Accepting request 676606 from home:bfrogers:branches:Virtualization

- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
* Patches added:
  0058-Revert-target-i386-kvm-add-VMX-migr.patch
  0059-memory-Fix-the-memory-region-type-a.patch
  0060-target-i386-sev-Do-not-pin-the-ram-.patch
- Revert upstream patch which declares x86 vmx feature a migration
  blocker. Given the proliferation of using vm's with host features
  passed through and the general knowledge that nested
  virtualization has many usage caveats, but still gets put in use
  in restricted scenarios, this patch did more harm than good, I
  feel. So despite this relaxation, please consider yourself warned
  that nested virtualization is not yet a supportable feature.
  (bsc#1121604) 
  0058-Revert-target-i386-kvm-add-VMX-migr.patch
- Fix SEV VM device assignment (bsc#1123205)
  0059-memory-Fix-the-memory-region-type-a.patch
  0060-target-i386-sev-Do-not-pin-the-ram-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Revert upstream patch which declares x86 vmx feature a migration
  blocker. Given the proliferation of using vm's with host features
  passed through and the general knowledge that nested
  virtualization has many usage caveats, but still gets put in use
  in restricted scenarios, this patch did more harm than good, I
  feel. So despite this relaxation, please consider yourself warned
  that nested virtualization is not yet a supportable feature.
  (bsc#1121604) 
  0058-Revert-target-i386-kvm-add-VMX-migr.patch
- Fix SEV VM device assignment (bsc#1123205)
  0059-memory-Fix-the-memory-region-type-a.patch
  0060-target-i386-sev-Do-not-pin-the-ram-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1

OBS-URL: https://build.opensuse.org/request/show/676606
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=455

0058-Revert-target-i386-kvm-add-VMX-migr.patch

@@ -0,0 +1,65 @@
+From: Bruce Rogers <brogers@suse.com>
+Date: Fri, 15 Feb 2019 15:12:04 -0700
+Subject: Revert "target/i386: kvm: add VMX migration blocker"
+
+This reverts commit d98f26073bebddcd3da0ba1b86c3a34e840c0fb8.
+Here is some text explaining the revert:
+I've thought about this some more, and with upstream
+discussions about it having stagnated, at this point I think
+the best solution is to revert the patch which considers it
+a migration blocker to have the vmx feature enabled. It's
+worth noting that not only are migrations blocked, but
+saving of the vm state via save/restore and snapshots.
+
+Given that it is still widely known that Nested Virtualization
+is not supported by SUSE and other vendors, but is still used
+by quite a few people who understand that there are caveats
+with it's usage, I believe this migration blocker is more
+hurtful than helpful.
+
+The fact that as of the v4.20 kernel, nested virtualization is
+enabled by default (for vmx), was partly why the patch was
+added in the first place. But my perspective is that perhaps
+enabling nested was still a bit premature.
+
+I will make sure our qemu changelog explains that despite
+removing that migration blocker, the user is warned that
+nested virtualization is still a "use at your own risk
+feature".
+
+[BR: BSC#1121604]
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ target/i386/kvm.c | 12 ------------
+ 1 file changed, 12 deletions(-)
+
+diff --git a/target/i386/kvm.c b/target/i386/kvm.c
+index b2401d13ea..f97bfc164d 100644
+--- a/target/i386/kvm.c
++++ b/target/i386/kvm.c
+@@ -855,7 +855,6 @@ static int hyperv_init_vcpu(X86CPU *cpu)
+ }
+ 
+ static Error *invtsc_mig_blocker;
+-static Error *vmx_mig_blocker;
+ 
+ #define KVM_MAX_CPUID_ENTRIES  100
+ 
+@@ -1248,17 +1247,6 @@ int kvm_arch_init_vcpu(CPUState *cs)
+                                   !!(c->ecx & CPUID_EXT_SMX);
+     }
+ 
+-    if ((env->features[FEAT_1_ECX] & CPUID_EXT_VMX) && !vmx_mig_blocker) {
+-        error_setg(&vmx_mig_blocker,
+-                   "Nested VMX virtualization does not support live migration yet");
+-        r = migrate_add_blocker(vmx_mig_blocker, &local_err);
+-        if (local_err) {
+-            error_report_err(local_err);
+-            error_free(vmx_mig_blocker);
+-            return r;
+-        }
+-    }
+-
+     if (env->mcg_cap & MCG_LMCE_P) {
+         has_msr_mcg_ext_ctl = has_msr_feature_control = true;
+     }

