diff --git a/0040-linux-headers-update.patch b/0040-linux-headers-update.patch new file mode 100644 index 00000000..75b7a820 --- /dev/null +++ b/0040-linux-headers-update.patch @@ -0,0 +1,47 @@ +From 8194d18811df960052d42d93cdc5105b8ef089cc Mon Sep 17 00:00:00 2001 +From: Fei Li +Date: Fri, 7 Sep 2018 14:15:05 +0800 +Subject: [PATCH] linux-headers: update + +Update to Linux upstream commit 2ad0d5269970 +("Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net") + +Signed-off-by: Cornelia Huck +(cherry picked from commit d36f7de82995a42b749c29c5b60ba31483995a42) +[FL: bsc#1107489 - actually only backport the linux-header's update +for the etoken cpu feature used on the s390x platform) +Signed-off-by: Fei Li +--- + linux-headers/asm-s390/kvm.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/linux-headers/asm-s390/kvm.h b/linux-headers/asm-s390/kvm.h +index 11def14301..1ab9901911 100644 +--- a/linux-headers/asm-s390/kvm.h ++++ b/linux-headers/asm-s390/kvm.h +@@ -4,7 +4,7 @@ + /* + * KVM s390 specific structures and definitions + * +- * Copyright IBM Corp. 2008 ++ * Copyright IBM Corp. 2008, 2018 + * + * Author(s): Carsten Otte + * Christian Borntraeger +@@ -225,6 +225,7 @@ struct kvm_guest_debug_arch { + #define KVM_SYNC_FPRS (1UL << 8) + #define KVM_SYNC_GSCB (1UL << 9) + #define KVM_SYNC_BPBC (1UL << 10) ++#define KVM_SYNC_ETOKEN (1UL << 11) + /* length and alignment of the sdnx as a power of two */ + #define SDNXC 8 + #define SDNXL (1UL << SDNXC) +@@ -258,6 +259,8 @@ struct kvm_sync_regs { + struct { + __u64 reserved1[2]; + __u64 gscb[4]; ++ __u64 etoken; ++ __u64 etoken_extension; + }; + }; + }; diff --git a/0041-s390x-kvm-add-etoken-facility.patch b/0041-s390x-kvm-add-etoken-facility.patch new file mode 100644 index 00000000..2777f488 --- /dev/null +++ b/0041-s390x-kvm-add-etoken-facility.patch @@ -0,0 +1,183 @@ +From 3ff69067e3144565368ace51672cbbeaefd62489 Mon Sep 17 00:00:00 2001 +From: Christian Borntraeger +Date: Tue, 31 Jul 2018 11:04:48 +0200 +Subject: [PATCH] s390x/kvm: add etoken facility + +Provide the etoken facility. We need to handle cpu model, migration and +clear reset. + +Signed-off-by: Christian Borntraeger +Acked-by: Janosch Frank +Message-Id: <20180731090448.36662-3-borntraeger@de.ibm.com> +Reviewed-by: David Hildenbrand +Signed-off-by: Cornelia Huck +(cherry picked from commit 27e84d4ebd25b981ab27cb590fe06d1b0fcd06d2) +[FL: bsc#1107489] +Signed-off-by: Fei Li +--- + target/s390x/cpu.h | 3 +++ + target/s390x/cpu_features.c | 3 ++- + target/s390x/cpu_features_def.h | 3 ++- + target/s390x/gen-features.c | 3 ++- + target/s390x/kvm.c | 11 +++++++++++ + target/s390x/machine.c | 20 +++++++++++++++++++- + 6 files changed, 39 insertions(+), 4 deletions(-) + +diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h +index 2c3dd2d189..21b2f211fe 100644 +--- a/target/s390x/cpu.h ++++ b/target/s390x/cpu.h +@@ -2,6 +2,7 @@ + * S/390 virtual CPU header + * + * Copyright (c) 2009 Ulrich Hecht ++ * Copyright IBM Corp. 2012, 2018 + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public +@@ -68,6 +69,8 @@ struct CPUS390XState { + uint32_t aregs[16]; /* access registers */ + uint8_t riccb[64]; /* runtime instrumentation control */ + uint64_t gscb[4]; /* guarded storage control */ ++ uint64_t etoken; /* etoken */ ++ uint64_t etoken_extension; /* etoken extension */ + + /* Fields up to this point are not cleared by initial CPU reset */ + struct {} start_initial_reset_fields; +diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c +index 3b9e2745e9..e05e6aaaf4 