diff --git a/Raise-soft-address-space-limit-to-hard-l.patch b/Raise-soft-address-space-limit-to-hard-l.patch index aaaed51..b77f9e4 100644 --- a/Raise-soft-address-space-limit-to-hard-l.patch +++ b/Raise-soft-address-space-limit-to-hard-l.patch @@ -16,7 +16,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 12 insertions(+) diff --git a/vl.c b/vl.c -index 6a65a64bfd647afcf539145f9cf9..57e68fdc4526b7156af155be933f 100644 +index bf0a6345d2394ad25adfe53c4006..68de8184f91c6ef3903859c70526 100644 --- a/vl.c +++ b/vl.c @@ -33,6 +33,7 @@ @@ -27,7 +27,7 @@ index 6a65a64bfd647afcf539145f9cf9..57e68fdc4526b7156af155be933f 100644 #include "sysemu/seccomp.h" #include "sysemu/tcg.h" -@@ -2861,6 +2862,7 @@ int main(int argc, char **argv, char **envp) +@@ -2863,6 +2864,7 @@ int main(int argc, char **argv, char **envp) char *dir, **dirs; BlockdevOptionsQueue bdo_queue = QSIMPLEQ_HEAD_INITIALIZER(bdo_queue); QemuPluginList plugin_list = QTAILQ_HEAD_INITIALIZER(plugin_list); @@ -35,7 +35,7 @@ index 6a65a64bfd647afcf539145f9cf9..57e68fdc4526b7156af155be933f 100644 os_set_line_buffering(); -@@ -2872,6 +2874,16 @@ int main(int argc, char **argv, char **envp) +@@ -2874,6 +2876,16 @@ int main(int argc, char **argv, char **envp) qemu_mutex_lock_iothread(); diff --git a/Revert-vnc-allow-fall-back-to-RAW-encodi.patch b/Revert-vnc-allow-fall-back-to-RAW-encodi.patch new file mode 100644 index 0000000..cf1b4ec --- /dev/null +++ b/Revert-vnc-allow-fall-back-to-RAW-encodi.patch @@ -0,0 +1,69 @@ +From: Gerd Hoffmann +Date: Tue, 21 Jan 2020 07:02:10 +0100 +Subject: Revert "vnc: allow fall back to RAW encoding" + +Git-commit: 0780ec7be82dd4781e9fd216b5d99a125882ff5a + +This reverts commit de3f7de7f4e257ce44cdabb90f5f17ee99624557. + +Remove VNC optimization to reencode framebuffer update as raw if it's +smaller than the default encoding. + +QEMU's implementation was naive and didn't account for the ZLIB z_stream +mutating with each compression. Because of the mutation, simply +resetting the output buffer's offset wasn't sufficient to "rewind" the +operation. The mutated z_stream would generate future zlib blocks which +referred to symbols in past blocks which weren't sent. This would lead +to artifacting. + +Considering that ZRLE is never larger than raw and even though ZLIB can +occasionally be fractionally larger than raw, the overhead of +implementing this optimization correctly isn't worth it. + +Signed-off-by: Cameron Esfahani +Signed-off-by: Gerd Hoffmann +Signed-off-by: Bruce Rogers +--- + ui/vnc.c | 20 ++------------------ + 1 file changed, 2 insertions(+), 18 deletions(-) + +diff --git a/ui/vnc.c b/ui/vnc.c +index 87b8045afec2b7d52983914dbc08..f94b3a257ee3add364a0b0bd5101 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -898,8 +898,6 @@ int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) + int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) + { + int n = 0; +- bool encode_raw = false; +- size_t saved_offs = vs->output.offset; + + switch(vs->vnc_encoding) { + case VNC_ENCODING_ZLIB: +@@ -922,24 +920,10 @@ int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) + n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); + break; + default: +- encode_raw = true; ++ vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); ++ n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); + break; + } +- +- /* If the client has the same pixel format as our internal buffer and +- * a RAW encoding would need less space fall back to RAW encoding to +- * save bandwidth and processing power in the client. */ +- if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy && +- 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) { +- vs->output.offset = saved_offs; +- encode_raw = true; +- } +- +- if (encode_raw) { +- vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); +- n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); +- } +- + return n; + } + diff --git a/block-backup-fix-memory-leak-in-bdrv_bac.patch b/block-backup-fix-memory-leak-in-bdrv_bac.patch new file mode 100644 index 0000000..d366a7b --- /dev/null +++ b/block-backup-fix-memory-leak-in-bdrv_bac.patch @@ -0,0 +1,47 @@ +From: Eiichi Tsukata +Date: Mon, 23 Dec 2019 18:06:32 +0900 +Subject: block/backup: fix memory leak in bdrv_backup_top_append() + +Git-commit: fb574de81bfdd71fdb0315105a3a7761efb68395 + +bdrv_open_driver() allocates bs->opaque according to drv->instance_size. +There is no need to allocate it and overwrite opaque in +bdrv_backup_top_append(). + +Reproducer: + + $ QTEST_QEMU_BINARY=./x86_64-softmmu/qemu-system-x86_64 valgrind -q --leak-check=full tests/test-replication -p /replication/secondary/start + ==29792== 24 bytes in 1 blocks are definitely lost in loss record 52 of 226 + ==29792== at 0x483AB1A: calloc (vg_replace_malloc.c:762) + ==29792== by 0x4B07CE0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6000.7) + ==29792== by 0x12BAB9: bdrv_open_driver (block.c:1289) + ==29792== by 0x12BEA9: bdrv_new_open_driver (block.c:1359) + ==29792== by 0x1D15CB: bdrv_backup_top_append (backup-top.c:190) + ==29792== by 0x1CC11A: backup_job_create (backup.c:439) + ==29792== by 0x1CD542: replication_start (replication.c:544) + ==29792== by 0x1401B9: replication_start_all (replication.c:52) + ==29792== by 0x128B50: test_secondary_start (test-replication.c:427) + ... + +Fixes: 7df7868b9640 ("block: introduce backup-top filter driver") +Signed-off-by: Eiichi Tsukata +Reviewed-by: Vladimir Sementsov-Ogievskiy +Signed-off-by: Kevin Wolf +Signed-off-by: Bruce Rogers +--- + block/backup-top.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/block/backup-top.c b/block/backup-top.c +index 818d3f26b48da425ba061e21887f..64e9e4f576ab27889fb4c0d8aa0a 100644 +--- a/block/backup-top.c ++++ b/block/backup-top.c +@@ -196,7 +196,7 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source, + } + + top->total_sectors = source->total_sectors; +- top->opaque = state = g_new0(BDRVBackupTopState, 1); ++ state = top->opaque; + + bdrv_ref(target); + state->target = bdrv_attach_child(top, target, "target", &child_file, errp); diff --git a/bundles.tar.xz b/bundles.tar.xz index 2b87585..f4a0867 100644 --- a/bundles.tar.xz +++ b/bundles.