0059-memory-Fix-the-memory-region-type-a.patch

@@ -0,0 +1,44 @@
+From: "Singh, Brijesh" <brijesh.singh@amd.com>
+Date: Fri, 15 Feb 2019 14:22:21 -0700
+Subject: memory: Fix the memory region type assignment order
+
+Currently, a callback registered through the RAMBlock notifier
+is not able to get the memory region type (i.e callback is not
+able to use memory_region_is_ram_device function). This is
+because mr->ram assignment happens _after_ the memory is allocated
+whereas the callback is executed during allocation.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1667249
+Suggested-by: Alex Williamson <alex.williamson@redhat.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
+Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
+[BSC#1123205]
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ memory.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/memory.c b/memory.c
+index d14c6dec1d..d1b68fdae8 100644
+--- a/memory.c
++++ b/memory.c
+@@ -1605,10 +1605,17 @@ void memory_region_init_ram_device_ptr(MemoryRegion *mr,
+                                        uint64_t size,
+                                        void *ptr)
+ {
+-    memory_region_init_ram_ptr(mr, owner, name, size, ptr);
++    memory_region_init(mr, owner, name, size);
++    mr->ram = true;
++    mr->terminates = true;
+     mr->ram_device = true;
+     mr->ops = &ram_device_mem_ops;
+     mr->opaque = mr;
++    mr->destructor = memory_region_destructor_ram;
++    mr->dirty_log_mask = tcg_enabled() ? (1 << DIRTY_MEMORY_CODE) : 0;
++    /* qemu_ram_alloc_from_ptr cannot fail with ptr != NULL.  */
++    assert(ptr != NULL);
++    mr->ram_block = qemu_ram_alloc_from_ptr(size, ptr, mr, &error_fatal);
+ }
+ 
+ void memory_region_init_alias(MemoryRegion *mr,

0060-target-i386-sev-Do-not-pin-the-ram-.patch

@@ -0,0 +1,43 @@
+From: "Singh, Brijesh" <brijesh.singh@amd.com>
+Date: Fri, 15 Feb 2019 14:24:21 -0700
+Subject: target/i386: sev: Do not pin the ram device memory region
+
+The RAM device presents a memory region that should be handled
+as an IO region and should not be pinned.
+
+In the case of the vfio-pci, RAM device represents a MMIO BAR
+and the memory region is not backed by pages hence
+KVM_MEMORY_ENCRYPT_REG_REGION fails to lock the memory range.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1667249
+Cc: Alex Williamson <alex.williamson@redhat.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
+[BSC#1123205]
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ target/i386/sev.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/target/i386/sev.c b/target/i386/sev.c
+index 2395171acf..7d6f4032d6 100644
+--- a/target/i386/sev.c
++++ b/target/i386/sev.c
+@@ -130,6 +130,17 @@ sev_ram_block_added(RAMBlockNotifier *n, void *host, size_t size)
+ {
+     int r;
+     struct kvm_enc_region range;
++    ram_addr_t offset;
++    MemoryRegion *mr;
++
++    /*
++     * The RAM device presents a memory region that should be treated
++     * as IO region and should not be pinned.
++     */
++    mr = memory_region_from_host(host, &offset);
++    if (mr && memory_region_is_ram_device(mr)) {
++        return;
++    }
+ 
+     range.addr = (__u64)(unsigned long)host;
+     range.size = size;

qemu-linux-user.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Feb 15 22:49:26 UTC 2019 - Bruce Rogers <brogers@suse.com>
+
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
+* Patches added:
+  0058-Revert-target-i386-kvm-add-VMX-migr.patch
+  0059-memory-Fix-the-memory-region-type-a.patch
+  0060-target-i386-sev-Do-not-pin-the-ram-.patch
+
 -------------------------------------------------------------------
 Wed Jan 30 15:54:31 UTC 2019 - Liang Yan <lyan@suse.com>
 

qemu-linux-user.spec

@@ -89,6 +89,9 @@ Patch0054:      0054-linux-user-make-pwrite64-pread64-fd.patch
 Patch0055:      0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
 Patch0056:      0056-slirp-check-data-length-while-emula.patch
 Patch0057:      0057-s390x-Return-specification-exceptio.patch
+Patch0058:      0058-Revert-target-i386-kvm-add-VMX-migr.patch
+Patch0059:      0059-memory-Fix-the-memory-region-type-a.patch
+Patch0060:      0060-target-i386-sev-Do-not-pin-the-ram-.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 ExcludeArch:    s390
@@ -177,6 +180,9 @@ syscall layer occurs on the native hardware and operating system.
 %patch0055 -p1
 %patch0056 -p1
 %patch0057 -p1
+%patch0058 -p1
+%patch0059 -p1
+%patch0060 -p1
 
