From 96203b5c1dc0838265645f59f8eb11b36e2290191645bbe61741b49af10d658b Mon Sep 17 00:00:00 2001 From: Bruce Rogers Date: Fri, 14 Sep 2018 22:33:06 +0000 Subject: [PATCH] Accepting request 635823 from home:bfrogers:branches:Virtualization - Remove BuildRequires for libattr-devel-static since it's not needed. - Re-sync openSUSE and SUSE SLE qemu-linux-user package. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * * Patches added: 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 - Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746 * fate#325467 * bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735 bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489 * Patches added: * only enable glusterfs for openSUSE 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 - Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746 * fate#325467 * bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735 bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489 * Patches added: * only enable glusterfs for openSUSE 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 OBS-URL: https://build.opensuse.org/request/show/635823 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=427 --- 0040-linux-headers-update.patch | 47 ++++++ 0041-s390x-kvm-add-etoken-facility.patch | 183 +++++++++++++++++++++++ qemu-linux-user.changes | 14 ++ qemu-linux-user.spec | 7 +- qemu-linux-user.spec.in | 3 +- qemu-testsuite.changes | 17 +++ qemu-testsuite.spec | 8 +- qemu.changes | 17 +++ qemu.spec | 8 +- qemu.spec.in | 4 +- 10 files changed, 298 insertions(+), 10 deletions(-) create mode 100644 0040-linux-headers-update.patch create mode 100644 0041-s390x-kvm-add-etoken-facility.patch diff --git a/0040-linux-headers-update.patch b/0040-linux-headers-update.patch new file mode 100644 index 0000000..75b7a82 --- /dev/null +++ b/0040-linux-headers-update.patch @@ -0,0 +1,47 @@ +From 8194d18811df960052d42d93cdc5105b8ef089cc Mon Sep 17 00:00:00 2001 +From: Fei Li +Date: Fri, 7 Sep 2018 14:15:05 +0800 +Subject: [PATCH] linux-headers: update + +Update to Linux upstream commit 2ad0d5269970 +("Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net") + +Signed-off-by: Cornelia Huck +(cherry picked from commit d36f7de82995a42b749c29c5b60ba31483995a42) +[FL: bsc#1107489 - actually only backport the linux-header's update +for the etoken cpu feature used on the s390x platform) +Signed-off-by: Fei Li +--- + linux-headers/asm-s390/kvm.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/linux-headers/asm-s390/kvm.h b/linux-headers/asm-s390/kvm.h +index 11def14301..1ab9901911 100644 +--- a/linux-headers/asm-s390/kvm.h ++++ b/linux-headers/asm-s390/kvm.h +@@ -4,7 +4,7 @@ + /* + * KVM s390 specific structures and definitions + * +- * Copyright IBM Corp. 2008 ++ * Copyright IBM Corp. 2008, 2018 + * + * Author(s): Carsten Otte + * Christian Borntraeger +@@ -225,6 +225,7 @@ struct kvm_guest_debug_arch { + #define KVM_SYNC_FPRS (1UL << 8) + #define KVM_SYNC_GSCB (1UL << 9) + #define KVM_SYNC_BPBC (1UL << 10) ++#define KVM_SYNC_ETOKEN (1UL << 11) + /* length and alignment of the sdnx as a power of two */ + #define SDNXC 8 + #define SDNXL (1UL << SDNXC) +@@ -258,6 +259,8 @@ struct kvm_sync_regs { + struct { + __u64 reserved1[2]; + __u64 gscb[4]; ++ __u64 etoken; ++ __u64 etoken_extension; + }; + }; + }; diff --git a/0041-s390x-kvm-add-etoken-facility.patch b/0041-s390x-kvm-add-etoken-facility.patch new file mode 100644 index 0000000..2777f48 --- /dev/null +++ b/0041-s390x-kvm-add-etoken-facility.patch @@ -0,0 +1,183 @@ +From 3ff69067e3144565368ace51672cbbeaefd62489 Mon Sep 17 00:00:00 2001 +From: Christian Borntraeger +Date: Tue, 31 Jul 2018 11:04:48 +0200 +Subject: [PATCH] s390x/kvm: add etoken facility + +Provide the etoken facility. We need to handle cpu model, migration and +clear reset. + +Signed-off-by: Christian Borntraeger +Acked-by: Janosch Frank +Message-Id: <20180731090448.36662-3-borntraeger@de.ibm.com> +Reviewed-by: David Hildenbrand +Signed-off-by: Cornelia Huck +(cherry picked from commit 27e84d4ebd25b981ab27cb590fe06d1b0fcd06d2) +[FL: bsc#1107489] +Signed-off-by: Fei Li +--- + target/s390x/cpu.h | 3 +++ + target/s390x/cpu_features.c | 3 ++- + target/s390x/cpu_features_def.h | 3 ++- + target/s390x/gen-features.c | 3 ++- + target/s390x/kvm.c | 11 +++++++++++ + target/s390x/machine.c | 20 +++++++++++++++++++- + 6 files changed, 39 insertions(+), 4 deletions(-) + +diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h +index 2c3dd2d189..21b2f211fe 100644 +--- a/target/s390x/cpu.h ++++ b/target/s390x/cpu.h +@@ -2,6 +2,7 @@ + * S/390 virtual CPU header + * + * Copyright (c) 2009 Ulrich Hecht ++ * Copyright IBM Corp. 2012, 2018 + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public +@@ -68,6 +69,8 @@ struct CPUS390XState { + uint32_t aregs[16]; /* access registers */ + uint8_t riccb[64]; /* runtime instrumentation control */ + uint64_t gscb[4]; /* guarded storage control */ ++ uint64_t etoken; /* etoken */ ++ uint64_t etoken_extension; /* etoken extension */ + + /* Fields up to this point are not cleared by initial CPU reset */ + struct {} start_initial_reset_fields; +diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c +index 3b9e2745e9..e05e6aaaf4 100644 +--- a/target/s390x/cpu_features.c ++++ b/target/s390x/cpu_features.c +@@ -1,7 +1,7 @@ + /* + * CPU features/facilities for s390x + * +- * Copyright 2016 IBM Corp. ++ * Copyright IBM Corp. 2016, 2018 + * + * Author(s): David Hildenbrand + * +@@ -106,6 +106,7 @@ static const S390FeatDef s390_features[] = { + FEAT_INIT("irbm", S390_FEAT_TYPE_STFL, 145, "Insert-reference-bits-multiple facility"), + FEAT_INIT("msa8-base", S390_FEAT_TYPE_STFL, 146, "Message-security-assist-extension-8 facility (excluding subfunctions)"), + FEAT_INIT("cmmnt", S390_FEAT_TYPE_STFL, 147, "CMM: ESSA-enhancement (no translate) facility"), ++ FEAT_INIT("etoken", S390_FEAT_TYPE_STFL, 156, "Etoken facility"), + + /* SCLP SCCB Byte 80 - 98 (bit numbers relative to byte-80) */ + FEAT_INIT("gsls", S390_FEAT_TYPE_SCLP_CONF_CHAR, 40, "SIE: Guest-storage-limit-suppression facility"), +diff --git a/target/s390x/cpu_features_def.h b/target/s390x/cpu_features_def.h +index 7c5915c7b2..ac2c947f30 100644 +--- a/target/s390x/cpu_features_def.h ++++ b/target/s390x/cpu_features_def.h +@@ -1,7 +1,7 @@ + /* + * CPU features/facilities for s390 + * +- * Copyright 2016 IBM Corp. ++ * Copyright IBM Corp. 2016, 2018 + * + * Author(s): Michael Mueller + * David Hildenbrand +@@ -93,6 +93,7 @@ typedef enum { + S390_FEAT_INSERT_REFERENCE_BITS_MULT, + S390_FEAT_MSA_EXT_8, + S390_FEAT_CMM_NT, ++ S390_FEAT_ETOKEN, + + /* Sclp Conf Char */ + S390_FEAT_SIE_GSLS, +diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c +index 6626b6f565..5af042c003 100644 +--- a/target/s390x/gen-features.c ++++ b/target/s390x/gen-features.c +@@ -1,7 +1,7 @@ + /* + * S390 feature list generator + * +- * Copyright 2016 IBM Corp. ++ * Copyright IBM Corp. 2016, 2018 + * + * Author(s): Michael Mueller + * David Hildenbrand +@@ -471,6 +471,7 @@ static uint16_t full_GEN14_GA1[] = { + S390_FEAT_GROUP_MSA_EXT_7, + S390_FEAT_GROUP_MSA_EXT_8, + S390_FEAT_CMM_NT, ++ S390_FEAT_ETOKEN, + S390_FEAT_HPMA2, + S390_FEAT_SIE_KSS, + S390_FEAT_GROUP_MULTIPLE_EPOCH_PTFF, +diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c +index d923cf4240..af83955e5f 100644 +--- a/target/s390x/kvm.c ++++ b/target/s390x/kvm.c +@@ -493,6 +493,12 @@ int kvm_arch_put_registers(CPUState *cs, int level) + cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_BPBC; + } + ++ if (can_sync_regs(cs, KVM_SYNC_ETOKEN)) { ++ cs->kvm_run->s.regs.etoken = env->etoken; ++ cs->kvm_run->s.regs.etoken_extension = env->etoken_extension; ++ cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_ETOKEN; ++ } ++ + /* Finally the prefix */ + if (can_sync_regs(cs, KVM_SYNC_PREFIX)) { + cs->kvm_run->s.regs.prefix = env->psa; +@@ -607,6 +613,11 @@ int