diff --git a/Make-char-muxer-more-robust-wrt-small-FI.patch b/Make-char-muxer-more-robust-wrt-small-FI.patch index a2d994ef..db8ccd28 100644 --- a/Make-char-muxer-more-robust-wrt-small-FI.patch +++ b/Make-char-muxer-more-robust-wrt-small-FI.patch @@ -29,7 +29,7 @@ Signed-off-by: Bruce Rogers 5 files changed, 22 insertions(+) diff --git a/chardev/char-fe.c b/chardev/char-fe.c -index 474715c5a9257ae9e9e286d2e02d..eeb1b3e0b548027e2bcda0c272d5 100644 +index 7789f7be9c873928be895d618e98..c7556602c77787357c802553ab91 100644 --- a/chardev/char-fe.c +++ b/chardev/char-fe.c @@ -21,6 +21,7 @@ @@ -41,7 +41,7 @@ index 474715c5a9257ae9e9e286d2e02d..eeb1b3e0b548027e2bcda0c272d5 100644 #include "qemu/error-report.h" #include "qapi/error.h" diff --git a/chardev/char-mux.c b/chardev/char-mux.c -index 72beef29d21c3bed1ffe6e48c7e7..6e5a3fb272c6b02e900b9775bad6 100644 +index 5baf4190108366803a1a0fa26fb7..2aa164c2ecac8f8a843cec9fa1e1 100644 --- a/chardev/char-mux.c +++ b/chardev/char-mux.c @@ -22,6 +22,7 @@ @@ -52,7 +52,7 @@ index 72beef29d21c3bed1ffe6e48c7e7..6e5a3fb272c6b02e900b9775bad6 100644 #include "qemu/osdep.h" #include "qapi/error.h" #include "qemu/module.h" -@@ -198,6 +199,17 @@ static void mux_chr_accept_input(Chardev *chr) +@@ -197,6 +198,17 @@ static void mux_chr_accept_input(Chardev *chr) be->chr_read(be->opaque, &d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1); } @@ -70,7 +70,7 @@ index 72beef29d21c3bed1ffe6e48c7e7..6e5a3fb272c6b02e900b9775bad6 100644 } static int mux_chr_can_read(void *opaque) -@@ -332,6 +344,10 @@ static void qemu_chr_open_mux(Chardev *chr, +@@ -331,6 +343,10 @@ static void qemu_chr_open_mux(Chardev *chr, } d->focus = -1; @@ -82,7 +82,7 @@ index 72beef29d21c3bed1ffe6e48c7e7..6e5a3fb272c6b02e900b9775bad6 100644 * set of muxes */ diff --git a/chardev/char.c b/chardev/char.c -index 398f09df19cd8567fa1ea96ee4d4..5778bd7666f8ff053269bf5b6b81 100644 +index 4595a8d430bf99537367b8d26379..d9d918f905a584f8cf97fb6ee1de 100644 --- a/chardev/char.c +++ b/chardev/char.c @@ -22,6 +22,7 @@ diff --git a/Makefile-Don-t-check-pc-bios-as-pre-requ.patch b/Makefile-Don-t-check-pc-bios-as-pre-requ.patch index afb49b3a..94e630a4 100644 --- a/Makefile-Don-t-check-pc-bios-as-pre-requ.patch +++ b/Makefile-Don-t-check-pc-bios-as-pre-requ.patch @@ -11,10 +11,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index bcbbec71a1cb61342dada30c54d3..884d7b03faeb6d17f677a298ebef 100644 +index 401c623a65f84e07ffdf5dc263bf..d8d75dd42e5e066b9f03dc235130 100644 --- a/Makefile +++ b/Makefile -@@ -85,7 +85,7 @@ x := $(shell rm -rf meson-private meson-info meson-logs) +@@ -87,7 +87,7 @@ x := $(shell rm -rf meson-private meson-info meson-logs) endif # 1. ensure config-host.mak is up-to-date diff --git a/PPC-KVM-Disable-mmu-notifier-check.patch b/PPC-KVM-Disable-mmu-notifier-check.patch index 67ec0e96..0681ae35 100644 --- a/PPC-KVM-Disable-mmu-notifier-check.patch +++ b/PPC-KVM-Disable-mmu-notifier-check.patch @@ -14,10 +14,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 2 insertions(+) diff --git a/softmmu/physmem.c b/softmmu/physmem.c -index 85034d9c11e3f65cce6041ea8acc..98d51d87249ea17ef30b7eaa2157 100644 +index 2e18947598eec3dfb6abe91be933..655fb3afb6e23c42868d241d6760 100644 --- a/softmmu/physmem.c +++ b/softmmu/physmem.c -@@ -2029,11 +2029,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr, +@@ -2059,11 +2059,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr, return NULL; } diff --git a/Raise-soft-address-space-limit-to-hard-l.patch b/Raise-soft-address-space-limit-to-hard-l.patch index 39d390c9..048a8316 100644 --- a/Raise-soft-address-space-limit-to-hard-l.patch +++ b/Raise-soft-address-space-limit-to-hard-l.patch @@ -16,7 +16,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 12 insertions(+) diff --git a/softmmu/vl.c b/softmmu/vl.c -index aadb52613888ef6ac1fe7ec3a038..07ade8e5ccd2934a69b82bcaabae 100644 +index 5ca11e74694e6b4b6ae83cb320d0..4ccc503f58b7d7aff2b6cf4c8e55 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -40,6 +40,7 @@ @@ -27,7 +27,7 @@ index aadb52613888ef6ac1fe7ec3a038..07ade8e5ccd2934a69b82bcaabae 100644 #include "sysemu/seccomp.h" #include "sysemu/tcg.h" #include "sysemu/xen.h" -@@ -2625,6 +2626,17 @@ void qemu_init(int argc, char **argv, char **envp) +@@ -2729,6 +2730,17 @@ void qemu_init(int argc, char **argv, char **envp) MachineClass *machine_class; bool userconfig = true; FILE *vmstate_dump_file = NULL; diff --git a/Revert-roms-efirom-tests-uefi-test-tools.patch b/Revert-roms-efirom-tests-uefi-test-tools.patch index 8e41ac76..0811a9c6 100644 --- a/Revert-roms-efirom-tests-uefi-test-tools.patch +++ b/Revert-roms-efirom-tests-uefi-test-tools.patch @@ -14,7 +14,7 @@ Signed-off-by: Bruce Rogers 2 files changed, 2 deletions(-) diff --git a/roms/Makefile b/roms/Makefile -index bbbe2eff895868b8a5781f6ca397..a91ffad548af3e95410ce6712fb3 100644 +index 38b71afb0757bd717154afd6a92d..6ea8edd9fcf6bb0cdc1f1602f241 100644 --- a/roms/Makefile +++ b/roms/Makefile @@ -151,7 +151,6 @@ build-efi-roms: build-pxe-roms diff --git a/XXX-dont-dump-core-on-sigabort.patch b/XXX-dont-dump-core-on-sigabort.patch index 6546a7c1..d7aed104 100644 --- a/XXX-dont-dump-core-on-sigabort.patch +++ b/XXX-dont-dump-core-on-sigabort.patch @@ -8,10 +8,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 6 insertions(+) diff --git a/linux-user/signal.c b/linux-user/signal.c -index 7eecec46c4070c119cfee9be2316..fdd9a86cc1ce0b8238562d1612a3 100644 +index a8faea6f090964b46199239ed1d3..4db55900a44ade173c02aedc3618 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c -@@ -631,6 +631,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig) +@@ -677,6 +677,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig) trace_user_force_sig(env, target_sig, host_sig); gdb_signalled(env, target_sig); @@ -22,7 +22,7 @@ index 7eecec46c4070c119cfee9be2316..fdd9a86cc1ce0b8238562d1612a3 100644 /* dump core if supported by target binary format */ if (core_dump_signal(target_sig) && (ts->bprm->core_dump != NULL)) { stop_all_tasks(); -@@ -648,6 +652,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig) +@@ -694,6 +698,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig) target_sig, strsignal(host_sig), "core dumped" ); } diff --git a/acpi_piix4-Fix-migration-from-SLE11-SP2.patch b/acpi_piix4-Fix-migration-from-SLE11-SP2.patch index d31de03a..c9c3cdbb 100644 --- a/acpi_piix4-Fix-migration-from-SLE11-SP2.patch +++ b/acpi_piix4-Fix-migration-from-SLE11-SP2.patch @@ -16,10 +16,10 @@ Signed-off-by: Andreas Färber 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c -index 8f8b0e95e5201b1404b2a9bc7abd..4083edb21d17346ca9733de4915c 100644 +index 48f7a1edbcbc06461ecb23699a87..d32441fadf7bfc6fbb930addd697 100644 --- a/hw/acpi/piix4.c +++ b/hw/acpi/piix4.c -@@ -277,7 +277,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id) +@@ -278,7 +278,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id) static const VMStateDescription vmstate_acpi = { .name = "piix4_pm", .version_id = 3, diff --git a/block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch b/block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch deleted file mode 100644 index 12a7de6e..00000000 --- a/block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch +++ /dev/null @@ -1,92 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Fri, 23 Jul 2021 21:58:43 +0200 -Subject: block/nvme: Fix VFIO_MAP_DMA failed: No space left on device -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 15a730e7a3aaac180df72cd5730e0617bcf44a5a - -When the NVMe block driver was introduced (see commit bdd6a90a9e5, -January 2018), Linux VFIO_IOMMU_MAP_DMA ioctl was only returning --ENOMEM in case of error. The driver was correctly handling the -error path to recycle its volatile IOVA mappings. - -To fix CVE-2019-3882, Linux commit 492855939bdb ("vfio/type1: Limit -DMA mappings per container", April 2019) added the -ENOSPC error to -signal the user exhausted the DMA mappings available for a container. - -The block driver started to mis-behave: - - qemu-system-x86_64: VFIO_MAP_DMA failed: No space left on device - (qemu) - (qemu) info status - VM status: paused (io-error) - (qemu) c - VFIO_MAP_DMA failed: No space left on device - (qemu) c - VFIO_MAP_DMA failed: No space left on device - -(The VM is not resumable from here, hence stuck.) - -Fix by handling the new -ENOSPC error (when DMA mappings are -exhausted) without any distinction to the current -ENOMEM error, -so we don't change the behavior on old kernels where the CVE-2019-3882 -fix is not present. - -An easy way to reproduce this bug is to restrict the DMA mapping -limit (65535 by default) when loading the VFIO IOMMU module: - - # modprobe vfio_iommu_type1 dma_entry_limit=666 - -Cc: qemu-stable@nongnu.org -Cc: Fam Zheng -Cc: Maxim Levitsky -Cc: Alex Williamson -Reported-by: Michal Prívozník -Signed-off-by: Philippe Mathieu-Daudé -Message-id: 20210723195843.1032825-1-philmd@redhat.com -Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver") -Buglink: https://bugs.launchpad.net/qemu/+bug/1863333 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/65 -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Stefan Hajnoczi -Signed-off-by: Jose R. Ziviani ---- - block/nvme.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/block/nvme.c b/block/nvme.c -index 2b5421e7aa6e0a3bfaf403203c9b..e8dbbc23177d8e89d67349fc15a8 100644 ---- a/block/nvme.c -+++ b/block/nvme.c -@@ -1030,7 +1030,29 @@ try_map: - r = qemu_vfio_dma_map(s->vfio, - qiov->iov[i].iov_base, - len, true, &iova); -+ if (r == -ENOSPC) { -+ /* -+ * In addition to the -ENOMEM error, the VFIO_IOMMU_MAP_DMA -+ * ioctl returns -ENOSPC to signal the user exhausted the DMA -+ * mappings available for a container since Linux kernel commit -+ * 492855939bdb ("vfio/type1: Limit DMA mappings per container", -+ * April 2019, see CVE-2019-3882). -+ * -+ * This block driver already handles this error path by checking -+ * for the -ENOMEM error, so we directly replace -ENOSPC by -+ * -ENOMEM. Beside, -ENOSPC has a specific meaning for blockdev -+ * coroutines: it triggers BLOCKDEV_ON_ERROR_ENOSPC and -+ * BLOCK_ERROR_ACTION_STOP which stops the VM, asking the operator -+ * to add more storage to the blockdev. Not something we can do -+ * easily with an IOMMU :) -+ */ -+ r = -ENOMEM; -+ } - if (r == -ENOMEM && retry) { -+ /* -+ * We exhausted the DMA mappings available for our container: -+ * recycle the volatile IOVA mappings. -+ */ - retry = false; - trace_nvme_dma_flush_queue_wait(s); - if (s->dma_map_count) { diff --git a/bundles.tar.xz b/bundles.tar.xz index 2a17f84b..a939f224 100644 --- a/bundles.tar.xz +++ b/bundles.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8799c60d25f8b55f108c1a876a7739d1deedb8fa6a4d01009d325a9a3d09e29f -size 80624 +oid sha256:dec6079cff29a3ea44da20e33d71df94105052e298a696c986edeefd7b77b869 +size 33352 diff --git a/config.sh b/config.sh index 6aac9d9a..0222115a 100644 --- a/config.sh +++ b/config.sh @@ -18,7 +18,7 @@ UPSTREAM_GIT_REPO=https://gitlab.com/qemu-project/qemu.git # The following specifies the upstream tag or commit upon which our patchqueue # gets rebased. The special value LATEST may be used to "automatically" track # the upstream development tree in the master branch -GIT_UPSTREAM_COMMIT_ISH=v6.0.0 +GIT_UPSTREAM_COMMIT_ISH=v6.1.0 # WARNING: If transitioning from using LATEST to not, MANUALLY re-set the # tarball present. If transitioning TO LATEST, make sure that # NEXT_RELEASE_IS_MAJOR is set correctly diff --git a/configure-only-populate-roms-if-softmmu.patch b/configure-only-populate-roms-if-softmmu.patch index 3347029b..9a06ed13 100644 --- a/configure-only-populate-roms-if-softmmu.patch +++ b/configure-only-populate-roms-if-softmmu.patch @@ -12,15 +12,15 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure -index 4f374b48890e7f1a868672f2fe49..9de240a6b3e7fb7d72b57353546a 100755 +index 9a79a004d7cf1952cf3f4178e099..2a3073da6bd818cc2391c1d8f515 100755 --- a/configure +++ b/configure -@@ -5417,7 +5417,7 @@ if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } && \ - fi +@@ -4413,7 +4413,7 @@ fi # Only build s390-ccw bios if we're on s390x and the compiler has -march=z900 + # or -march=z10 (which is the lowest architecture level that Clang supports) -if test "$cpu" = "s390x" ; then +if test "$cpu" = "s390x" && test "$softmmu" = yes ; then write_c_skeleton - if compile_prog "-march=z900" ""; then - roms="$roms s390-ccw" + compile_prog "-march=z900" "" + has_z900=$? diff --git a/configure-remove-pkgversion-from-CONFIG_.patch b/configure-remove-pkgversion-from-CONFIG_.patch index 7acc4a09..dbb7889d 100644 --- a/configure-remove-pkgversion-from-CONFIG_.patch +++ b/configure-remove-pkgversion-from-CONFIG_.patch @@ -18,10 +18,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure -index 9de240a6b3e7fb7d72b57353546a..ceec2d3830ed44083a6c22295e70 100755 +index 2a3073da6bd818cc2391c1d8f515..26368a637f85c0667fa627f7cbd6 100755 --- a/configure +++ b/configure -@@ -5581,7 +5581,7 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak +@@ -4587,7 +4587,7 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak if test "$modules" = "yes"; then # $shacmd can generate a hash started with digit, which the compiler doesn't # like as an symbol. So prefix it with an underscore diff --git a/doc-add-our-support-doc-to-the-main-proj.patch b/doc-add-our-support-doc-to-the-main-proj.patch index dc54994a..2fc7dad1 100644 --- a/doc-add-our-support-doc-to-the-main-proj.patch +++ b/doc-add-our-support-doc-to-the-main-proj.patch @@ -10,7 +10,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+) diff --git a/docs/index.rst b/docs/index.rst -index 763e3d0426e8b15245b6ff0d0611..b659236f162532ea64931ec3e674 100644 +index 5f7eaaa632c4e1e4569bd9996801..17e560e0cb8d46f71ba4f13803c0 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -10,6 +10,7 @@ Welcome to QEMU's documentation! @@ -18,6 +18,6 @@ index 763e3d0426e8b15245b6ff0d0611..b659236f162532ea64931ec3e674 100644 :caption: Contents: + supported.rst + about/index system/index user/index - tools/index diff --git a/hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch b/hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch deleted file mode 100644 index 36ef6b76..00000000 --- a/hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Kevin Wolf -Date: Tue, 11 May 2021 18:31:51 +0200 -Subject: hmp: Fix loadvm to resume the VM on success instead of failure - -Git-commit: c53cd04e70641fdf9410aac40c617d074047b3e1 - -Commit f61fe11aa6f broke hmp_loadvm() by adding an incorrect negation -when converting from 0/-errno return values to a bool value. The result -is that loadvm resumes the VM now if it failed and keeps it stopped if -it failed. Fix it to restore the old behaviour and do it the other way -around. - -Fixes: f61fe11aa6f7f8f0ffe4ddaa56a8108f3ab57854 -Cc: qemu-stable@nongnu.org -Reported-by: Yanhui Ma -Signed-off-by: Kevin Wolf -Message-Id: <20210511163151.45167-1-kwolf@redhat.com> -Reviewed-by: Dr. David Alan Gilbert -Signed-off-by: Dr. David Alan Gilbert -Signed-off-by: Jose R. Ziviani ---- - monitor/hmp-cmds.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c -index 0ad5b774778d4634e8b506881d3f..cc15d9b6ee32264406c890b83866 100644 ---- a/monitor/hmp-cmds.c -+++ b/monitor/hmp-cmds.c -@@ -1133,7 +1133,7 @@ void hmp_loadvm(Monitor *mon, const QDict *qdict) - - vm_stop(RUN_STATE_RESTORE_VM); - -- if (!load_snapshot(name, NULL, false, NULL, &err) && saved_vm_running) { -+ if (load_snapshot(name, NULL, false, NULL, &err) && saved_vm_running) { - vm_start(); - } - hmp_handle_error(mon, err); diff --git a/hw-block-nvme-align-with-existing-style.patch b/hw-block-nvme-align-with-existing-style.patch deleted file mode 100644 index 80dfd311..00000000 --- a/hw-block-nvme-align-with-existing-style.patch +++ /dev/null @@ -1,255 +0,0 @@ -From: Gollu Appalanaidu -Date: Fri, 16 Apr 2021 09:22:28 +0530 -Subject: hw/block/nvme: align with existing style - -Git-commit: 312c3531bba416e589f106db8c8241fc6e7e6332 - -While QEMU coding style prefers lowercase hexadecimals in constants, the -NVMe subsystem uses the format from the NVMe specifications in comments, -i.e. 'h' suffix instead of '0x' prefix. - -Fix this up across the code base. - -Signed-off-by: Gollu Appalanaidu -[k.jensen: updated message; added conversion in a couple of missing comments] -Signed-off-by: Klaus Jensen -Signed-off-by: Jose R. Ziviani ---- - hw/block/nvme-ns.c | 2 +- - hw/block/nvme.c | 67 +++++++++++++++++++++++++------------------- - include/block/nvme.h | 10 +++---- - 3 files changed, 44 insertions(+), 35 deletions(-) - -diff --git a/hw/block/nvme-ns.c b/hw/block/nvme-ns.c -index 7bb618f18209d93bc0ddac6474e4..a0895614d9c36590c6969a6c3a58 100644 ---- a/hw/block/nvme-ns.c -+++ b/hw/block/nvme-ns.c -@@ -303,7 +303,7 @@ static void nvme_ns_init_zoned(NvmeNamespace *ns) - - id_ns_z = g_malloc0(sizeof(NvmeIdNsZoned)); - -- /* MAR/MOR are zeroes-based, 0xffffffff means no limit */ -+ /* MAR/MOR are zeroes-based, FFFFFFFFFh means no limit */ - id_ns_z->mar = cpu_to_le32(ns->params.max_active_zones - 1); - id_ns_z->mor = cpu_to_le32(ns->params.max_open_zones - 1); - id_ns_z->zoc = 0; -diff --git a/hw/block/nvme.c b/hw/block/nvme.c -index ba90053b63ed4884deb98d62b6d6..58185c8a17bfa3b84643733bc558 100644 ---- a/hw/block/nvme.c -+++ b/hw/block/nvme.c -@@ -12,10 +12,19 @@ - * Reference Specs: http://www.nvmexpress.org, 1.4, 1.3, 1.2, 1.1, 1.0e - * - * https://nvmexpress.org/developers/nvme-specification/ -- */ -- --/** -- * Usage: add options: -+ * -+ * -+ * Notes on coding style -+ * --------------------- -+ * While QEMU coding style prefers lowercase hexadecimals in constants, the -+ * NVMe subsystem use thes format from the NVMe specifications in the comments -+ * (i.e. 'h' suffix instead of '0x' prefix). -+ * -+ * Usage -+ * ----- -+ * See docs/system/nvme.rst for extensive documentation. -+ * -+ * Add options: - * -drive file=,if=none,id= - * -device nvme-subsys,id=,nqn= - * -device nvme,serial=,id=, \ -@@ -3618,18 +3627,18 @@ static uint16_t nvme_io_cmd(NvmeCtrl *n, NvmeRequest *req) - - /* - * In the base NVM command set, Flush may apply to all namespaces -- * (indicated by NSID being set to 0xFFFFFFFF). But if that feature is used -+ * (indicated by NSID being set to FFFFFFFFh). But if that feature is used - * along with TP 4056 (Namespace Types), it may be pretty screwed up. - * -- * If NSID is indeed set to 0xFFFFFFFF, we simply cannot associate the -+ * If NSID is indeed set to FFFFFFFFh, we simply cannot associate the - * opcode with a specific command since we cannot determine a unique I/O -- * command set. Opcode 0x0 could have any other meaning than something -+ * command set. Opcode 0h could have any other meaning than something - * equivalent to flushing and say it DOES have completely different -- * semantics in some other command set - does an NSID of 0xFFFFFFFF then -+ * semantics in some other command set - does an NSID of FFFFFFFFh then - * mean "for all namespaces, apply whatever command set specific command -- * that uses the 0x0 opcode?" Or does it mean "for all namespaces, apply -- * whatever command that uses the 0x0 opcode if, and only if, it allows -- * NSID to be 0xFFFFFFFF"? -+ * that uses the 0h opcode?" Or does it mean "for all namespaces, apply -+ * whatever command that uses the 0h opcode if, and only if, it allows NSID -+ * to be FFFFFFFFh"? - * - * Anyway (and luckily), for now, we do not care about this since the - * device only supports namespace types that includes the NVM Flush command -@@ -3945,7 +3954,7 @@ static uint16_t nvme_changed_nslist(NvmeCtrl *n, uint8_t rae, uint32_t buf_len, - NVME_CHANGED_NSID_SIZE) { - /* - * If more than 1024 namespaces, the first entry in the log page should -- * be set to 0xffffffff and the others to 0 as spec. -+ * be set to FFFFFFFFh and the others to 0 as spec. - */ - if (i == ARRAY_SIZE(nslist)) { - memset(nslist, 0x0, sizeof(nslist)); -@@ -4343,7 +4352,7 @@ static uint16_t nvme_identify_nslist(NvmeCtrl *n, NvmeRequest *req, - trace_pci_nvme_identify_nslist(min_nsid); - - /* -- * Both 0xffffffff (NVME_NSID_BROADCAST) and 0xfffffffe are invalid values -+ * Both FFFFFFFFh (NVME_NSID_BROADCAST) and FFFFFFFFEh are invalid values - * since the Active Namespace ID List should return namespaces with ids - * *higher* than the NSID specified in the command. This is also specified - * in the spec (NVM Express v1.3d, Section 5.15.4). -@@ -4390,7 +4399,7 @@ static uint16_t nvme_identify_nslist_csi(NvmeCtrl *n, NvmeRequest *req, - trace_pci_nvme_identify_nslist_csi(min_nsid, c->csi); - - /* -- * Same as in nvme_identify_nslist(), 0xffffffff/0xfffffffe are invalid. -+ * Same as in nvme_identify_nslist(), FFFFFFFFh/FFFFFFFFEh are invalid. - */ - if (min_nsid >= NVME_NSID_BROADCAST - 1) { - return NVME_INVALID_NSID | NVME_DNR; -@@ -4457,7 +4466,7 @@ static uint16_t nvme_identify_ns_descr_list(NvmeCtrl *n, NvmeRequest *req) - - /* - * Because the NGUID and EUI64 fields are 0 in the Identify Namespace data -- * structure, a Namespace UUID (nidt = 0x3) must be reported in the -+ * structure, a Namespace UUID (nidt = 3h) must be reported in the - * Namespace Identification Descriptor. Add the namespace UUID here. - */ - ns_descrs->uuid.hdr.nidt = NVME_NIDT_UUID; -@@ -4606,7 +4615,7 @@ static uint16_t nvme_get_feature(NvmeCtrl *n, NvmeRequest *req) - /* - * The Reservation Notification Mask and Reservation Persistence - * features require a status code of Invalid Field in Command when -- * NSID is 0xFFFFFFFF. Since the device does not support those -+ * NSID is FFFFFFFFh. Since the device does not support those - * features we can always return Invalid Namespace or Format as we - * should do for all other features. - */ -@@ -4858,15 +4867,15 @@ static uint16_t nvme_set_feature(NvmeCtrl *n, NvmeRequest *req) - } - - /* -- * NVMe v1.3, Section 5.21.1.7: 0xffff is not an allowed value for NCQR -+ * NVMe v1.3, Section 5.21.1.7: FFFFh is not an allowed value for NCQR - * and NSQR. - */ - if ((dw11 & 0xffff) == 0xffff || ((dw11 >> 16) & 0xffff) == 0xffff) { - return NVME_INVALID_FIELD | NVME_DNR; - } - -- trace_pci_nvme_setfeat_numq((dw11 & 0xFFFF) + 1, -- ((dw11 >> 16) & 0xFFFF) + 1, -+ trace_pci_nvme_setfeat_numq((dw11 & 0xffff) + 1, -+ ((dw11 >> 16) & 0xffff) + 1, - n->params.max_ioqpairs, - n->params.max_ioqpairs); - req->cqe.result = cpu_to_le32((n->params.max_ioqpairs - 1) | -@@ -5504,7 +5513,7 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data, - n->bar.cc = data; - } - break; -- case 0x1C: /* CSTS */ -+ case 0x1c: /* CSTS */ - if (data & (1 << 4)) { - NVME_GUEST_ERR(pci_nvme_ub_mmiowr_ssreset_w1c_unsupported, - "attempted to W1C CSTS.NSSRO" -@@ -5516,7 +5525,7 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data, - } - break; - case 0x20: /* NSSR */ -- if (data == 0x4E564D65) { -+ if (data == 0x4e564d65) { - trace_pci_nvme_ub_mmiowr_ssreset_unsupported(); - } else { - /* The spec says that writes of other values have no effect */ -@@ -5586,11 +5595,11 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data, - n->bar.cmbmsc = (n->bar.cmbmsc & 0xffffffff) | (data << 32); - return; - -- case 0xE00: /* PMRCAP */ -+ case 0xe00: /* PMRCAP */ - NVME_GUEST_ERR(pci_nvme_ub_mmiowr_pmrcap_readonly, - "invalid write to PMRCAP register, ignored"); - return; -- case 0xE04: /* PMRCTL */ -+ case 0xe04: /* PMRCTL */ - n->bar.pmrctl = data; - if (NVME_PMRCTL_EN(data)) { - memory_region_set_enabled(&n->pmr.dev->mr, true); -@@ -5601,19 +5610,19 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data, - n->pmr.cmse = false; - } - return; -- case 0xE08: /* PMRSTS */ -+ case 0xe08: /* PMRSTS */ - NVME_GUEST_ERR(pci_nvme_ub_mmiowr_pmrsts_readonly, - "invalid write to PMRSTS register, ignored"); - return; -- case 0xE0C: /* PMREBS */ -+ case 0xe0C: /* PMREBS */ - NVME_GUEST_ERR(pci_nvme_ub_mmiowr_pmrebs_readonly, - "invalid write to PMREBS register, ignored"); - return; -- case 0xE10: /* PMRSWTP */ -+ case 0xe10: /* PMRSWTP */ - NVME_GUEST_ERR(pci_nvme_ub_mmiowr_pmrswtp_readonly, - "invalid write to PMRSWTP register, ignored"); - return; -- case 0xE14: /* PMRMSCL */ -+ case 0xe14: /* PMRMSCL */ - if (!NVME_CAP_PMRS(n->bar.cap)) { - return; - } -@@ -5633,7 +5642,7 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data, - } - - return; -- case 0xE18: /* PMRMSCU */ -+ case 0xe18: /* PMRMSCU */ - if (!NVME_CAP_PMRS(n->bar.cap)) { - return; - } -@@ -5675,7 +5684,7 @@ static uint64_t nvme_mmio_read(void *opaque, hwaddr addr, unsigned size) - * from PMRSTS should ensure prior writes - * made it to persistent media - */ -- if (addr == 0xE08 && -+ if (addr == 0xe08 && - (NVME_PMRCAP_PMRWBM(n->bar.pmrcap) & 0x02)) { - memory_region_msync(&n->pmr.dev->mr, 0, n->pmr.dev->size); - } -diff --git a/include/block/nvme.h b/include/block/nvme.h -index 4ac926fbc687fbbd40215b5c91ad..0739e0d6651d4c98e39e24ea2028 100644 ---- a/include/block/nvme.h -+++ b/include/block/nvme.h -@@ -848,8 +848,8 @@ enum NvmeStatusCodes { - NVME_FW_REQ_SUSYSTEM_RESET = 0x0110, - NVME_NS_ALREADY_ATTACHED = 0x0118, - NVME_NS_PRIVATE = 0x0119, -- NVME_NS_NOT_ATTACHED = 0x011A, -- NVME_NS_CTRL_LIST_INVALID = 0x011C, -+ NVME_NS_NOT_ATTACHED = 0x011a, -+ NVME_NS_CTRL_LIST_INVALID = 0x011c, - NVME_CONFLICTING_ATTRS = 0x0180, - NVME_INVALID_PROT_INFO = 0x0181, - NVME_WRITE_TO_RO = 0x0182, -@@ -1409,9 +1409,9 @@ typedef enum NvmeZoneState { - NVME_ZONE_STATE_IMPLICITLY_OPEN = 0x02, - NVME_ZONE_STATE_EXPLICITLY_OPEN = 0x03, - NVME_ZONE_STATE_CLOSED = 0x04, -- NVME_ZONE_STATE_READ_ONLY = 0x0D, -- NVME_ZONE_STATE_FULL = 0x0E, -- NVME_ZONE_STATE_OFFLINE = 0x0F, -+ NVME_ZONE_STATE_READ_ONLY = 0x0d, -+ NVME_ZONE_STATE_FULL = 0x0e, -+ NVME_ZONE_STATE_OFFLINE = 0x0f, - } NvmeZoneState; - - static inline void _nvme_check_size(void) diff --git a/hw-block-nvme-consider-metadata-read-aio.patch b/hw-block-nvme-consider-metadata-read-aio.patch deleted file mode 100644 index bc4b325c..00000000 --- a/hw-block-nvme-consider-metadata-read-aio.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Gollu Appalanaidu -Date: Fri, 16 Apr 2021 12:52:33 +0530 -Subject: hw/block/nvme: consider metadata read aio return value in compare - -Git-commit: b4a983239343efd0a2d8a6cdf0690d0d707ec4ea - -Currently in compare command metadata aio read blk_aio_preadv return -value ignored. Consider it and complete the block accounting. - -Signed-off-by: Gollu Appalanaidu -Fixes: 0a384f923f51 ("hw/block/nvme: add compare command") -Signed-off-by: Klaus Jensen -Signed-off-by: Jose R. Ziviani ---- - hw/block/nvme.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/hw/block/nvme.c b/hw/block/nvme.c -index 5fe082ec34c57471fab0fa7e8a0c..ba90053b63ed4884deb98d62b6d6 100644 ---- a/hw/block/nvme.c -+++ b/hw/block/nvme.c -@@ -2369,10 +2369,19 @@ static void nvme_compare_mdata_cb(void *opaque, int ret) - uint32_t reftag = le32_to_cpu(rw->reftag); - struct nvme_compare_ctx *ctx = req->opaque; - g_autofree uint8_t *buf = NULL; -+ BlockBackend *blk = ns->blkconf.blk; -+ BlockAcctCookie *acct = &req->acct; -+ BlockAcctStats *stats = blk_get_stats(blk); - uint16_t status = NVME_SUCCESS; - - trace_pci_nvme_compare_mdata_cb(nvme_cid(req)); - -+ if (ret) { -+ block_acct_failed(stats, acct); -+ nvme_aio_err(req, ret); -+ goto out; -+ } -+ - buf = g_malloc(ctx->mdata.iov.size); - - status = nvme_bounce_mdata(n, buf, ctx->mdata.iov.size, -@@ -2421,6 +2430,8 @@ static void nvme_compare_mdata_cb(void *opaque, int ret) - goto out; - } - -+ block_acct_done(stats, acct); -+ - out: - qemu_iovec_destroy(&ctx->data.iov); - g_free(ctx->data.bounce); diff --git a/hw-net-can-sja1000-fix-buff2frame_bas-an.patch b/hw-net-can-sja1000-fix-buff2frame_bas-an.patch deleted file mode 100644 index 0fc2e197..00000000 --- a/hw-net-can-sja1000-fix-buff2frame_bas-an.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: Pavel Pisa -Date: Thu, 29 Jul 2021 14:33:27 +0200 -Subject: hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is - out of std CAN 8 bytes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 11744862f27b9ba6488a247d2fd6bb83d9bc3c8d - -Problem reported by openEuler fuzz-sig group. - -The buff2frame_bas function (hw\net\can\can_sja1000.c) -infoleak(qemu5.x~qemu6.x) or stack-overflow(qemu 4.x). - -Reported-by: Qiang Ning -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Pavel Pisa -Signed-off-by: Jason Wang -Signed-off-by: Jose R. Ziviani ---- - hw/net/can/can_sja1000.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/hw/net/can/can_sja1000.c b/hw/net/can/can_sja1000.c -index 42d2f99dfb1d3cd3fa26f56ccb8d..34eea684ced278738bdb26327100 100644 ---- a/hw/net/can/can_sja1000.c -+++ b/hw/net/can/can_sja1000.c -@@ -275,6 +275,10 @@ static void buff2frame_pel(const uint8_t *buff, qemu_can_frame *frame) - } - frame->can_dlc = buff[0] & 0x0f; - -+ if (frame->can_dlc > 8) { -+ frame->can_dlc = 8; -+ } -+ - if (buff[0] & 0x80) { /* Extended */ - frame->can_id |= QEMU_CAN_EFF_FLAG; - frame->can_id |= buff[1] << 21; /* ID.28~ID.21 */ -@@ -311,6 +315,10 @@ static void buff2frame_bas(const uint8_t *buff, qemu_can_frame *frame) - } - frame->can_dlc = buff[1] & 0x0f; - -+ if (frame->can_dlc > 8) { -+ frame->can_dlc = 8; -+ } -+ - for (i = 0; i < frame->can_dlc; i++) { - frame->data[i] = buff[2 + i]; - } diff --git a/hw-nvme-fix-missing-check-for-PMR-capabi.patch b/hw-nvme-fix-missing-check-for-PMR-capabi.patch deleted file mode 100644 index 9cb8208d..00000000 --- a/hw-nvme-fix-missing-check-for-PMR-capabi.