pool/qemu
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 914430 from home:jziviani:branches:Virtualization

Browse Source 
- Update to v6.1: see https://wiki.qemu.org/ChangeLog/6.1
  For a full list of formely deprecated features that are removed,
  consult: https://qemu-project.gitlab.io/qemu/about/removed-features.html
  For a list of new deprecated features, consult:
  https://qemu-project.gitlab.io/qemu/about/deprecated.html
  Some noteworthy changes:
* Removed moxie CPU.
* Removed lm32 CPU.
* Removed unicore32 CPU.
* Removed 'info cpustats'.
* Added Aspeed machines: rainier-bmc, quanta-q7l1-bmc.
* Added npcm7xx machine: quanta-gbs-bmc.
* Model for Aspeed's Hash and Crypto Engine.
* SVE2 is now emulated, including bfloat16 support
* FEAT_I8MM, FEAT_TLBIOS, FEAT_TLBRANGE, FEAT_BF16, FEAT_AA32BF16, and
  FEAT_MTE3 are now emulated.
* Improved hot-unplug failures on PowerPC pseries machine.
* Implemented some POWER10 instructions in TCG.
* Added shakti_c RISC-V machine.
* Improved documentation for RISC-V machines.
* CPU models for gen16 have been added for s390x.
* New CPU model versions added with XSAVES enabled:
  Skylake-Client-v4, Skylake-Server-v5, Cascadelake-Server-v5,
  Cooperlake-v2, Icelake-Client-v3, Icelake-Server-v5, Denverton-v3,
  Snowridge-v3, Dhyana-v2
* Added ACPI based PCI hotplug support to Q35 machine. Enabled and
  used by default since pc-q35-6.1 machine type.
* Added support for the pca9546 and pca9548 I2C muxes.
* Added support for PMBus and several PMBus devices.
* Crypto subsystem:
  The preferred crypto backend driver now gnutls, with libgcrypt as the
  second choice, and nettle as third choice, with ordering driven mostly
  by performance of the ciphers.
* Misc doc improvements.
* Patches removed:
  block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
  hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch
  hw-block-nvme-align-with-existing-style.patch
  hw-block-nvme-consider-metadata-read-aio.patch
  hw-net-can-sja1000-fix-buff2frame_bas-an.patch
  hw-nvme-fix-missing-check-for-PMR-capabi.patch
  hw-nvme-fix-pin-based-interrupt-behavior.patch
  hw-pci-host-q35-Ignore-write-of-reserved.patch
  hw-rdma-Fix-possible-mremap-overflow-in-.patch
  hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
  hw-usb-Do-not-build-USB-subsystem-if-not.patch
  hw-usb-host-stub-Remove-unused-header.patch
  linux-user-aarch64-Enable-hwcap-for-RND-.patch
  module-for-virtio-gpu-pre-load-module-to.patch
  monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
  pvrdma-Ensure-correct-input-on-ring-init.patch
  pvrdma-Fix-the-ring-init-error-flow-CVE-.patch
  qemu-config-load-modules-when-instantiat.patch
  qemu-config-parse-configuration-files-to.patch
  qemu-config-use-qemu_opts_from_qdict.patch
  runstate-Initialize-Error-to-NULL.patch
  sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
  target-i386-Exit-tb-after-wrmsr.patch
  target-sh4-Return-error-if-CPUClass-get_.patch
  tcg-Allocate-sufficient-storage-in-temp_.patch
  tcg-arm-Fix-tcg_out_op-function-signatur.patch
  tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch
  ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
  usb-hid-avoid-dynamic-stack-allocation.patch
  usb-limit-combined-packets-to-1-MiB-CVE-.patch
  usb-mtp-avoid-dynamic-stack-allocation.patch
  usb-redir-avoid-dynamic-stack-allocation.patch
  usbredir-fix-free-call.patch
  vfio-ccw-Permit-missing-IRQs.patch
  vhost-user-blk-Check-that-num-queues-is-.patch
  vhost-user-blk-Don-t-reconnect-during-in.patch
  vhost-user-blk-Fail-gracefully-on-too-la.patch
  vhost-user-blk-Get-more-feature-flags-fr.patch
  vhost-user-blk-Make-sure-to-set-Error-on.patch
  vhost-user-gpu-abstract-vg_cleanup_mappi.patch
  vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch
  vhost-user-gpu-fix-leak-in-virgl_resourc.patch
  vhost-user-gpu-fix-memory-disclosure-in-.patch
  vhost-user-gpu-fix-memory-leak-in-vg_res.patch
  vhost-user-gpu-fix-memory-leak-while-cal.patch
  vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch
  vhost-user-gpu-fix-resource-leak-in-vg_r.patch
  vhost-vdpa-don-t-initialize-backend_feat.patch
  virtio-blk-Fix-rollback-path-in-virtio_b.patch
  virtio-Fail-if-iommu_platform-is-request.patch
  virtiofsd-Fix-side-effect-in-assert.patch
  vl-allow-not-specifying-size-in-m-when-u.patch
  vl-Fix-an-assert-failure-in-error-path.patch
  vl-plug-object-back-into-readconfig.patch
  vl-plumb-keyval-based-options-into-readc.patch
  x86-acpi-use-offset-instead-of-pointer-w.patch

OBS-URL: https://build.opensuse.org/request/show/914430
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=665
This commit is contained in:
José Ricardo Ziviani 2021-08-26 17:37:40 +00:00 committed by Git OBS Bridge
parent c57c3c69e6
commit 7f46c79c5d
99 changed files with 575 additions and 4265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Make-char-muxer-more-robust-wrt-small-FI.patch
View File

@ -29,7 +29,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
5 files changed, 22 insertions(+)
diff --git a/chardev/char-fe.c b/chardev/char-fe.c
index 474715c5a9257ae9e9e286d2e02d..eeb1b3e0b548027e2bcda0c272d5 100644
index 7789f7be9c873928be895d618e98..c7556602c77787357c802553ab91 100644
--- a/chardev/char-fe.c
+++ b/chardev/char-fe.c
@@ -21,6 +21,7 @@
@ -41,7 +41,7 @@ index 474715c5a9257ae9e9e286d2e02d..eeb1b3e0b548027e2bcda0c272d5 100644
#include "qemu/error-report.h"
#include "qapi/error.h"
diff --git a/chardev/char-mux.c b/chardev/char-mux.c
index 72beef29d21c3bed1ffe6e48c7e7..6e5a3fb272c6b02e900b9775bad6 100644
index 5baf4190108366803a1a0fa26fb7..2aa164c2ecac8f8a843cec9fa1e1 100644
--- a/chardev/char-mux.c
+++ b/chardev/char-mux.c
@@ -22,6 +22,7 @@
@ -52,7 +52,7 @@ index 72beef29d21c3bed1ffe6e48c7e7..6e5a3fb272c6b02e900b9775bad6 100644
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "qemu/module.h"
@@ -198,6 +199,17 @@ static void mux_chr_accept_input(Chardev *chr)
@@ -197,6 +198,17 @@ static void mux_chr_accept_input(Chardev *chr)
be->chr_read(be->opaque,
&d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1);
}
@ -70,7 +70,7 @@ index 72beef29d21c3bed1ffe6e48c7e7..6e5a3fb272c6b02e900b9775bad6 100644
}
static int mux_chr_can_read(void *opaque)
@@ -332,6 +344,10 @@ static void qemu_chr_open_mux(Chardev *chr,
@@ -331,6 +343,10 @@ static void qemu_chr_open_mux(Chardev *chr,
}
d->focus = -1;
@ -82,7 +82,7 @@ index 72beef29d21c3bed1ffe6e48c7e7..6e5a3fb272c6b02e900b9775bad6 100644
* set of muxes
*/
diff --git a/chardev/char.c b/chardev/char.c
index 398f09df19cd8567fa1ea96ee4d4..5778bd7666f8ff053269bf5b6b81 100644
index 4595a8d430bf99537367b8d26379..d9d918f905a584f8cf97fb6ee1de 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -22,6 +22,7 @@

4
Makefile-Don-t-check-pc-bios-as-pre-requ.patch
View File

@ -11,10 +11,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index bcbbec71a1cb61342dada30c54d3..884d7b03faeb6d17f677a298ebef 100644
index 401c623a65f84e07ffdf5dc263bf..d8d75dd42e5e066b9f03dc235130 100644
--- a/Makefile
+++ b/Makefile
@@ -85,7 +85,7 @@ x := $(shell rm -rf meson-private meson-info meson-logs)
@@ -87,7 +87,7 @@ x := $(shell rm -rf meson-private meson-info meson-logs)
endif
# 1. ensure config-host.mak is up-to-date

4
PPC-KVM-Disable-mmu-notifier-check.patch
View File

@ -14,10 +14,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 2 insertions(+)
diff --git a/softmmu/physmem.c b/softmmu/physmem.c
index 85034d9c11e3f65cce6041ea8acc..98d51d87249ea17ef30b7eaa2157 100644
index 2e18947598eec3dfb6abe91be933..655fb3afb6e23c42868d241d6760 100644
--- a/softmmu/physmem.c
+++ b/softmmu/physmem.c
@@ -2029,11 +2029,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
@@ -2059,11 +2059,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
return NULL;
}

4
Raise-soft-address-space-limit-to-hard-l.patch
View File

@ -16,7 +16,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 12 insertions(+)
diff --git a/softmmu/vl.c b/softmmu/vl.c
index aadb52613888ef6ac1fe7ec3a038..07ade8e5ccd2934a69b82bcaabae 100644
index 5ca11e74694e6b4b6ae83cb320d0..4ccc503f58b7d7aff2b6cf4c8e55 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -40,6 +40,7 @@
@ -27,7 +27,7 @@ index aadb52613888ef6ac1fe7ec3a038..07ade8e5ccd2934a69b82bcaabae 100644
#include "sysemu/seccomp.h"
#include "sysemu/tcg.h"
#include "sysemu/xen.h"
@@ -2625,6 +2626,17 @@ void qemu_init(int argc, char **argv, char **envp)
@@ -2729,6 +2730,17 @@ void qemu_init(int argc, char **argv, char **envp)
MachineClass *machine_class;
bool userconfig = true;
FILE *vmstate_dump_file = NULL;

2
Revert-roms-efirom-tests-uefi-test-tools.patch
View File

@ -14,7 +14,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
2 files changed, 2 deletions(-)
diff --git a/roms/Makefile b/roms/Makefile
index bbbe2eff895868b8a5781f6ca397..a91ffad548af3e95410ce6712fb3 100644
index 38b71afb0757bd717154afd6a92d..6ea8edd9fcf6bb0cdc1f1602f241 100644
--- a/roms/Makefile
+++ b/roms/Makefile
@@ -151,7 +151,6 @@ build-efi-roms: build-pxe-roms

6
XXX-dont-dump-core-on-sigabort.patch
View File

@ -8,10 +8,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 6 insertions(+)
diff --git a/linux-user/signal.c b/linux-user/signal.c
index 7eecec46c4070c119cfee9be2316..fdd9a86cc1ce0b8238562d1612a3 100644
index a8faea6f090964b46199239ed1d3..4db55900a44ade173c02aedc3618 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -631,6 +631,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
@@ -677,6 +677,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
trace_user_force_sig(env, target_sig, host_sig);
gdb_signalled(env, target_sig);
@ -22,7 +22,7 @@ index 7eecec46c4070c119cfee9be2316..fdd9a86cc1ce0b8238562d1612a3 100644
/* dump core if supported by target binary format */
if (core_dump_signal(target_sig) && (ts->bprm->core_dump != NULL)) {
stop_all_tasks();
@@ -648,6 +652,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
@@ -694,6 +698,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
target_sig, strsignal(host_sig), "core dumped" );
}

4
acpi_piix4-Fix-migration-from-SLE11-SP2.patch
View File

@ -16,10 +16,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 8f8b0e95e5201b1404b2a9bc7abd..4083edb21d17346ca9733de4915c 100644
index 48f7a1edbcbc06461ecb23699a87..d32441fadf7bfc6fbb930addd697 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -277,7 +277,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id)
@@ -278,7 +278,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id)
static const VMStateDescription vmstate_acpi = {
.name = "piix4_pm",
.version_id = 3,

92
block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
View File

@ -1,92 +0,0 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Fri, 23 Jul 2021 21:58:43 +0200
Subject: block/nvme: Fix VFIO_MAP_DMA failed: No space left on device
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 15a730e7a3aaac180df72cd5730e0617bcf44a5a
When the NVMe block driver was introduced (see commit bdd6a90a9e5,
January 2018), Linux VFIO_IOMMU_MAP_DMA ioctl was only returning
-ENOMEM in case of error. The driver was correctly handling the
error path to recycle its volatile IOVA mappings.
To fix CVE-2019-3882, Linux commit 492855939bdb ("vfio/type1: Limit
DMA mappings per container", April 2019) added the -ENOSPC error to
signal the user exhausted the DMA mappings available for a container.
The block driver started to mis-behave:
qemu-system-x86_64: VFIO_MAP_DMA failed: No space left on device
(qemu)
(qemu) info status
VM status: paused (io-error)
(qemu) c
VFIO_MAP_DMA failed: No space left on device
(qemu) c
VFIO_MAP_DMA failed: No space left on device
(The VM is not resumable from here, hence stuck.)
Fix by handling the new -ENOSPC error (when DMA mappings are
exhausted) without any distinction to the current -ENOMEM error,
so we don't change the behavior on old kernels where the CVE-2019-3882
fix is not present.
An easy way to reproduce this bug is to restrict the DMA mapping
limit (65535 by default) when loading the VFIO IOMMU module:
# modprobe vfio_iommu_type1 dma_entry_limit=666
Cc: qemu-stable@nongnu.org
Cc: Fam Zheng <fam@euphon.net>
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Reported-by: Michal Prívozník <mprivozn@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210723195843.1032825-1-philmd@redhat.com
Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver")
Buglink: https://bugs.launchpad.net/qemu/+bug/1863333
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/65
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
block/nvme.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/block/nvme.c b/block/nvme.c
index 2b5421e7aa6e0a3bfaf403203c9b..e8dbbc23177d8e89d67349fc15a8 100644
--- a/block/nvme.c
+++ b/block/nvme.c
@@ -1030,7 +1030,29 @@ try_map:
r = qemu_vfio_dma_map(s->vfio,
qiov->iov[i].iov_base,
len, true, &iova);
+ if (r == -ENOSPC) {
+ /*
+ * In addition to the -ENOMEM error, the VFIO_IOMMU_MAP_DMA
+ * ioctl returns -ENOSPC to signal the user exhausted the DMA
+ * mappings available for a container since Linux kernel commit
+ * 492855939bdb ("vfio/type1: Limit DMA mappings per container",
+ * April 2019, see CVE-2019-3882).
+ *
+ * This block driver already handles this error path by checking
+ * for the -ENOMEM error, so we directly replace -ENOSPC by
+ * -ENOMEM. Beside, -ENOSPC has a specific meaning for blockdev
+ * coroutines: it triggers BLOCKDEV_ON_ERROR_ENOSPC and
+ * BLOCK_ERROR_ACTION_STOP which stops the VM, asking the operator
+ * to add more storage to the blockdev. Not something we can do
+ * easily with an IOMMU :)
+ */
+ r = -ENOMEM;
+ }
if (r == -ENOMEM && retry) {
+ /*
+ * We exhausted the DMA mappings available for our container:
+ * recycle the volatile IOVA mappings.
+ */
retry = false;
trace_nvme_dma_flush_queue_wait(s);
if (s->dma_map_count) {

4
bundles.tar.xz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8799c60d25f8b55f108c1a876a7739d1deedb8fa6a4d01009d325a9a3d09e29f
size 80624
oid sha256:dec6079cff29a3ea44da20e33d71df94105052e298a696c986edeefd7b77b869
size 33352

2
config.sh
View File

@ -18,7 +18,7 @@ UPSTREAM_GIT_REPO=https://gitlab.com/qemu-project/qemu.git
# The following specifies the upstream tag or commit upon which our patchqueue
# gets rebased. The special value LATEST may be used to "automatically" track
# the upstream development tree in the master branch
GIT_UPSTREAM_COMMIT_ISH=v6.0.0
GIT_UPSTREAM_COMMIT_ISH=v6.1.0
# WARNING: If transitioning from using LATEST to not, MANUALLY re-set the
# tarball present. If transitioning TO LATEST, make sure that
# NEXT_RELEASE_IS_MAJOR is set correctly

10
configure-only-populate-roms-if-softmmu.patch
View File

@ -12,15 +12,15 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index 4f374b48890e7f1a868672f2fe49..9de240a6b3e7fb7d72b57353546a 100755
index 9a79a004d7cf1952cf3f4178e099..2a3073da6bd818cc2391c1d8f515 100755
--- a/configure
+++ b/configure
@@ -5417,7 +5417,7 @@ if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } && \
fi
@@ -4413,7 +4413,7 @@ fi
# Only build s390-ccw bios if we're on s390x and the compiler has -march=z900
# or -march=z10 (which is the lowest architecture level that Clang supports)
-if test "$cpu" = "s390x" ; then
+if test "$cpu" = "s390x" && test "$softmmu" = yes ; then
write_c_skeleton
if compile_prog "-march=z900" ""; then
roms="$roms s390-ccw"
compile_prog "-march=z900" ""
has_z900=$?

4
configure-remove-pkgversion-from-CONFIG_.patch
View File

@ -18,10 +18,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index 9de240a6b3e7fb7d72b57353546a..ceec2d3830ed44083a6c22295e70 100755
index 2a3073da6bd818cc2391c1d8f515..26368a637f85c0667fa627f7cbd6 100755
--- a/configure
+++ b/configure
@@ -5581,7 +5581,7 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak
@@ -4587,7 +4587,7 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak
if test "$modules" = "yes"; then
# $shacmd can generate a hash started with digit, which the compiler doesn't
# like as an symbol. So prefix it with an underscore

4
doc-add-our-support-doc-to-the-main-proj.patch
View File

@ -10,7 +10,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+)
diff --git a/docs/index.rst b/docs/index.rst
index 763e3d0426e8b15245b6ff0d0611..b659236f162532ea64931ec3e674 100644
index 5f7eaaa632c4e1e4569bd9996801..17e560e0cb8d46f71ba4f13803c0 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -10,6 +10,7 @@ Welcome to QEMU's documentation!
@ -18,6 +18,6 @@ index 763e3d0426e8b15245b6ff0d0611..b659236f162532ea64931ec3e674 100644
:caption: Contents:
+ supported.rst
about/index
system/index
user/index
tools/index

37
hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch
View File

@ -1,37 +0,0 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Tue, 11 May 2021 18:31:51 +0200
Subject: hmp: Fix loadvm to resume the VM on success instead of failure
Git-commit: c53cd04e70641fdf9410aac40c617d074047b3e1
Commit f61fe11aa6f broke hmp_loadvm() by adding an incorrect negation
when converting from 0/-errno return values to a bool value. The result
is that loadvm resumes the VM now if it failed and keeps it stopped if
it failed. Fix it to restore the old behaviour and do it the other way
around.
Fixes: f61fe11aa6f7f8f0ffe4ddaa56a8108f3ab57854
Cc: qemu-stable@nongnu.org
Reported-by: Yanhui Ma <yama@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210511163151.45167-1-kwolf@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
monitor/hmp-cmds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index 0ad5b774778d4634e8b506881d3f..cc15d9b6ee32264406c890b83866 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -1133,7 +1133,7 @@ void hmp_loadvm(Monitor *mon, const QDict *qdict)
vm_stop(RUN_STATE_RESTORE_VM);
- if (!load_snapshot(name, NULL, false, NULL, &err) && saved_vm_running) {
+ if (load_snapshot(name, NULL, false, NULL, &err) && saved_vm_running) {
vm_start();
}
hmp_handle_error(mon, err);

255
hw-block-nvme-align-with-existing-style.patch
View File

@ -1,255 +0,0 @@
From: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Date: Fri, 16 Apr 2021 09:22:28 +0530
Subject: hw/block/nvme: align with existing style
Git-commit: 312c3531bba416e589f106db8c8241fc6e7e6332
While QEMU coding style prefers lowercase hexadecimals in constants, the
NVMe subsystem uses the format from the NVMe specifications in comments,
i.e. 'h' suffix instead of '0x' prefix.
Fix this up across the code base.
Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
[k.jensen: updated message; added conversion in a couple of missing comments]
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/nvme-ns.c | 2 +-
hw/block/nvme.c | 67 +++++++++++++++++++++++++-------------------
include/block/nvme.h | 10 +++----
3 files changed, 44 insertions(+), 35 deletions(-)
diff --git a/hw/block/nvme-ns.c b/hw/block/nvme-ns.c
index 7bb618f18209d93bc0ddac6474e4..a0895614d9c36590c6969a6c3a58 100644
--- a/hw/block/nvme-ns.c
+++ b/hw/block/nvme-ns.c
@@ -303,7 +303,7 @@ static void nvme_ns_init_zoned(NvmeNamespace *ns)
id_ns_z = g_malloc0(sizeof(NvmeIdNsZoned));
- /* MAR/MOR are zeroes-based, 0xffffffff means no limit */
+ /* MAR/MOR are zeroes-based, FFFFFFFFFh means no limit */
id_ns_z->mar = cpu_to_le32(ns->params.max_active_zones - 1);
id_ns_z->mor = cpu_to_le32(ns->params.max_open_zones - 1);
id_ns_z->zoc = 0;
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index ba90053b63ed4884deb98d62b6d6..58185c8a17bfa3b84643733bc558 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -12,10 +12,19 @@
* Reference Specs: http://www.nvmexpress.org, 1.4, 1.3, 1.2, 1.1, 1.0e
*
* https://nvmexpress.org/developers/nvme-specification/
- */
-
-/**
- * Usage: add options:
+ *
+ *
+ * Notes on coding style
+ * ---------------------
+ * While QEMU coding style prefers lowercase hexadecimals in constants, the
+ * NVMe subsystem use thes format from the NVMe specifications in the comments
+ * (i.e. 'h' suffix instead of '0x' prefix).
+ *
+ * Usage
+ * -----
+ * See docs/system/nvme.rst for extensive documentation.
+ *
+ * Add options:
* -drive file=<file>,if=none,id=<drive_id>
* -device nvme-subsys,id=<subsys_id>,nqn=<nqn_id>
* -device nvme,serial=<serial>,id=<bus_name>, \
@@ -3618,18 +3627,18 @@ static uint16_t nvme_io_cmd(NvmeCtrl *n, NvmeRequest *req)
/*
* In the base NVM command set, Flush may apply to all namespaces
- * (indicated by NSID being set to 0xFFFFFFFF). But if that feature is used
+ * (indicated by NSID being set to FFFFFFFFh). But if that feature is used
* along with TP 4056 (Namespace Types), it may be pretty screwed up.
*
- * If NSID is indeed set to 0xFFFFFFFF, we simply cannot associate the
+ * If NSID is indeed set to FFFFFFFFh, we simply cannot associate the
* opcode with a specific command since we cannot determine a unique I/O
- * command set. Opcode 0x0 could have any other meaning than something
+ * command set. Opcode 0h could have any other meaning than something
* equivalent to flushing and say it DOES have completely different
- * semantics in some other command set - does an NSID of 0xFFFFFFFF then
+ * semantics in some other command set - does an NSID of FFFFFFFFh then
* mean "for all namespaces, apply whatever command set specific command
- * that uses the 0x0 opcode?" Or does it mean "for all namespaces, apply
- * whatever command that uses the 0x0 opcode if, and only if, it allows
- * NSID to be 0xFFFFFFFF"?
+ * that uses the 0h opcode?" Or does it mean "for all namespaces, apply
+ * whatever command that uses the 0h opcode if, and only if, it allows NSID
+ * to be FFFFFFFFh"?
*
* Anyway (and luckily), for now, we do not care about this since the
* device only supports namespace types that includes the NVM Flush command
@@ -3945,7 +3954,7 @@ static uint16_t nvme_changed_nslist(NvmeCtrl *n, uint8_t rae, uint32_t buf_len,
NVME_CHANGED_NSID_SIZE) {
/*
* If more than 1024 namespaces, the first entry in the log page should
- * be set to 0xffffffff and the others to 0 as spec.
+ * be set to FFFFFFFFh and the others to 0 as spec.
*/
if (i == ARRAY_SIZE(nslist)) {
memset(nslist, 0x0, sizeof(nslist));
@@ -4343,7 +4352,7 @@ static uint16_t nvme_identify_nslist(NvmeCtrl *n, NvmeRequest *req,
trace_pci_nvme_identify_nslist(min_nsid);
/*
- * Both 0xffffffff (NVME_NSID_BROADCAST) and 0xfffffffe are invalid values
+ * Both FFFFFFFFh (NVME_NSID_BROADCAST) and FFFFFFFFEh are invalid values
* since the Active Namespace ID List should return namespaces with ids
* *higher* than the NSID specified in the command. This is also specified
* in the spec (NVM Express v1.3d, Section 5.15.4).
@@ -4390,7 +4399,7 @@ static uint16_t nvme_identify_nslist_csi(NvmeCtrl *n, NvmeRequest *req,
trace_pci_nvme_identify_nslist_csi(min_nsid, c->csi);
/*
- * Same as in nvme_identify_nslist(), 0xffffffff/0xfffffffe are invalid.
+ * Same as in nvme_identify_nslist(), FFFFFFFFh/FFFFFFFFEh are invalid.
*/
if (min_nsid >= NVME_NSID_BROADCAST - 1) {
return NVME_INVALID_NSID | NVME_DNR;
@@ -4457,7 +4466,7 @@ static uint16_t nvme_identify_ns_descr_list(NvmeCtrl *n, NvmeRequest *req)
/*
* Because the NGUID and EUI64 fields are 0 in the Identify Namespace data
- * structure, a Namespace UUID (nidt = 0x3) must be reported in the
+ * structure, a Namespace UUID (nidt = 3h) must be reported in the
* Namespace Identification Descriptor. Add the namespace UUID here.
*/
ns_descrs->uuid.hdr.nidt = NVME_NIDT_UUID;
@@ -4606,7 +4615,7 @@ static uint16_t nvme_get_feature(NvmeCtrl *n, NvmeRequest *req)
/*
* The Reservation Notification Mask and Reservation Persistence
* features require a status code of Invalid Field in Command when
- * NSID is 0xFFFFFFFF. Since the device does not support those
+ * NSID is FFFFFFFFh. Since the device does not support those
* features we can always return Invalid Namespace or Format as we
* should do for all other features.
*/
@@ -4858,15 +4867,15 @@ static uint16_t nvme_set_feature(NvmeCtrl *n, NvmeRequest *req)
}
/*
- * NVMe v1.3, Section 5.21.1.7: 0xffff is not an allowed value for NCQR
+ * NVMe v1.3, Section 5.21.1.7: FFFFh is not an allowed value for NCQR
* and NSQR.
*/
if ((dw11 & 0xffff) == 0xffff || ((dw11 >> 16) & 0xffff) == 0xffff) {
return NVME_INVALID_FIELD | NVME_DNR;
}
- trace_pci_nvme_setfeat_numq((dw11 & 0xFFFF) + 1,
- ((dw11 >> 16) & 0xFFFF) + 1,
+ trace_pci_nvme_setfeat_numq((dw11 & 0xffff) + 1,
+ ((dw11 >> 16) & 0xffff) + 1,
n->params.max_ioqpairs,
n->params.max_ioqpairs);
req->cqe.result = cpu_to_le32((n->params.max_ioqpairs - 1) |
@@ -5504,7 +5513,7 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data,
n->bar.cc = data;
}
break;
- case 0x1C: /* CSTS */
+ case 0x1c: /* CSTS */
if (data & (1 << 4)) {
NVME_GUEST_ERR(pci_nvme_ub_mmiowr_ssreset_w1c_unsupported,
"attempted to W1C CSTS.NSSRO"
@@ -5516,7 +5525,7 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data,
}
break;
case 0x20: /* NSSR */
- if (data == 0x4E564D65) {
+ if (data == 0x4e564d65) {
trace_pci_nvme_ub_mmiowr_ssreset_unsupported();
} else {
/* The spec says that writes of other values have no effect */
@@ -5586,11 +5595,11 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data,
n->bar.cmbmsc = (n->bar.cmbmsc & 0xffffffff) | (data << 32);
return;
- case 0xE00: /* PMRCAP */
+ case 0xe00: /* PMRCAP */
NVME_GUEST_ERR(pci_nvme_ub_mmiowr_pmrcap_readonly,
"invalid write to PMRCAP register, ignored");
return;
- case 0xE04: /* PMRCTL */
+ case 0xe04: /* PMRCTL */
n->bar.pmrctl = data;
if (NVME_PMRCTL_EN(data)) {
memory_region_set_enabled(&n->pmr.dev->mr, true);
@@ -5601,19 +5610,19 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data,
n->pmr.cmse = false;
}
return;
- case 0xE08: /* PMRSTS */
+ case 0xe08: /* PMRSTS */
NVME_GUEST_ERR(pci_nvme_ub_mmiowr_pmrsts_readonly,
"invalid write to PMRSTS register, ignored");
return;
- case 0xE0C: /* PMREBS */
+ case 0xe0C: /* PMREBS */
NVME_GUEST_ERR(pci_nvme_ub_mmiowr_pmrebs_readonly,
"invalid write to PMREBS register, ignored");
return;
- case 0xE10: /* PMRSWTP */
+ case 0xe10: /* PMRSWTP */
NVME_GUEST_ERR(pci_nvme_ub_mmiowr_pmrswtp_readonly,
"invalid write to PMRSWTP register, ignored");
return;
- case 0xE14: /* PMRMSCL */
+ case 0xe14: /* PMRMSCL */
if (!NVME_CAP_PMRS(n->bar.cap)) {
return;
}
@@ -5633,7 +5642,7 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data,
}
return;
- case 0xE18: /* PMRMSCU */
+ case 0xe18: /* PMRMSCU */
if (!NVME_CAP_PMRS(n->bar.cap)) {
return;
}
@@ -5675,7 +5684,7 @@ static uint64_t nvme_mmio_read(void *opaque, hwaddr addr, unsigned size)
* from PMRSTS should ensure prior writes
* made it to persistent media
*/
- if (addr == 0xE08 &&
+ if (addr == 0xe08 &&
(NVME_PMRCAP_PMRWBM(n->bar.pmrcap) & 0x02)) {
memory_region_msync(&n->pmr.dev->mr, 0, n->pmr.dev->size);
}
diff --git a/include/block/nvme.h b/include/block/nvme.h
index 4ac926fbc687fbbd40215b5c91ad..0739e0d6651d4c98e39e24ea2028 100644
--- a/include/block/nvme.h
+++ b/include/block/nvme.h
@@ -848,8 +848,8 @@ enum NvmeStatusCodes {
NVME_FW_REQ_SUSYSTEM_RESET = 0x0110,
NVME_NS_ALREADY_ATTACHED = 0x0118,
NVME_NS_PRIVATE = 0x0119,
- NVME_NS_NOT_ATTACHED = 0x011A,
- NVME_NS_CTRL_LIST_INVALID = 0x011C,
+ NVME_NS_NOT_ATTACHED = 0x011a,
+ NVME_NS_CTRL_LIST_INVALID = 0x011c,
NVME_CONFLICTING_ATTRS = 0x0180,
NVME_INVALID_PROT_INFO = 0x0181,
NVME_WRITE_TO_RO = 0x0182,
@@ -1409,9 +1409,9 @@ typedef enum NvmeZoneState {
NVME_ZONE_STATE_IMPLICITLY_OPEN = 0x02,
NVME_ZONE_STATE_EXPLICITLY_OPEN = 0x03,
NVME_ZONE_STATE_CLOSED = 0x04,
- NVME_ZONE_STATE_READ_ONLY = 0x0D,
- NVME_ZONE_STATE_FULL = 0x0E,
- NVME_ZONE_STATE_OFFLINE = 0x0F,
+ NVME_ZONE_STATE_READ_ONLY = 0x0d,
+ NVME_ZONE_STATE_FULL = 0x0e,
+ NVME_ZONE_STATE_OFFLINE = 0x0f,
} NvmeZoneState;
static inline void _nvme_check_size(void)

