It is okay to skip the setting of +nr_thread in this case since only its type is displayed. + +Fixes: 3df261b6676b ("softmmu/vl.c: Handle '-cpu help' and '-device help' before 'no default machine'") +Reported-by: Thomas Huth +Signed-off-by: Greg Kurz +Cc: peter.maydell@linaro.org +Message-Id: <20210409160339.500167-3-groug@kaod.org> +Signed-off-by: Eduardo Habkost +Signed-off-by: Bruce Rogers +--- + hw/cpu/core.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/hw/cpu/core.c b/hw/cpu/core.c +index 92d3b2fbad62cc3dd7656f148bfd..9876075155743d8966a8383412fd 100644 +--- a/hw/cpu/core.c ++++ b/hw/cpu/core.c +@@ -66,10 +66,16 @@ static void core_prop_set_nr_threads(Object *obj, Visitor *v, const char *name, + + static void cpu_core_instance_init(Object *obj) + { +- MachineState *ms = MACHINE(qdev_get_machine()); + CPUCore *core = CPU_CORE(obj); + +- core->nr_threads = ms->smp.threads; ++ /* ++ * Only '-device something-cpu-core,help' can get us there before ++ * the machine has been created. We don't care to set nr_threads ++ * in this case since it isn't used afterwards. ++ */ ++ if (current_machine) { ++ core->nr_threads = current_machine->smp.threads; ++ } + } + + static void cpu_core_class_init(ObjectClass *oc, void *data) diff --git a/hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch b/hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch new file mode 100644 index 00000000..ec73f2a9 --- /dev/null +++ b/hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch @@ -0,0 +1,36 @@ +From: Zenghui Yu +Date: Fri, 2 Apr 2021 16:47:31 +0800 +Subject: hw/arm/virt-acpi-build: Fix GSIV values of the {GERR, Sync} + interrupts + +Git-commit: 0c38f607836af40921ea2b58676b7c4a9fe33bef + +The GSIV values in SMMUv3 IORT node are not correct as they don't match +the SMMUIrq enumeration, which describes the IRQ<->PIN mapping used by +our emulated vSMMU. + +Fixes: a703b4f6c1ee ("hw/arm/virt-acpi-build: Add smmuv3 node in IORT table") +Signed-off-by: Zenghui Yu +Acked-by: Eric Auger +Message-id: 20210402084731.93-1-yuzenghui@huawei.com +Signed-off-by: Peter Maydell +Signed-off-by: Bruce Rogers +--- + hw/arm/virt-acpi-build.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c +index 9747a6458f0bfd34a3c2b3fda96a..6cd17c58c5535ee7277292b7372f 100644 +--- a/hw/arm/virt-acpi-build.c ++++ b/hw/arm/virt-acpi-build.c +@@ -287,8 +287,8 @@ build_iort(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms) + smmu->flags = cpu_to_le32(ACPI_IORT_SMMU_V3_COHACC_OVERRIDE); + smmu->event_gsiv = cpu_to_le32(irq); + smmu->pri_gsiv = cpu_to_le32(irq + 1); +- smmu->gerr_gsiv = cpu_to_le32(irq + 2); +- smmu->sync_gsiv = cpu_to_le32(irq + 3); ++ smmu->sync_gsiv = cpu_to_le32(irq + 2); ++ smmu->gerr_gsiv = cpu_to_le32(irq + 3); + + /* Identity RID mapping covering the whole input RID range */ + idmap = &smmu->id_mapping_array[0]; diff --git a/hw-block-fdc-Fix-fallback-property-on-sy.patch b/hw-block-fdc-Fix-fallback-property-on-sy.patch new file mode 100644 index 00000000..496a4c64 --- /dev/null +++ b/hw-block-fdc-Fix-fallback-property-on-sy.patch @@ -0,0 +1,47 @@ +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Wed, 7 Apr 2021 15:37:42 +0200 +Subject: hw/block/fdc: Fix 'fallback' property on sysbus floppy disk + controllers +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: da64789d3a16b2c5b5f1be9c75b00c2b8ae393a0 + +Setting the 'fallback' property corrupts the QOM instance state +(FDCtrlSysBus) because it accesses an incorrect offset (it uses +the offset of the FDCtrlISABus state). + +Cc: qemu-stable@nongnu.org +Fixes: a73275dd6fc ("fdc: Add fallback option") +Signed-off-by: Philippe Mathieu-Daudé +Message-Id: <20210407133742.1680424-1-f4bug@amsat.org> +Reviewed-by: Markus Armbruster +Signed-off-by: Kevin Wolf +Signed-off-by: Bruce Rogers +--- + hw/block/fdc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/block/fdc.c b/hw/block/fdc.c +index d6ba6c8f730092632770cf66908b..11a43cd4a18c02e3492d3f171049 100644 +--- a/hw/block/fdc.c ++++ b/hw/block/fdc.c +@@ -2961,7 +2961,7 @@ static Property sysbus_fdc_properties[] = { + DEFINE_PROP_SIGNED("fdtypeB", FDCtrlSysBus, state.qdev_for_drives[1].type, + FLOPPY_DRIVE_TYPE_AUTO, qdev_prop_fdc_drive_type, + FloppyDriveType), +- DEFINE_PROP_SIGNED("fallback", FDCtrlISABus, state.fallback, ++ DEFINE_PROP_SIGNED("fallback", FDCtrlSysBus, state.fallback, + FLOPPY_DRIVE_TYPE_144, qdev_prop_fdc_drive_type, + FloppyDriveType), + DEFINE_PROP_END_OF_LIST(), +@@ -2987,7 +2987,7 @@ static Property sun4m_fdc_properties[] = { + DEFINE_PROP_SIGNED("fdtype", FDCtrlSysBus, state.qdev_for_drives[0].type, + FLOPPY_DRIVE_TYPE_AUTO, qdev_prop_fdc_drive_type, + FloppyDriveType), +- DEFINE_PROP_SIGNED("fallback", FDCtrlISABus, state.fallback, ++ DEFINE_PROP_SIGNED("fallback", FDCtrlSysBus, state.fallback, + FLOPPY_DRIVE_TYPE_144, qdev_prop_fdc_drive_type, + FloppyDriveType), + DEFINE_PROP_END_OF_LIST(), diff --git a/hw-isa-Kconfig-Add-missing-dependency-VI.patch b/hw-isa-Kconfig-Add-missing-dependency-VI.patch new file mode 100644 index 00000000..11636cf3 --- /dev/null +++ b/hw-isa-Kconfig-Add-missing-dependency-VI.patch @@ -0,0 +1,33 @@ +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Tue, 2 Mar 2021 09:00:42 +0100 +Subject: hw/isa/Kconfig: Add missing dependency VIA VT82C686 -> APM +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: 