 %build
 ./configure \

qemu-testsuite.changes

@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Fri Feb 15 22:49:24 UTC 2019 - Bruce Rogers <brogers@suse.com>
+
+- Revert upstream patch which declares x86 vmx feature a migration
+  blocker. Given the proliferation of using vm's with host features
+  passed through and the general knowledge that nested
+  virtualization has many usage caveats, but still gets put in use
+  in restricted scenarios, this patch did more harm than good, I
+  feel. So despite this relaxation, please consider yourself warned
+  that nested virtualization is not yet a supportable feature.
+  (bsc#1121604) 
+  0058-Revert-target-i386-kvm-add-VMX-migr.patch
+- Fix SEV VM device assignment (bsc#1123205)
+  0059-memory-Fix-the-memory-region-type-a.patch
+  0060-target-i386-sev-Do-not-pin-the-ram-.patch
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
+
 -------------------------------------------------------------------
 Mon Feb 11 15:41:02 UTC 2019 - Bruce Rogers <brogers@suse.com>
 

qemu-testsuite.spec

@@ -193,6 +193,9 @@ Patch0054:      0054-linux-user-make-pwrite64-pread64-fd.patch
 Patch0055:      0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
 Patch0056:      0056-slirp-check-data-length-while-emula.patch
 Patch0057:      0057-s390x-Return-specification-exceptio.patch
+Patch0058:      0058-Revert-target-i386-kvm-add-VMX-migr.patch
+Patch0059:      0059-memory-Fix-the-memory-region-type-a.patch
+Patch0060:      0060-target-i386-sev-Do-not-pin-the-ram-.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -980,6 +983,9 @@ This package provides a service file for starting and stopping KSM.
 %patch0055 -p1
 %patch0056 -p1
 %patch0057 -p1
+%patch0058 -p1
+%patch0059 -p1
+%patch0060 -p1
 
 pushd roms/seabios
 %patch1100 -p1

qemu.changes

@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Fri Feb 15 22:49:24 UTC 2019 - Bruce Rogers <brogers@suse.com>
+
+- Revert upstream patch which declares x86 vmx feature a migration
+  blocker. Given the proliferation of using vm's with host features
+  passed through and the general knowledge that nested
+  virtualization has many usage caveats, but still gets put in use
+  in restricted scenarios, this patch did more harm than good, I
+  feel. So despite this relaxation, please consider yourself warned
+  that nested virtualization is not yet a supportable feature.
+  (bsc#1121604) 
+  0058-Revert-target-i386-kvm-add-VMX-migr.patch
+- Fix SEV VM device assignment (bsc#1123205)
+  0059-memory-Fix-the-memory-region-type-a.patch
+  0060-target-i386-sev-Do-not-pin-the-ram-.patch
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
+
 -------------------------------------------------------------------
 Mon Feb 11 15:41:02 UTC 2019 - Bruce Rogers <brogers@suse.com>
 

qemu.spec

@@ -193,6 +193,9 @@ Patch0054:      0054-linux-user-make-pwrite64-pread64-fd.patch
 Patch0055:      0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
 Patch0056:      0056-slirp-check-data-length-while-emula.patch
 Patch0057:      0057-s390x-Return-specification-exceptio.patch
+Patch0058:      0058-Revert-target-i386-kvm-add-VMX-migr.patch
+Patch0059:      0059-memory-Fix-the-memory-region-type-a.patch
+Patch0060:      0060-target-i386-sev-Do-not-pin-the-ram-.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -980,6 +983,9 @@ This package provides a service file for starting and stopping KSM.
 %patch0055 -p1
 %patch0056 -p1
 %patch0057 -p1
+%patch0058 -p1
+%patch0059 -p1
+%patch0060 -p1
 
 pushd roms/seabios
 %patch1100 -p1