100644 +--- a/target/s390x/cpu_features.c ++++ b/target/s390x/cpu_features.c +@@ -1,7 +1,7 @@ + /* + * CPU features/facilities for s390x + * +- * Copyright 2016 IBM Corp. ++ * Copyright IBM Corp. 2016, 2018 + * + * Author(s): David Hildenbrand + * +@@ -106,6 +106,7 @@ static const S390FeatDef s390_features[] = { + FEAT_INIT("irbm", S390_FEAT_TYPE_STFL, 145, "Insert-reference-bits-multiple facility"), + FEAT_INIT("msa8-base", S390_FEAT_TYPE_STFL, 146, "Message-security-assist-extension-8 facility (excluding subfunctions)"), + FEAT_INIT("cmmnt", S390_FEAT_TYPE_STFL, 147, "CMM: ESSA-enhancement (no translate) facility"), ++ FEAT_INIT("etoken", S390_FEAT_TYPE_STFL, 156, "Etoken facility"), + + /* SCLP SCCB Byte 80 - 98 (bit numbers relative to byte-80) */ + FEAT_INIT("gsls", S390_FEAT_TYPE_SCLP_CONF_CHAR, 40, "SIE: Guest-storage-limit-suppression facility"), +diff --git a/target/s390x/cpu_features_def.h b/target/s390x/cpu_features_def.h +index 7c5915c7b2..ac2c947f30 100644 +--- a/target/s390x/cpu_features_def.h ++++ b/target/s390x/cpu_features_def.h +@@ -1,7 +1,7 @@ + /* + * CPU features/facilities for s390 + * +- * Copyright 2016 IBM Corp. ++ * Copyright IBM Corp. 2016, 2018 + * + * Author(s): Michael Mueller + * David Hildenbrand +@@ -93,6 +93,7 @@ typedef enum { + S390_FEAT_INSERT_REFERENCE_BITS_MULT, + S390_FEAT_MSA_EXT_8, + S390_FEAT_CMM_NT, ++ S390_FEAT_ETOKEN, + + /* Sclp Conf Char */ + S390_FEAT_SIE_GSLS, +diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c +index 6626b6f565..5af042c003 100644 +--- a/target/s390x/gen-features.c ++++ b/target/s390x/gen-features.c +@@ -1,7 +1,7 @@ + /* + * S390 feature list generator + * +- * Copyright 2016 IBM Corp. ++ * Copyright IBM Corp. 2016, 2018 + * + * Author(s): Michael Mueller + * David Hildenbrand +@@ -471,6 +471,7 @@ static uint16_t full_GEN14_GA1[] = { + S390_FEAT_GROUP_MSA_EXT_7, + S390_FEAT_GROUP_MSA_EXT_8, + S390_FEAT_CMM_NT, ++ S390_FEAT_ETOKEN, + S390_FEAT_HPMA2, + S390_FEAT_SIE_KSS, + S390_FEAT_GROUP_MULTIPLE_EPOCH_PTFF, +diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c +index d923cf4240..af83955e5f 100644 +--- a/target/s390x/kvm.c ++++ b/target/s390x/kvm.c +@@ -493,6 +493,12 @@ int kvm_arch_put_registers(CPUState *cs, int level) + cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_BPBC; + } + ++ if (can_sync_regs(cs, KVM_SYNC_ETOKEN)) { ++ cs->kvm_run->s.regs.etoken = env->etoken; ++ cs->kvm_run->s.regs.etoken_extension = env->etoken_extension; ++ cs->kvm_run->kvm_dirty_regs |= KVM_SYNC_ETOKEN; ++ } ++ + /* Finally the prefix */ + if (can_sync_regs(cs, KVM_SYNC_PREFIX)) { + cs->kvm_run->s.regs.prefix = env->psa; +@@ -607,6 +613,11 @@ int kvm_arch_get_registers(CPUState *cs) + env->bpbc = cs->kvm_run->s.regs.bpbc; + } + ++ if (can_sync_regs(cs, KVM_SYNC_ETOKEN)) { ++ env->etoken = cs->kvm_run->s.regs.etoken; ++ env->etoken_extension = cs->kvm_run->s.regs.etoken_extension; ++ } ++ + /* pfault parameters */ + if (can_sync_regs(cs, KVM_SYNC_PFAULT)) { + env->pfault_token = cs->kvm_run->s.regs.pft; +diff --git a/target/s390x/machine.c b/target/s390x/machine.c +index bd3230d027..cb792aa103 100644 +--- a/target/s390x/machine.c ++++ b/target/s390x/machine.c +@@ -1,7 +1,7 @@ + /* + * S390x machine definitions and functions + * +- * Copyright IBM Corp. 2014 ++ * Copyright IBM Corp. 2014, 2018 + * + * Authors: + * Thomas Huth +@@ -216,6 +216,23 @@ const VMStateDescription vmstate_bpbc = { + } + }; + ++static bool etoken_needed(void *opaque) ++{ ++ return s390_has_feat(S390_FEAT_ETOKEN); ++} ++ ++const