50fab4cc672233fee22fff2cf51543af57602c7d + +TYPE_VIA_PM calls apm_init() in via_pm_realize(), so +requires APM to be selected. + +Reported-by: BALATON Zoltan +Fixes: dd0ff8191ab ("isa: express SuperIO dependencies with Kconfig") +Signed-off-by: Philippe Mathieu-Daudé +Message-Id: <20210302080531.913802-1-f4bug@amsat.org> +Signed-off-by: Bruce Rogers +--- + hw/isa/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig +index c7f07854f7e7777a03c7dd1db0d0..9c026d0c5103b87b3e8c9348a8d0 100644 +--- a/hw/isa/Kconfig ++++ b/hw/isa/Kconfig +@@ -47,6 +47,7 @@ config VT82C686 + select ACPI_SMBUS + select SERIAL_ISA + select FDC ++ select APM + + config SMC37C669 + bool diff --git a/hw-isa-piix4-Migrate-Reset-Control-Regis.patch b/hw-isa-piix4-Migrate-Reset-Control-Regis.patch new file mode 100644 index 00000000..21aa415c --- /dev/null +++ b/hw-isa-piix4-Migrate-Reset-Control-Regis.patch @@ -0,0 +1,62 @@ +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Wed, 24 Mar 2021 14:54:43 +0100 +Subject: hw/isa/piix4: Migrate Reset Control Register +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: 62271205bcfaee440d06c06060ee79dac657caff + +When adding the Reset register in commit 5790b757cfb we +forgot to migrate it. + +While it is possible a VM using the PIIX4 is migrated just +after requesting a system shutdown, it is very unlikely. +However when restoring a migrated VM, we might have the +RCR bit #4 set on the stack and when the VM resume it +directly shutdowns. + +Add a post_load() migration handler and set the default +RCR value to 0 for earlier versions, assuming the VM was +not going to shutdown before migration. + +Fixes: 5790b757cfb ("piix4: Add the Reset Control Register") +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Dr. David Alan Gilbert +Message-Id: <20210324200334.729899-1-f4bug@amsat.org> +Signed-off-by: Bruce Rogers +--- + hw/isa/piix4.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c +index a50d97834c760e3ebc5103614ee9..b3b6a4378a334b1a4bf0105a6857 100644 +--- a/hw/isa/piix4.c ++++ b/hw/isa/piix4.c +@@ -93,12 +93,25 @@ static void piix4_isa_reset(DeviceState *dev) + pci_conf[0xae] = 0x00; + } + ++static int piix4_ide_post_load(void *opaque, int version_id) ++{ ++ PIIX4State *s = opaque; ++ ++ if (version_id == 2) { ++ s->rcr = 0; ++ } ++ ++ return 0; ++} ++ + static const VMStateDescription vmstate_piix4 = { + .name = "PIIX4", +- .version_id = 2, ++ .version_id = 3, + .minimum_version_id = 2, ++ .post_load = piix4_ide_post_load, + .fields = (VMStateField[]) { + VMSTATE_PCI_DEVICE(dev, PIIX4State), ++ VMSTATE_UINT8_V(rcr, PIIX4State, 3), + VMSTATE_END_OF_LIST() + } + }; diff --git a/hw-virtio-pci-Added-AER-capability.patch b/hw-virtio-pci-Added-AER-capability.patch new file mode 100644 index 00000000..8e4ca78c --- /dev/null +++ b/hw-virtio-pci-Added-AER-capability.patch @@ -0,0 +1,84 @@ +From: Andrew Melnychenko +Date: Thu, 3 Dec 2020 13:07:13 +0200 +Subject: hw/virtio-pci Added AER capability. + +Git-commit: fdfa3b1d6f9edd97c807df496a0d8e9ea49240da + +Added AER capability for virtio-pci devices. +Also added property for devices, by default AER is disabled. + +Signed-off-by: Andrew Melnychenko +Message-Id: <20201203110713.204938-3-andrew@daynix.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Bruce Rogers +[BR: needed for stable commit d83f46d189a26fa32434139954d264326f199a45] +--- + hw/virtio/virtio-pci.c | 16 ++++++++++++++++ + hw/virtio/virtio-pci.h | 4 ++++ + 2 files changed, 20 insertions(+) + +diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c +index ceaa233129c529b604f461e45336..f863f69ede4f4bf1c09fc39a5035 100644 +--- a/hw/virtio/virtio-pci.c ++++ b/hw/virtio/virtio-pci.c +@@ -1817,6 +1817,12 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp) + */ + pci_set_word(pci_dev->config + pos + PCI_PM_PMC, 0x3); + ++ if (proxy->flags & VIRTIO_PCI_FLAG_AER) { ++ pcie_aer_init(pci_dev, PCI_ERR_VER, last_pcie_cap_offset, ++ PCI_ERR_SIZEOF, NULL); ++ last_pcie_cap_offset += PCI_ERR_SIZEOF; ++ } ++ + if (proxy->flags & VIRTIO_PCI_FLAG_INIT_DEVERR) { + /* Init error enabling flags */ + pcie_cap_deverr_init(pci_dev); +@@ -1858,7 +1864,15 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp) + + static void virtio_pci_exit(PCIDevice *pci_dev) + { ++ VirtIOPCIProxy *proxy = VIRTIO_PCI(pci_dev); ++ bool pcie_port = pci_bus_is_express(pci_get_bus(pci_dev)) && ++ !pci_bus_is_root(pci_get_bus(pci_dev)); ++ + msix_uninit_exclusive_bar(pci_dev); ++ if (proxy->flags & VIRTIO_PCI_FLAG_AER && pcie_port && ++ pci_is_express(pci_dev)) { ++ pcie_aer_exit(pci_dev); ++ } + } + + static void virtio_pci_reset(DeviceState *qdev) +@@ -1911,6 +1925,8 @@ static Property virtio_pci_properties[] = { + VIRTIO_PCI_FLAG_INIT_PM_BIT, true), + DEFINE_PROP_BIT("x-pcie-flr-init", VirtIOPCIProxy, flags, + VIRTIO_PCI_FLAG_INIT_FLR_BIT, true), ++ DEFINE_PROP_BIT("aer", VirtIOPCIProxy, flags, ++ VIRTIO_PCI_FLAG_AER_BIT, false), + DEFINE_PROP_END_OF_LIST(), + }; + +diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h +index 06e2af12de64c32f8c26c7f9e858..d7d5d403a9483f5f7e0f0f9b4110 100644 +--- a/hw/virtio/virtio-pci.h ++++ b/hw/virtio/virtio-pci.h +@@ -41,6 +41,7 @@ enum { + VIRTIO_PCI_FLAG_INIT_LNKCTL_BIT, + VIRTIO_PCI_FLAG_INIT_PM_BIT, + VIRTIO_PCI_FLAG_INIT_FLR_BIT, ++ VIRTIO_PCI_FLAG_AER_BIT, + }; + + /* Need to activate