kvm_arch_get_registers(CPUState *cs) + env->bpbc = cs->kvm_run->s.regs.bpbc; + } + ++ if (can_sync_regs(cs, KVM_SYNC_ETOKEN)) { ++ env->etoken = cs->kvm_run->s.regs.etoken; ++ env->etoken_extension = cs->kvm_run->s.regs.etoken_extension; ++ } ++ + /* pfault parameters */ + if (can_sync_regs(cs, KVM_SYNC_PFAULT)) { + env->pfault_token = cs->kvm_run->s.regs.pft; +diff --git a/target/s390x/machine.c b/target/s390x/machine.c +index bd3230d027..cb792aa103 100644 +--- a/target/s390x/machine.c ++++ b/target/s390x/machine.c +@@ -1,7 +1,7 @@ + /* + * S390x machine definitions and functions + * +- * Copyright IBM Corp. 2014 ++ * Copyright IBM Corp. 2014, 2018 + * + * Authors: + * Thomas Huth +@@ -216,6 +216,23 @@ const VMStateDescription vmstate_bpbc = { + } + }; + ++static bool etoken_needed(void *opaque) ++{ ++ return s390_has_feat(S390_FEAT_ETOKEN); ++} ++ ++const VMStateDescription vmstate_etoken = { ++ .name = "cpu/etoken", ++ .version_id = 1, ++ .minimum_version_id = 1, ++ .needed = etoken_needed, ++ .fields = (VMStateField[]) { ++ VMSTATE_UINT64(env.etoken, S390CPU), ++ VMSTATE_UINT64(env.etoken_extension, S390CPU), ++ VMSTATE_END_OF_LIST() ++ } ++}; ++ + const VMStateDescription vmstate_s390_cpu = { + .name = "cpu", + .post_load = cpu_post_load, +@@ -251,6 +268,7 @@ const VMStateDescription vmstate_s390_cpu = { + &vmstate_exval, + &vmstate_gscb, + &vmstate_bpbc, ++ &vmstate_etoken, + NULL + }, + }; diff --git a/qemu-linux-user.changes b/qemu-linux-user.changes index 852cf1c..60de484 100644 --- a/qemu-linux-user.changes +++ b/qemu-linux-user.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Fri Sep 14 21:19:22 UTC 2018 - Bruce Rogers + +- Remove BuildRequires for libattr-devel-static since it's not needed. +- Re-sync openSUSE and SUSE SLE qemu-linux-user package. This changes + file is the openSUSE one with this entry providing the intervening + SLE CVE, FATE, and bugzilla references, which are still addressed + in this package, and not yet called out in this changes file. +* +* Patches added: + 0040-linux-headers-update.patch + 0041-s390x-kvm-add-etoken-facility.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 + ------------------------------------------------------------------- Mon Aug 20 21:18:22 UTC 2018 - brogers@suse.com diff --git a/qemu-linux-user.spec b/qemu-linux-user.spec index 9ac7250..fd3e301 100644 --- a/qemu-linux-user.spec +++ b/qemu-linux-user.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -65,6 +65,8 @@ Patch0036: 0036-qemu-io-tests-comment-out-problemat.patch Patch0037: 0037-tests-test-thread-pool-is-racy-add-.patch Patch0038: 0038-xen-add-block-resize-support-for-xe.patch Patch0039: 0039-tests-boot-serial-test-Bump-timeout.patch +Patch0040: 0040-linux-headers-update.patch +Patch0041: 0041-s390x-kvm-add-etoken-facility.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. Source400: update_git.sh @@ -76,7 +78,6 @@ BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: glib2-devel-static BuildRequires: glibc-devel-static -BuildRequires: libattr-devel-static BuildRequires: makeinfo BuildRequires: pcre-devel-static %if 0%{?suse_version} > 1320 @@ -137,6 +138,8 @@ syscall layer occurs on the native hardware and operating system. %patch0037 -p1 %patch0038 -p1 %patch0039 -p1 +%patch0040 -p1 +%patch0041 -p1 %build ./configure \ diff --git a/qemu-linux-user.spec.in b/qemu-linux-user.spec.in index 539c430..69c2a28 100644 --- a/qemu-linux-user.spec.in +++ b/qemu-linux-user.spec.in @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -38,7 +38,6 @@ BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: glib2-devel-static BuildRequires: glibc-devel-static -BuildRequires: libattr-devel-static BuildRequires: makeinfo BuildRequires: pcre-devel-static %if 0%{?suse_version} > 1320 diff --git a/qemu-testsuite.changes b/qemu-testsuite.changes index cc38fd0..092ebf3 100644 --- a/qemu-testsuite.changes +++ b/qemu-testsuite.