50
hw-block-nvme-consider-metadata-read-aio.patch
View File

@ -1,50 +0,0 @@
From: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Date: Fri, 16 Apr 2021 12:52:33 +0530
Subject: hw/block/nvme: consider metadata read aio return value in compare
Git-commit: b4a983239343efd0a2d8a6cdf0690d0d707ec4ea
Currently in compare command metadata aio read blk_aio_preadv return
value ignored. Consider it and complete the block accounting.
Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Fixes: 0a384f923f51 ("hw/block/nvme: add compare command")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/nvme.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 5fe082ec34c57471fab0fa7e8a0c..ba90053b63ed4884deb98d62b6d6 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -2369,10 +2369,19 @@ static void nvme_compare_mdata_cb(void *opaque, int ret)
uint32_t reftag = le32_to_cpu(rw->reftag);
struct nvme_compare_ctx *ctx = req->opaque;
g_autofree uint8_t *buf = NULL;
+ BlockBackend *blk = ns->blkconf.blk;
+ BlockAcctCookie *acct = &req->acct;
+ BlockAcctStats *stats = blk_get_stats(blk);
uint16_t status = NVME_SUCCESS;
trace_pci_nvme_compare_mdata_cb(nvme_cid(req));
+ if (ret) {
+ block_acct_failed(stats, acct);
+ nvme_aio_err(req, ret);
+ goto out;
+ }
+
buf = g_malloc(ctx->mdata.iov.size);
status = nvme_bounce_mdata(n, buf, ctx->mdata.iov.size,
@@ -2421,6 +2430,8 @@ static void nvme_compare_mdata_cb(void *opaque, int ret)
goto out;
}
+ block_acct_done(stats, acct);
+
out:
qemu_iovec_destroy(&ctx->data.iov);
g_free(ctx->data.bounce);

51
hw-net-can-sja1000-fix-buff2frame_bas-an.patch
View File

@ -1,51 +0,0 @@
From: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Date: Thu, 29 Jul 2021 14:33:27 +0200
Subject: hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is
out of std CAN 8 bytes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 11744862f27b9ba6488a247d2fd6bb83d9bc3c8d
Problem reported by openEuler fuzz-sig group.
The buff2frame_bas function (hw\net\can\can_sja1000.c)
infoleak(qemu5.x~qemu6.x) or stack-overflow(qemu 4.x).
Reported-by: Qiang Ning <ningqiang1@huawei.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/net/can/can_sja1000.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/net/can/can_sja1000.c b/hw/net/can/can_sja1000.c
index 42d2f99dfb1d3cd3fa26f56ccb8d..34eea684ced278738bdb26327100 100644
--- a/hw/net/can/can_sja1000.c
+++ b/hw/net/can/can_sja1000.c
@@ -275,6 +275,10 @@ static void buff2frame_pel(const uint8_t *buff, qemu_can_frame *frame)
}
frame->can_dlc = buff[0] & 0x0f;
+ if (frame->can_dlc > 8) {
+ frame->can_dlc = 8;
+ }
+
if (buff[0] & 0x80) { /* Extended */
frame->can_id |= QEMU_CAN_EFF_FLAG;
frame->can_id |= buff[1] << 21; /* ID.28~ID.21 */
@@ -311,6 +315,10 @@ static void buff2frame_bas(const uint8_t *buff, qemu_can_frame *frame)
}
frame->can_dlc = buff[1] & 0x0f;
+ if (frame->can_dlc > 8) {
+ frame->can_dlc = 8;
+ }
+
for (i = 0; i < frame->can_dlc; i++) {
frame->data[i] = buff[2 + i];
}

35
hw-nvme-fix-missing-check-for-PMR-capabi.patch
View File

@ -1,35 +0,0 @@
From: Klaus Jensen <k.jensen@samsung.com>
Date: Mon, 7 Jun 2021 11:47:57 +0200
Subject: hw/nvme: fix missing check for PMR capability
Git-commit: 2b02aabc9d02f9e95946cf639f546bb61f1721b7
Qiang Liu reported that an access on an unknown address is triggered in
memory_region_set_enabled because a check on CAP.PMRS is missing for the
PMRCTL register write when no PMR is configured.
Cc: qemu-stable@nongnu.org
Fixes: 75c3c9de961d ("hw/block/nvme: disable PMR at boot up")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/362
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/nvme.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 58185c8a17bfa3b84643733bc558..73f4516174776782f237193e29fc 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -5600,6 +5600,10 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data,
"invalid write to PMRCAP register, ignored");
return;
case 0xe04: /* PMRCTL */
+ if (!NVME_CAP_PMRS(n->bar.cap)) {
+ return;
+ }
+
n->bar.pmrctl = data;
if (NVME_PMRCTL_EN(data)) {
memory_region_set_enabled(&n->pmr.dev->mr, true);

105
hw-nvme-fix-pin-based-interrupt-behavior.patch
View File

@ -1,105 +0,0 @@
From: Klaus Jensen <k.jensen@samsung.com>
Date: Thu, 17 Jun 2021 20:55:42 +0200
Subject: hw/nvme: fix pin-based interrupt behavior (again)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 83d7ed5c570d4c1d5163951b3057cac2ae7da4ff
Jakub noticed[1] that, when using pin-based interrupts, the device will
unconditionally deasssert when any CQEs are acknowledged. However, the
pin should not be deasserted if other completion queues still holds
unacknowledged CQEs.
The bug is an artifact of commit ca247d35098d ("hw/block/nvme: fix
pin-based interrupt behavior") which fixed one bug but introduced
another. This is the third time someone tries to fix pin-based
interrupts (see commit 5e9aa92eb1a5 ("hw/block: Fix pin-based interrupt
behaviour of NVMe"))...
Third time's the charm, so fix it, again, by keeping track of how many
CQs have unacknowledged CQEs and only deassert when all are cleared.
[1]: <20210610114624.304681-1-jakub.jermar@kernkonzept.com>
Cc: qemu-stable@nongnu.org
Fixes: ca247d35098d ("hw/block/nvme: fix pin-based interrupt behavior")
Reported-by: Jakub Jermář <jakub.jermar@kernkonzept.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/nvme.c | 18 +++++++++++++++++-
hw/block/nvme.h | 1 +
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 73f4516174776782f237193e29fc..b63c511018ad6ca95400e5bb51ff 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -469,7 +469,9 @@ static void nvme_irq_deassert(NvmeCtrl *n, NvmeCQueue *cq)
return;
} else {
assert(cq->vector < 32);
- n->irq_status &= ~(1 << cq->vector);
+ if (!n->cq_pending) {
+ n->irq_status &= ~(1 << cq->vector);
+ }
nvme_irq_check(n);
}
}
@@ -1262,6 +1264,7 @@ static void nvme_post_cqes(void *opaque)
NvmeCQueue *cq = opaque;
NvmeCtrl *n = cq->ctrl;
NvmeRequest *req, *next;
+ bool pending = cq->head != cq->tail;
int ret;
QTAILQ_FOREACH_SAFE(req, &cq->req_list, entry, next) {
@@ -1291,6 +1294,10 @@ static void nvme_post_cqes(void *opaque)
QTAILQ_INSERT_TAIL(&sq->req_list, req, entry);
}
if (cq->tail != cq->head) {
+ if (cq->irq_enabled && !pending) {
+ n->cq_pending++;
+ }
+
nvme_irq_assert(n, cq);
}
}
@@ -4102,6 +4109,11 @@ static uint16_t nvme_del_cq(NvmeCtrl *n, NvmeRequest *req)
trace_pci_nvme_err_invalid_del_cq_notempty(qid);
return NVME_INVALID_QUEUE_DEL;
}
+
+ if (cq->irq_enabled && cq->tail != cq->head) {
+ n->cq_pending--;
+ }
+
nvme_irq_deassert(n, cq);
trace_pci_nvme_del_cq(qid);
nvme_free_cq(cq, n);
@@ -5779,6 +5791,10 @@ static void nvme_process_db(NvmeCtrl *n, hwaddr addr, int val)
}
if (cq->tail == cq->head) {
+ if (cq->irq_enabled) {
+ n->cq_pending--;
+ }
+
nvme_irq_deassert(n, cq);
}
} else {
diff --git a/hw/block/nvme.h b/hw/block/nvme.h
index 5d05ec368f7a993f71d3d9ed9809..d216e5674dce294b318c3955a94f 100644
--- a/hw/block/nvme.h
+++ b/hw/block/nvme.h
@@ -171,6 +171,7 @@ typedef struct NvmeCtrl {
uint32_t max_q_ents;
uint8_t outstanding_aers;
uint32_t irq_status;
+ int cq_pending;
uint64_t host_timestamp; /* Timestamp sent by the host */
uint64_t timestamp_set_qemu_clock_ms; /* QEMU clock time */
uint64_t starttime_ms;

71
hw-pci-host-q35-Ignore-write-of-reserved.patch
View File

@ -1,71 +0,0 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Date: Wed, 26 May 2021 16:24:38 +0200
Subject: hw/pci-host/q35: Ignore write of reserved PCIEXBAR LENGTH field
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 9b0ca75e0196a72523232063db1e07ae36a5077a
libFuzzer triggered the following assertion:
cat << EOF | qemu-system-i386 -M pc-q35-5.0 \
-nographic -monitor none -serial none \
-qtest stdio -d guest_errors -trace pci\*
outl 0xcf8 0xf2000060
outl 0xcfc 0x8400056e
EOF
pci_cfg_write mch 00:0 @0x60 <- 0x8400056e
Aborted (core dumped)
This is because guest wrote MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD
(reserved value) to the PCIE XBAR register.
There is no indication on the datasheet about what occurs when
this value is written. Simply ignore it on QEMU (and report an
guest error):
pci_cfg_write mch 00:0 @0x60 <- 0x8400056e
Q35: Reserved PCIEXBAR LENGTH
pci_cfg_read mch 00:0 @0x0 -> 0x8086
pci_cfg_read mch 00:0 @0x0 -> 0x29c08086
...
Cc: qemu-stable@nongnu.org
Reported-by: Alexander Bulekov <alxndr@bu.edu>
BugLink: https://bugs.launchpad.net/qemu/+bug/1878641
Fixes: df2d8b3ed4 ("q35: Introduce q35 pc based chipset emulator")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210526142438.281477-1-f4bug@amsat.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/pci-host/q35.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
index 2eb729dff5854aff586d9ac813f9..0f37cf056a9af4081f2350400ab2 100644
--- a/hw/pci-host/q35.c
+++ b/hw/pci-host/q35.c
@@ -29,6 +29,7 @@
*/
#include "qemu/osdep.h"
+#include "qemu/log.h"
#include "hw/i386/pc.h"
#include "hw/pci-host/q35.h"
#include "hw/qdev-properties.h"
@@ -318,6 +319,8 @@ static void mch_update_pciexbar(MCHPCIState *mch)
addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK;
break;
case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD:
+ qemu_log_mask(LOG_GUEST_ERROR, "Q35: Reserved PCIEXBAR LENGTH\n");
+ return;
default:
abort();
}

43
hw-rdma-Fix-possible-mremap-overflow-in-.patch
View File

@ -1,43 +0,0 @@
From: Marcel Apfelbaum <marcel@redhat.com>
Date: Wed, 16 Jun 2021 14:06:00 +0300
Subject: hw/rdma: Fix possible mremap overflow in the pvrdma device
(CVE-2021-3582)
Git-commit: 284f191b4abad213aed04cb0458e1600fd18d7c4
References: CVE-2021-3582 bsc#1187499
Ensure mremap boundaries not trusting the guest kernel to
pass the correct buffer length.
Fixes: CVE-2021-3582
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/rdma/vmw/pvrdma_cmd.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
index f59879e2574ea5569b098bb338e6..da7ddfa548ffb349dd3d695a6766 100644
--- a/hw/rdma/vmw/pvrdma_cmd.c
+++ b/hw/rdma/vmw/pvrdma_cmd.c
@@ -38,6 +38,13 @@ static void *pvrdma_map_to_pdir(PCIDevice *pdev, uint64_t pdir_dma,
return NULL;
}
+ length = ROUND_UP(length, TARGET_PAGE_SIZE);
+ if (nchunks * TARGET_PAGE_SIZE != length) {
+ rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks,
+ (unsigned long)length);
+ return NULL;
+ }
+
dir = rdma_pci_dma_map(pdev, pdir_dma, TARGET_PAGE_SIZE);
if (!dir) {
rdma_error_report("Failed to map to page directory");

37
hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
View File

@ -1,37 +0,0 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Date: Thu, 8 Apr 2021 00:30:56 +0200
Subject: hw/rx/rx-gdbsim: Do not accept invalid memory size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 9197b5d4b5f163455c891baec531ae73f5d3a73a
References: bsc#1186000
We check the amount of RAM is enough, warn when it is
not, but if so we neglect to bail out. Fix that by
adding the missing exit() call.
Fixes: bda19d7bb56 ("hw/rx: Add RX GDB simulator")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20210407223056.1870497-1-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/rx/rx-gdbsim.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/rx/rx-gdbsim.c b/hw/rx/rx-gdbsim.c
index b1d7c2488ff332cfc3de1e39f6d4..4e4ececae4b060ea75e6454f3a8c 100644
--- a/hw/rx/rx-gdbsim.c
+++ b/hw/rx/rx-gdbsim.c
@@ -93,6 +93,7 @@ static void rx_gdbsim_init(MachineState *machine)
char *sz = size_to_str(mc->default_ram_size);
error_report("Invalid RAM size, should be more than %s", sz);
g_free(sz);
+ exit(1);
}
/* Allocate memory space */

10
hw-smbios-handle-both-file-formats-regar.patch
View File

@ -16,10 +16,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 39 insertions(+), 4 deletions(-)
diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index f22c4f5b734e89a390cada7ea422..c65f1b9dcfad50ab69ba92881b5f 100644
index 7397e567373b2dbfabae8fe10a5f..61b7546a6dd7010bdc248f969100 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -1040,6 +1040,7 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
@@ -1138,6 +1138,7 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
struct smbios_structure_header *header;
int size;
struct smbios_table *table; /* legacy mode only */
@ -27,7 +27,7 @@ index f22c4f5b734e89a390cada7ea422..c65f1b9dcfad50ab69ba92881b5f 100644
if (!qemu_opts_validate(opts, qemu_smbios_file_opts, errp)) {
return;
@@ -1052,11 +1053,21 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
@@ -1150,11 +1151,21 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
}
/*
@ -53,7 +53,7 @@ index f22c4f5b734e89a390cada7ea422..c65f1b9dcfad50ab69ba92881b5f 100644
header = (struct smbios_structure_header *)(smbios_tables +
smbios_tables_len);
@@ -1071,6 +1082,19 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
@@ -1169,6 +1180,19 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
header->type);
return;
}
@ -73,7 +73,7 @@ index f22c4f5b734e89a390cada7ea422..c65f1b9dcfad50ab69ba92881b5f 100644
set_bit(header->type, have_binfile_bitmap);
if (header->type == 4) {
@@ -1091,6 +1115,17 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
@@ -1189,6 +1213,17 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
* delete the one we don't need from smbios_set_defaults(),
* once we know which machine version has been requested.
*/

107
hw-usb-Do-not-build-USB-subsystem-if-not.patch
View File

@ -1,107 +0,0 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Date: Sun, 25 Apr 2021 00:41:10 +0200
Subject: hw/usb: Do not build USB subsystem if not required
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 9c3c834bdda5ca6d58c0e61508737683d12968b5
References: bsc#1186012, CVE-2021-3527
If the Kconfig 'USB' value is not selected, it is pointless to
build the USB core components. Add a stub for the HMP commands
and usbdevice_create() which is called by usb_device_add in
softmmu/vl.c.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210424224110.3442424-3-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
MAINTAINERS | 1 +
hw/usb/meson.build | 9 +++------
stubs/meson.build | 1 +
stubs/usb-dev-stub.c | 25 +++++++++++++++++++++++++
4 files changed, 30 insertions(+), 6 deletions(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index 36055f14c594947b5ee9f2c3ff19..cd63d3efd8b1c8c7532c4f778f29 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1804,6 +1804,7 @@ USB
M: Gerd Hoffmann <kraxel@redhat.com>
S: Maintained
F: hw/usb/*
+F: stubs/usb-dev-stub.c
F: tests/qtest/usb-*-test.c
F: docs/usb2.txt
F: docs/usb-storage.txt
diff --git a/hw/usb/meson.build b/hw/usb/meson.build
index fb7a74e73ae843480fc121e07816..f357270d0b6bf5d810a5e49681a5 100644
--- a/hw/usb/meson.build
+++ b/hw/usb/meson.build
@@ -1,17 +1,14 @@
hw_usb_modules = {}
# usb subsystem core
-softmmu_ss.add(files(
+softmmu_ss.add(when: 'CONFIG_USB', if_true: files(
'bus.c',
'combined-packet.c',
'core.c',
- 'pcap.c',
- 'libhw.c'
-))
-
-softmmu_ss.add(when: 'CONFIG_USB', if_true: files(
'desc.c',
'desc-msos.c',
+ 'libhw.c',
+ 'pcap.c',
))
# usb host adapters
diff --git a/stubs/meson.build b/stubs/meson.build
index 5555b69103baba363483e047af06..f3f979c3fe828984f045fc572d21 100644
--- a/stubs/meson.build
+++ b/stubs/meson.build
@@ -51,6 +51,7 @@ if have_block
endif
if have_system
stub_ss.add(files('semihost.c'))
+ stub_ss.add(files('usb-dev-stub.c'))
stub_ss.add(files('xen-hw-stub.c'))
else
stub_ss.add(files('qdev.c'))
diff --git a/stubs/usb-dev-stub.c b/stubs/usb-dev-stub.c
new file mode 100644
index 0000000000000000000000000000000000000000..b1adeeb4548d2aa4f4c8c9eae967578c5da18efc
--- /dev/null
+++ b/stubs/usb-dev-stub.c
@@ -0,0 +1,25 @@
+/*
+ * QEMU USB device emulation stubs
+ *
+ * Copyright (C) 2021 Philippe Mathieu-Daudé <f4bug@amsat.org>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "sysemu/sysemu.h"
+#include "monitor/monitor.h"
+#include "hw/usb.h"
+
+USBDevice *usbdevice_create(const char *driver)
+{
+ error_report("Support for USB devices not built-in");
+
+ return NULL;
+}
+
+void hmp_info_usb(Monitor *mon, const QDict *qdict)
+{
+ monitor_printf(mon, "Support for USB devices not built-in\n");
+}

31
hw-usb-host-stub-Remove-unused-header.patch
View File

@ -1,31 +0,0 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Date: Sun, 25 Apr 2021 00:41:09 +0200
Subject: hw/usb/host-stub: Remove unused header
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 1081607bfab94a0b6149c4a2195737107aed265f
References: bsc#1186012, CVE-2021-3527
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210424224110.3442424-2-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/usb/host-stub.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/hw/usb/host-stub.c b/hw/usb/host-stub.c
index 538ed29684cb7d3ed15df7a7b298..80809ceba54221818bd937ff01b6 100644
--- a/hw/usb/host-stub.c
+++ b/hw/usb/host-stub.c
@@ -31,7 +31,6 @@
*/
#include "qemu/osdep.h"
-#include "ui/console.h"
#include "hw/usb.h"
#include "monitor/monitor.h"

2
increase-x86_64-physical-bits-to-42.patch
View File

@ -18,7 +18,7 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/tcg/helper-tcg.h b/target/i386/tcg/helper-tcg.h
index bcdfca06f699863a6dd2e872231c..ade34e5681775657b0b5220b43d7 100644
index 2510cc244e91c91adfaffbb69674..b1903b2d86ac067ebe90212b25e0 100644
--- a/target/i386/tcg/helper-tcg.h
+++ b/target/i386/tcg/helper-tcg.h
@@ -26,7 +26,7 @@

6
linux-user-Fake-proc-cpuinfo.patch
View File

@ -21,10 +21,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 24 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 9002e4d6187d4796773cfeb63723..e5d22c4806cf4f11b43371dc52c2 100644
index 7771dede6384e061b9ad10a2b0c2..3e206c14c12d48a2ee7d242f6f13 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7977,6 +7977,27 @@ static int open_self_stat(void *cpu_env, int fd)
@@ -7860,6 +7860,27 @@ static int open_self_stat(void *cpu_env, int fd)
return 0;
}
@ -52,7 +52,7 @@ index 9002e4d6187d4796773cfeb63723..e5d22c4806cf4f11b43371dc52c2 100644
static int open_self_auxv(void *cpu_env, int fd)
{
CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
@@ -8131,6 +8152,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags,
@@ -8014,6 +8035,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags,
#if defined(TARGET_SPARC) || defined(TARGET_HPPA)
{ "/proc/cpuinfo", open_cpuinfo, is_proc },
#endif

50
linux-user-aarch64-Enable-hwcap-for-RND-.patch
View File

@ -1,50 +0,0 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Tue, 27 Apr 2021 14:41:08 -0700
Subject: linux-user/aarch64: Enable hwcap for RND, BTI, and MTE
Git-commit: 68948d18224b93361e2880e2946ab268d0c650d7
These three features are already enabled by TCG, but are missing
their hwcap bits. Update HWCAP2 from linux v5.12.
Cc: qemu-stable@nongnu.org (for 6.0.1)
Buglink: https://bugs.launchpad.net/bugs/1926044
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210427214108.88503-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
linux-user/elfload.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index c6731013fde2a8c206be1dd8553f..fc9c4f12be92bd4eec03e9e7803f 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -586,6 +586,16 @@ enum {
ARM_HWCAP2_A64_SVESM4 = 1 << 6,
ARM_HWCAP2_A64_FLAGM2 = 1 << 7,
ARM_HWCAP2_A64_FRINT = 1 << 8,
+ ARM_HWCAP2_A64_SVEI8MM = 1 << 9,
+ ARM_HWCAP2_A64_SVEF32MM = 1 << 10,
+ ARM_HWCAP2_A64_SVEF64MM = 1 << 11,
+ ARM_HWCAP2_A64_SVEBF16 = 1 << 12,
+ ARM_HWCAP2_A64_I8MM = 1 << 13,
+ ARM_HWCAP2_A64_BF16 = 1 << 14,
+ ARM_HWCAP2_A64_DGH = 1 << 15,
+ ARM_HWCAP2_A64_RNG = 1 << 16,
+ ARM_HWCAP2_A64_BTI = 1 << 17,
+ ARM_HWCAP2_A64_MTE = 1 << 18,
};
#define ELF_HWCAP get_elf_hwcap()
@@ -640,6 +650,9 @@ static uint32_t get_elf_hwcap2(void)
GET_FEATURE_ID(aa64_dcpodp, ARM_HWCAP2_A64_DCPODP);
GET_FEATURE_ID(aa64_condm_5, ARM_HWCAP2_A64_FLAGM2);
GET_FEATURE_ID(aa64_frint, ARM_HWCAP2_A64_FRINT);
+ GET_FEATURE_ID(aa64_rndr, ARM_HWCAP2_A64_RNG);
+ GET_FEATURE_ID(aa64_bti, ARM_HWCAP2_A64_BTI);
+ GET_FEATURE_ID(aa64_mte, ARM_HWCAP2_A64_MTE);
return hwcaps;
}

4
linux-user-add-binfmt-wrapper-for-argv-0.patch
View File

@ -82,10 +82,10 @@ index 0000000000000000000000000000000000000000..cd1f513b334f3b263d9e4b5adb1981e3
+ return execve(new_argv[0], new_argv, envp);
+}
diff --git a/meson.build b/meson.build
index c6f4b0cf5e8a88e2019fabd13f3a..4dd9c13852c017e89106e6a444ee 100644
index b3e7ec0e92da8d333d0c49bbe4aa..72aa5562bb69b828e4ca8f65fb3b 100644
--- a/meson.build
+++ b/meson.build
@@ -2318,6 +2318,11 @@ endforeach
@@ -2717,6 +2717,11 @@ endforeach
# Other build targets

4
linux-user-lseek-explicitly-cast-non-set.patch
View File

@ -15,10 +15,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ee3f66b0118d21748c1ff7475793..f15b5fda1296f2b1f9dc53f74734 100644
index 54dcd38709918dd5f8aa8013ee17..4effe3b234aa7da037638b8a268e 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8653,8 +8653,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1,
@@ -8537,8 +8537,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1,
return ret;
#endif
#ifdef TARGET_NR_lseek

10
linux-user-use-target_ulong.patch
View File

@ -16,7 +16,7 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
2 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 74e06e7121c56fbf568bc0d48164..709714dad5384d0813083af204c4 100644
index 3b0b6b75fe8f1c5a5a5eb56ff99d..6a1d9b2d90da099bb2faaebbd265 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -231,10 +231,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src,
@ -35,10 +35,10 @@ index 74e06e7121c56fbf568bc0d48164..709714dad5384d0813083af204c4 100644
void cpu_loop(CPUArchState *env);
const char *target_strerror(int err);
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index e5d22c4806cf4f11b43371dc52c2..ee3f66b0118d21748c1ff7475793 100644
index 3e206c14c12d48a2ee7d242f6f13..54dcd38709918dd5f8aa8013ee17 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8295,10 +8295,10 @@ static int host_to_target_cpu_mask(const unsigned long *host_mask,
@@ -8182,10 +8182,10 @@ _syscall2(int, pivot_root, const char *, new_root, const char *, put_old)
* of syscall results, can be performed.
* All errnos that do_syscall() returns must be -TARGET_<errcode>.
*/
@ -53,7 +53,7 @@ index e5d22c4806cf4f11b43371dc52c2..ee3f66b0118d21748c1ff7475793 100644
{
CPUState *cpu = env_cpu(cpu_env);
abi_long ret;
@@ -10966,7 +10966,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
@@ -10794,7 +10794,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
*/
ret = -TARGET_EINVAL;
if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env))
@ -62,7 +62,7 @@ index e5d22c4806cf4f11b43371dc52c2..ee3f66b0118d21748c1ff7475793 100644
CPUARMState *env = cpu_env;
ARMCPU *cpu = env_archcpu(env);
uint32_t vq, old_vq;
@@ -13318,10 +13318,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
@@ -13163,10 +13163,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
return ret;
}

