Accepting request 941047 from home:dfaggioli:devel:Virtualization

- Add an audio-oss sub-package
- Add some new (mostly documentation) files in the package
- Remove option --audio-drv-list because audio is detected by
  meson automatically in latest version. 
- Remove options --disable-jemalloc and --disable-tcmalloc
  which are changed in v6.2.0. 
- Update to v 6.2.0. For full release notese, see:
  * https://wiki.qemu.org/ChangeLog/6.2.
  Be sure to also check the following pages:
  * https://qemu-project.gitlab.io/qemu/about/removed-features.html
  * https://qemu-project.gitlab.io/qemu/about/deprecated.html
  Some notable changes:
  * virtio-mem: guest memory dumps are now fully supported, along
    with pre-copy/post-copy migration and background guest snapshots
  * QMP: support for nw DEVICE_UNPLUG_GUEST_ERROR to detect
    guest-reported hotplug failures
  * TCG: improvements to TCG plugin argument syntax, and multi-core
    support for cache plugin
  * 68k: improved support for Apple’s NuBus, including ability to
    load declaration ROMs, and slot IRQ support
  * ARM: macOS hosts with Apple Silicon CPUs now support ‘hvf’
    accelerator for AArch64 guests
  * ARM: emulation support for Fujitsu A64FX processor model
  * ARM: emulation support for kudo-mbc machine type
  * ARM: M-profile MVE extension is now supported for Cortex-M55
  * ARM: ‘virt’ machine now supports an emulated ITS (Interrupt
    Translation Service) and supports more than 123 CPUs in
    emulation mode
  * ARM: xlnx-zcu102 and xlnx-versal-virt machines now support
    BBRAM and eFUSE devices
  * PowerPC: improved POWER10 support for the ‘powernv’ machine type
  * PowerPC: initial support for POWER10 DD2.0 CPU model
  * PowerPC: support for FORM2 PAPR NUMA descriptions for ‘pseries’ machine type
  * RISC-V: support for Zb[abcs] instruction set extensions
  * RISC-V: support for vhost-user and numa mem options across all boards
  * RISC-V: SiFive PWM support
  * x86: support for new Snowridge-v4 CPU model
  * x86: guest support for Intel SGX
  * x86: AMD SEV guests now support measurement of kernel binary when doing
    direct kernel boot (not using a bootloader)
* Patches dropped:
  9pfs-fix-crash-in-v9fs_walk.patch
  block-introduce-max_hw_iov-for-use-in-sc.patch
  hmp-Unbreak-change-vnc.patch
  hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
  hw-i386-acpi-build-Deny-control-on-PCIe-.patch
  i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
  net-vmxnet3-validate-configuration-value.patch
  pcie-rename-native-hotplug-to-x-native-h.patch
  plugins-do-not-limit-exported-symbols-if.patch
  plugins-execlog-removed-unintended-s-at-.patch
  qemu-nbd-Change-default-cache-mode-to-wr.patch
  qemu-sockets-fix-unix-socket-path-copy-a.patch
  target-arm-Don-t-skip-M-profile-reset-en.patch
  target-i386-add-missing-bits-to-CR4_RESE.patch
  tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
  uas-add-stream-number-sanity-checks.patch
  vhost-vsock-fix-migration-issue-when-seq.patch
  virtio-balloon-don-t-start-free-page-hin.patch
  virtio-mem-pci-Fix-memory-leak-when-crea.patch
  virtio-net-fix-use-after-unmap-free-for-.patch

OBS-URL: https://build.opensuse.org/request/show/941047
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=681
This commit is contained in:
Dario Faggioli 2021-12-17 10:07:39 +00:00 committed by Git OBS Bridge
parent 7ada9507da
commit e8c9119cb5
59 changed files with 351 additions and 1787 deletions

View File

@ -1,74 +0,0 @@
From: Christian Schoenebeck <qemu_oss@crudebyte.com>
Date: Wed, 1 Sep 2021 18:15:10 +0200
Subject: 9pfs: fix crash in v9fs_walk()
Git-commit: f83df00900816476cca41bb536e4d532b297d76e
v9fs_walk() utilizes the v9fs_co_run_in_worker({...}) macro to run the
supplied fs driver code block on a background worker thread.
When either the 'Twalk' client request was interrupted or if the client
requested fid for that 'Twalk' request caused a stat error then that
fs driver code block was left by 'break' keyword, with the intention to
return from worker thread back to main thread as well:
v9fs_co_run_in_worker({
if (v9fs_request_cancelled(pdu)) {
err = -EINTR;
break;
}
err = s->ops->lstat(&s->ctx, &dpath, &fidst);
if (err < 0) {
err = -errno;
break;
}
...
});
However that 'break;' statement also skipped the v9fs_co_run_in_worker()
macro's final and mandatory
/* re-enter back to qemu thread */
qemu_coroutine_yield();
call and thus caused the rest of v9fs_walk() to be continued being
executed on the worker thread instead of main thread, eventually
leading to a crash in the transport virtio transport driver.
To fix this issue and to prevent the same error from happening again by
other users of v9fs_co_run_in_worker() in future, auto wrap the supplied
code block into its own
do { } while (0);
loop inside the 'v9fs_co_run_in_worker' macro definition.
Full discussion and backtrace:
https://lists.gnu.org/archive/html/qemu-devel/2021-08/msg05209.html
https://lists.gnu.org/archive/html/qemu-devel/2021-09/msg00174.html
Fixes: 8d6cb100731c4d28535adbf2a3c2d1f29be3fef4
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <E1mLTBg-0002Bh-2D@lizzy.crudebyte.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/9pfs/coth.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/9pfs/coth.h b/hw/9pfs/coth.h
index c51289903d0df0ff65f9d3f2649b..f83c7dda7bb8df8295c6a6db59c5 100644
--- a/hw/9pfs/coth.h
+++ b/hw/9pfs/coth.h
@@ -51,7 +51,9 @@
*/ \
qemu_coroutine_yield(); \
qemu_bh_delete(co_bh); \
- code_block; \
+ do { \
+ code_block; \
+ } while (0); \
/* re-enter back to qemu thread */ \
qemu_coroutine_yield(); \
} while (0)

View File

@ -41,7 +41,7 @@ index 7789f7be9c873928be895d618e98..c7556602c77787357c802553ab91 100644
#include "qemu/error-report.h"
#include "qapi/error.h"
diff --git a/chardev/char-mux.c b/chardev/char-mux.c
index 5baf4190108366803a1a0fa26fb7..2aa164c2ecac8f8a843cec9fa1e1 100644
index ee2d47b20d9bd0d2ceb132343bf3..5a7c66e7466cefdc96cb95e26b84 100644
--- a/chardev/char-mux.c
+++ b/chardev/char-mux.c
@@ -22,6 +22,7 @@
@ -52,7 +52,7 @@ index 5baf4190108366803a1a0fa26fb7..2aa164c2ecac8f8a843cec9fa1e1 100644
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "qemu/module.h"
@@ -197,6 +198,17 @@ static void mux_chr_accept_input(Chardev *chr)
@@ -198,6 +199,17 @@ static void mux_chr_accept_input(Chardev *chr)
be->chr_read(be->opaque,
&d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1);
}
@ -70,7 +70,7 @@ index 5baf4190108366803a1a0fa26fb7..2aa164c2ecac8f8a843cec9fa1e1 100644
}
static int mux_chr_can_read(void *opaque)
@@ -331,6 +343,10 @@ static void qemu_chr_open_mux(Chardev *chr,
@@ -332,6 +344,10 @@ static void qemu_chr_open_mux(Chardev *chr,
}
d->focus = -1;
@ -82,7 +82,7 @@ index 5baf4190108366803a1a0fa26fb7..2aa164c2ecac8f8a843cec9fa1e1 100644
* set of muxes
*/
diff --git a/chardev/char.c b/chardev/char.c
index 4595a8d430bf99537367b8d26379..d9d918f905a584f8cf97fb6ee1de 100644
index 0169d8dde4b533c9cf851831b03c..3b1495c0a4fd6b9e81f6703eeb49 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -22,6 +22,7 @@

View File

@ -13,7 +13,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/analyze-migration.py b/scripts/analyze-migration.py
index d7177b212c86e826303bd93e74cb..502ae14111aa328e549b70ac66e7 100755
index b82a1b0c58c4490ffd0c7d083a44..26f9fb1382108787cc1b56546873 100755
--- a/scripts/analyze-migration.py
+++ b/scripts/analyze-migration.py
@@ -1,4 +1,4 @@

View File

@ -6,20 +6,22 @@ This check isn't needed when we know this is a fresh build, which of
course it is when we are building the qemu packages.
Signed-off-by: Bruce Rogers <brogers@suse.com>
[DF: Rebased on top of 6.2.0]
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 401c623a65f84e07ffdf5dc263bf..d8d75dd42e5e066b9f03dc235130 100644
index 74c5b46d38b501f9dd25f447ed08..87ae3ba6efe74e6c48d2a6db970f 100644
--- a/Makefile
+++ b/Makefile
@@ -87,7 +87,7 @@ x := $(shell rm -rf meson-private meson-info meson-logs)
endif
# 1. ensure config-host.mak is up-to-date
-config-host.mak: $(SRC_PATH)/configure $(SRC_PATH)/pc-bios $(SRC_PATH)/VERSION
+config-host.mak: $(SRC_PATH)/configure $(SRC_PATH)/VERSION
-config-host.mak: $(SRC_PATH)/configure $(SRC_PATH)/scripts/meson-buildoptions.sh $(SRC_PATH)/pc-bios $(SRC_PATH)/VERSION
+config-host.mak: $(SRC_PATH)/configure $(SRC_PATH)/scripts/meson-buildoptions.sh $(SRC_PATH)/VERSION
@echo config-host.mak is out-of-date, running configure
@if test -f meson-private/coredata.dat; then \
./config.status --skip-meson; \

View File

@ -14,10 +14,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 2 insertions(+)
diff --git a/softmmu/physmem.c b/softmmu/physmem.c
index 2e18947598eec3dfb6abe91be933..655fb3afb6e23c42868d241d6760 100644
index 3524c04c2a162b717c3975cc15da..f69d6b00467f8b53614171fa17a9 100644
--- a/softmmu/physmem.c
+++ b/softmmu/physmem.c
@@ -2059,11 +2059,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
@@ -2064,11 +2064,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
return NULL;
}

View File

@ -16,7 +16,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 12 insertions(+)
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 5ca11e74694e6b4b6ae83cb320d0..4ccc503f58b7d7aff2b6cf4c8e55 100644
index 620a1f1367e2b033bfec541619d3..527e1d91859b19351d397ef64930 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -40,6 +40,7 @@
@ -27,7 +27,7 @@ index 5ca11e74694e6b4b6ae83cb320d0..4ccc503f58b7d7aff2b6cf4c8e55 100644
#include "sysemu/seccomp.h"
#include "sysemu/tcg.h"
#include "sysemu/xen.h"
@@ -2729,6 +2730,17 @@ void qemu_init(int argc, char **argv, char **envp)
@@ -2772,6 +2773,17 @@ void qemu_init(int argc, char **argv, char **envp)
MachineClass *machine_class;
bool userconfig = true;
FILE *vmstate_dump_file = NULL;

View File

@ -12,10 +12,10 @@ Signed-off-by: Jose R Ziviani <jose.ziviani@suse.com>
2 files changed, 1 insertion(+), 4 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
index 908fd0cce5b4fc90a4798ea4a1c4..3ebd09245290878c24c8f1412146 100644
index f036a1d428db21205ded31bd3035..6570fc67dd37a708cbe379331930 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3810,9 +3810,6 @@ static int img_rebase(int argc, char **argv)
@@ -3822,9 +3822,6 @@ static int img_rebase(int argc, char **argv)
if (ret == -ENOSPC) {
error_report("Could not change the backing file to '%s': No "
"space left in the file header", out_baseimg);

View File

@ -8,7 +8,7 @@ References: bsc#1190135
Signed-off-by: Jose R Ziviani <jose.ziviani@suse.com>
---
block.c | 37 +++++++++++++++++++++++----------
docs/about/deprecated.rst | 20 ++++++++++++++++++
docs/about/deprecated.rst | 23 ++++++++++++++++++++
docs/about/removed-features.rst | 19 -----------------
qemu-img.c | 6 ++----
tests/qemu-iotests/040 | 4 ++--
@ -17,13 +17,13 @@ Signed-off-by: Jose R Ziviani <jose.ziviani@suse.com>
tests/qemu-iotests/114.out | 11 ++++++----
tests/qemu-iotests/301 | 4 +++-
tests/qemu-iotests/301.out | 16 ++++++++++++--
10 files changed, 85 insertions(+), 56 deletions(-)
10 files changed, 88 insertions(+), 56 deletions(-)
diff --git a/block.c b/block.c
index e97ce0b1c83eb68db8abccfe9086..06f5ff49ee79ab5d423008ecc20e 100644
index 0ac5b163d2aa19368ff54f2bc04a..a4dda8c7b6e1c76e7e5c8712475b 100644
--- a/block.c
+++ b/block.c
@@ -5119,7 +5119,7 @@ int coroutine_fn bdrv_co_check(BlockDriverState *bs,
@@ -5337,7 +5337,7 @@ int coroutine_fn bdrv_co_check(BlockDriverState *bs,
* -ENOTSUP - format driver doesn't support changing the backing file
*/
int bdrv_change_backing_file(BlockDriverState *bs, const char *backing_file,
@ -32,7 +32,7 @@ index e97ce0b1c83eb68db8abccfe9086..06f5ff49ee79ab5d423008ecc20e 100644
{
BlockDriver *drv = bs->drv;
int ret;
@@ -5133,8 +5133,10 @@ int bdrv_change_backing_file(BlockDriverState *bs, const char *backing_file,
@@ -5351,8 +5351,10 @@ int bdrv_change_backing_file(BlockDriverState *bs, const char *backing_file,
return -EINVAL;
}
@ -45,7 +45,7 @@ index e97ce0b1c83eb68db8abccfe9086..06f5ff49ee79ab5d423008ecc20e 100644
}
if (drv->bdrv_change_backing_file != NULL) {
@@ -6647,11 +6649,24 @@ void bdrv_img_create(const char *filename, const char *fmt,
@@ -6873,11 +6875,24 @@ void bdrv_img_create(const char *filename, const char *fmt,
goto out;
} else {
if (!backing_fmt) {
@ -75,7 +75,7 @@ index e97ce0b1c83eb68db8abccfe9086..06f5ff49ee79ab5d423008ecc20e 100644
}
if (size == -1) {
/* Opened BS, have no size */
@@ -6668,9 +6683,9 @@ void bdrv_img_create(const char *filename, const char *fmt,
@@ -6894,9 +6909,9 @@ void bdrv_img_create(const char *filename, const char *fmt,
}
/* (backing_file && !(flags & BDRV_O_NO_BACKING)) */
} else if (backing_file && !backing_fmt) {
@ -89,13 +89,16 @@ index e97ce0b1c83eb68db8abccfe9086..06f5ff49ee79ab5d423008ecc20e 100644
if (size == -1) {
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 6d438f1c8d41e19c4fc976d1c7da..638f1000cbd19a72aa456104446f 100644
index ff7488cb63b93830f75093030add..a5de09adbe9fd84b897101b31999 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -300,6 +300,26 @@ this CPU is also deprecated.
Related binaries
----------------
@@ -401,6 +401,29 @@ The ``I7200`` guest CPU relies on the nanoMIPS ISA, which is deprecated
(the ISA has never been upstreamed to a compiler toolchain). Therefore
this CPU is also deprecated.
+Related binaries
+----------------
+
+qemu-img backing file without format (since 5.1)
+''''''''''''''''''''''''''''''''''''''''''''''''
+
@ -120,15 +123,15 @@ index 6d438f1c8d41e19c4fc976d1c7da..638f1000cbd19a72aa456104446f 100644
-----------------------
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index cbfa1a8e31a69200c2bb97ddffb1..afadc8f7e0fc4e2377ee85d6166c 100644
index d42c3341dee4462adb8496691575..15b34368f99fc649595507c742a1 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -678,25 +678,6 @@ backing chain should be performed with ``qemu-img rebase -u`` either
@@ -670,25 +670,6 @@ backing chain should be performed with ``qemu-img rebase -u`` either
before or after the remaining changes being performed by amend, as
appropriate.
-qemu-img backing file without format (removed in 6.1)
-'''''''''''''''''''''''''''''''''''''''''''''''''''''
-``qemu-img`` backing file without format (removed in 6.1)
-'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-
-The use of ``qemu-img create``, ``qemu-img rebase``, or ``qemu-img
-convert`` to create or modify an image that depends on a backing file
@ -150,10 +153,10 @@ index cbfa1a8e31a69200c2bb97ddffb1..afadc8f7e0fc4e2377ee85d6166c 100644
-------------
diff --git a/qemu-img.c b/qemu-img.c
index 3ebd09245290878c24c8f1412146..4da817857f3efccc2bd83297500b 100644
index 6570fc67dd37a708cbe379331930..0239bdd6d09d635acee68ac28c36 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2549,10 +2549,8 @@ static int img_convert(int argc, char **argv)
@@ -2553,10 +2553,8 @@ static int img_convert(int argc, char **argv)
if (out_baseimg_param) {
if (!qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT)) {
@ -167,10 +170,10 @@ index 3ebd09245290878c24c8f1412146..4da817857f3efccc2bd83297500b 100644
}
diff --git a/tests/qemu-iotests/040 b/tests/qemu-iotests/040
index f3677de9dfde326ad85515ec8bfa..ba7cb34ce8cf95df6fa63f9eb8f0 100755
index 6af5ab9e764cc5a061712a622a81..26ebe0b02f75a13c05ec5d938f53 100755
--- a/tests/qemu-iotests/040
+++ b/tests/qemu-iotests/040
@@ -920,8 +920,8 @@ class TestCommitWithOverriddenBacking(iotests.QMPTestCase):
@@ -915,8 +915,8 @@ class TestCommitWithOverriddenBacking(iotests.QMPTestCase):
def setUp(self):
qemu_img('create', '-f', iotests.imgfmt, self.img_base_a, '1M')
qemu_img('create', '-f', iotests.imgfmt, self.img_base_b, '1M')