VMStateDescription vmstate_etoken = { ++ .name = "cpu/etoken", ++ .version_id = 1, ++ .minimum_version_id = 1, ++ .needed = etoken_needed, ++ .fields = (VMStateField[]) { ++ VMSTATE_UINT64(env.etoken, S390CPU), ++ VMSTATE_UINT64(env.etoken_extension, S390CPU), ++ VMSTATE_END_OF_LIST() ++ } ++}; ++ + const VMStateDescription vmstate_s390_cpu = { + .name = "cpu", + .post_load = cpu_post_load, +@@ -251,6 +268,7 @@ const VMStateDescription vmstate_s390_cpu = { + &vmstate_exval, + &vmstate_gscb, + &vmstate_bpbc, ++ &vmstate_etoken, + NULL + }, + }; diff --git a/qemu-linux-user.changes b/qemu-linux-user.changes index 852cf1c4..60de4845 100644 --- a/qemu-linux-user.changes +++ b/qemu-linux-user.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Fri Sep 14 21:19:22 UTC 2018 - Bruce Rogers + +- Remove BuildRequires for libattr-devel-static since it's not needed. +- Re-sync openSUSE and SUSE SLE qemu-linux-user package. This changes + file is the openSUSE one with this entry providing the intervening + SLE CVE, FATE, and bugzilla references, which are still addressed + in this package, and not yet called out in this changes file. +* +* Patches added: + 0040-linux-headers-update.patch + 0041-s390x-kvm-add-etoken-facility.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 + ------------------------------------------------------------------- Mon Aug 20 21:18:22 UTC 2018 - brogers@suse.com diff --git a/qemu-linux-user.spec b/qemu-linux-user.spec index 9ac72506..fd3e3010 100644 --- a/qemu-linux-user.spec +++ b/qemu-linux-user.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -65,6 +65,8 @@ Patch0036: 0036-qemu-io-tests-comment-out-problemat.patch Patch0037: 0037-tests-test-thread-pool-is-racy-add-.patch Patch0038: 0038-xen-add-block-resize-support-for-xe.patch Patch0039: 0039-tests-boot-serial-test-Bump-timeout.patch +Patch0040: 0040-linux-headers-update.patch +Patch0041: 0041-s390x-kvm-add-etoken-facility.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. Source400: update_git.sh @@ -76,7 +78,6 @@ BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: glib2-devel-static BuildRequires: glibc-devel-static -BuildRequires: libattr-devel-static BuildRequires: makeinfo BuildRequires: pcre-devel-static %if 0%{?suse_version} > 1320 @@ -137,6 +138,8 @@ syscall layer occurs on the native hardware and operating system. %patch0037 -p1 %patch0038 -p1 %patch0039 -p1 +%patch0040 -p1 +%patch0041 -p1 %build ./configure \ diff --git a/qemu-linux-user.spec.in b/qemu-linux-user.spec.in index 539c4308..69c2a28d 100644 --- a/qemu-linux-user.spec.in +++ b/qemu-linux-user.spec.in @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -38,7 +38,6 @@ BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: glib2-devel-static BuildRequires: glibc-devel-static -BuildRequires: libattr-devel-static BuildRequires: makeinfo BuildRequires: pcre-devel-static %if 0%{?suse_version} > 1320 diff --git a/qemu-testsuite.changes b/qemu-testsuite.changes index cc38fd01..092ebf38 100644 --- a/qemu-testsuite.changes +++ b/qemu-testsuite.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Fri Sep 14 21:16:52 UTC 2018 - Bruce Rogers + +- Re-sync openSUSE and SUSE SLE qemu packages. This changes file + is the openSUSE one with this entry providing the intervening + SLE CVE, FATE, and bugzilla references, which are still addressed + in this package, and not yet called out in this changes file. +* CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746 +* fate#325467 +* bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735 + bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489 +* Patches added: +* only enable glusterfs for openSUSE + 0040-linux-headers-update.patch + 0041-s390x-kvm-add-etoken-facility.