work-arounds for buggy guests at vmstate load. */ +@@ -80,6 +81,9 @@ enum { + /* Init Function Level Reset capability */ + #define VIRTIO_PCI_FLAG_INIT_FLR (1 << VIRTIO_PCI_FLAG_INIT_FLR_BIT) + ++/* Advanced Error Reporting capability */ ++#define VIRTIO_PCI_FLAG_AER (1 << VIRTIO_PCI_FLAG_AER_BIT) ++ + typedef struct { + MSIMessage msg; + int virq; diff --git a/hw-virtio-pci-Added-counter-for-pcie-cap.patch b/hw-virtio-pci-Added-counter-for-pcie-cap.patch new file mode 100644 index 00000000..56aee18e --- /dev/null +++ b/hw-virtio-pci-Added-counter-for-pcie-cap.patch @@ -0,0 +1,41 @@ +From: Andrew Melnychenko +Date: Thu, 3 Dec 2020 13:07:12 +0200 +Subject: hw/virtio-pci Added counter for pcie capabilities offsets. + +Git-commit: 06e97442420b03a1e0ff05e8eb554fac684ca736 + +Removed hardcoded offset for ats. Added cap offset counter +for future capabilities like AER. + +Signed-off-by: Andrew Melnychenko +Message-Id: <20201203110713.204938-2-andrew@daynix.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Bruce Rogers +[BR: needed for stable commit d83f46d189a26fa32434139954d264326f199a45] +--- + hw/virtio/virtio-pci.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c +index 36524a5728e40da961b4db862558..ceaa233129c529b604f461e45336 100644 +--- a/hw/virtio/virtio-pci.c ++++ b/hw/virtio/virtio-pci.c +@@ -1798,6 +1798,7 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp) + + if (pcie_port && pci_is_express(pci_dev)) { + int pos; ++ uint16_t last_pcie_cap_offset = PCI_CONFIG_SPACE_SIZE; + + pos = pcie_endpoint_cap_init(pci_dev, 0); + assert(pos > 0); +@@ -1833,7 +1834,8 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp) + } + + if (proxy->flags & VIRTIO_PCI_FLAG_ATS) { +- pcie_ats_init(pci_dev, 256); ++ pcie_ats_init(pci_dev, last_pcie_cap_offset); ++ last_pcie_cap_offset += PCI_EXT_CAP_ATS_SIZEOF; + } + + if (proxy->flags & VIRTIO_PCI_FLAG_INIT_FLR) { diff --git a/qemu.changes b/qemu.changes index f4471353..6b33c4c3 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Tue Apr 13 19:17:26 UTC 2021 - Bruce Rogers + +- Include upstream patches designated as stable material and + reviewed for applicability to include here. NOTE that the + PIIX4 patch has migration implications: the change will also be + applied to the SLE-15-SP2 qemu, and a live migration from that + version to this SLE-15-SP3 qemu would require this patch to be + applied for a successful migration if PIIX4 southbridge is used + in the machine emulation (x86 i440fx) + block-rbd-fix-memory-leak-in-qemu_rbd_co.patch + block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch + cpu-core-Fix-help-of-CPU-core-device-typ.patch + hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch + hw-block-fdc-Fix-fallback-property-on-sy.patch + hw-isa-Kconfig-Add-missing-dependency-VI.patch + hw-isa-piix4-Migrate-Reset-Control-Regis.patch + hw-virtio-pci-Added-AER-capability.patch + hw-virtio-pci-Added-counter-for-pcie-cap.patch + s390x-css-report-errors-from-ccw_dstream.patch + target-xtensa-fix-meson.build-rule-for-x.patch + util-fix-use-after-free-in-module_load_o.patch + virtio-pci-compat-page-aligned-ATS.patch + ------------------------------------------------------------------- Tue Mar 30 17:30:11 UTC 2021 - Bruce Rogers diff --git a/qemu.spec b/qemu.spec index 74fffb0f..47534e86 100644 --- a/qemu.spec +++ b/qemu.spec @@ -200,52 +200,65 @@ Patch00064: hw-arm-virt-Disable-pl011-clock-migratio.patch Patch00065: s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch Patch00066: s390x-add-have_virtio_ccw.patch Patch00067: s390x-modularize-virtio-gpu-ccw.patch -Patch00068: net-vmxnet3-validate-configuration-value.patch -Patch00069: XXX-dont-dump-core-on-sigabort.patch -Patch00070: qemu-binfmt-conf-Modify-default-path.patch -Patch00071: qemu-cvs-gettimeofday.patch -Patch00072: qemu-cvs-ioctl_debug.patch -Patch00073: qemu-cvs-ioctl_nodirection.patch -Patch00074: linux-user-add-binfmt-wrapper-for-argv-0.patch -Patch00075: PPC-KVM-Disable-mmu-notifier-check.patch -Patch00076: linux-user-binfmt-support-host-binaries.patch -Patch00077: linux-user-Fake-proc-cpuinfo.patch -Patch00078: linux-user-use-target_ulong.patch -Patch00079: Make-char-muxer-more-robust-wrt-small-FI.patch -Patch00080: linux-user-lseek-explicitly-cast-non-set.patch -Patch00081: AIO-Reduce-number-of-threads-for-32bit-h.patch -Patch00082: xen_disk-Add-suse-specific-flush-disable.patch -Patch00083: qemu-bridge-helper-reduce-security-profi.patch -Patch00084: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch -Patch00085: roms-Makefile-pass-a-packaging-timestamp.patch -Patch00086: Raise-soft-address-space-limit-to-hard-l.patch -Patch00087: increase-x86_64-physical-bits-to-42.patch -Patch00088: i8254-Fix-migration-from-SLE11-SP2.patch -Patch00089: acpi_piix4-Fix-migration-from-SLE11-SP2.patch -Patch00090: Make-installed-scripts-explicitly-python.patch -Patch00091: hw-smbios-handle-both-file-formats-regar.patch -Patch00092: xen-add-block-resize-support-for-xen-dis.patch -Patch00093: tests-qemu-iotests-Triple-timeout-of-i-o.patch -Patch00094: tests-Fix-block-tests-to-be-compatible-w.patch -Patch00095: xen-ignore-live-parameter-from-xen-save-.patch -Patch00096: tests-change-error-message-in-test-162.patch -Patch00097: hw-intc-exynos4210_gic-provide-more-room.patch -Patch00098: configure-only-populate-roms-if-softmmu.patch -Patch00099: pc-bios-s390-ccw-net-avoid-warning-about.patch -Patch00100: roms-change-cross-compiler-naming-to-be-.patch -Patch00101: test-add-mapping-from-arch-of-i686-to-qe.patch -Patch00102: configure-remove-pkgversion-from-CONFIG_.patch -Patch00103: docs-add-SUSE-support-statements-to-html.patch -Patch00104: s390x-Fix-stringop-truncation-issue-repo.patch -Patch00105: Revert-qht-constify-qht_statistics_init.patch -Patch00106: qht-Revert-some-constification-in-qht.c.patch -Patch00107: meson-install-ivshmem-client-and-ivshmem.patch -Patch00108: Revert-roms-efirom-tests-uefi-test-tools.patch -Patch00109: Makefile-Don-t-check-pc-bios-as-pre-requ.patch -Patch00110: roms-Makefile-add-cross-file-to-qboot-me.patch -Patch00111: usb-Help-compiler-out-to-avoid-a-warning.patch -Patch00112: module-for-virtio-gpu-pre-load-module-to.patch -Patch00113: qom-handle-case-of-chardev-spice-module-.patch +Patch00068: util-fix-use-after-free-in-module_load_o.patch +Patch00069: target-xtensa-fix-meson.build-rule-for-x.patch +Patch00070: hw-virtio-pci-Added-counter-for-pcie-cap.patch +Patch00071: hw-virtio-pci-Added-AER-capability.patch +Patch00072: virtio-pci-compat-page-aligned-ATS.patch +Patch00073: s390x-css-report-errors-from-ccw_dstream.patch +Patch00074: block-rbd-fix-memory-leak-in-qemu_rbd_co.patch +Patch00075: block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch +Patch00076: hw-block-fdc-Fix-fallback-property-on-sy.patch +Patch00077: cpu-core-Fix-help-of-CPU-core-device-typ.patch +Patch00078: hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch +Patch00079: hw-isa-Kconfig-Add-missing-dependency-VI.patch +Patch00080: hw-isa-piix4-Migrate-Reset-Control-Regis.patch +Patch00081: net-vmxnet3-validate-configuration-value.patch +Patch00082: XXX-dont-dump-core-on-sigabort.patch +Patch00083: qemu-binfmt-conf-Modify-default-path.patch +Patch00084: qemu-cvs-gettimeofday.patch +Patch00085: qemu-cvs-ioctl_debug.patch +Patch00086: qemu-cvs-ioctl_nodirection.patch +Patch00087: linux-user-add-binfmt-wrapper-for-argv-0.patch +Patch00088: PPC-KVM-Disable-mmu-notifier-check.patch +Patch00089: linux-user-binfmt-support-host-binaries.patch +Patch00090: linux-user-Fake-proc-cpuinfo.patch +Patch00091: linux-user-use-target_ulong.patch +Patch00092: Make-char-muxer-more-robust-wrt-small-FI.patch +Patch00093: linux-user-lseek-explicitly-cast-non-set.patch +Patch00094: AIO-Reduce-number-of-threads-for-32bit-h.patch +Patch00095: xen_disk-Add-suse-specific-flush-disable.patch +Patch00096: qemu-bridge-helper-reduce-security-profi.patch +Patch00097: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch +Patch00098: roms-Makefile-pass-a-packaging-timestamp.patch +Patch00099: Raise-soft-address-space-limit-to-hard-l.patch +Patch00100: increase-x86_64-physical-bits-to-42.patch +Patch00101: i8254-Fix-migration-from-SLE11-SP2.patch +Patch00102: acpi_piix4-Fix-migration-from-SLE11-SP2.patch +Patch00103: Make-installed-scripts-explicitly-python.patch +Patch00104: hw-smbios-handle-both-file-formats-regar.patch +Patch00105: xen-add-block-resize-support-for-xen-dis.patch +Patch00106: tests-qemu-iotests-Triple-timeout-of-i-o.patch +Patch00107: tests-Fix-block-tests-to-be-compatible-w.patch +Patch00108: xen-ignore-live-parameter-from-xen-save-.patch +Patch00109: tests-change-error-message-in-test-162.patch +Patch00110: hw-intc-exynos4210_gic-provide-more-room.patch +Patch00111: configure-only-populate-roms-if-softmmu.patch +Patch00112: pc-bios-s390-ccw-net-avoid-warning-about.patch +Patch00113: roms-change-cross-compiler-naming-to-be-.patch +Patch00114: test-add-mapping-from-arch-of-i686-to-qe.patch +Patch00115: configure-remove-pkgversion-from-CONFIG_.patch +Patch00116: docs-add-SUSE-support-statements-to-html.patch +Patch00117: s390x-Fix-stringop-truncation-issue-repo.patch +Patch00118: Revert-qht-constify-qht_statistics_init.patch +Patch00119: qht-Revert-some-constification-in-qht.c.patch +Patch00120: meson-install-ivshmem-client-and-ivshmem.patch +Patch00121: Revert-roms-efirom-tests-uefi-test-tools.patch +Patch00122: Makefile-Don-t-check-pc-bios-as-pre-requ.patch +Patch00123: roms-Makefile-add-cross-file-to-qboot-me.patch +Patch00124: usb-Help-compiler-out-to-avoid-a-warning.patch +Patch00125: module-for-virtio-gpu-pre-load-module-to.patch +Patch00126: qom-handle-case-of-chardev-spice-module-.patch # Patches applied in roms/seabios/: Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch @@ -1177,23 +1190,36 @@ This package records qemu testsuite results and represents successful testing. %patch00100 -p1 %patch00101 -p1 %patch00102 -p1 -%if %{legacy_qemu_kvm} %patch00103 -p1 -%endif %patch00104 -p1 %patch00105 -p1 %patch00106 -p1 %patch00107 -p1 %patch00108 -p1 %patch00109 -p1 -%ifarch aarch64 %patch00110 -p1 -%endif -%ifarch %arm %ix86 ppc %patch00111 -p1 -%endif %patch00112 -p1 %patch00113 -p1 +%patch00114 -p1 +%patch00115 -p1 +%if %{legacy_qemu_kvm} +%patch00116 -p1 +%endif +%patch00117 -p1 +%patch00118 -p1 +%patch00119 -p1 +%patch00120 -p1 +%patch00121 -p1 +%patch00122 -p1 +%ifarch aarch64 +%patch00123 -p1 +%endif +%ifarch %arm %ix86 ppc +%patch00124 -p1 +%endif +%patch00125 -p1 +%patch00126 -p1 %patch01000 -p1 %patch01001 -p1 %patch01002 -p1 diff --git a/s390x-css-report-errors-from-ccw_dstream.patch b/s390x-css-report-errors-from-ccw_dstream.patch new file mode 100644 index 00000000..d307c244 --- /dev/null +++ b/s390x-css-report-errors-from-ccw_dstream.patch @@ -0,0 +1,269 @@ +From: Pierre Morel +Date: Thu, 8 Apr 2021 18:32:09 +0200 +Subject: s390x: css: report errors from ccw_dstream_read/write + +Git-commit: d895d25ae2bb8519aa715dd2a97f09d4a66b189d + +ccw_dstream_read/write functions returned values are sometime +not taking into account and reported back to the upper level +of interpretation of CCW instructions. + +It follows that accessing an invalid address does not trigger +a subchannel status program check to the guest as it should. + +Let's test the return values of ccw_dstream_write[_buf] and +ccw_dstream_read[_buf] and report it to the caller. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Pierre Morel +Acked-by: Halil Pasic +Message-Id: <1617899529-9329-2-git-send-email-pmorel@linux.ibm.com> +Signed-off-by: Cornelia Huck +Signed-off-by: Bruce Rogers +--- + hw/char/terminal3270.c | 11 +++++-- + hw/s390x/3270-ccw.c | 5 +++- + hw/s390x/css.c | 14 +++++---- + hw/s390x/virtio-ccw.c | 66 ++++++++++++++++++++++++++++++------------ + 4 files changed, 69 insertions(+), 27 deletions(-) + +diff --git a/hw/char/terminal3270.c b/hw/char/terminal3270.c +index d77981bb6d52a2af651bfa2b6ecb..f969ee57fd85164073f98c3285b5 100644 +--- a/hw/char/terminal3270.c ++++ b/hw/char/terminal3270.c +@@ -199,9 +199,13 @@ static int read_payload_3270(EmulatedCcw3270Device *dev) + { + Terminal3270 *t = TERMINAL_3270(dev); + int len; ++ int ret; + + len = MIN(ccw_dstream_avail(get_cds(t)), t->in_len); +- ccw_dstream_write_buf(get_cds(t), t->inv, len); ++ ret = ccw_dstream_write_buf(get_cds(t), t->inv, len); ++ if (ret < 0) { ++ return ret; ++ } + t->in_len -= len; + + return len; +@@ -259,7 +263,10 @@ static int write_payload_3270(EmulatedCcw3270Device *dev, uint8_t cmd) + + t->outv[out_len++] = cmd; + do { +- ccw_dstream_read_buf(get_cds(t), &t->outv[out_len], len); ++ retval = ccw_dstream_read_buf(get_cds(t), &t->outv[out_len], len); ++ if (retval < 0) { ++ return retval; ++ } + count = ccw_dstream_avail(get_cds(t)); + out_len += len; + +diff --git a/hw/s390x/3270-ccw.c b/hw/s390x/3270-ccw.c +index 821319eee6d1066d7cf3113d3ab3..f3e7342b1e8eadc1938b5ad024c7 100644 +--- a/hw/s390x/3270-ccw.c ++++ b/hw/s390x/3270-ccw.c +@@ -31,6 +31,9 @@ static int handle_payload_3270_read(EmulatedCcw3270Device *dev, CCW1 *ccw) + } + + len = ck->read_payload_3270(dev); ++ if (len < 0) { ++ return len; ++ } + ccw_dev->sch->curr_status.scsw.count = ccw->count - len; + + return 0; +@@ -50,7 +53,7 @@ static int handle_payload_3270_write(EmulatedCcw3270Device *dev, CCW1 *ccw) + len = ck->write_payload_3270(dev, ccw->cmd_code); + + if (len <= 0) { +- return -EIO; ++ return len ? len : -EIO; + } + + ccw_dev->sch->curr_status.scsw.count = ccw->count - len; +diff --git a/hw/s390x/css.c b/hw/s390x/css.c +index 9961cfe7bf67460924ea68cb72bd..1ad6069ceacfc7459c25307c1fd9 100644 +--- a/hw/s390x/css.c ++++ b/hw/s390x/css.c +@@ -1055,10 +1055,11 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr, + } + } + len = MIN(ccw.count, sizeof(sch->sense_data)); +- ccw_dstream_write_buf(&sch->cds, sch->sense_data, len); ++ ret = ccw_dstream_write_buf(&sch->cds, sch->sense_data, len); + sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds); +- memset(sch->sense_data, 0, sizeof(sch->sense_data)); +- ret = 0; ++ if (!ret) { ++ memset(sch->sense_data, 0, sizeof(sch->sense_data)); ++ } + break; + case CCW_CMD_SENSE_ID: + { +@@ -1083,9 +1084,10 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr, + } else { + sense_id[0] = 0; + } +- ccw_dstream_write_buf(&sch->cds, sense_id, len); +- sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds); +- ret = 0; ++ ret = ccw_dstream_write_buf(&sch->cds, sense_id, len); ++ if (!ret) { ++ sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds); ++ } + break; + } + case CCW_CMD_TIC: +diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c +index 82ec2889b0c7ce64bb96b9c67212..43db5b93e1125d5ef806abfebb32 100644 +--- a/hw/s390x/virtio-ccw.c ++++ b/hw/s390x/virtio-ccw.c +@@ -288,14 +288,20 @@ static int virtio_ccw_handle_set_vq(SubchDev *sch, CCW1 ccw, bool check_len, + return -EFAULT; + } + if (is_legacy) { +- ccw_dstream_read(&sch->cds, linfo); ++ ret = ccw_dstream_read(&sch->cds, linfo); ++ if (ret) { ++ return ret; ++ } + linfo.queue = be64_to_cpu(linfo.queue); + linfo.align = be32_to_cpu(linfo.align); + linfo.index = be16_to_cpu(linfo.index); + linfo.num = be16_to_cpu(linfo.num); + ret = virtio_ccw_set_vqs(sch, NULL, &linfo); + } else { +- ccw_dstream_read(&sch->cds, info); ++ ret = ccw_dstream_read(&sch->cds, info); ++ if (ret) { ++ return ret; ++ } + info.desc = be64_to_cpu(info.desc); + info.index = be16_to_cpu(info.index); + info.num = be16_to_cpu(info.num); +@@ -364,7 +370,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) + VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev); + + ccw_dstream_advance(&sch->cds, sizeof(features.features)); +- ccw_dstream_read(&sch->cds, features.index); ++ ret = ccw_dstream_read(&sch->cds, features.index); ++ if (ret) { ++ break; ++ } + if (features.index == 0) { + if (dev->revision >= 1) { + /* Don't offer legacy features for modern devices. */ +@@ -385,9 +394,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) + } + ccw_dstream_rewind(&sch->cds); + features.features = cpu_to_le32(features.features); +- ccw_dstream_write(&sch->cds, features.features); +- sch->curr_status.scsw.count = ccw.count - sizeof(features); +- ret = 0; ++ ret = ccw_dstream_write(&sch->cds, features.features); ++ if (!ret) { ++ sch->curr_status.scsw.count = ccw.count - sizeof(features); ++ } + } + break; + case CCW_CMD_WRITE_FEAT: +@@ -404,7 +414,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) + if (!ccw.cda) { + ret = -EFAULT; + } else { +- ccw_dstream_read(&sch->cds, features); ++ ret = ccw_dstream_read(&sch->cds, features); ++ if (ret) { ++ break; ++ } + features.features = le32_to_cpu(features.features); + if (features.index == 0) { + virtio_set_features(vdev, +@@ -447,9 +460,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) + ret = -EFAULT; + } else { + virtio_bus_get_vdev_config(&dev->bus, vdev->config); +- ccw_dstream_write_buf(&sch->cds, vdev->config, len); +- sch->curr_status.scsw.count = ccw.count - len; +- ret = 0; ++ ret = ccw_dstream_write_buf(&sch->cds, vdev->config, len); ++ if (ret) { ++ sch->curr_status.scsw.count = ccw.count - len; ++ } + } + break; + case CCW_CMD_WRITE_CONF: +@@ -504,7 +518,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) + if (!ccw.cda) { + ret = -EFAULT; + } else { +- ccw_dstream_read(&sch->cds, status); ++ ret = ccw_dstream_read(&sch->cds, status); ++ if (ret) { ++ break; ++ } + if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) { + virtio_ccw_stop_ioeventfd(dev); + } +@@ -547,7 +564,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) + if (!ccw.cda) { + ret = -EFAULT; + } else { +- ccw_dstream_read(&sch->cds, indicators); ++ ret = ccw_dstream_read(&sch->cds, indicators); ++ if (ret) { ++ break; ++ } + indicators = be64_to_cpu(indicators); + dev->indicators = get_indicator(indicators, sizeof(uint64_t)); + sch->curr_status.scsw.count = ccw.count - sizeof(indicators); +@@ -568,7 +588,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) + if (!ccw.cda) { + ret = -EFAULT; + } else { +- ccw_dstream_read(&sch->cds, indicators); ++ ret = ccw_dstream_read(&sch->cds, indicators); ++ if (ret) { ++ break; ++ } + indicators = be64_to_cpu(indicators); + dev->indicators2 = get_indicator(indicators, sizeof(uint64_t)); + sch->curr_status.scsw.count = ccw.count - sizeof(indicators); +@@ -589,7 +612,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) + if (!ccw.cda) { + ret = -EFAULT; + } else { +- ccw_dstream_read(&sch->cds, vq_config.index); ++ ret = ccw_dstream_read(&sch->cds, vq_config.index); ++ if (ret) { ++ break; ++ } + vq_config.index = be16_to_cpu(vq_config.index); + if (vq_config.index >= VIRTIO_QUEUE_MAX) { + ret = -EINVAL; +@@ -598,9 +624,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) + vq_config.num_max = virtio_queue_get_num(vdev, + vq_config.index); + vq_config.num_max = cpu_to_be16(vq_config.num_max); +- ccw_dstream_write(&sch->cds, vq_config.num_max); +- sch->curr_status.scsw.count = ccw.count - sizeof(vq_config); +- ret = 0; ++ ret = ccw_dstream_write(&sch->cds, vq_config.num_max); ++ if (!ret) { ++ sch->curr_status.scsw.count = ccw.count - sizeof(vq_config); ++ } + } + break; + case CCW_CMD_SET_IND_ADAPTER: +@@ -657,7 +684,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) + ret = -EFAULT; + break; + } +- ccw_dstream_read_buf(&sch->cds, &revinfo, 4); ++ ret = ccw_dstream_read_buf(&sch->cds, &revinfo, 4); ++ if (ret < 0) { ++ break; ++ } + revinfo.revision = be16_to_cpu(revinfo.revision); + revinfo.length = be16_to_cpu(revinfo.length); + if (ccw.count < len + revinfo.length || diff --git a/target-xtensa-fix-meson.build-rule-for-x.patch b/target-xtensa-fix-meson.build-rule-for-x.patch new file mode 100644 index 00000000..627c1608 --- /dev/null +++ b/target-xtensa-fix-meson.build-rule-for-x.patch @@ -0,0 +1,54 @@ +From: Max Filippov +Date: Tue, 30 Mar 2021 00:25:24 -0700 +Subject: target/xtensa: fix meson.build rule for xtensa cores + +Git-commit: 84317d57e8c61ff68eeaa1f2de93472fa930a6a4 + +import_core.sh tries to change Makefile.objs when importing new xtensa +core, but that file no longer exists. Rewrite meson.build rule to pick +up all source files that match core-*.c pattern and drop commands that +change Makefile.objs. + +Cc: qemu-stable@nongnu.org # v5.2.0 +Signed-off-by: Max Filippov +Reviewed-by: Richard Henderson +Signed-off-by: Bruce Rogers +--- + target/xtensa/import_core.sh | 3 --- + target/xtensa/meson.build | 13 ++++--------- + 2 files changed, 4 insertions(+), 12 deletions(-) + +diff --git a/target/xtensa/import_core.sh b/target/xtensa/import_core.sh +index c8626a8c02ebb41e2ab9aab3648f..1120a4a2a5e1ca6568d27a8eb06e 100755 +--- a/target/xtensa/import_core.sh ++++ b/target/xtensa/import_core.sh +@@ -65,6 +65,3 @@ static XtensaConfig $NAME __attribute__((unused)) = { + + REGISTER_CORE($NAME) + EOF +- +-grep -q core-${NAME}.o "$BASE"/Makefile.objs || \ +- echo "obj-y += core-${NAME}.o" >> "$BASE"/Makefile.objs +diff --git a/target/xtensa/meson.build b/target/xtensa/meson.build +index dd750a977ef9c046a12e16415b58..7c4efa6c6290d68abb68d9fc9016 100644 +--- a/target/xtensa/meson.build ++++ b/target/xtensa/meson.build +@@ -1,14 +1,9 @@ + xtensa_ss = ss.source_set() ++ ++xtensa_cores = run_command('sh', '-c', 'cd $MESON_SOURCE_ROOT/$MESON_SUBDIR ; ls -1 core-*.c') ++xtensa_ss.add(files(xtensa_cores.stdout().strip().split('\n'))) ++ + xtensa_ss.add(files( +- 'core-dc232b.c', +- 'core-dc233c.c', +- 'core-de212.c', +- 'core-de233_fpu.c', +- 'core-dsp3400.c', +- 'core-fsf.c', +- 'core-sample_controller.c', +- 'core-test_kc705_be.c', +- 'core-test_mmuhifi_c3.c', + 'cpu.c', + 'exc_helper.c', + 'fpu_helper.c', diff --git a/update_git.sh b/update_git.sh index 67955528..04e5a76c 100644 --- a/update_git.sh +++ b/update_git.sh @@ -7,17 +7,11 @@ set -e # git2pkg (update package spec file and patches from git) # pkg2git (update git (frombundle branch) from the package "bundleofbundles") # refresh (refresh spec file from spec file template and "bundlofbundles") +# ci (check-in to obs, avoiding some spec file formatting issues) +# initbundle (Update/Create bundle only) # # (default is git2pkg) -# As an aid to bypassing issues with our multibuild package and obs (see code -# below following the osc localrun of osc service localrun format_spec_file), -# provide an automated way to checkin without needing to type so much -if [ "$1" = "ci" ]; then - osc ci -f -n --noservice - exit -fi - #============================================================================== check_requirements() { @@ -59,6 +53,8 @@ echo "description: package maintenance using a git-based workflow. Commands:" echo " git2pkg (update package spec file and patches from git. Is default)" echo " pkg2git (update git (frombundle branch) from the package "bundleofbundles")" echo " refresh (refresh spec file from spec file template and "bundlofbundles")" +echo " ci (check-in to build service, avoiding some spec file formatting issues)" +echo " initbundle (Update/Create bundle only)" echo "(See script for details on doing 'LATEST' workflow)" check_requirements } @@ -77,7 +73,7 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" != "LATEST" ]; then usage exit ;; - initbundle | git2pkg | pkg2git | refresh ) + initbundle | git2pkg | pkg2git | refresh | ci) ;; * ) echo "Unknown command" @@ -90,6 +86,14 @@ fi check_requirements +# As an aid to bypassing issues with our multibuild package and obs (see code +# below following the osc localrun of osc service localrun format_spec_file), +# provide an automated way to checkin without needing to type so much +if [ "$1" = "ci" ]; then + osc ci -f -n --noservice + exit +fi + # TODO: Here we should validate the variables that should be set in config.sh @@ -1011,12 +1015,11 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then echo "SUCCESS" tail -9 ~/latest.log else # not LATEST -#NOTNEEDED? git -C ${LOCAL_REPO_MAP[0]} checkout $GIT_UPSTREAM_COMMIT_ISH --recurse-submodules -f &> /dev/null NEW_COMMIT_ISH= WRITE_LOG=1 case $1 in initbundle ) - echo "Updating the bundle using the $GIT_BRANCH branch of the local repos." + echo "Updating/creating the bundle using the $GIT_BRANCH branch of the local repos." echo "(If SUCCESS is not printed upon completion, see ~/initbundle.log for issues)" initbundle &> ~/initbundle.log echo "SUCCESS" diff --git a/util-fix-use-after-free-in-module_load_o.patch b/util-fix-use-after-free-in-module_load_o.patch new file mode 100644 index 00000000..db0967dd --- /dev/null +++ b/util-fix-use-after-free-in-module_load_o.patch @@ -0,0 +1,58 @@ +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Tue, 16 Mar 2021 17:44:56 +0400 +Subject: util: fix use-after-free in module_load_one +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: 64e16fbbf49ce81b37841480d14b0caf5753c98e + +g_hash_table_add always retains ownership of the pointer passed in as +the key. Its return status merely indicates whether the added entry was +new, or replaced an existing entry. Thus key must never be freed after +this method returns. + +Spotted by ASAN: + +==2407186==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020003ac4f0 at pc 0x7ffff766659c bp 0x7fffffffd1d0 sp 0x7fffffffc980 +READ of size 1 at 0x6020003ac4f0 thread T0 + #0 0x7ffff766659b (/lib64/libasan.so.6+0x8a59b) + #1 0x7ffff6bfa843 in g_str_equal ../glib/ghash.c:2303 + #2 0x7ffff6bf8167 in g_hash_table_lookup_node ../glib/ghash.c:493 + #3 0x7ffff6bf9b78 in g_hash_table_insert_internal ../glib/ghash.c:1598 + #4 0x7ffff6bf9c32 in g_hash_table_add ../glib/ghash.c:1689 + #5 0x5555596caad4 in module_load_one ../util/module.c:233 + #6 0x5555596ca949 in module_load_one ../util/module.c:225 + #7 0x5555596ca949 in module_load_one ../util/module.c:225 + #8 0x5555596cbdf4 in module_load_qom_all ../util/module.c:349 + +Typical C bug... + +Fixes: 90629122d2e ("module: use g_hash_table_add()") +Cc: qemu-stable@nongnu.org +Signed-off-by: Marc-André Lureau +Reviewed-by: Daniel P. Berrangé +Message-Id: <20210316134456.3243102-1-marcandre.lureau@redhat.com> +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Bruce Rogers +--- + util/module.