View File

@ -8,20 +8,22 @@ This reverts commit ec87b5daca761039bbcf781eedbe4987f790836f.
No need. In our build system submodules are checked out.
Signed-off-by: Bruce Rogers <brogers@suse.com>
[DF: Rebased on top of 6.2.0]
---
roms/Makefile | 1 -
roms/Makefile | 2 --
tests/uefi-test-tools/Makefile | 1 -
2 files changed, 2 deletions(-)
2 files changed, 3 deletions(-)
diff --git a/roms/Makefile b/roms/Makefile
index 38b71afb0757bd717154afd6a92d..6ea8edd9fcf6bb0cdc1f1602f241 100644
index 66d06f5831303c3d41e943290389..6ea8edd9fcf6bb0cdc1f1602f241 100644
--- a/roms/Makefile
+++ b/roms/Makefile
@@ -151,7 +151,6 @@ build-efi-roms: build-pxe-roms
@@ -151,8 +151,6 @@ build-efi-roms: build-pxe-roms
# efirom
#
edk2-basetools:
- cd edk2/BaseTools && git submodule update --init --force
- cd edk2/BaseTools && git submodule update --init --force \
- Source/C/BrotliCompress/brotli
$(MAKE) -C edk2/BaseTools \
PYTHON_COMMAND=$${EDK2_PYTHON_COMMAND:-python3} \
EXTRA_OPTFLAGS='$(EDK2_BASETOOLS_OPTFLAGS)' \

View File

@ -8,10 +8,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 6 insertions(+)
diff --git a/linux-user/signal.c b/linux-user/signal.c
index a8faea6f090964b46199239ed1d3..4db55900a44ade173c02aedc3618 100644
index 6d5e5b698cc827416b4fdf78aac3..41ec78926582729c91f486f1fb15 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -677,6 +677,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
@@ -734,6 +734,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
trace_user_force_sig(env, target_sig, host_sig);
gdb_signalled(env, target_sig);
@ -22,7 +22,7 @@ index a8faea6f090964b46199239ed1d3..4db55900a44ade173c02aedc3618 100644
/* dump core if supported by target binary format */
if (core_dump_signal(target_sig) && (ts->bprm->core_dump != NULL)) {
stop_all_tasks();
@@ -694,6 +698,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
@@ -751,6 +755,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
target_sig, strsignal(host_sig), "core dumped" );
}

View File

@ -16,7 +16,7 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 48f7a1edbcbc06461ecb23699a87..d32441fadf7bfc6fbb930addd697 100644
index f0b5fac44a14279ac3c66834bfb1..42c1a7a816cbdb22b16876dc6f8c 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -278,7 +278,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id)

View File

@ -1,123 +0,0 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 23 Sep 2021 09:04:36 -0400
Subject: block: introduce max_hw_iov for use in scsi-generic
Git-commit: cc071629539dc1f303175a7e2d4ab854c0a8b20f
Linux limits the size of iovecs to 1024 (UIO_MAXIOV in the kernel
sources, IOV_MAX in POSIX). Because of this, on some host adapters
requests with many iovecs are rejected with -EINVAL by the
io_submit() or readv()/writev() system calls.
In fact, the same limit applies to SG_IO as well. To fix both the
EINVAL and the possible performance issues from using fewer iovecs
than allowed by Linux (some HBAs have max_segments as low as 128),
introduce a separate entry in BlockLimits to hold the max_segments
value from sysfs. This new limit is used only for SG_IO and clamped
to bs->bl.max_iov anyway, just like max_hw_transfer is clamped to
bs->bl.max_transfer.
Reported-by: Halil Pasic <pasic@linux.ibm.com>
Cc: Hanna Reitz <hreitz@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-block@nongnu.org
Cc: qemu-stable@nongnu.org
Fixes: 18473467d5 ("file-posix: try BLKSECTGET on block devices too, do not round to power of 2", 2021-06-25)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210923130436.1187591-1-pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Li Zhang <li.zhang@suse.com>
---
block/block-backend.c | 6 ++++++
block/file-posix.c | 2 +-
block/io.c | 1 +
hw/scsi/scsi-generic.c | 2 +-
include/block/block_int.h | 7 +++++++
include/sysemu/block-backend.h | 1 +
6 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index deb55c272ead88648c9c66ebf2e4..6320752aa2a104503300d69a4f03 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -1978,6 +1978,12 @@ uint32_t blk_get_max_transfer(BlockBackend *blk)
return ROUND_DOWN(max, blk_get_request_alignment(blk));
}
+int blk_get_max_hw_iov(BlockBackend *blk)
+{
+ return MIN_NON_ZERO(blk->root->bs->bl.max_hw_iov,
+ blk->root->bs->bl.max_iov);
+}
+
int blk_get_max_iov(BlockBackend *blk)
{
return blk->root->bs->bl.max_iov;
diff --git a/block/file-posix.c b/block/file-posix.c
index cb9bffe0471c39e85146780b4a77..1567edb3d5cb4e85af27dc390843 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -1273,7 +1273,7 @@ static void raw_refresh_limits(BlockDriverState *bs, Error **errp)
ret = hdev_get_max_segments(s->fd, &st);
if (ret > 0) {
- bs->bl.max_iov = ret;
+ bs->bl.max_hw_iov = ret;
}
}
}
diff --git a/block/io.c b/block/io.c
index a19942718b5d00cb1e54bc9e8228..f38e7f81d8e4c4a3fdf9a47496ab 100644
--- a/block/io.c
+++ b/block/io.c
@@ -136,6 +136,7 @@ static void bdrv_merge_limits(BlockLimits *dst, const BlockLimits *src)
dst->min_mem_alignment = MAX(dst->min_mem_alignment,
src->min_mem_alignment);
dst->max_iov = MIN_NON_ZERO(dst->max_iov, src->max_iov);
+ dst->max_hw_iov = MIN_NON_ZERO(dst->max_hw_iov, src->max_hw_iov);
}
typedef struct BdrvRefreshLimitsState {
diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
index 665baf900e45883d462430db8475..0306ccc7b1e4827a67aaed926f93 100644
--- a/hw/scsi/scsi-generic.c
+++ b/hw/scsi/scsi-generic.c
@@ -180,7 +180,7 @@ static int scsi_handle_inquiry_reply(SCSIGenericReq *r, SCSIDevice *s, int len)
page = r->req.cmd.buf[2];
if (page == 0xb0) {
uint64_t max_transfer = blk_get_max_hw_transfer(s->conf.blk);
- uint32_t max_iov = blk_get_max_iov(s->conf.blk);
+ uint32_t max_iov = blk_get_max_hw_iov(s->conf.blk);
assert(max_transfer);
max_transfer = MIN_NON_ZERO(max_transfer, max_iov * qemu_real_host_page_size)
diff --git a/include/block/block_int.h b/include/block/block_int.h
index f1a54db0f8ce693399d0352f69ce..c31cbd034a1b5a427c876709ac66 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -702,6 +702,13 @@ typedef struct BlockLimits {
*/
uint64_t max_hw_transfer;
+ /* Maximal number of scatter/gather elements allowed by the hardware.
+ * Applies whenever transfers to the device bypass the kernel I/O
+ * scheduler, for example with SG_IO. If larger than max_iov
+ * or if zero, blk_get_max_hw_iov will fall back to max_iov.
+ */
+ int max_hw_iov;
+
/* memory alignment, in bytes so that no bounce buffer is needed */
size_t min_mem_alignment;
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 9ac5f7bbd3a17d87d8a59abb3a65..5daec61f6ecce87e94825cff01af 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -210,6 +210,7 @@ uint32_t blk_get_request_alignment(BlockBackend *blk);
uint32_t blk_get_max_transfer(BlockBackend *blk);
uint64_t blk_get_max_hw_transfer(BlockBackend *blk);
int blk_get_max_iov(BlockBackend *blk);
+int blk_get_max_hw_iov(BlockBackend *blk);
void blk_set_guest_block_size(BlockBackend *blk, int align);
void *blk_try_blockalign(BlockBackend *blk, size_t size);
void *blk_blockalign(BlockBackend *blk, size_t size);

View File

@ -15,7 +15,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+)
diff --git a/roms/seabios/Makefile b/roms/seabios/Makefile
index 74a01853f26458d94d4a4e056b7b..16627562900bbca4b68c6f1df220 100644
index 5ced69cd8be94d36c8aaa887ce73..e0c51a4e455e9796437b7f59dd17 100644
--- a/roms/seabios/Makefile
+++ b/roms/seabios/Makefile
@@ -73,6 +73,7 @@ COMMONCFLAGS += $(call cc-option,$(CC),-fstack-check=no,)

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8c04f9c1178d8aa0b6ebb78ae4f9836caddeb8c8ec6a31943f47d94caae2ee71
size 61200
oid sha256:34924e1221d39db283ce02f2e0989a35e3bfb78a6a23f86ca2ce27c74c766542
size 52064

View File

@ -18,12 +18,12 @@ UPSTREAM_GIT_REPO=https://gitlab.com/qemu-project/qemu.git
# The following specifies the upstream tag or commit upon which our patchqueue
# gets rebased. The special value LATEST may be used to "automatically" track
# the upstream development tree in the master branch
GIT_UPSTREAM_COMMIT_ISH=v6.1.0
GIT_UPSTREAM_COMMIT_ISH=v6.2.0
# WARNING: If transitioning from using LATEST to not, MANUALLY re-set the
# tarball present. If transitioning TO LATEST, make sure that
# NEXT_RELEASE_IS_MAJOR is set correctly
# This is used to choose the version number when LATEST processing is active
NEXT_RELEASE_IS_MAJOR=0
NEXT_RELEASE_IS_MAJOR=1
# Unfortunately, SeaBIOS doesn't always follow an "always increasing" version
# model, so there may be times we should overide the automated version setting.

View File

@ -12,10 +12,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index 9a79a004d7cf1952cf3f4178e099..2a3073da6bd818cc2391c1d8f515 100755
index 48c21775f3a90c91631d90bd6e3e..e53fc9b91a69870e354ba2f27475 100755
--- a/configure
+++ b/configure
@@ -4413,7 +4413,7 @@ fi
@@ -3373,7 +3373,7 @@ fi
# Only build s390-ccw bios if we're on s390x and the compiler has -march=z900
# or -march=z10 (which is the lowest architecture level that Clang supports)

View File

@ -18,10 +18,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index 2a3073da6bd818cc2391c1d8f515..26368a637f85c0667fa627f7cbd6 100755
index e53fc9b91a69870e354ba2f27475..5312dc66dd293857ef916f3dde44 100755
--- a/configure
+++ b/configure
@@ -4587,7 +4587,7 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak
@@ -3509,7 +3509,7 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak
if test "$modules" = "yes"; then
# $shacmd can generate a hash started with digit, which the compiler doesn't
# like as an symbol. So prefix it with an underscore

View File

@ -10,10 +10,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+)
diff --git a/docs/index.rst b/docs/index.rst
index 5f7eaaa632c4e1e4569bd9996801..17e560e0cb8d46f71ba4f13803c0 100644
index 0b9ee9901d952c37cf3f9aefeffc..0669fc4cca6d0298cfab566857ba 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -10,6 +10,7 @@ Welcome to QEMU's documentation!
@@ -11,6 +11,7 @@ Welcome to QEMU's documentation!
:maxdepth: 2
:caption: Contents:

View File

@ -8,7 +8,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/roms/seabios/Makefile b/roms/seabios/Makefile
index edb83b7a1c77f7bb75c371330b2c..74a01853f26458d94d4a4e056b7b 100644
index 408983026669e531dcb84230dd23..5ced69cd8be94d36c8aaa887ce73 100644
--- a/roms/seabios/Makefile
+++ b/roms/seabios/Makefile
@@ -13,7 +13,7 @@ export CONFIG_SHELL := sh

View File

@ -1,59 +0,0 @@
From: Markus Armbruster <armbru@redhat.com>
Date: Thu, 9 Sep 2021 10:12:18 +0200
Subject: hmp: Unbreak "change vnc"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 6193344f9337f8b76cd44ce94a32c9900d907d35
HMP command "change vnc" can take the password as argument, or prompt
for it:
(qemu) change vnc password 123
(qemu) change vnc password
Password: ***
(qemu)
This regressed in commit cfb5387a1d "hmp: remove "change vnc TARGET"
command", v6.0.0.
(qemu) change vnc passwd 123
Password: ***
(qemu) change vnc passwd
(qemu)
The latter passes NULL to qmp_change_vnc_password(), which is a no-no.
Looks like it puts the display into "password required, but none set"
state.
The logic error is easy to miss in review, but testing should've
caught it.
Fix the obvious way.
Fixes: cfb5387a1de2acda23fb5c97d2378b9e7ddf8025
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20210909081219.308065-2-armbru@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Li Zhang <li.zhang@suse.com>
---
monitor/hmp-cmds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index e00255f7ee707c9a430268183a6b..a7e197a90bf7f5ad8c71140c6d55 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -1496,7 +1496,7 @@ void hmp_change(Monitor *mon, const QDict *qdict)
}
if (strcmp(target, "passwd") == 0 ||
strcmp(target, "password") == 0) {
- if (arg) {
+ if (!arg) {
MonitorHMP *hmp_mon = container_of(mon, MonitorHMP, common);
monitor_read_password(hmp_mon, hmp_change_read_arg, NULL);
return;