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a6556114711be59afb2bc4c87f4edbb71ab5a65f3b075c413c36b67aed707d17 -size 65560 +oid sha256:762feed085945e5748ef0337546b3ca80faf002511b7287457fa633931af3785 +size 73408 diff --git a/hw-i386-disable-smbus-migration-for-xenf.patch b/hw-i386-disable-smbus-migration-for-xenf.patch deleted file mode 100644 index ae0b501..0000000 --- a/hw-i386-disable-smbus-migration-for-xenf.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Olaf Hering -Date: Mon, 13 Jan 2020 18:45:21 +0100 -Subject: hw/i386: disable smbus migration for xenfv - -Git-commit: 0000000000000000000000000000000000000000 -References: bsc#1159755 - -With commit 7fccf2a06890e3bc3b30e29827ad3fb93fe88fea a new member -smbus_no_migration_support was added, and enabled in two places. -With commit 4ab2f2a8aabfea95cc53c64e13b3f67960b27fdf the vmstate_acpi -got new elements, which are conditionally filled. As a result, an -incoming migration expected smbus related data unless smbus migration -was disabled for a given MachineClass. - -Since commit 7fccf2a06890e3bc3b30e29827ad3fb93fe88fea forgot to handle -xenfv, live migration to receiving hosts using qemu-4.0 and later is broken. -Therefore this patch must be applied to stable-4.x as well. - -Signed-off-by: Olaf Hering -[BR: changed patch as obtained from qemu-devel mailing list to reference -xenfv, not xenpv, as Olaf indicated in followup email] -Signed-off-by: Bruce Rogers ---- - hw/i386/pc_piix.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c -index d760d3589607daf4997ea76854c4..10d4972179a0dbe40aa9eaddf37e 100644 ---- a/hw/i386/pc_piix.c -+++ b/hw/i386/pc_piix.c -@@ -1046,6 +1046,7 @@ static void xenfv_machine_options(MachineClass *m) - m->desc = "Xen Fully-virtualized PC"; - m->max_cpus = HVM_MAX_VCPUS; - m->default_machine_opts = "accel=xen"; -+ m->smbus_no_migration_support = true; - } - - DEFINE_PC_MACHINE(xenfv, "xenfv", pc_xen_hvm_init, diff --git a/hw-i386-pc-fix-regression-in-parsing-vga.patch b/hw-i386-pc-fix-regression-in-parsing-vga.patch new file mode 100644 index 0000000..730b8a9 --- /dev/null +++ b/hw-i386-pc-fix-regression-in-parsing-vga.patch @@ -0,0 +1,52 @@ +From: Peter Wu +Date: Sat, 21 Dec 2019 17:21:24 +0100 +Subject: hw/i386/pc: fix regression in parsing vga cmdline parameter + +Git-commit: a88c40f02ace88f09b2a85a64831b277b2ebc88c + +When the 'vga=' parameter is succeeded by another parameter, QEMU 4.2.0 +would refuse to start with a rather cryptic message: + + $ qemu-system-x86_64 -kernel /boot/vmlinuz-linux -append 'vga=792 quiet' + qemu: can't parse 'vga' parameter: Invalid argument + +It was not clear whether this applied to the '-vga std' parameter or the +'-append' one. Fix the parsing regression and clarify the error. + +Fixes: 133ef074bd ("hw/i386/pc: replace use of strtol with qemu_strtoui in x86_load_linux()") +Cc: Sergio Lopez +Signed-off-by: Peter Wu +Message-Id: <20191221162124.1159291-1-peter@lekensteyn.nl> +Cc: qemu-stable@nongnu.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Bruce Rogers +--- + hw/i386/x86.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/hw/i386/x86.c b/hw/i386/x86.c +index 394edc2f720985c0910396181eeb..121650ae511c3814dcdbb908abdc 100644 +--- a/hw/i386/x86.c ++++ b/hw/i386/x86.c +@@ -508,6 +508,7 @@ void x86_load_linux(X86MachineState *x86ms, + vmode = strstr(kernel_cmdline, "vga="); + if (vmode) { + unsigned int video_mode; ++ const char *end; + int ret; + /* skip "vga=" */ + vmode += 4; +@@ -518,10 +519,9 @@ void x86_load_linux(X86MachineState *x86ms, + } else if (!strncmp(vmode, "ask", 3)) { + video_mode = 0xfffd; + } else { +- ret = qemu_strtoui(vmode, NULL, 0, &video_mode); +- if (ret != 0) { +- fprintf(stderr, "qemu: can't parse 'vga' parameter: %s\n", +- strerror(-ret)); ++ ret = qemu_strtoui(vmode, &end, 0, &video_mode); ++ if (ret != 0 || (*end && *end != ' ')) { ++ fprintf(stderr, "qemu: invalid 'vga=' kernel parameter.\n"); + exit(1); + } + } diff --git a/iscsi-Cap-block-count-from-GET-LBA-STATU.patch b/iscsi-Cap-block-count-from-GET-LBA-STATU.patch new file mode 100644 index 0000000..aff4e2c --- /dev/null +++ b/iscsi-Cap-block-count-from-GET-LBA-STATU.patch @@ -0,0 +1,60 @@ +From: Felipe Franciosi +Date: Thu, 23 Jan 2020 12:44:59 +0000 +Subject: iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) + +Git-commit: 693fd2acdf14dd86c0bf852610f1c2cca80a74dc + +When querying an iSCSI server for the provisioning status of blocks (via +GET LBA STATUS), Qemu only validates that the response descriptor zero's +LBA matches the one requested. Given the SCSI spec allows servers to +respond with the status of blocks beyond the end of the LUN, Qemu may +have its heap corrupted by clearing/setting too many bits at the end of +its allocmap for the LUN. + +A malicious guest in control of the iSCSI server could carefully program +Qemu's heap (by selectively setting the bitmap) and then smash it. + +This limits the number of bits that iscsi_co_block_status() will try to +update in the allocmap so it can't overflow the bitmap. + +Fixes: CVE-2020-1711 +Cc: qemu-stable@nongnu.org +Signed-off-by: Felipe Franciosi +Signed-off-by: Peter Turschmid +Signed-off-by: Raphael Norwitz +Signed-off-by: Kevin Wolf +Signed-off-by: Bruce Rogers +--- + block/iscsi.