113
module-for-virtio-gpu-pre-load-module-to.patch
View File

@ -1,113 +0,0 @@
From: Bruce Rogers <brogers@suse.com>
Date: Thu, 21 Jan 2021 16:34:32 -0700
Subject: module: for virtio-gpu, pre-load module to avoid abort on missing
module
If the hw-display-virtio-gpu module is not loadable when the virtio-gpu
device is referenced either on the command line or the monitor, qemu
will call abort. We can fail gracefully by moving the attempted module
load to a context better situated to handle errors properly. (bsc#1181103)
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
include/qemu/module.h | 1 +
qom/object.c | 12 ++++++++++++
qom/qom-qmp-cmds.c | 17 +++++++++++++++++
softmmu/qdev-monitor.c | 15 +++++++++++++++
4 files changed, 45 insertions(+)
diff --git a/include/qemu/module.h b/include/qemu/module.h
index 944d403cbd1535cc121af76a94f2..4b42dd285eeac1ba12e5c9e18ac0 100644
--- a/include/qemu/module.h
+++ b/include/qemu/module.h
@@ -72,5 +72,6 @@ void module_call_init(module_init_type type);
bool module_load_one(const char *prefix, const char *lib_name, bool mayfail);
void module_load_qom_one(const char *type);
void module_load_qom_all(void);
+int module_load_check(const char *name);
#endif
diff --git a/qom/object.c b/qom/object.c
index 6a01d56546968c094ac4831acb2c..1b132653c3fc8d5150723b2d4cf7 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -518,6 +518,18 @@ static void object_initialize_with_type(Object *obj, size_t size, TypeImpl *type
object_post_init_with_type(obj, type);
}
+#ifdef CONFIG_MODULES
+int module_load_check(const char *name)
+{
+ TypeImpl *type = type_get_by_name(name);
+ if (!type) {
+ module_load_qom_one(name);
+ type = type_get_by_name(name);
+ }
+ return type == NULL;
+}
+#endif
+
void object_initialize(void *data, size_t size, const char *typename)
{
TypeImpl *type = type_get_by_name(typename);
diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c
index 2d6f41ecc7ef4f2b82e55e730dc6..5ec565ad8f0f06d68022f3a4d3d5 100644
--- a/qom/qom-qmp-cmds.c
+++ b/qom/qom-qmp-cmds.c
@@ -129,6 +129,23 @@ ObjectPropertyInfoList *qmp_device_list_properties(const char *typename,
ObjectPropertyIterator iter;
ObjectPropertyInfoList *prop_list = NULL;
+#ifdef CONFIG_MODULES
+ if (!strcmp(typename, "virtio-gpu-pci") || !strcmp(typename, "virtio-gpu-ccw")) {
+ if (module_load_check("virtio-gpu-device")) {
+ ObjectPropertyInfo *info;
+ info = g_new0(ObjectPropertyInfo, 1);
+ info->name = g_strdup("dummy");
+ info->type = g_strdup("dummy");
+ info->has_description = false;
+ info->description = NULL;
+ info->default_value = 0;
+ info->has_default_value = 0;
+ QAPI_LIST_PREPEND(prop_list, info);
+ return prop_list;
+ }
+ }
+#endif
+
klass = module_object_class_by_name(typename);
if (klass == NULL) {
error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
index a9955b97a078ea657546d9e2382f..8b71c08af53010428b0fc209bc5b 100644
--- a/softmmu/qdev-monitor.c
+++ b/softmmu/qdev-monitor.c
@@ -274,6 +274,13 @@ int qdev_device_help(QemuOpts *opts)
int i;
driver = qemu_opt_get(opts, "driver");
+#ifdef CONFIG_MODULES
+ if (driver && !strcmp(driver, "virtio-gpu")) {
+ if (module_load_check("virtio-gpu-device")) {
+ return 0;
+ }
+ }
+#endif
if (driver && is_help_option(driver)) {
qdev_print_devinfos(false);
return 1;
@@ -646,6 +653,14 @@ DeviceState *qdev_device_add(QemuOpts *opts, Error **errp)
return NULL;
}
+#ifdef CONFIG_MODULES
+ if (!strcmp(driver, "virtio-gpu-pci") || !strcmp(driver, "virtio-gpu-ccw")) {
+ if (module_load_check("virtio-gpu-device")) {
+ error_setg(errp, "loadable module for %s not available!", driver);
+ return NULL;
+ }
+ }
+#endif
/* create device */
dev = qdev_new(driver);

86
monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
View File

@ -1,86 +0,0 @@
From: Stefan Reiter <s.reiter@proxmox.com>
Date: Mon, 22 Mar 2021 16:40:24 +0100
Subject: monitor/qmp: fix race on CHR_EVENT_CLOSED without OOB
Git-commit: a67b996e7894edfafbcd3fd007c9f58f26d25908
The QMP dispatcher coroutine holds the qmp_queue_lock over a yield
point, where it expects to be rescheduled from the main context. If a
CHR_EVENT_CLOSED event is received just then, it can race and block the
main thread on the mutex in monitor_qmp_cleanup_queue_and_resume.
monitor_resume does not need to be called from main context, so we can
call it immediately after popping a request from the queue, which allows
us to drop the qmp_queue_lock mutex before yielding.
Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Message-Id: <20210322154024.15011-1-s.reiter@proxmox.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
monitor/qmp.c | 40 ++++++++++++++++++++++------------------
1 file changed, 22 insertions(+), 18 deletions(-)
diff --git a/monitor/qmp.c b/monitor/qmp.c
index 2b0308f93371dde1a8085ac9c402..092c527b6fc9c6363f4bf81d8573 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
@@ -257,24 +257,6 @@ void coroutine_fn monitor_qmp_dispatcher_co(void *data)
trace_monitor_qmp_in_band_dequeue(req_obj,
req_obj->mon->qmp_requests->length);
- if (qatomic_xchg(&qmp_dispatcher_co_busy, true) == true) {
- /*
- * Someone rescheduled us (probably because a new requests
- * came in), but we didn't actually yield. Do that now,
- * only to be immediately reentered and removed from the
- * list of scheduled coroutines.
- */
- qemu_coroutine_yield();
- }
-
- /*
- * Move the coroutine from iohandler_ctx to qemu_aio_context for
- * executing the command handler so that it can make progress if it
- * involves an AIO_WAIT_WHILE().
- */
- aio_co_schedule(qemu_get_aio_context(), qmp_dispatcher_co);
- qemu_coroutine_yield();
-
/*
* @req_obj has a request, we hold req_obj->mon->qmp_queue_lock
*/
@@ -298,8 +280,30 @@ void coroutine_fn monitor_qmp_dispatcher_co(void *data)
monitor_resume(&mon->common);
}
+ /*
+ * Drop the queue mutex now, before yielding, otherwise we might
+ * deadlock if the main thread tries to lock it.
+ */
qemu_mutex_unlock(&mon->qmp_queue_lock);
+ if (qatomic_xchg(&qmp_dispatcher_co_busy, true) == true) {
+ /*
+ * Someone rescheduled us (probably because a new requests
+ * came in), but we didn't actually yield. Do that now,
+ * only to be immediately reentered and removed from the
+ * list of scheduled coroutines.
+ */
+ qemu_coroutine_yield();
+ }
+
+ /*
+ * Move the coroutine from iohandler_ctx to qemu_aio_context for
+ * executing the command handler so that it can make progress if it
+ * involves an AIO_WAIT_WHILE().
+ */
+ aio_co_schedule(qemu_get_aio_context(), qmp_dispatcher_co);
+ qemu_coroutine_yield();
+
/* Process request */
if (req_obj->req) {
if (trace_event_get_state(TRACE_MONITOR_QMP_CMD_IN_BAND)) {

12
net-vmxnet3-validate-configuration-value.patch
View File

@ -21,10 +21,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 13 insertions(+)
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index eff299f6290cee3e784d93561798..4a910ca97188df056219062c30da 100644
index 41f796a247dfe84cc667fef6c48b..f65af4e9ef27a85850968c811e52 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1420,6 +1420,7 @@ static void vmxnet3_activate_device(VMXNET3State *s)
@@ -1441,6 +1441,7 @@ static void vmxnet3_activate_device(VMXNET3State *s)
vmxnet3_setup_rx_filtering(s);
/* Cache fields from shared memory */
s->mtu = VMXNET3_READ_DRV_SHARED32(d, s->drv_shmem, devRead.misc.mtu);
@ -32,7 +32,7 @@ index eff299f6290cee3e784d93561798..4a910ca97188df056219062c30da 100644
VMW_CFPRN("MTU is %u", s->mtu);
s->max_rx_frags =
@@ -1473,6 +1474,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
@@ -1486,6 +1487,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
/* Read rings memory locations for TX queues */
pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.txRingBasePA);
size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.txRingSize);
@ -42,7 +42,7 @@ index eff299f6290cee3e784d93561798..4a910ca97188df056219062c30da 100644
vmxnet3_ring_init(d, &s->txq_descr[i].tx_ring, pa, size,
sizeof(struct Vmxnet3_TxDesc), false);
@@ -1483,6 +1487,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
@@ -1496,6 +1500,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
/* TXC ring */
pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.compRingBasePA);
size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.compRingSize);
@ -52,7 +52,7 @@ index eff299f6290cee3e784d93561798..4a910ca97188df056219062c30da 100644
vmxnet3_ring_init(d, &s->txq_descr[i].comp_ring, pa, size,
sizeof(struct Vmxnet3_TxCompDesc), true);
VMXNET3_RING_DUMP(VMW_CFPRN, "TXC", i, &s->txq_descr[i].comp_ring);
@@ -1524,6 +1531,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
@@ -1537,6 +1544,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
/* RX rings */
pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.rxRingBasePA[j]);
size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.rxRingSize[j]);
@ -62,7 +62,7 @@ index eff299f6290cee3e784d93561798..4a910ca97188df056219062c30da 100644
vmxnet3_ring_init(d, &s->rxq_descr[i].rx_ring[j], pa, size,
sizeof(struct Vmxnet3_RxDesc), false);
VMW_CFPRN("RX queue %d:%d: Base: %" PRIx64 ", Size: %d",
@@ -1533,6 +1543,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
@@ -1546,6 +1556,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
/* RXC ring */
pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.compRingBasePA);
size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.compRingSize);

2
pc-bios-s390-ccw-net-avoid-warning-about.patch
View File

@ -11,7 +11,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+)
diff --git a/pc-bios/s390-ccw/netboot.mak b/pc-bios/s390-ccw/netboot.mak
index 577c023afe3db17ada307b2abbcc..cea8fb8532ddccda2390d936c93f 100644
index 68b4d7edcb2c8b10e162a0872e27..1839add9eea2af542b01b5591121 100644
--- a/pc-bios/s390-ccw/netboot.mak
+++ b/pc-bios/s390-ccw/netboot.mak
@@ -54,6 +54,7 @@ LIBNETOBJS := args.o dhcp.o dns.o icmpv6.o ipv6.o tcp.o udp.o bootp.o \

39
pvrdma-Ensure-correct-input-on-ring-init.patch
View File

@ -1,39 +0,0 @@
From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Date: Wed, 30 Jun 2021 14:46:34 +0300
Subject: pvrdma: Ensure correct input on ring init (CVE-2021-3607)
Git-commit: 32e5703cfea07c91e6e84bcb0313f633bb146534
References: CVE-2021-3607 bsc#1187539
Check the guest passed a non zero page count
for pvrdma device ring buffers.
Fixes: CVE-2021-3607
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210630114634.2168872-1-marcel@redhat.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/rdma/vmw/pvrdma_main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
index 84ae8024fcfd86c535aeacc7198a..7c0c3551a8a4952397e1202cfc9f 100644
--- a/hw/rdma/vmw/pvrdma_main.c
+++ b/hw/rdma/vmw/pvrdma_main.c
@@ -92,6 +92,11 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state,
uint64_t *dir, *tbl;
int rc = 0;
+ if (!num_pages) {
+ rdma_error_report("Ring pages count must be strictly positive");
+ return -EINVAL;
+ }
+
dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE);
if (!dir) {
rdma_error_report("Failed to map to page directory (ring %s)", name);

39
pvrdma-Fix-the-ring-init-error-flow-CVE-.patch
View File

@ -1,39 +0,0 @@
From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Date: Wed, 30 Jun 2021 14:52:46 +0300
Subject: pvrdma: Fix the ring init error flow (CVE-2021-3608)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 66ae37d8cc313f89272e711174a846a229bcdbd3
References: CVE-2021-3608 bsc#1187538
Do not unmap uninitialized dma addresses.
Fixes: CVE-2021-3608
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210630115246.2178219-1-marcel@redhat.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/rdma/vmw/pvrdma_dev_ring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
index 074ac59b84db3ab6bb092cb28fea..42130667a7d41bb2500f3ae5119c 100644
--- a/hw/rdma/vmw/pvrdma_dev_ring.c
+++ b/hw/rdma/vmw/pvrdma_dev_ring.c
@@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, const char *name, PCIDevice *dev,
qatomic_set(&ring->ring_state->cons_head, 0);
*/
ring->npages = npages;
- ring->pages = g_malloc(npages * sizeof(void *));
+ ring->pages = g_malloc0(npages * sizeof(void *));
for (i = 0; i < npages; i++) {
if (!tbl[i]) {

3
qemu-6.0.0.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:87bc1a471ca24b97e7005711066007d443423d19aacda3d442558ae032fa30b9
size 107333232

BIN
qemu-6.0.0.tar.xz.sig
View File

Binary file not shown.

3
qemu-6.1.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eebc089db3414bbeedf1e464beda0a7515aad30f73261abc246c9b27503a3c96
size 111258808

BIN
qemu-6.1.0.tar.xz.sig Normal file
View File

Binary file not shown.

4
qemu-binfmt-conf-Modify-default-path.patch
View File

@ -13,10 +13,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index 573b5dc6acd7901b907ec8ffc065..820b0cecf80d0dd1fb564674b438 100755
index 7de996d536eaf9c41255ae9695a5..cb06245a834f9e8f2bb0464a25ce 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -332,7 +332,7 @@ BINFMT_SET=qemu_register_interpreter
@@ -334,7 +334,7 @@ BINFMT_SET=qemu_register_interpreter
SYSTEMDDIR="/etc/binfmt.d"
DEBIANDIR="/usr/share/binfmts"

4
qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
View File

@ -12,7 +12,7 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index 820b0cecf80d0dd1fb564674b438..fb504a44a1e8d07220b65ee534dd 100755
index cb06245a834f9e8f2bb0464a25ce..c46e604fa6ef3faaecccaae835ba 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -275,7 +275,7 @@ qemu_generate_register() {
@ -24,7 +24,7 @@ index 820b0cecf80d0dd1fb564674b438..fb504a44a1e8d07220b65ee534dd 100755
}
qemu_register_interpreter() {
@@ -314,9 +314,9 @@ qemu_set_binfmts() {
@@ -316,9 +316,9 @@ qemu_set_binfmts() {
continue
fi

115
qemu-config-load-modules-when-instantiat.patch
View File

@ -1,115 +0,0 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 18 May 2021 09:08:17 -0400
Subject: qemu-config: load modules when instantiating option groups
Git-commit: 632a8873500d27022c584256afc11e57e2418b94
Right now the SPICE module is special cased to be loaded when processing
of the -spice command line option. However, the spice option group
can also be brought in via -readconfig, in which case the module is
not loaded.
Add a generic hook to load modules that provide a QemuOpts group,
and use it for the "spice" and "iscsi" groups.
Fixes: #194
Fixes: https://bugs.launchpad.net/qemu/+bug/1910696
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
include/qemu/config-file.h | 2 +-
softmmu/vl.c | 21 +++++++++++++++++----
stubs/meson.build | 1 +
stubs/module-opts.c | 6 ++++++
util/qemu-config.c | 1 +
5 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/include/qemu/config-file.h b/include/qemu/config-file.h
index 8d3e53ae4d439cb50b34f0845495..0500b3668d8042013963930d4a12 100644
--- a/include/qemu/config-file.h
+++ b/include/qemu/config-file.h
@@ -1,7 +1,7 @@
#ifndef QEMU_CONFIG_FILE_H
#define QEMU_CONFIG_FILE_H
-
+void qemu_load_module_for_opts(const char *group);
QemuOptsList *qemu_find_opts(const char *group);
QemuOptsList *qemu_find_opts_err(const char *group, Error **errp);
QemuOpts *qemu_find_opts_singleton(const char *group);
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 1b9b067ecad6fb392bb34f61fe77..bb3e6821e844d3f87cbc628b922f 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -2614,6 +2614,23 @@ void qmp_x_exit_preconfig(Error **errp)
}
}
+#ifdef CONFIG_MODULES
+void qemu_load_module_for_opts(const char *group)
+{
+ static bool spice_tried;
+ if (g_str_equal(group, "spice") && !spice_tried) {
+ ui_module_load_one("spice-core");
+ spice_tried = true;
+ }
+
+ static bool iscsi_tried;
+ if (g_str_equal(group, "iscsi") && !iscsi_tried) {
+ block_module_load_one("iscsi");
+ iscsi_tried = true;
+ }
+}
+#endif
+
void qemu_init(int argc, char **argv, char **envp)
{
QemuOpts *opts;
@@ -3384,10 +3401,6 @@ void qemu_init(int argc, char **argv, char **envp)
break;
case QEMU_OPTION_spice:
olist = qemu_find_opts_err("spice", NULL);
- if (!olist) {
- ui_module_load_one("spice-core");
- olist = qemu_find_opts("spice");
- }
if (!olist) {
error_report("spice support is disabled");
exit(1);
diff --git a/stubs/meson.build b/stubs/meson.build
index be6f6d609e58de2a4c4c83d9002b..5555b69103baba363483e047af06 100644
--- a/stubs/meson.build
+++ b/stubs/meson.build
@@ -22,6 +22,7 @@ stub_ss.add(files('isa-bus.c'))
stub_ss.add(files('is-daemonized.c'))
stub_ss.add(when: 'CONFIG_LINUX_AIO', if_true: files('linux-aio.c'))
stub_ss.add(files('migr-blocker.c'))
+stub_ss.add(files('module-opts.c'))
stub_ss.add(files('monitor.c'))
stub_ss.add(files('monitor-core.c'))
stub_ss.add(files('pci-bus.c'))
diff --git a/stubs/module-opts.c b/stubs/module-opts.c
new file mode 100644
index 0000000000000000000000000000000000000000..a7d0e4ad6eada291cfd0376ff58ce5efcdb76d08
--- /dev/null
+++ b/stubs/module-opts.c
@@ -0,0 +1,6 @@
+#include "qemu/osdep.h"
+#include "qemu/config-file.h"
+
+void qemu_load_module_for_opts(const char *group)
+{
+}
diff --git a/util/qemu-config.c b/util/qemu-config.c
index 670bd6ebcaaa414137af63c62bb9..34974c4b47d61bdcefa203b1c9fc 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -16,6 +16,7 @@ static QemuOptsList *find_list(QemuOptsList **lists, const char *group,
{
int i;
+ qemu_load_module_for_opts(group);
for (i = 0; lists[i] != NULL; i++) {
if (strcmp(lists[i]->name, group) == 0)
break;

237
qemu-config-parse-configuration-files-to.patch
View File

@ -1,237 +0,0 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 24 May 2021 06:57:50 -0400
Subject: qemu-config: parse configuration files to a QDict
Git-commit: 37701411397c7b7d709ae92abd347cc593940ee5
Change the parser to put the values into a QDict and pass them
to a callback. qemu_config_parse's QemuOpts creation is
itself turned into a callback function.
This is useful for -readconfig to support keyval-based options;
getting a QDict from the parser removes a roundtrip from
QDict to QemuOpts and then back to QDict.
Unfortunately there is a disadvantage in that semantic errors will
point to the last line of the group, because the entries of the QDict
do not have a location attached.
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210524105752.3318299-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
include/qemu/config-file.h | 7 ++-
softmmu/vl.c | 4 +-
util/qemu-config.c | 98 ++++++++++++++++++++++++++------------
3 files changed, 76 insertions(+), 33 deletions(-)
diff --git a/include/qemu/config-file.h b/include/qemu/config-file.h
index 0500b3668d8042013963930d4a12..f6054233212a5b4735a95b5dd78e 100644
--- a/include/qemu/config-file.h
+++ b/include/qemu/config-file.h
@@ -1,6 +1,8 @@
#ifndef QEMU_CONFIG_FILE_H
#define QEMU_CONFIG_FILE_H
+typedef void QEMUConfigCB(const char *group, QDict *qdict, void *opaque, Error **errp);
+
void qemu_load_module_for_opts(const char *group);
QemuOptsList *qemu_find_opts(const char *group);
QemuOptsList *qemu_find_opts_err(const char *group, Error **errp);
@@ -14,7 +16,10 @@ void qemu_config_write(FILE *fp);
int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname,
Error **errp);
-int qemu_read_config_file(const char *filename, Error **errp);
+/* A default callback for qemu_read_config_file(). */
+void qemu_config_do_parse(const char *group, QDict *qdict, void *opaque, Error **errp);
+
+int qemu_read_config_file(const char *filename, QEMUConfigCB *f, Error **errp);
/* Parse QDict options as a replacement for a config file (allowing multiple
enumerated (0..(n-1)) configuration "sections") */
diff --git a/softmmu/vl.c b/softmmu/vl.c
index bb3e6821e844d3f87cbc628b922f..5c7e7570f627a54eb22f668dceb0 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -2120,7 +2120,7 @@ static void qemu_read_default_config_file(Error **errp)
int ret;
g_autofree char *file = get_relocated_path(CONFIG_QEMU_CONFDIR "/qemu.conf");
- ret = qemu_read_config_file(file, errp);
+ ret = qemu_read_config_file(file, qemu_config_do_parse, errp);
if (ret < 0) {
if (ret == -ENOENT) {
error_free(*errp);
@@ -3397,7 +3397,7 @@ void qemu_init(int argc, char **argv, char **envp)
qemu_plugin_opt_parse(optarg, &plugin_list);
break;
case QEMU_OPTION_readconfig:
- qemu_read_config_file(optarg, &error_fatal);
+ qemu_read_config_file(optarg, qemu_config_do_parse, &error_fatal);
break;
case QEMU_OPTION_spice:
olist = qemu_find_opts_err("spice", NULL);
diff --git a/util/qemu-config.c b/util/qemu-config.c
index 34974c4b47d61bdcefa203b1c9fc..374f3bc4600c1c3b989638583494 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -2,6 +2,7 @@
#include "block/qdict.h" /* for qdict_extract_subqdict() */
#include "qapi/error.h"
#include "qapi/qapi-commands-misc.h"
+#include "qapi/qmp/qerror.h"
#include "qapi/qmp/qdict.h"
#include "qapi/qmp/qlist.h"
#include "qemu/error-report.h"
@@ -351,19 +352,19 @@ void qemu_config_write(FILE *fp)
}
/* Returns number of config groups on success, -errno on error */
-int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, Error **errp)
+static int qemu_config_foreach(FILE *fp, QEMUConfigCB *cb, void *opaque,
+ const char *fname, Error **errp)
{
- char line[1024], group[64], id[64], arg[64], value[1024];
+ char line[1024], prev_group[64], group[64], arg[64], value[1024];
Location loc;
- QemuOptsList *list = NULL;
Error *local_err = NULL;
- QemuOpts *opts = NULL;
+ QDict *qdict = NULL;
int res = -EINVAL, lno = 0;
int count = 0;
loc_push_none(&loc);
while (fgets(line, sizeof(line), fp) != NULL) {
- loc_set_file(fname, ++lno);
+ ++lno;
if (line[0] == '\n') {
/* skip empty lines */
continue;
@@ -372,39 +373,39 @@ int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, Error *
/* comment */
continue;
}
- if (sscanf(line, "[%63s \"%63[^\"]\"]", group, id) == 2) {
- /* group with id */
- list = find_list(lists, group, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- goto out;
+ if (line[0] == '[') {
+ QDict *prev = qdict;
+ if (sscanf(line, "[%63s \"%63[^\"]\"]", group, value) == 2) {
+ qdict = qdict_new();
+ qdict_put_str(qdict, "id", value);
+ count++;
+ } else if (sscanf(line, "[%63[^]]]", group) == 1) {
+ qdict = qdict_new();
+ count++;
}
- opts = qemu_opts_create(list, id, 1, NULL);
- count++;
- continue;
- }
- if (sscanf(line, "[%63[^]]]", group) == 1) {
- /* group without id */
- list = find_list(lists, group, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- goto out;
+ if (qdict != prev) {
+ if (prev) {
+ cb(prev_group, prev, opaque, &local_err);
+ qobject_unref(prev);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ goto out;
+ }
+ }
+ strcpy(prev_group, group);
+ continue;
}
- opts = qemu_opts_create(list, NULL, 0, &error_abort);
- count++;
- continue;
}
+ loc_set_file(fname, lno);
value[0] = '\0';
if (sscanf(line, " %63s = \"%1023[^\"]\"", arg, value) == 2 ||
sscanf(line, " %63s = \"\"", arg) == 1) {
/* arg = value */
- if (opts == NULL) {
+ if (qdict == NULL) {
error_setg(errp, "no group defined");
goto out;
}
- if (!qemu_opt_set(opts, arg, value, errp)) {
- goto out;
- }
+ qdict_put_str(qdict, arg, value);
continue;
}
error_setg(errp, "parse error");
@@ -417,11 +418,48 @@ int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, Error *
}
res = count;
out:
+ if (qdict) {
+ cb(group, qdict, opaque, errp);
+ qobject_unref(qdict);
+ }
loc_pop(&loc);
return res;
}
-int qemu_read_config_file(const char *filename, Error **errp)
+void qemu_config_do_parse(const char *group, QDict *qdict, void *opaque, Error **errp)
+{
+ QemuOptsList **lists = opaque;
+ const char *id = qdict_get_try_str(qdict, "id");
+ QemuOptsList *list;
+ QemuOpts *opts;
+ const QDictEntry *unrecognized;
+
+ list = find_list(lists, group, errp);
+ if (!list) {
+ return;
+ }
+
+ opts = qemu_opts_create(list, id, 1, errp);
+ if (!opts) {
+ return;
+ }
+ if (!qemu_opts_absorb_qdict(opts, qdict, errp)) {
+ qemu_opts_del(opts);
+ return;
+ }
+ unrecognized = qdict_first(qdict);
+ if (unrecognized) {
+ error_setg(errp, QERR_INVALID_PARAMETER, unrecognized->key);
+ qemu_opts_del(opts);
+ }
+}
+
+int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, Error **errp)
+{
+ return qemu_config_foreach(fp, qemu_config_do_parse, lists, fname, errp);
+}
+
+int qemu_read_config_file(const char *filename, QEMUConfigCB *cb, Error **errp)
{
FILE *f = fopen(filename, "r");
int ret;
@@ -431,7 +469,7 @@ int qemu_read_config_file(const char *filename, Error **errp)
return -errno;
}
- ret = qemu_config_parse(f, vm_config_groups, filename, errp);
+ ret = qemu_config_foreach(f, cb, vm_config_groups, filename, errp);
fclose(f);
return ret;
}

60
qemu-config-use-qemu_opts_from_qdict.patch
View File

@ -1,60 +0,0 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 9 Jun 2021 14:34:35 +0200
Subject: qemu-config: use qemu_opts_from_qdict
Git-commit: e7d85d955a7a3405934a104f35228aae1d338a6d
Using qemu_opts_absorb_qdict, and then checking for any leftover options,
is redundant because there is already a function that does the same,
qemu_opts_from_qdict. qemu_opts_from_qdict consumes the whole dictionary
and therefore can just return an error message if an option fails to validate.
This also fixes a bug, because the "id" entry was retrieved in
qemu_config_do_parse and then left there by qemu_opts_absorb_qdict.
As a result, it was reported as an unrecognized option.
Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Fixes: 3770141139 ("qemu-config: parse configuration files to a QDict")
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
util/qemu-config.c | 17 +----------------
1 file changed, 1 insertion(+), 16 deletions(-)
diff --git a/util/qemu-config.c b/util/qemu-config.c
index 374f3bc4600c1c3b989638583494..84ee6dc4ea58014ad7d7ca8d83a2 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -429,29 +429,14 @@ out:
void qemu_config_do_parse(const char *group, QDict *qdict, void *opaque, Error **errp)
{
QemuOptsList **lists = opaque;
- const char *id = qdict_get_try_str(qdict, "id");
QemuOptsList *list;
- QemuOpts *opts;
- const QDictEntry *unrecognized;
list = find_list(lists, group, errp);
if (!list) {
return;
}
- opts = qemu_opts_create(list, id, 1, errp);
- if (!opts) {
- return;
- }
- if (!qemu_opts_absorb_qdict(opts, qdict, errp)) {
- qemu_opts_del(opts);
- return;
- }
- unrecognized = qdict_first(qdict);
- if (unrecognized) {
- error_setg(errp, QERR_INVALID_PARAMETER, unrecognized->key);
- qemu_opts_del(opts);
- }
+ qemu_opts_from_qdict(list, qdict, errp);
}
int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, Error **errp)

4
qemu-cvs-gettimeofday.patch
View File

@ -11,10 +11,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 3 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 95d79ddc437a6741586071af532f..1e7f0206f4e4852c317f8ab0a7b6 100644
index ccd3892b2df7ab1261d6c736afef..4a66b6b0072fbeba0629bf93be29 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9534,6 +9534,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
@@ -9363,6 +9363,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
{
struct timeval tv;
struct timezone tz;

4
qemu-cvs-ioctl_debug.patch
View File

@ -13,10 +13,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 1e7f0206f4e4852c317f8ab0a7b6..dcbd44dbb4202e311c9fe91aa427 100644
index 4a66b6b0072fbeba0629bf93be29..6c1daf5addf0c8b746a7aafddbf7 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5805,8 +5805,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
@@ -5688,8 +5688,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
ie = ioctl_entries;
for(;;) {
if (ie->target_cmd == 0) {

6
qemu-cvs-ioctl_nodirection.patch
View File

@ -16,10 +16,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 8 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index dcbd44dbb4202e311c9fe91aa427..9002e4d6187d4796773cfeb63723 100644
index 6c1daf5addf0c8b746a7aafddbf7..7771dede6384e061b9ad10a2b0c2 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5850,6 +5850,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
@@ -5733,6 +5733,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
arg_type++;
target_size = thunk_type_size(arg_type, 0);
switch(ie->access) {
@ -33,7 +33,7 @@ index dcbd44dbb4202e311c9fe91aa427..9002e4d6187d4796773cfeb63723 100644
case IOC_R:
ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
if (!is_error(ret)) {
@@ -5868,6 +5875,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
@@ -5751,6 +5758,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
unlock_user(argptr, arg, 0);
ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
break;