View File

@ -1,121 +0,0 @@
From: Julia Suvorova <jusual@redhat.com>
Date: Fri, 12 Nov 2021 06:08:54 -0500
Subject: hw/acpi/ich9: Add compat prop to keep HPC bit set for 6.1 machine
type
Git-commit: c318bef76206c2ecb6016e8e68c4ac6ff9a4c8cb
References: bsc#1192147
To solve issues [1-2] the Hot Plug Capable bit in PCIe Slots will be
turned on, while the switch to ACPI Hot-plug will be done in the
DSDT table.
[1] https://gitlab.com/qemu-project/qemu/-/issues/641
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2006409
Signed-off-by: Julia Suvorova <jusual@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20211112110857.3116853-3-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Lin Ma <lma@suse.com>
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
---
hw/acpi/ich9.c | 18 ++++++++++++++++++
hw/i386/pc.c | 1 +
hw/i386/pc_q35.c | 7 ++++++-
include/hw/acpi/ich9.h | 1 +
4 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 778e27b65985326b3543e0083c4f..48d7e59bc900d1a5ca12817e72cc 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -419,6 +419,20 @@ static void ich9_pm_set_acpi_pci_hotplug(Object *obj, bool value, Error **errp)
s->pm.use_acpi_hotplug_bridge = value;
}
+static bool ich9_pm_get_keep_pci_slot_hpc(Object *obj, Error **errp)
+{
+ ICH9LPCState *s = ICH9_LPC_DEVICE(obj);
+
+ return s->pm.keep_pci_slot_hpc;
+}
+
+static void ich9_pm_set_keep_pci_slot_hpc(Object *obj, bool value, Error **errp)
+{
+ ICH9LPCState *s = ICH9_LPC_DEVICE(obj);
+
+ s->pm.keep_pci_slot_hpc = value;
+}
+
void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
{
static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN;
@@ -428,6 +442,7 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
pm->disable_s4 = 0;
pm->s4_val = 2;
pm->use_acpi_hotplug_bridge = true;
+ pm->keep_pci_slot_hpc = true;
object_property_add_uint32_ptr(obj, ACPI_PM_PROP_PM_IO_BASE,
&pm->pm_io_base, OBJ_PROP_FLAG_READ);
@@ -454,6 +469,9 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
object_property_add_bool(obj, "acpi-pci-hotplug-with-bridge-support",
ich9_pm_get_acpi_pci_hotplug,
ich9_pm_set_acpi_pci_hotplug);
+ object_property_add_bool(obj, "x-keep-pci-slot-hpc",
+ ich9_pm_get_keep_pci_slot_hpc,
+ ich9_pm_set_keep_pci_slot_hpc);
}
void ich9_pm_device_pre_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev,
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index c2b9d62a358f7b9d25dc91ff85e6..cbcb803549496f20185a070d422c 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -100,6 +100,7 @@ GlobalProperty pc_compat_6_0[] = {
{ "qemu64" "-" TYPE_X86_CPU, "stepping", "3" },
{ TYPE_X86_CPU, "x-vendor-cpuid-only", "off" },
{ "ICH9-LPC", "acpi-pci-hotplug-with-bridge-support", "off" },
+ { "ICH9-LPC", "x-keep-pci-slot-hpc", "false" },
};
const size_t pc_compat_6_0_len = G_N_ELEMENTS(pc_compat_6_0);
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 9070544a903d08117d4a14bf70b0..2db27a56649fd2ae31de1c0d6cf7 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -138,6 +138,7 @@ static void pc_q35_init(MachineState *machine)
DriveInfo *hd[MAX_SATA_PORTS];
MachineClass *mc = MACHINE_GET_CLASS(machine);
bool acpi_pcihp;
+ bool keep_pci_slot_hpc;
/* Check whether RAM fits below 4G (leaving 1/2 GByte for IO memory
* and 256 Mbytes for PCI Express Enhanced Configuration Access Mapping
@@ -242,7 +243,11 @@ static void pc_q35_init(MachineState *machine)
"acpi-pci-hotplug-with-bridge-support",
NULL);
- if (acpi_pcihp) {
+ keep_pci_slot_hpc = object_property_get_bool(OBJECT(lpc),
+ "x-keep-pci-slot-hpc",
+ NULL);
+
+ if (!keep_pci_slot_hpc && acpi_pcihp) {
object_register_sugar_prop(TYPE_PCIE_SLOT, "x-native-hotplug",
"false", true);
}
diff --git a/include/hw/acpi/ich9.h b/include/hw/acpi/ich9.h
index a329ce43abb27d6a1af43cf5fe24..64dc39cf5b091ee6662c3f80e5bf 100644
--- a/include/hw/acpi/ich9.h
+++ b/include/hw/acpi/ich9.h
@@ -56,6 +56,7 @@ typedef struct ICH9LPCPMRegs {
AcpiCpuHotplug gpe_cpu;
CPUHotplugState cpuhp_state;
+ bool keep_pci_slot_hpc;
bool use_acpi_hotplug_bridge;
AcpiPciHpState acpi_pci_hotplug;
MemHotplugState acpi_memory_hotplug;

View File

@ -1,87 +0,0 @@
From: Julia Suvorova <jusual@redhat.com>
Date: Fri, 12 Nov 2021 06:08:56 -0500
Subject: hw/i386/acpi-build: Deny control on PCIe Native Hot-plug in _OSC
Git-commit: 211afe5c69b597acf85fdd577eb497f5be1ffbd8
References: bsc#1192147
There are two ways to enable ACPI PCI Hot-plug:
* Disable the Hot-plug Capable bit on PCIe slots.
This was the first approach which led to regression [1-2], as
I/O space for a port is allocated only when it is hot-pluggable,
which is determined by HPC bit.
* Leave the HPC bit on and disable PCIe Native Hot-plug in _OSC
method.
This removes the (future) ability of hot-plugging switches with PCIe
Native hotplug since ACPI PCI Hot-plug only works with cold-plugged
bridges. If the user wants to explicitely use this feature, they can
disable ACPI PCI Hot-plug with:
--global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=off
Change the bit in _OSC method so that the OS selects ACPI PCI Hot-plug
instead of PCIe Native.
[1] https://gitlab.com/qemu-project/qemu/-/issues/641
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2006409
Signed-off-by: Julia Suvorova <jusual@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20211112110857.3116853-5-imammedo@redhat.com>
Reviewed-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Lin Ma <lma@suse.com>
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
---
hw/i386/acpi-build.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index a33ac8b91e1baa129dac61ab32b6..ef28c3de772abe1cafe232f7754c 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1329,7 +1329,7 @@ static void build_x86_acpi_pci_hotplug(Aml *table, uint64_t pcihp_addr)
aml_append(table, scope);
}
-static Aml *build_q35_osc_method(void)
+static Aml *build_q35_osc_method(bool enable_native_pcie_hotplug)
{
Aml *if_ctx;
Aml *if_ctx2;
@@ -1351,8 +1351,10 @@ static Aml *build_q35_osc_method(void)
/*
* Always allow native PME, AER (no dependencies)
* Allow SHPC (PCI bridges can have SHPC controller)
+ * Disable PCIe Native Hot-plug if ACPI PCI Hot-plug is enabled.
*/
- aml_append(if_ctx, aml_and(a_ctrl, aml_int(0x1F), a_ctrl));
+ aml_append(if_ctx, aml_and(a_ctrl,
+ aml_int(0x1E | (enable_native_pcie_hotplug ? 0x1 : 0x0)), a_ctrl));
if_ctx2 = aml_if(aml_lnot(aml_equal(aml_arg(1), aml_int(1))));
/* Unknown revision */
@@ -1441,7 +1443,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
aml_append(dev, aml_name_decl("_CID", aml_eisaid("PNP0A03")));
aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
aml_append(dev, aml_name_decl("_UID", aml_int(pcmc->pci_root_uid)));
- aml_append(dev, build_q35_osc_method());
+ aml_append(dev, build_q35_osc_method(!pm->pcihp_bridge_en));
aml_append(sb_scope, dev);
if (mcfg_valid) {
aml_append(sb_scope, build_q35_dram_controller(&mcfg));
@@ -1557,7 +1559,9 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
if (pci_bus_is_express(bus)) {
aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08")));
aml_append(dev, aml_name_decl("_CID", aml_eisaid("PNP0A03")));
- aml_append(dev, build_q35_osc_method());
+
+ /* Expander bridges do not have ACPI PCI Hot-plug enabled */
+ aml_append(dev, build_q35_osc_method(true));
} else {
aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03")));
}

View File

@ -1,32 +0,0 @@
From: Yang Zhong <yang.zhong@intel.com>
Date: Fri, 20 Aug 2021 13:46:11 +0800
Subject: i386/cpu: Remove AVX_VNNI feature from Cooperlake cpu model
Git-commit: f429dbf8fc526a9cacf531176b28d0c65701475a
The AVX_VNNI feature is not in Cooperlake platform, remove it
from cpu model.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210820054611.84303-1-yang.zhong@intel.com>
Fixes: c1826ea6a052 ("i386/cpu: Expose AVX_VNNI instruction to guest")
Cc: qemu-stable@nongnu.org
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
target/i386/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 34a7ce865bba4dcf759c719a2bb6..24ddc5b92654534742f80ca571ce 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3102,7 +3102,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO |
MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO,
.features[FEAT_7_1_EAX] =
- CPUID_7_1_EAX_AVX_VNNI | CPUID_7_1_EAX_AVX512_BF16,
+ CPUID_7_1_EAX_AVX512_BF16,
/* XSAVES is added in version 2 */
.features[FEAT_XSAVE] =
CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |

View File

@ -18,7 +18,7 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/tcg/helper-tcg.h b/target/i386/tcg/helper-tcg.h
index 2510cc244e91c91adfaffbb69674..b1903b2d86ac067ebe90212b25e0 100644
index 0a4401e917f9a0b40fb95bf947fd..ef916d40e8c9497853b265a1e7b4 100644
--- a/target/i386/tcg/helper-tcg.h
+++ b/target/i386/tcg/helper-tcg.h
@@ -26,7 +26,7 @@

View File

@ -21,10 +21,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 24 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7771dede6384e061b9ad10a2b0c2..3e206c14c12d48a2ee7d242f6f13 100644
index 0a1d99cb44d168d561de4c42e132..d4f3295b9d1837126f35d8357e80 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7860,6 +7860,27 @@ static int open_self_stat(void *cpu_env, int fd)
@@ -7871,6 +7871,27 @@ static int open_self_stat(void *cpu_env, int fd)
return 0;
}
@ -52,7 +52,7 @@ index 7771dede6384e061b9ad10a2b0c2..3e206c14c12d48a2ee7d242f6f13 100644
static int open_self_auxv(void *cpu_env, int fd)
{
CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
@@ -8014,6 +8035,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags,
@@ -8025,6 +8046,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags,
#if defined(TARGET_SPARC) || defined(TARGET_HPPA)
{ "/proc/cpuinfo", open_cpuinfo, is_proc },
#endif

View File

@ -82,10 +82,10 @@ index 0000000000000000000000000000000000000000..cd1f513b334f3b263d9e4b5adb1981e3
+ return execve(new_argv[0], new_argv, envp);
+}
diff --git a/meson.build b/meson.build
index b3e7ec0e92da8d333d0c49bbe4aa..72aa5562bb69b828e4ca8f65fb3b 100644
index 96de1a6ef948542aa93bd0324200..612da7167f5c4aafcf77a0e1ce55 100644
--- a/meson.build
+++ b/meson.build
@@ -2717,6 +2717,11 @@ endforeach
@@ -3043,6 +3043,11 @@ endforeach
# Other build targets

View File

@ -15,10 +15,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 54dcd38709918dd5f8aa8013ee17..4effe3b234aa7da037638b8a268e 100644
index 381066e788eb36c1d6ca5b872353..7fe3a69c7cd860d7c1a8ea88a48d 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8537,8 +8537,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1,
@@ -8701,8 +8701,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1,
return ret;
#endif
#ifdef TARGET_NR_lseek

View File

@ -10,35 +10,18 @@ it to a negative number, breaking lseek for example.
Pass syscall arguments as ulong always.
Signed-off-by: Alexander Graf <agraf@suse.de>
[JRZ: changes from linux-user/qemu.h wass moved to linux-user/user-internals.h]
Signed-off-by: Jose R Ziviani <jziviani@suse.de>
---
linux-user/qemu.h | 8 ++++----
linux-user/syscall.c | 18 +++++++++---------
linux-user/syscall.c | 18 +++++++++---------
linux-user/user-internals.h | 8 ++++----
2 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 3b0b6b75fe8f1c5a5a5eb56ff99d..6a1d9b2d90da099bb2faaebbd265 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -231,10 +231,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src,
void target_set_brk(abi_ulong new_brk);
abi_long do_brk(abi_ulong new_brk);
void syscall_init(void);
-abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
- abi_long arg2, abi_long arg3, abi_long arg4,
- abi_long arg5, abi_long arg6, abi_long arg7,
- abi_long arg8);
+abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
+ abi_ulong arg2, abi_ulong arg3, abi_ulong arg4,
+ abi_ulong arg5, abi_ulong arg6, abi_ulong arg7,
+ abi_ulong arg8);
extern __thread CPUState *thread_cpu;
void cpu_loop(CPUArchState *env);
const char *target_strerror(int err);
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 3e206c14c12d48a2ee7d242f6f13..54dcd38709918dd5f8aa8013ee17 100644
index d4f3295b9d1837126f35d8357e80..381066e788eb36c1d6ca5b872353 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8182,10 +8182,10 @@ _syscall2(int, pivot_root, const char *, new_root, const char *, put_old)
@@ -8346,10 +8346,10 @@ _syscall2(int, pivot_root, const char *, new_root, const char *, put_old)
* of syscall results, can be performed.
* All errnos that do_syscall() returns must be -TARGET_<errcode>.
*/
@ -53,7 +36,7 @@ index 3e206c14c12d48a2ee7d242f6f13..54dcd38709918dd5f8aa8013ee17 100644
{
CPUState *cpu = env_cpu(cpu_env);
abi_long ret;
@@ -10794,7 +10794,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
@@ -10807,7 +10807,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
*/
ret = -TARGET_EINVAL;
if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env))
@ -62,7 +45,7 @@ index 3e206c14c12d48a2ee7d242f6f13..54dcd38709918dd5f8aa8013ee17 100644
CPUARMState *env = cpu_env;
ARMCPU *cpu = env_archcpu(env);
uint32_t vq, old_vq;
@@ -13163,10 +13163,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
@@ -13176,10 +13176,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
return ret;
}
@ -77,3 +60,22 @@ index 3e206c14c12d48a2ee7d242f6f13..54dcd38709918dd5f8aa8013ee17 100644
{
CPUState *cpu = env_cpu(cpu_env);
abi_long ret;
diff --git a/linux-user/user-internals.h b/linux-user/user-internals.h
index 661612a088b5c4e37f8f9fbcb6af..db24553432003b2faa3957d63c3d 100644
--- a/linux-user/user-internals.h
+++ b/linux-user/user-internals.h
@@ -60,10 +60,10 @@ int info_is_fdpic(struct image_info *info);
void target_set_brk(abi_ulong new_brk);
void syscall_init(void);
-abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
- abi_long arg2, abi_long arg3, abi_long arg4,
- abi_long arg5, abi_long arg6, abi_long arg7,
- abi_long arg8);
+abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
+ abi_ulong arg2, abi_ulong arg3, abi_ulong arg4,
+ abi_ulong arg5, abi_ulong arg6, abi_ulong arg7,
+ abi_ulong arg8);
extern __thread CPUState *thread_cpu;
void cpu_loop(CPUArchState *env);
const char *target_strerror(int err);

View File

@ -24,7 +24,7 @@ Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
2 files changed, 34 insertions(+)
diff --git a/include/qemu/module.h b/include/qemu/module.h
index 3deac0078b9d4d62d0549427b7ec..49d46532000e8c7211d43f7b705c 100644
index 5fcc323b2a79d5adfdf27fa19bf7..ed051a6c0e7df56015e25936e641 100644
--- a/include/qemu/module.h
+++ b/include/qemu/module.h
@@ -73,6 +73,7 @@ bool module_load_one(const char *prefix, const char *lib_name, bool mayfail);