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/block/iscsi.c b/block/iscsi.c +index 2aea7e3f13f73662a838d2f8187f..cbd57294ab4417a33657af0fbce8 100644 +--- a/block/iscsi.c ++++ b/block/iscsi.c +@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, + struct scsi_get_lba_status *lbas = NULL; + struct scsi_lba_status_descriptor *lbasd = NULL; + struct IscsiTask iTask; +- uint64_t lba; ++ uint64_t lba, max_bytes; + int ret; + + iscsi_co_init_iscsitask(iscsilun, &iTask); +@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs, + } + + lba = offset / iscsilun->block_size; ++ max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size; + + qemu_mutex_lock(&iscsilun->mutex); + retry: +@@ -764,7 +765,7 @@ retry: + goto out_unlock; + } + +- *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size; ++ *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes); + + if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED || + lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) { diff --git a/m68k-Fix-regression-causing-Single-Step-.patch b/m68k-Fix-regression-causing-Single-Step-.patch new file mode 100644 index 0000000..1e14a45 --- /dev/null +++ b/m68k-Fix-regression-causing-Single-Step-.patch @@ -0,0 +1,100 @@ +From: Laurent Vivier +Date: Thu, 16 Jan 2020 17:54:54 +0100 +Subject: m68k: Fix regression causing Single-Step via GDB/RSP to not single + step + +Git-commit: 322f244aaa80a5208090d41481c1c09c6face66b + +A regression that was introduced, with the refactor to TranslatorOps, +drops two lines that update the PC when single-stepping is being performed. + +Fixes: 11ab74b01e0a ("target/m68k: Convert to TranslatorOps") +Reported-by: Lucien Murray-Pitts +Suggested-by: Lucien Murray-Pitts +Suggested-by: Richard Henderson +Reviewed-by: Richard Henderson +Signed-off-by: Laurent Vivier +Message-Id: <20200116165454.2076265-1-laurent@vivier.eu> +Signed-off-by: Bruce Rogers +--- + target/m68k/translate.c | 42 ++++++++++++++++++++++++++--------------- + 1 file changed, 27 insertions(+), 15 deletions(-) + +diff --git a/target/m68k/translate.c b/target/m68k/translate.c +index fcdb7bc8e4eeabc2f3b0e336c064..16fae5ac9ec3f729ef402b805e41 100644 +--- a/target/m68k/translate.c ++++ b/target/m68k/translate.c +@@ -289,16 +289,21 @@ static void gen_jmp(DisasContext *s, TCGv dest) + s->base.is_jmp = DISAS_JUMP; + } + +-static void gen_exception(DisasContext *s, uint32_t dest, int nr) ++static void gen_raise_exception(int nr) + { + TCGv_i32 tmp; + +- update_cc_op(s); +- tcg_gen_movi_i32(QREG_PC, dest); +- + tmp = tcg_const_i32(nr); + gen_helper_raise_exception(cpu_env, tmp); + tcg_temp_free_i32(tmp); ++} ++ ++static void gen_exception(DisasContext *s, uint32_t dest, int nr) ++{ ++ update_cc_op(s); ++ tcg_gen_movi_i32(QREG_PC, dest); ++ ++ gen_raise_exception(nr); + + s->base.is_jmp = DISAS_NORETURN; + } +@@ -6198,29 +6203,36 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) + { + DisasContext *dc = container_of(dcbase, DisasContext, base); + +- if (dc->base.is_jmp == DISAS_NORETURN) { +- return; +- } +- if (dc->base.singlestep_enabled) { +- gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG)); +- return; +- } +- + switch (dc->base.is_jmp) { ++ case DISAS_NORETURN: ++ break; + case DISAS_TOO_MANY: + update_cc_op(dc); +- gen_jmp_tb(dc, 0, dc->pc); ++ if (dc->base.singlestep_enabled) { ++ tcg_gen_movi_i32(QREG_PC, dc->pc); ++ gen_raise_exception(EXCP_DEBUG); ++ } else { ++ gen_jmp_tb(dc, 0, dc->pc); ++ } + break; + case DISAS_JUMP: + /* We updated CC_OP and PC in gen_jmp/gen_jmp_im. */ +- tcg_gen_lookup_and_goto_ptr(); ++ if (dc->base.singlestep_enabled) { ++ gen_raise_exception(EXCP_DEBUG); ++ } else { ++ tcg_gen_lookup_and_goto_ptr(); ++ } + break; + case DISAS_EXIT: + /* + * We updated CC_OP and PC in gen_exit_tb, but also modified + * other state that may require returning to the main loop. + */ +- tcg_gen_exit_tb(NULL, 0); ++ if (dc->base.singlestep_enabled) { ++ gen_raise_exception(EXCP_DEBUG); ++ } else { ++ tcg_gen_exit_tb(NULL, 0); ++ } + break; + default: + g_assert_not_reached(); diff --git a/migration-Rate-limit-inside-host-pages.patch b/migration-Rate-limit-inside-host-pages.patch new file mode 100644 index 0000000..10d587b --- /dev/null +++ b/migration-Rate-limit-inside-host-pages.patch @@ -0,0 +1,149 @@ +From: "Dr. David Alan Gilbert" +Date: Thu, 5 Dec 2019 10:29:18 +0000 +Subject: migration: Rate limit inside host pages + +Git-commit: 97e1e06780e70f6e98a0d2df881e0c0927d3aeb6 + +When using hugepages, rate limiting is necessary within each huge +page, since a 1G huge page can take a significant time to send, so +you end up with bursty behaviour. + +Fixes: 4c011c37ecb3 ("postcopy: Send whole huge pages") +Reported-by: Lin Ma +Signed-off-by: Dr. David Alan Gilbert +Reviewed-by: Juan Quintela +Reviewed-by: Peter Xu +Signed-off-by: Juan Quintela +Signed-off-by: Bruce Rogers +--- + migration/migration.c | 57 ++++++++++++++++++++++++------------------ + migration/migration.h | 1 + + migration/ram.c | 2 ++ + migration/trace-events | 4 +-- + 4 files changed, 37 insertions(+), 27 deletions(-) + +diff --git a/migration/migration.c b/migration/migration.c +index 354ad072fa5553333c5b1e0d8023..27500d09a94a8615c935245e23ed 100644 +--- a/migration/migration.c ++++ b/migration/migration.c +@@ -3224,6 +3224,37 @@ void migration_consume_urgent_request(void) + qemu_sem_wait(&migrate_get_current()->rate_limit_sem); + } + ++/* Returns true if the rate limiting was broken by an urgent request */ ++bool migration_rate_limit(void) ++{ ++ int64_t now = qemu_clock_get_ms(QEMU_CLOCK_REALTIME); ++ MigrationState *s = migrate_get_current(); ++ ++ bool urgent = false; ++ migration_update_counters(s, now); ++ if (qemu_file_rate_limit(s->to_dst_file)) { ++ /* ++ * Wait for a delay to do rate limiting OR ++ * something urgent to post the semaphore. ++ */ ++ int ms = s->iteration_start_time + BUFFER_DELAY - now; ++ trace_migration_rate_limit_pre(ms); ++ if (qemu_sem_timedwait(&s->rate_limit_sem, ms) == 0) { ++ /* ++ * We were woken by one or more urgent things but ++ * the timedwait will have consumed one of them. ++ * The service routine for the urgent wake will dec ++ * the semaphore itself for each item it consumes, ++ * so add this one we just eat back. ++ */ ++ qemu_sem_post(&s->rate_limit_sem); ++ urgent = true; ++ } ++ trace_migration_rate_limit_post(urgent); ++ } ++ return urgent; ++} ++ + /* + * Master migration thread on the source VM. + * It drives the migration and pumps the data down the outgoing channel. +@@ -3290,8 +3321,6 @@ static void *migration_thread(void *opaque) + trace_migration_thread_setup_complete(); + + while (migration_is_active(s)) { +- int64_t current_time; +- + if (urgent || !qemu_file_rate_limit(s->to_dst_file)) { + MigIterateState iter_state = migration_iteration_run(s); + if (iter_state == MIG_ITERATE_SKIP) { +@@ -3318,29 +3347,7 @@ static void *migration_thread(void *opaque) + update_iteration_initial_status(s); + } + +- current_time = qemu_clock_get_ms(QEMU_CLOCK_REALTIME); +- +- migration_update_counters(s, current_time); +- +- urgent = false; +- if (qemu_file_rate_limit(s->to_dst_file)) { +- /* Wait for a delay to do rate limiting OR +- * something urgent to post the semaphore. +- */ +- int ms = s->iteration_start_time + BUFFER_DELAY - current_time; +- trace_migration_thread_ratelimit_pre(ms); +- if (qemu_sem_timedwait(&s->rate_limit_sem, ms) == 0) { +- /* We were worken by one or more urgent things but +- * the timedwait will have consumed one of them. +- * The service routine for the urgent wake will dec +- * the semaphore itself for each item it consumes, +- * so add this one we just eat back. +- */ +- qemu_sem_post(&s->rate_limit_sem); +- urgent = true; +- } +- trace_migration_thread_ratelimit_post(urgent); +- } ++ urgent = migration_rate_limit(); + } + + trace_migration_thread_after_loop(); +diff --git a/migration/migration.h b/migration/migration.h +index 79b3dda146f716955f413383bf39..aa9ff6f27b19d7ee165048aa7b6d 100644 +--- a/migration/migration.h ++++ b/migration/migration.h +@@ -341,5 +341,6 @@ int foreach_not_ignored_block(RAMBlockIterFunc func, void *opaque); + + void migration_make_urgent_request(void); + void migration_consume_urgent_request(void); ++bool migration_rate_limit(void); + + #endif +diff --git a/migration/ram.c b/migration/ram.c +index 5078f94490de7a1bc71670376078..b6de7d1d5552a0aa39b0d232c2d6 100644 +--- a/migration/ram.c ++++ b/migration/ram.c +@@ -2616,6 +2616,8 @@ static int ram_save_host_page(RAMState *rs, PageSearchStatus *pss, + + pages += tmppages; + pss->page++; ++ /* Allow rate limiting to happen in the middle of huge pages */ ++ migration_rate_limit(); + } while ((pss->page & (pagesize_bits - 1)) && + offset_in_ramblock(pss->block, pss->page << TARGET_PAGE_BITS)); + +diff --git a/migration/trace-events b/migration/trace-events +index 6dee7b5389dc2be37b3851820919..2f9129e213d41a6350fe7e968697 100644 +--- a/migration/trace-events ++++ b/migration/trace-events +@@ -138,12 +138,12 @@ migrate_send_rp_recv_bitmap(char *name, int64_t size) "block '%s' size 0x%"PRIi6 + migration_completion_file_err(void) "" + migration_completion_postcopy_end(void) "" + migration_completion_postcopy_end_after_complete(void) "" ++migration_rate_limit_pre(int ms) "%d ms" ++migration_rate_limit_post(int urgent) "urgent: %d" + migration_return_path_end_before(void) "" + migration_return_path_end_after(int rp_error) "%d" + migration_thread_after_loop(void) "" + migration_thread_file_err(void) "" +-migration_thread_ratelimit_pre(int ms) "%d ms" +-migration_thread_ratelimit_post(int urgent) "urgent: %d" + migration_thread_setup_complete(void) "" + open_return_path_on_source(void) "" + open_return_path_on_source_continue(void) "" diff --git a/migration-test-ppc64-fix-FORTH-test-prog.patch b/migration-test-ppc64-fix-FORTH-test-prog.patch new file mode 100644 index 0000000..756fbd2 --- /dev/null +++ b/migration-test-ppc64-fix-FORTH-test-prog.patch @@ -0,0 +1,55 @@ +From: Laurent Vivier +Date: Tue, 7 Jan 2020 17:34:37 +0100 +Subject: migration-test: ppc64: fix FORTH test program + +Git-commit: 16c5c6928ff53bd95e6504301ef6c285501531e7 + +Commit e51e711b1bef has moved the initialization of start_address and +end_address after the definition of the command line argument, +where the nvramrc is initialized, and thus the loop is between 0 and 0 +rather than 1 MiB and 100 MiB. + +It doesn't affect the result of the test if all the tests are run in +sequence because the two first tests don't run the loop, so the +values are correctly initialized when we actually need them. + +But it hangs when we ask to run only one test, for instance: + + QTEST_QEMU_BINARY=ppc64-softmmu/qemu-system-ppc64 \ + tests/migration-test -m=quick -p /ppc64/migration/validate_uuid_error + +Fixes: e51e711b1bef ("tests/migration: Add migration-test header file") +Cc: wei@redhat.com +Signed-off-by: Laurent Vivier +Message-Id: <20200107163437.52139-1-lvivier@redhat.com> +Reviewed-by: Dr. David Alan Gilbert +Reviewed-by: Juan Quintela +Acked-by: David Gibson +Signed-off-by: Thomas Huth +Signed-off-by: Bruce Rogers +--- + tests/migration-test.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/migration-test.c b/tests/migration-test.c +index ebd77a581affd8872138f6f36d5e..d79980fbe39dfaa3fa89999ee64f 100644 +--- a/tests/migration-test.c ++++ b/tests/migration-test.c +@@ -614,6 +614,8 @@ static int test_migrate_start(QTestState **from, QTestState **to, + end_address = S390_TEST_MEM_END; + } else if (strcmp(arch, "ppc64") == 0) { + extra_opts = use_shmem ? get_shmem_opts("256M", shmem_path) : NULL; ++ start_address = PPC_TEST_MEM_START; ++ end_address = PPC_TEST_MEM_END; + cmd_src = g_strdup_printf("-machine accel=%s,vsmt=8 -m 256M -nodefaults" + " -name source,debug-threads=on" + " -serial file:%s/src_serial" +@@ -630,8 +632,6 @@ static int test_migrate_start(QTestState **from, QTestState **to, + accel, tmpfs, uri, + extra_opts ? extra_opts : "", opts_dst); + +- start_address = PPC_TEST_MEM_START; +- end_address = PPC_TEST_MEM_END; + } else if (strcmp(arch, "aarch64") == 0) { + init_bootfile(bootpath, aarch64_kernel, sizeof(aarch64_kernel)); + extra_opts = use_shmem ? get_shmem_opts("150M", shmem_path) : NULL; diff --git a/qemu.changes b/qemu.changes index 9002212..b547431 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Tue Jan 28 16:24:31 UTC 2020 - Bruce Rogers + +- Stop using system membarriers (ie switch from --enable-membarrier + to --disable-membarrier). This is a blocker for using qemu in the + context of containers (boo#1130134 jsc#SLE-11089) +- Drop this recently added patch - in consultation with upstream it + was decided it needed to be solved a different way (bsc#1159755) + hw-i386-disable-smbus-migration-for-xenf.patch +- Include upstream patches targeted for the next stable release + (bug fixes only) + block-backup-fix-memory-leak-in-bdrv_bac.patch + iscsi-Cap-block-count-from-GET-LBA-STATU.patch + s390x-adapter-routes-error-handling.patch + target-i386-kvm-initialize-feature-MSRs-.patch + +------------------------------------------------------------------- +Fri Jan 24 19:50:50 UTC 2020 - Bruce Rogers + +- Include upstream patches targeted for the next stable release + (bug fixes only) + hw-i386-pc-fix-regression-in-parsing-vga.patch + m68k-Fix-regression-causing-Single-Step-.patch + migration-Rate-limit-inside-host-pages.patch + migration-test-ppc64-fix-FORTH-test-prog.patch + Revert-vnc-allow-fall-back-to-RAW-encodi.patch + runstate-ignore-finishmigrate-prelaunch-.patch + target-arm-Return-correct-IL-bit-in-merg.patch + target-arm-Set-ISSIs16Bit-in-make_issinf.patch + vnc-prioritize-ZRLE-compression-over-ZLI.patch + +------------------------------------------------------------------- +Fri Jan 24 14:59:33 UTC 2020 - Dominique Leuenberger + +- BuildRequire pkconfig(systemd) instead of systemd: allow OBS to + shortcut through the -mini flavors. +- Use systemd_ordering in place of systemd_requires: systemd is + never a strict requirement for qemu; but when installing qemu on + a systemd-managed system, we want system to be present first. + ------------------------------------------------------------------- Tue Jan 14 18:10:53 UTC 2020 - Bruce Rogers diff --git a/qemu.spec b/qemu.spec index 60244de..62141c5 100644 --- a/qemu.spec +++ b/qemu.spec @@ -87,7 +87,7 @@ %define summary_string Machine emulator and virtualizer %endif -%bcond_without system_membarrier +%bcond_with system_membarrier %define qemuver 4.2.0 %define srcver 4.2.0 @@ -165,48 +165,60 @@ Patch00034: virtio-net-delete-also-control-queue-whe.patch Patch00035: intel_iommu-a-fix-to-vtd_find_as_from_bu.patch Patch00036: target-i386-Add-new-bit-definitions-of-M.patch Patch00037: target-i386-Add-missed-features-to-Coope.patch -Patch00038: XXX-dont-dump-core-on-sigabort.patch -Patch00039: qemu-binfmt-conf-Modify-default-path.patch -Patch00040: qemu-cvs-gettimeofday.patch -Patch00041: qemu-cvs-ioctl_debug.patch -Patch00042: qemu-cvs-ioctl_nodirection.patch -Patch00043: linux-user-add-binfmt-wrapper-for-argv-0.patch -Patch00044: PPC-KVM-Disable-mmu-notifier-check.patch -Patch00045: linux-user-binfmt-support-host-binaries.patch -Patch00046: linux-user-Fake-proc-cpuinfo.patch -Patch00047: linux-user-use-target_ulong.patch -Patch00048: Make-char-muxer-more-robust-wrt-small-FI.patch -Patch00049: linux-user-lseek-explicitly-cast-non-set.patch -Patch00050: AIO-Reduce-number-of-threads-for-32bit-h.patch -Patch00051: xen_disk-Add-suse-specific-flush-disable.patch -Patch00052: qemu-bridge-helper-reduce-security-profi.patch -Patch00053: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch -Patch00054: linux-user-properly-test-for-infinite-ti.patch -Patch00055: roms-Makefile-pass-a-packaging-timestamp.patch -Patch00056: Raise-soft-address-space-limit-to-hard-l.patch -Patch00057: increase-x86_64-physical-bits-to-42.patch -Patch00058: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch -Patch00059: i8254-Fix-migration-from-SLE11-SP2.patch -Patch00060: acpi_piix4-Fix-migration-from-SLE11-SP2.patch -Patch00061: Switch-order-of-libraries-for-mpath-supp.patch -Patch00062: Make-installed-scripts-explicitly-python.patch -Patch00063: hw-smbios-handle-both-file-formats-regar.patch -Patch00064: xen-add-block-resize-support-for-xen-dis.patch -Patch00065: tests-qemu-iotests-Triple-timeout-of-i-o.patch -Patch00066: tests-Fix-block-tests-to-be-compatible-w.patch -Patch00067: xen-ignore-live-parameter-from-xen-save-.patch -Patch00068: Conditionalize-ui-bitmap-installation-be.patch -Patch00069: tests-change-error-message-in-test-162.patch -Patch00070: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch -Patch00071: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch -Patch00072: hw-intc-exynos4210_gic-provide-more-room.patch -Patch00073: configure-only-populate-roms-if-softmmu.patch -Patch00074: pc-bios-s390-ccw-net-avoid-warning-about.patch -Patch00075: roms-change-cross-compiler-naming-to-be-.patch -Patch00076: tests-Disable-some-block-tests-for-now.patch -Patch00077: test-add-mapping-from-arch-of-i686-to-qe.patch -Patch00078: roms-Makefile-enable-cross-compile-for-b.patch -Patch00079: hw-i386-disable-smbus-migration-for-xenf.patch +Patch00038: hw-i386-pc-fix-regression-in-parsing-vga.patch +Patch00039: migration-test-ppc64-fix-FORTH-test-prog.patch +Patch00040: target-arm-Return-correct-IL-bit-in-merg.patch +Patch00041: target-arm-Set-ISSIs16Bit-in-make_issinf.patch +Patch00042: runstate-ignore-finishmigrate-prelaunch-.patch +Patch00043: migration-Rate-limit-inside-host-pages.patch +Patch00044: m68k-Fix-regression-causing-Single-Step-.patch +Patch00045: Revert-vnc-allow-fall-back-to-RAW-encodi.patch +Patch00046: vnc-prioritize-ZRLE-compression-over-ZLI.patch +Patch00047: target-i386-kvm-initialize-feature-MSRs-.patch +Patch00048: s390x-adapter-routes-error-handling.patch +Patch00049: XXX-dont-dump-core-on-sigabort.patch +Patch00050: qemu-binfmt-conf-Modify-default-path.patch +Patch00051: qemu-cvs-gettimeofday.patch +Patch00052: qemu-cvs-ioctl_debug.patch +Patch00053: qemu-cvs-ioctl_nodirection.patch +Patch00054: linux-user-add-binfmt-wrapper-for-argv-0.patch +Patch00055: PPC-KVM-Disable-mmu-notifier-check.patch +Patch00056: linux-user-binfmt-support-host-binaries.patch +Patch00057: linux-user-Fake-proc-cpuinfo.patch +Patch00058: linux-user-use-target_ulong.patch +Patch00059: Make-char-muxer-more-robust-wrt-small-FI.patch +Patch00060: linux-user-lseek-explicitly-cast-non-set.patch +Patch00061: AIO-Reduce-number-of-threads-for-32bit-h.patch +Patch00062: xen_disk-Add-suse-specific-flush-disable.patch +Patch00063: qemu-bridge-helper-reduce-security-profi.patch +Patch00064: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch +Patch00065: linux-user-properly-test-for-infinite-ti.patch +Patch00066: roms-Makefile-pass-a-packaging-timestamp.patch +Patch00067: Raise-soft-address-space-limit-to-hard-l.patch +Patch00068: increase-x86_64-physical-bits-to-42.patch +Patch00069: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch +Patch00070: i8254-Fix-migration-from-SLE11-SP2.patch +Patch00071: acpi_piix4-Fix-migration-from-SLE11-SP2.patch +Patch00072: Switch-order-of-libraries-for-mpath-supp.patch +Patch00073: Make-installed-scripts-explicitly-python.patch +Patch00074: hw-smbios-handle-both-file-formats-regar.patch +Patch00075: xen-add-block-resize-support-for-xen-dis.patch +Patch00076: tests-qemu-iotests-Triple-timeout-of-i-o.patch +Patch00077: tests-Fix-block-tests-to-be-compatible-w.patch +Patch00078: xen-ignore-live-parameter-from-xen-save-.patch +Patch00079: Conditionalize-ui-bitmap-installation-be.patch +Patch00080: tests-change-error-message-in-test-162.patch +Patch00081: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch +Patch00082: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch +Patch00083: hw-intc-exynos4210_gic-provide-more-room.patch +Patch00084: configure-only-populate-roms-if-softmmu.patch +Patch00085: pc-bios-s390-ccw-net-avoid-warning-about.patch +Patch00086: roms-change-cross-compiler-naming-to-be-.patch +Patch00087: tests-Disable-some-block-tests-for-now.patch +Patch00088: test-add-mapping-from-arch-of-i686-to-qe.patch +Patch00089: roms-Makefile-enable-cross-compile-for-b.patch +Patch00090: iscsi-Cap-block-count-from-GET-LBA-STATU.patch +Patch00091: block-backup-fix-memory-leak-in-bdrv_bac.patch # Patches applied in roms/seabios/: Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch @@ -360,8 +372,8 @@ BuildRequires: python3-base BuildRequires: rdma-core-devel BuildRequires: snappy-devel BuildRequires: spice-protocol-devel >= 0.12.3 -BuildRequires: systemd -%{?systemd_requires} +BuildRequires: pkgconfig(systemd) +%{?systemd_ordering} %if %{kvm_available} BuildRequires: pkgconfig(udev) %endif @@ -810,7 +822,7 @@ Requires(post): udev Supplements: modalias(acpi*:QEMU0002%3A*) Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*) Supplements: modalias(pci:v00005853d00000001sv*sd*bc*sc*i*) -%{?systemd_requires} +%{?systemd_ordering} %description guest-agent This package contains the QEMU guest agent. It is installed in the linux guest @@ -993,6 +1005,18 @@ This package provides a service file for starting and stopping KSM. %patch00077 -p1 %patch00078 -p1 %patch00079 -p1 +%patch00080 -p1 +%patch00081 -p1 +%patch00082 -p1 +%patch00083 -p1 +%patch00084 -p1 +%patch00085 -p1 +%patch00086 -p1 +%patch00087 -p1 +%patch00088 -p1 +%patch00089 -p1 +%patch00090 -p1 +%patch00091 -p1 %patch01000 -p1 %patch01001 -p1 %patch01002 -p1 diff --git a/qemu.spec.in b/qemu.spec.in index ab6920c..58b0492 100644 --- a/qemu.spec.in +++ b/qemu.spec.in @@ -87,7 +87,7 @@ %define summary_string Machine emulator and virtualizer %endif -%bcond_without system_membarrier +%bcond_with system_membarrier INSERT_VERSIONING %define srcname qemu @@ -259,8 +259,8 @@ BuildRequires: python3-base BuildRequires: rdma-core-devel BuildRequires: snappy-devel BuildRequires: spice-protocol-devel >= 0.12.3 -BuildRequires: systemd -%{?systemd_requires} +BuildRequires: pkgconfig(systemd) +%{?systemd_ordering} %if %{kvm_available} BuildRequires: pkgconfig(udev) %endif @@ -709,7 +709,7 @@ Requires(post): udev Supplements: modalias(acpi*:QEMU0002%3A*) Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*) Supplements: modalias(pci:v00005853d00000001sv*sd*bc*sc*i*) -%{?systemd_requires} +%{?systemd_ordering} %description guest-agent This package contains the QEMU guest agent. It is installed in the linux guest diff --git a/runstate-ignore-finishmigrate-prelaunch-.patch b/runstate-ignore-finishmigrate-prelaunch-.patch new file mode 100644 index 0000000..404c989 --- /dev/null +++ b/runstate-ignore-finishmigrate-prelaunch-.patch @@ -0,0 +1,61 @@ +From: Laurent Vivier +Date: Fri, 29 Nov 2019 12:51:32 +0100 +Subject: runstate: ignore finishmigrate -> prelaunch transition + +Git-commit: ddad81bd28de665475a87693a93e6cf5d6fd8bab + +Commit 1bd71dce4bf2 tries to prevent a finishmigrate -> prelaunch +transition by exiting at the beginning of the main_loop_should_exit() +function if the state is already finishmigrate. + +As the finishmigrate state is set in the migration thread it can +happen concurrently to the function. The migration thread and the +function are normally protected by the iothread mutex and thus the +state should no evolve between the start of the function and its end. + +Unfortunately during the function life the lock is released by +pause_all_vcpus() just before the point we need to be sure we are +not in finishmigrate state and if the migration thread is waiting +for the lock it will take the opportunity to change the state +to finishmigrate. + +The only way to be sure we are not in the finishmigrate state when +we need is to check the state after the pause_all_vcpus() function. + +Fixes: 1bd71dce4bf2 ("runstate: ignore exit request in finish migrate state") +Signed-off-by: Laurent Vivier +Signed-off-by: Juan Quintela +Signed-off-by: Bruce Rogers +--- + vl.