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Klaus Jensen -Date: Mon, 7 Jun 2021 11:47:57 +0200 -Subject: hw/nvme: fix missing check for PMR capability - -Git-commit: 2b02aabc9d02f9e95946cf639f546bb61f1721b7 - -Qiang Liu reported that an access on an unknown address is triggered in -memory_region_set_enabled because a check on CAP.PMRS is missing for the -PMRCTL register write when no PMR is configured. - -Cc: qemu-stable@nongnu.org -Fixes: 75c3c9de961d ("hw/block/nvme: disable PMR at boot up") -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/362 -Signed-off-by: Klaus Jensen -Reviewed-by: Keith Busch -Signed-off-by: Jose R. Ziviani ---- - hw/block/nvme.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/hw/block/nvme.c b/hw/block/nvme.c -index 58185c8a17bfa3b84643733bc558..73f4516174776782f237193e29fc 100644 ---- a/hw/block/nvme.c -+++ b/hw/block/nvme.c -@@ -5600,6 +5600,10 @@ static void nvme_write_bar(NvmeCtrl *n, hwaddr offset, uint64_t data, - "invalid write to PMRCAP register, ignored"); - return; - case 0xe04: /* PMRCTL */ -+ if (!NVME_CAP_PMRS(n->bar.cap)) { -+ return; -+ } -+ - n->bar.pmrctl = data; - if (NVME_PMRCTL_EN(data)) { - memory_region_set_enabled(&n->pmr.dev->mr, true); diff --git a/hw-nvme-fix-pin-based-interrupt-behavior.patch b/hw-nvme-fix-pin-based-interrupt-behavior.patch deleted file mode 100644 index c644e55a..00000000 --- a/hw-nvme-fix-pin-based-interrupt-behavior.patch +++ /dev/null @@ -1,105 +0,0 @@ -From: Klaus Jensen -Date: Thu, 17 Jun 2021 20:55:42 +0200 -Subject: hw/nvme: fix pin-based interrupt behavior (again) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 83d7ed5c570d4c1d5163951b3057cac2ae7da4ff - -Jakub noticed[1] that, when using pin-based interrupts, the device will -unconditionally deasssert when any CQEs are acknowledged. However, the -pin should not be deasserted if other completion queues still holds -unacknowledged CQEs. - -The bug is an artifact of commit ca247d35098d ("hw/block/nvme: fix -pin-based interrupt behavior") which fixed one bug but introduced -another. This is the third time someone tries to fix pin-based -interrupts (see commit 5e9aa92eb1a5 ("hw/block: Fix pin-based interrupt -behaviour of NVMe"))... - -Third time's the charm, so fix it, again, by keeping track of how many -CQs have unacknowledged CQEs and only deassert when all are cleared. - - [1]: <20210610114624.304681-1-jakub.jermar@kernkonzept.com> - -Cc: qemu-stable@nongnu.org -Fixes: ca247d35098d ("hw/block/nvme: fix pin-based interrupt behavior") -Reported-by: Jakub Jermář -Signed-off-by: Klaus Jensen -Reviewed-by: Keith Busch -Signed-off-by: Jose R. Ziviani ---- - hw/block/nvme.c | 18 +++++++++++++++++- - hw/block/nvme.h | 1 + - 2 files changed, 18 insertions(+), 1 deletion(-) - -diff --git a/hw/block/nvme.c b/hw/block/nvme.c -index 73f4516174776782f237193e29fc..b63c511018ad6ca95400e5bb51ff 100644 ---- a/hw/block/nvme.c -+++ b/hw/block/nvme.c -@@ -469,7 +469,9 @@ static void nvme_irq_deassert(NvmeCtrl *n, NvmeCQueue *cq) - return; - } else { - assert(cq->vector < 32); -- n->irq_status &= ~(1 << cq->vector); -+ if (!n->cq_pending) { -+ n->irq_status &= ~(1 << cq->vector); -+ } - nvme_irq_check(n); - } - } -@@ -1262,6 +1264,7 @@ static void nvme_post_cqes(void *opaque) - NvmeCQueue *cq = opaque; - NvmeCtrl *n = cq->ctrl; - NvmeRequest *req, *next; -+ bool pending = cq->head != cq->tail; - int ret; - - QTAILQ_FOREACH_SAFE(req, &cq->req_list, entry, next) { -@@ -1291,6 +1294,10 @@ static void nvme_post_cqes(void *opaque) - QTAILQ_INSERT_TAIL(&sq->req_list, req, entry); - } - if (cq->tail != cq->head) { -+ if (cq->irq_enabled && !pending) { -+ n->cq_pending++; -+ } -+ - nvme_irq_assert(n, cq); - } - } -@@ -4102,6 +4109,11 @@ static uint16_t nvme_del_cq(NvmeCtrl *n, NvmeRequest *req) - trace_pci_nvme_err_invalid_del_cq_notempty(qid); - return NVME_INVALID_QUEUE_DEL; - } -+ -+ if (cq->irq_enabled && cq->tail != cq->head) { -+ n->cq_pending--; -+ } -+ - nvme_irq_deassert(n, cq); - trace_pci_nvme_del_cq(qid); - nvme_free_cq(cq, n); -@@ -5779,6 +5791,10 @@ static void nvme_process_db(NvmeCtrl *n, hwaddr addr, int val) - } - - if (cq->tail == cq->head) { -+ if (cq->irq_enabled) { -+ n->cq_pending--; -+ } -+ - nvme_irq_deassert(n, cq); - } - } else { -diff --git a/hw/block/nvme.h b/hw/block/nvme.h -index 5d05ec368f7a993f71d3d9ed9809..d216e5674dce294b318c3955a94f 100644 ---- a/hw/block/nvme.h -+++ b/hw/block/nvme.h -@@ -171,6 +171,7 @@ typedef struct NvmeCtrl { - uint32_t max_q_ents; - uint8_t outstanding_aers; - uint32_t irq_status; -+ int cq_pending; - uint64_t host_timestamp; /* Timestamp sent by the host */ - uint64_t timestamp_set_qemu_clock_ms; /* QEMU clock time */ - uint64_t starttime_ms; diff --git a/hw-pci-host-q35-Ignore-write-of-reserved.patch b/hw-pci-host-q35-Ignore-write-of-reserved.patch deleted file mode 100644 index 3b0c52ed..00000000 --- a/hw-pci-host-q35-Ignore-write-of-reserved.patch +++ /dev/null @@ -1,71 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Wed, 26 May 2021 16:24:38 +0200 -Subject: hw/pci-host/q35: Ignore write of reserved PCIEXBAR LENGTH field -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 9b0ca75e0196a72523232063db1e07ae36a5077a - -libFuzzer triggered the following assertion: - - cat << EOF | qemu-system-i386 -M pc-q35-5.0 \ - -nographic -monitor none -serial none \ - -qtest stdio -d guest_errors -trace pci\* - outl 0xcf8 0xf2000060 - outl 0xcfc 0x8400056e - EOF - pci_cfg_write mch 00:0 @0x60 <- 0x8400056e - Aborted (core dumped) - -This is because guest wrote MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD -(reserved value) to the PCIE XBAR register. - -There is no indication on the datasheet about what occurs when -this value is written. Simply ignore it on QEMU (and report an -guest error): - - pci_cfg_write mch 00:0 @0x60 <- 0x8400056e - Q35: Reserved PCIEXBAR LENGTH - pci_cfg_read mch 00:0 @0x0 -> 0x8086 - pci_cfg_read mch 00:0 @0x0 -> 0x29c08086 - ... - -Cc: qemu-stable@nongnu.org -Reported-by: Alexander Bulekov -BugLink: https://bugs.launchpad.net/qemu/+bug/1878641 -Fixes: df2d8b3ed4 ("q35: Introduce q35 pc based chipset emulator") -Reviewed-by: Richard Henderson -Signed-off-by: Philippe Mathieu-Daudé -Message-Id: <20210526142438.281477-1-f4bug@amsat.org> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Reviewed-by: Alexander Bulekov -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Jose R. Ziviani ---- - hw/pci-host/q35.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c -index 2eb729dff5854aff586d9ac813f9..0f37cf056a9af4081f2350400ab2 100644 ---- a/hw/pci-host/q35.c -+++ b/hw/pci-host/q35.c -@@ -29,6 +29,7 @@ - */ - - #include "qemu/osdep.h" -+#include "qemu/log.h" - #include "hw/i386/pc.h" - #include "hw/pci-host/q35.h" - #include "hw/qdev-properties.h" -@@ -318,6 +319,8 @@ static void mch_update_pciexbar(MCHPCIState *mch) - addr_mask |= MCH_HOST_BRIDGE_PCIEXBAR_64ADMSK; - break; - case MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD: -+ qemu_log_mask(LOG_GUEST_ERROR, "Q35: Reserved PCIEXBAR LENGTH\n"); -+ return; - default: - abort(); - } diff --git a/hw-rdma-Fix-possible-mremap-overflow-in-.patch b/hw-rdma-Fix-possible-mremap-overflow-in-.patch deleted file mode 100644 index ed68a6be..00000000 --- a/hw-rdma-Fix-possible-mremap-overflow-in-.patch +++ /dev/null @@ -1,43 +0,0 @@ -From: Marcel Apfelbaum -Date: Wed, 16 Jun 2021 14:06:00 +0300 -Subject: hw/rdma: Fix possible mremap overflow in the pvrdma device - (CVE-2021-3582) - -Git-commit: 284f191b4abad213aed04cb0458e1600fd18d7c4 -References: CVE-2021-3582 bsc#1187499 - -Ensure mremap boundaries not trusting the guest kernel to -pass the correct buffer length. - -Fixes: CVE-2021-3582 -Reported-by: VictorV (Kunlun Lab) -Tested-by: VictorV (Kunlun Lab) -Signed-off-by: Marcel Apfelbaum -Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com> -Reviewed-by: Yuval Shaia -Tested-by: Yuval Shaia -Reviewed-by: Prasad J Pandit -Signed-off-by: Marcel Apfelbaum -Signed-off-by: Jose R. Ziviani ---- - hw/rdma/vmw/pvrdma_cmd.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c -index f59879e2574ea5569b098bb338e6..da7ddfa548ffb349dd3d695a6766 100644 ---- a/hw/rdma/vmw/pvrdma_cmd.c -+++ b/hw/rdma/vmw/pvrdma_cmd.c -@@ -38,6 +38,13 @@ static void *pvrdma_map_to_pdir(PCIDevice *pdev, uint64_t pdir_dma, - return NULL; - } - -+ length = ROUND_UP(length, TARGET_PAGE_SIZE); -+ if (nchunks * TARGET_PAGE_SIZE != length) { -+ rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks, -+ (unsigned long)length); -+ return NULL; -+ } -+ - dir = rdma_pci_dma_map(pdev, pdir_dma, TARGET_PAGE_SIZE); - if (!dir) { - rdma_error_report("Failed to map to page directory"); diff --git a/hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch b/hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch deleted file mode 100644 index b7906ded..00000000 --- a/hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Thu, 8 Apr 2021 00:30:56 +0200 -Subject: hw/rx/rx-gdbsim: Do not accept invalid memory size -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 9197b5d4b5f163455c891baec531ae73f5d3a73a -References: bsc#1186000 - -We check the amount of RAM is enough, warn when it is -not, but if so we neglect to bail out. Fix that by -adding the missing exit() call. - -Fixes: bda19d7bb56 ("hw/rx: Add RX GDB simulator") -Signed-off-by: Philippe Mathieu-Daudé -Reviewed-by: Richard Henderson -Reviewed-by: Yoshinori Sato -Message-Id: <20210407223056.1870497-1-f4bug@amsat.org> -Signed-off-by: Laurent Vivier -Signed-off-by: Jose R. Ziviani ---- - hw/rx/rx-gdbsim.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/rx/rx-gdbsim.c b/hw/rx/rx-gdbsim.c -index b1d7c2488ff332cfc3de1e39f6d4..4e4ececae4b060ea75e6454f3a8c 100644 ---- a/hw/rx/rx-gdbsim.c -+++ b/hw/rx/rx-gdbsim.c -@@ -93,6 +93,7 @@ static void rx_gdbsim_init(MachineState *machine) - char *sz = size_to_str(mc->default_ram_size); - error_report("Invalid RAM size, should be more than %s", sz); - g_free(sz); -+ exit(1); - } - - /* Allocate memory space */ diff --git a/hw-smbios-handle-both-file-formats-regar.patch b/hw-smbios-handle-both-file-formats-regar.patch index 70495f5a..abb847f3 100644 --- a/hw-smbios-handle-both-file-formats-regar.patch +++ b/hw-smbios-handle-both-file-formats-regar.patch @@ -16,10 +16,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c -index f22c4f5b734e89a390cada7ea422..c65f1b9dcfad50ab69ba92881b5f 100644 +index 7397e567373b2dbfabae8fe10a5f..61b7546a6dd7010bdc248f969100 100644 --- a/hw/smbios/smbios.c +++ b/hw/smbios/smbios.c -@@ -1040,6 +1040,7 @@ void smbios_entry_add(QemuOpts *opts, Error **errp) +@@ -1138,6 +1138,7 @@ void smbios_entry_add(QemuOpts *opts, Error **errp) struct smbios_structure_header *header; int size; struct smbios_table *table; /* legacy mode only */ @@ -27,7 +27,7 @@ index f22c4f5b734e89a390cada7ea422..c65f1b9dcfad50ab69ba92881b5f 100644 if (!qemu_opts_validate(opts, qemu_smbios_file_opts, errp)) { return; -@@ -1052,11 +1053,21 @@ void smbios_entry_add(QemuOpts *opts, Error **errp) +@@ -1150,11 +1151,21 @@ void smbios_entry_add(QemuOpts *opts, Error **errp) } /* @@ -53,7 +53,7 @@ index f22c4f5b734e89a390cada7ea422..c65f1b9dcfad50ab69ba92881b5f 100644 header = (struct smbios_structure_header *)(smbios_tables + smbios_tables_len); -@@ -1071,6 +1082,19 @@ void smbios_entry_add(QemuOpts *opts, Error **errp) +@@ -1169,6 +1180,19 @@ void smbios_entry_add(QemuOpts *opts, Error **errp) header->type); return; } @@ -73,7 +73,7 @@ index f22c4f5b734e89a390cada7ea422..c65f1b9dcfad50ab69ba92881b5f 100644 set_bit(header->type, have_binfile_bitmap); if (header->type == 4) { -@@ -1091,6 +1115,17 @@ void smbios_entry_add(QemuOpts *opts, Error **errp) +@@ -1189,6 +1213,17 @@ void smbios_entry_add(QemuOpts *opts, Error **errp) * delete the one we don't need from smbios_set_defaults(), * once we know which machine version has been requested. */ diff --git a/hw-usb-Do-not-build-USB-subsystem-if-not.patch b/hw-usb-Do-not-build-USB-subsystem-if-not.patch deleted file mode 100644 index 8e5bf147..00000000 --- a/hw-usb-Do-not-build-USB-subsystem-if-not.patch +++ /dev/null @@ -1,107 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Sun, 25 Apr 2021 00:41:10 +0200 -Subject: hw/usb: Do not build USB subsystem if not required -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 9c3c834bdda5ca6d58c0e61508737683d12968b5 -References: bsc#1186012, CVE-2021-3527 - -If the Kconfig 'USB' value is not selected, it is pointless to -build the USB core components. Add a stub for the HMP commands -and usbdevice_create() which is called by usb_device_add in -softmmu/vl.c. - -Signed-off-by: Philippe Mathieu-Daudé -Reviewed-by: Richard Henderson -Message-Id: <20210424224110.3442424-3-f4bug@amsat.org> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Jose R. Ziviani ---- - MAINTAINERS | 1 + - hw/usb/meson.build | 9 +++------ - stubs/meson.build | 1 + - stubs/usb-dev-stub.c | 25 +++++++++++++++++++++++++ - 4 files changed, 30 insertions(+), 6 deletions(-) - -diff --git a/MAINTAINERS b/MAINTAINERS -index 36055f14c594947b5ee9f2c3ff19..cd63d3efd8b1c8c7532c4f778f29 100644 ---- a/MAINTAINERS -+++ b/MAINTAINERS -@@ -1804,6 +1804,7 @@ USB - M: Gerd Hoffmann - S: Maintained - F: hw/usb/* -+F: stubs/usb-dev-stub.c - F: tests/qtest/usb-*-test.c - F: docs/usb2.txt - F: docs/usb-storage.txt -diff --git a/hw/usb/meson.build b/hw/usb/meson.build -index fb7a74e73ae843480fc121e07816..f357270d0b6bf5d810a5e49681a5 100644 ---- a/hw/usb/meson.build -+++ b/hw/usb/meson.build -@@ -1,17 +1,14 @@ - hw_usb_modules = {} - - # usb subsystem core --softmmu_ss.add(files( -+softmmu_ss.add(when: 'CONFIG_USB', if_true: files( - 'bus.c', - 'combined-packet.c', - 'core.c', -- 'pcap.c', -- 'libhw.c' --)) -- --softmmu_ss.add(when: 'CONFIG_USB', if_true: files( - 'desc.c', - 'desc-msos.c', -+ 'libhw.c', -+ 'pcap.c', - )) - - # usb host adapters -diff --git a/stubs/meson.build b/stubs/meson.build -index 5555b69103baba363483e047af06..f3f979c3fe828984f045fc572d21 100644 ---- a/stubs/meson.build -+++ b/stubs/meson.build -@@ -51,6 +51,7 @@ if have_block - endif - if have_system - stub_ss.add(files('semihost.c')) -+ stub_ss.add(files('usb-dev-stub.c')) - stub_ss.add(files('xen-hw-stub.c')) - else - stub_ss.add(files('qdev.c')) -diff --git a/stubs/usb-dev-stub.c b/stubs/usb-dev-stub.c -new file mode 100644 -index 0000000000000000000000000000000000000000..b1adeeb4548d2aa4f4c8c9eae967578c5da18efc ---- /dev/null -+++ b/stubs/usb-dev-stub.c -@@ -0,0 +1,25 @@ -+/* -+ * QEMU USB device emulation stubs -+ * -+ * Copyright (C) 2021 Philippe Mathieu-Daudé -+ * -+ * SPDX-License-Identifier: GPL-2.0-or-later -+ */ -+ -+#include "qemu/osdep.h" -+#include "qemu/error-report.h" -+#include "sysemu/sysemu.h" -+#include "monitor/monitor.h" -+#include "hw/usb.h" -+ -+USBDevice *usbdevice_create(const char *driver) -+{ -+ error_report("Support for USB devices not built-in"); -+ -+ return NULL; -+} -+ -+void hmp_info_usb(Monitor *mon, const QDict *qdict) -+{ -+ monitor_printf(mon, "Support for USB devices not built-in\n"); -+} diff --git a/hw-usb-host-stub-Remove-unused-header.patch b/hw-usb-host-stub-Remove-unused-header.patch deleted file mode 100644 index 637df848..00000000 --- a/hw-usb-host-stub-Remove-unused-header.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Sun, 25 Apr 2021 00:41:09 +0200 -Subject: hw/usb/host-stub: Remove unused header -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 1081607bfab94a0b6149c4a2195737107aed265f -References: bsc#1186012, CVE-2021-3527 - -Signed-off-by: Philippe Mathieu-Daudé -Reviewed-by: Richard Henderson -Message-Id: <20210424224110.3442424-2-f4bug@amsat.org> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Jose R. Ziviani ---- - hw/usb/host-stub.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/hw/usb/host-stub.c b/hw/usb/host-stub.c -index 538ed29684cb7d3ed15df7a7b298..80809ceba54221818bd937ff01b6 100644 ---- a/hw/usb/host-stub.c -+++ b/hw/usb/host-stub.c -@@ -31,7 +31,6 @@ - */ - - #include "qemu/osdep.h" --#include "ui/console.h" - #include "hw/usb.h" - #include "monitor/monitor.h" - diff --git a/increase-x86_64-physical-bits-to-42.patch b/increase-x86_64-physical-bits-to-42.patch index 41bc06d9..05a3dc2e 100644 --- a/increase-x86_64-physical-bits-to-42.patch +++ b/increase-x86_64-physical-bits-to-42.patch @@ -18,7 +18,7 @@ Signed-off-by: Andreas Färber 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/tcg/helper-tcg.h b/target/i386/tcg/helper-tcg.h -index bcdfca06f699863a6dd2e872231c..ade34e5681775657b0b5220b43d7 100644 +index 2510cc244e91c91adfaffbb69674..b1903b2d86ac067ebe90212b25e0 100644 --- a/target/i386/tcg/helper-tcg.h +++ b/target/i386/tcg/helper-tcg.h @@ -26,7 +26,7 @@ diff --git a/linux-user-Fake-proc-cpuinfo.patch b/linux-user-Fake-proc-cpuinfo.patch index 86af7fbe..acdfec3c 100644 --- a/linux-user-Fake-proc-cpuinfo.patch +++ b/linux-user-Fake-proc-cpuinfo.patch @@ -21,10 +21,10 @@ Signed-off-by: Andreas Färber 1 file changed, 24 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 9002e4d6187d4796773cfeb63723..e5d22c4806cf4f11b43371dc52c2 100644 +index 7771dede6384e061b9ad10a2b0c2..3e206c14c12d48a2ee7d242f6f13 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -7977,6 +7977,27 @@ static int open_self_stat(void *cpu_env, int fd) +@@ -7860,6 +7860,27 @@ static int open_self_stat(void *cpu_env, int fd) return 0; } @@ -52,7 +52,7 @@ index 9002e4d6187d4796773cfeb63723..e5d22c4806cf4f11b43371dc52c2 100644 static int open_self_auxv(void *cpu_env, int fd) { CPUState *cpu = env_cpu((CPUArchState *)cpu_env); -@@ -8131,6 +8152,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, +@@ -8014,6 +8035,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, #if defined(TARGET_SPARC) || defined(TARGET_HPPA) { "/proc/cpuinfo", open_cpuinfo, is_proc }, #endif diff --git a/linux-user-aarch64-Enable-hwcap-for-RND-.patch b/linux-user-aarch64-Enable-hwcap-for-RND-.patch deleted file mode 100644 index 2e31e35b..00000000 --- a/linux-user-aarch64-Enable-hwcap-for-RND-.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Richard Henderson -Date: Tue, 27 Apr 2021 14:41:08 -0700 -Subject: linux-user/aarch64: Enable hwcap for RND, BTI, and MTE - -Git-commit: 68948d18224b93361e2880e2946ab268d0c650d7 - -These three features are already enabled by TCG, but are missing -their hwcap bits. Update HWCAP2 from linux v5.12. - -Cc: qemu-stable@nongnu.org (for 6.0.1) -Buglink: https://bugs.launchpad.net/bugs/1926044 -Signed-off-by: Richard Henderson -Message-id: 20210427214108.88503-1-richard.henderson@linaro.org -Signed-off-by: Peter Maydell -Signed-off-by: Jose R. Ziviani ---- - linux-user/elfload.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/linux-user/elfload.c b/linux-user/elfload.c -index c6731013fde2a8c206be1dd8553f..fc9c4f12be92bd4eec03e9e7803f 100644 ---- a/linux-user/elfload.c -+++ b/linux-user/elfload.c -@@ -586,6 +586,16 @@ enum { - ARM_HWCAP2_A64_SVESM4 = 1 << 6, - ARM_HWCAP2_A64_FLAGM2 = 1 << 7, - ARM_HWCAP2_A64_FRINT = 1 << 8, -+ ARM_HWCAP2_A64_SVEI8MM = 1 << 9, -+ ARM_HWCAP2_A64_SVEF32MM = 1 << 10, -+ ARM_HWCAP2_A64_SVEF64MM = 1 << 11, -+ ARM_HWCAP2_A64_SVEBF16 = 1 << 12, -+ ARM_HWCAP2_A64_I8MM = 1 << 13, -+ ARM_HWCAP2_A64_BF16 = 1 << 14, -+ ARM_HWCAP2_A64_DGH = 1 << 15, -+ ARM_HWCAP2_A64_RNG = 1 << 16, -+ ARM_HWCAP2_A64_BTI = 1 << 17, -+ ARM_HWCAP2_A64_MTE = 1 << 18, - }; - - #define ELF_HWCAP get_elf_hwcap() -@@ -640,6 +650,9 @@ static uint32_t get_elf_hwcap2(void) - GET_FEATURE_ID(aa64_dcpodp, ARM_HWCAP2_A64_DCPODP); - GET_FEATURE_ID(aa64_condm_5, ARM_HWCAP2_A64_FLAGM2); - GET_FEATURE_ID(aa64_frint, ARM_HWCAP2_A64_FRINT); -+ GET_FEATURE_ID(aa64_rndr, ARM_HWCAP2_A64_RNG); -+ GET_FEATURE_ID(aa64_bti, ARM_HWCAP2_A64_BTI); -+ GET_FEATURE_ID(aa64_mte, ARM_HWCAP2_A64_MTE); - - return hwcaps; - } diff --git a/linux-user-add-binfmt-wrapper-for-argv-0.patch b/linux-user-add-binfmt-wrapper-for-argv-0.patch index ecb933a6..931825ac 100644 --- a/linux-user-add-binfmt-wrapper-for-argv-0.patch +++ b/linux-user-add-binfmt-wrapper-for-argv-0.patch @@ -82,10 +82,10 @@ index 0000000000000000000000000000000000000000..cd1f513b334f3b263d9e4b5adb1981e3 + return execve(new_argv[0], new_argv, envp); +} diff --git a/meson.build b/meson.build -index c6f4b0cf5e8a88e2019fabd13f3a..4dd9c13852c017e89106e6a444ee 100644 +index b3e7ec0e92da8d333d0c49bbe4aa..72aa5562bb69b828e4ca8f65fb3b 100644 --- a/meson.build +++ b/meson.build -@@ -2318,6 +2318,11 @@ endforeach +@@ -2717,6 +2717,11 @@ endforeach # Other build targets diff --git a/linux-user-lseek-explicitly-cast-non-set.patch b/linux-user-lseek-explicitly-cast-non-set.patch index d92bdeab..798cad3d 100644 --- a/linux-user-lseek-explicitly-cast-non-set.patch +++ b/linux-user-lseek-explicitly-cast-non-set.patch @@ -15,10 +15,10 @@ Signed-off-by: Alexander Graf 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index ee3f66b0118d21748c1ff7475793..f15b5fda1296f2b1f9dc53f74734 100644 +index 54dcd38709918dd5f8aa8013ee17..4effe3b234aa7da037638b8a268e 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -8653,8 +8653,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1, +@@ -8537,8 +8537,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1, return ret; #endif #ifdef TARGET_NR_lseek diff --git a/linux-user-use-target_ulong.patch b/linux-user-use-target_ulong.patch index f55e4ce9..cbd1b9b4 100644 --- a/linux-user-use-target_ulong.patch +++ b/linux-user-use-target_ulong.patch @@ -16,7 +16,7 @@ Signed-off-by: Alexander Graf 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/linux-user/qemu.h b/linux-user/qemu.h -index 74e06e7121c56fbf568bc0d48164..709714dad5384d0813083af204c4 100644 +index 3b0b6b75fe8f1c5a5a5eb56ff99d..6a1d9b2d90da099bb2faaebbd265 100644 --- a/linux-user/qemu.h +++ b/linux-user/qemu.h @@ -231,10 +231,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src, @@ -35,10 +35,10 @@ index 74e06e7121c56fbf568bc0d48164..709714dad5384d0813083af204c4 100644 void cpu_loop(CPUArchState *env); const char *target_strerror(int err); diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index e5d22c4806cf4f11b43371dc52c2..ee3f66b0118d21748c1ff7475793 100644 +index 3e206c14c12d48a2ee7d242f6f13..54dcd38709918dd5f8aa8013ee17 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -8295,10 +8295,10 @@ static int host_to_target_cpu_mask(const unsigned long *host_mask, +@@ -8182,10 +8182,10 @@ _syscall2(int, pivot_root, const char *, new_root, const char *, put_old) * of syscall results, can be performed. * All errnos that do_syscall() returns must be -TARGET_. */ @@ -53,7 +53,7 @@ index e5d22c4806cf4f11b43371dc52c2..ee3f66b0118d21748c1ff7475793 100644 { CPUState *cpu = env_cpu(cpu_env); abi_long ret; -@@ -10966,7 +10966,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, +@@ -10794,7 +10794,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, */ ret = -TARGET_EINVAL; if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env)) @@ -62,7 +62,7 @@ index e5d22c4806cf4f11b43371dc52c2..ee3f66b0118d21748c1ff7475793 100644 CPUARMState *env = cpu_env; ARMCPU *cpu = env_archcpu(env); uint32_t vq, old_vq; -@@ -13318,10 +13318,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, +@@ -13163,10 +13163,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, return ret; } diff --git a/module-for-virtio-gpu-pre-load-module-to.patch b/module-for-virtio-gpu-pre-load-module-to.patch deleted file mode 100644 index 88453792..00000000 --- a/module-for-virtio-gpu-pre-load-module-to.patch +++ /dev/null @@ -1,113 +0,0 @@ -From: Bruce Rogers -Date: Thu, 21 Jan 2021 16:34:32 -0700 -Subject: module: for virtio-gpu, pre-load module to avoid abort on missing - module - -If the hw-display-virtio-gpu module is not loadable when the virtio-gpu -device is referenced either on the command line or the monitor, qemu -will call abort. We can fail gracefully by moving the attempted module -load to a context better situated to handle errors properly. (bsc#1181103) - -Signed-off-by: Bruce Rogers ---- - include/qemu/module.h | 1 + - qom/object.c | 12 ++++++++++++ - qom/qom-qmp-cmds.c | 17 +++++++++++++++++ - softmmu/qdev-monitor.c | 15 +++++++++++++++ - 4 files changed, 45 insertions(+) - -diff --git a/include/qemu/module.h b/include/qemu/module.h -index 944d403cbd1535cc121af76a94f2..4b42dd285eeac1ba12e5c9e18ac0 100644 ---- a/include/qemu/module.h -+++ b/include/qemu/module.h -@@ -72,5 +72,6 @@ void module_call_init(module_init_type type); - bool module_load_one(const char *prefix, const char *lib_name, bool mayfail); - void module_load_qom_one(const char *type); - void module_load_qom_all(void); -+int module_load_check(const char *name); - - #endif -diff --git a/qom/object.c b/qom/object.c -index 6a01d56546968c094ac4831acb2c..1b132653c3fc8d5150723b2d4cf7 100644 ---- a/qom/object.c -+++ b/qom/object.c -@@ -518,6 +518,18 @@ static void object_initialize_with_type(Object *obj, size_t size, TypeImpl *type - object_post_init_with_type(obj, type); - } - -+#ifdef CONFIG_MODULES -+int module_load_check(const char *name) -+{ -+ TypeImpl *type = type_get_by_name(name); -+ if (!type) { -+ module_load_qom_one(name); -+ type = type_get_by_name(name); -+ } -+ return type == NULL; -+} -+#endif -+ - void object_initialize(void *data, size_t size, const char *typename) - { - TypeImpl *type = type_get_by_name(typename); -diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c -index 2d6f41ecc7ef4f2b82e55e730dc6..5ec565ad8f0f06d68022f3a4d3d5 100644 ---- a/qom/qom-qmp-cmds.c -+++ b/qom/qom-qmp-cmds.c -@@ -129,6 +129,23 @@ ObjectPropertyInfoList *qmp_device_list_properties(const char *typename, - ObjectPropertyIterator iter; - ObjectPropertyInfoList *prop_list = NULL; - -+#ifdef CONFIG_MODULES -+ if (!strcmp(typename, "virtio-gpu-pci") || !strcmp(typename, "virtio-gpu-ccw")) { -+ if (module_load_check("virtio-gpu-device")) { -+ ObjectPropertyInfo *info; -+ info = g_new0(ObjectPropertyInfo, 1); -+ info->name = g_strdup("dummy"); -+ info->type = g_strdup("dummy"); -+ info->has_description = false; -+ info->description = NULL; -+ info->default_value = 0; -+ info->has_default_value = 0; -+ QAPI_LIST_PREPEND(prop_list, info); -+ return prop_list; -+ } -+ } -+#endif -+ - klass = module_object_class_by_name(typename); - if (klass == NULL) { - error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, -diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c -index a9955b97a078ea657546d9e2382f..8b71c08af53010428b0fc209bc5b 100644 ---- a/softmmu/qdev-monitor.c -+++ b/softmmu/qdev-monitor.c -@@ -274,6 +274,13 @@ int qdev_device_help(QemuOpts *opts) - int i; - - driver = qemu_opt_get(opts, "driver"); -+#ifdef CONFIG_MODULES -+ if (driver && !strcmp(driver, "virtio-gpu")) { -+ if (module_load_check("virtio-gpu-device")) { -+ return 0; -+ } -+ } -+#endif - if (driver && is_help_option(driver)) { - qdev_print_devinfos(false); - return 1; -@@ -646,6 +653,14 @@ DeviceState *qdev_device_add(QemuOpts *opts, Error **errp) - return NULL; - } - -+#ifdef CONFIG_MODULES -+ if (!strcmp(driver, "virtio-gpu-pci") || !strcmp(driver, "virtio-gpu-ccw")) { -+ if (module_load_check("virtio-gpu-device")) { -+ error_setg(errp, "loadable module for %s not available!", driver); -+ return NULL; -+ } -+ } -+#endif - /* create device */ - dev = qdev_new(driver); - diff --git a/monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch b/monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch deleted file mode 100644 index b926c7e5..00000000 --- a/monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch +++ /dev/null @@ -1,86 +0,0 @@ -From: Stefan Reiter -Date: Mon, 22 Mar 2021 16:40:24 +0100 -Subject: monitor/qmp: fix race on CHR_EVENT_CLOSED without OOB - -Git-commit: a67b996e7894edfafbcd3fd007c9f58f26d25908 - -The QMP dispatcher coroutine holds the qmp_queue_lock over a yield -point, where it expects to be rescheduled from the main context. If a -CHR_EVENT_CLOSED event is received just then, it can race and block the -main thread on the mutex in monitor_qmp_cleanup_queue_and_resume. - -monitor_resume does not need to be called from main context, so we can -call it immediately after popping a request from the queue, which allows -us to drop the qmp_queue_lock mutex before yielding. - -Suggested-by: Wolfgang Bumiller -Signed-off-by: Stefan Reiter -Message-Id: <20210322154024.15011-1-s.reiter@proxmox.com> -Reviewed-by: Kevin Wolf -Cc: qemu-stable@nongnu.org -Signed-off-by: Markus Armbruster -Signed-off-by: Jose R. Ziviani ---- - monitor/qmp.c | 40 ++++++++++++++++++++++------------------ - 1 file changed, 22 insertions(+), 18 deletions(-) - -diff --git a/monitor/qmp.c b/monitor/qmp.c -index 2b0308f93371dde1a8085ac9c402..092c527b6fc9c6363f4bf81d8573 100644 ---- a/monitor/qmp.c -+++ b/monitor/qmp.c -@@ -257,24 +257,6 @@ void coroutine_fn monitor_qmp_dispatcher_co(void *data) - trace_monitor_qmp_in_band_dequeue(req_obj, - req_obj->mon->qmp_requests->length); - -- if (qatomic_xchg(&qmp_dispatcher_co_busy, true) == true) { -- /* -- * Someone rescheduled us (probably because a new