95
qemu.changes
View File

@ -1,3 +1,98 @@
-------------------------------------------------------------------
Thu Aug 26 03:35:03 UTC 2021 - José Ricardo Ziviani <jose.ziviani@suse.com>
- Update to v6.1: see https://wiki.qemu.org/ChangeLog/6.1
For a full list of formely deprecated features that are removed,
consult: https://qemu-project.gitlab.io/qemu/about/removed-features.html
For a list of new deprecated features, consult:
https://qemu-project.gitlab.io/qemu/about/deprecated.html
Some noteworthy changes:
* Removed moxie CPU.
* Removed lm32 CPU.
* Removed unicore32 CPU.
* Removed 'info cpustats'.
* Added Aspeed machines: rainier-bmc, quanta-q7l1-bmc.
* Added npcm7xx machine: quanta-gbs-bmc.
* Model for Aspeed's Hash and Crypto Engine.
* SVE2 is now emulated, including bfloat16 support
* FEAT_I8MM, FEAT_TLBIOS, FEAT_TLBRANGE, FEAT_BF16, FEAT_AA32BF16, and
FEAT_MTE3 are now emulated.
* Improved hot-unplug failures on PowerPC pseries machine.
* Implemented some POWER10 instructions in TCG.
* Added shakti_c RISC-V machine.
* Improved documentation for RISC-V machines.
* CPU models for gen16 have been added for s390x.
* New CPU model versions added with XSAVES enabled:
Skylake-Client-v4, Skylake-Server-v5, Cascadelake-Server-v5,
Cooperlake-v2, Icelake-Client-v3, Icelake-Server-v5, Denverton-v3,
Snowridge-v3, Dhyana-v2
* Added ACPI based PCI hotplug support to Q35 machine. Enabled and
used by default since pc-q35-6.1 machine type.
* Added support for the pca9546 and pca9548 I2C muxes.
* Added support for PMBus and several PMBus devices.
* Crypto subsystem:
The preferred crypto backend driver now gnutls, with libgcrypt as the
second choice, and nettle as third choice, with ordering driven mostly
by performance of the ciphers.
* Misc doc improvements.
* Patches removed:
block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch
hw-block-nvme-align-with-existing-style.patch
hw-block-nvme-consider-metadata-read-aio.patch
hw-net-can-sja1000-fix-buff2frame_bas-an.patch
hw-nvme-fix-missing-check-for-PMR-capabi.patch
hw-nvme-fix-pin-based-interrupt-behavior.patch
hw-pci-host-q35-Ignore-write-of-reserved.patch
hw-rdma-Fix-possible-mremap-overflow-in-.patch
hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
hw-usb-Do-not-build-USB-subsystem-if-not.patch
hw-usb-host-stub-Remove-unused-header.patch
linux-user-aarch64-Enable-hwcap-for-RND-.patch
module-for-virtio-gpu-pre-load-module-to.patch
monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
pvrdma-Ensure-correct-input-on-ring-init.patch
pvrdma-Fix-the-ring-init-error-flow-CVE-.patch
qemu-config-load-modules-when-instantiat.patch
qemu-config-parse-configuration-files-to.patch
qemu-config-use-qemu_opts_from_qdict.patch
runstate-Initialize-Error-to-NULL.patch
sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
target-i386-Exit-tb-after-wrmsr.patch
target-sh4-Return-error-if-CPUClass-get_.patch
tcg-Allocate-sufficient-storage-in-temp_.patch
tcg-arm-Fix-tcg_out_op-function-signatur.patch
tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch
ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
usb-hid-avoid-dynamic-stack-allocation.patch
usb-limit-combined-packets-to-1-MiB-CVE-.patch
usb-mtp-avoid-dynamic-stack-allocation.patch
usb-redir-avoid-dynamic-stack-allocation.patch
usbredir-fix-free-call.patch
vfio-ccw-Permit-missing-IRQs.patch
vhost-user-blk-Check-that-num-queues-is-.patch
vhost-user-blk-Don-t-reconnect-during-in.patch
vhost-user-blk-Fail-gracefully-on-too-la.patch
vhost-user-blk-Get-more-feature-flags-fr.patch
vhost-user-blk-Make-sure-to-set-Error-on.patch
vhost-user-gpu-abstract-vg_cleanup_mappi.patch
vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch
vhost-user-gpu-fix-leak-in-virgl_resourc.patch
vhost-user-gpu-fix-memory-disclosure-in-.patch
vhost-user-gpu-fix-memory-leak-in-vg_res.patch
vhost-user-gpu-fix-memory-leak-while-cal.patch
vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch
vhost-user-gpu-fix-resource-leak-in-vg_r.patch
vhost-vdpa-don-t-initialize-backend_feat.patch
virtio-blk-Fix-rollback-path-in-virtio_b.patch
virtio-Fail-if-iommu_platform-is-request.patch
virtiofsd-Fix-side-effect-in-assert.patch
vl-allow-not-specifying-size-in-m-when-u.patch
vl-Fix-an-assert-failure-in-error-path.patch
vl-plug-object-back-into-readconfig.patch
vl-plumb-keyval-based-options-into-readc.patch
x86-acpi-use-offset-instead-of-pointer-w.patch
-------------------------------------------------------------------
Tue Aug 10 19:32:50 UTC 2021 - José Ricardo Ziviani <jose.ziviani@suse.com>

284
qemu.spec
View File

@ -93,8 +93,8 @@
%bcond_with system_membarrier
%define qemuver 6.0.0
%define srcver 6.0.0
%define qemuver 6.1.0
%define srcver 6.1.0
%define sbver 1.14.0_0_g155821a
%define srcname qemu
Name: qemu%{name_suffix}
@ -174,64 +174,8 @@ Patch00038: Revert-roms-efirom-tests-uefi-test-tools.patch
Patch00039: Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Patch00040: roms-Makefile-add-cross-file-to-qboot-me.patch
Patch00041: usb-Help-compiler-out-to-avoid-a-warning.patch
Patch00042: module-for-virtio-gpu-pre-load-module-to.patch
Patch00043: qom-handle-case-of-chardev-spice-module-.patch
Patch00044: doc-add-our-support-doc-to-the-main-proj.patch
Patch00045: ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
Patch00046: hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
Patch00047: monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
Patch00048: vhost-user-blk-Fail-gracefully-on-too-la.patch
Patch00049: virtiofsd-Fix-side-effect-in-assert.patch
Patch00050: sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
Patch00051: virtio-blk-Fix-rollback-path-in-virtio_b.patch
Patch00052: hw-block-nvme-consider-metadata-read-aio.patch
Patch00053: vhost-user-blk-Make-sure-to-set-Error-on.patch
Patch00054: vhost-user-blk-Don-t-reconnect-during-in.patch
Patch00055: vhost-user-blk-Get-more-feature-flags-fr.patch
Patch00056: virtio-Fail-if-iommu_platform-is-request.patch
Patch00057: vhost-user-blk-Check-that-num-queues-is-.patch
Patch00058: vfio-ccw-Permit-missing-IRQs.patch
Patch00059: vhost-user-gpu-fix-memory-disclosure-in-.patch
Patch00060: vhost-user-gpu-fix-resource-leak-in-vg_r.patch
Patch00061: vhost-user-gpu-fix-memory-leak-in-vg_res.patch
Patch00062: vhost-user-gpu-fix-memory-leak-while-cal.patch
Patch00063: vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch
Patch00064: vhost-user-gpu-fix-leak-in-virgl_resourc.patch
Patch00065: vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch
Patch00066: vhost-user-gpu-abstract-vg_cleanup_mappi.patch
Patch00067: target-sh4-Return-error-if-CPUClass-get_.patch
Patch00068: tcg-arm-Fix-tcg_out_op-function-signatur.patch
Patch00069: x86-acpi-use-offset-instead-of-pointer-w.patch
Patch00070: linux-user-aarch64-Enable-hwcap-for-RND-.patch
Patch00071: target-i386-Exit-tb-after-wrmsr.patch
Patch00072: vl-allow-not-specifying-size-in-m-when-u.patch
Patch00073: qemu-config-load-modules-when-instantiat.patch
Patch00074: hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch
Patch00075: qemu-config-parse-configuration-files-to.patch
Patch00076: vl-plumb-keyval-based-options-into-readc.patch
Patch00077: vl-plug-object-back-into-readconfig.patch
Patch00078: vhost-vdpa-don-t-initialize-backend_feat.patch
Patch00079: vl-Fix-an-assert-failure-in-error-path.patch
Patch00080: qemu-config-use-qemu_opts_from_qdict.patch
Patch00081: runstate-Initialize-Error-to-NULL.patch
Patch00082: tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch
Patch00083: tcg-Allocate-sufficient-storage-in-temp_.patch
Patch00084: hw-block-nvme-align-with-existing-style.patch
Patch00085: hw-nvme-fix-missing-check-for-PMR-capabi.patch
Patch00086: hw-nvme-fix-pin-based-interrupt-behavior.patch
Patch00087: hw-rdma-Fix-possible-mremap-overflow-in-.patch
Patch00088: pvrdma-Ensure-correct-input-on-ring-init.patch
Patch00089: pvrdma-Fix-the-ring-init-error-flow-CVE-.patch
Patch00090: hw-pci-host-q35-Ignore-write-of-reserved.patch
Patch00091: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
Patch00092: hw-net-can-sja1000-fix-buff2frame_bas-an.patch
Patch00093: usbredir-fix-free-call.patch
Patch00094: usb-redir-avoid-dynamic-stack-allocation.patch
Patch00095: usb-limit-combined-packets-to-1-MiB-CVE-.patch
Patch00096: hw-usb-host-stub-Remove-unused-header.patch
Patch00097: hw-usb-Do-not-build-USB-subsystem-if-not.patch
Patch00098: usb-hid-avoid-dynamic-stack-allocation.patch
Patch00099: usb-mtp-avoid-dynamic-stack-allocation.patch
Patch00042: qom-handle-case-of-chardev-spice-module-.patch
Patch00043: doc-add-our-support-doc-to-the-main-proj.patch
# Patches applied in roms/seabios/:
Patch01000: seabios-use-python2-explicitly-as-needed.patch
Patch01001: seabios-switch-to-python3-as-needed.patch
@ -403,6 +347,7 @@ Recommends: qemu-hw-display-qxl
Recommends: qemu-hw-display-virtio-gpu
Recommends: qemu-hw-display-virtio-gpu-pci
Recommends: qemu-hw-display-virtio-vga
Recommends: qemu-hw-usb-host
Recommends: qemu-hw-usb-redirect
Recommends: qemu-hw-usb-smartcard
Recommends: qemu-ui-gtk
@ -442,6 +387,7 @@ Suggests: qemu-skiboot
Suggests: qemu-lang
Suggests: qemu-microvm
Suggests: qemu-vhost-user-gpu
Suggests: qemu-accel-qtest
Obsoletes: qemu-audio-oss < %{qemuver}
Obsoletes: qemu-audio-sdl < %{qemuver}
Obsoletes: qemu-ui-sdl < %{qemuver}
@ -463,6 +409,7 @@ Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
Requires: %name = %{qemuver}
Requires: qemu-accel-tcg-x86
Requires: qemu-ipxe
Requires: qemu-seabios
Requires: qemu-sgabios
@ -534,8 +481,8 @@ Recommends: qemu-vgabios
%{generic_qemu_description}
This package provides some lesser used emulations, including alpha, m68k,
mips, moxie, sparc, and xtensa. (The term "extra" is juxtapositioned against
more popular QEMU packages which are dedicated to a single architecture.)
mips, sparc, and xtensa. (The term "extra" is juxtapositioned against more
popular QEMU packages which are dedicated to a single architecture.)
%if %{legacy_qemu_kvm}
%package kvm
@ -808,6 +755,17 @@ Provides: %name:%_datadir/%name/forsplits/03
%description hw-usb-smartcard
This package contains a modules for USB smartcard support for QEMU.
%package hw-usb-host
Summary: USB passthrough driver support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
Provides: %name:%_datadir/%name/forsplits/14
%{qemu_module_conflicts}
%description hw-usb-host
This package contains a modules for USB passthrough driver for QEMU.
%package ui-curses
Summary: Curses based UI support for QEMU
Group: System/Emulators/PC
@ -1016,6 +974,34 @@ merges anonymous (private) pages (not pagecache ones).
This package provides a service file for starting and stopping KSM.
%package accel-tcg-x86
Summary: TCG accelerator for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
Provides: %name:%_datadir/%name/forsplits/15
%{qemu_module_conflicts}
%description accel-tcg-x86
TCG is the QEMU binary translator, responsible for converting from target to
host instruction set.
This package provides the TCG accelerator for QEMU.
%package accel-qtest
Summary: QTest accelerator for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
Provides: %name:%_datadir/%name/forsplits/16
%{qemu_module_conflicts}
%description accel-qtest
QTest is a device emulation testing framework. It is useful to test device
models.
This package provides QTest accelerator for testing QEMU.
# above section is for qemu
%else
BuildRequires: bc
@ -1032,6 +1018,8 @@ BuildRequires: qemu-block-nfs = %{qemuver}
%if 0%{?with_rbd}
BuildRequires: qemu-block-rbd = %{qemuver}
%endif
BuildRequires: qemu-accel-qtest = %{qemuver}
BuildRequires: qemu-accel-tcg-x86 = %{qemuver}
BuildRequires: qemu-block-ssh = %{qemuver}
BuildRequires: qemu-chardev-baum = %{qemuver}
BuildRequires: qemu-chardev-spice = %{qemuver}
@ -1039,6 +1027,7 @@ BuildRequires: qemu-extra = %{qemuver}
BuildRequires: qemu-guest-agent = %{qemuver}
BuildRequires: qemu-hw-display-qxl = %{qemuver}
BuildRequires: qemu-hw-display-virtio-gpu = %{qemuver}
BuildRequires: qemu-hw-usb-host = %{qemuver}
BuildRequires: qemu-hw-usb-redirect = %{qemuver}
BuildRequires: qemu-hw-usb-smartcard = %{qemuver}
BuildRequires: qemu-ipxe = 1.0.0+
@ -1118,65 +1107,9 @@ This package records qemu testsuite results and represents successful testing.
%patch00041 -p1
%endif
%patch00042 -p1
%patch00043 -p1
%if %{legacy_qemu_kvm}
%patch00044 -p1
%patch00043 -p1
%endif
%patch00045 -p1
%patch00046 -p1
%patch00047 -p1
%patch00048 -p1
%patch00049 -p1
%patch00050 -p1
%patch00051 -p1
%patch00052 -p1
%patch00053 -p1
%patch00054 -p1
%patch00055 -p1
%patch00056 -p1
%patch00057 -p1
%patch00058 -p1
%patch00059 -p1
%patch00060 -p1
%patch00061 -p1
%patch00062 -p1
%patch00063 -p1
%patch00064 -p1
%patch00065 -p1
%patch00066 -p1
%patch00067 -p1
%patch00068 -p1
%patch00069 -p1
%patch00070 -p1
%patch00071 -p1
%patch00072 -p1
%patch00073 -p1
%patch00074 -p1
%patch00075 -p1
%patch00076 -p1
%patch00077 -p1
%patch00078 -p1
%patch00079 -p1
%patch00080 -p1
%patch00081 -p1
%patch00082 -p1
%patch00083 -p1
%patch00084 -p1
%patch00085 -p1
%patch00086 -p1
%patch00087 -p1
%patch00088 -p1
%patch00089 -p1
%patch00090 -p1
%patch00091 -p1
%patch00092 -p1
%patch00093 -p1
%patch00094 -p1
%patch00095 -p1
%patch00096 -p1
%patch00097 -p1
%patch00098 -p1
%patch00099 -p1
%patch01000 -p1
%patch01001 -p1
%patch01002 -p1
@ -1854,7 +1787,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/alternatives
ln -s -f %{_sysconfdir}/alternatives/skiboot.lid %{buildroot}%{_datadir}/%name/skiboot.lid
install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt
for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19
do
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X
done
@ -1959,9 +1892,9 @@ fi
%dir %_datadir/%name
%dir %_datadir/%name/firmware
%dir %_datadir/%name/forsplits
%_datadir/%name/forsplits/14
%_datadir/%name/forsplits/15
%_datadir/%name/forsplits/16
%_datadir/%name/forsplits/17
%_datadir/%name/forsplits/18
%_datadir/%name/forsplits/19
%_datadir/%name/forsplits/pkg-split.txt
%_datadir/%name/keymaps
%_datadir/%name/qemu-ifup
@ -1970,11 +1903,13 @@ fi
%dir %_datadir/%name/vhost-user
%_datadir/%name/vhost-user/50-qemu-virtiofsd.json
%doc %_docdir/%name/_static
%dir %_docdir/%name/about
%dir %_docdir/%name/devel
%dir %_docdir/%name/interop
%dir %_docdir/%name/specs
%dir %_docdir/%name/system
%dir %_docdir/%name/system/arm
%dir %_docdir/%name/system/devices
%dir %_docdir/%name/system/i386
%dir %_docdir/%name/system/ppc
%dir %_docdir/%name/system/riscv
@ -1982,23 +1917,32 @@ fi
%dir %_docdir/%name/tools
%dir %_docdir/%name/user
%_docdir/%name/.buildinfo
%_docdir/%name/about/build-platforms.html
%_docdir/%name/about/deprecated.html
%_docdir/%name/about/index.html
%_docdir/%name/about/license.html
%_docdir/%name/about/removed-features.html
%_docdir/%name/devel/atomics.html
%_docdir/%name/devel/bitops.html
%_docdir/%name/devel/block-coroutine-wrapper.html
%_docdir/%name/devel/build-system.html
%_docdir/%name/devel/ci.html
%_docdir/%name/devel/clocks.html
%_docdir/%name/devel/code-of-conduct.html
%_docdir/%name/devel/conflict-resolution.html
%_docdir/%name/devel/control-flow-integrity.html
%_docdir/%name/devel/decodetree.html
%_docdir/%name/devel/ebpf_rss.html
%_docdir/%name/devel/fuzzing.html
%_docdir/%name/devel/index.html
%_docdir/%name/devel/kconfig.html
%_docdir/%name/devel/loads-stores.html
%_docdir/%name/devel/memory.html
%_docdir/%name/devel/modules.html
%_docdir/%name/devel/multi-process.html
%_docdir/%name/devel/migration.html
%_docdir/%name/devel/multi-thread-tcg.html
%_docdir/%name/devel/qapi-code-gen.html
%_docdir/%name/devel/qom.html
%_docdir/%name/devel/qgraph.html
%_docdir/%name/devel/qtest.html
@ -2012,8 +1956,12 @@ fi
%_docdir/%name/devel/tcg.html
%_docdir/%name/devel/testing.html
%_docdir/%name/devel/tracing.html
%_docdir/%name/devel/ui.html
%_docdir/%name/devel/vfio-migration.html
%_docdir/%name/devel/writing-qmp-commands.html
%_docdir/%name/genindex.html
%_docdir/%name/index.html
%_docdir/%name/interop/barrier.html
%_docdir/%name/interop/bitmaps.html
%_docdir/%name/interop/dbus.html
%_docdir/%name/interop/dbus-vmstate.html
@ -2042,12 +1990,20 @@ fi
%_docdir/%name/system/arm/aspeed.html
%_docdir/%name/system/arm/collie.html
%_docdir/%name/system/arm/cpu-features.html
%_docdir/%name/system/arm/cubieboard.html
%_docdir/%name/system/arm/digic.html
%_docdir/%name/system/arm/emcraft-sf2.html
%_docdir/%name/system/arm/emulation.html
%_docdir/%name/system/arm/gumstix.html
%_docdir/%name/system/arm/highbank.html
%_docdir/%name/system/arm/imx25-pdk.html
%_docdir/%name/system/arm/integratorcp.html
%_docdir/%name/system/arm/kzm.html
%_docdir/%name/system/arm/mainstone.html
%_docdir/%name/system/arm/mps2.html
%_docdir/%name/system/arm/musca.html
%_docdir/%name/system/arm/musicpal.html
%_docdir/%name/system/arm/nrf.html
%_docdir/%name/system/arm/nseries.html
%_docdir/%name/system/arm/nuvoton.html
%_docdir/%name/system/arm/orangepi.html
@ -2063,9 +2019,17 @@ fi
%_docdir/%name/system/arm/virt.html
%_docdir/%name/system/arm/xlnx-versal-virt.html
%_docdir/%name/system/arm/xscale.html
%_docdir/%name/system/build-platforms.html
%_docdir/%name/system/arm/stm32.html
%_docdir/%name/system/barrier.html
%_docdir/%name/system/bootindex.html
%_docdir/%name/system/cpu-hotplug.html
%_docdir/%name/system/deprecated.html
%_docdir/%name/system/device-emulation.html
%_docdir/%name/system/devices/ivshmem.html
%_docdir/%name/system/devices/net.html
%_docdir/%name/system/devices/nvme.html
%_docdir/%name/system/devices/usb.html
%_docdir/%name/system/devices/vhost-user.html
%_docdir/%name/system/devices/virtio-pmem.html
%_docdir/%name/system/gdb.html
%_docdir/%name/system/generic-loader.html
%_docdir/%name/system/guest-loader.html
@ -2074,19 +2038,16 @@ fi
%_docdir/%name/system/images.html
%_docdir/%name/system/index.html
%_docdir/%name/system/invocation.html
%_docdir/%name/system/ivshmem.html
%_docdir/%name/system/keys.html
%_docdir/%name/system/license.html
%_docdir/%name/system/linuxboot.html
%_docdir/%name/system/managed-startup.html
%_docdir/%name/system/monitor.html
%_docdir/%name/system/multi-process.html
%_docdir/%name/system/mux-chardev.html
%_docdir/%name/system/net.html
%_docdir/%name/system/nvme.html
%_docdir/%name/system/ppc/embedded.html
%_docdir/%name/system/ppc/powermac.html
%_docdir/%name/system/ppc/powernv.html
%_docdir/%name/system/ppc/ppce500.html
%_docdir/%name/system/ppc/prep.html
%_docdir/%name/system/ppc/pseries.html
%_docdir/%name/system/pr-manager.html
@ -2094,15 +2055,18 @@ fi
%_docdir/%name/system/qemu-cpu-models.html
%_docdir/%name/system/qemu-manpage.html
%_docdir/%name/system/quickstart.html
%_docdir/%name/system/removed-features.html
%_docdir/%name/system/riscv/microchip-icicle-kit.html
%_docdir/%name/system/riscv/sifive_u.html
%_docdir/%name/system/riscv/shakti-c.html
%_docdir/%name/system/riscv/virt.html
%_docdir/%name/system/s390x/3270.html
%_docdir/%name/system/s390x/bootdevices.html
%_docdir/%name/system/s390x/css.html
%_docdir/%name/system/s390x/protvirt.html
%_docdir/%name/system/s390x/vfio-ap.html
%_docdir/%name/system/s390x/vfio-ccw.html
%_docdir/%name/system/authz.html
%_docdir/%name/system/secrets.html
%_docdir/%name/system/security.html
%_docdir/%name/system/target-arm.html
%_docdir/%name/system/target-avr.html
@ -2118,9 +2082,7 @@ fi
%_docdir/%name/system/target-xtensa.html
%_docdir/%name/system/targets.html
%_docdir/%name/system/tls.html
%_docdir/%name/system/usb.html
%_docdir/%name/system/virtio-net-failover.html
%_docdir/%name/system/virtio-pmem.html
%_docdir/%name/system/vnc-security.html
%_docdir/%name/tools/index.html
%_docdir/%name/tools/qemu-img.html
@ -2207,7 +2169,6 @@ fi
%_bindir/qemu-system-mipsel
%_bindir/qemu-system-mips64
%_bindir/qemu-system-mips64el
%_bindir/qemu-system-moxie
%_bindir/qemu-system-nios2
%_bindir/qemu-system-or1k
%_bindir/qemu-system-riscv32
@ -2333,6 +2294,7 @@ fi
%dir %_datadir/%name/forsplits
%_datadir/%name/forsplits/04
%_libdir/%name/hw-display-virtio-gpu.so
%_libdir/%name/hw-display-virtio-gpu-gl.so
%files hw-display-virtio-gpu-pci
%defattr(-, root, root)
@ -2341,6 +2303,7 @@ fi
%_datadir/%name/forsplits/11
%dir %_libdir/%name
%_libdir/%name/hw-display-virtio-gpu-pci.so
%_libdir/%name/hw-display-virtio-gpu-pci-gl.so
%files hw-display-virtio-vga
%defattr(-, root, root)
@ -2349,6 +2312,7 @@ fi
%_datadir/%name/forsplits/12
%dir %_libdir/%name
%_libdir/%name/hw-display-virtio-vga.so
%_libdir/%name/hw-display-virtio-vga-gl.so
%files hw-s390x-virtio-gpu-ccw
%defattr(-, root, root)
@ -2374,6 +2338,14 @@ fi
%dir %_libdir/%name
%_libdir/%name/hw-usb-smartcard.so
%files hw-usb-host
%defattr(-, root, root)
%dir %_datadir/%name
%dir %_datadir/%name/forsplits
%_datadir/%name/forsplits/14
%dir %_libdir/%name
%_libdir/%name/hw-usb-host.so
%files ui-curses
%defattr(-, root, root)
%dir %_libdir/%name
@ -2518,6 +2490,52 @@ fi
%defattr(-, root, root)
%{_unitdir}/ksm.service
%files accel-tcg-x86
%defattr(-, root, root)
%dir %_datadir/%name
%dir %_datadir/%name/forsplits
%_datadir/%name/forsplits/15
%dir %_libdir/%name
%_libdir/%name/accel-tcg-i386.so
%_libdir/%name/accel-tcg-x86_64.so
%files accel-qtest
%defattr(-, root, root)
%dir %_datadir/%name
%dir %_datadir/%name/forsplits
%_datadir/%name/forsplits/16
%dir %_libdir/%name
%_libdir/%name/accel-qtest-aarch64.so
%_libdir/%name/accel-qtest-alpha.so
%_libdir/%name/accel-qtest-arm.so
%_libdir/%name/accel-qtest-avr.so
%_libdir/%name/accel-qtest-cris.so
%_libdir/%name/accel-qtest-hppa.so
%_libdir/%name/accel-qtest-i386.so
%_libdir/%name/accel-qtest-m68k.so
%_libdir/%name/accel-qtest-microblaze.so
%_libdir/%name/accel-qtest-microblazeel.so
%_libdir/%name/accel-qtest-mips.so
%_libdir/%name/accel-qtest-mips64.so
%_libdir/%name/accel-qtest-mips64el.so
%_libdir/%name/accel-qtest-mipsel.so
%_libdir/%name/accel-qtest-nios2.so
%_libdir/%name/accel-qtest-or1k.so
%_libdir/%name/accel-qtest-ppc.so
%_libdir/%name/accel-qtest-ppc64.so
%_libdir/%name/accel-qtest-riscv32.so
%_libdir/%name/accel-qtest-riscv64.so
%_libdir/%name/accel-qtest-rx.so
%_libdir/%name/accel-qtest-s390x.so
%_libdir/%name/accel-qtest-sh4.so
%_libdir/%name/accel-qtest-sh4eb.so
%_libdir/%name/accel-qtest-sparc.so
%_libdir/%name/accel-qtest-sparc64.so
%_libdir/%name/accel-qtest-tricore.so
%_libdir/%name/accel-qtest-x86_64.so
%_libdir/%name/accel-qtest-xtensa.so
%_libdir/%name/accel-qtest-xtensaeb.so
# above section is for qemu
%endif
# ------------------------------------------------------------------------