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/vl.c b/vl.c +index 6a65a64bfd647afcf539145f9cf9..bf0a6345d2394ad25adfe53c4006 100644 +--- a/vl.c ++++ b/vl.c +@@ -1745,9 +1745,6 @@ static bool main_loop_should_exit(void) + RunState r; + ShutdownCause request; + +- if (runstate_check(RUN_STATE_FINISH_MIGRATE)) { +- return false; +- } + if (preconfig_exit_requested) { + if (runstate_check(RUN_STATE_PRECONFIG)) { + runstate_set(RUN_STATE_PRELAUNCH); +@@ -1776,8 +1773,13 @@ static bool main_loop_should_exit(void) + pause_all_vcpus(); + qemu_system_reset(request); + resume_all_vcpus(); ++ /* ++ * runstate can change in pause_all_vcpus() ++ * as iothread mutex is unlocked ++ */ + if (!runstate_check(RUN_STATE_RUNNING) && +- !runstate_check(RUN_STATE_INMIGRATE)) { ++ !runstate_check(RUN_STATE_INMIGRATE) && ++ !runstate_check(RUN_STATE_FINISH_MIGRATE)) { + runstate_set(RUN_STATE_PRELAUNCH); + } + } diff --git a/s390x-adapter-routes-error-handling.patch b/s390x-adapter-routes-error-handling.patch new file mode 100644 index 0000000..ca86743 --- /dev/null +++ b/s390x-adapter-routes-error-handling.patch @@ -0,0 +1,76 @@ +From: Cornelia Huck +Date: Thu, 16 Jan 2020 13:10:35 +0100 +Subject: s390x: adapter routes error handling + +Git-commit: 3c5fd8074335c67777d9391b84f97070c35d9c63 + +If the kernel irqchip has been disabled, we don't want the +{add,release}_adapter_routes routines to call any kvm_irqchip_* +interfaces, as they may rely on an irqchip actually having been +created. Just take a quick exit in that case instead. If you are +trying to use irqfd without a kernel irqchip, we will fail with +an error. + +Also initialize routes->gsi[] with -1 in the virtio-ccw handling, +to make sure we don't trip over other errors, either. (Nobody +else uses the gsi array in that structure.) + +Fixes: d426d9fba8ea ("s390x/virtio-ccw: wire up irq routing and irqfds") +Reviewed-by: Thomas Huth +Acked-by: Christian Borntraeger +Message-Id: <20200117111147.5006-1-cohuck@redhat.com> +Signed-off-by: Cornelia Huck +Signed-off-by: Bruce Rogers +--- + hw/intc/s390_flic_kvm.c | 8 ++++++++ + hw/s390x/virtio-ccw.c | 4 ++++ + 2 files changed, 12 insertions(+) + +diff --git a/hw/intc/s390_flic_kvm.c b/hw/intc/s390_flic_kvm.c +index c9ee80eaae02dea3a46bbaf82d4a..98cc15868374034d9d18b539dc42 100644 +--- a/hw/intc/s390_flic_kvm.c ++++ b/hw/intc/s390_flic_kvm.c +@@ -331,6 +331,10 @@ static int kvm_s390_add_adapter_routes(S390FLICState *fs, + int ret, i; + uint64_t ind_offset = routes->adapter.ind_offset; + ++ if (!kvm_gsi_routing_enabled()) { ++ return -ENOSYS; ++ } ++ + for (i = 0; i < routes->num_routes; i++) { + ret = kvm_irqchip_add_adapter_route(kvm_state, &routes->adapter); + if (ret < 0) { +@@ -358,6 +362,10 @@ static void kvm_s390_release_adapter_routes(S390FLICState *fs, + { + int i; + ++ if (!kvm_gsi_routing_enabled()) { ++ return; ++ } ++ + for (i = 0; i < routes->num_routes; i++) { + if (routes->gsi[i] >= 0) { + kvm_irqchip_release_virq(kvm_state, routes->gsi[i]); +diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c +index 6580ce5907dd0b3c87bae8e04923..13f57e7b67f18c644dee4c292fdf 100644 +--- a/hw/s390x/virtio-ccw.c ++++ b/hw/s390x/virtio-ccw.c +@@ -697,6 +697,7 @@ static void virtio_ccw_device_realize(VirtioCcwDevice *dev, Error **errp) + CCWDeviceClass *ck = CCW_DEVICE_GET_CLASS(ccw_dev); + SubchDev *sch; + Error *err = NULL; ++ int i; + + sch = css_create_sch(ccw_dev->devno, errp); + if (!sch) { +@@ -717,6 +718,9 @@ static void virtio_ccw_device_realize(VirtioCcwDevice *dev, Error **errp) + ccw_dev->sch = sch; + dev->indicators = NULL; + dev->revision = -1; ++ for (i = 0; i < ADAPTER_ROUTES_MAX_GSI; i++) { ++ dev->routes.gsi[i] = -1; ++ } + css_sch_build_virtual_schib(sch, 0, VIRTIO_CCW_CHPID_TYPE); + + trace_virtio_ccw_new_device( diff --git a/target-arm-Return-correct-IL-bit-in-merg.patch b/target-arm-Return-correct-IL-bit-in-merg.patch new file mode 100644 index 0000000..49a15a2 --- /dev/null +++ b/target-arm-Return-correct-IL-bit-in-merg.patch @@ -0,0 +1,40 @@ +From: Jeff Kubascik +Date: Fri, 17 Jan 2020 14:09:31 +0000 +Subject: target/arm: Return correct IL bit in merge_syn_data_abort + +Git-commit: 30d544839e278dc76017b9a42990c41e84a34377 + +The IL bit is set for 32-bit instructions, thus passing false +with the is_16bit parameter to syn_data_abort_with_iss() makes +a syn mask that always has the IL bit set. + +Pass is_16bit as true to make the initial syn mask have IL=0, +so that the final IL value comes from or'ing template_syn. + +Cc: qemu-stable@nongnu.org +Fixes: aaa1f954d4ca ("target-arm: A64: Create Instruction Syndromes for Data Aborts") +Signed-off-by: Jeff Kubascik +Signed-off-by: Richard Henderson +Message-id: 20200117004618.2742-2-richard.henderson@linaro.org +[rth: Extracted this as a self-contained bug fix from a larger patch] +Signed-off-by: Richard Henderson +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +Signed-off-by: Bruce Rogers +--- + target/arm/tlb_helper.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c +index 5feb3129417a5c55bdbe6b77b540..e63f8bda29636d8b23eead31004a 100644 +--- a/target/arm/tlb_helper.c ++++ b/target/arm/tlb_helper.c +@@ -44,7 +44,7 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn, + syn = syn_data_abort_with_iss(same_el, + 0, 0, 0, 0, 0, + ea, 0, s1ptw, is_write, fsc, +- false); ++ true); + /* Merge the runtime syndrome with the template syndrome. */ + syn |= template_syn; + } diff --git a/target-arm-Set-ISSIs16Bit-in-make_issinf.patch b/target-arm-Set-ISSIs16Bit-in-make_issinf.patch new file mode 100644 index 0000000..c3b4e91 --- /dev/null +++ b/target-arm-Set-ISSIs16Bit-in-make_issinf.patch @@ -0,0 +1,36 @@ +From: Richard Henderson +Date: Fri, 17 Jan 2020 14:09:31 +0000 +Subject: target/arm: Set ISSIs16Bit in make_issinfo + +Git-commit: 1a1fbc6cbb34c26d43d8360c66c1d21681af14a9 + +During the conversion to decodetree, the setting of +ISSIs16Bit got lost. This causes the guest os to +incorrectly adjust trapping memory operations. + +Cc: qemu-stable@nongnu.org +Fixes: 46beb58efbb8a2a32 ("target/arm: Convert T16, load (literal)") +Reported-by: Jeff Kubascik +Signed-off-by: Richard Henderson +Message-id: 20200117004618.2742-3-richard.henderson@linaro.org +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +Signed-off-by: Bruce Rogers +--- + target/arm/translate.