Accepting request 626736 from Virtualization

OBS-URL: https://build.opensuse.org/request/show/626736
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/qemu?expand=0&rev=143

0067-seccomp-allow-sched_setscheduler-wi.patch

@@ -0,0 +1,65 @@
+From 88a1488c572c681f9737bd3e3ae24e9a3c936212 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
+Date: Tue, 10 Jul 2018 16:55:57 +0200
+Subject: [PATCH] seccomp: allow sched_setscheduler() with SCHED_IDLE policy
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Current and upcoming mesa releases rely on a shader disk cash. It uses
+a thread job queue with low priority, set with
+sched_setscheduler(SCHED_IDLE). However, that syscall is rejected by
+the "resourcecontrol" seccomp qemu filter.
+
+Since it should be safe to allow lowering thread priority, let's allow
+scheduling thread to idle policy.
+
+Related to:
+https://bugzilla.redhat.com/show_bug.cgi?id=1594456
+
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Acked-by: Eduardo Otubo <otubo@redhat.com>
+(cherry picked from commit 056de1e894155fbb99e7b43c1c4382d4920cf437)
+[LD: BSD#1102627]
+Signed-off-by: Larry Dewey <ldewey@suse.com>
+---
+ qemu-seccomp.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/qemu-seccomp.c b/qemu-seccomp.c
+index b770a77d33..845a3330df 100644
+--- a/qemu-seccomp.c
++++ b/qemu-seccomp.c
+@@ -29,6 +29,12 @@
+ struct QemuSeccompSyscall {
+     int32_t num;
+     uint8_t set;
++    uint8_t narg;
++    const struct scmp_arg_cmp *arg_cmp;
++};
++
++const struct scmp_arg_cmp sched_setscheduler_arg[] = {
++    SCMP_A1(SCMP_CMP_NE, SCHED_IDLE)
+ };
+ 
+ static const struct QemuSeccompSyscall blacklist[] = {
+@@ -87,7 +93,8 @@ static const struct QemuSeccompSyscall blacklist[] = {
+     { SCMP_SYS(setpriority),            QEMU_SECCOMP_SET_RESOURCECTL },
+     { SCMP_SYS(sched_setparam),         QEMU_SECCOMP_SET_RESOURCECTL },
+     { SCMP_SYS(sched_getparam),         QEMU_SECCOMP_SET_RESOURCECTL },
+-    { SCMP_SYS(sched_setscheduler),     QEMU_SECCOMP_SET_RESOURCECTL },
++    { SCMP_SYS(sched_setscheduler),     QEMU_SECCOMP_SET_RESOURCECTL,
++      ARRAY_SIZE(sched_setscheduler_arg), sched_setscheduler_arg },
+     { SCMP_SYS(sched_getscheduler),     QEMU_SECCOMP_SET_RESOURCECTL },
+     { SCMP_SYS(sched_setaffinity),      QEMU_SECCOMP_SET_RESOURCECTL },
+     { SCMP_SYS(sched_getaffinity),      QEMU_SECCOMP_SET_RESOURCECTL },
+@@ -113,7 +120,8 @@ int seccomp_start(uint32_t seccomp_opts)
+             continue;
+         }
+ 
+-        rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, blacklist[i].num, 0);
++        rc = seccomp_rule_add_array(ctx, SCMP_ACT_KILL, blacklist[i].num,
++                                    blacklist[i].narg, blacklist[i].arg_cmp);
+         if (rc < 0) {
+             goto seccomp_return;
+         }

ipxe-fix-build.patch

@@ -0,0 +1,21 @@
+Newer binutils (>= 2.31) will emit PLT32 relocs for call/jmp
+instructions on x86_64 in some cases, instead of PC32 relocs
+as before.  This can only be done because on x86-64 the PLT
+doesn't need any special setup, and in turn this means that
+for post-processing/after-link purposes PLT32 and PC32 relocs
+can be handled the same.  elf2efi simply ignores all PC-relative
+relocs (as the code is already fully final for them) and PLT32
+is one of them, so add it to the list.
+
+(Otherwise an "Unrecognized relocation type 4" error occurs
+when building some of the EFI images for IPXE).
+--- a/src/util/elf2efi.c.mm	2018-07-25 12:19:10.647661846 +0000
++++ b/src/util/elf2efi.c	2018-07-25 13:18:18.609633494 +0000
+@@ -637,6 +637,7 @@ static void process_reloc ( struct elf_f
+ 		case ELF_MREL ( EM_ARM, R_ARM_THM_PC22 ) :
+ 		case ELF_MREL ( EM_ARM, R_ARM_THM_JUMP24 ) :
+ 		case ELF_MREL ( EM_X86_64, R_X86_64_PC32 ) :
++		case ELF_MREL ( EM_X86_64, R_X86_64_PLT32 ) :
+ 		case ELF_MREL ( EM_AARCH64, R_AARCH64_CALL26 ) :
+ 		case ELF_MREL ( EM_AARCH64, R_AARCH64_JUMP26 ) :
+ 		case ELF_MREL ( EM_AARCH64, R_AARCH64_ADR_PREL_LO21 ) :

qemu-linux-user.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Jul 25 22:26:19 UTC 2018 - ldewey@suse.com
+
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12
+* Patches added:
+  0067-seccomp-allow-sched_setscheduler-wi.patch
+
 -------------------------------------------------------------------
 Thu Jul  5 21:32:03 UTC 2018 - brogers@suse.com
 

qemu-linux-user.spec

@@ -92,6 +92,7 @@ Patch0063:      0063-i386-define-the-AMD-virt-ssbd-CPUID.patch
 Patch0064:      0064-ahci-fix-PxCI-register-race.patch
 Patch0065:      0065-ccid-card-passthru-fix-regression-i.patch
 Patch0066:      0066-xen-add-block-resize-support-for-xe.patch
+Patch0067:      0067-seccomp-allow-sched_setscheduler-wi.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 Source400:      update_git.sh
@@ -191,6 +192,7 @@ syscall layer occurs on the native hardware and operating system.
 %patch0064 -p1
 %patch0065 -p1
 %patch0066 -p1
+%patch0067 -p1
 