162
qemu.spec.in
View File

@ -283,6 +283,7 @@ Recommends: qemu-hw-display-qxl
Recommends: qemu-hw-display-virtio-gpu
Recommends: qemu-hw-display-virtio-gpu-pci
Recommends: qemu-hw-display-virtio-vga
Recommends: qemu-hw-usb-host
Recommends: qemu-hw-usb-redirect
Recommends: qemu-hw-usb-smartcard
Recommends: qemu-ui-gtk
@ -322,6 +323,7 @@ Suggests: qemu-skiboot
Suggests: qemu-lang
Suggests: qemu-microvm
Suggests: qemu-vhost-user-gpu
Suggests: qemu-accel-qtest
Obsoletes: qemu-audio-oss < %{qemuver}
Obsoletes: qemu-audio-sdl < %{qemuver}
Obsoletes: qemu-ui-sdl < %{qemuver}
@ -343,6 +345,7 @@ Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
Requires: %name = %{qemuver}
Requires: qemu-accel-tcg-x86
Requires: qemu-ipxe
Requires: qemu-seabios
Requires: qemu-sgabios
@ -414,8 +417,8 @@ Recommends: qemu-vgabios
%{generic_qemu_description}
This package provides some lesser used emulations, including alpha, m68k,
mips, moxie, sparc, and xtensa. (The term "extra" is juxtapositioned against
more popular QEMU packages which are dedicated to a single architecture.)
mips, sparc, and xtensa. (The term "extra" is juxtapositioned against more
popular QEMU packages which are dedicated to a single architecture.)
%if %{legacy_qemu_kvm}
%package kvm
@ -688,6 +691,17 @@ Provides: %name:%_datadir/%name/forsplits/03
%description hw-usb-smartcard
This package contains a modules for USB smartcard support for QEMU.
%package hw-usb-host
Summary: USB passthrough driver support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
Provides: %name:%_datadir/%name/forsplits/14
%{qemu_module_conflicts}
%description hw-usb-host
This package contains a modules for USB passthrough driver for QEMU.
%package ui-curses
Summary: Curses based UI support for QEMU
Group: System/Emulators/PC
@ -896,6 +910,34 @@ merges anonymous (private) pages (not pagecache ones).
This package provides a service file for starting and stopping KSM.
%package accel-tcg-x86
Summary: TCG accelerator for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
Provides: %name:%_datadir/%name/forsplits/15
%{qemu_module_conflicts}
%description accel-tcg-x86
TCG is the QEMU binary translator, responsible for converting from target to
host instruction set.
This package provides the TCG accelerator for QEMU.
%package accel-qtest
Summary: QTest accelerator for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
Provides: %name:%_datadir/%name/forsplits/16
%{qemu_module_conflicts}
%description accel-qtest
QTest is a device emulation testing framework. It is useful to test device
models.
This package provides QTest accelerator for testing QEMU.
# above section is for qemu
%else
BuildRequires: bc
@ -912,6 +954,8 @@ BuildRequires: qemu-block-nfs = %{qemuver}
%if 0%{?with_rbd}
BuildRequires: qemu-block-rbd = %{qemuver}
%endif
BuildRequires: qemu-accel-qtest = %{qemuver}
BuildRequires: qemu-accel-tcg-x86 = %{qemuver}
BuildRequires: qemu-block-ssh = %{qemuver}
BuildRequires: qemu-chardev-baum = %{qemuver}
BuildRequires: qemu-chardev-spice = %{qemuver}
@ -919,6 +963,7 @@ BuildRequires: qemu-extra = %{qemuver}
BuildRequires: qemu-guest-agent = %{qemuver}
BuildRequires: qemu-hw-display-qxl = %{qemuver}
BuildRequires: qemu-hw-display-virtio-gpu = %{qemuver}
BuildRequires: qemu-hw-usb-host = %{qemuver}
BuildRequires: qemu-hw-usb-redirect = %{qemuver}
BuildRequires: qemu-hw-usb-smartcard = %{qemuver}
BuildRequires: qemu-ipxe = 1.0.0+
@ -1615,7 +1660,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/alternatives
ln -s -f %{_sysconfdir}/alternatives/skiboot.lid %{buildroot}%{_datadir}/%name/skiboot.lid
install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt
for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19
do
ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X
done
@ -1720,9 +1765,9 @@ fi
%dir %_datadir/%name
%dir %_datadir/%name/firmware
%dir %_datadir/%name/forsplits
%_datadir/%name/forsplits/14
%_datadir/%name/forsplits/15
%_datadir/%name/forsplits/16
%_datadir/%name/forsplits/17
%_datadir/%name/forsplits/18
%_datadir/%name/forsplits/19
%_datadir/%name/forsplits/pkg-split.txt
%_datadir/%name/keymaps
%_datadir/%name/qemu-ifup
@ -1731,11 +1776,13 @@ fi
%dir %_datadir/%name/vhost-user
%_datadir/%name/vhost-user/50-qemu-virtiofsd.json
%doc %_docdir/%name/_static
%dir %_docdir/%name/about
%dir %_docdir/%name/devel
%dir %_docdir/%name/interop
%dir %_docdir/%name/specs
%dir %_docdir/%name/system
%dir %_docdir/%name/system/arm
%dir %_docdir/%name/system/devices
%dir %_docdir/%name/system/i386
%dir %_docdir/%name/system/ppc
%dir %_docdir/%name/system/riscv
@ -1743,23 +1790,32 @@ fi
%dir %_docdir/%name/tools
%dir %_docdir/%name/user
%_docdir/%name/.buildinfo
%_docdir/%name/about/build-platforms.html
%_docdir/%name/about/deprecated.html
%_docdir/%name/about/index.html
%_docdir/%name/about/license.html
%_docdir/%name/about/removed-features.html
%_docdir/%name/devel/atomics.html
%_docdir/%name/devel/bitops.html
%_docdir/%name/devel/block-coroutine-wrapper.html
%_docdir/%name/devel/build-system.html
%_docdir/%name/devel/ci.html
%_docdir/%name/devel/clocks.html
%_docdir/%name/devel/code-of-conduct.html
%_docdir/%name/devel/conflict-resolution.html
%_docdir/%name/devel/control-flow-integrity.html
%_docdir/%name/devel/decodetree.html
%_docdir/%name/devel/ebpf_rss.html
%_docdir/%name/devel/fuzzing.html
%_docdir/%name/devel/index.html
%_docdir/%name/devel/kconfig.html
%_docdir/%name/devel/loads-stores.html
%_docdir/%name/devel/memory.html
%_docdir/%name/devel/modules.html
%_docdir/%name/devel/multi-process.html
%_docdir/%name/devel/migration.html
%_docdir/%name/devel/multi-thread-tcg.html
%_docdir/%name/devel/qapi-code-gen.html
%_docdir/%name/devel/qom.html
%_docdir/%name/devel/qgraph.html
%_docdir/%name/devel/qtest.html
@ -1773,8 +1829,12 @@ fi
%_docdir/%name/devel/tcg.html
%_docdir/%name/devel/testing.html
%_docdir/%name/devel/tracing.html
%_docdir/%name/devel/ui.html
%_docdir/%name/devel/vfio-migration.html
%_docdir/%name/devel/writing-qmp-commands.html
%_docdir/%name/genindex.html
%_docdir/%name/index.html
%_docdir/%name/interop/barrier.html
%_docdir/%name/interop/bitmaps.html
%_docdir/%name/interop/dbus.html
%_docdir/%name/interop/dbus-vmstate.html
@ -1803,12 +1863,20 @@ fi
%_docdir/%name/system/arm/aspeed.html
%_docdir/%name/system/arm/collie.html
%_docdir/%name/system/arm/cpu-features.html
%_docdir/%name/system/arm/cubieboard.html
%_docdir/%name/system/arm/digic.html
%_docdir/%name/system/arm/emcraft-sf2.html
%_docdir/%name/system/arm/emulation.html
%_docdir/%name/system/arm/gumstix.html
%_docdir/%name/system/arm/highbank.html
%_docdir/%name/system/arm/imx25-pdk.html
%_docdir/%name/system/arm/integratorcp.html
%_docdir/%name/system/arm/kzm.html
%_docdir/%name/system/arm/mainstone.html
%_docdir/%name/system/arm/mps2.html
%_docdir/%name/system/arm/musca.html
%_docdir/%name/system/arm/musicpal.html
%_docdir/%name/system/arm/nrf.html
%_docdir/%name/system/arm/nseries.html
%_docdir/%name/system/arm/nuvoton.html
%_docdir/%name/system/arm/orangepi.html
@ -1824,9 +1892,17 @@ fi
%_docdir/%name/system/arm/virt.html
%_docdir/%name/system/arm/xlnx-versal-virt.html
%_docdir/%name/system/arm/xscale.html
%_docdir/%name/system/build-platforms.html
%_docdir/%name/system/arm/stm32.html
%_docdir/%name/system/barrier.html
%_docdir/%name/system/bootindex.html
%_docdir/%name/system/cpu-hotplug.html
%_docdir/%name/system/deprecated.html
%_docdir/%name/system/device-emulation.html
%_docdir/%name/system/devices/ivshmem.html
%_docdir/%name/system/devices/net.html
%_docdir/%name/system/devices/nvme.html
%_docdir/%name/system/devices/usb.html
%_docdir/%name/system/devices/vhost-user.html
%_docdir/%name/system/devices/virtio-pmem.html
%_docdir/%name/system/gdb.html
%_docdir/%name/system/generic-loader.html
%_docdir/%name/system/guest-loader.html
@ -1835,19 +1911,16 @@ fi
%_docdir/%name/system/images.html
%_docdir/%name/system/index.html
%_docdir/%name/system/invocation.html
%_docdir/%name/system/ivshmem.html
%_docdir/%name/system/keys.html
%_docdir/%name/system/license.html
%_docdir/%name/system/linuxboot.html
%_docdir/%name/system/managed-startup.html
%_docdir/%name/system/monitor.html
%_docdir/%name/system/multi-process.html
%_docdir/%name/system/mux-chardev.html
%_docdir/%name/system/net.html
%_docdir/%name/system/nvme.html
%_docdir/%name/system/ppc/embedded.html
%_docdir/%name/system/ppc/powermac.html
%_docdir/%name/system/ppc/powernv.html
%_docdir/%name/system/ppc/ppce500.html
%_docdir/%name/system/ppc/prep.html
%_docdir/%name/system/ppc/pseries.html
%_docdir/%name/system/pr-manager.html
@ -1855,15 +1928,18 @@ fi
%_docdir/%name/system/qemu-cpu-models.html
%_docdir/%name/system/qemu-manpage.html
%_docdir/%name/system/quickstart.html
%_docdir/%name/system/removed-features.html
%_docdir/%name/system/riscv/microchip-icicle-kit.html
%_docdir/%name/system/riscv/sifive_u.html
%_docdir/%name/system/riscv/shakti-c.html
%_docdir/%name/system/riscv/virt.html
%_docdir/%name/system/s390x/3270.html
%_docdir/%name/system/s390x/bootdevices.html
%_docdir/%name/system/s390x/css.html
%_docdir/%name/system/s390x/protvirt.html
%_docdir/%name/system/s390x/vfio-ap.html
%_docdir/%name/system/s390x/vfio-ccw.html
%_docdir/%name/system/authz.html
%_docdir/%name/system/secrets.html
%_docdir/%name/system/security.html
%_docdir/%name/system/target-arm.html
%_docdir/%name/system/target-avr.html
@ -1879,9 +1955,7 @@ fi
%_docdir/%name/system/target-xtensa.html
%_docdir/%name/system/targets.html
%_docdir/%name/system/tls.html
%_docdir/%name/system/usb.html
%_docdir/%name/system/virtio-net-failover.html
%_docdir/%name/system/virtio-pmem.html
%_docdir/%name/system/vnc-security.html
%_docdir/%name/tools/index.html
%_docdir/%name/tools/qemu-img.html
@ -1968,7 +2042,6 @@ fi
%_bindir/qemu-system-mipsel
%_bindir/qemu-system-mips64
%_bindir/qemu-system-mips64el
%_bindir/qemu-system-moxie
%_bindir/qemu-system-nios2
%_bindir/qemu-system-or1k
%_bindir/qemu-system-riscv32
@ -2094,6 +2167,7 @@ fi
%dir %_datadir/%name/forsplits
%_datadir/%name/forsplits/04
%_libdir/%name/hw-display-virtio-gpu.so
%_libdir/%name/hw-display-virtio-gpu-gl.so
%files hw-display-virtio-gpu-pci
%defattr(-, root, root)
@ -2102,6 +2176,7 @@ fi
%_datadir/%name/forsplits/11
%dir %_libdir/%name
%_libdir/%name/hw-display-virtio-gpu-pci.so
%_libdir/%name/hw-display-virtio-gpu-pci-gl.so
%files hw-display-virtio-vga
%defattr(-, root, root)
@ -2110,6 +2185,7 @@ fi
%_datadir/%name/forsplits/12
%dir %_libdir/%name
%_libdir/%name/hw-display-virtio-vga.so
%_libdir/%name/hw-display-virtio-vga-gl.so
%files hw-s390x-virtio-gpu-ccw
%defattr(-, root, root)
@ -2135,6 +2211,14 @@ fi
%dir %_libdir/%name
%_libdir/%name/hw-usb-smartcard.so
%files hw-usb-host
%defattr(-, root, root)
%dir %_datadir/%name
%dir %_datadir/%name/forsplits
%_datadir/%name/forsplits/14
%dir %_libdir/%name
%_libdir/%name/hw-usb-host.so
%files ui-curses
%defattr(-, root, root)
%dir %_libdir/%name
@ -2279,6 +2363,52 @@ fi
%defattr(-, root, root)
%{_unitdir}/ksm.service
%files accel-tcg-x86
%defattr(-, root, root)
%dir %_datadir/%name
%dir %_datadir/%name/forsplits
%_datadir/%name/forsplits/15
%dir %_libdir/%name
%_libdir/%name/accel-tcg-i386.so
%_libdir/%name/accel-tcg-x86_64.so
%files accel-qtest
%defattr(-, root, root)
%dir %_datadir/%name
%dir %_datadir/%name/forsplits
%_datadir/%name/forsplits/16
%dir %_libdir/%name
%_libdir/%name/accel-qtest-aarch64.so
%_libdir/%name/accel-qtest-alpha.so
%_libdir/%name/accel-qtest-arm.so
%_libdir/%name/accel-qtest-avr.so
%_libdir/%name/accel-qtest-cris.so
%_libdir/%name/accel-qtest-hppa.so
%_libdir/%name/accel-qtest-i386.so
%_libdir/%name/accel-qtest-m68k.so
%_libdir/%name/accel-qtest-microblaze.so
%_libdir/%name/accel-qtest-microblazeel.so
%_libdir/%name/accel-qtest-mips.so
%_libdir/%name/accel-qtest-mips64.so
%_libdir/%name/accel-qtest-mips64el.so
%_libdir/%name/accel-qtest-mipsel.so
%_libdir/%name/accel-qtest-nios2.so
%_libdir/%name/accel-qtest-or1k.so
%_libdir/%name/accel-qtest-ppc.so
%_libdir/%name/accel-qtest-ppc64.so
%_libdir/%name/accel-qtest-riscv32.so
%_libdir/%name/accel-qtest-riscv64.so
%_libdir/%name/accel-qtest-rx.so
%_libdir/%name/accel-qtest-s390x.so
%_libdir/%name/accel-qtest-sh4.so
%_libdir/%name/accel-qtest-sh4eb.so
%_libdir/%name/accel-qtest-sparc.so
%_libdir/%name/accel-qtest-sparc64.so
%_libdir/%name/accel-qtest-tricore.so
%_libdir/%name/accel-qtest-x86_64.so
%_libdir/%name/accel-qtest-xtensa.so
%_libdir/%name/accel-qtest-xtensaeb.so
# above section is for qemu
%endif
# ------------------------------------------------------------------------

4
qom-handle-case-of-chardev-spice-module-.patch
View File

@ -14,10 +14,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 6 insertions(+)
diff --git a/qom/object.c b/qom/object.c
index 1b132653c3fc8d5150723b2d4cf7..cb8cd9e6a5f48f94a0829ecc9e97 100644
index e86cb05b84da941a177093811726..18edd2c91ab7d9a790c887fd730e 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -236,6 +236,12 @@ static bool type_is_ancestor(TypeImpl *type, TypeImpl *target_type)
@@ -237,6 +237,12 @@ static bool type_is_ancestor(TypeImpl *type, TypeImpl *target_type)
return true;
}

2
roms-Makefile-add-cross-file-to-qboot-me.patch
View File

@ -13,7 +13,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/roms/Makefile b/roms/Makefile
index a91ffad548af3e95410ce6712fb3..2db995dab25f6d842def858ebbcc 100644
index 6ea8edd9fcf6bb0cdc1f1602f241..df969e3ec33ab07fe3fcb489e0df 100644
--- a/roms/Makefile
+++ b/roms/Makefile
@@ -199,7 +199,7 @@ MESON = meson

2
roms-Makefile-pass-a-packaging-timestamp.patch
View File

@ -20,7 +20,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/roms/Makefile b/roms/Makefile
index 5ffe3317acd233586e1a2f87bddd..bbbe2eff895868b8a5781f6ca397 100644
index eeb5970348cd6d28fa4165d25562..38b71afb0757bd717154afd6a92d 100644
--- a/roms/Makefile
+++ b/roms/Makefile
@@ -52,6 +52,12 @@ SEABIOS_EXTRAVERSION="-prebuilt.qemu.org"

36
runstate-Initialize-Error-to-NULL.patch
View File

@ -1,36 +0,0 @@
From: Peng Liang <liangpeng10@huawei.com>
Date: Thu, 10 Jun 2021 21:17:29 +0800
Subject: runstate: Initialize Error * to NULL
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 6e1da3d305499d3907f3c7f6638243e2e09b5085
Based on the description of error_setg(), the local variable err in
qemu_init_subsystems() should be initialized to NULL.
Fixes: efd7ab22fb ("vl: extract qemu_init_subsystems")
Cc: qemu-stable@nongnu.org
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Message-Id: <20210610131729.3906565-1-liangpeng10@huawei.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
softmmu/runstate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/softmmu/runstate.c b/softmmu/runstate.c
index ce8977c6a29c939ac5890b170031..54713100c2eacc4ee616905b732d 100644
--- a/softmmu/runstate.c
+++ b/softmmu/runstate.c
@@ -746,7 +746,7 @@ static void qemu_run_exit_notifiers(void)
void qemu_init_subsystems(void)
{
- Error *err;
+ Error *err = NULL;
os_set_line_buffering();

97
sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
View File

@ -1,97 +0,0 @@
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 10 Mar 2021 17:30:04 +0000
Subject: sockets: update SOCKET_ADDRESS_TYPE_FD listen(2) backlog
Git-commit: 37179e9ea45d6428b29ae789209c119ac18c1d39
socket_get_fd() fails with the error "socket_get_fd: too many
connections" if the given listen backlog value is not 1.
Not all callers set the backlog to 1. For example, commit
582d4210eb2f2ab5baac328fe4b479cd86da1647 ("qemu-nbd: Use SOMAXCONN for
socket listen() backlog") uses SOMAXCONN. This will always fail with in
socket_get_fd().
This patch calls listen(2) on the fd to update the backlog value. The
socket may already be in the listen state. I have tested that this works
on Linux 5.10 and macOS Catalina.
As a bonus this allows us to detect when the fd cannot listen. Now we'll
be able to catch unbound or connected fds in socket_listen().
Drop the num argument from socket_get_fd() since this function is also
called by socket_connect() where a listen backlog value does not make
sense.
Fixes: e5b6353cf25c99c3f08bf51e29933352f7140e8f ("socket: Add backlog parameter to socket_listen")
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210310173004.420190-1-stefanha@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
util/qemu-sockets.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 8af0278f15c69fea136192e91650..2463c49773eae5ccac4c6c832c76 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -1116,14 +1116,10 @@ fail:
return NULL;
}
-static int socket_get_fd(const char *fdstr, int num, Error **errp)
+static int socket_get_fd(const char *fdstr, Error **errp)
{
Monitor *cur_mon = monitor_cur();
int fd;
- if (num != 1) {
- error_setg_errno(errp, EINVAL, "socket_get_fd: too many connections");
- return -1;
- }
if (cur_mon) {
fd = monitor_get_fd(cur_mon, fdstr, errp);
if (fd < 0) {
@@ -1159,7 +1155,7 @@ int socket_connect(SocketAddress *addr, Error **errp)
break;
case SOCKET_ADDRESS_TYPE_FD:
- fd = socket_get_fd(addr->u.fd.str, 1, errp);
+ fd = socket_get_fd(addr->u.fd.str, errp);
break;
case SOCKET_ADDRESS_TYPE_VSOCK:
@@ -1187,7 +1183,26 @@ int socket_listen(SocketAddress *addr, int num, Error **errp)
break;
case SOCKET_ADDRESS_TYPE_FD:
- fd = socket_get_fd(addr->u.fd.str, num, errp);
+ fd = socket_get_fd(addr->u.fd.str, errp);
+ if (fd < 0) {
+ return -1;
+ }
+
+ /*
+ * If the socket is not yet in the listen state, then transition it to
+ * the listen state now.
+ *
+ * If it's already listening then this updates the backlog value as
+ * requested.
+ *
+ * If this socket cannot listen because it's already in another state
+ * (e.g. unbound or connected) then we'll catch the error here.
+ */
+ if (listen(fd, num) != 0) {
+ error_setg_errno(errp, errno, "Failed to listen on fd socket");
+ closesocket(fd);
+ return -1;
+ }
break;
case SOCKET_ADDRESS_TYPE_VSOCK:

88
supported.arm.txt
View File

@ -1,12 +1,12 @@
[qemu-arm package document]
POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS
====================================================
SLES 15 SP4 QEMU/KVM RELATED SUPPORT STATEMENTS
===============================================
Overview
--------
The QEMU based packages included with SLES 15 SP3 provide a large variety of
The QEMU based packages included with SLES 15 SP4 provide a large variety of
features, from the very latest customer requests to features of questionable
quality or value. The linux kernel includes components which contribute KVM
virtualization features as well. This document was created to assist the user
@ -58,7 +58,7 @@ Major QEMU/KVM Supported Features
Since a KVM guest runs in the context of a normal linux process, some types
of execution controls are managed with linux tools.
- QEMU is compatible with EDK II based UEFI firmware available with SLES 15 SP3,
- QEMU is compatible with EDK II based UEFI firmware available with SLES 15 SP4,
which allow boot options common to physical systems, along with other features
tailored to virtualization. Various VGABIOS ROMs, from the SEABIOS project,
are also available.
@ -74,7 +74,7 @@ Major QEMU/KVM Supported Features
- Guest execution state may be "moved" in both time (save/restore) and space
(static and live migration). These migrations or save/restore operations can
take place either from certain prior SLES versioned hosts to a SLES 15 SP3
take place either from certain prior SLES versioned hosts to a SLES 15 SP4
host or between hosts of the same version. Certain other restrictions also
apply.
@ -114,7 +114,7 @@ Major QEMU/KVM Supported Features
- Portions of the host file system may be shared with a guest by using virtFS.
- A guest "agent" is available for SLES 15 SP3 KVM guests via the
- A guest "agent" is available for SLES 15 SP4 KVM guests via the
qemu-guest-agent package. This allows some introspection and control of the
guest OS environment from the host.
@ -143,8 +143,8 @@ Noteworthy QEMU/KVM Unsupported Features
Deprecated, Superseded, Modified and Dropped Features
-----------------------------------------------------
- http://wiki.qemu-project.org/Features/LegacyRemoval and
https://qemu-project.gitlab.io/qemu/system/deprecated.html
- https://qemu-project.gitlab.io/qemu/about/deprecated.html and
https://qemu-project.gitlab.io/qemu/about/removed-features.html
These websites track features deprecation and removal at the upstream
development level. Our qemu package inherits this community direction, but be
aware that we can and will deviate as needed. Those deviations and additional
@ -152,6 +152,13 @@ Deprecated, Superseded, Modified and Dropped Features
removed features are also tracked in the "System Emulation" section of the
documentation installed with the qemu package.
- Aspeed swift-bmc machine is deprecated. It can be easily replaced by the
witherspoon-bmc or the romulus-bmc machines.
- The previously non-persistent backing file with pmem=on is deprecated. Modify
VM configuration to set pmem=off to continue using fake NVDIMM with backing
file or move backing file to NVDIMM storage and keep pmem=on.
- The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M",
"-machine" and "-d" is now considered deprecated. Use "help"
instead.
@ -172,12 +179,14 @@ Deprecated, Superseded, Modified and Dropped Features
acpitable, boot, and smp respectively.
- These previously supported command line options are now considered deprecated:
-display sdl,window_close= (use -display sdl,window-close)
-no-quit (use -display ...,window-close=off)
-chardev tty (use serial name instead)
-chardev paraport (use parallel name instead)
-device virtio-blk,scsi= (use virtio-scsi instead)
-device virtio-blk-pci,scsi= (use virtio-scsi instead)
-enable-fips (not really helpful - see https://git.qemu.org/?p=qemu.git;a=commit;h=166310299a1e7824bbff17e1f016659d18b4a559 for details)
-realtime mlock= (use -overcommit mem-lock- instead)
-realtime mlock= (use -overcommit mem-lock= instead)
-spice password=string (use password-string option instead)
-writeconfig (no replacement - never really worked right)
-share and noshare must be replaced by share=on/share=off
@ -236,6 +245,7 @@ Deprecated, Superseded, Modified and Dropped Features
<previously mentioned items have been moved to another category>
- These previously supported QMP commands are no longer recognized:
info cpustats
block_passwd
change (use blockdev-change-medium or change-vnc-password instead)
cpu-add (use device_add instead)
@ -250,6 +260,7 @@ Deprecated, Superseded, Modified and Dropped Features
change
- These previously supported monitor commands are no longer recognized:
info cpustats
block_passwd ...
cpu-add (use device_add instead)
migrate_set_cache_size
@ -306,8 +317,8 @@ QEMU Command-Line and Monitor Syntax and Support
better functionality and usability going forward. In some cases existing
problems or even bugs in older interfaces cannot be fixed due to functional
expectations, but are resolved in the newer interface or option.
This advice includes moving to the most recent machine type (eg virt-5.2
instead of virt-4.2) if possible.
This advice includes moving to the most recent machine type (eg virt-6.1
instead of virt-6.0) if possible.
- The following command line options are supported:
-accel ...
@ -383,8 +394,8 @@ QEMU Command-Line and Monitor Syntax and Support
-kernel ...
-loadvm ...
-m ...
-M [help|?|none|virt-2.6|virt-2.11|virtio-3.1|virt-4.2|virt-5.2]
-machine [help|?|none|virt-2.6|virt-2.11|virt-3.1|virt-4.2|virt-5.2]
-M [help|none|virt-2.6|virt-2.11|virtio-3.1|virt-4.2|virt-5.2|virt-6.0|virt-6.1]
-machine [help|none|virt-2.6|virt-2.11|virt-3.1|virt-4.2|virt-5.2|virt-6.0|virt-6.1]
-mem-path ...
-mem-prealloc
-mon ...
@ -782,40 +793,43 @@ QEMU Command-Line and Monitor Syntax and Support
-L ...
-M
[virt|akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah|collie|
connex|cubieboard|g220a-bmc|highbank|imx25-pdk|integratorcp|kzm|
[akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah|collie|connex|
cubieboard|emcraft-sf2|g220a-bmc|highbank|imx25-pdk|integratorcp|kzm|
lm3s6965evb|lm3s811evb|mainstone|mcimx6ul-evk|mcimx7d-sabre|microbit|
midway|mps2-an385|mps2-an386|mps2-an500|mps2-an505|mps2-an511|mps2-an521|
mps3-an524|mps3-an547|musca-a|musca-b1|musicpal|n800|n810|netduino2|
netduinoplus2|npcm750-evb|nuri|orangepi-pc|palmetto-bmc|quanta-gsj|raspi0|
raspi1ap|raspi2|raspi2b|raspi3|raspi3ap|raspi3b|realview-eb|
realview-eb-mpcore|realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite|
sbsa-ref|smdkc210|sonorapass-bmc|spitz|supermicrox11-bmc|swift-bmc|sx1|
netduinoplus2|none|npcm750-evb|nuri|orangepi-pc|palmetto-bmc|
quanta-gbs-bmc|quanta-gsj|quanta-q71l-bmc|rainier-bmc|raspi0|raspi1ap|
raspi2|raspi2b|raspi3ap|raspi3|raspi3b|realview-eb|realview-eb-mpcore|
realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite|sbsa-ref|smdkc210|
sonorapass-bmc|spitz|stm32vldiscovery|supermicrox11-bmc|swift-bmc|sx1|
sx1-v1|tacoma-bmc|terrier|tosa|verdex|versatileab|versatilepb|vexpress-a15|
vexpress-a9|virt-2.7|virt-2.8|virt-2.12|virt-3.0|virt-4.0|virt-4.1|
virt-5.0|virt-5.1|virt-6.0|witherspoon-bmc|xilinx-zynq-a9|xlnx-versal-virt|
xlnx-zcu102|z2]
vexpress-a9|virt-2.10|virt-2.11|virt-2.12|virt-2.6|virt-2.7|virt-2.8|
virt-2.9|virt-3.0|virt-3.1|virt-4.0|virt-4.1|virt-4.2|virt-5.0|virt-5.1|
virt-5.2|virt-6.0|virt|virt-6.1|witherspoon-bmc|xilinx-zynq-a9|
xlnx-versal-virt|xlnx-zcu102|z2]
-machine
[virt|akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah|
collie|connex|cubieboard|g220a-bmc|highbank|imx25-pdk|integratorcp|
kzm|lm3s6965evb|lm3s811evb|mainstone|mcimx6ul-evk|mcimx7d-sabre|
microbit|midway|mps2-an385|mps2-an386|mps2-an500|mps2-an521|
mps2-an505|mps2-an511|mps3-an524|mps3-an547|musca-a|musca-b1|
musicpal|n800|n810|netduino2|netduinoplus2|npcm750-evb|nuri|
orangepi-pc|palmetto-bmc|quanta-gsj|raspi0|raspi1ap|raspi2|raspi2b|
raspi3|raspi3ap|raspi3b|realview-eb|realview-eb-mpcore|
realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite|sbsa-ref|
smdkc210|sonorapass-bmc|spitz|supermicrox11-bmc|swift-bmc|sx1|sx1-v1|
tacoma-bmc|terrier|tosa|verdex|versatileab|versatilepb|vexpress-a15|
vexpress-a9|virt-2.7|virt-2.8|virt-2.12|virt-3.0|virt-4.0|virt-4.1|
virt-5.0|virt-5.1|virt-6.0|witherspoon-bmc|xilinx-zynq-a9|
[akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah|collie|
connex|cubieboard|emcraft-sf2|g220a-bmc|highbank|imx25-pdk|integratorcp|
kzm|lm3s6965evb|lm3s811evb|mainstone|mcimx6ul-evk|mcimx7d-sabre|microbit|
midway|mps2-an385|mps2-an386|mps2-an500|mps2-an505|mps2-an511|mps2-an521|
mps3-an524|mps3-an547|musca-a|musca-b1|musicpal|n800|n810|netduino2|
netduinoplus2|none|npcm750-evb|nuri|orangepi-pc|palmetto-bmc|
quanta-gbs-bmc|quanta-gsj|quanta-q71l-bmc|rainier-bmc|raspi0|raspi1ap|
raspi2|raspi2b|raspi3ap|raspi3|raspi3b|realview-eb|realview-eb-mpcore|
realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite|sbsa-ref|smdkc210|
sonorapass-bmc|spitz|stm32vldiscovery|supermicrox11-bmc|swift-bmc|sx1|
sx1-v1|tacoma-bmc|terrier|tosa|verdex|versatileab|versatilepb|
vexpress-a15|vexpress-a9|virt-2.10|virt-2.11|virt-2.12|virt-2.6|virt-2.7|
virt-2.8|virt-2.9|virt-3.0|virt-3.1|virt-4.0|virt-4.1|virt-4.2|virt-5.0|
virt-5.1|virt-5.2|virt-6.0|virt|virt-6.1|witherspoon-bmc|xilinx-zynq-a9|
xlnx-versal-virt|xlnx-zcu102|z2]
-mtdblock file
-net [dump|socket|vde] ...
-netdev [dump|hubport|l2tpv3|socket|vde] ...
-net [socket|vde] ...
-netdev [hubport|l2tpv3|socket|vde] ...
-no-fd-bootchk
-no-hpet
-no-kvm

4
supported.ppc.txt
View File

@ -1,6 +1,6 @@
[qemu-ppc package document]
POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS
====================================================
SLES 15 SP4 QEMU/KVM RELATED SUPPORT STATEMENTS
===============================================
QEMU/KVM on ppc is not supported.