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/util/module.c b/util/module.c +index cbe89fede628c3674e49194ee688..7661d0f6234d952f375ad09f67d7 100644 +--- a/util/module.c ++++ b/util/module.c +@@ -230,10 +230,11 @@ bool module_load_one(const char *prefix, const char *lib_name, bool mayfail) + } + } + +- if (!g_hash_table_add(loaded_modules, module_name)) { ++ if (g_hash_table_contains(loaded_modules, module_name)) { + g_free(module_name); + return true; + } ++ g_hash_table_add(loaded_modules, module_name); + + search_dir = getenv("QEMU_MODULE_DIR"); + if (search_dir != NULL) { diff --git a/virtio-pci-compat-page-aligned-ATS.patch b/virtio-pci-compat-page-aligned-ATS.patch new file mode 100644 index 00000000..573fef56 --- /dev/null +++ b/virtio-pci-compat-page-aligned-ATS.patch @@ -0,0 +1,134 @@ +From: Jason Wang +Date: Tue, 6 Apr 2021 12:03:30 +0800 +Subject: virtio-pci: compat page aligned ATS + +Git-commit: d83f46d189a26fa32434139954d264326f199a45 + +Commit 4c70875372b8 ("pci: advertise a page aligned ATS") advertises +the page aligned via ATS capability (RO) to unbrek recent Linux IOMMU +drivers since 5.2. But it forgot the compat the capability which +breaks the migration from old machine type: + +(qemu) qemu-kvm: get_pci_config_device: Bad config data: i=0x104 read: +0 device: 20 cmask: ff wmask: 0 w1cmask:0 + +This patch introduces a new parameter "x-ats-page-aligned" for +virtio-pci device and turns it on for machine type which is newer than +5.1. + +Cc: Michael S. Tsirkin +Cc: Peter Xu +Cc: Dr. David Alan Gilbert +Cc: qemu-stable@nongnu.org +Fixes: 4c70875372b8 ("pci: advertise a page aligned ATS") +Signed-off-by: Jason Wang +Message-Id: <20210406040330.11306-1-jasowang@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Bruce Rogers +--- + hw/core/machine.c | 1 + + hw/pci/pcie.c | 10 ++++++---- + hw/virtio/virtio-pci.c | 5 ++++- + hw/virtio/virtio-pci.h | 5 +++++ + include/hw/pci/pcie.h | 2 +- + 5 files changed, 17 insertions(+), 6 deletions(-) + +diff --git a/hw/core/machine.c b/hw/core/machine.c +index 72ceba57def38ca9dd5c683a71c4..7e99d0a05bdf1a7c898bc8923a77 100644 +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -37,6 +37,7 @@ GlobalProperty hw_compat_5_1[] = { + { "nvme", "use-intel-id", "on"}, + { "pvpanic", "events", "1"}, /* PVPANIC_PANICKED */ + { "pl011", "migrate-clk", "off" }, ++ { "virtio-pci", "x-ats-page-aligned", "off"}, + }; + const size_t hw_compat_5_1_len = G_N_ELEMENTS(hw_compat_5_1); + +diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c +index d4010cf8f36178758315627d56bb..8bbabd6e2bb7b03c0f786e977fbf 100644 +--- a/hw/pci/pcie.c ++++ b/hw/pci/pcie.c +@@ -964,16 +964,18 @@ void pcie_dev_ser_num_init(PCIDevice *dev, uint16_t offset, uint64_t ser_num) + pci_set_quad(dev->config + offset + pci_dsn_cap, ser_num); + } + +-void pcie_ats_init(PCIDevice *dev, uint16_t offset) ++void pcie_ats_init(PCIDevice *dev, uint16_t offset, bool aligned) + { + pcie_add_capability(dev, PCI_EXT_CAP_ID_ATS, 0x1, + offset, PCI_EXT_CAP_ATS_SIZEOF); + + dev->exp.ats_cap = offset; + +- /* Invalidate Queue Depth 0, Page Aligned Request 1 */ +- pci_set_word(dev->config + offset + PCI_ATS_CAP, +- PCI_ATS_CAP_PAGE_ALIGNED); ++ /* Invalidate Queue Depth 0 */ ++ if (aligned) { ++ pci_set_word(dev->config + offset + PCI_ATS_CAP, ++ PCI_ATS_CAP_PAGE_ALIGNED); ++ } + /* STU 0, Disabled by default */ + pci_set_word(dev->config + offset + PCI_ATS_CTRL, 0); + +diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c +index f863f69ede4f4bf1c09fc39a5035..b7ab325ae99176ae18ee64a0bfa5 100644 +--- a/hw/virtio/virtio-pci.c ++++ b/hw/virtio/virtio-pci.c +@@ -1840,7 +1840,8 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp) + } + + if (proxy->flags & VIRTIO_PCI_FLAG_ATS) { +- pcie_ats_init(pci_dev, last_pcie_cap_offset); ++ pcie_ats_init(pci_dev, last_pcie_cap_offset, ++ proxy->flags & VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED); + last_pcie_cap_offset += PCI_EXT_CAP_ATS_SIZEOF; + } + +@@ -1917,6 +1918,8 @@ static Property virtio_pci_properties[] = { + ignore_backend_features, false), + DEFINE_PROP_BIT("ats", VirtIOPCIProxy, flags, + VIRTIO_PCI_FLAG_ATS_BIT, false), ++ DEFINE_PROP_BIT("x-ats-page-aligned", VirtIOPCIProxy, flags, ++ VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED_BIT, true), + DEFINE_PROP_BIT("x-pcie-deverr-init", VirtIOPCIProxy, flags, + VIRTIO_PCI_FLAG_INIT_DEVERR_BIT, true), + DEFINE_PROP_BIT("x-pcie-lnkctl-init", VirtIOPCIProxy, flags, +diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h +index d7d5d403a9483f5f7e0f0f9b4110..2446dcd9aef197964b59f83b6183 100644 +--- a/hw/virtio/virtio-pci.h ++++ b/hw/virtio/virtio-pci.h +@@ -42,6 +42,7 @@ enum { + VIRTIO_PCI_FLAG_INIT_PM_BIT, + VIRTIO_PCI_FLAG_INIT_FLR_BIT, + VIRTIO_PCI_FLAG_AER_BIT, ++ VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED_BIT, + }; + + /* Need to activate work-arounds for buggy guests at vmstate load. */ +@@ -84,6 +85,10 @@ enum { + /* Advanced Error Reporting capability */ + #define VIRTIO_PCI_FLAG_AER (1 << VIRTIO_PCI_FLAG_AER_BIT) + ++/* Page Aligned Address space Translation Service */ ++#define VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED \ ++ (1 << VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED_BIT) ++ + typedef struct { + MSIMessage msg; + int virq; +diff --git a/include/hw/pci/pcie.h b/include/hw/pci/pcie.h +index 14c58ebdb6ec1fd5dc3c8563fed9..6063bee0ec632c563f236f520aef 100644 +--- a/include/hw/pci/pcie.h ++++ b/include/hw/pci/pcie.h +@@ -137,7 +137,7 @@ void pcie_acs_reset(PCIDevice *dev); + + void pcie_ari_init(PCIDevice *dev, uint16_t offset, uint16_t nextfn); + void pcie_dev_ser_num_init(PCIDevice *dev, uint16_t offset, uint64_t ser_num); +-void pcie_ats_init(PCIDevice *dev, uint16_t offset); ++void pcie_ats_init(PCIDevice *dev, uint16_t offset, bool aligned); + + void pcie_cap_slot_pre_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev, + Error **errp);