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Fri Sep 14 21:16:52 UTC 2018 - Bruce Rogers + +- Re-sync openSUSE and SUSE SLE qemu packages. This changes file + is the openSUSE one with this entry providing the intervening + SLE CVE, FATE, and bugzilla references, which are still addressed + in this package, and not yet called out in this changes file. +* CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746 +* fate#325467 +* bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735 + bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489 +* Patches added: +* only enable glusterfs for openSUSE + 0040-linux-headers-update.patch + 0041-s390x-kvm-add-etoken-facility.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 + ------------------------------------------------------------------- Mon Aug 20 21:18:19 UTC 2018 - brogers@suse.com diff --git a/qemu-testsuite.spec b/qemu-testsuite.spec index fcbde8a..114e47a 100644 --- a/qemu-testsuite.spec +++ b/qemu-testsuite.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -56,7 +56,7 @@ %define legacy_qemu_kvm 1 %endif -%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) +%if 0%{?suse_version} >= 1315 && 0%{?is_opensuse} %define with_glusterfs 1 %endif @@ -168,6 +168,8 @@ Patch0036: 0036-qemu-io-tests-comment-out-problemat.patch Patch0037: 0037-tests-test-thread-pool-is-racy-add-.patch Patch0038: 0038-xen-add-block-resize-support-for-xe.patch Patch0039: 0039-tests-boot-serial-test-Bump-timeout.patch +Patch0040: 0040-linux-headers-update.patch +Patch0041: 0041-s390x-kvm-add-etoken-facility.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -872,6 +874,8 @@ This package provides a service file for starting and stopping KSM. %patch0037 -p1 %patch0038 -p1 %patch0039 -p1 +%patch0040 -p1 +%patch0041 -p1 pushd roms/seabios %patch1100 -p1 diff --git a/qemu.changes b/qemu.changes index cc38fd0..092ebf3 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Fri Sep 14 21:16:52 UTC 2018 - Bruce Rogers + +- Re-sync openSUSE and SUSE SLE qemu packages. This changes file + is the openSUSE one with this entry providing the intervening + SLE CVE, FATE, and bugzilla references, which are still addressed + in this package, and not yet called out in this changes file. +* CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746 +* fate#325467 +* bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735 + bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489 +* Patches added: +* only enable glusterfs for openSUSE + 0040-linux-headers-update.patch + 0041-s390x-kvm-add-etoken-facility.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 + ------------------------------------------------------------------- Mon Aug 20 21:18:19 UTC 2018 - brogers@suse.com diff --git a/qemu.spec b/qemu.spec index 9d1cd3e..965dc28 100644 --- a/qemu.spec +++ b/qemu.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -56,7 +56,7 @@ %define legacy_qemu_kvm 1 %endif -%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) +%if 0%{?suse_version} >= 1315 && 0%{?is_opensuse} %define with_glusterfs 1 %endif @@ -168,6 +168,8 @@ Patch0036: 0036-qemu-io-tests-comment-out-problemat.patch Patch0037: 0037-tests-test-thread-pool-is-racy-add-.patch Patch0038: 0038-xen-add-block-resize-support-for-xe.patch Patch0039: 0039-tests-boot-serial-test-Bump-timeout.patch +Patch0040: 0040-linux-headers-update.patch +Patch0041: 0041-s390x-kvm-add-etoken-facility.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -872,6 +874,8 @@ This package provides a service file for starting and stopping KSM. %patch0037 -p1 %patch0038 -p1 %patch0039 -p1 +%patch0040 -p1 +%patch0041 -p1 pushd roms/seabios %patch1100 -p1 diff --git a/qemu.spec.in b/qemu.spec.in index 42dadd9..2544e6f 100644 --- a/qemu.spec.in +++ b/qemu.spec.in @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -56,7 +56,7 @@ %define legacy_qemu_kvm 1 %endif -%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) +%if 0%{?suse_version} >= 1315 && 0%{?is_opensuse} %define with_glusterfs 1 %endif