requests -- * came in), but we didn't actually yield. Do that now, -- * only to be immediately reentered and removed from the -- * list of scheduled coroutines. -- */ -- qemu_coroutine_yield(); -- } -- -- /* -- * Move the coroutine from iohandler_ctx to qemu_aio_context for -- * executing the command handler so that it can make progress if it -- * involves an AIO_WAIT_WHILE(). -- */ -- aio_co_schedule(qemu_get_aio_context(), qmp_dispatcher_co); -- qemu_coroutine_yield(); -- - /* - * @req_obj has a request, we hold req_obj->mon->qmp_queue_lock - */ -@@ -298,8 +280,30 @@ void coroutine_fn monitor_qmp_dispatcher_co(void *data) - monitor_resume(&mon->common); - } - -+ /* -+ * Drop the queue mutex now, before yielding, otherwise we might -+ * deadlock if the main thread tries to lock it. -+ */ - qemu_mutex_unlock(&mon->qmp_queue_lock); - -+ if (qatomic_xchg(&qmp_dispatcher_co_busy, true) == true) { -+ /* -+ * Someone rescheduled us (probably because a new requests -+ * came in), but we didn't actually yield. Do that now, -+ * only to be immediately reentered and removed from the -+ * list of scheduled coroutines. -+ */ -+ qemu_coroutine_yield(); -+ } -+ -+ /* -+ * Move the coroutine from iohandler_ctx to qemu_aio_context for -+ * executing the command handler so that it can make progress if it -+ * involves an AIO_WAIT_WHILE(). -+ */ -+ aio_co_schedule(qemu_get_aio_context(), qmp_dispatcher_co); -+ qemu_coroutine_yield(); -+ - /* Process request */ - if (req_obj->req) { - if (trace_event_get_state(TRACE_MONITOR_QMP_CMD_IN_BAND)) { diff --git a/net-vmxnet3-validate-configuration-value.patch b/net-vmxnet3-validate-configuration-value.patch index ba410357..ad2e8e0b 100644 --- a/net-vmxnet3-validate-configuration-value.patch +++ b/net-vmxnet3-validate-configuration-value.patch @@ -21,10 +21,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 13 insertions(+) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c -index eff299f6290cee3e784d93561798..4a910ca97188df056219062c30da 100644 +index 41f796a247dfe84cc667fef6c48b..f65af4e9ef27a85850968c811e52 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c -@@ -1420,6 +1420,7 @@ static void vmxnet3_activate_device(VMXNET3State *s) +@@ -1441,6 +1441,7 @@ static void vmxnet3_activate_device(VMXNET3State *s) vmxnet3_setup_rx_filtering(s); /* Cache fields from shared memory */ s->mtu = VMXNET3_READ_DRV_SHARED32(d, s->drv_shmem, devRead.misc.mtu); @@ -32,7 +32,7 @@ index eff299f6290cee3e784d93561798..4a910ca97188df056219062c30da 100644 VMW_CFPRN("MTU is %u", s->mtu); s->max_rx_frags = -@@ -1473,6 +1474,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) +@@ -1486,6 +1487,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) /* Read rings memory locations for TX queues */ pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.txRingBasePA); size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.txRingSize); @@ -42,7 +42,7 @@ index eff299f6290cee3e784d93561798..4a910ca97188df056219062c30da 100644 vmxnet3_ring_init(d, &s->txq_descr[i].tx_ring, pa, size, sizeof(struct Vmxnet3_TxDesc), false); -@@ -1483,6 +1487,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) +@@ -1496,6 +1500,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) /* TXC ring */ pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.compRingBasePA); size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.compRingSize); @@ -52,7 +52,7 @@ index eff299f6290cee3e784d93561798..4a910ca97188df056219062c30da 100644 vmxnet3_ring_init(d, &s->txq_descr[i].comp_ring, pa, size, sizeof(struct Vmxnet3_TxCompDesc), true); VMXNET3_RING_DUMP(VMW_CFPRN, "TXC", i, &s->txq_descr[i].comp_ring); -@@ -1524,6 +1531,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) +@@ -1537,6 +1544,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) /* RX rings */ pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.rxRingBasePA[j]); size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.rxRingSize[j]); @@ -62,7 +62,7 @@ index eff299f6290cee3e784d93561798..4a910ca97188df056219062c30da 100644 vmxnet3_ring_init(d, &s->rxq_descr[i].rx_ring[j], pa, size, sizeof(struct Vmxnet3_RxDesc), false); VMW_CFPRN("RX queue %d:%d: Base: %" PRIx64 ", Size: %d", -@@ -1533,6 +1543,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) +@@ -1546,6 +1556,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) /* RXC ring */ pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.compRingBasePA); size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.compRingSize); diff --git a/pc-bios-s390-ccw-net-avoid-warning-about.patch b/pc-bios-s390-ccw-net-avoid-warning-about.patch index 8fe8b264..f21c07a3 100644 --- a/pc-bios-s390-ccw-net-avoid-warning-about.patch +++ b/pc-bios-s390-ccw-net-avoid-warning-about.patch @@ -11,7 +11,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+) diff --git a/pc-bios/s390-ccw/netboot.mak b/pc-bios/s390-ccw/netboot.mak -index 577c023afe3db17ada307b2abbcc..cea8fb8532ddccda2390d936c93f 100644 +index 68b4d7edcb2c8b10e162a0872e27..1839add9eea2af542b01b5591121 100644 --- a/pc-bios/s390-ccw/netboot.mak +++ b/pc-bios/s390-ccw/netboot.mak @@ -54,6 +54,7 @@ LIBNETOBJS := args.o dhcp.o dns.o icmpv6.o ipv6.o tcp.o udp.o bootp.o \ diff --git a/pvrdma-Ensure-correct-input-on-ring-init.patch b/pvrdma-Ensure-correct-input-on-ring-init.patch deleted file mode 100644 index e1567943..00000000 --- a/pvrdma-Ensure-correct-input-on-ring-init.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Marcel Apfelbaum -Date: Wed, 30 Jun 2021 14:46:34 +0300 -Subject: pvrdma: Ensure correct input on ring init (CVE-2021-3607) - -Git-commit: 32e5703cfea07c91e6e84bcb0313f633bb146534 -References: CVE-2021-3607 bsc#1187539 - -Check the guest passed a non zero page count -for pvrdma device ring buffers. - -Fixes: CVE-2021-3607 -Reported-by: VictorV (Kunlun Lab) -Reviewed-by: VictorV (Kunlun Lab) -Signed-off-by: Marcel Apfelbaum -Message-Id: <20210630114634.2168872-1-marcel@redhat.com> -Reviewed-by: Yuval Shaia -Tested-by: Yuval Shaia -Signed-off-by: Marcel Apfelbaum -Signed-off-by: Jose R. Ziviani ---- - hw/rdma/vmw/pvrdma_main.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c -index 84ae8024fcfd86c535aeacc7198a..7c0c3551a8a4952397e1202cfc9f 100644 ---- a/hw/rdma/vmw/pvrdma_main.c -+++ b/hw/rdma/vmw/pvrdma_main.c -@@ -92,6 +92,11 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state, - uint64_t *dir, *tbl; - int rc = 0; - -+ if (!num_pages) { -+ rdma_error_report("Ring pages count must be strictly positive"); -+ return -EINVAL; -+ } -+ - dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE); - if (!dir) { - rdma_error_report("Failed to map to page directory (ring %s)", name); diff --git a/pvrdma-Fix-the-ring-init-error-flow-CVE-.patch b/pvrdma-Fix-the-ring-init-error-flow-CVE-.patch deleted file mode 100644 index 0682abb2..00000000 --- a/pvrdma-Fix-the-ring-init-error-flow-CVE-.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Marcel Apfelbaum -Date: Wed, 30 Jun 2021 14:52:46 +0300 -Subject: pvrdma: Fix the ring init error flow (CVE-2021-3608) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 66ae37d8cc313f89272e711174a846a229bcdbd3 -References: CVE-2021-3608 bsc#1187538 - -Do not unmap uninitialized dma addresses. - -Fixes: CVE-2021-3608 -Reviewed-by: VictorV (Kunlun Lab) -Tested-by: VictorV (Kunlun Lab) -Signed-off-by: Marcel Apfelbaum -Message-Id: <20210630115246.2178219-1-marcel@redhat.com> -Tested-by: Yuval Shaia -Reviewed-by: Yuval Shaia -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Marcel Apfelbaum -Signed-off-by: Jose R. Ziviani ---- - hw/rdma/vmw/pvrdma_dev_ring.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c -index 074ac59b84db3ab6bb092cb28fea..42130667a7d41bb2500f3ae5119c 100644 ---- a/hw/rdma/vmw/pvrdma_dev_ring.c -+++ b/hw/rdma/vmw/pvrdma_dev_ring.c -@@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, const char *name, PCIDevice *dev, - qatomic_set(&ring->ring_state->cons_head, 0); - */ - ring->npages = npages; -- ring->pages = g_malloc(npages * sizeof(void *)); -+ ring->pages = g_malloc0(npages * sizeof(void *)); - - for (i = 0; i < npages; i++) { - if (!tbl[i]) { diff --git a/qemu-6.0.0.tar.xz b/qemu-6.0.0.tar.xz deleted file mode 100644 index 52a4d956..00000000 --- a/qemu-6.0.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:87bc1a471ca24b97e7005711066007d443423d19aacda3d442558ae032fa30b9 -size 107333232 diff --git a/qemu-6.0.0.tar.xz.sig b/qemu-6.0.0.tar.xz.sig deleted file mode 100644 index 7c092631..00000000 Binary files a/qemu-6.0.0.tar.xz.sig and /dev/null differ diff --git a/qemu-6.1.0.tar.xz b/qemu-6.1.0.tar.xz new file mode 100644 index 00000000..f7f73360 --- /dev/null +++ b/qemu-6.1.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eebc089db3414bbeedf1e464beda0a7515aad30f73261abc246c9b27503a3c96 +size 111258808 diff --git a/qemu-6.1.0.tar.xz.sig b/qemu-6.1.0.tar.xz.sig new file mode 100644 index 00000000..12900c9e Binary files /dev/null and b/qemu-6.1.0.tar.xz.sig differ diff --git a/qemu-binfmt-conf-Modify-default-path.patch b/qemu-binfmt-conf-Modify-default-path.patch index 792b6935..d80af9d3 100644 --- a/qemu-binfmt-conf-Modify-default-path.patch +++ b/qemu-binfmt-conf-Modify-default-path.patch @@ -13,10 +13,10 @@ Signed-off-by: Andreas Färber 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh -index 573b5dc6acd7901b907ec8ffc065..820b0cecf80d0dd1fb564674b438 100755 +index 7de996d536eaf9c41255ae9695a5..cb06245a834f9e8f2bb0464a25ce 100755 --- a/scripts/qemu-binfmt-conf.sh +++ b/scripts/qemu-binfmt-conf.sh -@@ -332,7 +332,7 @@ BINFMT_SET=qemu_register_interpreter +@@ -334,7 +334,7 @@ BINFMT_SET=qemu_register_interpreter SYSTEMDDIR="/etc/binfmt.d" DEBIANDIR="/usr/share/binfmts" diff --git a/qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch b/qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch index f52f347d..bf751d43 100644 --- a/qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch +++ b/qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch @@ -12,7 +12,7 @@ Signed-off-by: Andreas Färber 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh -index 820b0cecf80d0dd1fb564674b438..fb504a44a1e8d07220b65ee534dd 100755 +index cb06245a834f9e8f2bb0464a25ce..c46e604fa6ef3faaecccaae835ba 100755 --- a/scripts/qemu-binfmt-conf.sh +++ b/scripts/qemu-binfmt-conf.sh @@ -275,7 +275,7 @@ qemu_generate_register() { @@ -24,7 +24,7 @@ index 820b0cecf80d0dd1fb564674b438..fb504a44a1e8d07220b65ee534dd 100755 } qemu_register_interpreter() { -@@ -314,9 +314,9 @@ qemu_set_binfmts() { +@@ -316,9 +316,9 @@ qemu_set_binfmts() { continue fi diff --git a/qemu-config-load-modules-when-instantiat.patch b/qemu-config-load-modules-when-instantiat.patch deleted file mode 100644 index 82b6c374..00000000 --- a/qemu-config-load-modules-when-instantiat.patch +++ /dev/null @@ -1,115 +0,0 @@ -From: Paolo Bonzini -Date: Tue, 18 May 2021 09:08:17 -0400 -Subject: qemu-config: load modules when instantiating option groups - -Git-commit: 632a8873500d27022c584256afc11e57e2418b94 - -Right now the SPICE module is special cased to be loaded when processing -of the -spice command line option. However, the spice option group -can also be brought in via -readconfig, in which case the module is -not loaded. - -Add a generic hook to load modules that provide a QemuOpts group, -and use it for the "spice" and "iscsi" groups. - -Fixes: #194 -Fixes: https://bugs.launchpad.net/qemu/+bug/1910696 -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -Signed-off-by: Jose R. Ziviani ---- - include/qemu/config-file.h | 2 +- - softmmu/vl.c | 21 +++++++++++++++++---- - stubs/meson.build | 1 + - stubs/module-opts.c | 6 ++++++ - util/qemu-config.c | 1 + - 5 files changed, 26 insertions(+), 5 deletions(-) - -diff --git a/include/qemu/config-file.h b/include/qemu/config-file.h -index 8d3e53ae4d439cb50b34f0845495..0500b3668d8042013963930d4a12 100644 ---- a/include/qemu/config-file.h -+++ b/include/qemu/config-file.h -@@ -1,7 +1,7 @@ - #ifndef QEMU_CONFIG_FILE_H - #define QEMU_CONFIG_FILE_H - -- -+void qemu_load_module_for_opts(const char *group); - QemuOptsList *qemu_find_opts(const char *group); - QemuOptsList *qemu_find_opts_err(const char *group, Error **errp); - QemuOpts *qemu_find_opts_singleton(const char *group); -diff --git a/softmmu/vl.c b/softmmu/vl.c -index 1b9b067ecad6fb392bb34f61fe77..bb3e6821e844d3f87cbc628b922f 100644 ---- a/softmmu/vl.c -+++ b/softmmu/vl.c -@@ -2614,6 +2614,23 @@ void qmp_x_exit_preconfig(Error **errp) - } - } - -+#ifdef CONFIG_MODULES -+void qemu_load_module_for_opts(const char *group) -+{ -+ static bool spice_tried; -+ if (g_str_equal(group, "spice") && !spice_tried) { -+ ui_module_load_one("spice-core"); -+ spice_tried = true; -+ } -+ -+ static bool iscsi_tried; -+ if (g_str_equal(group, "iscsi") && !iscsi_tried) { -+ block_module_load_one("iscsi"); -+ iscsi_tried = true; -+ } -+} -+#endif -+ - void qemu_init(int argc, char **argv, char **envp) - { - QemuOpts *opts; -@@ -3384,10 +3401,6 @@ void qemu_init(int argc, char **argv, char **envp) - break; - case QEMU_OPTION_spice: - olist = qemu_find_opts_err("spice", NULL); -- if (!olist) { -- ui_module_load_one("spice-core"); -- olist = qemu_find_opts("spice"); -- } - if (!olist) { - error_report("spice support is disabled"); - exit(1); -diff --git a/stubs/meson.build b/stubs/meson.build -index be6f6d609e58de2a4c4c83d9002b..5555b69103baba363483e047af06 100644 ---- a/stubs/meson.build -+++ b/stubs/meson.build -@@ -22,6 +22,7 @@ stub_ss.add(files('isa-bus.c')) - stub_ss.add(files('is-daemonized.c')) - stub_ss.add(when: 'CONFIG_LINUX_AIO', if_true: files('linux-aio.c')) - stub_ss.add(files('migr-blocker.c')) -+stub_ss.add(files('module-opts.c')) - stub_ss.add(files('monitor.c')) - stub_ss.add(files('monitor-core.c')) - stub_ss.add(files('pci-bus.c')) -diff --git a/stubs/module-opts.c b/stubs/module-opts.c -new file mode 100644 -index 0000000000000000000000000000000000000000..a7d0e4ad6eada291cfd0376ff58ce5efcdb76d08 ---- /dev/null -+++ b/stubs/module-opts.c -@@ -0,0 +1,6 @@ -+#include "qemu/osdep.h" -+#include "qemu/config-file.h" -+ -+void qemu_load_module_for_opts(const char *group) -+{ -+} -diff --git a/util/qemu-config.c b/util/qemu-config.c -index 670bd6ebcaaa414137af63c62bb9..34974c4b47d61bdcefa203b1c9fc 100644 ---- a/util/qemu-config.c -+++ b/util/qemu-config.c -@@ -16,6 +16,7 @@ static QemuOptsList *find_list(QemuOptsList **lists, const char *group, - { - int i; - -+ qemu_load_module_for_opts(group); - for (i = 0; lists[i] != NULL; i++) { - if (strcmp(lists[i]->name, group) == 0) - break; diff --git a/qemu-config-parse-configuration-files-to.patch b/qemu-config-parse-configuration-files-to.patch deleted file mode 100644 index 4c9891d7..00000000 --- a/qemu-config-parse-configuration-files-to.patch +++ /dev/null @@ -1,237 +0,0 @@ -From: Paolo Bonzini -Date: Mon, 24 May 2021 06:57:50 -0400 -Subject: qemu-config: parse configuration files to a QDict - -Git-commit: 37701411397c7b7d709ae92abd347cc593940ee5 - -Change the parser to put the values into a QDict and pass them -to a callback. qemu_config_parse's QemuOpts creation is -itself turned into a callback function. - -This is useful for -readconfig to support keyval-based options; -getting a QDict from the parser removes a roundtrip from -QDict to QemuOpts and then back to QDict. - -Unfortunately there is a disadvantage in that semantic errors will -point to the last line of the group, because the entries of the QDict -do not have a location attached. - -Cc: Kevin Wolf -Cc: Markus Armbruster -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -Message-Id: <20210524105752.3318299-2-pbonzini@redhat.com> -Signed-off-by: Paolo Bonzini -Signed-off-by: Jose R. Ziviani ---- - include/qemu/config-file.h | 7 ++- - softmmu/vl.c | 4 +- - util/qemu-config.c | 98 ++++++++++++++++++++++++++------------ - 3 files changed, 76 insertions(+), 33 deletions(-) - -diff --git a/include/qemu/config-file.h b/include/qemu/config-file.h -index 0500b3668d8042013963930d4a12..f6054233212a5b4735a95b5dd78e 100644 ---- a/include/qemu/config-file.h -+++ b/include/qemu/config-file.h -@@ -1,6 +1,8 @@ - #ifndef QEMU_CONFIG_FILE_H - #define QEMU_CONFIG_FILE_H - -+typedef void QEMUConfigCB(const char *group, QDict *qdict, void *opaque, Error **errp); -+ - void qemu_load_module_for_opts(const char *group); - QemuOptsList *qemu_find_opts(const char *group); - QemuOptsList *qemu_find_opts_err(const char *group, Error **errp); -@@ -14,7 +16,10 @@ void qemu_config_write(FILE *fp); - int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, - Error **errp); - --int qemu_read_config_file(const char *filename, Error **errp); -+/* A default callback for qemu_read_config_file(). */ -+void qemu_config_do_parse(const char *group, QDict *qdict, void *opaque, Error **errp); -+ -+int qemu_read_config_file(const char *filename, QEMUConfigCB *f, Error **errp); - - /* Parse QDict options as a replacement for a config file (allowing multiple - enumerated (0..(n-1)) configuration "sections") */ -diff --git a/softmmu/vl.c b/softmmu/vl.c -index bb3e6821e844d3f87cbc628b922f..5c7e7570f627a54eb22f668dceb0 100644 ---- a/softmmu/vl.c -+++ b/softmmu/vl.c -@@ -2120,7 +2120,7 @@ static void qemu_read_default_config_file(Error **errp) - int ret; - g_autofree char *file = get_relocated_path(CONFIG_QEMU_CONFDIR "/qemu.conf"); - -- ret = qemu_read_config_file(file, errp); -+ ret = qemu_read_config_file(file, qemu_config_do_parse, errp); - if (ret < 0) { - if (ret == -ENOENT) { - error_free(*errp); -@@ -3397,7 +3397,7 @@ void qemu_init(int argc, char **argv, char **envp) - qemu_plugin_opt_parse(optarg, &plugin_list); - break; - case QEMU_OPTION_readconfig: -- qemu_read_config_file(optarg, &error_fatal); -+ qemu_read_config_file(optarg, qemu_config_do_parse, &error_fatal); - break; - case QEMU_OPTION_spice: - olist = qemu_find_opts_err("spice", NULL); -diff --git a/util/qemu-config.c b/util/qemu-config.c -index 34974c4b47d61bdcefa203b1c9fc..374f3bc4600c1c3b989638583494 100644 ---- a/util/qemu-config.c -+++ b/util/qemu-config.c -@@ -2,6 +2,7 @@ - #include "block/qdict.h" /* for qdict_extract_subqdict() */ - #include "qapi/error.h" - #include "qapi/qapi-commands-misc.h" -+#include "qapi/qmp/qerror.h" - #include "qapi/qmp/qdict.h" - #include "qapi/qmp/qlist.h" - #include "qemu/error-report.h" -@@ -351,19 +352,19 @@ void qemu_config_write(FILE *fp) - } - - /* Returns number of config groups on success, -errno on error */ --int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, Error **errp) -+static int qemu_config_foreach(FILE *fp, QEMUConfigCB *cb, void *opaque, -+ const char *fname, Error **errp) - { -- char line[1024], group[64], id[64], arg[64], value[1024]; -+ char line[1024], prev_group[64], group[64], arg[64], value[1024]; - Location loc; -- QemuOptsList *list = NULL; - Error *local_err = NULL; -- QemuOpts *opts = NULL; -+ QDict *qdict = NULL; - int res = -EINVAL, lno = 0; - int count = 0; - - loc_push_none(&loc); - while (fgets(line, sizeof(line), fp) != NULL) { -- loc_set_file(fname, ++lno); -+ ++lno; - if (line[0] == '\n') { - /* skip empty lines */ - continue; -@@ -372,39 +373,39 @@ int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, Error * - /* comment */ - continue; - } -- if (sscanf(line, "[%63s \"%63[^\"]\"]", group, id) == 2) { -- /* group with id */ -- list = find_list(lists, group, &local_err); -- if (local_err) { -- error_propagate(errp, local_err); -- goto out; -+ if (line[0] == '[') { -+ QDict *prev = qdict; -+ if (sscanf(line, "[%63s \"%63[^\"]\"]", group, value) == 2) { -+ qdict = qdict_new(); -+ qdict_put_str(qdict, "id", value); -+ count++; -+ } else if (sscanf(line, "[%63[^]]]", group) == 1) { -+ qdict = qdict_new(); -+ count++; - } -- opts = qemu_opts_create(list, id, 1, NULL); -- count++; -- continue; -- } -- if (sscanf(line, "[%63[^]]]", group) == 1) { -- /* group without id */ -- list = find_list(lists, group, &local_err); -- if (local_err) { -- error_propagate(errp, local_err); -- goto out; -+ if (qdict != prev) { -+ if (prev) { -+ cb(prev_group, prev, opaque, &local_err); -+ qobject_unref(prev); -+ if (local_err) { -+ error_propagate(errp, local_err); -+ goto out; -+ } -+ } -+ strcpy(prev_group, group); -+ continue; - } -- opts = qemu_opts_create(list, NULL, 0, &error_abort); -- count++; -- continue; - } -+ loc_set_file(fname, lno); - value[0] = '\0'; - if (sscanf(line, " %63s = \"%1023[^\"]\"", arg, value) == 2 || - sscanf(line, " %63s = \"\"", arg) == 1) { - /* arg = value */ -- if (opts == NULL) { -+ if (qdict == NULL) { - error_setg(errp, "no group defined"); - goto out; - } -- if (!qemu_opt_set(opts, arg, value, errp)) { -- goto out; -- } -+ qdict_put_str(qdict, arg, value); - continue; - } - error_setg(errp, "parse error"); -@@ -417,11 +418,48 @@ int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, Error * - } - res = count; - out: -+ if (qdict) { -+ cb(group, qdict, opaque, errp); -+ qobject_unref(qdict); -+ } - loc_pop(&loc); - return res; - } - --int qemu_read_config_file(const char *filename, Error **errp) -+void qemu_config_do_parse(const char *group, QDict *qdict, void *opaque, Error **errp) -+{ -+ QemuOptsList **lists = opaque; -+ const char *id = qdict_get_try_str(qdict, "id"); -+ QemuOptsList *list; -+ QemuOpts *opts; -+ const QDictEntry *unrecognized; -+ -+ list = find_list(lists, group, errp); -+ if (!list) { -+ return; -+ } -+ -+ opts = qemu_opts_create(list, id, 1, errp); -+ if (!opts) { -+ return; -+ } -+ if (!qemu_opts_absorb_qdict(opts, qdict, errp)) { -+ qemu_opts_del(opts); -+ return; -+ } -+ unrecognized = qdict_first(qdict); -+ if (unrecognized) { -+ error_setg(errp, QERR_INVALID_PARAMETER, unrecognized->key); -+ qemu_opts_del(opts); -+ } -+} -+ -+int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, Error **errp) -+{ -+ return qemu_config_foreach(fp, qemu_config_do_parse, lists, fname, errp); -+} -+ -+int qemu_read_config_file(const char *filename, QEMUConfigCB *cb, Error **errp) - { - FILE *f = fopen(filename, "r"); - int ret; -@@ -431,7 +469,7 @@ int qemu_read_config_file(const char *filename, Error **errp) - return -errno; - } - -- ret = qemu_config_parse(f, vm_config_groups, filename, errp); -+ ret = qemu_config_foreach(f, cb, vm_config_groups, filename, errp); - fclose(f); - return ret; - } diff --git a/qemu-config-use-qemu_opts_from_qdict.patch b/qemu-config-use-qemu_opts_from_qdict.patch deleted file mode 100644 index 663cc0fa..00000000 --- a/qemu-config-use-qemu_opts_from_qdict.patch +++ /dev/null @@ -1,60 +0,0 @@ -From: Paolo Bonzini -Date: Wed, 9 Jun 2021 14:34:35 +0200 -Subject: qemu-config: use qemu_opts_from_qdict - -Git-commit: e7d85d955a7a3405934a104f35228aae1d338a6d - -Using qemu_opts_absorb_qdict, and then checking for any leftover options, -is redundant because there is already a function that does the same, -qemu_opts_from_qdict. qemu_opts_from_qdict consumes the whole dictionary -and therefore can just return an error message if an option fails to validate. - -This also fixes a bug, because the "id" entry was retrieved in -qemu_config_do_parse and then left there by qemu_opts_absorb_qdict. -As a result, it was reported as an unrecognized option. - -Reported-by: Markus Armbruster -Reviewed-by: Markus Armbruster -Fixes: 3770141139 ("qemu-config: parse configuration files to a QDict") -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -Signed-off-by: Jose R. Ziviani ---- - util/qemu-config.c | 17 +---------------- - 1 file changed, 1 insertion(+), 16 deletions(-) - -diff --git a/util/qemu-config.c b/util/qemu-config.c -index 374f3bc4600c1c3b989638583494..84ee6dc4ea58014ad7d7ca8d83a2 100644 ---- a/util/qemu-config.c -+++ b/util/qemu-config.c -@@ -429,29 +429,14 @@ out: - void qemu_config_do_parse(const char *group, QDict *qdict, void *opaque, Error **errp) - { - QemuOptsList **lists = opaque; -- const char *id = qdict_get_try_str(qdict, "id"); - QemuOptsList *list; -- QemuOpts *opts; -- const QDictEntry *unrecognized; - - list = find_list(lists, group, errp); - if (!list) { - return; - } - -- opts = qemu_opts_create(list, id, 1, errp); -- if (!opts) { -- return; -- } -- if (!qemu_opts_absorb_qdict(opts, qdict, errp)) { -- qemu_opts_del(opts); -- return; -- } -- unrecognized = qdict_first(qdict); -- if (unrecognized) { -- error_setg(errp, QERR_INVALID_PARAMETER, unrecognized->key); -- qemu_opts_del(opts); -- } -+ qemu_opts_from_qdict(list, qdict, errp); - } - - int qemu_config_parse(FILE *fp, QemuOptsList **lists, const char *fname, Error **errp) diff --git a/qemu-cvs-gettimeofday.patch b/qemu-cvs-gettimeofday.patch index f56bb2bf..5bd180e6 100644 --- a/qemu-cvs-gettimeofday.patch +++ b/qemu-cvs-gettimeofday.patch @@ -11,10 +11,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 3 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 95d79ddc437a6741586071af532f..1e7f0206f4e4852c317f8ab0a7b6 100644 +index ccd3892b2df7ab1261d6c736afef..4a66b6b0072fbeba0629bf93be29 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -9534,6 +9534,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, +@@ -9363,6 +9363,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, { struct timeval tv; struct timezone tz; diff --git a/qemu-cvs-ioctl_debug.patch b/qemu-cvs-ioctl_debug.patch index e4dfbcb7..46c388d0 100644 --- a/qemu-cvs-ioctl_debug.patch +++ b/qemu-cvs-ioctl_debug.patch @@ -13,10 +13,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 1e7f0206f4e4852c317f8ab0a7b6..dcbd44dbb4202e311c9fe91aa427 100644 +index 4a66b6b0072fbeba0629bf93be29..6c1daf5addf0c8b746a7aafddbf7 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5805,8 +5805,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) +@@ -5688,8 +5688,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) ie = ioctl_entries; for(;;) { if (ie->target_cmd == 0) { diff --git a/qemu-cvs-ioctl_nodirection.patch b/qemu-cvs-ioctl_nodirection.patch index fee05a42..ed95c9f7 100644 --- a/qemu-cvs-ioctl_nodirection.patch +++ b/qemu-cvs-ioctl_nodirection.patch @@ -16,10 +16,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 8 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index dcbd44dbb4202e311c9fe91aa427..9002e4d6187d4796773cfeb63723 100644 +index 6c1daf5addf0c8b746a7aafddbf7..7771dede6384e061b9ad10a2b0c2 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5850,6 +5850,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) +@@ -5733,6 +5733,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) arg_type++; target_size = thunk_type_size(arg_type, 0); switch(ie->access) { @@ -33,7 +33,7 @@ index dcbd44dbb4202e311c9fe91aa427..9002e4d6187d4796773cfeb63723 100644 case IOC_R: ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp)); if (!is_error(ret)) { -@@ -5868,6 +5875,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) +@@ -5751,6 +5758,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) unlock_user(argptr, arg, 0); ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp)); break; diff --git a/qemu.changes b/qemu.changes index 756e5fc7..789c3fd3 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,98 @@ +------------------------------------------------------------------- +Thu Aug 26 03:35:03 UTC 2021 - José Ricardo Ziviani + +- Update to v6.1: see https://wiki.qemu.org/ChangeLog/6.1 + For a full list of formely deprecated features that are removed, + consult: https://qemu-project.gitlab.io/qemu/about/removed-features.html + For a list of new deprecated features, consult: + https://qemu-project.gitlab.io/qemu/about/deprecated.html + Some noteworthy changes: +* Removed moxie CPU. +* Removed lm32 CPU. +* Removed unicore32 CPU. +* Removed 'info cpustats'. +* Added Aspeed machines: rainier-bmc, quanta-q7l1-bmc. +* Added npcm7xx machine: quanta-gbs-bmc. +* Model for Aspeed's Hash and Crypto Engine. +* SVE2 is now emulated, including bfloat16 support +* FEAT_I8MM, FEAT_TLBIOS, FEAT_TLBRANGE, FEAT_BF16, FEAT_AA32BF16, and + FEAT_MTE3 are now emulated. +* Improved hot-unplug failures on PowerPC pseries machine. +* Implemented some POWER10 instructions in TCG. +* Added shakti_c RISC-V machine. +* Improved documentation for RISC-V machines. +* CPU models for gen16 have been added for s390x. +* New CPU model versions added with XSAVES enabled: + Skylake-Client-v4, Skylake-Server-v5, Cascadelake-Server-v5, + Cooperlake-v2, Icelake-Client-v3, Icelake-Server-v5, Denverton-v3, + Snowridge-v3, Dhyana-v2 +* Added ACPI based PCI hotplug support to Q35 machine. Enabled and + used by default since pc-q35-6.1 machine type. +* Added support for the pca9546 and pca9548 I2C muxes. +* Added support for PMBus and several PMBus devices. +* Crypto subsystem: + The preferred crypto backend driver now gnutls, with libgcrypt as the + second choice, and nettle as third choice, with ordering driven mostly + by performance of the ciphers. +* Misc doc improvements. +* Patches removed: + block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch + hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch + hw-block-nvme-align-with-existing-style.patch + hw-block-nvme-consider-metadata-read-aio.patch + hw-net-can-sja1000-fix-buff2frame_bas-an.patch + hw-nvme-fix-missing-check-for-PMR-capabi.patch + hw-nvme-fix-pin-based-interrupt-behavior.patch + hw-pci-host-q35-Ignore-write-of-reserved.patch + hw-rdma-Fix-possible-mremap-overflow-in-.patch + hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch + hw-usb-Do-not-build-USB-subsystem-if-not.patch + hw-usb-host-stub-Remove-unused-header.patch + linux-user-aarch64-Enable-hwcap-for-RND-.patch + module-for-virtio-gpu-pre-load-module-to.patch + monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch + pvrdma-Ensure-correct-input-on-ring-init.patch + pvrdma-Fix-the-ring-init-error-flow-CVE-.patch + qemu-config-load-modules-when-instantiat.patch + qemu-config-parse-configuration-files-to.patch + qemu-config-use-qemu_opts_from_qdict.patch + runstate-Initialize-Error-to-NULL.patch + sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch + target-i386-Exit-tb-after-wrmsr.patch + target-sh4-Return-error-if-CPUClass-get_.patch + tcg-Allocate-sufficient-storage-in-temp_.patch + tcg-arm-Fix-tcg_out_op-function-signatur.patch + tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch + ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch + usb-hid-avoid-dynamic-stack-allocation.patch + usb-limit-combined-packets-to-1-MiB-CVE-.patch + usb-mtp-avoid-dynamic-stack-allocation.patch + usb-redir-avoid-dynamic-stack-allocation.patch + usbredir-fix-free-call.patch + vfio-ccw-Permit-missing-IRQs.patch + vhost-user-blk-Check-that-num-queues-is-.patch + vhost-user-blk-Don-t-reconnect-during-in.patch + vhost-user-blk-Fail-gracefully-on-too-la.patch + vhost-user-blk-Get-more-feature-flags-fr.patch + vhost-user-blk-Make-sure-to-set-Error-on.patch + vhost-user-gpu-abstract-vg_cleanup_mappi.patch + vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch + vhost-user-gpu-fix-leak-in-virgl_resourc.patch + vhost-user-gpu-fix-memory-disclosure-in-.patch + vhost-user-gpu-fix-memory-leak-in-vg_res.patch + vhost-user-gpu-fix-memory-leak-while-cal.patch + vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch + vhost-user-gpu-fix-resource-leak-in-vg_r.patch + vhost-vdpa-don-t-initialize-backend_feat.patch + virtio-blk-Fix-rollback-path-in-virtio_b.patch + virtio-Fail-if-iommu_platform-is-request.patch + virtiofsd-Fix-side-effect-in-assert.patch + vl-allow-not-specifying-size-in-m-when-u.patch + vl-Fix-an-assert-failure-in-error-path.patch + vl-plug-object-back-into-readconfig.patch + vl-plumb-keyval-based-options-into-readc.patch + x86-acpi-use-offset-instead-of-pointer-w.patch + ------------------------------------------------------------------- Tue Aug 10 19:32:50 UTC 2021 - José Ricardo Ziviani diff --git a/qemu.spec b/qemu.spec index 1f55282f..f2016839 100644 --- a/qemu.spec +++ b/qemu.spec @@ -93,8 +93,8 @@ %bcond_with system_membarrier -%define qemuver 6.0.0 -%define srcver 6.0.0 +%define qemuver 6.1.0 +%define srcver 6.1.0 %define sbver 1.14.0_0_g155821a %define srcname qemu Name: qemu%{name_suffix} @@ -174,64 +174,8 @@ Patch00038: Revert-roms-efirom-tests-uefi-test-tools.patch Patch00039: Makefile-Don-t-check-pc-bios-as-pre-requ.patch Patch00040: roms-Makefile-add-cross-file-to-qboot-me.patch Patch00041: usb-Help-compiler-out-to-avoid-a-warning.patch -Patch00042: module-for-virtio-gpu-pre-load-module-to.patch -Patch00043: qom-handle-case-of-chardev-spice-module-.patch -Patch00044: doc-add-our-support-doc-to-the-main-proj.patch -Patch00045: ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch -Patch00046: hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch -Patch00047: monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch -Patch00048: vhost-user-blk-Fail-gracefully-on-too-la.patch -Patch00049: virtiofsd-Fix-side-effect-in-assert.patch -Patch00050: sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch -Patch00051: virtio-blk-Fix-rollback-path-in-virtio_b.patch -Patch00052: hw-block-nvme-consider-metadata-read-aio.patch -Patch00053: vhost-user-blk-Make-sure-to-set-Error-on.patch -Patch00054: vhost-user-blk-Don-t-reconnect-during-in.patch -Patch00055: vhost-user-blk-Get-more-feature-flags-fr.patch -Patch00056: virtio-Fail-if-iommu_platform-is-request.patch -Patch00057: vhost-user-blk-Check-that-num-queues-is-.patch -Patch00058: vfio-ccw-Permit-missing-IRQs.patch -Patch00059: vhost-user-gpu-fix-memory-disclosure-in-.patch -Patch00060: vhost-user-gpu-fix-resource-leak-in-vg_r.patch -Patch00061: vhost-user-gpu-fix-memory-leak-in-vg_res.patch -Patch00062: vhost-user-gpu-fix-memory-leak-while-cal.patch -Patch00063: vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch -Patch00064: vhost-user-gpu-fix-leak-in-virgl_resourc.patch -Patch00065: vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch -Patch00066: vhost-user-gpu-abstract-vg_cleanup_mappi.patch -Patch00067: target-sh4-Return-error-if-CPUClass-get_.patch -Patch00068: tcg-arm-Fix-tcg_out_op-function-signatur.patch -Patch00069: x86-acpi-use-offset-instead-of-pointer-w.patch -Patch00070: linux-user-aarch64-Enable-hwcap-for-RND-.patch -Patch00071: target-i386-Exit-tb-after-wrmsr.patch -Patch00072: vl-allow-not-specifying-size-in-m-when-u.patch -Patch00073: qemu-config-load-modules-when-instantiat.patch -Patch00074: hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch -Patch00075: qemu-config-parse-configuration-files-to.patch -Patch00076: vl-plumb-keyval-based-options-into-readc.patch -Patch00077: vl-plug-object-back-into-readconfig.patch -Patch00078: vhost-vdpa-don-t-initialize-backend_feat.patch -Patch00079: vl-Fix-an-assert-failure-in-error-path.patch -Patch00080: qemu-config-use-qemu_opts_from_qdict.patch -Patch00081: runstate-Initialize-Error-to-NULL.patch -Patch00082: tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch -Patch00083: tcg-Allocate-sufficient-storage-in-temp_.patch -Patch00084: hw-block-nvme-align-with-existing-style.patch -Patch00085: hw-nvme-fix-missing-check-for-PMR-capabi.patch -Patch00086: hw-nvme-fix-pin-based-interrupt-behavior.patch -Patch00087: hw-rdma-Fix-possible-mremap-overflow-in-.patch -Patch00088: pvrdma-Ensure-correct-input-on-ring-init.patch -Patch00089: pvrdma-Fix-the-ring-init-error-flow-CVE-.patch -Patch00090: hw-pci-host-q35-Ignore-write-of-reserved.patch -Patch00091: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch -Patch00092: hw-net-can-sja1000-fix-buff2frame_bas-an.patch -Patch00093: usbredir-fix-free-call.patch -Patch00094: usb-redir-avoid-dynamic-stack-allocation.patch -Patch00095: usb-limit-combined-packets-to-1-MiB-CVE-.patch -Patch00096: hw-usb-host-stub-Remove-unused-header.patch -Patch00097: hw-usb-Do-not-build-USB-subsystem-if-not.patch -Patch00098: usb-hid-avoid-dynamic-stack-allocation.patch -Patch00099: usb-mtp-avoid-dynamic-stack-allocation.patch +Patch00042: qom-handle-case-of-chardev-spice-module-.patch +Patch00043: doc-add-our-support-doc-to-the-main-proj.patch # Patches applied in roms/seabios/: Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch @@ -403,6 +347,7 @@ Recommends: qemu-hw-display-qxl Recommends: qemu-hw-display-virtio-gpu Recommends: qemu-hw-display-virtio-gpu-pci Recommends: qemu-hw-display-virtio-vga +Recommends: qemu-hw-usb-host Recommends: qemu-hw-usb-redirect Recommends: qemu-hw-usb-smartcard Recommends: qemu-ui-gtk @@ -442,6 +387,7 @@ Suggests: qemu-skiboot Suggests: qemu-lang Suggests: qemu-microvm Suggests: qemu-vhost-user-gpu +Suggests: qemu-accel-qtest Obsoletes: qemu-audio-oss < %{qemuver} Obsoletes: qemu-audio-sdl < %{qemuver} Obsoletes: qemu-ui-sdl < %{qemuver} @@ -463,6 +409,7 @@ Group: System/Emulators/PC Version: %{qemuver} Release: 0 Requires: %name = %{qemuver} +Requires: qemu-accel-tcg-x86 Requires: qemu-ipxe Requires: qemu-seabios Requires: qemu-sgabios @@ -534,8 +481,8 @@ Recommends: qemu-vgabios %{generic_qemu_description} This package provides some lesser used emulations, including alpha, m68k, -mips, moxie, sparc, and xtensa. (The term "extra" is juxtapositioned against -more popular QEMU packages which are dedicated to a single architecture.) +mips, sparc, and xtensa. (The term "extra" is juxtapositioned against more +popular QEMU packages which are dedicated to a single architecture.) %if %{legacy_qemu_kvm} %package kvm @@ -808,6 +755,17 @@ Provides: %name:%_datadir/%name/forsplits/03 %description hw-usb-smartcard This package contains a modules for USB smartcard support for QEMU. +%package hw-usb-host +Summary: USB passthrough driver support for QEMU +Group: System/Emulators/PC +Version: %{qemuver} +Release: 0 +Provides: %name:%_datadir/%name/forsplits/14 +%{qemu_module_conflicts} + +%description hw-usb-host +This package contains a modules for USB passthrough driver for QEMU. + %package ui-curses Summary: Curses based UI support for QEMU Group: System/Emulators/PC @@ -1016,6 +974,34 @@ merges anonymous (private) pages (not pagecache ones). This package provides a service file for starting and stopping KSM. +%package accel-tcg-x86 +Summary: TCG accelerator for QEMU +Group: System/Emulators/PC +Version: %{qemuver} +Release: 0 +Provides: %name:%_datadir/%name/forsplits/15 +%{qemu_module_conflicts} + +%description accel-tcg-x86 +TCG is the QEMU binary translator, responsible for converting from target to +host instruction set. + +This package provides the TCG accelerator for QEMU. + +%package accel-qtest +Summary: QTest accelerator for QEMU +Group: System/Emulators/PC +Version: %{qemuver} +Release: 0 +Provides: %name:%_datadir/%name/forsplits/16 +%{qemu_module_conflicts} + +%description accel-qtest +QTest is a device emulation testing framework. It is useful to test device +models. + +This package provides QTest accelerator for testing QEMU. + # above section is for qemu %else BuildRequires: bc @@ -1032,6 +1018,8 @@ BuildRequires: qemu-block-nfs = %{qemuver} %if 0%{?with_rbd} BuildRequires: qemu-block-rbd = %{qemuver} %endif +BuildRequires: qemu-accel-qtest = %{qemuver} +BuildRequires: qemu-accel-tcg-x86 = %{qemuver} BuildRequires: qemu-block-ssh = %{qemuver} BuildRequires: qemu-chardev-baum = %{qemuver} BuildRequires: qemu-chardev-spice = %{qemuver} @@ -1039,6 +1027,7 @@ BuildRequires: qemu-extra = %{qemuver} BuildRequires: qemu-guest-agent = %{qemuver} BuildRequires: qemu-hw-display-qxl = %{qemuver} BuildRequires: qemu-hw-display-virtio-gpu = %{qemuver} +BuildRequires: qemu-hw-usb-host = %{qemuver} BuildRequires: qemu-hw-usb-redirect = %{qemuver} BuildRequires: qemu-hw-usb-smartcard = %{qemuver} BuildRequires: qemu-ipxe = 1.0.0+ @@ -1118,65 +1107,9 @@ This package records qemu testsuite results and represents successful testing. %patch00041 -p1 %endif %patch00042 -p1 -%patch00043 -p1 %if %{legacy_qemu_kvm} -%patch00044 -p1 +%patch00043 -p1 %endif -%patch00045 -p1 -%patch00046 -p1 -%patch00047 -p1 -%patch00048 -p1 -%patch00049 -p1 -%patch00050 -p1 -%patch00051 -p1 -%patch00052 -p1 -%patch00053 -p1 -%patch00054 -p1 -%patch00055 -p1 -%patch00056 -p1 -%patch00057 -p1 -%patch00058 -p1 -%patch00059 -p1 -%patch00060 -p1 -%patch00061 -p1 -%patch00062 -p1 -%patch00063 -p1 -%patch00064 -p1 -%patch00065 -p1 -%patch00066 -p1 -%patch00067 -p1 -%patch00068 -p1 -%patch00069 -p1 -%patch00070 -p1 -%patch00071 -p1 -%patch00072 -p1 -%patch00073 -p1 -%patch00074 -p1 -%patch00075 -p1 -%patch00076 -p1 -%patch00077 -p1 -%patch00078 -p1 -%patch00079 -p1 -%patch00080 -p1 -%patch00081 -p1 -%patch00082 -p1 -%patch00083 -p1 -%patch00084 -p1 -%patch00085 -p1 -%patch00086 -p1 -%patch00087 -p1 -%patch00088 -p1 -%patch00089 -p1 -%patch00090 -p1 -%patch00091 -p1 -%patch00092 -p1 -%patch00093 -p1 -%patch00094 -p1 -%patch00095 -p1 -%patch00096 -p1 -%patch00097 -p1 -%patch00098 -p1 -%patch00099 -p1 %patch01000 -p1 %patch01001 -p1 %patch01002 -p1 @@ -1854,7 +1787,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/alternatives ln -s -f %{_sysconfdir}/alternatives/skiboot.lid %{buildroot}%{_datadir}/%name/skiboot.lid install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt -for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 +for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 do ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X done @@ -1959,9 +1892,9 @@ fi %dir %_datadir/%name %dir %_datadir/%name/firmware %dir %_datadir/%name/forsplits -%_datadir/%name/forsplits/14 -%_datadir/%name/forsplits/15 -%_datadir/%name/forsplits/16 +%_datadir/%name/forsplits/17 +%_datadir/%name/forsplits/18 +%_datadir/%name/forsplits/19 %_datadir/%name/forsplits/pkg-split.txt %_datadir/%name/keymaps %_datadir/%name/qemu-ifup @@ -1970,11 +1903,13 @@ fi %dir %_datadir/%name/vhost-user %_datadir/%name/vhost-user/50-qemu-virtiofsd.json %doc %_docdir/%name/_static +%dir %_docdir/%name/about %dir %_docdir/%name/devel %dir %_docdir/%name/interop %dir %_docdir/%name/specs %dir %_docdir/%name/system %dir %_docdir/%name/system/arm +%dir %_docdir/%name/system/devices %dir %_docdir/%name/system/i386 %dir %_docdir/%name/system/ppc %dir %_docdir/%name/system/riscv @@ -1982,23 +1917,32 @@ fi %dir %_docdir/%name/tools %dir %_docdir/%name/user %_docdir/%name/.buildinfo +%_docdir/%name/about/build-platforms.html +%_docdir/%name/about/deprecated.html +%_docdir/%name/about/index.html +%_docdir/%name/about/license.html +%_docdir/%name/about/removed-features.html %_docdir/%name/devel/atomics.html %_docdir/%name/devel/bitops.html %_docdir/%name/devel/block-coroutine-wrapper.html %_docdir/%name/devel/build-system.html +%_docdir/%name/devel/ci.html %_docdir/%name/devel/clocks.html %_docdir/%name/devel/code-of-conduct.html %_docdir/%name/devel/conflict-resolution.html %_docdir/%name/devel/control-flow-integrity.html %_docdir/%name/devel/decodetree.html +%_docdir/%name/devel/ebpf_rss.html %_docdir/%name/devel/fuzzing.html %_docdir/%name/devel/index.html %_docdir/%name/devel/kconfig.html %_docdir/%name/devel/loads-stores.html %_docdir/%name/devel/memory.html +%_docdir/%name/devel/modules.html %_docdir/%name/devel/multi-process.html %_docdir/%name/devel/migration.html %_docdir/%name/devel/multi-thread-tcg.html +%_docdir/%name/devel/qapi-code-gen.html %_docdir/%name/devel/qom.html %_docdir/%name/devel/qgraph.html %_docdir/%name/devel/qtest.html @@ -2012,8 +1956,12 @@ fi %_docdir/%name/devel/tcg.html %_docdir/%name/devel/testing.html %_docdir/%name/devel/tracing.html +%_docdir/%name/devel/ui.html +%_docdir/%name/devel/vfio-migration.html +%_docdir/%name/devel/writing-qmp-commands.html %_docdir/%name/genindex.html %_docdir/%name/index.html +%_docdir/%name/interop/barrier.html %_docdir/%name/interop/bitmaps.html %_docdir/%name/interop/dbus.html %_docdir/%name/interop/dbus-vmstate.html @@ -2042,12 +1990,20 @@ fi %_docdir/%name/system/arm/aspeed.html %_docdir/%name/system/arm/collie.html %_docdir/%name/system/arm/cpu-features.html +%_docdir/%name/system/arm/cubieboard.html %_docdir/%name/system/arm/digic.html +%_docdir/%name/system/arm/emcraft-sf2.html +%_docdir/%name/system/arm/emulation.html %_docdir/%name/system/arm/gumstix.html +%_docdir/%name/system/arm/highbank.html +%_docdir/%name/system/arm/imx25-pdk.html %_docdir/%name/system/arm/integratorcp.html +%_docdir/%name/system/arm/kzm.html +%_docdir/%name/system/arm/mainstone.html %_docdir/%name/system/arm/mps2.html %_docdir/%name/system/arm/musca.html %_docdir/%name/system/arm/musicpal.html +%_docdir/%name/system/arm/nrf.html %_docdir/%name/system/arm/nseries.html %_docdir/%name/system/arm/nuvoton.html %_docdir/%name/system/arm/orangepi.html @@ -2063,9 +2019,17 @@ fi %_docdir/%name/system/arm/virt.html %_docdir/%name/system/arm/xlnx-versal-virt.html %_docdir/%name/system/arm/xscale.html -%_docdir/%name/system/build-platforms.html +%_docdir/%name/system/arm/stm32.html +%_docdir/%name/system/barrier.html +%_docdir/%name/system/bootindex.html %_docdir/%name/system/cpu-hotplug.html -%_docdir/%name/system/deprecated.html +%_docdir/%name/system/device-emulation.html +%_docdir/%name/system/devices/ivshmem.html +%_docdir/%name/system/devices/net.html +%_docdir/%name/system/devices/nvme.html +%_docdir/%name/system/devices/usb.html +%_docdir/%name/system/devices/vhost-user.html +%_docdir/%name/system/devices/virtio-pmem.html %_docdir/%name/system/gdb.html %_docdir/%name/system/generic-loader.html %_docdir/%name/system/guest-loader.html @@ -2074,19 +2038,16 @@ fi %_docdir/%name/system/images.html %_docdir/%name/system/index.html %_docdir/%name/system/invocation.html -%_docdir/%name/system/ivshmem.html %_docdir/%name/system/keys.html -%_docdir/%name/system/license.html %_docdir/%name/system/linuxboot.html %_docdir/%name/system/managed-startup.html %_docdir/%name/system/monitor.html %_docdir/%name/system/multi-process.html %_docdir/%name/system/mux-chardev.html -%_docdir/%name/system/net.html -%_docdir/%name/system/nvme.html %_docdir/%name/system/ppc/embedded.html %_docdir/%name/system/ppc/powermac.html %_docdir/%name/system/ppc/powernv.html +%_docdir/%name/system/ppc/ppce500.html %_docdir/%name/system/ppc/prep.html %_docdir/%name/system/ppc/pseries.html %_docdir/%name/system/pr-manager.html @@ -2094,15 +2055,18 @@ fi %_docdir/%name/system/qemu-cpu-models.html %_docdir/%name/system/qemu-manpage.html %_docdir/%name/system/quickstart.html -%_docdir/%name/system/removed-features.html %_docdir/%name/system/riscv/microchip-icicle-kit.html %_docdir/%name/system/riscv/sifive_u.html +%_docdir/%name/system/riscv/shakti-c.html +%_docdir/%name/system/riscv/virt.html %_docdir/%name/system/s390x/3270.html %_docdir/%name/system/s390x/bootdevices.html %_docdir/%name/system/s390x/css.html %_docdir/%name/system/s390x/protvirt.html %_docdir/%name/system/s390x/vfio-ap.html %_docdir/%name/system/s390x/vfio-ccw.html +%_docdir/%name/system/authz.html +%_docdir/%name/system/secrets.html %_docdir/%name/system/security.html %_docdir/%name/system/target-arm.html %_docdir/%name/system/target-avr.html @@ -2118,9 +2082,7 @@ fi %_docdir/%name/system/target-xtensa.html %_docdir/%name/system/targets.html %_docdir/%name/system/tls.html -%_docdir/%name/system/usb.html %_docdir/%name/system/virtio-net-failover.html -%_docdir/%name/system/virtio-pmem.html %_docdir/%name/system/vnc-security.html %_docdir/%name/tools/index.html %_docdir/%name/tools/qemu-img.html @@ -2207,7 +2169,6 @@ fi %_bindir/qemu-system-mipsel %_bindir/qemu-system-mips64 %_bindir/qemu-system-mips64el -%_bindir/qemu-system-moxie %_bindir/qemu-system-nios2 %_bindir/qemu-system-or1k %_bindir/qemu-system-riscv32 @@ -2333,6 +2294,7 @@ fi %dir %_datadir/%name/forsplits %_datadir/%name/forsplits/04 %_libdir/%name/hw-display-virtio-gpu.so +%_libdir/%name/hw-display-virtio-gpu-gl.so %files hw-display-virtio-gpu-pci %defattr(-, root, root) @@ -2341,6 +2303,7 @@ fi %_datadir/%name/forsplits/11 %dir %_libdir/%name %_libdir/%name/hw-display-virtio-gpu-pci.so +%_libdir/%name/hw-display-virtio-gpu-pci-gl.so %files hw-display-virtio-vga %defattr(-, root, root) @@ -2349,6 +2312,7 @@ fi %_datadir/%name/forsplits/12 %dir %_libdir/%name %_libdir/%name/hw-display-virtio-vga.so +%_libdir/%name/hw-display-virtio-vga-gl.so %files hw-s390x-virtio-gpu-ccw %defattr(-, root, root) @@ -2374,6 +2338,14 @@ fi %dir %_libdir/%name %_libdir/%name/hw-usb-smartcard.so +%files hw-usb-host +%defattr(-, root, root) +%dir %_datadir/%name +%dir %_datadir/%name/forsplits +%_datadir/%name/forsplits/14 +%dir %_libdir/%name +%_libdir/%name/hw-usb-host.so + %files ui-curses %defattr(-, root, root) %dir %_libdir/%name @@ -2518,6 +2490,52 @@ fi %defattr(-, root, root) %{_unitdir}/ksm.service +%files accel-tcg-x86 +%defattr(-, root, root) +%dir %_datadir/%name +%dir %_datadir/%name/forsplits +%_datadir/%name/forsplits/15 +%dir %_libdir/%name +%_libdir/%name/accel-tcg-i386.so +%_libdir/%name/accel-tcg-x86_64.so + +%files accel-qtest +%defattr(-, root, root) +%dir %_datadir/%name +%dir %_datadir/%name/forsplits +%_datadir/%name/forsplits/16 +%dir %_libdir/%name +%_libdir/%name/accel-qtest-aarch64.so +%_libdir/%name/accel-qtest-alpha.so +%_libdir/%name/accel-qtest-arm.so +%_libdir/%name/accel-qtest-avr.so +%_libdir/%name/accel-qtest-cris.so +%_libdir/%name/accel-qtest-hppa.so +%_libdir/%name/accel-qtest-i386.so +%_libdir/%name/accel-qtest-m68k.so +%_libdir/%name/accel-qtest-microblaze.so +%_libdir/%name/accel-qtest-microblazeel.so +%_libdir/%name/accel-qtest-mips.so +%_libdir/%name/accel-qtest-mips64.so +%_libdir/%name/accel-qtest-mips64el.so +%_libdir/%name/accel-qtest-mipsel.so +%_libdir/%name/accel-qtest-nios2.so +%_libdir/%name/accel-qtest-or1k.so +%_libdir/%name/accel-qtest-ppc.so +%_libdir/%name/accel-qtest-ppc64.so +%_libdir/%name/accel-qtest-riscv32.so +%_libdir/%name/accel-qtest-riscv64.so +%_libdir/%name/accel-qtest-rx.so +%_libdir/%name/accel-qtest-s390x.so +%_libdir/%name/accel-qtest-sh4.so +%_libdir/%name/accel-qtest-sh4eb.so +%_libdir/%name/accel-qtest-sparc.so +%_libdir/%name/accel-qtest-sparc64.so +%_libdir/%name/accel-qtest-tricore.so +%_libdir/%name/accel-qtest-x86_64.so +%_libdir/%name/accel-qtest-xtensa.so +%_libdir/%name/accel-qtest-xtensaeb.so + # above section is for qemu %endif # ------------------------------------------------------------------------ diff --git a/qemu.spec.in b/qemu.spec.in index f2ecad64..44d53e5c 100644 --- a/qemu.spec.in +++ b/qemu.spec.in @@ -283,6 +283,7 @@ Recommends: qemu-hw-display-qxl Recommends: qemu-hw-display-virtio-gpu Recommends: qemu-hw-display-virtio-gpu-pci Recommends: qemu-hw-display-virtio-vga +Recommends: qemu-hw-usb-host Recommends: qemu-hw-usb-redirect Recommends: qemu-hw-usb-smartcard Recommends: qemu-ui-gtk @@ -322,6 +323,7 @@ Suggests: qemu-skiboot Suggests: qemu-lang Suggests: qemu-microvm Suggests: qemu-vhost-user-gpu +Suggests: qemu-accel-qtest Obsoletes: qemu-audio-oss < %{qemuver} Obsoletes: qemu-audio-sdl < %{qemuver} Obsoletes: qemu-ui-sdl < %{qemuver} @@ -343,6 +345,7 @@ Group: System/Emulators/PC Version: %{qemuver} Release: 0 Requires: %name = %{qemuver} +Requires: qemu-accel-tcg-x86 Requires: qemu-ipxe Requires: qemu-seabios Requires: qemu-sgabios @@ -414,8 +417,8 @@ Recommends: qemu-vgabios %{generic_qemu_description} This package provides some lesser used emulations, including alpha, m68k, -mips, moxie, sparc, and xtensa. (The term "extra" is juxtapositioned against -more popular QEMU packages which are dedicated to a single architecture.) +mips, sparc, and xtensa. (The term "extra" is juxtapositioned against more +popular QEMU packages which are dedicated to a single architecture.) %if %{legacy_qemu_kvm} %package kvm @@ -688,6 +691,17 @@ Provides: %name:%_datadir/%name/forsplits/03 %description hw-usb-smartcard This package contains a modules for USB smartcard support for QEMU. +%package hw-usb-host +Summary: USB passthrough driver support for QEMU +Group: System/Emulators/PC +Version: %{qemuver} +Release: 0 +Provides: %name:%_datadir/%name/forsplits/14 +%{qemu_module_conflicts} + +%description hw-usb-host +This package contains a modules for USB passthrough driver for QEMU. + %package ui-curses Summary: Curses based UI support for QEMU Group: System/Emulators/PC @@ -896,6 +910,34 @@ merges anonymous (private) pages (not pagecache ones). This package provides a service file for starting and stopping KSM. +%package accel-tcg-x86 +Summary: TCG accelerator for QEMU +Group: System/Emulators/PC +Version: %{qemuver} +Release: 0 +Provides: %name:%_datadir/%name/forsplits/15 +%{qemu_module_conflicts} + +%description accel-tcg-x86 +TCG is the QEMU binary translator, responsible for converting from target to +host instruction set. + +This package provides the TCG accelerator for QEMU. + +%package accel-qtest +Summary: QTest accelerator for QEMU +Group: System/Emulators/PC +Version: %{qemuver} +Release: 0 +Provides: %name:%_datadir/%name/forsplits/16 +%{qemu_module_conflicts} + +%description accel-qtest +QTest is a device emulation testing framework. It is useful to test device +models. + +This package provides QTest accelerator for testing QEMU. + # above section is for qemu %else BuildRequires: bc @@ -912,6 +954,8 @@ BuildRequires: qemu-block-nfs = %{qemuver} %if 0%{?with_rbd} BuildRequires: qemu-block-rbd = %{qemuver} %endif +BuildRequires: qemu-accel-qtest = %{qemuver} +BuildRequires: qemu-accel-tcg-x86 = %{qemuver} BuildRequires: qemu-block-ssh = %{qemuver} BuildRequires: qemu-chardev-baum = %{qemuver} BuildRequires: qemu-chardev-spice = %{qemuver} @@ -919,6 +963,7 @@ BuildRequires: qemu-extra = %{qemuver} BuildRequires: qemu-guest-agent = %{qemuver} BuildRequires: qemu-hw-display-qxl = %{qemuver} BuildRequires: qemu-hw-display-virtio-gpu = %{qemuver} +BuildRequires: qemu-hw-usb-host = %{qemuver} BuildRequires: qemu-hw-usb-redirect = %{qemuver} BuildRequires: qemu-hw-usb-smartcard = %{qemuver} BuildRequires: qemu-ipxe = 1.0.0+ @@ -1615,7 +1660,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/alternatives ln -s -f %{_sysconfdir}/alternatives/skiboot.lid %{buildroot}%{_datadir}/%name/skiboot.lid install -D -m 0644 %{SOURCE201} %{buildroot}%_datadir/%name/forsplits/pkg-split.txt -for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 +for X in 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 do ln -s pkg-split.txt %{buildroot}%_datadir/%name/forsplits/$X done @@ -1720,9 +1765,9 @@ fi %dir %_datadir/%name %dir %_datadir/%name/firmware %dir %_datadir/%name/forsplits -%_datadir/%name/forsplits/14 -%_datadir/%name/forsplits/15 -%_datadir/%name/forsplits/16 +%_datadir/%name/forsplits/17 +%_datadir/%name/forsplits/18 +%_datadir/%name/forsplits/19 %_datadir/%name/forsplits/pkg-split.txt %_datadir/%name/keymaps %_datadir/%name/qemu-ifup @@ -1731,11 +1776,13 @@ fi %dir %_datadir/%name/vhost-user %_datadir/%name/vhost-user/50-qemu-virtiofsd.json %doc %_docdir/%name/_static +%dir %_docdir/%name/about %dir %_docdir/%name/devel %dir %_docdir/%name/interop %dir %_docdir/%name/specs %dir %_docdir/%name/system %dir %_docdir/%name/system/arm +%dir %_docdir/%name/system/devices %dir %_docdir/%name/system/i386 %dir %_docdir/%name/system/ppc %dir %_docdir/%name/system/riscv @@ -1743,23 +1790,32 @@ fi %dir %_docdir/%name/tools %dir %_docdir/%name/user %_docdir/%name/.buildinfo +%_docdir/%name/about/build-platforms.html +%_docdir/%name/about/deprecated.html +%_docdir/%name/about/index.html +%_docdir/%name/about/license.html +%_docdir/%name/about/removed-features.html %_docdir/%name/devel/atomics.html %_docdir/%name/devel/bitops.html %_docdir/%name/devel/block-coroutine-wrapper.html %_docdir/%name/devel/build-system.html +%_docdir/%name/devel/ci.html %_docdir/%name/devel/clocks.html %_docdir/%name/devel/code-of-conduct.html %_docdir/%name/devel/conflict-resolution.html %_docdir/%name/devel/control-flow-integrity.html %_docdir/%name/devel/decodetree.html +%_docdir/%name/devel/ebpf_rss.html %_docdir/%name/devel/fuzzing.html %_docdir/%name/devel/index.html %_docdir/%name/devel/kconfig.html %_docdir/%name/devel/loads-stores.html %_docdir/%name/devel/memory.html +%_docdir/%name/devel/modules.html %_docdir/%name/devel/multi-process.html %_docdir/%name/devel/migration.html %_docdir/%name/devel/multi-thread-tcg.html +%_docdir/%name/devel/qapi-code-gen.html %_docdir/%name/devel/qom.html %_docdir/%name/devel/qgraph.html %_docdir/%name/devel/qtest.html @@ -1773,8 +1829,12 @@ fi %_docdir/%name/devel/tcg.html %_docdir/%name/devel/testing.html %_docdir/%name/devel/tracing.html +%_docdir/%name/devel/ui.html +%_docdir/%name/devel/vfio-migration.html +%_docdir/%name/devel/writing-qmp-commands.html %_docdir/%name/genindex.html %_docdir/%name/index.html +%_docdir/%name/interop/barrier.html %_docdir/%name/interop/bitmaps.html %_docdir/%name/interop/dbus.html %_docdir/%name/interop/dbus-vmstate.html @@ -1803,12 +1863,20 @@ fi %_docdir/%name/system/arm/aspeed.html %_docdir/%name/system/arm/collie.html %_docdir/%name/system/arm/cpu-features.html +%_docdir/%name/system/arm/cubieboard.html %_docdir/%name/system/arm/digic.html +%_docdir/%name/system/arm/emcraft-sf2.html +%_docdir/%name/system/arm/emulation.html %_docdir/%name/system/arm/gumstix.html +%_docdir/%name/system/arm/highbank.html +%_docdir/%name/system/arm/imx25-pdk.html %_docdir/%name/system/arm/integratorcp.html +%_docdir/%name/system/arm/kzm.html +%_docdir/%name/system/arm/mainstone.html %_docdir/%name/system/arm/mps2.html %_docdir/%name/system/arm/musca.html %_docdir/%name/system/arm/musicpal.html +%_docdir/%name/system/arm/nrf.html %_docdir/%name/system/arm/nseries.html %_docdir/%name/system/arm/nuvoton.html %_docdir/%name/system/arm/orangepi.html @@ -1824,9 +1892,17 @@ fi %_docdir/%name/system/arm/virt.html %_docdir/%name/system/arm/xlnx-versal-virt.html %_docdir/%name/system/arm/xscale.html -%_docdir/%name/system/build-platforms.html +%_docdir/%name/system/arm/stm32.html +%_docdir/%name/system/barrier.html +%_docdir/%name/system/bootindex.html %_docdir/%name/system/cpu-hotplug.html -%_docdir/%name/system/deprecated.html +%_docdir/%name/system/device-emulation.html +%_docdir/%name/system/devices/ivshmem.html +%_docdir/%name/system/devices/net.html +%_docdir/%name/system/devices/nvme.html +%_docdir/%name/system/devices/usb.html +%_docdir/%name/system/devices/vhost-user.html +%_docdir/%name/system/devices/virtio-pmem.html %_docdir/%name/system/gdb.html %_docdir/%name/system/generic-loader.html %_docdir/%name/system/guest-loader.html @@ -1835,19 +1911,16 @@ fi %_docdir/%name/system/images.html %_docdir/%name/system/index.html %_docdir/%name/system/invocation.html -%_docdir/%name/system/ivshmem.html %_docdir/%name/system/keys.html -%_docdir/%name/system/license.html %_docdir/%name/system/linuxboot.html %_docdir/%name/system/managed-startup.html %_docdir/%name/system/monitor.html %_docdir/%name/system/multi-process.html %_docdir/%name/system/mux-chardev.html -%_docdir/%name/system/net.html -%_docdir/%name/system/nvme.html %_docdir/%name/system/ppc/embedded.html %_docdir/%name/system/ppc/powermac.html %_docdir/%name/system/ppc/powernv.html +%_docdir/%name/system/ppc/ppce500.html %_docdir/%name/system/ppc/prep.html %_docdir/%name/system/ppc/pseries.html %_docdir/%name/system/pr-manager.html @@ -1855,15 +1928,18 @@ fi %_docdir/%name/system/qemu-cpu-models.html %_docdir/%name/system/qemu-manpage.html %_docdir/%name/system/quickstart.html -%_docdir/%name/system/removed-features.html %_docdir/%name/system/riscv/microchip-icicle-kit.html %_docdir/%name/system/riscv/sifive_u.html +%_docdir/%name/system/riscv/shakti-c.html +%_docdir/%name/system/riscv/virt.html %_docdir/%name/system/s390x/3270.html %_docdir/%name/system/s390x/bootdevices.html %_docdir/%name/system/s390x/css.html %_docdir/%name/system/s390x/protvirt.html %_docdir/%name/system/s390x/vfio-ap.html %_docdir/%name/system/s390x/vfio-ccw.html +%_docdir/%name/system/authz.html +%_docdir/%name/system/secrets.html %_docdir/%name/system/security.html %_docdir/%name/system/target-arm.html %_docdir/%name/system/target-avr.html @@ -1879,9 +1955,7 @@ fi %_docdir/%name/system/target-xtensa.html %_docdir/%name/system/targets.html %_docdir/%name/system/tls.html -%_docdir/%name/system/usb.html %_docdir/%name/system/virtio-net-failover.html -%_docdir/%name/system/virtio-pmem.html %_docdir/%name/system/vnc-security.html %_docdir/%name/tools/index.html %_docdir/%name/tools/qemu-img.html @@ -1968,7 +2042,6 @@ fi %_bindir/qemu-system-mipsel %_bindir/qemu-system-mips64 %_bindir/qemu-system-mips64el -%_bindir/qemu-system-moxie %_bindir/qemu-system-nios2 %_bindir/qemu-system-or1k %_bindir/qemu-system-riscv32 @@ -2094,6 +2167,7 @@ fi %dir %_datadir/%name/forsplits %_datadir/%name/forsplits/04 %_libdir/%name/hw-display-virtio-gpu.so +%_libdir/%name/hw-display-virtio-gpu-gl.so %files hw-display-virtio-gpu-pci %defattr(-, root, root) @@ -2102,6 +2176,7 @@ fi %_datadir/%name/forsplits/11 %dir %_libdir/%name %_libdir/%name/hw-display-virtio-gpu-pci.so +%_libdir/%name/hw-display-virtio-gpu-pci-gl.so %files hw-display-virtio-vga %defattr(-, root, root) @@ -2110,6 +2185,7 @@ fi %_datadir/%name/forsplits/12 %dir %_libdir/%name %_libdir/%name/hw-display-virtio-vga.so +%_libdir/%name/hw-display-virtio-vga-gl.so %files hw-s390x-virtio-gpu-ccw %defattr(-, root, root) @@ -2135,6 +2211,14 @@ fi %dir %_libdir/%name %_libdir/%name/hw-usb-smartcard.so +%files hw-usb-host +%defattr(-, root, root) +%dir %_datadir/%name +%dir %_datadir/%name/forsplits +%_datadir/%name/forsplits/14 +%dir %_libdir/%name +%_libdir/%name/hw-usb-host.so + %files ui-curses %defattr(-, root, root) %dir %_libdir/%name @@ -2279,6 +2363,52 @@ fi %defattr(-, root, root) %{_unitdir}/ksm.service +%files accel-tcg-x86 +%defattr(-, root, root) +%dir %_datadir/%name +%dir %_datadir/%name/forsplits +%_datadir/%name/forsplits/15 +%dir %_libdir/%name +%_libdir/%name/accel-tcg-i386.so +%_libdir/%name/accel-tcg-x86_64.so + +%files accel-qtest +%defattr(-, root, root) +%dir %_datadir/%name +%dir %_datadir/%name/forsplits +%_datadir/%name/forsplits/16 +%dir %_libdir/%name +%_libdir/%name/accel-qtest-aarch64.so +%_libdir/%name/accel-qtest-alpha.so +%_libdir/%name/accel-qtest-arm.so +%_libdir/%name/accel-qtest-avr.so +%_libdir/%name/accel-qtest-cris.so +%_libdir/%name/accel-qtest-hppa.so +%_libdir/%name/accel-qtest-i386.so +%_libdir/%name/accel-qtest-m68k.so +%_libdir/%name/accel-qtest-microblaze.so +%_libdir/%name/accel-qtest-microblazeel.so +%_libdir/%name/accel-qtest-mips.so +%_libdir/%name/accel-qtest-mips64.so +%_libdir/%name/accel-qtest-mips64el.so +%_libdir/%name/accel-qtest-mipsel.so +%_libdir/%name/accel-qtest-nios2.so +%_libdir/%name/accel-qtest-or1k.so +%_libdir/%name/accel-qtest-ppc.so +%_libdir/%name/accel-qtest-ppc64.so +%_libdir/%name/accel-qtest-riscv32.so +%_libdir/%name/accel-qtest-riscv64.so +%_libdir/%name/accel-qtest-rx.so +%_libdir/%name/accel-qtest-s390x.so +%_libdir/%name/accel-qtest-sh4.so +%_libdir/%name/accel-qtest-sh4eb.so +%_libdir/%name/accel-qtest-sparc.so +%_libdir/%name/accel-qtest-sparc64.so +%_libdir/%name/accel-qtest-tricore.so +%_libdir/%name/accel-qtest-x86_64.so +%_libdir/%name/accel-qtest-xtensa.so +%_libdir/%name/accel-qtest-xtensaeb.so + # above section is for qemu %endif # ------------------------------------------------------------------------ diff --git a/qom-handle-case-of-chardev-spice-module-.patch b/qom-handle-case-of-chardev-spice-module-.patch index ff36e228..3644d2b6 100644 --- a/qom-handle-case-of-chardev-spice-module-.patch +++ b/qom-handle-case-of-chardev-spice-module-.patch @@ -14,10 +14,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 6 insertions(+) diff --git a/qom/object.c b/qom/object.c -index 1b132653c3fc8d5150723b2d4cf7..cb8cd9e6a5f48f94a0829ecc9e97 100644 +index e86cb05b84da941a177093811726..18edd2c91ab7d9a790c887fd730e 100644 --- a/qom/object.c +++ b/qom/object.c -@@ -236,6 +236,12 @@ static bool type_is_ancestor(TypeImpl *type, TypeImpl *target_type) +@@ -237,6 +237,12 @@ static bool type_is_ancestor(TypeImpl *type, TypeImpl *target_type) return true; } diff --git a/roms-Makefile-add-cross-file-to-qboot-me.patch b/roms-Makefile-add-cross-file-to-qboot-me.patch index 15bdc6ee..756f1346 100644 --- a/roms-Makefile-add-cross-file-to-qboot-me.patch +++ b/roms-Makefile-add-cross-file-to-qboot-me.patch @@ -13,7 +13,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roms/Makefile b/roms/Makefile -index a91ffad548af3e95410ce6712fb3..2db995dab25f6d842def858ebbcc 100644 +index 6ea8edd9fcf6bb0cdc1f1602f241..df969e3ec33ab07fe3fcb489e0df 100644 --- a/roms/Makefile +++ b/roms/Makefile @@ -199,7 +199,7 @@ MESON = meson diff --git a/roms-Makefile-pass-a-packaging-timestamp.patch b/roms-Makefile-pass-a-packaging-timestamp.patch index 8642bcb9..c2449d05 100644 --- a/roms-Makefile-pass-a-packaging-timestamp.patch +++ b/roms-Makefile-pass-a-packaging-timestamp.patch @@ -20,7 +20,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/roms/Makefile b/roms/Makefile -index 5ffe3317acd233586e1a2f87bddd..bbbe2eff895868b8a5781f6ca397 100644 +index eeb5970348cd6d28fa4165d25562..38b71afb0757bd717154afd6a92d 100644 --- a/roms/Makefile +++ b/roms/Makefile @@ -52,6 +52,12 @@ SEABIOS_EXTRAVERSION="-prebuilt.qemu.org" diff --git a/runstate-Initialize-Error-to-NULL.patch b/runstate-Initialize-Error-to-NULL.patch deleted file mode 100644 index 06a8264d..00000000 --- a/runstate-Initialize-Error-to-NULL.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Peng Liang -Date: Thu, 10 Jun 2021 21:17:29 +0800 -Subject: runstate: Initialize Error * to NULL -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 6e1da3d305499d3907f3c7f6638243e2e09b5085 - -Based on the description of error_setg(), the local variable err in -qemu_init_subsystems() should be initialized to NULL. - -Fixes: efd7ab22fb ("vl: extract qemu_init_subsystems") -Cc: qemu-stable@nongnu.org -Signed-off-by: Peng Liang -Message-Id: <20210610131729.3906565-1-liangpeng10@huawei.com> -Reviewed-by: Daniel P. Berrangé -Signed-off-by: Paolo Bonzini -Signed-off-by: Jose R. Ziviani ---- - softmmu/runstate.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/softmmu/runstate.c b/softmmu/runstate.c -index ce8977c6a29c939ac5890b170031..54713100c2eacc4ee616905b732d 100644 ---- a/softmmu/runstate.c -+++ b/softmmu/runstate.c -@@ -746,7 +746,7 @@ static void qemu_run_exit_notifiers(void) - - void qemu_init_subsystems(void) - { -- Error *err; -+ Error *err = NULL; - - os_set_line_buffering(); - diff --git a/sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch b/sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch deleted file mode 100644 index e74bb0e1..00000000 --- a/sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch +++ /dev/null @@ -1,97 +0,0 @@ -From: Stefan Hajnoczi -Date: Wed, 10 Mar 2021 17:30:04 +0000 -Subject: sockets: update SOCKET_ADDRESS_TYPE_FD listen(2) backlog - -Git-commit: 37179e9ea45d6428b29ae789209c119ac18c1d39 - -socket_get_fd() fails with the error "socket_get_fd: too many -connections" if the given listen backlog value is not 1. - -Not all callers set the backlog to 1. For example, commit -582d4210eb2f2ab5baac328fe4b479cd86da1647 ("qemu-nbd: Use SOMAXCONN for -socket listen() backlog") uses SOMAXCONN. This will always fail with in -socket_get_fd(). - -This patch calls listen(2) on the fd to update the backlog value. The -socket may already be in the listen state. I have tested that this works -on Linux 5.10 and macOS Catalina. - -As a bonus this allows us to detect when the fd cannot listen. Now we'll -be able to catch unbound or connected fds in socket_listen(). - -Drop the num argument from socket_get_fd() since this function is also -called by socket_connect() where a listen backlog value does not make -sense. - -Fixes: e5b6353cf25c99c3f08bf51e29933352f7140e8f ("socket: Add backlog parameter to socket_listen") -Reported-by: Richard W.M. Jones -Cc: Juan Quintela -Cc: Eric Blake -Signed-off-by: Stefan Hajnoczi -Message-Id: <20210310173004.420190-1-stefanha@redhat.com> -Tested-by: Richard W.M. Jones -Reviewed-by: Eric Blake -Reviewed-by: Stefano Garzarella -Signed-off-by: Eric Blake -Signed-off-by: Jose R. Ziviani ---- - util/qemu-sockets.c | 29 ++++++++++++++++++++++------- - 1 file changed, 22 insertions(+), 7 deletions(-) - -diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c -index 8af0278f15c69fea136192e91650..2463c49773eae5ccac4c6c832c76 100644 ---- a/util/qemu-sockets.c -+++ b/util/qemu-sockets.c -@@ -1116,14 +1116,10 @@ fail: - return NULL; - } - --static int socket_get_fd(const char *fdstr, int num, Error **errp) -+static int socket_get_fd(const char *fdstr, Error **errp) - { - Monitor *cur_mon = monitor_cur(); - int fd; -- if (num != 1) { -- error_setg_errno(errp, EINVAL, "socket_get_fd: too many connections"); -- return -1; -- } - if (cur_mon) { - fd = monitor_get_fd(cur_mon, fdstr, errp); - if (fd < 0) { -@@ -1159,7 +1155,7 @@ int socket_connect(SocketAddress *addr, Error **errp) - break; - - case SOCKET_ADDRESS_TYPE_FD: -- fd = socket_get_fd(addr->u.fd.str, 1, errp); -+ fd = socket_get_fd(addr->u.fd.str, errp); - break; - - case SOCKET_ADDRESS_TYPE_VSOCK: -@@ -1187,7 +1183,26 @@ int socket_listen(SocketAddress *addr, int num, Error **errp) - break; - - case SOCKET_ADDRESS_TYPE_FD: -- fd = socket_get_fd(addr->u.fd.str, num, errp); -+ fd = socket_get_fd(addr->u.fd.str, errp); -+ if (fd < 0) { -+ return -1; -+ } -+ -+ /* -+ * If the socket is not yet in the listen state, then transition it to -+ * the listen state now. -+ * -+ * If it's already listening then this updates the backlog value as -+ * requested. -+ * -+ * If this socket cannot listen because it's already in another state -+ * (e.g. unbound or connected) then we'll catch the error here. -+ */ -+ if (listen(fd, num) != 0) { -+ error_setg_errno(errp, errno, "Failed to listen on fd socket"); -+ closesocket(fd); -+ return -1; -+ } - break; - - case SOCKET_ADDRESS_TYPE_VSOCK: diff --git a/supported.arm.txt b/supported.arm.txt index cb2942b5..202848b0 100644 --- a/supported.arm.txt +++ b/supported.arm.txt @@ -1,12 +1,12 @@ [qemu-arm package document] -POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS -==================================================== +SLES 15 SP4 QEMU/KVM RELATED SUPPORT STATEMENTS +=============================================== Overview -------- - The QEMU based packages included with SLES 15 SP3 provide a large variety of + The QEMU based packages included with SLES 15 SP4 provide a large variety of features, from the very latest customer requests to features of questionable quality or value. The linux kernel includes components which contribute KVM virtualization features as well. This document was created to assist the user @@ -58,7 +58,7 @@ Major QEMU/KVM Supported Features Since a KVM guest runs in the context of a normal linux process, some types of execution controls are managed with linux tools. -- QEMU is compatible with EDK II based UEFI firmware available with SLES 15 SP3, +- QEMU is compatible with EDK II based UEFI firmware available with SLES 15 SP4, which allow boot options common to physical systems, along with other features tailored to virtualization. Various VGABIOS ROMs, from the SEABIOS project, are also available. @@ -74,7 +74,7 @@ Major QEMU/KVM Supported Features - Guest execution state may be "moved" in both time (save/restore) and space (static and live migration). These migrations or save/restore operations can - take place either from certain prior SLES versioned hosts to a SLES 15 SP3 + take place either from certain prior SLES versioned hosts to a SLES 15 SP4 host or between hosts of the same version. Certain other restrictions also apply. @@ -114,7 +114,7 @@ Major QEMU/KVM Supported Features - Portions of the host file system may be shared with a guest by using virtFS. -- A guest "agent" is available for SLES 15 SP3 KVM guests via the +- A guest "agent" is available for SLES 15 SP4 KVM guests via the qemu-guest-agent package. This allows some introspection and control of the guest OS environment from the host. @@ -143,8 +143,8 @@ Noteworthy QEMU/KVM Unsupported Features Deprecated, Superseded, Modified and Dropped Features ----------------------------------------------------- -- http://wiki.qemu-project.org/Features/LegacyRemoval and - https://qemu-project.gitlab.io/qemu/system/deprecated.html +- https://qemu-project.gitlab.io/qemu/about/deprecated.html and + https://qemu-project.gitlab.io/qemu/about/removed-features.html These websites track features deprecation and removal at the upstream development level. Our qemu package inherits this community direction, but be aware that we can and will deviate as needed. Those deviations and additional @@ -152,6 +152,13 @@ Deprecated, Superseded, Modified and Dropped Features removed features are also tracked in the "System Emulation" section of the documentation installed with the qemu package. +- Aspeed swift-bmc machine is deprecated. It can be easily replaced by the + witherspoon-bmc or the romulus-bmc machines. + +- The previously non-persistent backing file with pmem=on is deprecated. Modify + VM configuration to set pmem=off to continue using fake NVDIMM with backing + file or move backing file to NVDIMM storage and keep pmem=on. + - The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M", "-machine" and "-d" is now considered deprecated. Use "help" instead. @@ -172,12 +179,14 @@ Deprecated, Superseded, Modified and Dropped Features acpitable, boot, and smp respectively. - These previously supported command line options are now considered deprecated: + -display sdl,window_close= (use -display sdl,window-close) + -no-quit (use -display ...,window-close=off) -chardev tty (use serial name instead) -chardev paraport (use parallel name instead) -device virtio-blk,scsi= (use virtio-scsi instead) -device virtio-blk-pci,scsi= (use virtio-scsi instead) -enable-fips (not really helpful - see https://git.qemu.org/?p=qemu.git;a=commit;h=166310299a1e7824bbff17e1f016659d18b4a559 for details) - -realtime mlock= (use -overcommit mem-lock- instead) + -realtime mlock= (use -overcommit mem-lock= instead) -spice password=string (use password-string option instead) -writeconfig (no replacement - never really worked right) -share and noshare must be replaced by share=on/share=off @@ -236,6 +245,7 @@ Deprecated, Superseded, Modified and Dropped Features - These previously supported QMP commands are no longer recognized: + info cpustats block_passwd change (use blockdev-change-medium or change-vnc-password instead) cpu-add (use device_add instead) @@ -250,6 +260,7 @@ Deprecated, Superseded, Modified and Dropped Features change - These previously supported monitor commands are no longer recognized: + info cpustats block_passwd ... cpu-add (use device_add instead) migrate_set_cache_size @@ -306,8 +317,8 @@ QEMU Command-Line and Monitor Syntax and Support better functionality and usability going forward. In some cases existing problems or even bugs in older interfaces cannot be fixed due to functional expectations, but are resolved in the newer interface or option. - This advice includes moving to the most recent machine type (eg virt-5.2 - instead of virt-4.2) if possible. + This advice includes moving to the most recent machine type (eg virt-6.1 + instead of virt-6.0) if possible. - The following command line options are supported: -accel ... @@ -383,8 +394,8 @@ QEMU Command-Line and Monitor Syntax and Support -kernel ... -loadvm ... -m ... - -M [help|?|none|virt-2.6|virt-2.11|virtio-3.1|virt-4.2|virt-5.2] - -machine [help|?|none|virt-2.6|virt-2.11|virt-3.1|virt-4.2|virt-5.2] + -M [help|none|virt-2.6|virt-2.11|virtio-3.1|virt-4.2|virt-5.2|virt-6.0|virt-6.1] + -machine [help|none|virt-2.6|virt-2.11|virt-3.1|virt-4.2|virt-5.2|virt-6.0|virt-6.1] -mem-path ... -mem-prealloc -mon ... @@ -782,40 +793,43 @@ QEMU Command-Line and Monitor Syntax and Support -L ... -M - [virt|akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah|collie| - connex|cubieboard|g220a-bmc|highbank|imx25-pdk|integratorcp|kzm| + [akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah|collie|connex| + cubieboard|emcraft-sf2|g220a-bmc|highbank|imx25-pdk|integratorcp|kzm| lm3s6965evb|lm3s811evb|mainstone|mcimx6ul-evk|mcimx7d-sabre|microbit| midway|mps2-an385|mps2-an386|mps2-an500|mps2-an505|mps2-an511|mps2-an521| mps3-an524|mps3-an547|musca-a|musca-b1|musicpal|n800|n810|netduino2| - netduinoplus2|npcm750-evb|nuri|orangepi-pc|palmetto-bmc|quanta-gsj|raspi0| - raspi1ap|raspi2|raspi2b|raspi3|raspi3ap|raspi3b|realview-eb| - realview-eb-mpcore|realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite| - sbsa-ref|smdkc210|sonorapass-bmc|spitz|supermicrox11-bmc|swift-bmc|sx1| + netduinoplus2|none|npcm750-evb|nuri|orangepi-pc|palmetto-bmc| + quanta-gbs-bmc|quanta-gsj|quanta-q71l-bmc|rainier-bmc|raspi0|raspi1ap| + raspi2|raspi2b|raspi3ap|raspi3|raspi3b|realview-eb|realview-eb-mpcore| + realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite|sbsa-ref|smdkc210| + sonorapass-bmc|spitz|stm32vldiscovery|supermicrox11-bmc|swift-bmc|sx1| sx1-v1|tacoma-bmc|terrier|tosa|verdex|versatileab|versatilepb|vexpress-a15| - vexpress-a9|virt-2.7|virt-2.8|virt-2.12|virt-3.0|virt-4.0|virt-4.1| - virt-5.0|virt-5.1|virt-6.0|witherspoon-bmc|xilinx-zynq-a9|xlnx-versal-virt| - xlnx-zcu102|z2] + vexpress-a9|virt-2.10|virt-2.11|virt-2.12|virt-2.6|virt-2.7|virt-2.8| + virt-2.9|virt-3.0|virt-3.1|virt-4.0|virt-4.1|virt-4.2|virt-5.0|virt-5.1| + virt-5.2|virt-6.0|virt|virt-6.1|witherspoon-bmc|xilinx-zynq-a9| + xlnx-versal-virt|xlnx-zcu102|z2] -machine - [virt|akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah| - collie|connex|cubieboard|g220a-bmc|highbank|imx25-pdk|integratorcp| - kzm|lm3s6965evb|lm3s811evb|mainstone|mcimx6ul-evk|mcimx7d-sabre| - microbit|midway|mps2-an385|mps2-an386|mps2-an500|mps2-an521| - mps2-an505|mps2-an511|mps3-an524|mps3-an547|musca-a|musca-b1| - musicpal|n800|n810|netduino2|netduinoplus2|npcm750-evb|nuri| - orangepi-pc|palmetto-bmc|quanta-gsj|raspi0|raspi1ap|raspi2|raspi2b| - raspi3|raspi3ap|raspi3b|realview-eb|realview-eb-mpcore| - realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite|sbsa-ref| - smdkc210|sonorapass-bmc|spitz|supermicrox11-bmc|swift-bmc|sx1|sx1-v1| - tacoma-bmc|terrier|tosa|verdex|versatileab|versatilepb|vexpress-a15| - vexpress-a9|virt-2.7|virt-2.8|virt-2.12|virt-3.0|virt-4.0|virt-4.1| - virt-5.0|virt-5.1|virt-6.0|witherspoon-bmc|xilinx-zynq-a9| + [akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah|collie| + connex|cubieboard|emcraft-sf2|g220a-bmc|highbank|imx25-pdk|integratorcp| + kzm|lm3s6965evb|lm3s811evb|mainstone|mcimx6ul-evk|mcimx7d-sabre|microbit| + midway|mps2-an385|mps2-an386|mps2-an500|mps2-an505|mps2-an511|mps2-an521| + mps3-an524|mps3-an547|musca-a|musca-b1|musicpal|n800|n810|netduino2| + netduinoplus2|none|npcm750-evb|nuri|orangepi-pc|palmetto-bmc| + quanta-gbs-bmc|quanta-gsj|quanta-q71l-bmc|rainier-bmc|raspi0|raspi1ap| + raspi2|raspi2b|raspi3ap|raspi3|raspi3b|realview-eb|realview-eb-mpcore| + realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite|sbsa-ref|smdkc210| + sonorapass-bmc|spitz|stm32vldiscovery|supermicrox11-bmc|swift-bmc|sx1| + sx1-v1|tacoma-bmc|terrier|tosa|verdex|versatileab|versatilepb| + vexpress-a15|vexpress-a9|virt-2.10|virt-2.11|virt-2.12|virt-2.6|virt-2.7| + virt-2.8|virt-2.9|virt-3.0|virt-3.1|virt-4.0|virt-4.1|virt-4.2|virt-5.0| + virt-5.1|virt-5.2|virt-6.0|virt|virt-6.1|witherspoon-bmc|xilinx-zynq-a9| xlnx-versal-virt|xlnx-zcu102|z2] -mtdblock file - -net [dump|socket|vde] ... - -netdev [dump|hubport|l2tpv3|socket|vde] ... + -net [socket|vde] ... + -netdev [hubport|l2tpv3|socket|vde] ... -no-fd-bootchk -no-hpet -no-kvm diff --git a/supported.ppc.txt b/supported.ppc.txt index a9842c9b..c867e974 100644 --- a/supported.ppc.txt +++ b/supported.ppc.txt @@ -1,6 +1,6 @@ [qemu-ppc package document] -POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS -==================================================== +SLES 15 SP4 QEMU/KVM RELATED SUPPORT STATEMENTS +=============================================== QEMU/KVM on ppc is not supported. diff --git a/supported.s390.txt b/supported.s390.txt index 8d3b2b93..905cddb7 100644 --- a/supported.s390.txt +++ b/supported.s390.txt @@ -1,12 +1,12 @@ [qemu-s390 package document] -POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS -==================================================== +SLES 15 SP4 QEMU/KVM RELATED SUPPORT STATEMENTS +=============================================== Overview -------- - The QEMU based packages included with SLES 15 SP3 provide a large variety of + The QEMU based packages included with SLES 15 SP4 provide a large variety of features, from the very latest customer requests to features of questionable quality or value. The linux kernel includes components which contribute KVM virtualization features as well. This document was created to assist the user @@ -74,7 +74,7 @@ Major QEMU/KVM Supported Features - Guest execution state may be "moved" in both time (save/restore) and space (static and live migration). These migrations or save/restore operations can - take place either from certain prior SLES versioned hosts to a SLES 15 SP3 + take place either from certain prior SLES versioned hosts to a SLES 15 SP4 host or between hosts of the same version. Certain other restrictions also apply. @@ -114,7 +114,7 @@ Major QEMU/KVM Supported Features - Portions of the host file system may be shared with a guest by using virtFS. -- A guest "agent" is available for SLES 15 SP3 KVM guests via the +- A guest "agent" is available for SLES 15 SP4 KVM guests via the qemu-guest-agent package. This allows some introspection and control of the guest OS environment from the host. @@ -139,8 +139,8 @@ Noteworthy QEMU/KVM Unsupported Features Deprecated, Superseded, Modified and Dropped Features ----------------------------------------------------- -- http://wiki.qemu-project.org/Features/LegacyRemoval and - https://qemu-project.gitlab.io/qemu/system/deprecated.html +- https://qemu-project.gitlab.io/qemu/about/deprecated.html and + https://qemu-project.gitlab.io/qemu/about/removed-features.html These websites track features deprecation and removal at the upstream development level. Our qemu package inherits this community direction, but be aware that we can and will deviate as needed. Those deviations and additional @@ -148,6 +148,10 @@ Deprecated, Superseded, Modified and Dropped Features removed features are also tracked in the "System Emulation" section of the documentation installed with the qemu package. +- The previously non-persistent backing file with pmem=on is deprecated. Modify + VM configuration to set pmem=off to continue using fake NVDIMM with backing + file or move backing file to NVDIMM storage and keep pmem=on. + - The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M", "-machine" and "-d" is now considered deprecated. Use "help" instead. @@ -168,6 +172,8 @@ Deprecated, Superseded, Modified and Dropped Features acpitable, boot, and smp respectively. - These previously supported command line options are now considered deprecated: + -display sdl,window_close= (use -display sdl,window-close) + -no-quit (use -display ...,window-close=off) -chardev tty (use serial name instead) -chardev paraport (use parallel name instead) -device virtio-blk,scsi= (use virtio-scsi instead) @@ -227,6 +233,7 @@ Deprecated, Superseded, Modified and Dropped Features - These previously supported QMP commands are no longer recognized: + info cpustats block_passwd change (use blockdev-change-medium or change-vnc-password instead) cpu-add (use device_add instead) @@ -241,7 +248,8 @@ Deprecated, Superseded, Modified and Dropped Features change - These previously supported monitor commands are no longer recognized: - block_passwd + info cpustats + block_passwd ... cpu-add (use device_add instead) migrate_set_cache_size migrate_set_downtime @@ -298,7 +306,7 @@ QEMU Command-Line and Monitor Syntax and Support problems or even bugs in older interfaces cannot be fixed due to functional expectations, but are resolved in the newer interface or option. This advice includes moving to the most recent machine type (eg - s390-ccw-virtio-5.2 instead of s390-ccw-virtio-4.2) if possible. + s390-ccw-virtio-6.1 instead of s390-ccw-virtio-6.0) if possible. - The following command line options are supported: -accel ... @@ -737,7 +745,7 @@ QEMU Command-Line and Monitor Syntax and Support s390-ccw-virtio-2.7|s390-ccw-virtio-2.8|s390-ccw-virtio-2.10| s390-ccw-virtio-2.12|s390-ccw-virtio-3.0|s390-ccw-virtio-4.0| s390-ccw-virtio-4.1|s390-ccw-virtio-5.0|s390-ccw-virtio-5.1| - s390-ccw-virtio-6.0] + s390-ccw-virtio-6.0|s390-ccw-virtio-6.1] -machine @@ -745,11 +753,11 @@ QEMU Command-Line and Monitor Syntax and Support s390-ccw-virtio-2.7|s390-ccw-virtio-2.8|s390-ccw-virtio-2.10| s390-ccw-virtio-2.12|s390-ccw-virtio-3.0|s390-ccw-virtio-4.0| s390-ccw-virtio-4.1|s390-ccw-virtio-5.0|s390-ccw-virtio-5.1| - s390-ccw-virtio-6.0] + s390-ccw-virtio-6.0|s390-ccw-virtio-6.1] -mtdblock file - -net [dump|socket|vde] ... - -netdev [dump|hubport|l2tpv3|socket|vde] ... + -net [socket|vde] ... + -netdev [hubport|l2tpv3|socket|vde] ... -no-acpi -no-fd-bootchk -no-hpet diff --git a/supported.x86.txt b/supported.x86.txt index a4e83d73..2fc2bb8d 100644 --- a/supported.x86.txt +++ b/supported.x86.txt @@ -1,12 +1,12 @@ [qemu-x86 package document] -POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS -==================================================== +SLES 15 SP4 QEMU/KVM RELATED SUPPORT STATEMENTS +=============================================== Overview -------- - The QEMU based packages included with SLES 15 SP3 provide a large variety of + The QEMU based packages included with SLES 15 SP4 provide a large variety of features, from the very latest customer requests to features of questionable quality or value. The linux kernel includes components which contribute KVM virtualization features as well. This document was created to assist the user @@ -82,7 +82,7 @@ Major QEMU/KVM Supported Features - Guest execution state may be "moved" in both time (save/restore) and space (static and live migration). These migrations or save/restore operations can - take place either from certain prior SLES versioned hosts to a SLES 15 SP3 + take place either from certain prior SLES versioned hosts to a SLES 15 SP4 host or between hosts of the same version. Certain other restrictions also apply. @@ -133,7 +133,7 @@ Major QEMU/KVM Supported Features - Portions of the host file system may be shared with a guest by using virtFS. -- A guest "agent" is available for SLES 15 SP3 KVM guests via the +- A guest "agent" is available for SLES 15 SP4 KVM guests via the qemu-guest-agent package. This allows some introspection and control of the guest OS environment from the host. @@ -162,9 +162,9 @@ Noteworthy QEMU/KVM Unsupported Features Deprecated, Superseded, Modified and Dropped Features ----------------------------------------------------- -- http://wiki.qemu-project.org/Features/LegacyRemoval and - https://qemu-project.gitlab.io/qemu/system/deprecated.html - These websites track feature deprecation and removal at the upstream +- https://qemu-project.gitlab.io/qemu/about/deprecated.html and + https://qemu-project.gitlab.io/qemu/about/removed-features.html + These websites track features deprecation and removal at the upstream development level. Our qemu package inherits this community direction, but be aware that we can and will deviate as needed. Those deviations and additional information can be found in this section. Feature deprecation as well as @@ -183,6 +183,10 @@ Deprecated, Superseded, Modified and Dropped Features supports the virtio block interface directly. In fact, its usage may cause problems, and is now considered deprecated. +- The previously non-persistent backing file with pmem=on is deprecated. Modify + VM configuration to set pmem=off to continue using fake NVDIMM with backing + file or move backing file to NVDIMM storage and keep pmem=on. + - The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M", "-machine" and "-d" is now considered deprecated. Use "help" instead. @@ -209,6 +213,8 @@ Deprecated, Superseded, Modified and Dropped Features versions. - These previously supported command line options are now considered deprecated: + -display sdl,window_close= (use -display sdl,window-close) + -no-quit (use -display ...,window-close=off) -M option kernel-irqchip=off -chardev tty (use serial name instead) -chardev paraport (use parallel name instead) @@ -309,6 +315,7 @@ Deprecated, Superseded, Modified and Dropped Features - These previously supported QMP commands are no longer recognized: + info cpustats block_passwd change (use blockdev-change-medium or change-vnc-password instead) cpu-add (use device_add instead) @@ -323,6 +330,8 @@ Deprecated, Superseded, Modified and Dropped Features change - These previously supported monitor commands are no longer recognized: + info cpustats + block_passwd ... block_passwd cpu-add cpu_set @@ -392,8 +401,8 @@ QEMU Command-Line and Monitor Syntax and Support better functionality and usability going forward. In some cases existing problems or even bugs in older interfaces cannot be fixed due to functional expectations, but are resolved in the newer interface or option. - This advice includes moving to the most recent machine type (eg pc-i440fx-5.2 - instead of pc-i440fx-4.2) if possible. + This advice includes moving to the most recent machine type (eg pc-i440fx-6.1 + instead of pc-i440fx-6.0) if possible. - The following command line options are supported: -accel ... @@ -481,17 +490,19 @@ QEMU Command-Line and Monitor Syntax and Support -m ... -M - [help|?