View File

@ -1,74 +0,0 @@
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Sat, 30 Jan 2021 18:46:52 +0530
Subject: net: vmxnet3: validate configuration values during activate
(CVE-2021-20203)
Git-commit: 0000000000000000000000000000000000000000
References: bsc#1181639
While activating device in vmxnet3_acticate_device(), it does not
validate guest supplied configuration values against predefined
minimum - maximum limits. This may lead to integer overflow or
OOB access issues. Add checks to avoid it.
Fixes: CVE-2021-20203
Buglink: https://bugs.launchpad.net/qemu/+bug/1913873
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/net/vmxnet3.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 41f796a247dfe84cc667fef6c48b..f65af4e9ef27a85850968c811e52 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1441,6 +1441,7 @@ static void vmxnet3_activate_device(VMXNET3State *s)
vmxnet3_setup_rx_filtering(s);
/* Cache fields from shared memory */
s->mtu = VMXNET3_READ_DRV_SHARED32(d, s->drv_shmem, devRead.misc.mtu);
+ assert(VMXNET3_MIN_MTU <= s->mtu && s->mtu < VMXNET3_MAX_MTU);
VMW_CFPRN("MTU is %u", s->mtu);
s->max_rx_frags =
@@ -1486,6 +1487,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
/* Read rings memory locations for TX queues */
pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.txRingBasePA);
size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.txRingSize);
+ if (size > VMXNET3_TX_RING_MAX_SIZE) {
+ size = VMXNET3_TX_RING_MAX_SIZE;
+ }
vmxnet3_ring_init(d, &s->txq_descr[i].tx_ring, pa, size,
sizeof(struct Vmxnet3_TxDesc), false);
@@ -1496,6 +1500,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
/* TXC ring */
pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.compRingBasePA);
size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.compRingSize);
+ if (size > VMXNET3_TC_RING_MAX_SIZE) {
+ size = VMXNET3_TC_RING_MAX_SIZE;
+ }
vmxnet3_ring_init(d, &s->txq_descr[i].comp_ring, pa, size,
sizeof(struct Vmxnet3_TxCompDesc), true);
VMXNET3_RING_DUMP(VMW_CFPRN, "TXC", i, &s->txq_descr[i].comp_ring);
@@ -1537,6 +1544,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
/* RX rings */
pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.rxRingBasePA[j]);
size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.rxRingSize[j]);
+ if (size > VMXNET3_RX_RING_MAX_SIZE) {
+ size = VMXNET3_RX_RING_MAX_SIZE;
+ }
vmxnet3_ring_init(d, &s->rxq_descr[i].rx_ring[j], pa, size,
sizeof(struct Vmxnet3_RxDesc), false);
VMW_CFPRN("RX queue %d:%d: Base: %" PRIx64 ", Size: %d",
@@ -1546,6 +1556,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
/* RXC ring */
pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.compRingBasePA);
size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.compRingSize);
+ if (size > VMXNET3_RC_RING_MAX_SIZE) {
+ size = VMXNET3_RC_RING_MAX_SIZE;
+ }
vmxnet3_ring_init(d, &s->rxq_descr[i].comp_ring, pa, size,
sizeof(struct Vmxnet3_RxCompDesc), true);
VMW_CFPRN("RXC queue %d: Base: %" PRIx64 ", Size: %d", i, pa, size);

View File

@ -1,61 +0,0 @@
From: Igor Mammedov <imammedo@redhat.com>
Date: Fri, 12 Nov 2021 06:08:53 -0500
Subject: pcie: rename 'native-hotplug' to 'x-native-hotplug'
Git-commit: 2aa1842d6d79dcd1b84c58eeb44591a99a9e56df
References: bsc#1192147
Mark property as experimental/internal adding 'x-' prefix.
Property was introduced in 6.1 and it should have provided
ability to turn on native PCIE hotplug on port even when
ACPI PCI hotplug is in use is user explicitly sets property
on CLI. However that never worked since slot is wired to
ACPI hotplug controller.
Another non-intended usecase: disable native hotplug on slot
when APCI based hotplug is disabled, which works but slot has
'hotplug' property for this taks.
It should be relatively safe to rename it to experimental
as no users should exist for it and given that the property
is broken we don't really want to leave it around for much
longer lest users start using it.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Ani Sinha <ani@anisinha.ca>
Message-Id: <20211112110857.3116853-2-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Lin Ma <lma@suse.com>
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
---
hw/i386/pc_q35.c | 2 +-
hw/pci/pcie_port.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 04b4a4788d75bbed294c01174a87..9070544a903d08117d4a14bf70b0 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -243,7 +243,7 @@ static void pc_q35_init(MachineState *machine)
NULL);
if (acpi_pcihp) {
- object_register_sugar_prop(TYPE_PCIE_SLOT, "native-hotplug",
+ object_register_sugar_prop(TYPE_PCIE_SLOT, "x-native-hotplug",
"false", true);
}
diff --git a/hw/pci/pcie_port.c b/hw/pci/pcie_port.c
index da850e8dde7c8f86b4004a54e561..e95c1e5519ce89f5b41682869ebe 100644
--- a/hw/pci/pcie_port.c
+++ b/hw/pci/pcie_port.c
@@ -148,7 +148,7 @@ static Property pcie_slot_props[] = {
DEFINE_PROP_UINT8("chassis", PCIESlot, chassis, 0),
DEFINE_PROP_UINT16("slot", PCIESlot, slot, 0),
DEFINE_PROP_BOOL("hotplug", PCIESlot, hotplug, true),
- DEFINE_PROP_BOOL("native-hotplug", PCIESlot, native_hotplug, true),
+ DEFINE_PROP_BOOL("x-native-hotplug", PCIESlot, native_hotplug, true),
DEFINE_PROP_END_OF_LIST()
};

View File

@ -1,71 +0,0 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 11 Aug 2021 12:05:50 +0200
Subject: plugins: do not limit exported symbols if modules are active
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: b906acace2d4f68b6ff8de73739a773cc4851436
On Mac --enable-modules and --enable-plugins are currently incompatible, because the
Apple -Wl,-exported_symbols_list command line options prevents the export of any
symbols needed by the modules. On x86 -Wl,--dynamic-list does not have this effect,
but only because the -Wl,--export-dynamic option provided by gmodule-2.0.pc overrides
it. On Apple there is no -Wl,--export-dynamic, because it is the default, and thus
no override.
Either way, when modules are active there is no reason to include the plugin_ldflags.
While at it, avoid the useless -Wl,--export-dynamic when --enable-plugins is
specified but --enable-modules is not; this way, the GNU and Apple configurations
are more similar.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/516
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AJB: fix noexport to no-export]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210811100550.54714-1-pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
configure | 5 ++---
plugins/meson.build | 14 ++++++++------
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/configure b/configure
index 26368a637f85c0667fa627f7cbd6..8b90f02927f3ea161be9af7a0e3f 100755
--- a/configure
+++ b/configure
@@ -3187,9 +3187,8 @@ glib_req_ver=2.56
glib_modules=gthread-2.0
if test "$modules" = yes; then
glib_modules="$glib_modules gmodule-export-2.0"
-fi
-if test "$plugins" = "yes"; then
- glib_modules="$glib_modules gmodule-2.0"
+elif test "$plugins" = "yes"; then
+ glib_modules="$glib_modules gmodule-no-export-2.0"
fi
for i in $glib_modules; do
diff --git a/plugins/meson.build b/plugins/meson.build
index e77723010e6ebbed7b4cdaca6207..bfd5c9822a68d001a0a333a130d8 100644
--- a/plugins/meson.build
+++ b/plugins/meson.build
@@ -1,9 +1,11 @@
-if 'CONFIG_HAS_LD_DYNAMIC_LIST' in config_host
- plugin_ldflags = ['-Wl,--dynamic-list=' + (meson.build_root() / 'qemu-plugins-ld.symbols')]
-elif 'CONFIG_HAS_LD_EXPORTED_SYMBOLS_LIST' in config_host
- plugin_ldflags = ['-Wl,-exported_symbols_list,' + (meson.build_root() / 'qemu-plugins-ld64.symbols')]
-else
- plugin_ldflags = []
+plugin_ldflags = []
+# Modules need more symbols than just those in plugins/qemu-plugins.symbols
+if not enable_modules
+ if 'CONFIG_HAS_LD_DYNAMIC_LIST' in config_host
+ plugin_ldflags = ['-Wl,--dynamic-list=' + (meson.build_root() / 'qemu-plugins-ld.symbols')]
+ elif 'CONFIG_HAS_LD_EXPORTED_SYMBOLS_LIST' in config_host
+ plugin_ldflags = ['-Wl,-exported_symbols_list,' + (meson.build_root() / 'qemu-plugins-ld64.symbols')]
+ endif
endif
specific_ss.add(when: 'CONFIG_PLUGIN', if_true: [files(

View File

@ -1,32 +0,0 @@
From: Mahmoud Mandour <ma.mandourr@gmail.com>
Date: Fri, 6 Aug 2021 15:10:12 +0100
Subject: plugins/execlog: removed unintended "s" at the end of log lines.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: b40310616d2bd550279dd22b05483c3c613a00ff
Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210803151428.125323-1-ma.mandourr@gmail.com>
Message-Id: <20210806141015.2487502-2-alex.bennee@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
contrib/plugins/execlog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/contrib/plugins/execlog.c b/contrib/plugins/execlog.c
index 2de9f0d7d4d46446f7e1dd6b32b0..a5275dcc15c221b0967106629a21 100644
--- a/contrib/plugins/execlog.c
+++ b/contrib/plugins/execlog.c
@@ -67,7 +67,7 @@ static void vcpu_insn_exec(unsigned int cpu_index, void *udata)
/* Print previous instruction in cache */
if (s->len) {
qemu_plugin_outs(s->str);
- qemu_plugin_outs("s\n");
+ qemu_plugin_outs("\n");
}
/* Store new instruction in cache */

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eebc089db3414bbeedf1e464beda0a7515aad30f73261abc246c9b27503a3c96
size 111258808

Binary file not shown.

3
qemu-6.2.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:68e15d8e45ac56326e0b9a4afa8b49a3dfe8aba3488221d098c84698bca65b45
size 115667324

BIN
qemu-6.2.0.tar.xz.sig Normal file

Binary file not shown.

View File

@ -11,10 +11,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 3 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ccd3892b2df7ab1261d6c736afef..4a66b6b0072fbeba0629bf93be29 100644
index f1cfcc81048695222abc0a0f546d..5da0c1e2be709e7fcbbe34235813 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9363,6 +9363,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
@@ -9527,6 +9527,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
{
struct timeval tv;
struct timezone tz;

View File

@ -13,10 +13,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 4a66b6b0072fbeba0629bf93be29..6c1daf5addf0c8b746a7aafddbf7 100644
index 5da0c1e2be709e7fcbbe34235813..ad8e36a3e6e37a5cec02dd867776 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5688,8 +5688,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
@@ -5699,8 +5699,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
ie = ioctl_entries;
for(;;) {
if (ie->target_cmd == 0) {

View File

@ -16,10 +16,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 8 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 6c1daf5addf0c8b746a7aafddbf7..7771dede6384e061b9ad10a2b0c2 100644
index ad8e36a3e6e37a5cec02dd867776..0a1d99cb44d168d561de4c42e132 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5733,6 +5733,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
@@ -5744,6 +5744,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
arg_type++;
target_size = thunk_type_size(arg_type, 0);
switch(ie->access) {
@ -33,7 +33,7 @@ index 6c1daf5addf0c8b746a7aafddbf7..7771dede6384e061b9ad10a2b0c2 100644
case IOC_R:
ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
if (!is_error(ret)) {
@@ -5751,6 +5758,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
@@ -5762,6 +5769,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
unlock_user(argptr, arg, 0);
ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
break;

View File

@ -1,112 +0,0 @@
From: Nir Soffer <nirsof@gmail.com>
Date: Fri, 13 Aug 2021 23:55:19 +0300
Subject: qemu-nbd: Change default cache mode to writeback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 09615257058a0ae87b837bb041f56f7312d9ead8
Both qemu and qemu-img use writeback cache mode by default, which is
already documented in qemu(1). qemu-nbd uses writethrough cache mode by
default, and the default cache mode is not documented.
According to the qemu-nbd(8):
--cache=CACHE
The cache mode to be used with the file. See the
documentation of the emulator's -drive cache=... option for
allowed values.
qemu(1) says:
The default mode is cache=writeback.
So users have no reason to assume that qemu-nbd is using writethough
cache mode. The only hint is the painfully slow writing when using the
defaults.
Looking in git history, it seems that qemu used writethrough in the past
to support broken guests that did not flush data properly, or could not
flush due to limitations in qemu. But qemu-nbd clients can use
NBD_CMD_FLUSH to flush data, so using writethrough does not help anyone.
Change the default cache mode to writback, and document the default and
available values properly in the online help and manual.
With this change converting image via qemu-nbd is 3.5 times faster.
$ qemu-img create dst.img 50g
$ qemu-nbd -t -f raw -k /tmp/nbd.sock dst.img
Before this change:
$ hyperfine -r3 "./qemu-img convert -p -f raw -O raw -T none -W fedora34.img nbd+unix:///?socket=/tmp/nbd.sock"
Benchmark #1: ./qemu-img convert -p -f raw -O raw -T none -W fedora34.img nbd+unix:///?socket=/tmp/nbd.sock
Time (mean ± σ): 83.639 s ± 5.970 s [User: 2.733 s, System: 6.112 s]
Range (min … max): 76.749 s … 87.245 s 3 runs
After this change:
$ hyperfine -r3 "./qemu-img convert -p -f raw -O raw -T none -W fedora34.img nbd+unix:///?socket=/tmp/nbd.sock"
Benchmark #1: ./qemu-img convert -p -f raw -O raw -T none -W fedora34.img nbd+unix:///?socket=/tmp/nbd.sock
Time (mean ± σ): 23.522 s ± 0.433 s [User: 2.083 s, System: 5.475 s]
Range (min … max): 23.234 s … 24.019 s 3 runs
Users can avoid the issue by using --cache=writeback[1] but the defaults
should give good performance for the common use case.
[1] https://bugzilla.redhat.com/1990656
Signed-off-by: Nir Soffer <nsoffer@redhat.com>
Message-Id: <20210813205519.50518-1-nsoffer@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
CC: qemu-stable@nongnu.org
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Li Zhang <li.zhang@suse.com>
---
docs/tools/qemu-nbd.rst | 6 ++++--
qemu-nbd.c | 6 ++++--
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/docs/tools/qemu-nbd.rst b/docs/tools/qemu-nbd.rst
index ee862fa0bc02667bb67f99447b23..5643da26e98241c1fa0969b90b2c 100644
--- a/docs/tools/qemu-nbd.rst
+++ b/docs/tools/qemu-nbd.rst
@@ -98,8 +98,10 @@ driver options if ``--image-opts`` is specified.
.. option:: --cache=CACHE
- The cache mode to be used with the file. See the documentation of
- the emulator's ``-drive cache=...`` option for allowed values.
+ The cache mode to be used with the file. Valid values are:
+ ``none``, ``writeback`` (the default), ``writethrough``,
+ ``directsync`` and ``unsafe``. See the documentation of
+ the emulator's ``-drive cache=...`` option for more info.
.. option:: -n, --nocache
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 26ffbf15af0a755dddc99e27c876..6c18fcd19a07b7194a5c2defdc73 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -135,7 +135,9 @@ static void usage(const char *name)
" 'snapshot.id=[ID],snapshot.name=[NAME]', or\n"
" '[ID_OR_NAME]'\n"
" -n, --nocache disable host cache\n"
-" --cache=MODE set cache mode (none, writeback, ...)\n"
+" --cache=MODE set cache mode used to access the disk image, the\n"
+" valid options are: 'none', 'writeback' (default),\n"
+" 'writethrough', 'directsync' and 'unsafe'\n"
" --aio=MODE set AIO mode (native, io_uring or threads)\n"
" --discard=MODE set discard mode (ignore, unmap)\n"
" --detect-zeroes=MODE set detect-zeroes mode (off, on, unmap)\n"
@@ -552,7 +554,7 @@ int main(int argc, char **argv)
bool alloc_depth = false;
const char *tlscredsid = NULL;
bool imageOpts = false;
- bool writethrough = true;
+ bool writethrough = false; /* Client will flush as needed. */
bool fork_process = false;
bool list = false;
int old_stderr = -1;