34
supported.s390.txt
View File

@ -1,12 +1,12 @@
[qemu-s390 package document]
POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS
====================================================
SLES 15 SP4 QEMU/KVM RELATED SUPPORT STATEMENTS
===============================================
Overview
--------
The QEMU based packages included with SLES 15 SP3 provide a large variety of
The QEMU based packages included with SLES 15 SP4 provide a large variety of
features, from the very latest customer requests to features of questionable
quality or value. The linux kernel includes components which contribute KVM
virtualization features as well. This document was created to assist the user
@ -74,7 +74,7 @@ Major QEMU/KVM Supported Features
- Guest execution state may be "moved" in both time (save/restore) and space
(static and live migration). These migrations or save/restore operations can
take place either from certain prior SLES versioned hosts to a SLES 15 SP3
take place either from certain prior SLES versioned hosts to a SLES 15 SP4
host or between hosts of the same version. Certain other restrictions also
apply.
@ -114,7 +114,7 @@ Major QEMU/KVM Supported Features
- Portions of the host file system may be shared with a guest by using virtFS.
- A guest "agent" is available for SLES 15 SP3 KVM guests via the
- A guest "agent" is available for SLES 15 SP4 KVM guests via the
qemu-guest-agent package. This allows some introspection and control of the
guest OS environment from the host.
@ -139,8 +139,8 @@ Noteworthy QEMU/KVM Unsupported Features
Deprecated, Superseded, Modified and Dropped Features
-----------------------------------------------------
- http://wiki.qemu-project.org/Features/LegacyRemoval and
https://qemu-project.gitlab.io/qemu/system/deprecated.html
- https://qemu-project.gitlab.io/qemu/about/deprecated.html and
https://qemu-project.gitlab.io/qemu/about/removed-features.html
These websites track features deprecation and removal at the upstream
development level. Our qemu package inherits this community direction, but be
aware that we can and will deviate as needed. Those deviations and additional
@ -148,6 +148,10 @@ Deprecated, Superseded, Modified and Dropped Features
removed features are also tracked in the "System Emulation" section of the
documentation installed with the qemu package.
- The previously non-persistent backing file with pmem=on is deprecated. Modify
VM configuration to set pmem=off to continue using fake NVDIMM with backing
file or move backing file to NVDIMM storage and keep pmem=on.
- The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M",
"-machine" and "-d" is now considered deprecated. Use "help"
instead.
@ -168,6 +172,8 @@ Deprecated, Superseded, Modified and Dropped Features
acpitable, boot, and smp respectively.
- These previously supported command line options are now considered deprecated:
-display sdl,window_close= (use -display sdl,window-close)
-no-quit (use -display ...,window-close=off)
-chardev tty (use serial name instead)
-chardev paraport (use parallel name instead)
-device virtio-blk,scsi= (use virtio-scsi instead)
@ -227,6 +233,7 @@ Deprecated, Superseded, Modified and Dropped Features
<previously mentioned items have been moved to another category>
- These previously supported QMP commands are no longer recognized:
info cpustats
block_passwd
change (use blockdev-change-medium or change-vnc-password instead)
cpu-add (use device_add instead)
@ -241,7 +248,8 @@ Deprecated, Superseded, Modified and Dropped Features
change
- These previously supported monitor commands are no longer recognized:
block_passwd
info cpustats
block_passwd ...
cpu-add (use device_add instead)
migrate_set_cache_size
migrate_set_downtime
@ -298,7 +306,7 @@ QEMU Command-Line and Monitor Syntax and Support
problems or even bugs in older interfaces cannot be fixed due to functional
expectations, but are resolved in the newer interface or option.
This advice includes moving to the most recent machine type (eg
s390-ccw-virtio-5.2 instead of s390-ccw-virtio-4.2) if possible.
s390-ccw-virtio-6.1 instead of s390-ccw-virtio-6.0) if possible.
- The following command line options are supported:
-accel ...
@ -737,7 +745,7 @@ QEMU Command-Line and Monitor Syntax and Support
s390-ccw-virtio-2.7|s390-ccw-virtio-2.8|s390-ccw-virtio-2.10|
s390-ccw-virtio-2.12|s390-ccw-virtio-3.0|s390-ccw-virtio-4.0|
s390-ccw-virtio-4.1|s390-ccw-virtio-5.0|s390-ccw-virtio-5.1|
s390-ccw-virtio-6.0]
s390-ccw-virtio-6.0|s390-ccw-virtio-6.1]
-machine
@ -745,11 +753,11 @@ QEMU Command-Line and Monitor Syntax and Support
s390-ccw-virtio-2.7|s390-ccw-virtio-2.8|s390-ccw-virtio-2.10|
s390-ccw-virtio-2.12|s390-ccw-virtio-3.0|s390-ccw-virtio-4.0|
s390-ccw-virtio-4.1|s390-ccw-virtio-5.0|s390-ccw-virtio-5.1|
s390-ccw-virtio-6.0]
s390-ccw-virtio-6.0|s390-ccw-virtio-6.1]
-mtdblock file
-net [dump|socket|vde] ...
-netdev [dump|hubport|l2tpv3|socket|vde] ...
-net [socket|vde] ...
-netdev [hubport|l2tpv3|socket|vde] ...
-no-acpi
-no-fd-bootchk
-no-hpet

47
supported.x86.txt
View File

@ -1,12 +1,12 @@
[qemu-x86 package document]
POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS
====================================================
SLES 15 SP4 QEMU/KVM RELATED SUPPORT STATEMENTS
===============================================
Overview
--------
The QEMU based packages included with SLES 15 SP3 provide a large variety of
The QEMU based packages included with SLES 15 SP4 provide a large variety of
features, from the very latest customer requests to features of questionable
quality or value. The linux kernel includes components which contribute KVM
virtualization features as well. This document was created to assist the user
@ -82,7 +82,7 @@ Major QEMU/KVM Supported Features
- Guest execution state may be "moved" in both time (save/restore) and space
(static and live migration). These migrations or save/restore operations can
take place either from certain prior SLES versioned hosts to a SLES 15 SP3
take place either from certain prior SLES versioned hosts to a SLES 15 SP4
host or between hosts of the same version. Certain other restrictions also
apply.
@ -133,7 +133,7 @@ Major QEMU/KVM Supported Features
- Portions of the host file system may be shared with a guest by using virtFS.
- A guest "agent" is available for SLES 15 SP3 KVM guests via the
- A guest "agent" is available for SLES 15 SP4 KVM guests via the
qemu-guest-agent package. This allows some introspection and control of the
guest OS environment from the host.
@ -162,9 +162,9 @@ Noteworthy QEMU/KVM Unsupported Features
Deprecated, Superseded, Modified and Dropped Features
-----------------------------------------------------
- http://wiki.qemu-project.org/Features/LegacyRemoval and
https://qemu-project.gitlab.io/qemu/system/deprecated.html
These websites track feature deprecation and removal at the upstream
- https://qemu-project.gitlab.io/qemu/about/deprecated.html and
https://qemu-project.gitlab.io/qemu/about/removed-features.html
These websites track features deprecation and removal at the upstream
development level. Our qemu package inherits this community direction, but be
aware that we can and will deviate as needed. Those deviations and additional
information can be found in this section. Feature deprecation as well as
@ -183,6 +183,10 @@ Deprecated, Superseded, Modified and Dropped Features
supports the virtio block interface directly. In fact, its usage may cause
problems, and is now considered deprecated.
- The previously non-persistent backing file with pmem=on is deprecated. Modify
VM configuration to set pmem=off to continue using fake NVDIMM with backing
file or move backing file to NVDIMM storage and keep pmem=on.
- The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M",
"-machine" and "-d" is now considered deprecated. Use "help"
instead.
@ -209,6 +213,8 @@ Deprecated, Superseded, Modified and Dropped Features
versions.
- These previously supported command line options are now considered deprecated:
-display sdl,window_close= (use -display sdl,window-close)
-no-quit (use -display ...,window-close=off)
-M option kernel-irqchip=off
-chardev tty (use serial name instead)
-chardev paraport (use parallel name instead)
@ -309,6 +315,7 @@ Deprecated, Superseded, Modified and Dropped Features
<previously mentioned items have been moved to another category>
- These previously supported QMP commands are no longer recognized:
info cpustats
block_passwd
change (use blockdev-change-medium or change-vnc-password instead)
cpu-add (use device_add instead)
@ -323,6 +330,8 @@ Deprecated, Superseded, Modified and Dropped Features
change
- These previously supported monitor commands are no longer recognized:
info cpustats
block_passwd ...
block_passwd
cpu-add
cpu_set
@ -392,8 +401,8 @@ QEMU Command-Line and Monitor Syntax and Support
better functionality and usability going forward. In some cases existing
problems or even bugs in older interfaces cannot be fixed due to functional
expectations, but are resolved in the newer interface or option.
This advice includes moving to the most recent machine type (eg pc-i440fx-5.2
instead of pc-i440fx-4.2) if possible.
This advice includes moving to the most recent machine type (eg pc-i440fx-6.1
instead of pc-i440fx-6.0) if possible.
- The following command line options are supported:
-accel ...
@ -481,17 +490,19 @@ QEMU Command-Line and Monitor Syntax and Support
-m ...
-M
[help|?|none|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0|pc-i440fx-2.3|
[help|none|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0|pc-i440fx-2.3|
pc-i440fx-2.6|pc-i440fx-2.9|pc-i440fx-2.11|pc-i440fx-3.1|pc-i440fx-4.2|
pc-i440fx-5.2|pc-q35-2.6|pc-q35-2.9|pc-q35-2.11|pc-q35-3.1|pc-q35-4.2|
pc-q35-5.2|xenfv|xenfv-4.2]
pc-i440fx-5.2|pc-i440fx-6.0|pc-i440fx-6.1|pc-q35-2.6|pc-q35-2.9|
pc-q35-2.11|pc-q35-3.1|pc-q35-4.2|pc-q35-5.2|pc-q35-6.0|pc-q35-6.1|
xenfv|xenfv-4.2]
-machine
[help|?|none|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0|
[help|none|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0|
pc-i440fx-2.3|pc-440fx-2.6|pc-i440fx-2.9|pc-i440fx-2.11|
pc-i440fx-3.1|pc-i440fx-4.2|pc-i440fx-5.2|pc-q35-2.6|pc-q35-2.9|
pc-q35-2.11|pc-q35-3.1|pc-q35-4.2|pc-q35-5.2|xenfv|xenifv-4.2]
pc-i440fx-3.1|pc-i440fx-4.2|pc-i440fx-5.2|pc-i440fx-6.0|
pc-i440fx-6.1|pc-q35-2.6|pc-q35-2.9|pc-q35-2.11|pc-q35-3.1|
pc-q35-4.2|pc-q35-5.2|pc-q35-6.0|pc-q35-6.1|xenfv|xenifv-4.2]
-mem-path ...
-mem-prealloc
@ -863,8 +874,8 @@ QEMU Command-Line and Monitor Syntax and Support
pc-q35-4.1|pc-q35-5.0|pc-q35-5.1|pc-q35-6.0]
-mtdblock file
-net [dump|socket|vde] ...
-netdev [dump|hubport|l2tpv3|socket|vde] ...
-net [socket|vde] ...
-netdev [hubport|l2tpv3|socket|vde] ...
-no-kvm
-numa node ...
-option-rom ...

30
target-i386-Exit-tb-after-wrmsr.patch
View File

@ -1,30 +0,0 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Fri, 14 May 2021 10:13:37 -0500
Subject: target/i386: Exit tb after wrmsr
Git-commit: 244843b757220c432e0e9ae8d2210218c034730d
At minimum, wrmsr can change efer, which affects HF_LMA.
Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210514151342.384376-46-richard.henderson@linaro.org>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
target/i386/tcg/translate.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 880bc455612aa9757a065723206e..6b713b4fff7c466bd864d4af5792 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -7198,6 +7198,8 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
gen_helper_rdmsr(cpu_env);
} else {
gen_helper_wrmsr(cpu_env);
+ gen_jmp_im(s, s->pc - s->cs_base);
+ gen_eob(s);
}
}
break;

51
target-sh4-Return-error-if-CPUClass-get_.patch
View File

@ -1,51 +0,0 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Date: Wed, 5 May 2021 18:10:46 +0200
Subject: target/sh4: Return error if CPUClass::get_phys_page_debug() fails
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 52a1c621f9d56d18212273c64b4119513a2db1f1
If the get_physical_address() call fails, the SH4 get_phys_page_debug()
handler returns an uninitialized address. Instead return -1, which
correspond to "no page found" (see cpu_get_phys_page_debug() doc
string).
This fixes a warning emitted when building with CFLAGS=-O3
(using GCC 10.2.1 20201125):
target/sh4/helper.c: In function superh_cpu_get_phys_page_debug:
target/sh4/helper.c:446:12: warning: physical may be used uninitialized in this function [-Wmaybe-uninitialized]
446 | return physical;
| ^~~~~~~~
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20210505161046.1397608-1-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
target/sh4/helper.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index bd8e034f174d530354913acb7fa1..2d622081e85afec6e40034c24508 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -441,9 +441,12 @@ hwaddr superh_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
target_ulong physical;
int prot;
- get_physical_address(&cpu->env, &physical, &prot, addr, MMU_DATA_LOAD);
+ if (get_physical_address(&cpu->env, &physical, &prot, addr, MMU_DATA_LOAD)
+ == MMU_OK) {
+ return physical;
+ }
- return physical;
+ return -1;
}
void cpu_load_tlb(CPUSH4State * env)

71
tcg-Allocate-sufficient-storage-in-temp_.patch
View File

@ -1,71 +0,0 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Fri, 18 Jun 2021 21:53:27 -0700
Subject: tcg: Allocate sufficient storage in temp_allocate_frame
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: c1c091948ae4a73c1a80b5005f6204d0e665ce52
This function should have been updated for vector types
when they were introduced.
Fixes: d2fd745fe8b
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/367
Cc: qemu-stable@nongnu.org
Tested-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
tcg/tcg.c | 31 ++++++++++++++++++++++++++-----
1 file changed, 26 insertions(+), 5 deletions(-)
diff --git a/tcg/tcg.c b/tcg/tcg.c
index a9cf55531e2b9ae06d5d852cc563..21d65969beb7cc4d34c2b321c7b3 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -3489,17 +3489,38 @@ static void check_regs(TCGContext *s)
static void temp_allocate_frame(TCGContext *s, TCGTemp *ts)
{
- if (s->current_frame_offset + (tcg_target_long)sizeof(tcg_target_long) >
- s->frame_end) {
- tcg_abort();
+ intptr_t off, size, align;
+
+ switch (ts->type) {
+ case TCG_TYPE_I32:
+ size = align = 4;
+ break;
+ case TCG_TYPE_I64:
+ case TCG_TYPE_V64:
+ size = align = 8;
+ break;
+ case TCG_TYPE_V128:
+ size = align = 16;
+ break;
+ case TCG_TYPE_V256:
+ /* Note that we do not require aligned storage for V256. */
+ size = 32, align = 16;
+ break;
+ default:
+ g_assert_not_reached();
}
- ts->mem_offset = s->current_frame_offset;
+
+ assert(align <= TCG_TARGET_STACK_ALIGN);
+ off = ROUND_UP(s->current_frame_offset, align);
+ assert(off + size <= s->frame_end);
+ s->current_frame_offset = off + size;
+
+ ts->mem_offset = off;
#if defined(__sparc__)
ts->mem_offset += TCG_TARGET_STACK_BIAS;
#endif
ts->mem_base = s->frame_temp;
ts->mem_allocated = 1;
- s->current_frame_offset += sizeof(tcg_target_long);
}
static void temp_load(TCGContext *, TCGTemp *, TCGRegSet, TCGRegSet, TCGRegSet);

31
tcg-arm-Fix-tcg_out_op-function-signatur.patch
View File

@ -1,31 +0,0 @@
From: "Jose R. Ziviani" <jziviani@suse.de>
Date: Thu, 10 Jun 2021 19:44:50 -0300
Subject: tcg/arm: Fix tcg_out_op function signature
Git-commit: c372565d08e278d6e65a54c8b5ab082bd63234ea
Commit 5e8892db93 fixed several function signatures but tcg_out_op for
arm is missing. This patch fixes it as well.
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
Message-Id: <20210610224450.23425-1-jziviani@suse.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
tcg/arm/tcg-target.c.inc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 8457108a87a17c2628f5a5c83115..cd9ae20037f30c2075cd0bfa5ff5 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -1710,7 +1710,8 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64)
static void tcg_out_epilogue(TCGContext *s);
static inline void tcg_out_op(TCGContext *s, TCGOpcode opc,
- const TCGArg *args, const int *const_args)
+ const TCGArg args[TCG_MAX_OP_ARGS],
+ const int const_args[TCG_MAX_OP_ARGS])
{
TCGArg a0, a1, a2, a3, a4, a5;
int c;

77
tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch
View File

@ -1,77 +0,0 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Fri, 18 Jun 2021 16:49:26 -0700
Subject: tcg/sparc: Fix temp_allocate_frame vs sparc stack bias
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 9defd1bdfb0f2ddb3ca9863e39577f3a9929d58c
We should not be aligning the offset in temp_allocate_frame,
because the odd offset produces an aligned address in the end.
Instead, pass the logical offset into tcg_set_frame and add
the stack bias last.
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
tcg/sparc/tcg-target.c.inc | 16 ++++++++++------
tcg/tcg.c | 9 +++------
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/tcg/sparc/tcg-target.c.inc b/tcg/sparc/tcg-target.c.inc
index 3d50f985c6cde71a5d2928db1f4f..c046d1cc6098c0a148fde7a8d7a9 100644
--- a/tcg/sparc/tcg-target.c.inc
+++ b/tcg/sparc/tcg-target.c.inc
@@ -987,14 +987,18 @@ static void tcg_target_qemu_prologue(TCGContext *s)
{
int tmp_buf_size, frame_size;
- /* The TCG temp buffer is at the top of the frame, immediately
- below the frame pointer. */
+ /*
+ * The TCG temp buffer is at the top of the frame, immediately
+ * below the frame pointer. Use the logical (aligned) offset here;
+ * the stack bias is applied in temp_allocate_frame().
+ */
tmp_buf_size = CPU_TEMP_BUF_NLONGS * (int)sizeof(long);
- tcg_set_frame(s, TCG_REG_I6, TCG_TARGET_STACK_BIAS - tmp_buf_size,
- tmp_buf_size);
+ tcg_set_frame(s, TCG_REG_I6, -tmp_buf_size, tmp_buf_size);
- /* TCG_TARGET_CALL_STACK_OFFSET includes the stack bias, but is
- otherwise the minimal frame usable by callees. */
+ /*
+ * TCG_TARGET_CALL_STACK_OFFSET includes the stack bias, but is
+ * otherwise the minimal frame usable by callees.
+ */
frame_size = TCG_TARGET_CALL_STACK_OFFSET - TCG_TARGET_STACK_BIAS;
frame_size += TCG_STATIC_CALL_ARGS_SIZE + tmp_buf_size;
frame_size += TCG_TARGET_STACK_ALIGN - 1;
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 1fbe0b686d57361ed698c4ab5e5c..a9cf55531e2b9ae06d5d852cc563 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -3489,17 +3489,14 @@ static void check_regs(TCGContext *s)
static void temp_allocate_frame(TCGContext *s, TCGTemp *ts)
{
-#if !(defined(__sparc__) && TCG_TARGET_REG_BITS == 64)
- /* Sparc64 stack is accessed with offset of 2047 */
- s->current_frame_offset = (s->current_frame_offset +
- (tcg_target_long)sizeof(tcg_target_long) - 1) &
- ~(sizeof(tcg_target_long) - 1);
-#endif
if (s->current_frame_offset + (tcg_target_long)sizeof(tcg_target_long) >
s->frame_end) {
tcg_abort();
}
ts->mem_offset = s->current_frame_offset;
+#if defined(__sparc__)
+ ts->mem_offset += TCG_TARGET_STACK_BIAS;
+#endif
ts->mem_base = s->frame_temp;
ts->mem_allocated = 1;
s->current_frame_offset += sizeof(tcg_target_long);

80
ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
View File

@ -1,80 +0,0 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Fri, 30 Apr 2021 17:50:09 +0200
Subject: ui: Fix memory leak in qemu_xkeymap_mapping_table()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 7c06a34c8c4f2c883d6ab6b15faa214d4ebfb269
References: bsc#1185999
Refactor qemu_xkeymap_mapping_table() to have a single exit point,
so we can easily free the memory allocated by XGetAtomName().
This fixes when running a binary configured with --enable-sanitizers:
Direct leak of 22 byte(s) in 1 object(s) allocated from:
#0 0x561344a7473f in malloc (qemu-system-x86_64+0x1dab73f)
#1 0x7fa4d9dc08aa in XGetAtomName (/lib64/libX11.so.6+0x2a8aa)
Fixes: 2ec78706d18 ("ui: convert GTK and SDL1 frontends to keycodemapdb")
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210430155009.259755-1-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
ui/x_keymap.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/ui/x_keymap.c b/ui/x_keymap.c
index 555086fb6bd572aeb6dda17bdd15..2ce7b899615f8368c6a6e6984eab 100644
--- a/ui/x_keymap.c
+++ b/ui/x_keymap.c
@@ -56,6 +56,7 @@ const guint16 *qemu_xkeymap_mapping_table(Display *dpy, size_t *maplen)
{
XkbDescPtr desc;
const gchar *keycodes = NULL;
+ const guint16 *map;
/* There is no easy way to determine what X11 server
* and platform & keyboard driver is in use. Thus we
@@ -83,21 +84,21 @@ const guint16 *qemu_xkeymap_mapping_table(Display *dpy, size_t *maplen)
if (check_for_xwin(dpy)) {
trace_xkeymap_keymap("xwin");
*maplen = qemu_input_map_xorgxwin_to_qcode_len;
- return qemu_input_map_xorgxwin_to_qcode;
+ map = qemu_input_map_xorgxwin_to_qcode;
} else if (check_for_xquartz(dpy)) {
trace_xkeymap_keymap("xquartz");
*maplen = qemu_input_map_xorgxquartz_to_qcode_len;
- return qemu_input_map_xorgxquartz_to_qcode;
+ map = qemu_input_map_xorgxquartz_to_qcode;
} else if ((keycodes && g_str_has_prefix(keycodes, "evdev")) ||
(XKeysymToKeycode(dpy, XK_Page_Up) == 0x70)) {
trace_xkeymap_keymap("evdev");
*maplen = qemu_input_map_xorgevdev_to_qcode_len;
- return qemu_input_map_xorgevdev_to_qcode;
+ map = qemu_input_map_xorgevdev_to_qcode;
} else if ((keycodes && g_str_has_prefix(keycodes, "xfree86")) ||
(XKeysymToKeycode(dpy, XK_Page_Up) == 0x63)) {
trace_xkeymap_keymap("kbd");
*maplen = qemu_input_map_xorgkbd_to_qcode_len;
- return qemu_input_map_xorgkbd_to_qcode;
+ map = qemu_input_map_xorgkbd_to_qcode;
} else {
trace_xkeymap_keymap("NULL");
g_warning("Unknown X11 keycode mapping '%s'.\n"
@@ -109,6 +110,10 @@ const guint16 *qemu_xkeymap_mapping_table(Display *dpy, size_t *maplen)
" - xprop -root\n"
" - xdpyinfo\n",
keycodes ? keycodes : "<null>");
- return NULL;
+ map = NULL;
}
+ if (keycodes) {
+ XFree((void *)keycodes);
+ }
+ return map;
}

6
usb-Help-compiler-out-to-avoid-a-warning.patch
View File

@ -18,10 +18,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 46212b1e695acc657122ae6645ac..b487818908839ca4c3dd2c082c6a 100644
index e01700039b13d1404d3dc66eb3d3..395f0923f7633c03f2359d503fbd 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -3306,7 +3306,7 @@ static void usb_xhci_init(XHCIState *xhci)
@@ -3310,7 +3310,7 @@ static void usb_xhci_init(XHCIState *xhci)
USB_SPEED_MASK_FULL |
USB_SPEED_MASK_HIGH;
assert(i < XHCI_MAXPORTS);
@ -30,7 +30,7 @@ index 46212b1e695acc657122ae6645ac..b487818908839ca4c3dd2c082c6a 100644
speedmask |= port->speedmask;
}
if (i < xhci->numports_3) {
@@ -3320,7 +3320,7 @@ static void usb_xhci_init(XHCIState *xhci)
@@ -3324,7 +3324,7 @@ static void usb_xhci_init(XHCIState *xhci)
port->uport = &xhci->uports[i];
port->speedmask = USB_SPEED_MASK_SUPER;
assert(i < XHCI_MAXPORTS);

48
usb-hid-avoid-dynamic-stack-allocation.patch
View File

@ -1,48 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 3 May 2021 15:29:11 +0200
Subject: usb/hid: avoid dynamic stack allocation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 3f67e2e7f135b8be4117f3c2960e78d894feaa03
References: bsc#1186012, CVE-2021-3527
Use autofree heap allocation instead.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210503132915.2335822-2-kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/usb/dev-hid.c | 2 +-
hw/usb/dev-wacom.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/usb/dev-hid.c b/hw/usb/dev-hid.c
index fc39bab79f94b0a0d06c23fc650d..1c7ae97c3033442dba820db492bd 100644
--- a/hw/usb/dev-hid.c
+++ b/hw/usb/dev-hid.c
@@ -656,7 +656,7 @@ static void usb_hid_handle_data(USBDevice *dev, USBPacket *p)
{
USBHIDState *us = USB_HID(dev);
HIDState *hs = &us->hid;
- uint8_t buf[p->iov.size];
+ g_autofree uint8_t *buf = g_malloc(p->iov.size);
int len = 0;
switch (p->pid) {
diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c
index b595048635090242b5e771a11436..ed687bc9f1eb1b20b7e8ab0db35a 100644
--- a/hw/usb/dev-wacom.c
+++ b/hw/usb/dev-wacom.c
@@ -301,7 +301,7 @@ static void usb_wacom_handle_control(USBDevice *dev, USBPacket *p,
static void usb_wacom_handle_data(USBDevice *dev, USBPacket *p)
{
USBWacomState *s = (USBWacomState *) dev;
- uint8_t buf[p->iov.size];
+ g_autofree uint8_t *buf = g_malloc(p->iov.size);
int len = 0;
switch (p->pid) {

36
usb-limit-combined-packets-to-1-MiB-CVE-.patch
View File

@ -1,36 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 3 May 2021 15:29:15 +0200
Subject: usb: limit combined packets to 1 MiB (CVE-2021-3527)
Git-commit: 05a40b172e4d691371534828078be47e7fff524c
References: bsc#1186012, CVE-2021-3527
usb-host and usb-redirect try to batch bulk transfers by combining many
small usb packets into a single, large transfer request, to reduce the
overhead and improve performance.
This patch adds a size limit of 1 MiB for those combined packets to
restrict the host resources the guest can bind that way.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20210503132915.2335822-6-kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/usb/combined-packet.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c
index 5d57e883dcb515c9b8acc58d97b4..e56802f89a32f44bc94f3b3dbda2 100644
--- a/hw/usb/combined-packet.c
+++ b/hw/usb/combined-packet.c
@@ -171,7 +171,9 @@ void usb_ep_combine_input_packets(USBEndpoint *ep)
if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok ||
next == NULL ||
/* Work around for Linux usbfs bulk splitting + migration */
- (totalsize == (16 * KiB - 36) && p->int_req)) {
+ (totalsize == (16 * KiB - 36) && p->int_req) ||
+ /* Next package may grow combined package over 1MiB */
+ totalsize > 1 * MiB - ep->max_packet_size) {
usb_device_handle_data(ep->dev, first);
assert(first->status == USB_RET_ASYNC);
if (first->combined) {

35
usb-mtp-avoid-dynamic-stack-allocation.patch
View File

@ -1,35 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 3 May 2021 15:29:13 +0200
Subject: usb/mtp: avoid dynamic stack allocation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 06aa50c06c6392084244f8169d34b8e2d9c43ef2
References: bsc#1186012, CVE-2021-3527
Use autofree heap allocation instead.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210503132915.2335822-4-kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/usb/dev-mtp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index bbb827434482d3b191df857d6fa0..2a895a73b083315d617e73a12cbd 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -907,7 +907,8 @@ static MTPData *usb_mtp_get_object_handles(MTPState *s, MTPControl *c,
MTPObject *o)
{
MTPData *d = usb_mtp_data_alloc(c);
- uint32_t i = 0, handles[o->nchildren];
+ uint32_t i = 0;
+ g_autofree uint32_t *handles = g_new(uint32_t, o->nchildren);
MTPObject *iter;
trace_usb_mtp_op_get_object_handles(s->dev.addr, o->handle, o->path);