|none|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0|pc-i440fx-2.3| + [help|none|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0|pc-i440fx-2.3| pc-i440fx-2.6|pc-i440fx-2.9|pc-i440fx-2.11|pc-i440fx-3.1|pc-i440fx-4.2| - pc-i440fx-5.2|pc-q35-2.6|pc-q35-2.9|pc-q35-2.11|pc-q35-3.1|pc-q35-4.2| - pc-q35-5.2|xenfv|xenfv-4.2] + pc-i440fx-5.2|pc-i440fx-6.0|pc-i440fx-6.1|pc-q35-2.6|pc-q35-2.9| + pc-q35-2.11|pc-q35-3.1|pc-q35-4.2|pc-q35-5.2|pc-q35-6.0|pc-q35-6.1| + xenfv|xenfv-4.2] -machine - [help|?|none|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0| + [help|none|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0| pc-i440fx-2.3|pc-440fx-2.6|pc-i440fx-2.9|pc-i440fx-2.11| - pc-i440fx-3.1|pc-i440fx-4.2|pc-i440fx-5.2|pc-q35-2.6|pc-q35-2.9| - pc-q35-2.11|pc-q35-3.1|pc-q35-4.2|pc-q35-5.2|xenfv|xenifv-4.2] + pc-i440fx-3.1|pc-i440fx-4.2|pc-i440fx-5.2|pc-i440fx-6.0| + pc-i440fx-6.1|pc-q35-2.6|pc-q35-2.9|pc-q35-2.11|pc-q35-3.1| + pc-q35-4.2|pc-q35-5.2|pc-q35-6.0|pc-q35-6.1|xenfv|xenifv-4.2] -mem-path ... -mem-prealloc @@ -863,8 +874,8 @@ QEMU Command-Line and Monitor Syntax and Support pc-q35-4.1|pc-q35-5.0|pc-q35-5.1|pc-q35-6.0] -mtdblock file - -net [dump|socket|vde] ... - -netdev [dump|hubport|l2tpv3|socket|vde] ... + -net [socket|vde] ... + -netdev [hubport|l2tpv3|socket|vde] ... -no-kvm -numa node ... -option-rom ... diff --git a/target-i386-Exit-tb-after-wrmsr.patch b/target-i386-Exit-tb-after-wrmsr.patch deleted file mode 100644 index fdf05db1..00000000 --- a/target-i386-Exit-tb-after-wrmsr.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Richard Henderson -Date: Fri, 14 May 2021 10:13:37 -0500 -Subject: target/i386: Exit tb after wrmsr - -Git-commit: 244843b757220c432e0e9ae8d2210218c034730d - -At minimum, wrmsr can change efer, which affects HF_LMA. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Richard Henderson -Reviewed-by: Paolo Bonzini -Message-Id: <20210514151342.384376-46-richard.henderson@linaro.org> -Signed-off-by: Jose R. Ziviani ---- - target/i386/tcg/translate.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c -index 880bc455612aa9757a065723206e..6b713b4fff7c466bd864d4af5792 100644 ---- a/target/i386/tcg/translate.c -+++ b/target/i386/tcg/translate.c -@@ -7198,6 +7198,8 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) - gen_helper_rdmsr(cpu_env); - } else { - gen_helper_wrmsr(cpu_env); -+ gen_jmp_im(s, s->pc - s->cs_base); -+ gen_eob(s); - } - } - break; diff --git a/target-sh4-Return-error-if-CPUClass-get_.patch b/target-sh4-Return-error-if-CPUClass-get_.patch deleted file mode 100644 index 5a9c78a7..00000000 --- a/target-sh4-Return-error-if-CPUClass-get_.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Wed, 5 May 2021 18:10:46 +0200 -Subject: target/sh4: Return error if CPUClass::get_phys_page_debug() fails -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 52a1c621f9d56d18212273c64b4119513a2db1f1 - -If the get_physical_address() call fails, the SH4 get_phys_page_debug() -handler returns an uninitialized address. Instead return -1, which -correspond to "no page found" (see cpu_get_phys_page_debug() doc -string). - -This fixes a warning emitted when building with CFLAGS=-O3 -(using GCC 10.2.1 20201125): - - target/sh4/helper.c: In function ‘superh_cpu_get_phys_page_debug’: - target/sh4/helper.c:446:12: warning: ‘physical’ may be used uninitialized in this function [-Wmaybe-uninitialized] - 446 | return physical; - | ^~~~~~~~ - -Signed-off-by: Philippe Mathieu-Daudé -Reviewed-by: Richard Henderson -Reviewed-by: Yoshinori Sato -Message-Id: <20210505161046.1397608-1-f4bug@amsat.org> -Signed-off-by: Laurent Vivier -Signed-off-by: Jose R. Ziviani ---- - target/sh4/helper.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/target/sh4/helper.c b/target/sh4/helper.c -index bd8e034f174d530354913acb7fa1..2d622081e85afec6e40034c24508 100644 ---- a/target/sh4/helper.c -+++ b/target/sh4/helper.c -@@ -441,9 +441,12 @@ hwaddr superh_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) - target_ulong physical; - int prot; - -- get_physical_address(&cpu->env, &physical, &prot, addr, MMU_DATA_LOAD); -+ if (get_physical_address(&cpu->env, &physical, &prot, addr, MMU_DATA_LOAD) -+ == MMU_OK) { -+ return physical; -+ } - -- return physical; -+ return -1; - } - - void cpu_load_tlb(CPUSH4State * env) diff --git a/tcg-Allocate-sufficient-storage-in-temp_.patch b/tcg-Allocate-sufficient-storage-in-temp_.patch deleted file mode 100644 index c8c236ad..00000000 --- a/tcg-Allocate-sufficient-storage-in-temp_.patch +++ /dev/null @@ -1,71 +0,0 @@ -From: Richard Henderson -Date: Fri, 18 Jun 2021 21:53:27 -0700 -Subject: tcg: Allocate sufficient storage in temp_allocate_frame -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: c1c091948ae4a73c1a80b5005f6204d0e665ce52 - -This function should have been updated for vector types -when they were introduced. - -Fixes: d2fd745fe8b -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/367 -Cc: qemu-stable@nongnu.org -Tested-by: Stefan Weil -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Richard Henderson -Signed-off-by: Jose R. Ziviani ---- - tcg/tcg.c | 31 ++++++++++++++++++++++++++----- - 1 file changed, 26 insertions(+), 5 deletions(-) - -diff --git a/tcg/tcg.c b/tcg/tcg.c -index a9cf55531e2b9ae06d5d852cc563..21d65969beb7cc4d34c2b321c7b3 100644 ---- a/tcg/tcg.c -+++ b/tcg/tcg.c -@@ -3489,17 +3489,38 @@ static void check_regs(TCGContext *s) - - static void temp_allocate_frame(TCGContext *s, TCGTemp *ts) - { -- if (s->current_frame_offset + (tcg_target_long)sizeof(tcg_target_long) > -- s->frame_end) { -- tcg_abort(); -+ intptr_t off, size, align; -+ -+ switch (ts->type) { -+ case TCG_TYPE_I32: -+ size = align = 4; -+ break; -+ case TCG_TYPE_I64: -+ case TCG_TYPE_V64: -+ size = align = 8; -+ break; -+ case TCG_TYPE_V128: -+ size = align = 16; -+ break; -+ case TCG_TYPE_V256: -+ /* Note that we do not require aligned storage for V256. */ -+ size = 32, align = 16; -+ break; -+ default: -+ g_assert_not_reached(); - } -- ts->mem_offset = s->current_frame_offset; -+ -+ assert(align <= TCG_TARGET_STACK_ALIGN); -+ off = ROUND_UP(s->current_frame_offset, align); -+ assert(off + size <= s->frame_end); -+ s->current_frame_offset = off + size; -+ -+ ts->mem_offset = off; - #if defined(__sparc__) - ts->mem_offset += TCG_TARGET_STACK_BIAS; - #endif - ts->mem_base = s->frame_temp; - ts->mem_allocated = 1; -- s->current_frame_offset += sizeof(tcg_target_long); - } - - static void temp_load(TCGContext *, TCGTemp *, TCGRegSet, TCGRegSet, TCGRegSet); diff --git a/tcg-arm-Fix-tcg_out_op-function-signatur.patch b/tcg-arm-Fix-tcg_out_op-function-signatur.patch deleted file mode 100644 index 987b64d1..00000000 --- a/tcg-arm-Fix-tcg_out_op-function-signatur.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: "Jose R. Ziviani" -Date: Thu, 10 Jun 2021 19:44:50 -0300 -Subject: tcg/arm: Fix tcg_out_op function signature - -Git-commit: c372565d08e278d6e65a54c8b5ab082bd63234ea - -Commit 5e8892db93 fixed several function signatures but tcg_out_op for -arm is missing. This patch fixes it as well. - -Signed-off-by: Jose R. Ziviani -Message-Id: <20210610224450.23425-1-jziviani@suse.de> -Signed-off-by: Richard Henderson -Signed-off-by: Jose R. Ziviani ---- - tcg/arm/tcg-target.c.inc | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc -index 8457108a87a17c2628f5a5c83115..cd9ae20037f30c2075cd0bfa5ff5 100644 ---- a/tcg/arm/tcg-target.c.inc -+++ b/tcg/arm/tcg-target.c.inc -@@ -1710,7 +1710,8 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64) - static void tcg_out_epilogue(TCGContext *s); - - static inline void tcg_out_op(TCGContext *s, TCGOpcode opc, -- const TCGArg *args, const int *const_args) -+ const TCGArg args[TCG_MAX_OP_ARGS], -+ const int const_args[TCG_MAX_OP_ARGS]) - { - TCGArg a0, a1, a2, a3, a4, a5; - int c; diff --git a/tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch b/tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch deleted file mode 100644 index d8d2b072..00000000 --- a/tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch +++ /dev/null @@ -1,77 +0,0 @@ -From: Richard Henderson -Date: Fri, 18 Jun 2021 16:49:26 -0700 -Subject: tcg/sparc: Fix temp_allocate_frame vs sparc stack bias -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 9defd1bdfb0f2ddb3ca9863e39577f3a9929d58c - -We should not be aligning the offset in temp_allocate_frame, -because the odd offset produces an aligned address in the end. -Instead, pass the logical offset into tcg_set_frame and add -the stack bias last. - -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Richard Henderson -Signed-off-by: Jose R. Ziviani ---- - tcg/sparc/tcg-target.c.inc | 16 ++++++++++------ - tcg/tcg.c | 9 +++------ - 2 files changed, 13 insertions(+), 12 deletions(-) - -diff --git a/tcg/sparc/tcg-target.c.inc b/tcg/sparc/tcg-target.c.inc -index 3d50f985c6cde71a5d2928db1f4f..c046d1cc6098c0a148fde7a8d7a9 100644 ---- a/tcg/sparc/tcg-target.c.inc -+++ b/tcg/sparc/tcg-target.c.inc -@@ -987,14 +987,18 @@ static void tcg_target_qemu_prologue(TCGContext *s) - { - int tmp_buf_size, frame_size; - -- /* The TCG temp buffer is at the top of the frame, immediately -- below the frame pointer. */ -+ /* -+ * The TCG temp buffer is at the top of the frame, immediately -+ * below the frame pointer. Use the logical (aligned) offset here; -+ * the stack bias is applied in temp_allocate_frame(). -+ */ - tmp_buf_size = CPU_TEMP_BUF_NLONGS * (int)sizeof(long); -- tcg_set_frame(s, TCG_REG_I6, TCG_TARGET_STACK_BIAS - tmp_buf_size, -- tmp_buf_size); -+ tcg_set_frame(s, TCG_REG_I6, -tmp_buf_size, tmp_buf_size); - -- /* TCG_TARGET_CALL_STACK_OFFSET includes the stack bias, but is -- otherwise the minimal frame usable by callees. */ -+ /* -+ * TCG_TARGET_CALL_STACK_OFFSET includes the stack bias, but is -+ * otherwise the minimal frame usable by callees. -+ */ - frame_size = TCG_TARGET_CALL_STACK_OFFSET - TCG_TARGET_STACK_BIAS; - frame_size += TCG_STATIC_CALL_ARGS_SIZE + tmp_buf_size; - frame_size += TCG_TARGET_STACK_ALIGN - 1; -diff --git a/tcg/tcg.c b/tcg/tcg.c -index 1fbe0b686d57361ed698c4ab5e5c..a9cf55531e2b9ae06d5d852cc563 100644 ---- a/tcg/tcg.c -+++ b/tcg/tcg.c -@@ -3489,17 +3489,14 @@ static void check_regs(TCGContext *s) - - static void temp_allocate_frame(TCGContext *s, TCGTemp *ts) - { --#if !(defined(__sparc__) && TCG_TARGET_REG_BITS == 64) -- /* Sparc64 stack is accessed with offset of 2047 */ -- s->current_frame_offset = (s->current_frame_offset + -- (tcg_target_long)sizeof(tcg_target_long) - 1) & -- ~(sizeof(tcg_target_long) - 1); --#endif - if (s->current_frame_offset + (tcg_target_long)sizeof(tcg_target_long) > - s->frame_end) { - tcg_abort(); - } - ts->mem_offset = s->current_frame_offset; -+#if defined(__sparc__) -+ ts->mem_offset += TCG_TARGET_STACK_BIAS; -+#endif - ts->mem_base = s->frame_temp; - ts->mem_allocated = 1; - s->current_frame_offset += sizeof(tcg_target_long); diff --git a/ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch b/ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch deleted file mode 100644 index 8cb267a7..00000000 --- a/ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch +++ /dev/null @@ -1,80 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Fri, 30 Apr 2021 17:50:09 +0200 -Subject: ui: Fix memory leak in qemu_xkeymap_mapping_table() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 7c06a34c8c4f2c883d6ab6b15faa214d4ebfb269 -References: bsc#1185999 - -Refactor qemu_xkeymap_mapping_table() to have a single exit point, -so we can easily free the memory allocated by XGetAtomName(). - -This fixes when running a binary configured with --enable-sanitizers: - - Direct leak of 22 byte(s) in 1 object(s) allocated from: - #0 0x561344a7473f in malloc (qemu-system-x86_64+0x1dab73f) - #1 0x7fa4d9dc08aa in XGetAtomName (/lib64/libX11.so.6+0x2a8aa) - -Fixes: 2ec78706d18 ("ui: convert GTK and SDL1 frontends to keycodemapdb") -Reviewed-by: Daniel P. Berrangé -Reviewed-by: Laurent Vivier -Signed-off-by: Philippe Mathieu-Daudé -Message-Id: <20210430155009.259755-1-philmd@redhat.com> -Signed-off-by: Laurent Vivier -Signed-off-by: Jose R. Ziviani ---- - ui/x_keymap.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/ui/x_keymap.c b/ui/x_keymap.c -index 555086fb6bd572aeb6dda17bdd15..2ce7b899615f8368c6a6e6984eab 100644 ---- a/ui/x_keymap.c -+++ b/ui/x_keymap.c -@@ -56,6 +56,7 @@ const guint16 *qemu_xkeymap_mapping_table(Display *dpy, size_t *maplen) - { - XkbDescPtr desc; - const gchar *keycodes = NULL; -+ const guint16 *map; - - /* There is no easy way to determine what X11 server - * and platform & keyboard driver is in use. Thus we -@@ -83,21 +84,21 @@ const guint16 *qemu_xkeymap_mapping_table(Display *dpy, size_t *maplen) - if (check_for_xwin(dpy)) { - trace_xkeymap_keymap("xwin"); - *maplen = qemu_input_map_xorgxwin_to_qcode_len; -- return qemu_input_map_xorgxwin_to_qcode; -+ map = qemu_input_map_xorgxwin_to_qcode; - } else if (check_for_xquartz(dpy)) { - trace_xkeymap_keymap("xquartz"); - *maplen = qemu_input_map_xorgxquartz_to_qcode_len; -- return qemu_input_map_xorgxquartz_to_qcode; -+ map = qemu_input_map_xorgxquartz_to_qcode; - } else if ((keycodes && g_str_has_prefix(keycodes, "evdev")) || - (XKeysymToKeycode(dpy, XK_Page_Up) == 0x70)) { - trace_xkeymap_keymap("evdev"); - *maplen = qemu_input_map_xorgevdev_to_qcode_len; -- return qemu_input_map_xorgevdev_to_qcode; -+ map = qemu_input_map_xorgevdev_to_qcode; - } else if ((keycodes && g_str_has_prefix(keycodes, "xfree86")) || - (XKeysymToKeycode(dpy, XK_Page_Up) == 0x63)) { - trace_xkeymap_keymap("kbd"); - *maplen = qemu_input_map_xorgkbd_to_qcode_len; -- return qemu_input_map_xorgkbd_to_qcode; -+ map = qemu_input_map_xorgkbd_to_qcode; - } else { - trace_xkeymap_keymap("NULL"); - g_warning("Unknown X11 keycode mapping '%s'.\n" -@@ -109,6 +110,10 @@ const guint16 *qemu_xkeymap_mapping_table(Display *dpy, size_t *maplen) - " - xprop -root\n" - " - xdpyinfo\n", - keycodes ? keycodes : ""); -- return NULL; -+ map = NULL; - } -+ if (keycodes) { -+ XFree((void *)keycodes); -+ } -+ return map; - } diff --git a/usb-Help-compiler-out-to-avoid-a-warning.patch b/usb-Help-compiler-out-to-avoid-a-warning.patch index c90faacd..b2ce410c 100644 --- a/usb-Help-compiler-out-to-avoid-a-warning.patch +++ b/usb-Help-compiler-out-to-avoid-a-warning.patch @@ -18,10 +18,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c -index 46212b1e695acc657122ae6645ac..b487818908839ca4c3dd2c082c6a 100644 +index e01700039b13d1404d3dc66eb3d3..395f0923f7633c03f2359d503fbd 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c -@@ -3306,7 +3306,7 @@ static void usb_xhci_init(XHCIState *xhci) +@@ -3310,7 +3310,7 @@ static void usb_xhci_init(XHCIState *xhci) USB_SPEED_MASK_FULL | USB_SPEED_MASK_HIGH; assert(i < XHCI_MAXPORTS); @@ -30,7 +30,7 @@ index 46212b1e695acc657122ae6645ac..b487818908839ca4c3dd2c082c6a 100644 speedmask |= port->speedmask; } if (i < xhci->numports_3) { -@@ -3320,7 +3320,7 @@ static void usb_xhci_init(XHCIState *xhci) +@@ -3324,7 +3324,7 @@ static void usb_xhci_init(XHCIState *xhci) port->uport = &xhci->uports[i]; port->speedmask = USB_SPEED_MASK_SUPER; assert(i < XHCI_MAXPORTS); diff --git a/usb-hid-avoid-dynamic-stack-allocation.patch b/usb-hid-avoid-dynamic-stack-allocation.patch deleted file mode 100644 index a68ed3bd..00000000 --- a/usb-hid-avoid-dynamic-stack-allocation.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: Gerd Hoffmann -Date: Mon, 3 May 2021 15:29:11 +0200 -Subject: usb/hid: avoid dynamic stack allocation -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 3f67e2e7f135b8be4117f3c2960e78d894feaa03 -References: bsc#1186012, CVE-2021-3527 - -Use autofree heap allocation instead. - -Signed-off-by: Gerd Hoffmann -Reviewed-by: Philippe Mathieu-Daudé -Tested-by: Philippe Mathieu-Daudé -Message-Id: <20210503132915.2335822-2-kraxel@redhat.com> -Signed-off-by: Jose R. Ziviani ---- - hw/usb/dev-hid.c | 2 +- - hw/usb/dev-wacom.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/usb/dev-hid.c b/hw/usb/dev-hid.c -index fc39bab79f94b0a0d06c23fc650d..1c7ae97c3033442dba820db492bd 100644 ---- a/hw/usb/dev-hid.c -+++ b/hw/usb/dev-hid.c -@@ -656,7 +656,7 @@ static void usb_hid_handle_data(USBDevice *dev, USBPacket *p) - { - USBHIDState *us = USB_HID(dev); - HIDState *hs = &us->hid; -- uint8_t buf[p->iov.size]; -+ g_autofree uint8_t *buf = g_malloc(p->iov.size); - int len = 0; - - switch (p->pid) { -diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c -index b595048635090242b5e771a11436..ed687bc9f1eb1b20b7e8ab0db35a 100644 ---- a/hw/usb/dev-wacom.c -+++ b/hw/usb/dev-wacom.c -@@ -301,7 +301,7 @@ static void usb_wacom_handle_control(USBDevice *dev, USBPacket *p, - static void usb_wacom_handle_data(USBDevice *dev, USBPacket *p) - { - USBWacomState *s = (USBWacomState *) dev; -- uint8_t buf[p->iov.size]; -+ g_autofree uint8_t *buf = g_malloc(p->iov.size); - int len = 0; - - switch (p->pid) { diff --git a/usb-limit-combined-packets-to-1-MiB-CVE-.patch b/usb-limit-combined-packets-to-1-MiB-CVE-.patch deleted file mode 100644 index d0a23c75..00000000 --- a/usb-limit-combined-packets-to-1-MiB-CVE-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Gerd Hoffmann -Date: Mon, 3 May 2021 15:29:15 +0200 -Subject: usb: limit combined packets to 1 MiB (CVE-2021-3527) - -Git-commit: 05a40b172e4d691371534828078be47e7fff524c -References: bsc#1186012, CVE-2021-3527 - -usb-host and usb-redirect try to batch bulk transfers by combining many -small usb packets into a single, large transfer request, to reduce the -overhead and improve performance. - -This patch adds a size limit of 1 MiB for those combined packets to -restrict the host resources the guest can bind that way. - -Signed-off-by: Gerd Hoffmann -Message-Id: <20210503132915.2335822-6-kraxel@redhat.com> -Signed-off-by: Jose R. Ziviani ---- - hw/usb/combined-packet.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c -index 5d57e883dcb515c9b8acc58d97b4..e56802f89a32f44bc94f3b3dbda2 100644 ---- a/hw/usb/combined-packet.c -+++ b/hw/usb/combined-packet.c -@@ -171,7 +171,9 @@ void usb_ep_combine_input_packets(USBEndpoint *ep) - if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok || - next == NULL || - /* Work around for Linux usbfs bulk splitting + migration */ -- (totalsize == (16 * KiB - 36) && p->int_req)) { -+ (totalsize == (16 * KiB - 36) && p->int_req) || -+ /* Next package may grow combined package over 1MiB */ -+ totalsize > 1 * MiB - ep->max_packet_size) { - usb_device_handle_data(ep->dev, first); - assert(first->status == USB_RET_ASYNC); - if (first->combined) { diff --git a/usb-mtp-avoid-dynamic-stack-allocation.patch b/usb-mtp-avoid-dynamic-stack-allocation.patch deleted file mode 100644 index f033d46f..00000000 --- a/usb-mtp-avoid-dynamic-stack-allocation.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Gerd Hoffmann -Date: Mon, 3 May 2021 15:29:13 +0200 -Subject: usb/mtp: avoid dynamic stack allocation -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 06aa50c06c6392084244f8169d34b8e2d9c43ef2 -References: bsc#1186012, CVE-2021-3527 - -Use autofree heap allocation instead. - -Signed-off-by: Gerd Hoffmann -Reviewed-by: Philippe Mathieu-Daudé -Tested-by: Philippe Mathieu-Daudé -Message-Id: <20210503132915.2335822-4-kraxel@redhat.com> -Signed-off-by: Jose R. Ziviani ---- - hw/usb/dev-mtp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c -index bbb827434482d3b191df857d6fa0..2a895a73b083315d617e73a12cbd 100644 ---- a/hw/usb/dev-mtp.c -+++ b/hw/usb/dev-mtp.c -@@ -907,7 +907,8 @@ static MTPData *usb_mtp_get_object_handles(MTPState *s, MTPControl *c, - MTPObject *o) - { - MTPData *d = usb_mtp_data_alloc(c); -- uint32_t i = 0, handles[o->nchildren]; -+ uint32_t i = 0; -+ g_autofree uint32_t *handles = g_new(uint32_t, o->nchildren); - MTPObject *iter; - - trace_usb_mtp_op_get_object_handles(s->dev.addr, o->handle, o->path); diff --git a/usb-redir-avoid-dynamic-stack-allocation.patch b/usb-redir-avoid-dynamic-stack-allocation.patch deleted file mode 100644 index 95f14f4c..00000000 --- a/usb-redir-avoid-dynamic-stack-allocation.patch +++ /dev/null @@ -1,53 +0,0 @@ -From: Gerd Hoffmann -Date: Mon, 3 May 2021 15:29:12 +0200 -Subject: usb/redir: avoid dynamic stack allocation (CVE-2021-3527) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 -References: bsc#1186012, CVE-2021-3527 - -Use autofree heap allocation instead. - -Fixes: 4f4321c11ff ("usb: use iovecs in USBPacket") -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Gerd Hoffmann -Tested-by: Philippe Mathieu-Daudé -Message-Id: <20210503132915.2335822-3-kraxel@redhat.com> -Signed-off-by: Jose R. Ziviani ---- - hw/usb/redirect.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c -index af1721a391139818ec9007c16f55..e6474dc543faa707de4d6b2ab03f 100644 ---- a/hw/usb/redirect.c -+++ b/hw/usb/redirect.c -@@ -620,7 +620,7 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - .endpoint = ep, - .length = p->iov.size - }; -- uint8_t buf[p->iov.size]; -+ g_autofree uint8_t *buf = g_malloc(p->iov.size); - /* No id, we look at the ep when receiving a status back */ - usb_packet_copy(p, buf, p->iov.size); - usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet, -@@ -818,7 +818,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p, - usbredirparser_send_bulk_packet(dev->parser, p->id, - &bulk_packet, NULL, 0); - } else { -- uint8_t buf[size]; -+ g_autofree uint8_t *buf = g_malloc(size); - usb_packet_copy(p, buf, size); - usbredir_log_data(dev, "bulk data out:", buf, size); - usbredirparser_send_bulk_packet(dev->parser, p->id, -@@ -923,7 +923,7 @@ static void usbredir_handle_interrupt_out_data(USBRedirDevice *dev, - USBPacket *p, uint8_t ep) - { - struct usb_redir_interrupt_packet_header interrupt_packet; -- uint8_t buf[p->iov.size]; -+ g_autofree uint8_t *buf = g_malloc(p->iov.size); - - DPRINTF("interrupt-out ep %02X len %zd id %"PRIu64"\n", ep, - p->iov.size, p->id); diff --git a/usbredir-fix-free-call.patch b/usbredir-fix-free-call.patch deleted file mode 100644 index e8046b1d..00000000 --- a/usbredir-fix-free-call.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Gerd Hoffmann -Date: Thu, 22 Jul 2021 09:27:56 +0200 -Subject: usbredir: fix free call -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 5e796671e6b8d5de4b0b423dce1b3eba144a92c9 -References: bsc#1189145 CVE-2021-3682 - -data might point into the middle of a larger buffer, there is a separate -free_on_destroy pointer passed into bufp_alloc() to handle that. It is -only used in the normal workflow though, not when dropping packets due -to the queue being full. Fix that. - -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/491 -Signed-off-by: Gerd Hoffmann -Reviewed-by: Marc-André Lureau -Message-Id: <20210722072756.647673-1-kraxel@redhat.com> -Signed-off-by: Jose R. Ziviani ---- - hw/usb/redirect.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c -index 17f06f34179a257e3fd2b354164e..af1721a391139818ec9007c16f55 100644 ---- a/hw/usb/redirect.c -+++ b/hw/usb/redirect.c -@@ -476,7 +476,7 @@ static int bufp_alloc(USBRedirDevice *dev, uint8_t *data, uint16_t len, - if (dev->endpoint[EP2I(ep)].bufpq_dropping_packets) { - if (dev->endpoint[EP2I(ep)].bufpq_size > - dev->endpoint[EP2I(ep)].bufpq_target_size) { -- free(data); -+ free(free_on_destroy); - return -1; - } - dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0; diff --git a/vfio-ccw-Permit-missing-IRQs.patch b/vfio-ccw-Permit-missing-IRQs.patch deleted file mode 100644 index b5d2d3f0..00000000 --- a/vfio-ccw-Permit-missing-IRQs.patch +++ /dev/null @@ -1,71 +0,0 @@ -From: Eric Farman -Date: Wed, 21 Apr 2021 17:20:53 +0200 -Subject: vfio-ccw: Permit missing IRQs - -Git-commit: 6178d4689a1e6a0d2b6dea1dad990e74148fa9d1 - -Commit 690e29b91102 ("vfio-ccw: Refactor ccw irq handler") changed -one of the checks for the IRQ notifier registration from saying -"the host needs to recognize the only IRQ that exists" to saying -"the host needs to recognize ANY IRQ that exists." - -And this worked fine, because the subsequent change to support the -CRW IRQ notifier doesn't get into this code when running on an older -kernel, thanks to a guard by a capability region. The later addition -of the REQ(uest) IRQ by commit b2f96f9e4f5f ("vfio-ccw: Connect the -device request notifier") broke this assumption because there is no -matching capability region. Thus, running new QEMU on an older -kernel fails with: - - vfio: unexpected number of irqs 2 - -Let's adapt the message here so that there's a better clue of what -IRQ is missing. - -Furthermore, let's make the REQ(uest) IRQ not fail when attempting -to register it, to permit running vfio-ccw on a newer QEMU with an -older kernel. - -Fixes: b2f96f9e4f5f ("vfio-ccw: Connect the device request notifier") -Signed-off-by: Eric Farman -Message-Id: <20210421152053.2379873-1-farman@linux.ibm.com> -Signed-off-by: Cornelia Huck -Signed-off-by: Jose R. Ziviani ---- - hw/vfio/ccw.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c -index b2df708e4b0192cc6af898edeca4..400bc07fe260837953de87d0f272 100644 ---- a/hw/vfio/ccw.c -+++ b/hw/vfio/ccw.c -@@ -412,8 +412,8 @@ static void vfio_ccw_register_irq_notifier(VFIOCCWDevice *vcdev, - } - - if (vdev->num_irqs < irq + 1) { -- error_setg(errp, "vfio: unexpected number of irqs %u", -- vdev->num_irqs); -+ error_setg(errp, "vfio: IRQ %u not available (number of irqs %u)", -+ irq, vdev->num_irqs); - return; - } - -@@ -696,13 +696,15 @@ static void vfio_ccw_realize(DeviceState *dev, Error **errp) - - vfio_ccw_register_irq_notifier(vcdev, VFIO_CCW_REQ_IRQ_INDEX, &err); - if (err) { -- goto out_req_notifier_err; -+ /* -+ * Report this error, but do not make it a failing condition. -+ * Lack of this IRQ in the host does not prevent normal operation. -+ */ -+ error_report_err(err); - } - - return; - --out_req_notifier_err: -- vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_CRW_IRQ_INDEX); - out_crw_notifier_err: - vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX); - out_io_notifier_err: diff --git a/vhost-user-blk-Check-that-num-queues-is-.patch b/vhost-user-blk-Check-that-num-queues-is-.patch deleted file mode 100644 index 0ef7f253..00000000 --- a/vhost-user-blk-Check-that-num-queues-is-.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Kevin Wolf -Date: Thu, 29 Apr 2021 19:13:16 +0200 -Subject: vhost-user-blk: Check that num-queues is supported by backend - -Git-commit: c90bd505a3e8210c23d69fecab9ee6f56ec4a161 - -Creating a device with a number of queues that isn't supported by the -backend is pointless, the device won't work properly and the error -messages are rather confusing. - -Just fail to create the device if num-queues is higher than what the -backend supports. - -Since the relationship between num-queues and the number of virtqueues -depends on the specific device, this is an additional value that needs -to be initialised by the device. For convenience, allow leaving it 0 if -the check should be skipped. This makes sense for vhost-user-net where -separate vhost devices are used for the queues and custom initialisation -code is needed to perform the check. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935031 -Signed-off-by: Kevin Wolf -Reviewed-by: Raphael Norwitz -Message-Id: <20210429171316.162022-7-kwolf@redhat.com> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Kevin Wolf -Signed-off-by: Jose R. Ziviani ---- - hw/block/vhost-user-blk.c | 1 + - hw/virtio/vhost-user.c | 5 +++++ - include/hw/virtio/vhost.h | 2 ++ - 3 files changed, 8 insertions(+) - -diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c -index 738e8498b4a1d650047f7190c435..ceb6bdde71e57640677a48425148 100644 ---- a/hw/block/vhost-user-blk.c -+++ b/hw/block/vhost-user-blk.c -@@ -324,6 +324,7 @@ static int vhost_user_blk_connect(DeviceState *dev) - } - s->connected = true; - -+ s->dev.num_queues = s->num_queues; - s->dev.nvqs = s->num_queues; - s->dev.vqs = s->vhost_vqs; - s->dev.vq_index = 0; -diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c -index ded0c10453095830e24b6e53e8f8..ee57abe04526f6c55d983cb0254c 100644 ---- a/hw/virtio/vhost-user.c -+++ b/hw/virtio/vhost-user.c -@@ -1909,6 +1909,11 @@ static int vhost_user_backend_init(struct vhost_dev *dev, void *opaque) - return err; - } - } -+ if (dev->num_queues && dev->max_queues < dev->num_queues) { -+ error_report("The maximum number of queues supported by the " -+ "backend is %" PRIu64, dev->max_queues); -+ return -EINVAL; -+ } - - if (virtio_has_feature(features, VIRTIO_F_IOMMU_PLATFORM) && - !(virtio_has_feature(dev->protocol_features, -diff --git a/include/hw/virtio/vhost.h b/include/hw/virtio/vhost.h -index 4a8bc75415f6bba597c195e10a47..21a9a52088dd01838099046587fd 100644 ---- a/include/hw/virtio/vhost.h -+++ b/include/hw/virtio/vhost.h -@@ -74,6 +74,8 @@ struct vhost_dev { - int nvqs; - /* the first virtqueue which would be used by this vhost dev */ - int vq_index; -+ /* if non-zero, minimum required value for max_queues */ -+ int num_queues; - uint64_t features; - uint64_t acked_features; - uint64_t backend_features; diff --git a/vhost-user-blk-Don-t-reconnect-during-in.patch b/vhost-user-blk-Don-t-reconnect-during-in.patch deleted file mode 100644 index af9277bc..00000000 --- a/vhost-user-blk-Don-t-reconnect-during-in.patch +++ /dev/null @@ -1,171 +0,0 @@ -From: Kevin Wolf -Date: Thu, 29 Apr 2021 19:13:12 +0200 -Subject: vhost-user-blk: Don't reconnect during initialisation - -Git-commit: dabefdd6abcbc7d858e9413e4734aab2e0b5c8d9 - -This is a partial revert of commits 77542d43149 and bc79c87bcde. - -Usually, an error during initialisation means that the configuration was -wrong. Reconnecting won't make the error go away, but just turn the -error condition into an endless loop. Avoid this and return errors -again. - -Additionally, calling vhost_user_blk_disconnect() from the chardev event -handler could result in use-after-free because none of the -initialisation code expects that the device could just go away in the -middle. So removing the call fixes crashes in several places. - -For example, using a num-queues setting that is incompatible with the -backend would result in a crash like this (dereferencing dev->opaque, -which is already NULL): - - #0 0x0000555555d0a4bd in vhost_user_read_cb (source=0x5555568f4690, condition=(G_IO_IN | G_IO_HUP), opaque=0x7fffffffcbf0) at ../hw/virtio/vhost-user.c:313 - #1 0x0000555555d950d3 in qio_channel_fd_source_dispatch (source=0x555557c3f750, callback=0x555555d0a478 , user_data=0x7fffffffcbf0) at ../io/channel-watch.c:84 - #2 0x00007ffff7b32a9f in g_main_context_dispatch () at /lib64/libglib-2.0.so.0 - #3 0x00007ffff7b84a98 in g_main_context_iterate.constprop () at /lib64/libglib-2.0.so.0 - #4 0x00007ffff7b32163 in g_main_loop_run () at /lib64/libglib-2.0.so.0 - #5 0x0000555555d0a724 in vhost_user_read (dev=0x555557bc62f8, msg=0x7fffffffcc50) at ../hw/virtio/vhost-user.c:402 - #6 0x0000555555d0ee6b in vhost_user_get_config (dev=0x555557bc62f8, config=0x555557bc62ac "", config_len=60) at ../hw/virtio/vhost-user.c:2133 - #7 0x0000555555d56d46 in vhost_dev_get_config (hdev=0x555557bc62f8, config=0x555557bc62ac "", config_len=60) at ../hw/virtio/vhost.c:1566 - #8 0x0000555555cdd150 in vhost_user_blk_device_realize (dev=0x555557bc60b0, errp=0x7fffffffcf90) at ../hw/block/vhost-user-blk.c:510 - #9 0x0000555555d08f6d in virtio_device_realize (dev=0x555557bc60b0, errp=0x7fffffffcff0) at ../hw/virtio/virtio.c:3660 - -Note that this removes the ability to reconnect during initialisation -(but not during operation) when there is no permanent error, but the -backend restarts, as the implementation was buggy. This feature can be -added back in a follow-up series after changing error paths to -distinguish cases where retrying could help from cases with permanent -errors. - -Signed-off-by: Kevin Wolf -Message-Id: <20210429171316.162022-3-kwolf@redhat.com> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Kevin Wolf -Signed-off-by: Jose R. Ziviani ---- - hw/block/vhost-user-blk.c | 59 +++++++++++---------------------------- - 1 file changed, 17 insertions(+), 42 deletions(-) - -diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c -index 7c85248a7b78b9d9ec8614a3b5fe..c0b9958da1b4e155e063fb3426d0 100644 ---- a/hw/block/vhost-user-blk.c -+++ b/hw/block/vhost-user-blk.c -@@ -50,6 +50,8 @@ static const int user_feature_bits[] = { - VHOST_INVALID_FEATURE_BIT - }; - -+static void vhost_user_blk_event(void *opaque, QEMUChrEvent event); -+ - static void vhost_user_blk_update_config(VirtIODevice *vdev, uint8_t *config) - { - VHostUserBlk *s = VHOST_USER_BLK(vdev); -@@ -362,19 +364,6 @@ static void vhost_user_blk_disconnect(DeviceState *dev) - vhost_dev_cleanup(&s->dev); - } - --static void vhost_user_blk_event(void *opaque, QEMUChrEvent event, -- bool realized); -- --static void vhost_user_blk_event_realize(void *opaque, QEMUChrEvent event) --{ -- vhost_user_blk_event(opaque, event, false); --} -- --static void vhost_user_blk_event_oper(void *opaque, QEMUChrEvent event) --{ -- vhost_user_blk_event(opaque, event, true); --} -- - static void vhost_user_blk_chr_closed_bh(void *opaque) - { - DeviceState *dev = opaque; -@@ -382,12 +371,11 @@ static void vhost_user_blk_chr_closed_bh(void *opaque) - VHostUserBlk *s = VHOST_USER_BLK(vdev); - - vhost_user_blk_disconnect(dev); -- qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, -- vhost_user_blk_event_oper, NULL, opaque, NULL, true); -+ qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, vhost_user_blk_event, -+ NULL, opaque, NULL, true); - } - --static void vhost_user_blk_event(void *opaque, QEMUChrEvent event, -- bool realized) -+static void vhost_user_blk_event(void *opaque, QEMUChrEvent event) - { - DeviceState *dev = opaque; - VirtIODevice *vdev = VIRTIO_DEVICE(dev); -@@ -401,17 +389,7 @@ static void vhost_user_blk_event(void *opaque, QEMUChrEvent event, - } - break; - case CHR_EVENT_CLOSED: -- /* -- * Closing the connection should happen differently on device -- * initialization and operation stages. -- * On initalization, we want to re-start vhost_dev initialization -- * from the very beginning right away when the connection is closed, -- * so we clean up vhost_dev on each connection closing. -- * On operation, we want to postpone vhost_dev cleanup to let the -- * other code perform its own cleanup sequence using vhost_dev data -- * (e.g. vhost_dev_set_log). -- */ -- if (realized && !runstate_check(RUN_STATE_SHUTDOWN)) { -+ if (!runstate_check(RUN_STATE_SHUTDOWN)) { - /* - * A close event may happen during a read/write, but vhost - * code assumes the vhost_dev remains setup, so delay the -@@ -431,8 +409,6 @@ static void vhost_user_blk_event(void *opaque, QEMUChrEvent event, - * knowing its type (in this case vhost-user). - */ - s->dev.started = false; -- } else { -- vhost_user_blk_disconnect(dev); - } - break; - case CHR_EVENT_BREAK: -@@ -489,33 +465,32 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp) - s->vhost_vqs = g_new0(struct vhost_virtqueue, s->num_queues); - s->connected = false; - -- qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, -- vhost_user_blk_event_realize, NULL, (void *)dev, -- NULL, true); -- --reconnect: - if (qemu_chr_fe_wait_connected(&s->chardev, errp) < 0) { - goto virtio_err; - } - -- /* check whether vhost_user_blk_connect() failed or not */ -- if (!s->connected) { -- goto reconnect; -+ if (vhost_user_blk_connect(dev) < 0) { -+ error_setg(errp, "vhost-user-blk: could not connect"); -+ qemu_chr_fe_disconnect(&s->chardev); -+ goto virtio_err; - } -+ assert(s->connected); - - ret = vhost_dev_get_config(&s->dev, (uint8_t *)&s->blkcfg, - sizeof(struct virtio_blk_config)); - if (ret < 0) { -- error_report("vhost-user-blk: get block config failed"); -- goto reconnect; -+ error_setg(errp, "vhost-user-blk: get block config failed"); -+ goto vhost_err; - } - -- /* we're fully initialized, now we can operate, so change the handler */ -+ /* we're fully initialized, now we can operate, so add the handler */ - qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, -- vhost_user_blk_event_oper, NULL, (void *)dev, -+ vhost_user_blk_event, NULL, (void *)dev, - NULL, true); - return; - -+vhost_err: -+ vhost_dev_cleanup(&s->dev); - virtio_err: - g_free(s->vhost_vqs); - s->vhost_vqs = NULL; diff --git a/vhost-user-blk-Fail-gracefully-on-too-la.patch b/vhost-user-blk-Fail-gracefully-on-too-la.patch deleted file mode 100644 index 9e6166c0..00000000 --- a/vhost-user-blk-Fail-gracefully-on-too-la.patch +++ /dev/null @@ -1,47 +0,0 @@ -From: Kevin Wolf -Date: Tue, 13 Apr 2021 18:56:54 +0200 -Subject: vhost-user-blk: Fail gracefully on too large queue size -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 68bf7336533faa6aa90fdd4558edddbf5d8ef814 - -virtio_add_queue() aborts when queue_size > VIRTQUEUE_MAX_SIZE, so -vhost_user_blk_device_realize() should check this before calling it. - -Simple reproducer: - -qemu-system-x86_64 \ - -chardev null,id=foo \ - -device vhost-user-blk-pci,queue-size=4096,chardev=foo - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935014 -Signed-off-by: Kevin Wolf -Message-Id: <20210413165654.50810-1-kwolf@redhat.com> -Reviewed-by: Stefan Hajnoczi -Reviewed-by: Raphael Norwitz -Reviewed-by: Philippe Mathieu-Daudé -Tested-by: Philippe Mathieu-Daudé -Signed-off-by: Kevin Wolf -Signed-off-by: Jose R. Ziviani ---- - hw/block/vhost-user-blk.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c -index 0b5b9d44cdb0ed4d4a43974e7cdd..f5e9682703f3433c4b363003f90f 100644 ---- a/hw/block/vhost-user-blk.c -+++ b/hw/block/vhost-user-blk.c -@@ -467,6 +467,11 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp) - error_setg(errp, "vhost-user-blk: queue size must be non-zero"); - return; - } -+ if (s->queue_size > VIRTQUEUE_MAX_SIZE) { -+ error_setg(errp, "vhost-user-blk: queue size must not exceed %d", -+ VIRTQUEUE_MAX_SIZE); -+ return; -+ } - - if (!vhost_user_init(&s->vhost_user, &s->chardev, errp)) { - return; diff --git a/vhost-user-blk-Get-more-feature-flags-fr.patch b/vhost-user-blk-Get-more-feature-flags-fr.patch deleted file mode 100644 index 2d3b1d3a..00000000 --- a/vhost-user-blk-Get-more-feature-flags-fr.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Kevin Wolf -Date: Thu, 29 Apr 2021 19:13:14 +0200 -Subject: vhost-user-blk: Get more feature flags from vhost device - -Git-commit: 7556a320c98812ca6648b707393f4513387faf73 - -VIRTIO_F_RING_PACKED and VIRTIO_F_IOMMU_PLATFORM need to be supported by -the vhost device, otherwise advertising it to the guest doesn't result -in a working configuration. They are currently not supported by the -vhost-user-blk export in QEMU. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935020 -Signed-off-by: Kevin Wolf -Acked-by: Raphael Norwitz -Message-Id: <20210429171316.162022-5-kwolf@redhat.com> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Kevin Wolf -Signed-off-by: Jose R. Ziviani ---- - hw/block/vhost-user-blk.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c -index c0b9958da1b4e155e063fb3426d0..738e8498b4a1d650047f7190c435 100644 ---- a/hw/block/vhost-user-blk.c -+++ b/hw/block/vhost-user-blk.c -@@ -47,6 +47,8 @@ static const int user_feature_bits[] = { - VIRTIO_RING_F_INDIRECT_DESC, - VIRTIO_RING_F_EVENT_IDX, - VIRTIO_F_NOTIFY_ON_EMPTY, -+ VIRTIO_F_RING_PACKED, -+ VIRTIO_F_IOMMU_PLATFORM, - VHOST_INVALID_FEATURE_BIT - }; - diff --git a/vhost-user-blk-Make-sure-to-set-Error-on.patch b/vhost-user-blk-Make-sure-to-set-Error-on.patch deleted file mode 100644 index d6a42643..00000000 --- a/vhost-user-blk-Make-sure-to-set-Error-on.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Kevin Wolf -Date: Thu, 29 Apr 2021 19:13:11 +0200 -Subject: vhost-user-blk: Make sure to set Error on realize failure - -Git-commit: f26729715ef21325f972f693607580a829ad1cbb - -We have to set errp before jumping to virtio_err, otherwise the caller -(virtio_device_realize()) will take this as success and crash when it -later tries to access things that we've already freed in the error path. - -Fixes: 77542d431491788d1e8e79d93ce10172ef207775 -Signed-off-by: Kevin Wolf -Message-Id: <20210429171316.162022-2-kwolf@redhat.com> -Reviewed-by: Michael S. Tsirkin -Reviewed-by: Eric Blake -Acked-by: Raphael Norwitz -Signed-off-by: Kevin Wolf -Signed-off-by: Jose R. Ziviani ---- - hw/block/vhost-user-blk.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c -index f5e9682703f3433c4b363003f90f..7c85248a7b78b9d9ec8614a3b5fe 100644 ---- a/hw/block/vhost-user-blk.c -+++ b/hw/block/vhost-user-blk.c -@@ -447,7 +447,6 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp) - { - VirtIODevice *vdev = VIRTIO_DEVICE(dev); - VHostUserBlk *s = VHOST_USER_BLK(vdev); -- Error *err = NULL; - int i, ret; - - if (!s->chardev.chr) { -@@ -495,8 +494,7 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp) - NULL, true); - - reconnect: -- if (qemu_chr_fe_wait_connected(&s->chardev, &err) < 0) { -- error_report_err(err); -+ if (qemu_chr_fe_wait_connected(&s->chardev, errp) < 0) { - goto virtio_err; - } - diff --git a/vhost-user-gpu-abstract-vg_cleanup_mappi.patch b/vhost-user-gpu-abstract-vg_cleanup_mappi.patch deleted file mode 100644 index 13501278..00000000 --- a/vhost-user-gpu-abstract-vg_cleanup_mappi.patch +++ /dev/null @@ -1,133 +0,0 @@ -From: Li Qiang -Date: Sat, 15 May 2021 20:04:03 -0700 -Subject: vhost-user-gpu: abstract vg_cleanup_mapping_iov -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 3ea32d1355d446057c17458238db2749c52ee8f0 -References: CVE-2021-3546 bsc#1185981 - CVE-2021-3545 bsc#1185990 - CVE-2021-3544 bsc#1186010 - -Currently in vhost-user-gpu, we free resource directly in -the cleanup case of resource. If we change the cleanup logic -we need to change several places, also abstruct a -'vg_create_mapping_iov' can be symmetry with the -'vg_create_mapping_iov'. This is like what virtio-gpu does, -no function changed. - -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-Id: <20210516030403.107723-9-liq3ea@163.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Jose R. Ziviani ---- - contrib/vhost-user-gpu/vhost-user-gpu.c | 24 ++++++++++++++++++++---- - contrib/vhost-user-gpu/virgl.c | 9 +++++---- - contrib/vhost-user-gpu/vugpu.h | 2 +- - 3 files changed, 26 insertions(+), 9 deletions(-) - -diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c -index 770dfad52989b2651eea67fdbb1b..6dc6a44f4e263bfb31ba9ba6ff32 100644 ---- a/contrib/vhost-user-gpu/vhost-user-gpu.c -+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c -@@ -49,6 +49,8 @@ static char *opt_render_node; - static gboolean opt_virgl; - - static void vg_handle_ctrl(VuDev *dev, int qidx); -+static void vg_cleanup_mapping(VuGpu *g, -+ struct virtio_gpu_simple_resource *res); - - static const char * - vg_cmd_to_string(int cmd) -@@ -400,7 +402,7 @@ vg_resource_destroy(VuGpu *g, - } - - vugbm_buffer_destroy(&res->buffer); -- g_free(res->iov); -+ vg_cleanup_mapping(g, res); - pixman_image_unref(res->image); - QTAILQ_REMOVE(&g->reslist, res, next); - g_free(res); -@@ -504,6 +506,22 @@ vg_resource_attach_backing(VuGpu *g, - res->iov_cnt = ab.nr_entries; - } - -+/* Though currently only free iov, maybe later will do more work. */ -+void vg_cleanup_mapping_iov(VuGpu *g, -+ struct iovec *iov, uint32_t count) -+{ -+ g_free(iov); -+} -+ -+static void -+vg_cleanup_mapping(VuGpu *g, -+ struct virtio_gpu_simple_resource *res) -+{ -+ vg_cleanup_mapping_iov(g, res->iov, res->iov_cnt); -+ res->iov = NULL; -+ res->iov_cnt = 0; -+} -+ - static void - vg_resource_detach_backing(VuGpu *g, - struct virtio_gpu_ctrl_command *cmd) -@@ -522,9 +540,7 @@ vg_resource_detach_backing(VuGpu *g, - return; - } - -- g_free(res->iov); -- res->iov = NULL; -- res->iov_cnt = 0; -+ vg_cleanup_mapping(g, res); - } - - static void -diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c -index 7172104b19d7a79eb7cc3404e09f..3e45e1bd33600fe5d91c0eea3af8 100644 ---- a/contrib/vhost-user-gpu/virgl.c -+++ b/contrib/vhost-user-gpu/virgl.c -@@ -116,8 +116,9 @@ virgl_cmd_resource_unref(VuGpu *g, - virgl_renderer_resource_detach_iov(unref.resource_id, - &res_iovs, - &num_iovs); -- g_free(res_iovs); -- -+ if (res_iovs != NULL && num_iovs != 0) { -+ vg_cleanup_mapping_iov(g, res_iovs, num_iovs); -+ } - virgl_renderer_resource_unref(unref.resource_id); - } - -@@ -294,7 +295,7 @@ virgl_resource_attach_backing(VuGpu *g, - ret = virgl_renderer_resource_attach_iov(att_rb.resource_id, - res_iovs, att_rb.nr_entries); - if (ret != 0) { -- g_free(res_iovs); -+ vg_cleanup_mapping_iov(g, res_iovs, att_rb.nr_entries); - } - } - -@@ -314,7 +315,7 @@ virgl_resource_detach_backing(VuGpu *g, - if (res_iovs == NULL || num_iovs == 0) { - return; - } -- g_free(res_iovs); -+ vg_cleanup_mapping_iov(g, res_iovs, num_iovs); - } - - static void -diff --git a/contrib/vhost-user-gpu/vugpu.h b/contrib/vhost-user-gpu/vugpu.h -index 04d56158123d3ee1c271302d8f8a..e2864bba68e0d9c1228eb7745c50 100644 ---- a/contrib/vhost-user-gpu/vugpu.h -+++ b/contrib/vhost-user-gpu/vugpu.h -@@ -169,7 +169,7 @@ int vg_create_mapping_iov(VuGpu *g, - struct virtio_gpu_resource_attach_backing *ab, - struct virtio_gpu_ctrl_command *cmd, - struct iovec **iov); -- -+void vg_cleanup_mapping_iov(VuGpu *g, struct iovec *iov, uint32_t count); - void vg_get_display_info(VuGpu *vg, struct virtio_gpu_ctrl_command *cmd); - - void vg_wait_ok(VuGpu *g); diff --git a/vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch b/vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch deleted file mode 100644 index c2a8a921..00000000 --- a/vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Li Qiang -Date: Sat, 15 May 2021 20:04:02 -0700 -Subject: vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' - (CVE-2021-3546) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 9f22893adcb02580aee5968f32baa2cd109b3ec2 -References: CVE-2021-3546 bsc#1185981 - -If 'virgl_cmd_get_capset' set 'max_size' to 0, -the 'virgl_renderer_fill_caps' will write the data after the 'resp'. -This patch avoid this by checking the returned 'max_size'. - -virtio-gpu fix: abd7f08b23 ("display: virtio-gpu-3d: check -virgl capabilities max_size") - -Fixes: CVE-2021-3546 -Reported-by: Li Qiang -Reviewed-by: Prasad J Pandit -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-Id: <20210516030403.107723-8-liq3ea@163.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Jose R. Ziviani ---- - contrib/vhost-user-gpu/virgl.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c -index a16a311d80df19294e4330f7d004..7172104b19d7a79eb7cc3404e09f 100644 ---- a/contrib/vhost-user-gpu/virgl.c -+++ b/contrib/vhost-user-gpu/virgl.c -@@ -177,6 +177,10 @@ virgl_cmd_get_capset(VuGpu *g, - - virgl_renderer_get_cap_set(gc.capset_id, &max_ver, - &max_size); -+ if (!max_size) { -+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; -+ return; -+ } - resp = g_malloc0(sizeof(*resp) + max_size); - - resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET; diff --git a/vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch b/vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch deleted file mode 100644 index d5452609..00000000 --- a/vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch +++ /dev/null @@ -1,55 +0,0 @@ -From: Li Qiang -Date: Sat, 15 May 2021 20:04:00 -0700 -Subject: vhost-user-gpu: fix leak in 'virgl_cmd_resource_unref' - (CVE-2021-3544) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-comit: f6091d86ba9ea05f4e111b9b42ee0005c37a6779 -References: CVE-2021-3544 bsc#1186010 - -The 'res->iov' will be leaked if the guest trigger following sequences: - - virgl_cmd_create_resource_2d - virgl_resource_attach_backing - virgl_cmd_resource_unref - -This patch fixes this. - -Fixes: CVE-2021-3544 -Reported-by: Li Qiang -virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak -in virgl_cmd_resource_unref" - -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-Id: <20210516030403.107723-6-liq3ea@163.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Jose R. Ziviani -[jrz: tweaked title to not break spec file] ---- - contrib/vhost-user-gpu/virgl.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c -index 6a332d601f8092c5017e903930e5..c669d73a1dbe93d8faa1474462a9 100644 ---- a/contrib/vhost-user-gpu/virgl.c -+++ b/contrib/vhost-user-gpu/virgl.c -@@ -108,9 +108,16 @@ virgl_cmd_resource_unref(VuGpu *g, - struct virtio_gpu_ctrl_command *cmd) - { - struct virtio_gpu_resource_unref unref; -+ struct iovec *res_iovs = NULL; -+ int num_iovs = 0; - - VUGPU_FILL_CMD(unref); - -+ virgl_renderer_resource_detach_iov(unref.resource_id, -+ &res_iovs, -+ &num_iovs); -+ g_free(res_iovs); -+ - virgl_renderer_resource_unref(unref.resource_id); - } - diff --git a/vhost-user-gpu-fix-leak-in-virgl_resourc.patch b/vhost-user-gpu-fix-leak-in-virgl_resourc.patch deleted file mode 100644 index 2ec38aa2..00000000 --- a/vhost-user-gpu-fix-leak-in-virgl_resourc.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Li Qiang -Date: Sat, 15 May 2021 20:04:01 -0700 -Subject: vhost-user-gpu: fix leak in 'virgl_resource_attach_backing' - (CVE-2021-3544) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 63736af5a6571d9def93769431e0d7e38c6677bf -References: CVE-2021-3544 bsc#1186010 - -If 'virgl_renderer_resource_attach_iov' failed, the 'res_iovs' will -be leaked. - -Fixes: CVE-2021-3544 -Reported-by: Li Qiang -virtio-gpu fix: 33243031da ("virtio-gpu-3d: fix memory leak -in resource attach backing") - -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-Id: <20210516030403.107723-7-liq3ea@163.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Jose R. Ziviani -[jrz: tweak title to not break spec file] ---- - contrib/vhost-user-gpu/virgl.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c -index c669d73a1dbe93d8faa1474462a9..a16a311d80df19294e4330f7d004 100644 ---- a/contrib/vhost-user-gpu/virgl.c -+++ b/contrib/vhost-user-gpu/virgl.c -@@ -287,8 +287,11 @@ virgl_resource_attach_backing(VuGpu *g, - return; - } - -- virgl_renderer_resource_attach_iov(att_rb.resource_id, -+ ret = virgl_renderer_resource_attach_iov(att_rb.resource_id, - res_iovs, att_rb.nr_entries); -+ if (ret != 0) { -+ g_free(res_iovs); -+ } - } - - static void diff --git a/vhost-user-gpu-fix-memory-disclosure-in-.patch b/vhost-user-gpu-fix-memory-disclosure-in-.patch deleted file mode 100644 index b575cbea..00000000 --- a/vhost-user-gpu-fix-memory-disclosure-in-.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Li Qiang -Date: Sat, 15 May 2021 20:03:56 -0700 -Subject: vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info - (CVE-2021-3545) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 121841b25d72d13f8cad554363138c360f1250ea -References: CVE-2021-3545 bsc#1185990 - -Otherwise some of the 'resp' will be leaked to guest. - -Fixes: CVE-2021-3545 -Reported-by: Li Qiang -virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak -in getting capset info dispatch") - -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-Id: <20210516030403.107723-2-liq3ea@163.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Jose R. Ziviani ---- - contrib/vhost-user-gpu/virgl.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c -index 9e6660c7ab875fe83f366d040c97..6a332d601f8092c5017e903930e5 100644 ---- a/contrib/vhost-user-gpu/virgl.c -+++ b/contrib/vhost-user-gpu/virgl.c -@@ -128,6 +128,7 @@ virgl_cmd_get_capset_info(VuGpu *g, - - VUGPU_FILL_CMD(info); - -+ memset(&resp, 0, sizeof(resp)); - if (info.capset_index == 0) { - resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL; - virgl_renderer_get_cap_set(resp.capset_id, diff --git a/vhost-user-gpu-fix-memory-leak-in-vg_res.patch b/vhost-user-gpu-fix-memory-leak-in-vg_res.patch deleted file mode 100644 index a74a08ab..00000000 --- a/vhost-user-gpu-fix-memory-leak-in-vg_res.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Li Qiang -Date: Sat, 15 May 2021 20:03:58 -0700 -Subject: vhost-user-gpu: fix memory leak in vg_resource_attach_backing - (CVE-2021-3544) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: b9f79858a614d95f5de875d0ca31096eaab72c3b -References: CVE-2021-3544 bsc#1186010 - -Check whether the 'res' has already been attach_backing to avoid -memory leak. - -Fixes: CVE-2021-3544 -Reported-by: Li Qiang -virtio-gpu fix: 204f01b309 ("virtio-gpu: fix memory leak -in resource attach backing") - -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-Id: <20210516030403.107723-4-liq3ea@163.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Jose R. Ziviani ---- - contrib/vhost-user-gpu/vhost-user-gpu.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c -index b5e153d0d648def62d5700e686c0..0437e52b64604512607e548d01d8 100644 ---- a/contrib/vhost-user-gpu/vhost-user-gpu.c -+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c -@@ -489,6 +489,11 @@ vg_resource_attach_backing(VuGpu *g, - return; - } - -+ if (res->iov) { -+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; -+ return; -+ } -+ - ret = vg_create_mapping_iov(g, &ab, cmd, &res->iov); - if (ret != 0) { - cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; diff --git a/vhost-user-gpu-fix-memory-leak-while-cal.patch b/vhost-user-gpu-fix-memory-leak-while-cal.patch deleted file mode 100644 index f65a5606..00000000 --- a/vhost-user-gpu-fix-memory-leak-while-cal.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Li Qiang -Date: Sat, 15 May 2021 20:03:59 -0700 -Subject: vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' - (CVE-2021-3544) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e -References: CVE-2021-3544 bsc#1186010 - -If the guest trigger following sequences, the attach_backing will be leaked: - - vg_resource_create_2d - vg_resource_attach_backing - vg_resource_unref - -This patch fix this by freeing 'res->iov' in vg_resource_destroy. - -Fixes: CVE-2021-3544 -Reported-by: Li Qiang -virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak -in virgl_cmd_resource_unref") - -Reviewed-by: Prasad J Pandit -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-Id: <20210516030403.107723-5-liq3ea@163.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Jose R. Ziviani ---- - contrib/vhost-user-gpu/vhost-user-gpu.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c -index 0437e52b64604512607e548d01d8..770dfad52989b2651eea67fdbb1b 100644 ---- a/contrib/vhost-user-gpu/vhost-user-gpu.c -+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c -@@ -400,6 +400,7 @@ vg_resource_destroy(VuGpu *g, - } - - vugbm_buffer_destroy(&res->buffer); -+ g_free(res->iov); - pixman_image_unref(res->image); - QTAILQ_REMOVE(&g->reslist, res, next); - g_free(res); diff --git a/vhost-user-gpu-fix-resource-leak-in-vg_r.patch b/vhost-user-gpu-fix-resource-leak-in-vg_r.patch deleted file mode 100644 index a20b6825..00000000 --- a/vhost-user-gpu-fix-resource-leak-in-vg_r.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Li Qiang -Date: Sat, 15 May 2021 20:03:57 -0700 -Subject: vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' - (CVE-2021-3544) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 86dd8fac2acc366930a5dc08d3fb1b1e816f4e1e -References: CVE-2021-3544 bsc#1186010 - -Call 'vugbm_buffer_destroy' in error path to avoid resource leak. - -Fixes: CVE-2021-3544 -Reported-by: Li Qiang -Reviewed-by: Prasad J Pandit -Signed-off-by: Li Qiang -Reviewed-by: Marc-André Lureau -Message-Id: <20210516030403.107723-3-liq3ea@163.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Jose R. Ziviani ---- - contrib/vhost-user-gpu/vhost-user-gpu.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-gpu/vhost-user-gpu.c -index f73f292c9f72395525c51c8bd9fb..b5e153d0d648def62d5700e686c0 100644 ---- a/contrib/vhost-user-gpu/vhost-user-gpu.c -+++ b/contrib/vhost-user-gpu/vhost-user-gpu.c -@@ -349,6 +349,7 @@ vg_resource_create_2d(VuGpu *g, - g_critical("%s: resource creation failed %d %d %d", - __func__, c2d.resource_id, c2d.width, c2d.height); - g_free(res); -+ vugbm_buffer_destroy(&res->buffer); - cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; - return; - } diff --git a/vhost-vdpa-don-t-initialize-backend_feat.patch b/vhost-vdpa-don-t-initialize-backend_feat.patch deleted file mode 100644 index 5bf2924b..00000000 --- a/vhost-vdpa-don-t-initialize-backend_feat.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Jason Wang -Date: Wed, 2 Jun 2021 11:31:26 +0800 -Subject: vhost-vdpa: don't initialize backend_features - -Git-commit: c33f23a419f95da16ab4faaf08be635c89b96ff0 - -We used to initialize backend_features during vhost_vdpa_init() -regardless whether or not it was supported by vhost. This will lead -the unsupported features like VIRTIO_F_IN_ORDER to be included and set -to the vhost-vdpa during vhost_dev_start. Because the -VIRTIO_F_IN_ORDER is not supported by vhost-vdpa so it won't be -advertised to guest which will break the datapath. - -Fix this by not initializing the backend_features, so the -acked_features could be built only from guest features via -vhost_net_ack_features(). - -Fixes: 108a64818e69b ("vhost-vdpa: introduce vhost-vdpa backend") -Cc: qemu-stable@nongnu.org -Cc: Gautam Dawar -Signed-off-by: Jason Wang -Signed-off-by: Jose R. Ziviani ---- - hw/virtio/vhost-vdpa.