View File

@ -1,83 +0,0 @@
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Wed, 1 Sep 2021 16:16:24 +0300
Subject: qemu-sockets: fix unix socket path copy (again)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 118d527f2e4baec5fe8060b22a6212468b8e4d3f
Commit 4cfd970ec188558daa6214f26203fe553fb1e01f added an
assert which ensures the path within an address of a unix
socket returned from the kernel is at least one byte and
does not exceed sun_path buffer. Both of this constraints
are wrong:
A unix socket can be unnamed, in this case the path is
completely empty (not even \0)
And some implementations (notable linux) can add extra
trailing byte (\0) _after_ the sun_path buffer if we
passed buffer larger than it (and we do).
So remove the assertion (since it causes real-life breakage)
but at the same time fix the usage of sun_path. Namely,
we should not access sun_path[0] if kernel did not return
it at all (this is the case for unnamed sockets),
and use the returned salen when copyig actual path as an
upper constraint for the amount of bytes to copy - this
will ensure we wont exceed the information provided by
the kernel, regardless whenever there is a trailing \0
or not. This also helps with unnamed sockets.
Note the case of abstract socket, the sun_path is actually
a blob and can contain \0 characters, - it should not be
passed to g_strndup and the like, it should be accessed by
memcpy-like functions.
Fixes: 4cfd970ec188558daa6214f26203fe553fb1e01f
Fixes: http://bugs.debian.org/993145
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
CC: qemu-stable@nongnu.org
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
util/qemu-sockets.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index f2f3676d1f71d1cdd6acb6c4b3b9..c5043999e9d47116a89511d82b23 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -1345,25 +1345,22 @@ socket_sockaddr_to_address_unix(struct sockaddr_storage *sa,
SocketAddress *addr;
struct sockaddr_un *su = (struct sockaddr_un *)sa;
- assert(salen >= sizeof(su->sun_family) + 1 &&
- salen <= sizeof(struct sockaddr_un));
-
addr = g_new0(SocketAddress, 1);
addr->type = SOCKET_ADDRESS_TYPE_UNIX;
+ salen -= offsetof(struct sockaddr_un, sun_path);
#ifdef CONFIG_LINUX
- if (!su->sun_path[0]) {
+ if (salen > 0 && !su->sun_path[0]) {
/* Linux abstract socket */
- addr->u.q_unix.path = g_strndup(su->sun_path + 1,
- salen - sizeof(su->sun_family) - 1);
+ addr->u.q_unix.path = g_strndup(su->sun_path + 1, salen - 1);
addr->u.q_unix.has_abstract = true;
addr->u.q_unix.abstract = true;
addr->u.q_unix.has_tight = true;
- addr->u.q_unix.tight = salen < sizeof(*su);
+ addr->u.q_unix.tight = salen < sizeof(su->sun_path);
return addr;
}
#endif
- addr->u.q_unix.path = g_strndup(su->sun_path, sizeof(su->sun_path));
+ addr->u.q_unix.path = g_strndup(su->sun_path, salen);
return addr;
}
#endif /* WIN32 */

View File

@ -1,3 +1,84 @@
-------------------------------------------------------------------
Thu Dec 16 21:54:06 UTC 2021 - Li Zhang <li.zhang@suse.com>
- Add an audio-oss sub-package
-------------------------------------------------------------------
Thu Dec 16 21:44:17 UTC 2021 - Dario Faggioli <dfaggioli@suse.com>
- Add some new (mostly documentation) files in the package
-------------------------------------------------------------------
Thu Dec 16 18:14:26 UTC 2021 - Li Zhang <li.zhang@suse.com>
- Remove option --audio-drv-list because audio is detected by
meson automatically in latest version.
-------------------------------------------------------------------
Thu Dec 16 17:59:41 UTC 2021 - Li Zhang <li.zhang@suse.com>
- Remove options --disable-jemalloc and --disable-tcmalloc
which are changed in v6.2.0.
-------------------------------------------------------------------
Thu Dec 16 16:32:27 UTC 2021 - Dario Faggioli <dfaggioli@suse.com>
- Update to v 6.2.0. For full release notese, see:
* https://wiki.qemu.org/ChangeLog/6.2.
Be sure to also check the following pages:
* https://qemu-project.gitlab.io/qemu/about/removed-features.html
* https://qemu-project.gitlab.io/qemu/about/deprecated.html
Some notable changes:
* virtio-mem: guest memory dumps are now fully supported, along
with pre-copy/post-copy migration and background guest snapshots
* QMP: support for nw DEVICE_UNPLUG_GUEST_ERROR to detect
guest-reported hotplug failures
* TCG: improvements to TCG plugin argument syntax, and multi-core
support for cache plugin
* 68k: improved support for Apples NuBus, including ability to
load declaration ROMs, and slot IRQ support
* ARM: macOS hosts with Apple Silicon CPUs now support hvf
accelerator for AArch64 guests
* ARM: emulation support for Fujitsu A64FX processor model
* ARM: emulation support for kudo-mbc machine type
* ARM: M-profile MVE extension is now supported for Cortex-M55
* ARM: virt machine now supports an emulated ITS (Interrupt
Translation Service) and supports more than 123 CPUs in
emulation mode
* ARM: xlnx-zcu102 and xlnx-versal-virt machines now support
BBRAM and eFUSE devices
* PowerPC: improved POWER10 support for the powernv machine type
* PowerPC: initial support for POWER10 DD2.0 CPU model
* PowerPC: support for FORM2 PAPR NUMA descriptions for pseries machine type
* RISC-V: support for Zb[abcs] instruction set extensions
* RISC-V: support for vhost-user and numa mem options across all boards
* RISC-V: SiFive PWM support
* x86: support for new Snowridge-v4 CPU model
* x86: guest support for Intel SGX
* x86: AMD SEV guests now support measurement of kernel binary when doing
direct kernel boot (not using a bootloader)
* Patches dropped:
9pfs-fix-crash-in-v9fs_walk.patch
block-introduce-max_hw_iov-for-use-in-sc.patch
hmp-Unbreak-change-vnc.patch
hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
hw-i386-acpi-build-Deny-control-on-PCIe-.patch
i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
net-vmxnet3-validate-configuration-value.patch
pcie-rename-native-hotplug-to-x-native-h.patch
plugins-do-not-limit-exported-symbols-if.patch
plugins-execlog-removed-unintended-s-at-.patch
qemu-nbd-Change-default-cache-mode-to-wr.patch
qemu-sockets-fix-unix-socket-path-copy-a.patch
target-arm-Don-t-skip-M-profile-reset-en.patch
target-i386-add-missing-bits-to-CR4_RESE.patch
tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
uas-add-stream-number-sanity-checks.patch
vhost-vsock-fix-migration-issue-when-seq.patch
virtio-balloon-don-t-start-free-page-hin.patch
virtio-mem-pci-Fix-memory-leak-when-crea.patch
virtio-net-fix-use-after-unmap-free-for-.patch
-------------------------------------------------------------------
Tue Dec 14 19:16:51 UTC 2021 - Dario Faggioli <dfaggioli@suse.com>