53
usb-redir-avoid-dynamic-stack-allocation.patch
View File

@ -1,53 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 3 May 2021 15:29:12 +0200
Subject: usb/redir: avoid dynamic stack allocation (CVE-2021-3527)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
References: bsc#1186012, CVE-2021-3527
Use autofree heap allocation instead.
Fixes: 4f4321c11ff ("usb: use iovecs in USBPacket")
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210503132915.2335822-3-kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/usb/redirect.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index af1721a391139818ec9007c16f55..e6474dc543faa707de4d6b2ab03f 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -620,7 +620,7 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p,
.endpoint = ep,
.length = p->iov.size
};
- uint8_t buf[p->iov.size];
+ g_autofree uint8_t *buf = g_malloc(p->iov.size);
/* No id, we look at the ep when receiving a status back */
usb_packet_copy(p, buf, p->iov.size);
usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet,
@@ -818,7 +818,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p,
usbredirparser_send_bulk_packet(dev->parser, p->id,
&bulk_packet, NULL, 0);
} else {
- uint8_t buf[size];
+ g_autofree uint8_t *buf = g_malloc(size);
usb_packet_copy(p, buf, size);
usbredir_log_data(dev, "bulk data out:", buf, size);
usbredirparser_send_bulk_packet(dev->parser, p->id,
@@ -923,7 +923,7 @@ static void usbredir_handle_interrupt_out_data(USBRedirDevice *dev,
USBPacket *p, uint8_t ep)
{
struct usb_redir_interrupt_packet_header interrupt_packet;
- uint8_t buf[p->iov.size];
+ g_autofree uint8_t *buf = g_malloc(p->iov.size);
DPRINTF("interrupt-out ep %02X len %zd id %"PRIu64"\n", ep,
p->iov.size, p->id);

37
usbredir-fix-free-call.patch
View File

@ -1,37 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 22 Jul 2021 09:27:56 +0200
Subject: usbredir: fix free call
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 5e796671e6b8d5de4b0b423dce1b3eba144a92c9
References: bsc#1189145 CVE-2021-3682
data might point into the middle of a larger buffer, there is a separate
free_on_destroy pointer passed into bufp_alloc() to handle that. It is
only used in the normal workflow though, not when dropping packets due
to the queue being full. Fix that.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/491
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210722072756.647673-1-kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/usb/redirect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 17f06f34179a257e3fd2b354164e..af1721a391139818ec9007c16f55 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -476,7 +476,7 @@ static int bufp_alloc(USBRedirDevice *dev, uint8_t *data, uint16_t len,
if (dev->endpoint[EP2I(ep)].bufpq_dropping_packets) {
if (dev->endpoint[EP2I(ep)].bufpq_size >
dev->endpoint[EP2I(ep)].bufpq_target_size) {
- free(data);
+ free(free_on_destroy);
return -1;
}
dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0;

71
vfio-ccw-Permit-missing-IRQs.patch
View File

@ -1,71 +0,0 @@
From: Eric Farman <farman@linux.ibm.com>
Date: Wed, 21 Apr 2021 17:20:53 +0200
Subject: vfio-ccw: Permit missing IRQs
Git-commit: 6178d4689a1e6a0d2b6dea1dad990e74148fa9d1
Commit 690e29b91102 ("vfio-ccw: Refactor ccw irq handler") changed
one of the checks for the IRQ notifier registration from saying
"the host needs to recognize the only IRQ that exists" to saying
"the host needs to recognize ANY IRQ that exists."
And this worked fine, because the subsequent change to support the
CRW IRQ notifier doesn't get into this code when running on an older
kernel, thanks to a guard by a capability region. The later addition
of the REQ(uest) IRQ by commit b2f96f9e4f5f ("vfio-ccw: Connect the
device request notifier") broke this assumption because there is no
matching capability region. Thus, running new QEMU on an older
kernel fails with:
vfio: unexpected number of irqs 2
Let's adapt the message here so that there's a better clue of what
IRQ is missing.
Furthermore, let's make the REQ(uest) IRQ not fail when attempting
to register it, to permit running vfio-ccw on a newer QEMU with an
older kernel.
Fixes: b2f96f9e4f5f ("vfio-ccw: Connect the device request notifier")
Signed-off-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20210421152053.2379873-1-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/vfio/ccw.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
index b2df708e4b0192cc6af898edeca4..400bc07fe260837953de87d0f272 100644
--- a/hw/vfio/ccw.c
+++ b/hw/vfio/ccw.c
@@ -412,8 +412,8 @@ static void vfio_ccw_register_irq_notifier(VFIOCCWDevice *vcdev,
}
if (vdev->num_irqs < irq + 1) {
- error_setg(errp, "vfio: unexpected number of irqs %u",
- vdev->num_irqs);
+ error_setg(errp, "vfio: IRQ %u not available (number of irqs %u)",
+ irq, vdev->num_irqs);
return;
}
@@ -696,13 +696,15 @@ static void vfio_ccw_realize(DeviceState *dev, Error **errp)
vfio_ccw_register_irq_notifier(vcdev, VFIO_CCW_REQ_IRQ_INDEX, &err);
if (err) {
- goto out_req_notifier_err;
+ /*
+ * Report this error, but do not make it a failing condition.
+ * Lack of this IRQ in the host does not prevent normal operation.
+ */
+ error_report_err(err);
}
return;
-out_req_notifier_err:
- vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_CRW_IRQ_INDEX);
out_crw_notifier_err:
vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX);
out_io_notifier_err:

74
vhost-user-blk-Check-that-num-queues-is-.patch
View File

@ -1,74 +0,0 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 29 Apr 2021 19:13:16 +0200
Subject: vhost-user-blk: Check that num-queues is supported by backend
Git-commit: c90bd505a3e8210c23d69fecab9ee6f56ec4a161
Creating a device with a number of queues that isn't supported by the
backend is pointless, the device won't work properly and the error
messages are rather confusing.
Just fail to create the device if num-queues is higher than what the
backend supports.
Since the relationship between num-queues and the number of virtqueues
depends on the specific device, this is an additional value that needs
to be initialised by the device. For convenience, allow leaving it 0 if
the check should be skipped. This makes sense for vhost-user-net where
separate vhost devices are used for the queues and custom initialisation
code is needed to perform the check.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935031
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20210429171316.162022-7-kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/vhost-user-blk.c | 1 +
hw/virtio/vhost-user.c | 5 +++++
include/hw/virtio/vhost.h | 2 ++
3 files changed, 8 insertions(+)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 738e8498b4a1d650047f7190c435..ceb6bdde71e57640677a48425148 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -324,6 +324,7 @@ static int vhost_user_blk_connect(DeviceState *dev)
}
s->connected = true;
+ s->dev.num_queues = s->num_queues;
s->dev.nvqs = s->num_queues;
s->dev.vqs = s->vhost_vqs;
s->dev.vq_index = 0;
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index ded0c10453095830e24b6e53e8f8..ee57abe04526f6c55d983cb0254c 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -1909,6 +1909,11 @@ static int vhost_user_backend_init(struct vhost_dev *dev, void *opaque)
return err;
}
}
+ if (dev->num_queues && dev->max_queues < dev->num_queues) {
+ error_report("The maximum number of queues supported by the "
+ "backend is %" PRIu64, dev->max_queues);
+ return -EINVAL;
+ }
if (virtio_has_feature(features, VIRTIO_F_IOMMU_PLATFORM) &&
!(virtio_has_feature(dev->protocol_features,
diff --git a/include/hw/virtio/vhost.h b/include/hw/virtio/vhost.h
index 4a8bc75415f6bba597c195e10a47..21a9a52088dd01838099046587fd 100644
--- a/include/hw/virtio/vhost.h
+++ b/include/hw/virtio/vhost.h
@@ -74,6 +74,8 @@ struct vhost_dev {
int nvqs;
/* the first virtqueue which would be used by this vhost dev */
int vq_index;
+ /* if non-zero, minimum required value for max_queues */
+ int num_queues;
uint64_t features;
uint64_t acked_features;
uint64_t backend_features;

171
vhost-user-blk-Don-t-reconnect-during-in.patch
View File

@ -1,171 +0,0 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 29 Apr 2021 19:13:12 +0200
Subject: vhost-user-blk: Don't reconnect during initialisation
Git-commit: dabefdd6abcbc7d858e9413e4734aab2e0b5c8d9
This is a partial revert of commits 77542d43149 and bc79c87bcde.
Usually, an error during initialisation means that the configuration was
wrong. Reconnecting won't make the error go away, but just turn the
error condition into an endless loop. Avoid this and return errors
again.
Additionally, calling vhost_user_blk_disconnect() from the chardev event
handler could result in use-after-free because none of the
initialisation code expects that the device could just go away in the
middle. So removing the call fixes crashes in several places.
For example, using a num-queues setting that is incompatible with the
backend would result in a crash like this (dereferencing dev->opaque,
which is already NULL):
#0 0x0000555555d0a4bd in vhost_user_read_cb (source=0x5555568f4690, condition=(G_IO_IN | G_IO_HUP), opaque=0x7fffffffcbf0) at ../hw/virtio/vhost-user.c:313
#1 0x0000555555d950d3 in qio_channel_fd_source_dispatch (source=0x555557c3f750, callback=0x555555d0a478 <vhost_user_read_cb>, user_data=0x7fffffffcbf0) at ../io/channel-watch.c:84
#2 0x00007ffff7b32a9f in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#3 0x00007ffff7b84a98 in g_main_context_iterate.constprop () at /lib64/libglib-2.0.so.0
#4 0x00007ffff7b32163 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#5 0x0000555555d0a724 in vhost_user_read (dev=0x555557bc62f8, msg=0x7fffffffcc50) at ../hw/virtio/vhost-user.c:402
#6 0x0000555555d0ee6b in vhost_user_get_config (dev=0x555557bc62f8, config=0x555557bc62ac "", config_len=60) at ../hw/virtio/vhost-user.c:2133
#7 0x0000555555d56d46 in vhost_dev_get_config (hdev=0x555557bc62f8, config=0x555557bc62ac "", config_len=60) at ../hw/virtio/vhost.c:1566
#8 0x0000555555cdd150 in vhost_user_blk_device_realize (dev=0x555557bc60b0, errp=0x7fffffffcf90) at ../hw/block/vhost-user-blk.c:510
#9 0x0000555555d08f6d in virtio_device_realize (dev=0x555557bc60b0, errp=0x7fffffffcff0) at ../hw/virtio/virtio.c:3660
Note that this removes the ability to reconnect during initialisation
(but not during operation) when there is no permanent error, but the
backend restarts, as the implementation was buggy. This feature can be
added back in a follow-up series after changing error paths to
distinguish cases where retrying could help from cases with permanent
errors.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210429171316.162022-3-kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/vhost-user-blk.c | 59 +++++++++++----------------------------
1 file changed, 17 insertions(+), 42 deletions(-)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 7c85248a7b78b9d9ec8614a3b5fe..c0b9958da1b4e155e063fb3426d0 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -50,6 +50,8 @@ static const int user_feature_bits[] = {
VHOST_INVALID_FEATURE_BIT
};
+static void vhost_user_blk_event(void *opaque, QEMUChrEvent event);
+
static void vhost_user_blk_update_config(VirtIODevice *vdev, uint8_t *config)
{
VHostUserBlk *s = VHOST_USER_BLK(vdev);
@@ -362,19 +364,6 @@ static void vhost_user_blk_disconnect(DeviceState *dev)
vhost_dev_cleanup(&s->dev);
}
-static void vhost_user_blk_event(void *opaque, QEMUChrEvent event,
- bool realized);
-
-static void vhost_user_blk_event_realize(void *opaque, QEMUChrEvent event)
-{
- vhost_user_blk_event(opaque, event, false);
-}
-
-static void vhost_user_blk_event_oper(void *opaque, QEMUChrEvent event)
-{
- vhost_user_blk_event(opaque, event, true);
-}
-
static void vhost_user_blk_chr_closed_bh(void *opaque)
{
DeviceState *dev = opaque;
@@ -382,12 +371,11 @@ static void vhost_user_blk_chr_closed_bh(void *opaque)
VHostUserBlk *s = VHOST_USER_BLK(vdev);
vhost_user_blk_disconnect(dev);
- qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL,
- vhost_user_blk_event_oper, NULL, opaque, NULL, true);
+ qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, vhost_user_blk_event,
+ NULL, opaque, NULL, true);
}
-static void vhost_user_blk_event(void *opaque, QEMUChrEvent event,
- bool realized)
+static void vhost_user_blk_event(void *opaque, QEMUChrEvent event)
{
DeviceState *dev = opaque;
VirtIODevice *vdev = VIRTIO_DEVICE(dev);
@@ -401,17 +389,7 @@ static void vhost_user_blk_event(void *opaque, QEMUChrEvent event,
}
break;
case CHR_EVENT_CLOSED:
- /*
- * Closing the connection should happen differently on device
- * initialization and operation stages.
- * On initalization, we want to re-start vhost_dev initialization
- * from the very beginning right away when the connection is closed,
- * so we clean up vhost_dev on each connection closing.
- * On operation, we want to postpone vhost_dev cleanup to let the
- * other code perform its own cleanup sequence using vhost_dev data
- * (e.g. vhost_dev_set_log).
- */
- if (realized && !runstate_check(RUN_STATE_SHUTDOWN)) {
+ if (!runstate_check(RUN_STATE_SHUTDOWN)) {
/*
* A close event may happen during a read/write, but vhost
* code assumes the vhost_dev remains setup, so delay the
@@ -431,8 +409,6 @@ static void vhost_user_blk_event(void *opaque, QEMUChrEvent event,
* knowing its type (in this case vhost-user).
*/
s->dev.started = false;
- } else {
- vhost_user_blk_disconnect(dev);
}
break;
case CHR_EVENT_BREAK:
@@ -489,33 +465,32 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp)
s->vhost_vqs = g_new0(struct vhost_virtqueue, s->num_queues);
s->connected = false;
- qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL,
- vhost_user_blk_event_realize, NULL, (void *)dev,
- NULL, true);
-
-reconnect:
if (qemu_chr_fe_wait_connected(&s->chardev, errp) < 0) {
goto virtio_err;
}
- /* check whether vhost_user_blk_connect() failed or not */
- if (!s->connected) {
- goto reconnect;
+ if (vhost_user_blk_connect(dev) < 0) {
+ error_setg(errp, "vhost-user-blk: could not connect");
+ qemu_chr_fe_disconnect(&s->chardev);
+ goto virtio_err;
}
+ assert(s->connected);
ret = vhost_dev_get_config(&s->dev, (uint8_t *)&s->blkcfg,
sizeof(struct virtio_blk_config));
if (ret < 0) {
- error_report("vhost-user-blk: get block config failed");
- goto reconnect;
+ error_setg(errp, "vhost-user-blk: get block config failed");
+ goto vhost_err;
}
- /* we're fully initialized, now we can operate, so change the handler */
+ /* we're fully initialized, now we can operate, so add the handler */
qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL,
- vhost_user_blk_event_oper, NULL, (void *)dev,
+ vhost_user_blk_event, NULL, (void *)dev,
NULL, true);
return;
+vhost_err:
+ vhost_dev_cleanup(&s->dev);
virtio_err:
g_free(s->vhost_vqs);
s->vhost_vqs = NULL;

47
vhost-user-blk-Fail-gracefully-on-too-la.patch
View File

@ -1,47 +0,0 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Tue, 13 Apr 2021 18:56:54 +0200
Subject: vhost-user-blk: Fail gracefully on too large queue size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 68bf7336533faa6aa90fdd4558edddbf5d8ef814
virtio_add_queue() aborts when queue_size > VIRTQUEUE_MAX_SIZE, so
vhost_user_blk_device_realize() should check this before calling it.
Simple reproducer:
qemu-system-x86_64 \
-chardev null,id=foo \
-device vhost-user-blk-pci,queue-size=4096,chardev=foo
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935014
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210413165654.50810-1-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/vhost-user-blk.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 0b5b9d44cdb0ed4d4a43974e7cdd..f5e9682703f3433c4b363003f90f 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -467,6 +467,11 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp)
error_setg(errp, "vhost-user-blk: queue size must be non-zero");
return;
}
+ if (s->queue_size > VIRTQUEUE_MAX_SIZE) {
+ error_setg(errp, "vhost-user-blk: queue size must not exceed %d",
+ VIRTQUEUE_MAX_SIZE);
+ return;
+ }
if (!vhost_user_init(&s->vhost_user, &s->chardev, errp)) {
return;

35
vhost-user-blk-Get-more-feature-flags-fr.patch
View File

@ -1,35 +0,0 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 29 Apr 2021 19:13:14 +0200
Subject: vhost-user-blk: Get more feature flags from vhost device
Git-commit: 7556a320c98812ca6648b707393f4513387faf73
VIRTIO_F_RING_PACKED and VIRTIO_F_IOMMU_PLATFORM need to be supported by
the vhost device, otherwise advertising it to the guest doesn't result
in a working configuration. They are currently not supported by the
vhost-user-blk export in QEMU.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935020
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20210429171316.162022-5-kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/vhost-user-blk.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index c0b9958da1b4e155e063fb3426d0..738e8498b4a1d650047f7190c435 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -47,6 +47,8 @@ static const int user_feature_bits[] = {
VIRTIO_RING_F_INDIRECT_DESC,
VIRTIO_RING_F_EVENT_IDX,
VIRTIO_F_NOTIFY_ON_EMPTY,
+ VIRTIO_F_RING_PACKED,
+ VIRTIO_F_IOMMU_PLATFORM,
VHOST_INVALID_FEATURE_BIT
};

44
vhost-user-blk-Make-sure-to-set-Error-on.patch
View File

@ -1,44 +0,0 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 29 Apr 2021 19:13:11 +0200
Subject: vhost-user-blk: Make sure to set Error on realize failure
Git-commit: f26729715ef21325f972f693607580a829ad1cbb
We have to set errp before jumping to virtio_err, otherwise the caller
(virtio_device_realize()) will take this as success and crash when it
later tries to access things that we've already freed in the error path.
Fixes: 77542d431491788d1e8e79d93ce10172ef207775
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210429171316.162022-2-kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/vhost-user-blk.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index f5e9682703f3433c4b363003f90f..7c85248a7b78b9d9ec8614a3b5fe 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -447,7 +447,6 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp)
{
VirtIODevice *vdev = VIRTIO_DEVICE(dev);
VHostUserBlk *s = VHOST_USER_BLK(vdev);
- Error *err = NULL;
int i, ret;
if (!s->chardev.chr) {
@@ -495,8 +494,7 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp)
NULL, true);
reconnect:
- if (qemu_chr_fe_wait_connected(&s->chardev, &err) < 0) {
- error_report_err(err);
+ if (qemu_chr_fe_wait_connected(&s->chardev, errp) < 0) {
goto virtio_err;
}

133
vhost-user-gpu-abstract-vg_cleanup_mappi.patch
View File

@ -1,133 +0,0 @@
From: Li Qiang <liq3ea@163.com>
Date: Sat, 15 May 2021 20:04:03 -0700
Subject: vhost-user-gpu: abstract vg_cleanup_mapping_iov
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 3ea32d1355d446057c17458238db2749c52ee8f0
References: CVE-2021-3546 bsc#1185981
CVE-2021-3545 bsc#1185990
CVE-2021-3544 bsc#1186010
Currently in vhost-user-gpu, we free resource directly in
the cleanup case of resource. If we change the cleanup logic
we need to change several places, also abstruct a
'vg_create_mapping_iov' can be symmetry with the
'vg_create_mapping_iov'. This is like what virtio-gpu does,
no function changed.
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-9-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
contrib/vhost-user-gpu/vhost-user-gpu.c | 24 ++++++++++++++++++++----
contrib/vhost-user-gpu/virgl.c | 9 +++++----
contrib/vhost-user-gpu/vugpu.h | 2 +-
3 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c
index 770dfad52989b2651eea67fdbb1b..6dc6a44f4e263bfb31ba9ba6ff32 100644
--- a/contrib/vhost-user-gpu/vhost-user-gpu.c
+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c
@@ -49,6 +49,8 @@ static char *opt_render_node;
static gboolean opt_virgl;
static void vg_handle_ctrl(VuDev *dev, int qidx);
+static void vg_cleanup_mapping(VuGpu *g,
+ struct virtio_gpu_simple_resource *res);
static const char *
vg_cmd_to_string(int cmd)
@@ -400,7 +402,7 @@ vg_resource_destroy(VuGpu *g,
}
vugbm_buffer_destroy(&res->buffer);
- g_free(res->iov);
+ vg_cleanup_mapping(g, res);
pixman_image_unref(res->image);
QTAILQ_REMOVE(&g->reslist, res, next);
g_free(res);
@@ -504,6 +506,22 @@ vg_resource_attach_backing(VuGpu *g,
res->iov_cnt = ab.nr_entries;
}
+/* Though currently only free iov, maybe later will do more work. */
+void vg_cleanup_mapping_iov(VuGpu *g,
+ struct iovec *iov, uint32_t count)
+{
+ g_free(iov);
+}
+
+static void
+vg_cleanup_mapping(VuGpu *g,
+ struct virtio_gpu_simple_resource *res)
+{
+ vg_cleanup_mapping_iov(g, res->iov, res->iov_cnt);
+ res->iov = NULL;
+ res->iov_cnt = 0;
+}
+
static void
vg_resource_detach_backing(VuGpu *g,
struct virtio_gpu_ctrl_command *cmd)
@@ -522,9 +540,7 @@ vg_resource_detach_backing(VuGpu *g,
return;
}
- g_free(res->iov);
- res->iov = NULL;
- res->iov_cnt = 0;
+ vg_cleanup_mapping(g, res);
}
static void
diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
index 7172104b19d7a79eb7cc3404e09f..3e45e1bd33600fe5d91c0eea3af8 100644
--- a/contrib/vhost-user-gpu/virgl.c
+++ b/contrib/vhost-user-gpu/virgl.c
@@ -116,8 +116,9 @@ virgl_cmd_resource_unref(VuGpu *g,
virgl_renderer_resource_detach_iov(unref.resource_id,
&res_iovs,
&num_iovs);
- g_free(res_iovs);
-
+ if (res_iovs != NULL && num_iovs != 0) {
+ vg_cleanup_mapping_iov(g, res_iovs, num_iovs);
+ }
virgl_renderer_resource_unref(unref.resource_id);
}
@@ -294,7 +295,7 @@ virgl_resource_attach_backing(VuGpu *g,
ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
res_iovs, att_rb.nr_entries);
if (ret != 0) {
- g_free(res_iovs);
+ vg_cleanup_mapping_iov(g, res_iovs, att_rb.nr_entries);
}
}
@@ -314,7 +315,7 @@ virgl_resource_detach_backing(VuGpu *g,
if (res_iovs == NULL || num_iovs == 0) {
return;
}
- g_free(res_iovs);
+ vg_cleanup_mapping_iov(g, res_iovs, num_iovs);
}
static void
diff --git a/contrib/vhost-user-gpu/vugpu.h b/contrib/vhost-user-gpu/vugpu.h
index 04d56158123d3ee1c271302d8f8a..e2864bba68e0d9c1228eb7745c50 100644
--- a/contrib/vhost-user-gpu/vugpu.h
+++ b/contrib/vhost-user-gpu/vugpu.h
@@ -169,7 +169,7 @@ int vg_create_mapping_iov(VuGpu *g,
struct virtio_gpu_resource_attach_backing *ab,
struct virtio_gpu_ctrl_command *cmd,
struct iovec **iov);
-
+void vg_cleanup_mapping_iov(VuGpu *g, struct iovec *iov, uint32_t count);
void vg_get_display_info(VuGpu *vg, struct virtio_gpu_ctrl_command *cmd);
void vg_wait_ok(VuGpu *g);

45
vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch
View File

@ -1,45 +0,0 @@
From: Li Qiang <liq3ea@163.com>
Date: Sat, 15 May 2021 20:04:02 -0700
Subject: vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset'
(CVE-2021-3546)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 9f22893adcb02580aee5968f32baa2cd109b3ec2
References: CVE-2021-3546 bsc#1185981
If 'virgl_cmd_get_capset' set 'max_size' to 0,
the 'virgl_renderer_fill_caps' will write the data after the 'resp'.
This patch avoid this by checking the returned 'max_size'.
virtio-gpu fix: abd7f08b23 ("display: virtio-gpu-3d: check
virgl capabilities max_size")
Fixes: CVE-2021-3546
Reported-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-8-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
contrib/vhost-user-gpu/virgl.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
index a16a311d80df19294e4330f7d004..7172104b19d7a79eb7cc3404e09f 100644
--- a/contrib/vhost-user-gpu/virgl.c
+++ b/contrib/vhost-user-gpu/virgl.c
@@ -177,6 +177,10 @@ virgl_cmd_get_capset(VuGpu *g,
virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
&max_size);
+ if (!max_size) {
+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
+ return;
+ }
resp = g_malloc0(sizeof(*resp) + max_size);
resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;

55
vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch
View File

@ -1,55 +0,0 @@
From: Li Qiang <liq3ea@163.com>
Date: Sat, 15 May 2021 20:04:00 -0700
Subject: vhost-user-gpu: fix leak in 'virgl_cmd_resource_unref'
(CVE-2021-3544)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-comit: f6091d86ba9ea05f4e111b9b42ee0005c37a6779
References: CVE-2021-3544 bsc#1186010
The 'res->iov' will be leaked if the guest trigger following sequences:
virgl_cmd_create_resource_2d
virgl_resource_attach_backing
virgl_cmd_resource_unref
This patch fixes this.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak
in virgl_cmd_resource_unref"
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-6-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
[jrz: tweaked title to not break spec file]
---
contrib/vhost-user-gpu/virgl.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
index 6a332d601f8092c5017e903930e5..c669d73a1dbe93d8faa1474462a9 100644
--- a/contrib/vhost-user-gpu/virgl.c
+++ b/contrib/vhost-user-gpu/virgl.c
@@ -108,9 +108,16 @@ virgl_cmd_resource_unref(VuGpu *g,
struct virtio_gpu_ctrl_command *cmd)
{
struct virtio_gpu_resource_unref unref;
+ struct iovec *res_iovs = NULL;
+ int num_iovs = 0;
VUGPU_FILL_CMD(unref);
+ virgl_renderer_resource_detach_iov(unref.resource_id,
+ &res_iovs,
+ &num_iovs);
+ g_free(res_iovs);
+
virgl_renderer_resource_unref(unref.resource_id);
}

46
vhost-user-gpu-fix-leak-in-virgl_resourc.patch
View File

@ -1,46 +0,0 @@
From: Li Qiang <liq3ea@163.com>
Date: Sat, 15 May 2021 20:04:01 -0700
Subject: vhost-user-gpu: fix leak in 'virgl_resource_attach_backing'
(CVE-2021-3544)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 63736af5a6571d9def93769431e0d7e38c6677bf
References: CVE-2021-3544 bsc#1186010
If 'virgl_renderer_resource_attach_iov' failed, the 'res_iovs' will
be leaked.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 33243031da ("virtio-gpu-3d: fix memory leak
in resource attach backing")
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-7-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
[jrz: tweak title to not break spec file]
---
contrib/vhost-user-gpu/virgl.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
index c669d73a1dbe93d8faa1474462a9..a16a311d80df19294e4330f7d004 100644
--- a/contrib/vhost-user-gpu/virgl.c
+++ b/contrib/vhost-user-gpu/virgl.c
@@ -287,8 +287,11 @@ virgl_resource_attach_backing(VuGpu *g,
return;
}
- virgl_renderer_resource_attach_iov(att_rb.resource_id,
+ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
res_iovs, att_rb.nr_entries);
+ if (ret != 0) {
+ g_free(res_iovs);
+ }
}
static void

39
vhost-user-gpu-fix-memory-disclosure-in-.patch
View File

@ -1,39 +0,0 @@
From: Li Qiang <liq3ea@163.com>
Date: Sat, 15 May 2021 20:03:56 -0700
Subject: vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info
(CVE-2021-3545)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 121841b25d72d13f8cad554363138c360f1250ea
References: CVE-2021-3545 bsc#1185990
Otherwise some of the 'resp' will be leaked to guest.
Fixes: CVE-2021-3545
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak
in getting capset info dispatch")
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-2-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
contrib/vhost-user-gpu/virgl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
index 9e6660c7ab875fe83f366d040c97..6a332d601f8092c5017e903930e5 100644
--- a/contrib/vhost-user-gpu/virgl.c
+++ b/contrib/vhost-user-gpu/virgl.c
@@ -128,6 +128,7 @@ virgl_cmd_get_capset_info(VuGpu *g,
VUGPU_FILL_CMD(info);
+ memset(&resp, 0, sizeof(resp));
if (info.capset_index == 0) {
resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
virgl_renderer_get_cap_set(resp.capset_id,

44
vhost-user-gpu-fix-memory-leak-in-vg_res.patch
View File

@ -1,44 +0,0 @@
From: Li Qiang <liq3ea@163.com>
Date: Sat, 15 May 2021 20:03:58 -0700
Subject: vhost-user-gpu: fix memory leak in vg_resource_attach_backing
(CVE-2021-3544)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: b9f79858a614d95f5de875d0ca31096eaab72c3b
References: CVE-2021-3544 bsc#1186010
Check whether the 'res' has already been attach_backing to avoid
memory leak.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 204f01b309 ("virtio-gpu: fix memory leak
in resource attach backing")
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-4-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
contrib/vhost-user-gpu/vhost-user-gpu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c
index b5e153d0d648def62d5700e686c0..0437e52b64604512607e548d01d8 100644
--- a/contrib/vhost-user-gpu/vhost-user-gpu.c
+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c
@@ -489,6 +489,11 @@ vg_resource_attach_backing(VuGpu *g,
return;
}
+ if (res->iov) {
+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+ return;
+ }
+
ret = vg_create_mapping_iov(g, &ab, cmd, &res->iov);
if (ret != 0) {
cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;

46
vhost-user-gpu-fix-memory-leak-while-cal.patch
View File

@ -1,46 +0,0 @@
From: Li Qiang <liq3ea@163.com>
Date: Sat, 15 May 2021 20:03:59 -0700
Subject: vhost-user-gpu: fix memory leak while calling 'vg_resource_unref'
(CVE-2021-3544)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e
References: CVE-2021-3544 bsc#1186010
If the guest trigger following sequences, the attach_backing will be leaked:
vg_resource_create_2d
vg_resource_attach_backing
vg_resource_unref
This patch fix this by freeing 'res->iov' in vg_resource_destroy.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak
in virgl_cmd_resource_unref")
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-5-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
contrib/vhost-user-gpu/vhost-user-gpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c
index 0437e52b64604512607e548d01d8..770dfad52989b2651eea67fdbb1b 100644
--- a/contrib/vhost-user-gpu/vhost-user-gpu.c
+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c
@@ -400,6 +400,7 @@ vg_resource_destroy(VuGpu *g,
}
vugbm_buffer_destroy(&res->buffer);
+ g_free(res->iov);
pixman_image_unref(res->image);
QTAILQ_REMOVE(&g->reslist, res, next);
g_free(res);