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c -index 01d2101d0976fdd8e407a32ec9db..5fe43a4eb5c48148085b62901ff6 100644 ---- a/hw/virtio/vhost-vdpa.c -+++ b/hw/virtio/vhost-vdpa.c -@@ -275,15 +275,12 @@ static void vhost_vdpa_add_status(struct vhost_dev *dev, uint8_t status) - static int vhost_vdpa_init(struct vhost_dev *dev, void *opaque) - { - struct vhost_vdpa *v; -- uint64_t features; - assert(dev->vhost_ops->backend_type == VHOST_BACKEND_TYPE_VDPA); - trace_vhost_vdpa_init(dev, opaque); - - v = opaque; - v->dev = dev; - dev->opaque = opaque ; -- vhost_vdpa_call(dev, VHOST_GET_FEATURES, &features); -- dev->backend_features = features; - v->listener = vhost_vdpa_memory_listener; - v->msg_type = VHOST_IOTLB_MSG_V2; - diff --git a/virtio-Fail-if-iommu_platform-is-request.patch b/virtio-Fail-if-iommu_platform-is-request.patch deleted file mode 100644 index ccf3a99d..00000000 --- a/virtio-Fail-if-iommu_platform-is-request.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Kevin Wolf -Date: Thu, 29 Apr 2021 19:13:15 +0200 -Subject: virtio: Fail if iommu_platform is requested, but unsupported - -Git-commit: 04ceb61a4075fadbf374ef89662c41999da83489 - -Commit 2943b53f6 (' virtio: force VIRTIO_F_IOMMU_PLATFORM') made sure -that vhost can't just reject VIRTIO_F_IOMMU_PLATFORM when it was -requested. However, just adding it back to the negotiated flags isn't -right either because it promises support to the guest that the device -actually doesn't support. One example of a vhost-user device that -doesn't have support for the flag is the vhost-user-blk export of QEMU. - -Instead of successfully creating a device that doesn't work, just fail -to plug the device when it doesn't support the feature, but it was -requested. This results in much clearer error messages. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935019 -Signed-off-by: Kevin Wolf -Reviewed-by: Raphael Norwitz -Message-Id: <20210429171316.162022-6-kwolf@redhat.com> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Kevin Wolf -Signed-off-by: Jose R. Ziviani ---- - hw/virtio/virtio-bus.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c -index d6332d45c3b201d6528d84306da9..859978d24877a04ed5eaa03d060d 100644 ---- a/hw/virtio/virtio-bus.c -+++ b/hw/virtio/virtio-bus.c -@@ -69,6 +69,11 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp) - return; - } - -+ if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) { -+ error_setg(errp, "iommu_platform=true is not supported by the device"); -+ return; -+ } -+ - if (klass->device_plugged != NULL) { - klass->device_plugged(qbus->parent, &local_err); - } diff --git a/virtio-blk-Fix-rollback-path-in-virtio_b.patch b/virtio-blk-Fix-rollback-path-in-virtio_b.patch deleted file mode 100644 index 4673d4a8..00000000 --- a/virtio-blk-Fix-rollback-path-in-virtio_b.patch +++ /dev/null @@ -1,68 +0,0 @@ -From: Greg Kurz -Date: Wed, 7 Apr 2021 16:34:58 +0200 -Subject: virtio-blk: Fix rollback path in virtio_blk_data_plane_start() - -Git-commit: 570fe439e5d1b8626cf344c6bc97d90cfcaf0c79 - -When dataplane multiqueue support was added in QEMU 2.7, the path -that would rollback guest notifiers assignment in case of error -simply got dropped. - -Later on, when Error was added to blk_set_aio_context() in QEMU 4.1, -another error path was introduced, but it ommits to rollback both -host and guest notifiers. - -It seems cleaner to fix the rollback path in one go. The patch is -simple enough that it can be adjusted if backported to a pre-4.1 -QEMU. - -Fixes: 51b04ac5c6a6 ("virtio-blk: dataplane multiqueue support") -Cc: stefanha@redhat.com -Fixes: 97896a4887a0 ("block: Add Error to blk_set_aio_context()") -Cc: kwolf@redhat.com -Signed-off-by: Greg Kurz -Reviewed-by: Stefan Hajnoczi -Message-Id: <20210407143501.244343-2-groug@kaod.org> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Jose R. Ziviani ---- - hw/block/dataplane/virtio-blk.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c -index e9050c8987e7d4c8496135dd87ea..d7b5c95d26d9ec818118513b40c3 100644 ---- a/hw/block/dataplane/virtio-blk.c -+++ b/hw/block/dataplane/virtio-blk.c -@@ -207,7 +207,7 @@ int virtio_blk_data_plane_start(VirtIODevice *vdev) - virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false); - virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i); - } -- goto fail_guest_notifiers; -+ goto fail_host_notifiers; - } - } - -@@ -221,7 +221,7 @@ int virtio_blk_data_plane_start(VirtIODevice *vdev) - aio_context_release(old_context); - if (r < 0) { - error_report_err(local_err); -- goto fail_guest_notifiers; -+ goto fail_aio_context; - } - - /* Process queued requests before the ones in vring */ -@@ -245,6 +245,13 @@ int virtio_blk_data_plane_start(VirtIODevice *vdev) - aio_context_release(s->ctx); - return 0; - -+ fail_aio_context: -+ for (i = 0; i < nvqs; i++) { -+ virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false); -+ virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i); -+ } -+ fail_host_notifiers: -+ k->set_guest_notifiers(qbus->parent, nvqs, false); - fail_guest_notifiers: - /* - * If we failed to set up the guest notifiers queued requests will be diff --git a/virtiofsd-Fix-side-effect-in-assert.patch b/virtiofsd-Fix-side-effect-in-assert.patch deleted file mode 100644 index af127e5f..00000000 --- a/virtiofsd-Fix-side-effect-in-assert.patch +++ /dev/null @@ -1,100 +0,0 @@ -From: Greg Kurz -Date: Fri, 9 Apr 2021 12:06:27 +0200 -Subject: virtiofsd: Fix side-effect in assert() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 0adb3aff3932d05b069bd2cb13480f1611cce654 - -It is bad practice to put an expression with a side-effect in -assert() because the side-effect won't happen if the code is -compiled with -DNDEBUG. - -Use an intermediate variable. Consolidate this in an macro to -have proper line numbers when the assertion is hit. - -virtiofsd: ../../tools/virtiofsd/passthrough_ll.c:2797: lo_getxattr: - Assertion `fchdir_res == 0' failed. -Aborted - - 2796 /* fchdir should not fail here */ -=>2797 FCHDIR_NOFAIL(lo->proc_self_fd); - 2798 ret = getxattr(procname, name, value, size); - 2799 FCHDIR_NOFAIL(lo->root.fd); - -Fixes: bdfd66788349 ("virtiofsd: Fix xattr operations") -Cc: misono.tomohiro@jp.fujitsu.com -Signed-off-by: Greg Kurz -Message-Id: <20210409100627.451573-1-groug@kaod.org> -Signed-off-by: Dr. David Alan Gilbert -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Jose R. Ziviani ---- - tools/virtiofsd/passthrough_ll.c | 21 +++++++++++++-------- - 1 file changed, 13 insertions(+), 8 deletions(-) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 1553d2ef454f55a3103b452841d5..6592f96f685e52fecf5703739e7d 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -2723,6 +2723,11 @@ static int xattr_map_server(const struct lo_data *lo, const char *server_name, - return -ENODATA; - } - -+#define FCHDIR_NOFAIL(fd) do { \ -+ int fchdir_res = fchdir(fd); \ -+ assert(fchdir_res == 0); \ -+ } while (0) -+ - static void lo_getxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name, - size_t size) - { -@@ -2789,9 +2794,9 @@ static void lo_getxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name, - ret = fgetxattr(fd, name, value, size); - } else { - /* fchdir should not fail here */ -- assert(fchdir(lo->proc_self_fd) == 0); -+ FCHDIR_NOFAIL(lo->proc_self_fd); - ret = getxattr(procname, name, value, size); -- assert(fchdir(lo->root.fd) == 0); -+ FCHDIR_NOFAIL(lo->root.fd); - } - - if (ret == -1) { -@@ -2864,9 +2869,9 @@ static void lo_listxattr(fuse_req_t req, fuse_ino_t ino, size_t size) - ret = flistxattr(fd, value, size); - } else { - /* fchdir should not fail here */ -- assert(fchdir(lo->proc_self_fd) == 0); -+ FCHDIR_NOFAIL(lo->proc_self_fd); - ret = listxattr(procname, value, size); -- assert(fchdir(lo->root.fd) == 0); -+ FCHDIR_NOFAIL(lo->root.fd); - } - - if (ret == -1) { -@@ -3000,9 +3005,9 @@ static void lo_setxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name, - ret = fsetxattr(fd, name, value, size, flags); - } else { - /* fchdir should not fail here */ -- assert(fchdir(lo->proc_self_fd) == 0); -+ FCHDIR_NOFAIL(lo->proc_self_fd); - ret = setxattr(procname, name, value, size, flags); -- assert(fchdir(lo->root.fd) == 0); -+ FCHDIR_NOFAIL(lo->root.fd); - } - - saverr = ret == -1 ? errno : 0; -@@ -3066,9 +3071,9 @@ static void lo_removexattr(fuse_req_t req, fuse_ino_t ino, const char *in_name) - ret = fremovexattr(fd, name); - } else { - /* fchdir should not fail here */ -- assert(fchdir(lo->proc_self_fd) == 0); -+ FCHDIR_NOFAIL(lo->proc_self_fd); - ret = removexattr(procname, name); -- assert(fchdir(lo->root.fd) == 0); -+ FCHDIR_NOFAIL(lo->root.fd); - } - - saverr = ret == -1 ? errno : 0; diff --git a/vl-Fix-an-assert-failure-in-error-path.patch b/vl-Fix-an-assert-failure-in-error-path.patch deleted file mode 100644 index eaaba6b7..00000000 --- a/vl-Fix-an-assert-failure-in-error-path.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Zhenzhong Duan -Date: Thu, 10 Jun 2021 16:47:41 +0800 -Subject: vl: Fix an assert failure in error path - -Git-commit: 38f71349c7c4969bc14da4da1c70b8cc4078d596 - -Based on the description of error_setg(), the local variable err in -qemu_maybe_daemonize() should be initialized to NULL. - -Without fix, the uninitialized *errp triggers assert failure which -doesn't show much valuable information. - -Before the fix: -qemu-system-x86_64: ../util/error.c:59: error_setv: Assertion `*errp == NULL' failed. - -After fix: -qemu-system-x86_64: cannot create PID file: Cannot open pid file: Permission denied - -Signed-off-by: Zhenzhong Duan -Message-Id: <20210610084741.456260-1-zhenzhong.duan@intel.com> -Cc: qemu-stable@nongnu.org -Fixes: 0546c0609c ("vl: split various early command line options to a separate function", 2020-12-10) -Signed-off-by: Paolo Bonzini -Signed-off-by: Jose R. Ziviani ---- - softmmu/vl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/softmmu/vl.c b/softmmu/vl.c -index 8cb68f21b9f2a5cf159295169ed0..8a0ab39d81b1108826526bf3fc9a 100644 ---- a/softmmu/vl.c -+++ b/softmmu/vl.c -@@ -2509,7 +2509,7 @@ static void qemu_process_help_options(void) - - static void qemu_maybe_daemonize(const char *pid_file) - { -- Error *err; -+ Error *err = NULL; - - os_daemonize(); - rcu_disable_atfork(); diff --git a/vl-allow-not-specifying-size-in-m-when-u.patch b/vl-allow-not-specifying-size-in-m-when-u.patch deleted file mode 100644 index 2e3d5612..00000000 --- a/vl-allow-not-specifying-size-in-m-when-u.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Paolo Bonzini -Date: Mon, 17 May 2021 10:13:01 -0400 -Subject: vl: allow not specifying size in -m when using -M memory-backend - -Git-commit: d349f92f78d26db2805ca39a7745cc70affea021 - -Starting in QEMU 6.0's commit f5c9fcb82d ("vl: separate -qemu_create_machine", 2020-12-10), a function have_custom_ram_size() -replaced the return value of set_memory_options(). - -The purpose of the return value was to record the presence of -"-m size", and if it was not there, change the default RAM -size to the size of the memory backend passed with "-M -memory-backend". - -With that commit, however, have_custom_ram_size() is now queried only -after set_memory_options has stored the fixed-up RAM size in QemuOpts for -"future use". This was actually the only future use of the fixed-up RAM -size, so remove that code and fix the bug. - -Cc: qemu-stable@nongnu.org -Fixes: f5c9fcb82d ("vl: separate qemu_create_machine", 2020-12-10) -Signed-off-by: Paolo Bonzini -Signed-off-by: Jose R. Ziviani ---- - softmmu/vl.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/softmmu/vl.c b/softmmu/vl.c -index 07ade8e5ccd2934a69b82bcaabae..1b9b067ecad6fb392bb34f61fe77 100644 ---- a/softmmu/vl.c -+++ b/softmmu/vl.c -@@ -2026,8 +2026,6 @@ static void set_memory_options(MachineClass *mc) - exit(EXIT_FAILURE); - } - -- /* store value for the future use */ -- qemu_opt_set_number(opts, "size", ram_size, &error_abort); - maxram_size = ram_size; - - if (qemu_opt_get(opts, "maxmem")) { diff --git a/vl-plug-object-back-into-readconfig.patch b/vl-plug-object-back-into-readconfig.patch deleted file mode 100644 index 852eebf5..00000000 --- a/vl-plug-object-back-into-readconfig.patch +++ /dev/null @@ -1,87 +0,0 @@ -From: Paolo Bonzini -Date: Mon, 24 May 2021 06:57:52 -0400 -Subject: vl: plug -object back into -readconfig - -Git-commit: 49e987695a1873a769a823604f9065aa88e00c55 - -Commit bc2f4fcb1d ("qom: move user_creatable_add_opts logic to vl.c -and QAPIfy it", 2021-03-19) switched the creation of objects from -qemu_opts_foreach to a bespoke QTAILQ in preparation for supporting JSON -syntax in -object. - -Unfortunately in doing so it lost support for [object] stanzas in -configuration files and also for "-set object.ID.KEY=VAL". The latter -is hard to re-establish and probably best solved by deprecating -set. -This patch uses the infrastructure introduced by the previous two -patches in order to parse QOM objects correctly from configuration -files. - -Cc: Markus Armbruster -Cc: qemu-stable@nongnu.org -Reviewed-by: Kevin Wolf -Signed-off-by: Paolo Bonzini -Message-Id: <20210524105752.3318299-4-pbonzini@redhat.com> -Signed-off-by: Paolo Bonzini -Signed-off-by: Jose R. Ziviani ---- - softmmu/vl.c | 24 ++++++++++++++++++------ - 1 file changed, 18 insertions(+), 6 deletions(-) - -diff --git a/softmmu/vl.c b/softmmu/vl.c -index 4cdbe9232a6429b6f9a195336149..8cb68f21b9f2a5cf159295169ed0 100644 ---- a/softmmu/vl.c -+++ b/softmmu/vl.c -@@ -1710,9 +1710,15 @@ static void object_option_foreach_add(bool (*type_opt_predicate)(const char *)) - } - } - -+static void object_option_add_visitor(Visitor *v) -+{ -+ ObjectOption *opt = g_new0(ObjectOption, 1); -+ visit_type_ObjectOptions(v, NULL, &opt->opts, &error_fatal); -+ QTAILQ_INSERT_TAIL(&object_opts, opt, next); -+} -+ - static void object_option_parse(const char *optarg) - { -- ObjectOption *opt; - QemuOpts *opts; - const char *type; - Visitor *v; -@@ -1740,11 +1746,8 @@ static void object_option_parse(const char *optarg) - v = opts_visitor_new(opts); - } - -- opt = g_new0(ObjectOption, 1); -- visit_type_ObjectOptions(v, NULL, &opt->opts, &error_fatal); -+ object_option_add_visitor(v); - visit_free(v); -- -- QTAILQ_INSERT_TAIL(&object_opts, opt, next); - } - - /* -@@ -2121,13 +2124,22 @@ static int global_init_func(void *opaque, QemuOpts *opts, Error **errp) - */ - static bool is_qemuopts_group(const char *group) - { -+ if (g_str_equal(group, "object")) { -+ return false; -+ } - return true; - } - - static void qemu_record_config_group(const char *group, QDict *dict, - bool from_json, Error **errp) - { -- abort(); -+ if (g_str_equal(group, "object")) { -+ Visitor *v = qobject_input_visitor_new_keyval(QOBJECT(dict)); -+ object_option_add_visitor(v); -+ visit_free(v); -+ } else { -+ abort(); -+ } - } - - /* diff --git a/vl-plumb-keyval-based-options-into-readc.patch b/vl-plumb-keyval-based-options-into-readc.patch deleted file mode 100644 index 1f6025ea..00000000 --- a/vl-plumb-keyval-based-options-into-readc.patch +++ /dev/null @@ -1,187 +0,0 @@ -From: Paolo Bonzini -Date: Mon, 24 May 2021 06:57:51 -0400 -Subject: vl: plumb keyval-based options into -readconfig - -Git-commit: c0d4aa82f895af67cbf7772324e05605e22b4162 - -Let -readconfig support parsing command line options into QDict or -QemuOpts. This will be used to add back support for objects in --readconfig. - -Cc: Markus Armbruster -Cc: qemu-stable@nongnu.org -Reviewed-by: Kevin Wolf -Signed-off-by: Paolo Bonzini -Message-Id: <20210524105752.3318299-3-pbonzini@redhat.com> -Signed-off-by: Paolo Bonzini -Signed-off-by: Jose R. Ziviani ---- - include/block/qdict.h | 2 - - include/qapi/qmp/qdict.h | 3 ++ - softmmu/vl.c | 83 ++++++++++++++++++++++++++++------------ - 3 files changed, 62 insertions(+), 26 deletions(-) - -diff --git a/include/block/qdict.h b/include/block/qdict.h -index d8cb502d7db3d687eb4701804db0..ced2acfb92a080d9fc4ad52517fa 100644 ---- a/include/block/qdict.h -+++ b/include/block/qdict.h -@@ -20,8 +20,6 @@ void qdict_join(QDict *dest, QDict *src, bool overwrite); - void qdict_extract_subqdict(QDict *src, QDict **dst, const char *start); - void qdict_array_split(QDict *src, QList **dst); - int qdict_array_entries(QDict *src, const char *subqdict); --QObject *qdict_crumple(const QDict *src, Error **errp); --void qdict_flatten(QDict *qdict); - - typedef struct QDictRenames { - const char *from; -diff --git a/include/qapi/qmp/qdict.h b/include/qapi/qmp/qdict.h -index 9934539c1b73590e626ab8adc774..d5b5430e21a90afdf93a5e46df72 100644 ---- a/include/qapi/qmp/qdict.h -+++ b/include/qapi/qmp/qdict.h -@@ -64,4 +64,7 @@ const char *qdict_get_try_str(const QDict *qdict, const char *key); - - QDict *qdict_clone_shallow(const QDict *src); - -+QObject *qdict_crumple(const QDict *src, Error **errp); -+void qdict_flatten(QDict *qdict); -+ - #endif /* QDICT_H */ -diff --git a/softmmu/vl.c b/softmmu/vl.c -index 5c7e7570f627a54eb22f668dceb0..4cdbe9232a6429b6f9a195336149 100644 ---- a/softmmu/vl.c -+++ b/softmmu/vl.c -@@ -123,6 +123,7 @@ - #include "qapi/qapi-commands-misc.h" - #include "qapi/qapi-visit-qom.h" - #include "qapi/qapi-commands-ui.h" -+#include "qapi/qmp/qdict.h" - #include "qapi/qmp/qerror.h" - #include "sysemu/iothread.h" - #include "qemu/guest-random.h" -@@ -2114,13 +2115,53 @@ static int global_init_func(void *opaque, QemuOpts *opts, Error **errp) - return 0; - } - -+/* -+ * Return whether configuration group @group is stored in QemuOpts, or -+ * recorded as one or more QDicts by qemu_record_config_group. -+ */ -+static bool is_qemuopts_group(const char *group) -+{ -+ return true; -+} -+ -+static void qemu_record_config_group(const char *group, QDict *dict, -+ bool from_json, Error **errp) -+{ -+ abort(); -+} -+ -+/* -+ * Parse non-QemuOpts config file groups, pass the rest to -+ * qemu_config_do_parse. -+ */ -+static void qemu_parse_config_group(const char *group, QDict *qdict, -+ void *opaque, Error **errp) -+{ -+ QObject *crumpled; -+ if (is_qemuopts_group(group)) { -+ qemu_config_do_parse(group, qdict, opaque, errp); -+ return; -+ } -+ -+ crumpled = qdict_crumple(qdict, errp); -+ if (!crumpled) { -+ return; -+ } -+ if (qobject_type(crumpled) != QTYPE_QDICT) { -+ assert(qobject_type(crumpled) == QTYPE_QLIST); -+ error_setg(errp, "Lists cannot be at top level of a configuration section"); -+ return; -+ } -+ qemu_record_config_group(group, qobject_to(QDict, crumpled), false, errp); -+} -+ - static void qemu_read_default_config_file(Error **errp) - { - ERRP_GUARD(); - int ret; - g_autofree char *file = get_relocated_path(CONFIG_QEMU_CONFDIR "/qemu.conf"); - -- ret = qemu_read_config_file(file, qemu_config_do_parse, errp); -+ ret = qemu_read_config_file(file, qemu_parse_config_group, errp); - if (ret < 0) { - if (ret == -ENOENT) { - error_free(*errp); -@@ -2129,9 +2170,8 @@ static void qemu_read_default_config_file(Error **errp) - } - } - --static int qemu_set_option(const char *str) -+static void qemu_set_option(const char *str, Error **errp) - { -- Error *local_err = NULL; - char group[64], id[64], arg[64]; - QemuOptsList *list; - QemuOpts *opts; -@@ -2139,27 +2179,23 @@ static int qemu_set_option(const char *str) - - rc = sscanf(str, "%63[^.].%63[^.].%63[^=]%n", group, id, arg, &offset); - if (rc < 3 || str[offset] != '=') { -- error_report("can't parse: \"%s\"", str); -- return -1; -+ error_setg(errp, "can't parse: \"%s\"", str); -+ return; - } - -- list = qemu_find_opts(group); -- if (list == NULL) { -- return -1; -+ if (!is_qemuopts_group(group)) { -+ error_setg(errp, "-set is not supported with %s", group); -+ } else { -+ list = qemu_find_opts_err(group, errp); -+ if (list) { -+ opts = qemu_opts_find(list, id); -+ if (!opts) { -+ error_setg(errp, "there is no %s \"%s\" defined", group, id); -+ return; -+ } -+ qemu_opt_set(opts, arg, str + offset + 1, errp); -+ } - } -- -- opts = qemu_opts_find(list, id); -- if (!opts) { -- error_report("there is no %s \"%s\" defined", -- list->name, id); -- return -1; -- } -- -- if (!qemu_opt_set(opts, arg, str + offset + 1, &local_err)) { -- error_report_err(local_err); -- return -1; -- } -- return 0; - } - - static void user_register_global_props(void) -@@ -2764,8 +2800,7 @@ void qemu_init(int argc, char **argv, char **envp) - } - break; - case QEMU_OPTION_set: -- if (qemu_set_option(optarg) != 0) -- exit(1); -+ qemu_set_option(optarg, &error_fatal); - break; - case QEMU_OPTION_global: - if (qemu_global_option(optarg) != 0) -@@ -3397,7 +3432,7 @@ void qemu_init(int argc, char **argv, char **envp) - qemu_plugin_opt_parse(optarg, &plugin_list); - break; - case QEMU_OPTION_readconfig: -- qemu_read_config_file(optarg, qemu_config_do_parse, &error_fatal); -+ qemu_read_config_file(optarg, qemu_parse_config_group, &error_fatal); - break; - case QEMU_OPTION_spice: - olist = qemu_find_opts_err("spice", NULL); diff --git a/x86-acpi-use-offset-instead-of-pointer-w.patch b/x86-acpi-use-offset-instead-of-pointer-w.patch deleted file mode 100644 index 6fc64f76..00000000 --- a/x86-acpi-use-offset-instead-of-pointer-w.patch +++ /dev/null @@ -1,130 +0,0 @@ -From: Igor Mammedov -Date: Wed, 14 Apr 2021 04:43:56 -0400 -Subject: x86: acpi: use offset instead of pointer when using build_header() - -Git-commit: bb9feea43179ef8aba2c0a9cc1e670cb049ba90e - -Do the same as in commit - (4d027afeb3a97 Virt: ACPI: fix qemu assert due to re-assigned table data address) -for remaining tables that happen to use saved at -the beginning pointer to build header to avoid assert -when table_data is relocated due to implicit re-size. - -In this case user is trying to start Windows 10 and getting assert at - hw/acpi/bios-linker-loader.c:239: - bios_linker_loader_add_checksum: Assertion `start_offset < file->blob->len' failed. - -Fixes: https://bugs.launchpad.net/bugs/1923497 -Signed-off-by: Igor Mammedov -Message-Id: <20210414084356.3792113-1-imammedo@redhat.com> -Cc: mst@redhat.com, qemu-stable@nongnu.org -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Jose R. Ziviani ---- - hw/acpi/aml-build.c | 15 +++++++++------ - hw/i386/acpi-build.c | 8 ++++++-- - 2 files changed, 15 insertions(+), 8 deletions(-) - -diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c -index d33ce8954aa6b51788c443e5c6a9..f0035d2b4a183363e0b162b2e5b0 100644 ---- a/hw/acpi/aml-build.c -+++ b/hw/acpi/aml-build.c -@@ -1830,6 +1830,7 @@ build_rsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets, - int i; - unsigned rsdt_entries_offset; - AcpiRsdtDescriptorRev1 *rsdt; -+ int rsdt_start = table_data->len; - const unsigned table_data_len = (sizeof(uint32_t) * table_offsets->len); - const unsigned rsdt_entry_size = sizeof(rsdt->table_offset_entry[0]); - const size_t rsdt_len = sizeof(*rsdt) + table_data_len; -@@ -1846,7 +1847,8 @@ build_rsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets, - ACPI_BUILD_TABLE_FILE, ref_tbl_offset); - } - build_header(linker, table_data, -- (void *)rsdt, "RSDT", rsdt_len, 1, oem_id, oem_table_id); -+ (void *)(table_data->data + rsdt_start), -+ "RSDT", rsdt_len, 1, oem_id, oem_table_id); - } - - /* Build xsdt table */ -@@ -1857,6 +1859,7 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets, - int i; - unsigned xsdt_entries_offset; - AcpiXsdtDescriptorRev2 *xsdt; -+ int xsdt_start = table_data->len; - const unsigned table_data_len = (sizeof(uint64_t) * table_offsets->len); - const unsigned xsdt_entry_size = sizeof(xsdt->table_offset_entry[0]); - const size_t xsdt_len = sizeof(*xsdt) + table_data_len; -@@ -1873,7 +1876,8 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets, - ACPI_BUILD_TABLE_FILE, ref_tbl_offset); - } - build_header(linker, table_data, -- (void *)xsdt, "XSDT", xsdt_len, 1, oem_id, oem_table_id); -+ (void *)(table_data->data + xsdt_start), -+ "XSDT", xsdt_len, 1, oem_id, oem_table_id); - } - - void build_srat_memory(AcpiSratMemoryAffinity *numamem, uint64_t base, -@@ -2053,10 +2057,9 @@ void build_tpm2(GArray *table_data, BIOSLinker *linker, GArray *tcpalog, - uint64_t control_area_start_address; - TPMIf *tpmif = tpm_find(); - uint32_t start_method; -- void *tpm2_ptr; - - tpm2_start = table_data->len; -- tpm2_ptr = acpi_data_push(table_data, sizeof(AcpiTableHeader)); -+ acpi_data_push(table_data, sizeof(AcpiTableHeader)); - - /* Platform Class */ - build_append_int_noprefix(table_data, TPM2_ACPI_CLASS_CLIENT, 2); -@@ -2095,8 +2098,8 @@ void build_tpm2(GArray *table_data, BIOSLinker *linker, GArray *tcpalog, - log_addr_offset, 8, - ACPI_BUILD_TPMLOG_FILE, 0); - build_header(linker, table_data, -- tpm2_ptr, "TPM2", table_data->len - tpm2_start, 4, oem_id, -- oem_table_id); -+ (void *)(table_data->data + tpm2_start), -+ "TPM2", table_data->len - tpm2_start, 4, oem_id, oem_table_id); - } - - Aml *build_crs(PCIHostState *host, CrsRangeSet *range_set, uint32_t io_offset, -diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c -index de98750aeff6bdec266a85c38357..daaf8f473e99ca28f03360f4ff7a 100644 ---- a/hw/i386/acpi-build.c -+++ b/hw/i386/acpi-build.c -@@ -1816,6 +1816,7 @@ build_hpet(GArray *table_data, BIOSLinker *linker, const char *oem_id, - const char *oem_table_id) - { - Acpi20Hpet *hpet; -+ int hpet_start = table_data->len; - - hpet = acpi_data_push(table_data, sizeof(*hpet)); - /* Note timer_block_id value must be kept in sync with value advertised by -@@ -1824,13 +1825,15 @@ build_hpet(GArray *table_data, BIOSLinker *linker, const char *oem_id, - hpet->timer_block_id = cpu_to_le32(0x8086a201); - hpet->addr.address = cpu_to_le64(HPET_BASE); - build_header(linker, table_data, -- (void *)hpet, "HPET", sizeof(*hpet), 1, oem_id, oem_table_id); -+ (void *)(table_data->data + hpet_start), -+ "HPET", sizeof(*hpet), 1, oem_id, oem_table_id); - } - - static void - build_tpm_tcpa(GArray *table_data, BIOSLinker *linker, GArray *tcpalog, - const char *oem_id, const char *oem_table_id) - { -+ int tcpa_start = table_data->len; - Acpi20Tcpa *tcpa = acpi_data_push(table_data, sizeof *tcpa); - unsigned log_addr_size = sizeof(tcpa->log_area_start_address); - unsigned log_addr_offset = -@@ -1849,7 +1852,8 @@ build_tpm_tcpa(GArray *table_data, BIOSLinker *linker, GArray *tcpalog, - ACPI_BUILD_TPMLOG_FILE, 0); - - build_header(linker, table_data, -- (void *)tcpa, "TCPA", sizeof(*tcpa), 2, oem_id, oem_table_id); -+ (void *)(table_data->data + tcpa_start), -+ "TCPA", sizeof(*tcpa), 2, oem_id, oem_table_id); - } - - #define HOLE_640K_START (640 * KiB) diff --git a/xen-add-block-resize-support-for-xen-dis.patch b/xen-add-block-resize-support-for-xen-dis.patch index 79a7fa69..0547cabe 100644 --- a/xen-add-block-resize-support-for-xen-dis.patch +++ b/xen-add-block-resize-support-for-xen-dis.patch @@ -15,7 +15,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 3 insertions(+) diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c -index 581f1d5f7a1a2ec3d9b5f7bfe2aa..9076221c0f995e622ecfbb0408c1 100644 +index 07b3be7b9b9f6093642363f13187..b0fe7583f9de18bfe75109e3f194 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c @@ -271,6 +271,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp) diff --git a/xen-ignore-live-parameter-from-xen-save-.patch b/xen-ignore-live-parameter-from-xen-save-.patch index c7ec94d1..733ff7f4 100644 --- a/xen-ignore-live-parameter-from-xen-save-.patch +++ b/xen-ignore-live-parameter-from-xen-save-.patch @@ -27,10 +27,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/migration/savevm.c b/migration/savevm.c -index 52e2d72e4b08e2693ba671752bc8..f2ccecadba94324b2518f64622dc 100644 +index 7b7b64bd13e737618319759cdffb..375ca95caeef4a3ba0d5704ccbcc 100644 --- a/migration/savevm.c +++ b/migration/savevm.c -@@ -2937,7 +2937,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live, +@@ -2941,7 +2941,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live, * So call bdrv_inactivate_all (release locks) here to let the other * side of the migration take control of the images. */ diff --git a/xen_disk-Add-suse-specific-flush-disable.patch b/xen_disk-Add-suse-specific-flush-disable.patch index 28516a66..0fbba906 100644 --- a/xen_disk-Add-suse-specific-flush-disable.patch +++ b/xen_disk-Add-suse-specific-flush-disable.patch @@ -18,7 +18,7 @@ Signed-off-by: Olaf Hering 1 file changed, 12 insertions(+) diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c -index 83754a434481d9cd02bbe35bffc3..581f1d5f7a1a2ec3d9b5f7bfe2aa 100644 +index 674953f1adeeaec6a81d9857144e..07b3be7b9b9f6093642363f13187 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c @@ -723,6 +723,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id, @@ -30,7 +30,7 @@ index 83754a434481d9cd02bbe35bffc3..581f1d5f7a1a2ec3d9b5f7bfe2aa 100644 char *driver = NULL; char *filename = NULL; XenBlockDrive *drive = NULL; -@@ -791,6 +793,16 @@ static XenBlockDrive *xen_block_drive_create(const char *id, +@@ -803,6 +805,16 @@ static XenBlockDrive *xen_block_drive_create(const char *id, } }