215
qemu.spec
View File

@ -93,9 +93,9 @@
%bcond_with system_membarrier
%define qemuver 6.1.0
%define srcver 6.1.0
%define sbver 1.14.0_0_g155821a
%define qemuver 6.2.0
%define srcver 6.2.0
%define sbver 1.15.0_0_g2dd4b9b
%define srcname qemu
Name: qemu%{name_suffix}
URL: https://www.qemu.org/
@ -132,74 +132,54 @@ Source303: README.PACKAGING
# This patch queue is auto-generated - see README.PACKAGING for process
# Patches applied in base project:
Patch00000: net-vmxnet3-validate-configuration-value.patch
Patch00001: XXX-dont-dump-core-on-sigabort.patch
Patch00002: qemu-binfmt-conf-Modify-default-path.patch
Patch00003: qemu-cvs-gettimeofday.patch
Patch00004: qemu-cvs-ioctl_debug.patch
Patch00005: qemu-cvs-ioctl_nodirection.patch
Patch00006: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00007: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00008: linux-user-binfmt-support-host-binaries.patch
Patch00009: linux-user-Fake-proc-cpuinfo.patch
Patch00010: linux-user-use-target_ulong.patch
Patch00011: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00012: linux-user-lseek-explicitly-cast-non-set.patch
Patch00013: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00014: xen_disk-Add-suse-specific-flush-disable.patch
Patch00015: qemu-bridge-helper-reduce-security-profi.patch
Patch00016: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00017: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00018: Raise-soft-address-space-limit-to-hard-l.patch
Patch00019: increase-x86_64-physical-bits-to-42.patch
Patch00020: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00021: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00022: Make-installed-scripts-explicitly-python.patch
Patch00023: hw-smbios-handle-both-file-formats-regar.patch
Patch00024: xen-add-block-resize-support-for-xen-dis.patch
Patch00025: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00026: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00027: xen-ignore-live-parameter-from-xen-save-.patch
Patch00028: tests-change-error-message-in-test-162.patch
Patch00029: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00030: configure-only-populate-roms-if-softmmu.patch
Patch00031: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00032: roms-change-cross-compiler-naming-to-be-.patch
Patch00033: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00034: configure-remove-pkgversion-from-CONFIG_.patch
Patch00035: Revert-qht-constify-qht_statistics_init.patch
Patch00036: qht-Revert-some-constification-in-qht.c.patch
Patch00037: meson-install-ivshmem-client-and-ivshmem.patch
Patch00038: Revert-roms-efirom-tests-uefi-test-tools.patch
Patch00039: Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Patch00040: roms-Makefile-add-cross-file-to-qboot-me.patch
Patch00041: usb-Help-compiler-out-to-avoid-a-warning.patch
Patch00042: qom-handle-case-of-chardev-spice-module-.patch
Patch00043: doc-add-our-support-doc-to-the-main-proj.patch
Patch00044: Revert-qemu-img-Improve-error-for-rebase.patch
Patch00045: Revert-qemu-img-Require-F-with-b-backing.patch
Patch00046: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
Patch00047: i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
Patch00048: plugins-execlog-removed-unintended-s-at-.patch
Patch00049: plugins-do-not-limit-exported-symbols-if.patch
Patch00050: 9pfs-fix-crash-in-v9fs_walk.patch
Patch00051: virtio-balloon-don-t-start-free-page-hin.patch
Patch00052: qemu-sockets-fix-unix-socket-path-copy-a.patch
Patch00053: target-i386-add-missing-bits-to-CR4_RESE.patch
Patch00054: qemu-binfmt-conf.sh-should-use-F-as-shor.patch
Patch00055: modules-quick-fix-a-fundamental-error-in.patch
Patch00056: virtio-net-fix-use-after-unmap-free-for-.patch
Patch00057: target-arm-Don-t-skip-M-profile-reset-en.patch
Patch00058: hmp-Unbreak-change-vnc.patch
Patch00059: qemu-nbd-Change-default-cache-mode-to-wr.patch
Patch00060: virtio-mem-pci-Fix-memory-leak-when-crea.patch
Patch00061: vhost-vsock-fix-migration-issue-when-seq.patch
Patch00062: block-introduce-max_hw_iov-for-use-in-sc.patch
Patch00063: uas-add-stream-number-sanity-checks.patch
Patch00064: qemu-binfmt-conf.sh-allow-overriding-SUS.patch
Patch00065: pcie-rename-native-hotplug-to-x-native-h.patch
Patch00066: hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
Patch00067: hw-i386-acpi-build-Deny-control-on-PCIe-.patch
Patch00000: XXX-dont-dump-core-on-sigabort.patch
Patch00001: qemu-binfmt-conf-Modify-default-path.patch
Patch00002: qemu-cvs-gettimeofday.patch
Patch00003: qemu-cvs-ioctl_debug.patch
Patch00004: qemu-cvs-ioctl_nodirection.patch
Patch00005: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00006: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00007: linux-user-binfmt-support-host-binaries.patch
Patch00008: linux-user-Fake-proc-cpuinfo.patch
Patch00009: linux-user-use-target_ulong.patch
Patch00010: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00011: linux-user-lseek-explicitly-cast-non-set.patch
Patch00012: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00013: xen_disk-Add-suse-specific-flush-disable.patch
Patch00014: qemu-bridge-helper-reduce-security-profi.patch
Patch00015: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00016: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00017: Raise-soft-address-space-limit-to-hard-l.patch
Patch00018: increase-x86_64-physical-bits-to-42.patch
Patch00019: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00020: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00021: Make-installed-scripts-explicitly-python.patch
Patch00022: hw-smbios-handle-both-file-formats-regar.patch
Patch00023: xen-add-block-resize-support-for-xen-dis.patch
Patch00024: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00025: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00026: xen-ignore-live-parameter-from-xen-save-.patch
Patch00027: tests-change-error-message-in-test-162.patch
Patch00028: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00029: configure-only-populate-roms-if-softmmu.patch
Patch00030: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00031: roms-change-cross-compiler-naming-to-be-.patch
Patch00032: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00033: configure-remove-pkgversion-from-CONFIG_.patch
Patch00034: Revert-qht-constify-qht_statistics_init.patch
Patch00035: qht-Revert-some-constification-in-qht.c.patch
Patch00036: meson-install-ivshmem-client-and-ivshmem.patch
Patch00037: Revert-roms-efirom-tests-uefi-test-tools.patch
Patch00038: Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Patch00039: roms-Makefile-add-cross-file-to-qboot-me.patch
Patch00040: usb-Help-compiler-out-to-avoid-a-warning.patch
Patch00041: qom-handle-case-of-chardev-spice-module-.patch
Patch00042: doc-add-our-support-doc-to-the-main-proj.patch
Patch00043: Revert-qemu-img-Improve-error-for-rebase.patch
Patch00044: Revert-qemu-img-Require-F-with-b-backing.patch
Patch00045: qemu-binfmt-conf.sh-should-use-F-as-shor.patch
Patch00046: modules-quick-fix-a-fundamental-error-in.patch
Patch00047: qemu-binfmt-conf.sh-allow-overriding-SUS.patch
# Patches applied in roms/seabios/:
Patch01000: seabios-use-python2-explicitly-as-needed.patch
Patch01001: seabios-switch-to-python3-as-needed.patch
@ -594,6 +574,16 @@ Requires: qemu-ui-spice-core
%description audio-spice
This package contains a module for Spice based audio support for QEMU.
%package audio-oss
Summary: OSS based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-oss
This package contains a module for OSS based audio support for QEMU.
%package block-curl
Summary: cURL block support for QEMU
Group: System/Emulators/PC
@ -1030,6 +1020,7 @@ BuildRequires: bc
BuildRequires: qemu-arm = %{qemuver}
BuildRequires: qemu-audio-alsa = %{qemuver}
BuildRequires: qemu-audio-jack = %{qemuver}
BuildRequires: qemu-audio-oss = %{qemuver}
BuildRequires: qemu-audio-pa = %{qemuver}
BuildRequires: qemu-audio-spice = %{qemuver}
BuildRequires: qemu-block-curl = %{qemuver}
@ -1121,41 +1112,21 @@ This package records qemu testsuite results and represents successful testing.
%patch00036 -p1
%patch00037 -p1
%patch00038 -p1
%patch00039 -p1
%ifarch aarch64
%patch00040 -p1
%patch00039 -p1
%endif
%ifarch %arm %ix86 ppc
%patch00040 -p1
%endif
%patch00041 -p1
%endif
%patch00042 -p1
%if %{legacy_qemu_kvm}
%patch00043 -p1
%patch00042 -p1
%endif
%patch00043 -p1
%patch00044 -p1
%patch00045 -p1
%patch00046 -p1
%patch00047 -p1
%patch00048 -p1
%patch00049 -p1
%patch00050 -p1
%patch00051 -p1
%patch00052 -p1
%patch00053 -p1
%patch00054 -p1
%patch00055 -p1
%patch00056 -p1
%patch00057 -p1
%patch00058 -p1
%patch00059 -p1
%patch00060 -p1
%patch00061 -p1
%patch00062 -p1
%patch00063 -p1
%patch00064 -p1
%patch00065 -p1
%patch00066 -p1
%patch00067 -p1
%patch01000 -p1
%patch01001 -p1
%patch01002 -p1
@ -1190,7 +1161,7 @@ opensbi-riscv64-generic-fw_dynamic.elf}
%define s390x_default_firmware {s390-ccw.img s390-netboot.img}
%define s390x_extra_firmware {%nil}
%define x86_default_firmware {linuxboot.bin linuxboot_dma.bin multiboot.bin \
kvmvapic.bin pvh.bin}
multiboot_dma.bin kvmvapic.bin pvh.bin}
%define x86_extra_firmware {bios.bin bios-256k.bin bios-microvm.bin qboot.rom \
pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom pxe-pcnet.rom pxe-rtl8139.rom \
pxe-virtio.rom sgabios.bin vgabios-ati.bin vgabios-bochs-display.bin \
@ -1317,7 +1288,6 @@ cd %blddir
--enable-slirp=system \
--enable-pie \
--enable-docs \
--audio-drv-list="pa alsa jack" \
--enable-attr \
--disable-auth-pam \
--enable-bochs \
@ -1340,7 +1310,6 @@ cd %blddir
--disable-hax \
--disable-hvf \
--enable-iconv \
--disable-jemalloc \
%if %{kvm_available}
--enable-kvm \
%else
@ -1404,7 +1373,6 @@ cd %blddir
--enable-smartcard \
--enable-snappy \
--enable-spice \
--disable-tcmalloc \
--enable-tpm \
--enable-usb-redir \
--enable-vde \
@ -1447,7 +1415,6 @@ cd %blddir
--disable-modules \
--disable-pie \
--disable-docs \
--audio-drv-list="" \
--disable-blobs \
--disable-bochs \
--disable-capstone \
@ -1969,6 +1936,9 @@ fi
%dir %_docdir/%name/tools
%dir %_docdir/%name/user
%_docdir/%name/.buildinfo
%if %{legacy_qemu_kvm}
%_docdir/%name/supported.html
%endif
%_docdir/%name/about/build-platforms.html
%_docdir/%name/about/deprecated.html
%_docdir/%name/about/index.html
@ -1990,55 +1960,62 @@ fi
%_docdir/%name/devel/kconfig.html
%_docdir/%name/devel/loads-stores.html
%_docdir/%name/devel/memory.html
%_docdir/%name/devel/migration.html
%_docdir/%name/devel/modules.html
%_docdir/%name/devel/multi-process.html
%_docdir/%name/devel/migration.html
%_docdir/%name/devel/multi-thread-tcg.html
%_docdir/%name/devel/qapi-code-gen.html
%_docdir/%name/devel/qom.html
%_docdir/%name/devel/qgraph.html
%_docdir/%name/devel/qom.html
%_docdir/%name/devel/qtest.html
%_docdir/%name/devel/reset.html
%_docdir/%name/devel/s390-dasd-ipl.html
%_docdir/%name/devel/secure-coding-practices.html
%_docdir/%name/devel/stable-process.html
%_docdir/%name/devel/style.html
%_docdir/%name/devel/submitting-a-patch.html
%_docdir/%name/devel/submitting-a-patch.html
%_docdir/%name/devel/submitting-a-pull-request.html
%_docdir/%name/devel/submitting-a-pull-request.html
%_docdir/%name/devel/tcg-icount.html
%_docdir/%name/devel/tcg-plugins.html
%_docdir/%name/devel/tcg.html
%_docdir/%name/devel/testing.html
%_docdir/%name/devel/tracing.html
%_docdir/%name/devel/trivial-patches.html
%_docdir/%name/devel/trivial-patches.html
%_docdir/%name/devel/ui.html
%_docdir/%name/devel/vfio-migration.html
%_docdir/%name/devel/writing-qmp-commands.html
%_docdir/%name/devel/writing-monitor-commands.html
%_docdir/%name/genindex.html
%_docdir/%name/index.html
%_docdir/%name/interop/barrier.html
%_docdir/%name/interop/bitmaps.html
%_docdir/%name/interop/dbus.html
%_docdir/%name/interop/dbus-vmstate.html
%_docdir/%name/interop/dbus.html
%_docdir/%name/interop/index.html
%_docdir/%name/interop/live-block-operations.html
%_docdir/%name/interop/pr-helper.html
%_docdir/%name/interop/qemu-ga-ref.html
%_docdir/%name/interop/qemu-qmp-ref.html
%_docdir/%name/interop/qemu-storage-daemon-qmp-ref.html
%_docdir/%name/interop/vhost-user.html
%_docdir/%name/interop/vhost-user-gpu.html
%_docdir/%name/interop/vhost-user.html
%_docdir/%name/interop/vhost-vdpa.html
%_docdir/%name/objects.inv
%_docdir/%name/search.html
%_docdir/%name/searchindex.js
%_docdir/%name/specs/acpi_cpu_hotplug.html
%_docdir/%name/specs/acpi_hest_ghes.html
%_docdir/%name/specs/acpi_hw_reduced_hotplug.html
%_docdir/%name/specs/acpi_mem_hotplug.html
%_docdir/%name/specs/acpi_nvdimm.html
%_docdir/%name/specs/acpi_pci_hotplug.html
%_docdir/%name/specs/index.html
%_docdir/%name/specs/ppc-spapr-numa.html
%_docdir/%name/specs/ppc-spapr-xive.html
%_docdir/%name/specs/ppc-xive.html
%_docdir/%name/specs/tpm.html
%if %{legacy_qemu_kvm}
%_docdir/%name/supported.html
%endif
%_docdir/%name/system/arm/aspeed.html
%_docdir/%name/system/arm/collie.html
%_docdir/%name/system/arm/cpu-features.html
@ -2065,13 +2042,14 @@ fi
%_docdir/%name/system/arm/sabrelite.html
%_docdir/%name/system/arm/sbsa.html
%_docdir/%name/system/arm/stellaris.html
%_docdir/%name/system/arm/stm32.html
%_docdir/%name/system/arm/sx1.html
%_docdir/%name/system/arm/versatile.html
%_docdir/%name/system/arm/vexpress.html
%_docdir/%name/system/arm/virt.html
%_docdir/%name/system/arm/xlnx-versal-virt.html
%_docdir/%name/system/arm/xscale.html
%_docdir/%name/system/arm/stm32.html
%_docdir/%name/system/authz.html
%_docdir/%name/system/barrier.html
%_docdir/%name/system/bootindex.html
%_docdir/%name/system/cpu-hotplug.html
@ -2080,13 +2058,17 @@ fi
%_docdir/%name/system/devices/net.html
%_docdir/%name/system/devices/nvme.html
%_docdir/%name/system/devices/usb.html
%_docdir/%name/system/devices/vhost-user-rng.html
%_docdir/%name/system/devices/vhost-user.html
%_docdir/%name/system/devices/virtio-pmem.html
%_docdir/%name/system/gdb.html
%_docdir/%name/system/generic-loader.html
%_docdir/%name/system/guest-loader.html
%_docdir/%name/system/i386/cpu.html
%_docdir/%name/system/i386/kvm-pv.html
%_docdir/%name/system/i386/microvm.html
%_docdir/%name/system/i386/pc.html
%_docdir/%name/system/i386/sgx.html
%_docdir/%name/system/images.html
%_docdir/%name/system/index.html
%_docdir/%name/system/invocation.html
@ -2108,8 +2090,8 @@ fi
%_docdir/%name/system/qemu-manpage.html
%_docdir/%name/system/quickstart.html
%_docdir/%name/system/riscv/microchip-icicle-kit.html
%_docdir/%name/system/riscv/sifive_u.html
%_docdir/%name/system/riscv/shakti-c.html
%_docdir/%name/system/riscv/sifive_u.html
%_docdir/%name/system/riscv/virt.html
%_docdir/%name/system/s390x/3270.html
%_docdir/%name/system/s390x/bootdevices.html
@ -2117,7 +2099,6 @@ fi
%_docdir/%name/system/s390x/protvirt.html
%_docdir/%name/system/s390x/vfio-ap.html
%_docdir/%name/system/s390x/vfio-ccw.html
%_docdir/%name/system/authz.html
%_docdir/%name/system/secrets.html
%_docdir/%name/system/security.html
%_docdir/%name/system/target-arm.html
@ -2129,8 +2110,8 @@ fi
%_docdir/%name/system/target-riscv.html
%_docdir/%name/system/target-rx.html
%_docdir/%name/system/target-s390x.html
%_docdir/%name/system/target-sparc64.html
%_docdir/%name/system/target-sparc.html
%_docdir/%name/system/target-sparc64.html
%_docdir/%name/system/target-xtensa.html
%_docdir/%name/system/targets.html
%_docdir/%name/system/tls.html
@ -2140,8 +2121,8 @@ fi
%_docdir/%name/tools/qemu-img.html
%_docdir/%name/tools/qemu-nbd.html
%_docdir/%name/tools/qemu-pr-helper.html
%_docdir/%name/tools/qemu-trace-stap.html
%_docdir/%name/tools/qemu-storage-daemon.html
%_docdir/%name/tools/qemu-trace-stap.html
%_docdir/%name/tools/virtfs-proxy-helper.html
%_docdir/%name/tools/virtiofsd.html
%_docdir/%name/user/index.html
@ -2174,6 +2155,7 @@ fi
%_datadir/%name/linuxboot.bin
%_datadir/%name/linuxboot_dma.bin
%_datadir/%name/multiboot.bin
%_datadir/%name/multiboot_dma.bin
%_datadir/%name/pvh.bin
%dir %_docdir/qemu-x86
%_docdir/qemu-x86/supported.txt
@ -2278,6 +2260,11 @@ fi
%dir %_libdir/%name
%_libdir/%name/audio-spice.so
%files audio-oss
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-oss.so
%files block-curl
%defattr(-, root, root)
%dir %_libdir/%name

View File

@ -506,6 +506,16 @@ Requires: qemu-ui-spice-core
%description audio-spice
This package contains a module for Spice based audio support for QEMU.
%package audio-oss
Summary: OSS based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-oss
This package contains a module for OSS based audio support for QEMU.
%package block-curl
Summary: cURL block support for QEMU
Group: System/Emulators/PC
@ -940,6 +950,7 @@ This package provides QTest accelerator for testing QEMU.
%else
BuildRequires: bc
BuildRequires: qemu-arm = %{qemuver}
BuildRequires: qemu-audio-oss = %{qemuver}
BuildRequires: qemu-audio-alsa = %{qemuver}
BuildRequires: qemu-audio-pa = %{qemuver}
BuildRequires: qemu-audio-jack = %{qemuver}
@ -1015,7 +1026,7 @@ opensbi-riscv64-generic-fw_dynamic.elf}
%define s390x_default_firmware {s390-ccw.img s390-netboot.img}
%define s390x_extra_firmware {%nil}
%define x86_default_firmware {linuxboot.bin linuxboot_dma.bin multiboot.bin \
kvmvapic.bin pvh.bin}
multiboot_dma.bin kvmvapic.bin pvh.bin}
%define x86_extra_firmware {bios.bin bios-256k.bin bios-microvm.bin qboot.rom \
pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom pxe-pcnet.rom pxe-rtl8139.rom \
pxe-virtio.rom sgabios.bin vgabios-ati.bin vgabios-bochs-display.bin \
@ -1142,7 +1153,6 @@ cd %blddir
--enable-slirp=system \
--enable-pie \
--enable-docs \
--audio-drv-list="pa alsa jack" \
--enable-attr \
--disable-auth-pam \
--enable-bochs \
@ -1165,7 +1175,6 @@ cd %blddir
--disable-hax \
--disable-hvf \
--enable-iconv \
--disable-jemalloc \
%if %{kvm_available}
--enable-kvm \
%else
@ -1229,7 +1238,6 @@ cd %blddir
--enable-smartcard \
--enable-snappy \
--enable-spice \
--disable-tcmalloc \
--enable-tpm \
--enable-usb-redir \
--enable-vde \
@ -1272,7 +1280,6 @@ cd %blddir
--disable-modules \
--disable-pie \
--disable-docs \
--audio-drv-list="" \
--disable-blobs \
--disable-bochs \
--disable-capstone \
@ -1794,6 +1801,9 @@ fi
%dir %_docdir/%name/tools
%dir %_docdir/%name/user
%_docdir/%name/.buildinfo
%if %{legacy_qemu_kvm}
%_docdir/%name/supported.html
%endif
%_docdir/%name/about/build-platforms.html
%_docdir/%name/about/deprecated.html
%_docdir/%name/about/index.html
@ -1815,55 +1825,62 @@ fi
%_docdir/%name/devel/kconfig.html
%_docdir/%name/devel/loads-stores.html
%_docdir/%name/devel/memory.html
%_docdir/%name/devel/migration.html
%_docdir/%name/devel/modules.html
%_docdir/%name/devel/multi-process.html
%_docdir/%name/devel/migration.html
%_docdir/%name/devel/multi-thread-tcg.html
%_docdir/%name/devel/qapi-code-gen.html
%_docdir/%name/devel/qom.html
%_docdir/%name/devel/qgraph.html
%_docdir/%name/devel/qom.html
%_docdir/%name/devel/qtest.html
%_docdir/%name/devel/reset.html
%_docdir/%name/devel/s390-dasd-ipl.html
%_docdir/%name/devel/secure-coding-practices.html
%_docdir/%name/devel/stable-process.html
%_docdir/%name/devel/style.html
%_docdir/%name/devel/submitting-a-patch.html
%_docdir/%name/devel/submitting-a-patch.html
%_docdir/%name/devel/submitting-a-pull-request.html
%_docdir/%name/devel/submitting-a-pull-request.html
%_docdir/%name/devel/tcg-icount.html
%_docdir/%name/devel/tcg-plugins.html
%_docdir/%name/devel/tcg.html
%_docdir/%name/devel/testing.html
%_docdir/%name/devel/tracing.html
%_docdir/%name/devel/trivial-patches.html
%_docdir/%name/devel/trivial-patches.html
%_docdir/%name/devel/ui.html
%_docdir/%name/devel/vfio-migration.html
%_docdir/%name/devel/writing-qmp-commands.html
%_docdir/%name/devel/writing-monitor-commands.html
%_docdir/%name/genindex.html
%_docdir/%name/index.html
%_docdir/%name/interop/barrier.html
%_docdir/%name/interop/bitmaps.html
%_docdir/%name/interop/dbus.html
%_docdir/%name/interop/dbus-vmstate.html
%_docdir/%name/interop/dbus.html
%_docdir/%name/interop/index.html
%_docdir/%name/interop/live-block-operations.html
%_docdir/%name/interop/pr-helper.html
%_docdir/%name/interop/qemu-ga-ref.html
%_docdir/%name/interop/qemu-qmp-ref.html
%_docdir/%name/interop/qemu-storage-daemon-qmp-ref.html
%_docdir/%name/interop/vhost-user.html
%_docdir/%name/interop/vhost-user-gpu.html
%_docdir/%name/interop/vhost-user.html
%_docdir/%name/interop/vhost-vdpa.html
%_docdir/%name/objects.inv
%_docdir/%name/search.html
%_docdir/%name/searchindex.js
%_docdir/%name/specs/acpi_cpu_hotplug.html
%_docdir/%name/specs/acpi_hest_ghes.html
%_docdir/%name/specs/acpi_hw_reduced_hotplug.html
%_docdir/%name/specs/acpi_mem_hotplug.html
%_docdir/%name/specs/acpi_nvdimm.html
%_docdir/%name/specs/acpi_pci_hotplug.html
%_docdir/%name/specs/index.html
%_docdir/%name/specs/ppc-spapr-numa.html
%_docdir/%name/specs/ppc-spapr-xive.html
%_docdir/%name/specs/ppc-xive.html
%_docdir/%name/specs/tpm.html
%if %{legacy_qemu_kvm}
%_docdir/%name/supported.html
%endif
%_docdir/%name/system/arm/aspeed.html
%_docdir/%name/system/arm/collie.html
%_docdir/%name/system/arm/cpu-features.html
@ -1890,13 +1907,14 @@ fi
%_docdir/%name/system/arm/sabrelite.html
%_docdir/%name/system/arm/sbsa.html
%_docdir/%name/system/arm/stellaris.html
%_docdir/%name/system/arm/stm32.html
%_docdir/%name/system/arm/sx1.html
%_docdir/%name/system/arm/versatile.html
%_docdir/%name/system/arm/vexpress.html
%_docdir/%name/system/arm/virt.html
%_docdir/%name/system/arm/xlnx-versal-virt.html
%_docdir/%name/system/arm/xscale.html
%_docdir/%name/system/arm/stm32.html
%_docdir/%name/system/authz.html
%_docdir/%name/system/barrier.html
%_docdir/%name/system/bootindex.html
%_docdir/%name/system/cpu-hotplug.html
@ -1905,13 +1923,17 @@ fi
%_docdir/%name/system/devices/net.html
%_docdir/%name/system/devices/nvme.html
%_docdir/%name/system/devices/usb.html
%_docdir/%name/system/devices/vhost-user-rng.html
%_docdir/%name/system/devices/vhost-user.html
%_docdir/%name/system/devices/virtio-pmem.html
%_docdir/%name/system/gdb.html
%_docdir/%name/system/generic-loader.html
%_docdir/%name/system/guest-loader.html
%_docdir/%name/system/i386/cpu.html
%_docdir/%name/system/i386/kvm-pv.html
%_docdir/%name/system/i386/microvm.html
%_docdir/%name/system/i386/pc.html
%_docdir/%name/system/i386/sgx.html
%_docdir/%name/system/images.html
%_docdir/%name/system/index.html
%_docdir/%name/system/invocation.html
@ -1933,8 +1955,8 @@ fi
%_docdir/%name/system/qemu-manpage.html
%_docdir/%name/system/quickstart.html
%_docdir/%name/system/riscv/microchip-icicle-kit.html
%_docdir/%name/system/riscv/sifive_u.html
%_docdir/%name/system/riscv/shakti-c.html
%_docdir/%name/system/riscv/sifive_u.html
%_docdir/%name/system/riscv/virt.html
%_docdir/%name/system/s390x/3270.html
%_docdir/%name/system/s390x/bootdevices.html
@ -1942,7 +1964,6 @@ fi
%_docdir/%name/system/s390x/protvirt.html
%_docdir/%name/system/s390x/vfio-ap.html
%_docdir/%name/system/s390x/vfio-ccw.html
%_docdir/%name/system/authz.html
%_docdir/%name/system/secrets.html
%_docdir/%name/system/security.html
%_docdir/%name/system/target-arm.html
@ -1954,8 +1975,8 @@ fi
%_docdir/%name/system/target-riscv.html
%_docdir/%name/system/target-rx.html
%_docdir/%name/system/target-s390x.html
%_docdir/%name/system/target-sparc64.html
%_docdir/%name/system/target-sparc.html
%_docdir/%name/system/target-sparc64.html
%_docdir/%name/system/target-xtensa.html
%_docdir/%name/system/targets.html
%_docdir/%name/system/tls.html
@ -1965,8 +1986,8 @@ fi
%_docdir/%name/tools/qemu-img.html
%_docdir/%name/tools/qemu-nbd.html
%_docdir/%name/tools/qemu-pr-helper.html
%_docdir/%name/tools/qemu-trace-stap.html
%_docdir/%name/tools/qemu-storage-daemon.html
%_docdir/%name/tools/qemu-trace-stap.html
%_docdir/%name/tools/virtfs-proxy-helper.html
%_docdir/%name/tools/virtiofsd.html
%_docdir/%name/user/index.html
@ -1999,6 +2020,7 @@ fi
%_datadir/%name/linuxboot.bin
%_datadir/%name/linuxboot_dma.bin
%_datadir/%name/multiboot.bin
%_datadir/%name/multiboot_dma.bin
%_datadir/%name/pvh.bin
%dir %_docdir/qemu-x86
%_docdir/qemu-x86/supported.txt
@ -2103,6 +2125,11 @@ fi
%dir %_libdir/%name
%_libdir/%name/audio-spice.so
%files audio-oss
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-oss.so
%files block-curl
%defattr(-, root, root)
%dir %_libdir/%name