37
vhost-user-gpu-fix-resource-leak-in-vg_r.patch
View File

@ -1,37 +0,0 @@
From: Li Qiang <liq3ea@163.com>
Date: Sat, 15 May 2021 20:03:57 -0700
Subject: vhost-user-gpu: fix resource leak in 'vg_resource_create_2d'
(CVE-2021-3544)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 86dd8fac2acc366930a5dc08d3fb1b1e816f4e1e
References: CVE-2021-3544 bsc#1186010
Call 'vugbm_buffer_destroy' in error path to avoid resource leak.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210516030403.107723-3-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
contrib/vhost-user-gpu/vhost-user-gpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c
index f73f292c9f72395525c51c8bd9fb..b5e153d0d648def62d5700e686c0 100644
--- a/contrib/vhost-user-gpu/vhost-user-gpu.c
+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c
@@ -349,6 +349,7 @@ vg_resource_create_2d(VuGpu *g,
g_critical("%s: resource creation failed %d %d %d",
__func__, c2d.resource_id, c2d.width, c2d.height);
g_free(res);
+ vugbm_buffer_destroy(&res->buffer);
cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
return;
}

46
vhost-vdpa-don-t-initialize-backend_feat.patch
View File

@ -1,46 +0,0 @@
From: Jason Wang <jasowang@redhat.com>
Date: Wed, 2 Jun 2021 11:31:26 +0800
Subject: vhost-vdpa: don't initialize backend_features
Git-commit: c33f23a419f95da16ab4faaf08be635c89b96ff0
We used to initialize backend_features during vhost_vdpa_init()
regardless whether or not it was supported by vhost. This will lead
the unsupported features like VIRTIO_F_IN_ORDER to be included and set
to the vhost-vdpa during vhost_dev_start. Because the
VIRTIO_F_IN_ORDER is not supported by vhost-vdpa so it won't be
advertised to guest which will break the datapath.
Fix this by not initializing the backend_features, so the
acked_features could be built only from guest features via
vhost_net_ack_features().
Fixes: 108a64818e69b ("vhost-vdpa: introduce vhost-vdpa backend")
Cc: qemu-stable@nongnu.org
Cc: Gautam Dawar <gdawar@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/virtio/vhost-vdpa.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index 01d2101d0976fdd8e407a32ec9db..5fe43a4eb5c48148085b62901ff6 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -275,15 +275,12 @@ static void vhost_vdpa_add_status(struct vhost_dev *dev, uint8_t status)
static int vhost_vdpa_init(struct vhost_dev *dev, void *opaque)
{
struct vhost_vdpa *v;
- uint64_t features;
assert(dev->vhost_ops->backend_type == VHOST_BACKEND_TYPE_VDPA);
trace_vhost_vdpa_init(dev, opaque);
v = opaque;
v->dev = dev;
dev->opaque = opaque ;
- vhost_vdpa_call(dev, VHOST_GET_FEATURES, &features);
- dev->backend_features = features;
v->listener = vhost_vdpa_memory_listener;
v->msg_type = VHOST_IOTLB_MSG_V2;

44
virtio-Fail-if-iommu_platform-is-request.patch
View File

@ -1,44 +0,0 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 29 Apr 2021 19:13:15 +0200
Subject: virtio: Fail if iommu_platform is requested, but unsupported
Git-commit: 04ceb61a4075fadbf374ef89662c41999da83489
Commit 2943b53f6 (' virtio: force VIRTIO_F_IOMMU_PLATFORM') made sure
that vhost can't just reject VIRTIO_F_IOMMU_PLATFORM when it was
requested. However, just adding it back to the negotiated flags isn't
right either because it promises support to the guest that the device
actually doesn't support. One example of a vhost-user device that
doesn't have support for the flag is the vhost-user-blk export of QEMU.
Instead of successfully creating a device that doesn't work, just fail
to plug the device when it doesn't support the feature, but it was
requested. This results in much clearer error messages.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935019
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20210429171316.162022-6-kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/virtio/virtio-bus.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
index d6332d45c3b201d6528d84306da9..859978d24877a04ed5eaa03d060d 100644
--- a/hw/virtio/virtio-bus.c
+++ b/hw/virtio/virtio-bus.c
@@ -69,6 +69,11 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
return;
}
+ if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {
+ error_setg(errp, "iommu_platform=true is not supported by the device");
+ return;
+ }
+
if (klass->device_plugged != NULL) {
klass->device_plugged(qbus->parent, &local_err);
}

68
virtio-blk-Fix-rollback-path-in-virtio_b.patch
View File

@ -1,68 +0,0 @@
From: Greg Kurz <groug@kaod.org>
Date: Wed, 7 Apr 2021 16:34:58 +0200
Subject: virtio-blk: Fix rollback path in virtio_blk_data_plane_start()
Git-commit: 570fe439e5d1b8626cf344c6bc97d90cfcaf0c79
When dataplane multiqueue support was added in QEMU 2.7, the path
that would rollback guest notifiers assignment in case of error
simply got dropped.
Later on, when Error was added to blk_set_aio_context() in QEMU 4.1,
another error path was introduced, but it ommits to rollback both
host and guest notifiers.
It seems cleaner to fix the rollback path in one go. The patch is
simple enough that it can be adjusted if backported to a pre-4.1
QEMU.
Fixes: 51b04ac5c6a6 ("virtio-blk: dataplane multiqueue support")
Cc: stefanha@redhat.com
Fixes: 97896a4887a0 ("block: Add Error to blk_set_aio_context()")
Cc: kwolf@redhat.com
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210407143501.244343-2-groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/dataplane/virtio-blk.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index e9050c8987e7d4c8496135dd87ea..d7b5c95d26d9ec818118513b40c3 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -207,7 +207,7 @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
}
- goto fail_guest_notifiers;
+ goto fail_host_notifiers;
}
}
@@ -221,7 +221,7 @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
aio_context_release(old_context);
if (r < 0) {
error_report_err(local_err);
- goto fail_guest_notifiers;
+ goto fail_aio_context;
}
/* Process queued requests before the ones in vring */
@@ -245,6 +245,13 @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
aio_context_release(s->ctx);
return 0;
+ fail_aio_context:
+ for (i = 0; i < nvqs; i++) {
+ virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
+ virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
+ }
+ fail_host_notifiers:
+ k->set_guest_notifiers(qbus->parent, nvqs, false);
fail_guest_notifiers:
/*
* If we failed to set up the guest notifiers queued requests will be

100
virtiofsd-Fix-side-effect-in-assert.patch
View File

@ -1,100 +0,0 @@
From: Greg Kurz <groug@kaod.org>
Date: Fri, 9 Apr 2021 12:06:27 +0200
Subject: virtiofsd: Fix side-effect in assert()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 0adb3aff3932d05b069bd2cb13480f1611cce654
It is bad practice to put an expression with a side-effect in
assert() because the side-effect won't happen if the code is
compiled with -DNDEBUG.
Use an intermediate variable. Consolidate this in an macro to
have proper line numbers when the assertion is hit.
virtiofsd: ../../tools/virtiofsd/passthrough_ll.c:2797: lo_getxattr:
Assertion `fchdir_res == 0' failed.
Aborted
2796 /* fchdir should not fail here */
=>2797 FCHDIR_NOFAIL(lo->proc_self_fd);
2798 ret = getxattr(procname, name, value, size);
2799 FCHDIR_NOFAIL(lo->root.fd);
Fixes: bdfd66788349 ("virtiofsd: Fix xattr operations")
Cc: misono.tomohiro@jp.fujitsu.com
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210409100627.451573-1-groug@kaod.org>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
tools/virtiofsd/passthrough_ll.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 1553d2ef454f55a3103b452841d5..6592f96f685e52fecf5703739e7d 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2723,6 +2723,11 @@ static int xattr_map_server(const struct lo_data *lo, const char *server_name,
return -ENODATA;
}
+#define FCHDIR_NOFAIL(fd) do { \
+ int fchdir_res = fchdir(fd); \
+ assert(fchdir_res == 0); \
+ } while (0)
+
static void lo_getxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name,
size_t size)
{
@@ -2789,9 +2794,9 @@ static void lo_getxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name,
ret = fgetxattr(fd, name, value, size);
} else {
/* fchdir should not fail here */
- assert(fchdir(lo->proc_self_fd) == 0);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
ret = getxattr(procname, name, value, size);
- assert(fchdir(lo->root.fd) == 0);
+ FCHDIR_NOFAIL(lo->root.fd);
}
if (ret == -1) {
@@ -2864,9 +2869,9 @@ static void lo_listxattr(fuse_req_t req, fuse_ino_t ino, size_t size)
ret = flistxattr(fd, value, size);
} else {
/* fchdir should not fail here */
- assert(fchdir(lo->proc_self_fd) == 0);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
ret = listxattr(procname, value, size);
- assert(fchdir(lo->root.fd) == 0);
+ FCHDIR_NOFAIL(lo->root.fd);
}
if (ret == -1) {
@@ -3000,9 +3005,9 @@ static void lo_setxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name,
ret = fsetxattr(fd, name, value, size, flags);
} else {
/* fchdir should not fail here */
- assert(fchdir(lo->proc_self_fd) == 0);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
ret = setxattr(procname, name, value, size, flags);
- assert(fchdir(lo->root.fd) == 0);
+ FCHDIR_NOFAIL(lo->root.fd);
}
saverr = ret == -1 ? errno : 0;
@@ -3066,9 +3071,9 @@ static void lo_removexattr(fuse_req_t req, fuse_ino_t ino, const char *in_name)
ret = fremovexattr(fd, name);
} else {
/* fchdir should not fail here */
- assert(fchdir(lo->proc_self_fd) == 0);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
ret = removexattr(procname, name);
- assert(fchdir(lo->root.fd) == 0);
+ FCHDIR_NOFAIL(lo->root.fd);
}
saverr = ret == -1 ? errno : 0;

41
vl-Fix-an-assert-failure-in-error-path.patch
View File

@ -1,41 +0,0 @@
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Thu, 10 Jun 2021 16:47:41 +0800
Subject: vl: Fix an assert failure in error path
Git-commit: 38f71349c7c4969bc14da4da1c70b8cc4078d596
Based on the description of error_setg(), the local variable err in
qemu_maybe_daemonize() should be initialized to NULL.
Without fix, the uninitialized *errp triggers assert failure which
doesn't show much valuable information.
Before the fix:
qemu-system-x86_64: ../util/error.c:59: error_setv: Assertion `*errp == NULL' failed.
After fix:
qemu-system-x86_64: cannot create PID file: Cannot open pid file: Permission denied
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Message-Id: <20210610084741.456260-1-zhenzhong.duan@intel.com>
Cc: qemu-stable@nongnu.org
Fixes: 0546c0609c ("vl: split various early command line options to a separate function", 2020-12-10)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
softmmu/vl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 8cb68f21b9f2a5cf159295169ed0..8a0ab39d81b1108826526bf3fc9a 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -2509,7 +2509,7 @@ static void qemu_process_help_options(void)
static void qemu_maybe_daemonize(const char *pid_file)
{
- Error *err;
+ Error *err = NULL;
os_daemonize();
rcu_disable_atfork();

41
vl-allow-not-specifying-size-in-m-when-u.patch
View File

@ -1,41 +0,0 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 17 May 2021 10:13:01 -0400
Subject: vl: allow not specifying size in -m when using -M memory-backend
Git-commit: d349f92f78d26db2805ca39a7745cc70affea021
Starting in QEMU 6.0's commit f5c9fcb82d ("vl: separate
qemu_create_machine", 2020-12-10), a function have_custom_ram_size()
replaced the return value of set_memory_options().
The purpose of the return value was to record the presence of
"-m size", and if it was not there, change the default RAM
size to the size of the memory backend passed with "-M
memory-backend".
With that commit, however, have_custom_ram_size() is now queried only
after set_memory_options has stored the fixed-up RAM size in QemuOpts for
"future use". This was actually the only future use of the fixed-up RAM
size, so remove that code and fix the bug.
Cc: qemu-stable@nongnu.org
Fixes: f5c9fcb82d ("vl: separate qemu_create_machine", 2020-12-10)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
softmmu/vl.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 07ade8e5ccd2934a69b82bcaabae..1b9b067ecad6fb392bb34f61fe77 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -2026,8 +2026,6 @@ static void set_memory_options(MachineClass *mc)
exit(EXIT_FAILURE);
}
- /* store value for the future use */
- qemu_opt_set_number(opts, "size", ram_size, &error_abort);
maxram_size = ram_size;
if (qemu_opt_get(opts, "maxmem")) {

87
vl-plug-object-back-into-readconfig.patch
View File

@ -1,87 +0,0 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 24 May 2021 06:57:52 -0400
Subject: vl: plug -object back into -readconfig
Git-commit: 49e987695a1873a769a823604f9065aa88e00c55
Commit bc2f4fcb1d ("qom: move user_creatable_add_opts logic to vl.c
and QAPIfy it", 2021-03-19) switched the creation of objects from
qemu_opts_foreach to a bespoke QTAILQ in preparation for supporting JSON
syntax in -object.
Unfortunately in doing so it lost support for [object] stanzas in
configuration files and also for "-set object.ID.KEY=VAL". The latter
is hard to re-establish and probably best solved by deprecating -set.
This patch uses the infrastructure introduced by the previous two
patches in order to parse QOM objects correctly from configuration
files.
Cc: Markus Armbruster <armbru@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210524105752.3318299-4-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
softmmu/vl.c | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 4cdbe9232a6429b6f9a195336149..8cb68f21b9f2a5cf159295169ed0 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -1710,9 +1710,15 @@ static void object_option_foreach_add(bool (*type_opt_predicate)(const char *))
}
}
+static void object_option_add_visitor(Visitor *v)
+{
+ ObjectOption *opt = g_new0(ObjectOption, 1);
+ visit_type_ObjectOptions(v, NULL, &opt->opts, &error_fatal);
+ QTAILQ_INSERT_TAIL(&object_opts, opt, next);
+}
+
static void object_option_parse(const char *optarg)
{
- ObjectOption *opt;
QemuOpts *opts;
const char *type;
Visitor *v;
@@ -1740,11 +1746,8 @@ static void object_option_parse(const char *optarg)
v = opts_visitor_new(opts);
}
- opt = g_new0(ObjectOption, 1);
- visit_type_ObjectOptions(v, NULL, &opt->opts, &error_fatal);
+ object_option_add_visitor(v);
visit_free(v);
-
- QTAILQ_INSERT_TAIL(&object_opts, opt, next);
}
/*
@@ -2121,13 +2124,22 @@ static int global_init_func(void *opaque, QemuOpts *opts, Error **errp)
*/
static bool is_qemuopts_group(const char *group)
{
+ if (g_str_equal(group, "object")) {
+ return false;
+ }
return true;
}
static void qemu_record_config_group(const char *group, QDict *dict,
bool from_json, Error **errp)
{
- abort();
+ if (g_str_equal(group, "object")) {
+ Visitor *v = qobject_input_visitor_new_keyval(QOBJECT(dict));
+ object_option_add_visitor(v);
+ visit_free(v);
+ } else {
+ abort();
+ }
}
/*

187
vl-plumb-keyval-based-options-into-readc.patch
View File

@ -1,187 +0,0 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 24 May 2021 06:57:51 -0400
Subject: vl: plumb keyval-based options into -readconfig
Git-commit: c0d4aa82f895af67cbf7772324e05605e22b4162
Let -readconfig support parsing command line options into QDict or
QemuOpts. This will be used to add back support for objects in
-readconfig.
Cc: Markus Armbruster <armbru@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210524105752.3318299-3-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
include/block/qdict.h | 2 -
include/qapi/qmp/qdict.h | 3 ++
softmmu/vl.c | 83 ++++++++++++++++++++++++++++------------
3 files changed, 62 insertions(+), 26 deletions(-)
diff --git a/include/block/qdict.h b/include/block/qdict.h
index d8cb502d7db3d687eb4701804db0..ced2acfb92a080d9fc4ad52517fa 100644
--- a/include/block/qdict.h
+++ b/include/block/qdict.h
@@ -20,8 +20,6 @@ void qdict_join(QDict *dest, QDict *src, bool overwrite);
void qdict_extract_subqdict(QDict *src, QDict **dst, const char *start);
void qdict_array_split(QDict *src, QList **dst);
int qdict_array_entries(QDict *src, const char *subqdict);
-QObject *qdict_crumple(const QDict *src, Error **errp);
-void qdict_flatten(QDict *qdict);
typedef struct QDictRenames {
const char *from;
diff --git a/include/qapi/qmp/qdict.h b/include/qapi/qmp/qdict.h
index 9934539c1b73590e626ab8adc774..d5b5430e21a90afdf93a5e46df72 100644
--- a/include/qapi/qmp/qdict.h
+++ b/include/qapi/qmp/qdict.h
@@ -64,4 +64,7 @@ const char *qdict_get_try_str(const QDict *qdict, const char *key);
QDict *qdict_clone_shallow(const QDict *src);
+QObject *qdict_crumple(const QDict *src, Error **errp);
+void qdict_flatten(QDict *qdict);
+
#endif /* QDICT_H */
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 5c7e7570f627a54eb22f668dceb0..4cdbe9232a6429b6f9a195336149 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -123,6 +123,7 @@
#include "qapi/qapi-commands-misc.h"
#include "qapi/qapi-visit-qom.h"
#include "qapi/qapi-commands-ui.h"
+#include "qapi/qmp/qdict.h"
#include "qapi/qmp/qerror.h"
#include "sysemu/iothread.h"
#include "qemu/guest-random.h"
@@ -2114,13 +2115,53 @@ static int global_init_func(void *opaque, QemuOpts *opts, Error **errp)
return 0;
}
+/*
+ * Return whether configuration group @group is stored in QemuOpts, or
+ * recorded as one or more QDicts by qemu_record_config_group.
+ */
+static bool is_qemuopts_group(const char *group)
+{
+ return true;
+}
+
+static void qemu_record_config_group(const char *group, QDict *dict,
+ bool from_json, Error **errp)
+{
+ abort();
+}
+
+/*
+ * Parse non-QemuOpts config file groups, pass the rest to
+ * qemu_config_do_parse.
+ */
+static void qemu_parse_config_group(const char *group, QDict *qdict,
+ void *opaque, Error **errp)
+{
+ QObject *crumpled;
+ if (is_qemuopts_group(group)) {
+ qemu_config_do_parse(group, qdict, opaque, errp);
+ return;
+ }
+
+ crumpled = qdict_crumple(qdict, errp);
+ if (!crumpled) {
+ return;
+ }
+ if (qobject_type(crumpled) != QTYPE_QDICT) {
+ assert(qobject_type(crumpled) == QTYPE_QLIST);
+ error_setg(errp, "Lists cannot be at top level of a configuration section");
+ return;
+ }
+ qemu_record_config_group(group, qobject_to(QDict, crumpled), false, errp);
+}
+
static void qemu_read_default_config_file(Error **errp)
{
ERRP_GUARD();
int ret;
g_autofree char *file = get_relocated_path(CONFIG_QEMU_CONFDIR "/qemu.conf");
- ret = qemu_read_config_file(file, qemu_config_do_parse, errp);
+ ret = qemu_read_config_file(file, qemu_parse_config_group, errp);
if (ret < 0) {
if (ret == -ENOENT) {
error_free(*errp);
@@ -2129,9 +2170,8 @@ static void qemu_read_default_config_file(Error **errp)
}
}
-static int qemu_set_option(const char *str)
+static void qemu_set_option(const char *str, Error **errp)
{
- Error *local_err = NULL;
char group[64], id[64], arg[64];
QemuOptsList *list;
QemuOpts *opts;
@@ -2139,27 +2179,23 @@ static int qemu_set_option(const char *str)
rc = sscanf(str, "%63[^.].%63[^.].%63[^=]%n", group, id, arg, &offset);
if (rc < 3 || str[offset] != '=') {
- error_report("can't parse: \"%s\"", str);
- return -1;
+ error_setg(errp, "can't parse: \"%s\"", str);
+ return;
}
- list = qemu_find_opts(group);
- if (list == NULL) {
- return -1;
+ if (!is_qemuopts_group(group)) {
+ error_setg(errp, "-set is not supported with %s", group);
+ } else {
+ list = qemu_find_opts_err(group, errp);
+ if (list) {
+ opts = qemu_opts_find(list, id);
+ if (!opts) {
+ error_setg(errp, "there is no %s \"%s\" defined", group, id);
+ return;
+ }
+ qemu_opt_set(opts, arg, str + offset + 1, errp);
+ }
}
-
- opts = qemu_opts_find(list, id);
- if (!opts) {
- error_report("there is no %s \"%s\" defined",
- list->name, id);
- return -1;
- }
-
- if (!qemu_opt_set(opts, arg, str + offset + 1, &local_err)) {
- error_report_err(local_err);
- return -1;
- }
- return 0;
}
static void user_register_global_props(void)
@@ -2764,8 +2800,7 @@ void qemu_init(int argc, char **argv, char **envp)
}
break;
case QEMU_OPTION_set:
- if (qemu_set_option(optarg) != 0)
- exit(1);
+ qemu_set_option(optarg, &error_fatal);
break;
case QEMU_OPTION_global:
if (qemu_global_option(optarg) != 0)
@@ -3397,7 +3432,7 @@ void qemu_init(int argc, char **argv, char **envp)
qemu_plugin_opt_parse(optarg, &plugin_list);
break;
case QEMU_OPTION_readconfig:
- qemu_read_config_file(optarg, qemu_config_do_parse, &error_fatal);
+ qemu_read_config_file(optarg, qemu_parse_config_group, &error_fatal);
break;
case QEMU_OPTION_spice:
olist = qemu_find_opts_err("spice", NULL);

130
x86-acpi-use-offset-instead-of-pointer-w.patch
View File

@ -1,130 +0,0 @@
From: Igor Mammedov <imammedo@redhat.com>
Date: Wed, 14 Apr 2021 04:43:56 -0400
Subject: x86: acpi: use offset instead of pointer when using build_header()
Git-commit: bb9feea43179ef8aba2c0a9cc1e670cb049ba90e
Do the same as in commit
(4d027afeb3a97 Virt: ACPI: fix qemu assert due to re-assigned table data address)
for remaining tables that happen to use saved at
the beginning pointer to build header to avoid assert
when table_data is relocated due to implicit re-size.
In this case user is trying to start Windows 10 and getting assert at
hw/acpi/bios-linker-loader.c:239:
bios_linker_loader_add_checksum: Assertion `start_offset < file->blob->len' failed.
Fixes: https://bugs.launchpad.net/bugs/1923497
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210414084356.3792113-1-imammedo@redhat.com>
Cc: mst@redhat.com, qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/acpi/aml-build.c | 15 +++++++++------
hw/i386/acpi-build.c | 8 ++++++--
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index d33ce8954aa6b51788c443e5c6a9..f0035d2b4a183363e0b162b2e5b0 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1830,6 +1830,7 @@ build_rsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets,
int i;
unsigned rsdt_entries_offset;
AcpiRsdtDescriptorRev1 *rsdt;
+ int rsdt_start = table_data->len;
const unsigned table_data_len = (sizeof(uint32_t) * table_offsets->len);
const unsigned rsdt_entry_size = sizeof(rsdt->table_offset_entry[0]);
const size_t rsdt_len = sizeof(*rsdt) + table_data_len;
@@ -1846,7 +1847,8 @@ build_rsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets,
ACPI_BUILD_TABLE_FILE, ref_tbl_offset);
}
build_header(linker, table_data,
- (void *)rsdt, "RSDT", rsdt_len, 1, oem_id, oem_table_id);
+ (void *)(table_data->data + rsdt_start),
+ "RSDT", rsdt_len, 1, oem_id, oem_table_id);
}
/* Build xsdt table */
@@ -1857,6 +1859,7 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets,
int i;
unsigned xsdt_entries_offset;
AcpiXsdtDescriptorRev2 *xsdt;
+ int xsdt_start = table_data->len;
const unsigned table_data_len = (sizeof(uint64_t) * table_offsets->len);
const unsigned xsdt_entry_size = sizeof(xsdt->table_offset_entry[0]);
const size_t xsdt_len = sizeof(*xsdt) + table_data_len;
@@ -1873,7 +1876,8 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets,
ACPI_BUILD_TABLE_FILE, ref_tbl_offset);
}
build_header(linker, table_data,
- (void *)xsdt, "XSDT", xsdt_len, 1, oem_id, oem_table_id);
+ (void *)(table_data->data + xsdt_start),
+ "XSDT", xsdt_len, 1, oem_id, oem_table_id);
}
void build_srat_memory(AcpiSratMemoryAffinity *numamem, uint64_t base,
@@ -2053,10 +2057,9 @@ void build_tpm2(GArray *table_data, BIOSLinker *linker, GArray *tcpalog,
uint64_t control_area_start_address;
TPMIf *tpmif = tpm_find();
uint32_t start_method;
- void *tpm2_ptr;
tpm2_start = table_data->len;
- tpm2_ptr = acpi_data_push(table_data, sizeof(AcpiTableHeader));
+ acpi_data_push(table_data, sizeof(AcpiTableHeader));
/* Platform Class */
build_append_int_noprefix(table_data, TPM2_ACPI_CLASS_CLIENT, 2);
@@ -2095,8 +2098,8 @@ void build_tpm2(GArray *table_data, BIOSLinker *linker, GArray *tcpalog,
log_addr_offset, 8,
ACPI_BUILD_TPMLOG_FILE, 0);
build_header(linker, table_data,
- tpm2_ptr, "TPM2", table_data->len - tpm2_start, 4, oem_id,
- oem_table_id);
+ (void *)(table_data->data + tpm2_start),
+ "TPM2", table_data->len - tpm2_start, 4, oem_id, oem_table_id);
}
Aml *build_crs(PCIHostState *host, CrsRangeSet *range_set, uint32_t io_offset,
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index de98750aeff6bdec266a85c38357..daaf8f473e99ca28f03360f4ff7a 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1816,6 +1816,7 @@ build_hpet(GArray *table_data, BIOSLinker *linker, const char *oem_id,
const char *oem_table_id)
{
Acpi20Hpet *hpet;
+ int hpet_start = table_data->len;
hpet = acpi_data_push(table_data, sizeof(*hpet));
/* Note timer_block_id value must be kept in sync with value advertised by
@@ -1824,13 +1825,15 @@ build_hpet(GArray *table_data, BIOSLinker *linker, const char *oem_id,
hpet->timer_block_id = cpu_to_le32(0x8086a201);
hpet->addr.address = cpu_to_le64(HPET_BASE);
build_header(linker, table_data,
- (void *)hpet, "HPET", sizeof(*hpet), 1, oem_id, oem_table_id);
+ (void *)(table_data->data + hpet_start),
+ "HPET", sizeof(*hpet), 1, oem_id, oem_table_id);
}
static void
build_tpm_tcpa(GArray *table_data, BIOSLinker *linker, GArray *tcpalog,
const char *oem_id, const char *oem_table_id)
{
+ int tcpa_start = table_data->len;
Acpi20Tcpa *tcpa = acpi_data_push(table_data, sizeof *tcpa);
unsigned log_addr_size = sizeof(tcpa->log_area_start_address);
unsigned log_addr_offset =
@@ -1849,7 +1852,8 @@ build_tpm_tcpa(GArray *table_data, BIOSLinker *linker, GArray *tcpalog,
ACPI_BUILD_TPMLOG_FILE, 0);
build_header(linker, table_data,
- (void *)tcpa, "TCPA", sizeof(*tcpa), 2, oem_id, oem_table_id);
+ (void *)(table_data->data + tcpa_start),
+ "TCPA", sizeof(*tcpa), 2, oem_id, oem_table_id);
}
#define HOLE_640K_START (640 * KiB)

2
xen-add-block-resize-support-for-xen-dis.patch
View File

@ -15,7 +15,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 3 insertions(+)
diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 581f1d5f7a1a2ec3d9b5f7bfe2aa..9076221c0f995e622ecfbb0408c1 100644
index 07b3be7b9b9f6093642363f13187..b0fe7583f9de18bfe75109e3f194 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -271,6 +271,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp)

4
xen-ignore-live-parameter-from-xen-save-.patch
View File

@ -27,10 +27,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/migration/savevm.c b/migration/savevm.c
index 52e2d72e4b08e2693ba671752bc8..f2ccecadba94324b2518f64622dc 100644
index 7b7b64bd13e737618319759cdffb..375ca95caeef4a3ba0d5704ccbcc 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -2937,7 +2937,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live,
@@ -2941,7 +2941,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live,
* So call bdrv_inactivate_all (release locks) here to let the other
* side of the migration take control of the images.
*/

4
xen_disk-Add-suse-specific-flush-disable.patch
View File

@ -18,7 +18,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
1 file changed, 12 insertions(+)
diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 83754a434481d9cd02bbe35bffc3..581f1d5f7a1a2ec3d9b5f7bfe2aa 100644
index 674953f1adeeaec6a81d9857144e..07b3be7b9b9f6093642363f13187 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -723,6 +723,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
@ -30,7 +30,7 @@ index 83754a434481d9cd02bbe35bffc3..581f1d5f7a1a2ec3d9b5f7bfe2aa 100644
char *driver = NULL;
char *filename = NULL;
XenBlockDrive *drive = NULL;
@@ -791,6 +793,16 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
@@ -803,6 +805,16 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
}
}