 %build
 ./configure \

qemu-testsuite.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Jul 25 22:26:16 UTC 2018 - ldewey@suse.com
+- Fixing seccomp resourcecontrol defunct issue (bsc#1102627)
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12
+* Patches added:
+  0067-seccomp-allow-sched_setscheduler-wi.patch
+
+-------------------------------------------------------------------
+Wed Jul 25 13:24:50 UTC 2018 - matz@suse.com
+
+- Add ipxe-fix-build.patch to not error out with
+  binutils >= 2.31 .
+
 -------------------------------------------------------------------
 Thu Jul  5 21:31:58 UTC 2018 - brogers@suse.com
 

qemu-testsuite.spec

@@ -196,6 +196,7 @@ Patch0063:      0063-i386-define-the-AMD-virt-ssbd-CPUID.patch
 Patch0064:      0064-ahci-fix-PxCI-register-race.patch
 Patch0065:      0065-ccid-card-passthru-fix-regression-i.patch
 Patch0066:      0066-xen-add-block-resize-support-for-xe.patch
+Patch0067:      0067-seccomp-allow-sched_setscheduler-wi.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -212,6 +213,7 @@ Patch1101:      seabios-switch-to-python3-as-needed.patch
 Patch1200:      ipxe-stable-buildid.patch
 Patch1201:      ipxe-use-gcc6-for-more-compact-code.patch
 Patch1202:      ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
+Patch1203:      ipxe-fix-build.patch
 
 # sgabios
 # PATCH-FIX-OPENSUSE sgabios-stable-buildid.patch brogers@suse.com -- reproducible builds
@@ -931,6 +933,7 @@ This package provides a service file for starting and stopping KSM.
 %patch0064 -p1
 %patch0065 -p1
 %patch0066 -p1
+%patch0067 -p1
 
 %if 0%{?suse_version} > 1320
 %patch1000 -p1
@@ -949,6 +952,7 @@ pushd roms/ipxe
 %patch1201 -p1
 %endif
 %patch1202 -p1
+%patch1203 -p1
 popd
 
 pushd roms/sgabios

qemu.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Jul 25 22:26:16 UTC 2018 - ldewey@suse.com
+- Fixing seccomp resourcecontrol defunct issue (bsc#1102627)
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12
+* Patches added:
+  0067-seccomp-allow-sched_setscheduler-wi.patch
+
+-------------------------------------------------------------------
+Wed Jul 25 13:24:50 UTC 2018 - matz@suse.com
+
+- Add ipxe-fix-build.patch to not error out with
+  binutils >= 2.31 .
+
 -------------------------------------------------------------------
 Thu Jul  5 21:31:58 UTC 2018 - brogers@suse.com
 

qemu.spec

@@ -196,6 +196,7 @@ Patch0063:      0063-i386-define-the-AMD-virt-ssbd-CPUID.patch
 Patch0064:      0064-ahci-fix-PxCI-register-race.patch
 Patch0065:      0065-ccid-card-passthru-fix-regression-i.patch
 Patch0066:      0066-xen-add-block-resize-support-for-xe.patch
+Patch0067:      0067-seccomp-allow-sched_setscheduler-wi.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -212,6 +213,7 @@ Patch1101:      seabios-switch-to-python3-as-needed.patch
 Patch1200:      ipxe-stable-buildid.patch
 Patch1201:      ipxe-use-gcc6-for-more-compact-code.patch
 Patch1202:      ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
+Patch1203:      ipxe-fix-build.patch
 
 # sgabios
 # PATCH-FIX-OPENSUSE sgabios-stable-buildid.patch brogers@suse.com -- reproducible builds
@@ -931,6 +933,7 @@ This package provides a service file for starting and stopping KSM.
 %patch0064 -p1
 %patch0065 -p1
 %patch0066 -p1
+%patch0067 -p1
 
 %if 0%{?suse_version} > 1320
 %patch1000 -p1
@@ -949,6 +952,7 @@ pushd roms/ipxe
 %patch1201 -p1
 %endif
 %patch1202 -p1
+%patch1203 -p1
 popd
 
 pushd roms/sgabios

qemu.spec.in

@@ -148,6 +148,7 @@ Patch1101:      seabios-switch-to-python3-as-needed.patch
 Patch1200:      ipxe-stable-buildid.patch
 Patch1201:      ipxe-use-gcc6-for-more-compact-code.patch
 Patch1202:      ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
+Patch1203:      ipxe-fix-build.patch
 
 # sgabios
 # PATCH-FIX-OPENSUSE sgabios-stable-buildid.patch brogers@suse.com -- reproducible builds
@@ -820,6 +821,7 @@ pushd roms/ipxe
 %patch1201 -p1
 %endif
 %patch1202 -p1
+%patch1203 -p1
 popd
 
 pushd roms/sgabios