View File

@ -14,7 +14,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 6 insertions(+)
diff --git a/qom/object.c b/qom/object.c
index e86cb05b84da941a177093811726..18edd2c91ab7d9a790c887fd730e 100644
index 4f0677cca9e494a3eb20d9dabd0c..63ed3d67b61f7c5c67a3ee25e201 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -237,6 +237,12 @@ static bool type_is_ancestor(TypeImpl *type, TypeImpl *target_type)

View File

@ -20,7 +20,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/roms/Makefile b/roms/Makefile
index eeb5970348cd6d28fa4165d25562..38b71afb0757bd717154afd6a92d 100644
index b967b53bb76ee8a94fc9b37e4460..66d06f5831303c3d41e943290389 100644
--- a/roms/Makefile
+++ b/roms/Makefile
@@ -52,6 +52,12 @@ SEABIOS_EXTRAVERSION="-prebuilt.qemu.org"
@ -59,7 +59,7 @@ index eeb5970348cd6d28fa4165d25562..38b71afb0757bd717154afd6a92d 100644
CROSS_COMPILE=$(x86_64_cross_prefix) \
$(patsubst %,bin-x86_64-efi/%.efidrv,$(pxerom_targets))
@@ -150,7 +158,9 @@ edk2-basetools:
@@ -151,7 +159,9 @@ edk2-basetools:
EXTRA_LDFLAGS='$(EDK2_BASETOOLS_LDFLAGS)'
slof:

View File

@ -17,7 +17,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
5 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/roms/seabios/Makefile b/roms/seabios/Makefile
index 87a6ac92e69f23c1ce799d16512a..edb83b7a1c77f7bb75c371330b2c 100644
index 418a0e3649443ee89e8fdad436f5..408983026669e531dcb84230dd23 100644
--- a/roms/seabios/Makefile
+++ b/roms/seabios/Makefile
@@ -22,7 +22,7 @@ LD=$(CROSS_PREFIX)ld
@ -59,7 +59,7 @@ index b8e92a525730442815a0dce78f45..6963847a8b5d3e4bf9340a67afe2 100755
#
# This file may be distributed under the terms of the GNU GPLv3 license.
diff --git a/roms/seabios/scripts/layoutrom.py b/roms/seabios/scripts/layoutrom.py
index 6616721d1b584892074491b292ba..c6d003273990ae66ca62bc36fe07 100755
index abebf0211fa9627cec31cce76b8d..34b3e68f556af124346755e87c58 100755
--- a/roms/seabios/scripts/layoutrom.py
+++ b/roms/seabios/scripts/layoutrom.py
@@ -81,8 +81,8 @@ def fitSections(sections, fillsections):
@ -125,7 +125,7 @@ index 6616721d1b584892074491b292ba..c6d003273990ae66ca62bc36fe07 100755
sys.exit(1)
return 1
@@ -691,7 +691,7 @@ def main():
@@ -695,7 +695,7 @@ def main():
li = doLayout(sections, config, genreloc)
# Exported symbols

View File

@ -14,7 +14,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/roms/seabios/Makefile b/roms/seabios/Makefile
index 3d8943ef5f25afb9c41db84ad2a0..87a6ac92e69f23c1ce799d16512a 100644
index c108f87de7683667d1a0cad6b9e5..418a0e3649443ee89e8fdad436f5 100644
--- a/roms/seabios/Makefile
+++ b/roms/seabios/Makefile
@@ -22,7 +22,7 @@ LD=$(CROSS_PREFIX)ld

View File

@ -1,88 +0,0 @@
From: Peter Maydell <peter.maydell@linaro.org>
Date: Mon, 20 Sep 2021 09:54:33 +0100
Subject: target/arm: Don't skip M-profile reset entirely in user mode
Git-commit: b62ceeaf8096fdbbbfdc6087da0028bc4a4dd77e
Currently all of the M-profile specific code in arm_cpu_reset() is
inside a !defined(CONFIG_USER_ONLY) ifdef block. This is
unintentional: it happened because originally the only
M-profile-specific handling was the setup of the initial SP and PC
from the vector table, which is system-emulation only. But then we
added a lot of other M-profile setup to the same "if (ARM_FEATURE_M)"
code block without noticing that it was all inside a not-user-mode
ifdef. This has generally been harmless, but with the addition of
v8.1M low-overhead-loop support we ran into a problem: the reset of
FPSCR.LTPSIZE to 4 was only being done for system emulation mode, so
if a user-mode guest tried to execute the LE instruction it would
incorrectly take a UsageFault.
Adjust the ifdefs so only the really system-emulation specific parts
are covered. Because this means we now run some reset code that sets
up initial values in the FPCCR and similar FPU related registers,
explicitly set up the registers controlling FPU context handling in
user-emulation mode so that the FPU works by design and not by
chance.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/613
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210914120725.24992-2-peter.maydell@linaro.org
Signed-off-by: Li Zhang <li.zhang@suse.com>
---
target/arm/cpu.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 2866dd765882c87eb773493d04cd..af60c07ca1421558cae5cc2e3128 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -265,12 +265,15 @@ static void arm_cpu_reset(DeviceState *dev)
env->uncached_cpsr = ARM_CPU_MODE_SVC;
}
env->daif = PSTATE_D | PSTATE_A | PSTATE_I | PSTATE_F;
+#endif
if (arm_feature(env, ARM_FEATURE_M)) {
+#ifndef CONFIG_USER_ONLY
uint32_t initial_msp; /* Loaded from 0x0 */
uint32_t initial_pc; /* Loaded from 0x4 */
uint8_t *rom;
uint32_t vecbase;
+#endif
if (cpu_isar_feature(aa32_lob, cpu)) {
/*
@@ -324,6 +327,8 @@ static void arm_cpu_reset(DeviceState *dev)
env->v7m.fpccr[M_REG_S] = R_V7M_FPCCR_ASPEN_MASK |
R_V7M_FPCCR_LSPEN_MASK | R_V7M_FPCCR_S_MASK;
}
+
+#ifndef CONFIG_USER_ONLY
/* Unlike A/R profile, M profile defines the reset LR value */
env->regs[14] = 0xffffffff;
@@ -352,8 +357,22 @@ static void arm_cpu_reset(DeviceState *dev)
env->regs[13] = initial_msp & 0xFFFFFFFC;
env->regs[15] = initial_pc & ~1;
env->thumb = initial_pc & 1;
+#else
+ /*
+ * For user mode we run non-secure and with access to the FPU.
+ * The FPU context is active (ie does not need further setup)
+ * and is owned by non-secure.
+ */
+ env->v7m.secure = false;
+ env->v7m.nsacr = 0xcff;
+ env->v7m.cpacr[M_REG_NS] = 0xf0ffff;
+ env->v7m.fpccr[M_REG_S] &=
+ ~(R_V7M_FPCCR_LSPEN_MASK | R_V7M_FPCCR_S_MASK);
+ env->v7m.control[M_REG_S] |= R_V7M_CONTROL_FPCA_MASK;
+#endif
}
+#ifndef CONFIG_USER_ONLY
/* AArch32 has a hard highvec setting of 0xFFFF0000. If we are currently
* executing as AArch32 then check if highvecs are enabled and
* adjust the PC accordingly.

View File

@ -1,53 +0,0 @@
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Tue, 31 Aug 2021 18:50:33 +0100
Subject: target/i386: add missing bits to CR4_RESERVED_MASK
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 69e3895f9d37ca39536775b13ce63e8c291427ba
Booting Fedora kernels with -cpu max hangs very early in boot. Disabling
the la57 CPUID bit fixes the problem. git bisect traced the regression to
commit 213ff024a2f92020290296cb9dc29c2af3d4a221 (HEAD, refs/bisect/bad)
Author: Lara Lazier <laramglazier@gmail.com>
Date: Wed Jul 21 17:26:50 2021 +0200
target/i386: Added consistency checks for CR4
All MBZ bits in CR4 must be zero. (APM2 15.5)
Added reserved bitmask and added checks in both
helper_vmrun and helper_write_crN.
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210721152651.14683-2-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In this commit CR4_RESERVED_MASK is missing CR4_LA57_MASK and
two others. Adding this lets Fedora kernels boot once again.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20210831175033.175584-1-berrange@redhat.com>
[Removed VMXE/SMXE, matching the commit message. - Paolo]
Fixes: 213ff024a2 ("target/i386: Added consistency checks for CR4", 2021-07-22)
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
target/i386/cpu.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 6c50d3ab4f1d38b4cbaf78c84ac0..21b33fbe2e696dabe06228b20d2e 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -257,6 +257,7 @@ typedef enum X86Seg {
| CR4_DE_MASK | CR4_PSE_MASK | CR4_PAE_MASK \
| CR4_MCE_MASK | CR4_PGE_MASK | CR4_PCE_MASK \
| CR4_OSFXSR_MASK | CR4_OSXMMEXCPT_MASK |CR4_UMIP_MASK \
+ | CR4_LA57_MASK \
| CR4_FSGSBASE_MASK | CR4_PCIDE_MASK | CR4_OSXSAVE_MASK \
| CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK))

View File

@ -1,38 +0,0 @@
From: "Jose R. Ziviani" <jziviani@suse.de>
Date: Wed, 8 Sep 2021 14:06:32 -0300
Subject: tcg/arm: Fix tcg_out_vec_op function signature
Git-commit: 000000000000000000000000000000000000000000
References: bsc#1190211
Commit 5e8892db93 fixed several function signatures but tcg_out_vec_op
for arm is missing. It causes a build error on armv6 and armv7:
tcg-target.c.inc:2718:42: error: argument 5 of type 'const TCGArg *'
{aka 'const unsigned int *'} declared as a pointer [-Werror=array-parameter=]
const TCGArg *args, const int *const_args)
~~~~~~~~~~~~~~^~~~
../tcg/tcg.c:120:41: note: previously declared as an array 'const TCGArg[16]'
{aka 'const unsigned int[16]'}
const TCGArg args[TCG_MAX_OP_ARGS],
~~~~~~~~~~~~~~^~~~
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
tcg/arm/tcg-target.c.inc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 007ceee68e23102ad96dd47e2d02..e5b4f8684106c6e6785a3dd060d6 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -2715,7 +2715,8 @@ static const ARMInsn vec_cmp0_insn[16] = {
static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
unsigned vecl, unsigned vece,
- const TCGArg *args, const int *const_args)
+ const TCGArg args[TCG_MAX_OP_ARGS],
+ const int const_args[TCG_MAX_OP_ARGS])
{
TCGType type = vecl + TCG_TYPE_V64;
unsigned q = vecl;

View File

@ -8,20 +8,22 @@ reliable cpu time. Triple the timeout for each test to help ensure
we don't fail a test because the stars align against us.
Signed-off-by: Bruce Rogers <brogers@suse.com>
[DF: Small tweaks necessary for rebasing on top of 6.2.0]
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
---
tests/qemu-iotests/common.qemu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu
index 0fc52d20d74020a4c4a0d697aaa2..622495201eed12a5fe4734581f84 100644
index 0f1fecc68edfb07633589b0f3c75..b23c4798aa112efee49cf5c9469e 100644
--- a/tests/qemu-iotests/common.qemu
+++ b/tests/qemu-iotests/common.qemu
@@ -85,7 +85,7 @@ _timed_wait_for()
timeout=yes
QEMU_STATUS[$h]=0
- while IFS= read -t ${QEMU_COMM_TIMEOUT} resp <&${QEMU_OUT[$h]}
+ while IFS= read -t $((${QEMU_COMM_TIMEOUT}*3)) resp <&${QEMU_OUT[$h]}
do
if [ -n "$capture_events" ]; then
capture=0
- read_timeout="-t ${QEMU_COMM_TIMEOUT}"
+ read_timeout="-t $((${QEMU_COMM_TIMEOUT}*3))"
if [ -n "${GDB_OPTIONS}" ]; then
read_timeout=
fi