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 + ------------------------------------------------------------------- Mon Aug 20 21:18:19 UTC 2018 - brogers@suse.com diff --git a/qemu-testsuite.spec b/qemu-testsuite.spec index fcbde8a8..114e47ab 100644 --- a/qemu-testsuite.spec +++ b/qemu-testsuite.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -56,7 +56,7 @@ %define legacy_qemu_kvm 1 %endif -%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) +%if 0%{?suse_version} >= 1315 && 0%{?is_opensuse} %define with_glusterfs 1 %endif @@ -168,6 +168,8 @@ Patch0036: 0036-qemu-io-tests-comment-out-problemat.patch Patch0037: 0037-tests-test-thread-pool-is-racy-add-.patch Patch0038: 0038-xen-add-block-resize-support-for-xe.patch Patch0039: 0039-tests-boot-serial-test-Bump-timeout.patch +Patch0040: 0040-linux-headers-update.patch +Patch0041: 0041-s390x-kvm-add-etoken-facility.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -872,6 +874,8 @@ This package provides a service file for starting and stopping KSM. %patch0037 -p1 %patch0038 -p1 %patch0039 -p1 +%patch0040 -p1 +%patch0041 -p1 pushd roms/seabios %patch1100 -p1 diff --git a/qemu.changes b/qemu.changes index cc38fd01..092ebf38 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Fri Sep 14 21:16:52 UTC 2018 - Bruce Rogers + +- Re-sync openSUSE and SUSE SLE qemu packages. This changes file + is the openSUSE one with this entry providing the intervening + SLE CVE, FATE, and bugzilla references, which are still addressed + in this package, and not yet called out in this changes file. +* CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746 +* fate#325467 +* bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735 + bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489 +* Patches added: +* only enable glusterfs for openSUSE + 0040-linux-headers-update.patch + 0041-s390x-kvm-add-etoken-facility.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 + ------------------------------------------------------------------- Mon Aug 20 21:18:19 UTC 2018 - brogers@suse.com diff --git a/qemu.spec b/qemu.spec index 9d1cd3ef..965dc288 100644 --- a/qemu.spec +++ b/qemu.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -56,7 +56,7 @@ %define legacy_qemu_kvm 1 %endif -%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) +%if 0%{?suse_version} >= 1315 && 0%{?is_opensuse} %define with_glusterfs 1 %endif @@ -168,6 +168,8 @@ Patch0036: 0036-qemu-io-tests-comment-out-problemat.patch Patch0037: 0037-tests-test-thread-pool-is-racy-add-.patch Patch0038: 0038-xen-add-block-resize-support-for-xe.patch Patch0039: 0039-tests-boot-serial-test-Bump-timeout.patch +Patch0040: 0040-linux-headers-update.patch +Patch0041: 0041-s390x-kvm-add-etoken-facility.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -872,6 +874,8 @@ This package provides a service file for starting and stopping KSM. %patch0037 -p1 %patch0038 -p1 %patch0039 -p1 +%patch0040 -p1 +%patch0041 -p1 pushd roms/seabios %patch1100 -p1 diff --git a/qemu.spec.in b/qemu.spec.in index 42dadd92..2544e6fe 100644 --- a/qemu.spec.in +++ b/qemu.spec.in @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -56,7 +56,7 @@ %define legacy_qemu_kvm 1 %endif -%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) +%if 0%{?suse_version} >= 1315 && 0%{?is_opensuse} %define with_glusterfs 1 %endif