View File

@ -1,61 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 18 Aug 2021 14:05:05 +0200
Subject: uas: add stream number sanity checks.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 13b250b12ad3c59114a6a17d59caf073ce45b33a
References: bsc#1189702 CVE-2021-3713
The device uses the guest-supplied stream number unchecked, which can
lead to guest-triggered out-of-band access to the UASDevice->data3 and
UASDevice->status3 fields. Add the missing checks.
Fixes: CVE-2021-3713
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reported-by: Chen Zhe <chenzhe@huawei.com>
Reported-by: Tan Jingguo <tanjingguo@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210818120505.1258262-2-kraxel@redhat.com>
Signed-off-by: Jose R Ziviani <jose.ziviani@suse.com>
---
hw/usb/dev-uas.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c
index 263056231c794735c29584e821a8..f6309a5ebfdcc84f81945dd04be0 100644
--- a/hw/usb/dev-uas.c
+++ b/hw/usb/dev-uas.c
@@ -840,6 +840,9 @@ static void usb_uas_handle_data(USBDevice *dev, USBPacket *p)
}
break;
case UAS_PIPE_ID_STATUS:
+ if (p->stream > UAS_MAX_STREAMS) {
+ goto err_stream;
+ }
if (p->stream) {
QTAILQ_FOREACH(st, &uas->results, next) {
if (st->stream == p->stream) {
@@ -867,6 +870,9 @@ static void usb_uas_handle_data(USBDevice *dev, USBPacket *p)
break;
case UAS_PIPE_ID_DATA_IN:
case UAS_PIPE_ID_DATA_OUT:
+ if (p->stream > UAS_MAX_STREAMS) {
+ goto err_stream;
+ }
if (p->stream) {
req = usb_uas_find_request(uas, p->stream);
} else {
@@ -902,6 +908,11 @@ static void usb_uas_handle_data(USBDevice *dev, USBPacket *p)
p->status = USB_RET_STALL;
break;
}
+
+err_stream:
+ error_report("%s: invalid stream %d", __func__, p->stream);
+ p->status = USB_RET_STALL;
+ return;
}
static void usb_uas_unrealize(USBDevice *dev)

View File

@ -1,101 +0,0 @@
From: Stefano Garzarella <sgarzare@redhat.com>
Date: Tue, 21 Sep 2021 18:16:41 +0200
Subject: vhost-vsock: fix migration issue when seqpacket is supported
Git-commit: d6a9378f47515c6d70dbff4912c5740c98709880
Commit 1e08fd0a46 ("vhost-vsock: SOCK_SEQPACKET feature bit support")
enabled the SEQPACKET feature bit.
This commit is released with QEMU 6.1, so if we try to migrate a VM where
the host kernel supports SEQPACKET but machine type version is less than
6.1, we get the following errors:
Features 0x130000002 unsupported. Allowed features: 0x179000000
Failed to load virtio-vhost_vsock:virtio
error while loading state for instance 0x0 of device '0000:00:05.0/virtio-vhost_vsock'
load of migration failed: Operation not permitted
Let's disable the feature bit for machine types < 6.1.
We add a new OnOffAuto property for this, called `seqpacket`.
When it is `auto` (default), QEMU behaves as before, trying to enable the
feature, when it is `on` QEMU will fail if the backend (vhost-vsock
kernel module) doesn't support it.
Fixes: 1e08fd0a46 ("vhost-vsock: SOCK_SEQPACKET feature bit support")
Cc: qemu-stable@nongnu.org
Reported-by: Jiang Wang <jiang.wang@bytedance.com>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20210921161642.206461-2-sgarzare@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Li Zhang <li.zhang@suse.com>
---
hw/core/machine.c | 1 +
hw/virtio/vhost-vsock.c | 19 ++++++++++++++++---
include/hw/virtio/vhost-vsock.h | 3 +++
3 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 54e040587dd3526488d1688df535..2cf2f321f9bd50aa3f56e7af08ff 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -43,6 +43,7 @@ GlobalProperty hw_compat_6_0[] = {
{ "nvme-ns", "eui64-default", "off"},
{ "e1000", "init-vet", "off" },
{ "e1000e", "init-vet", "off" },
+ { "vhost-vsock-device", "seqpacket", "off" },
};
const size_t hw_compat_6_0_len = G_N_ELEMENTS(hw_compat_6_0);
diff --git a/hw/virtio/vhost-vsock.c b/hw/virtio/vhost-vsock.c
index 1b1a5c70eded006acf3cd142b6e6..dade0da03147705ede0180dc3039 100644
--- a/hw/virtio/vhost-vsock.c
+++ b/hw/virtio/vhost-vsock.c
@@ -114,10 +114,21 @@ static uint64_t vhost_vsock_get_features(VirtIODevice *vdev,
Error **errp)
{
VHostVSockCommon *vvc = VHOST_VSOCK_COMMON(vdev);
+ VHostVSock *vsock = VHOST_VSOCK(vdev);
+
+ if (vsock->seqpacket != ON_OFF_AUTO_OFF) {
+ virtio_add_feature(&requested_features, VIRTIO_VSOCK_F_SEQPACKET);
+ }
+
+ requested_features = vhost_get_features(&vvc->vhost_dev, feature_bits,
+ requested_features);
+
+ if (vsock->seqpacket == ON_OFF_AUTO_ON &&
+ !virtio_has_feature(requested_features, VIRTIO_VSOCK_F_SEQPACKET)) {
+ error_setg(errp, "vhost-vsock backend doesn't support seqpacket");
+ }
- virtio_add_feature(&requested_features, VIRTIO_VSOCK_F_SEQPACKET);
- return vhost_get_features(&vvc->vhost_dev, feature_bits,
- requested_features);
+ return requested_features;
}
static const VMStateDescription vmstate_virtio_vhost_vsock = {
@@ -218,6 +229,8 @@ static void vhost_vsock_device_unrealize(DeviceState *dev)
static Property vhost_vsock_properties[] = {
DEFINE_PROP_UINT64("guest-cid", VHostVSock, conf.guest_cid, 0),
DEFINE_PROP_STRING("vhostfd", VHostVSock, conf.vhostfd),
+ DEFINE_PROP_ON_OFF_AUTO("seqpacket", VHostVSock, seqpacket,
+ ON_OFF_AUTO_AUTO),
DEFINE_PROP_END_OF_LIST(),
};
diff --git a/include/hw/virtio/vhost-vsock.h b/include/hw/virtio/vhost-vsock.h
index 84f4e727c70fa7a00b68487e22f2..3f121a624f21796947dd1fbe3ed4 100644
--- a/include/hw/virtio/vhost-vsock.h
+++ b/include/hw/virtio/vhost-vsock.h
@@ -30,6 +30,9 @@ struct VHostVSock {
VHostVSockCommon parent;
VHostVSockConf conf;
+ /* features */
+ OnOffAuto seqpacket;
+
/*< public >*/
};

View File

@ -1,111 +0,0 @@
From: David Hildenbrand <david@redhat.com>
Date: Thu, 8 Jul 2021 11:53:38 +0200
Subject: virtio-balloon: don't start free page hinting if postcopy is possible
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: fd51e54fa10221e5a8add894c38cc1cf199f4bc4
Postcopy never worked properly with 'free-page-hint=on', as there are
at least two issues:
1) With postcopy, the guest will never receive a VIRTIO_BALLOON_CMD_ID_DONE
and consequently won't release free pages back to the OS once
migration finishes.
The issue is that for postcopy, we won't do a final bitmap sync while
the guest is stopped on the source and
virtio_balloon_free_page_hint_notify() will only call
virtio_balloon_free_page_done() on the source during
PRECOPY_NOTIFY_CLEANUP, after the VM state was already migrated to
the destination.
2) Once the VM touches a page on the destination that has been excluded
from migration on the source via qemu_guest_free_page_hint() while
postcopy is active, that thread will stall until postcopy finishes
and all threads are woken up. (with older Linux kernels that won't
retry faults when woken up via userfaultfd, we might actually get a
SEGFAULT)
The issue is that the source will refuse to migrate any pages that
are not marked as dirty in the dirty bmap -- for example, because the
page might just have been sent. Consequently, the faulting thread will
stall, waiting for the page to be migrated -- which could take quite
a while and result in guest OS issues.
While we could fix 1) comparatively easily, 2) is harder to get right and
might require more involved RAM migration changes on source and destination
[1].
As it never worked properly, let's not start free page hinting in the
precopy notifier if the postcopy migration capability was enabled to fix
it easily. Capabilities cannot be enabled once migration is already
running.
Note 1: in the future we might either adjust migration code on the source
to track pages that have actually been sent or adjust
migration code on source and destination to eventually send
pages multiple times from the source and and deal with pages
that are sent multiple times on the destination.
Note 2: virtio-mem has similar issues, however, access to "unplugged"
memory by the guest is very rare and we would have to be very
lucky for it to happen during migration. The spec states
"The driver SHOULD NOT read from unplugged memory blocks ..."
and "The driver MUST NOT write to unplugged memory blocks".
virtio-mem will move away from virtio_balloon_free_page_done()
soon and handle this case explicitly on the destination.
[1] https://lkml.kernel.org/r/e79fd18c-aa62-c1d8-c7f3-ba3fc2c25fc8@redhat.com
Fixes: c13c4153f76d ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Cc: qemu-stable@nongnu.org
Cc: Wei Wang <wei.w.wang@intel.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Alexander Duyck <alexander.duyck@gmail.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210708095339.20274-2-david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/virtio/virtio-balloon.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index 4b5d9e5e5037acd592d4bdc645d2..ae7867a8db6e6f6875b656128973 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -30,6 +30,7 @@
#include "trace.h"
#include "qemu/error-report.h"
#include "migration/misc.h"
+#include "migration/migration.h"
#include "hw/virtio/virtio-bus.h"
#include "hw/virtio/virtio-access.h"
@@ -662,6 +663,18 @@ virtio_balloon_free_page_hint_notify(NotifierWithReturn *n, void *data)
return 0;
}
+ /*
+ * Pages hinted via qemu_guest_free_page_hint() are cleared from the dirty
+ * bitmap and will not get migrated, especially also not when the postcopy
+ * destination starts using them and requests migration from the source; the
+ * faulting thread will stall until postcopy migration finishes and
+ * all threads are woken up. Let's not start free page hinting if postcopy
+ * is possible.
+ */
+ if (migrate_postcopy_ram()) {
+ return 0;
+ }
+
switch (pnd->reason) {
case PRECOPY_NOTIFY_BEFORE_BITMAP_SYNC:
virtio_balloon_free_page_stop(dev);

View File

@ -1,39 +0,0 @@
From: David Hildenbrand <david@redhat.com>
Date: Wed, 29 Sep 2021 18:24:43 +0200
Subject: virtio-mem-pci: Fix memory leak when creating
MEMORY_DEVICE_SIZE_CHANGE event
Git-commit: 75b98cb9f6456ccf194211beffcbf93b0a995fa4
Apparently, we don't have to duplicate the string.
Fixes: 722a3c783ef4 ("virtio-pci: Send qapi events when the virtio-mem size changes")
Cc: qemu-stable@nongnu.org
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210929162445.64060-2-david@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Li Zhang <li.zhang@suse.com>
---
hw/virtio/virtio-mem-pci.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/hw/virtio/virtio-mem-pci.c b/hw/virtio/virtio-mem-pci.c
index fa5395cd88577964fba445c68f2d..7e384b7397edf9014c4e81df4ff5 100644
--- a/hw/virtio/virtio-mem-pci.c
+++ b/hw/virtio/virtio-mem-pci.c
@@ -88,13 +88,8 @@ static void virtio_mem_pci_size_change_notify(Notifier *notifier, void *data)
size_change_notifier);
DeviceState *dev = DEVICE(pci_mem);
const uint64_t * const size_p = data;
- const char *id = NULL;
- if (dev->id) {
- id = g_strdup(dev->id);
- }
-
- qapi_event_send_memory_device_size_change(!!id, id, *size_p);
+ qapi_event_send_memory_device_size_change(!!dev->id, dev->id, *size_p);
}
static void virtio_mem_pci_class_init(ObjectClass *klass, void *data)

View File

@ -1,122 +0,0 @@
From: Jason Wang <jasowang@redhat.com>
Date: Thu, 2 Sep 2021 13:44:12 +0800
Subject: virtio-net: fix use after unmap/free for sg
Git-commit: bedd7e93d01961fcb16a97ae45d93acf357e11f6
References: CVE-2021-3748 1189938
When mergeable buffer is enabled, we try to set the num_buffers after
the virtqueue elem has been unmapped. This will lead several issues,
E.g a use after free when the descriptor has an address which belongs
to the non direct access region. In this case we use bounce buffer
that is allocated during address_space_map() and freed during
address_space_unmap().
Fixing this by storing the elems temporarily in an array and delay the
unmap after we set the the num_buffers.
This addresses CVE-2021-3748.
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: fbe78f4f55c6 ("virtio-net support")
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Li Zhang <li.zhang@suse.com>
---
hw/net/virtio-net.c | 39 ++++++++++++++++++++++++++++++++-------
1 file changed, 32 insertions(+), 7 deletions(-)
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 16d20cdee52ad6fbf1fdb4501483..f205331dcf8c31d4a350f68bdd71 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1746,10 +1746,13 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
VirtIONet *n = qemu_get_nic_opaque(nc);
VirtIONetQueue *q = virtio_net_get_subqueue(nc);
VirtIODevice *vdev = VIRTIO_DEVICE(n);
+ VirtQueueElement *elems[VIRTQUEUE_MAX_SIZE];
+ size_t lens[VIRTQUEUE_MAX_SIZE];
struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
struct virtio_net_hdr_mrg_rxbuf mhdr;
unsigned mhdr_cnt = 0;
- size_t offset, i, guest_offset;
+ size_t offset, i, guest_offset, j;
+ ssize_t err;
if (!virtio_net_can_receive(nc)) {
return -1;
@@ -1780,6 +1783,12 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
total = 0;
+ if (i == VIRTQUEUE_MAX_SIZE) {
+ virtio_error(vdev, "virtio-net unexpected long buffer chain");
+ err = size;
+ goto err;
+ }
+
elem = virtqueue_pop(q->rx_vq, sizeof(VirtQueueElement));
if (!elem) {
if (i) {
@@ -1791,7 +1800,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
n->guest_hdr_len, n->host_hdr_len,
vdev->guest_features);
}
- return -1;
+ err = -1;
+ goto err;
}
if (elem->in_num < 1) {
@@ -1799,7 +1809,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
"virtio-net receive queue contains no in buffers");
virtqueue_detach_element(q->rx_vq, elem, 0);
g_free(elem);
- return -1;
+ err = -1;
+ goto err;
}
sg = elem->in_sg;
@@ -1836,12 +1847,13 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
if (!n->mergeable_rx_bufs && offset < size) {
virtqueue_unpop(q->rx_vq, elem, total);
g_free(elem);
- return size;
+ err = size;
+ goto err;
}
- /* signal other side */
- virtqueue_fill(q->rx_vq, elem, total, i++);
- g_free(elem);
+ elems[i] = elem;
+ lens[i] = total;
+ i++;
}
if (mhdr_cnt) {
@@ -1851,10 +1863,23 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
&mhdr.num_buffers, sizeof mhdr.num_buffers);
}
+ for (j = 0; j < i; j++) {
+ /* signal other side */
+ virtqueue_fill(q->rx_vq, elems[j], lens[j], j);
+ g_free(elems[j]);
+ }
+
virtqueue_flush(q->rx_vq, i);
virtio_notify(vdev, q->rx_vq);
return size;
+
+err:
+ for (j = 0; j < i; j++) {
+ g_free(elems[j]);
+ }
+
+ return err;
}
static ssize_t virtio_net_do_receive(NetClientState *nc, const uint8_t *buf,

View File

@ -27,10 +27,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/migration/savevm.c b/migration/savevm.c
index 7b7b64bd13e737618319759cdffb..375ca95caeef4a3ba0d5704ccbcc 100644
index d59e976d50e7c81c20bbf5b930d1..7f7cedddb36dcc536fc242349882 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -2941,7 +2941,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live,
@@ -2942,7 +2942,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live,
* So call bdrv_inactivate_all (release locks) here to let the other
* side of the migration take control of the images.
*/