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/target/arm/translate.c b/target/arm/translate.c +index 4d5d4bd8886c138196cec746f0e7..24e3d6619b202c78835dc068a2ce 100644 +--- a/target/arm/translate.c ++++ b/target/arm/translate.c +@@ -8552,6 +8552,9 @@ static ISSInfo make_issinfo(DisasContext *s, int rd, bool p, bool w) + /* ISS not valid if writeback */ + if (p && !w) { + ret = rd; ++ if (s->base.pc_next - s->pc_curr == 2) { ++ ret |= ISSIs16Bit; ++ } + } else { + ret = ISSInvalid; + } diff --git a/target-i386-kvm-initialize-feature-MSRs-.patch b/target-i386-kvm-initialize-feature-MSRs-.patch new file mode 100644 index 0000000..9563c04 --- /dev/null +++ b/target-i386-kvm-initialize-feature-MSRs-.patch @@ -0,0 +1,163 @@ +From: Paolo Bonzini +Date: Mon, 20 Jan 2020 19:21:42 +0100 +Subject: target/i386: kvm: initialize feature MSRs very early + +Git-commit: 420ae1fc51c99abfd03b1c590f55617edd2a2bed + +Some read-only MSRs affect the behavior of ioctls such as +KVM_SET_NESTED_STATE. We can initialize them once and for all +right after the CPU is realized, since they will never be modified +by the guest. + +Reported-by: Qingua Cheng +Cc: qemu-stable@nongnu.org +Signed-off-by: Paolo Bonzini +Message-Id: <1579544504-3616-2-git-send-email-pbonzini@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Bruce Rogers +--- + target/i386/kvm.c | 81 +++++++++++++++++++++++++----------------- + target/i386/kvm_i386.h | 1 + + 2 files changed, 49 insertions(+), 33 deletions(-) + +diff --git a/target/i386/kvm.c b/target/i386/kvm.c +index 1d10046a6c31b1f412b403c3ab20..b8ea67a644c802358826a840bdf1 100644 +--- a/target/i386/kvm.c ++++ b/target/i386/kvm.c +@@ -67,6 +67,8 @@ + * 255 kvm_msr_entry structs */ + #define MSR_BUF_SIZE 4096 + ++static void kvm_init_msrs(X86CPU *cpu); ++ + const KVMCapabilityInfo kvm_arch_required_capabilities[] = { + KVM_CAP_INFO(SET_TSS_ADDR), + KVM_CAP_INFO(EXT_CPUID), +@@ -1842,6 +1844,8 @@ int kvm_arch_init_vcpu(CPUState *cs) + has_msr_tsc_aux = false; + } + ++ kvm_init_msrs(cpu); ++ + r = hyperv_init_vcpu(cpu); + if (r) { + goto fail; +@@ -2660,11 +2664,53 @@ static void kvm_msr_entry_add_vmx(X86CPU *cpu, FeatureWordArray f) + VMCS12_MAX_FIELD_INDEX << 1); + } + ++static int kvm_buf_set_msrs(X86CPU *cpu) ++{ ++ int ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf); ++ if (ret < 0) { ++ return ret; ++ } ++ ++ if (ret < cpu->kvm_msr_buf->nmsrs) { ++ struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret]; ++ error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64, ++ (uint32_t)e->index, (uint64_t)e->data); ++ } ++ ++ assert(ret == cpu->kvm_msr_buf->nmsrs); ++ return 0; ++} ++ ++static void kvm_init_msrs(X86CPU *cpu) ++{ ++ CPUX86State *env = &cpu->env; ++ ++ kvm_msr_buf_reset(cpu); ++ if (has_msr_arch_capabs) { ++ kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES, ++ env->features[FEAT_ARCH_CAPABILITIES]); ++ } ++ ++ if (has_msr_core_capabs) { ++ kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY, ++ env->features[FEAT_CORE_CAPABILITY]); ++ } ++ ++ /* ++ * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but ++ * all kernels with MSR features should have them. ++ */ ++ if (kvm_feature_msrs && cpu_has_vmx(env)) { ++ kvm_msr_entry_add_vmx(cpu, env->features); ++ } ++ ++ assert(kvm_buf_set_msrs(cpu) == 0); ++} ++ + static int kvm_put_msrs(X86CPU *cpu, int level) + { + CPUX86State *env = &cpu->env; + int i; +- int ret; + + kvm_msr_buf_reset(cpu); + +@@ -2722,17 +2768,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level) + } + #endif + +- /* If host supports feature MSR, write down. */ +- if (has_msr_arch_capabs) { +- kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES, +- env->features[FEAT_ARCH_CAPABILITIES]); +- } +- +- if (has_msr_core_capabs) { +- kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY, +- env->features[FEAT_CORE_CAPABILITY]); +- } +- + /* + * The following MSRs have side effects on the guest or are too heavy + * for normal writeback. Limit them to reset or full state updates. +@@ -2910,14 +2945,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level) + + /* Note: MSR_IA32_FEATURE_CONTROL is written separately, see + * kvm_put_msr_feature_control. */ +- +- /* +- * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but +- * all kernels with MSR features should have them. +- */ +- if (kvm_feature_msrs && cpu_has_vmx(env)) { +- kvm_msr_entry_add_vmx(cpu, env->features); +- } + } + + if (env->mcg_cap) { +@@ -2933,19 +2960,7 @@ static int kvm_put_msrs(X86CPU *cpu, int level) + } + } + +- ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf); +- if (ret < 0) { +- return ret; +- } +- +- if (ret < cpu->kvm_msr_buf->nmsrs) { +- struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret]; +- error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64, +- (uint32_t)e->index, (uint64_t)e->data); +- } +- +- assert(ret == cpu->kvm_msr_buf->nmsrs); +- return 0; ++ return kvm_buf_set_msrs(cpu); + } + + +diff --git a/target/i386/kvm_i386.h b/target/i386/kvm_i386.h +index 06fe06bdb3d6d647d8cfb0eee87b..d98c6f69d08af549fe5f31fc4264 100644 +--- a/target/i386/kvm_i386.h ++++ b/target/i386/kvm_i386.h +@@ -66,4 +66,5 @@ bool kvm_enable_x2apic(void); + bool kvm_has_x2apic_api(void); + + bool kvm_hv_vpindex_settable(void); ++ + #endif diff --git a/update_git.sh b/update_git.sh index b981d19..34056cc 100644 --- a/update_git.sh +++ b/update_git.sh @@ -683,7 +683,11 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then fi else SOURCE_VERSION=$MAJOR_VERSION.$MINOR_VERSION.$X - GIT_BRANCH=opensuse-$MAJOR_VERSION.$[$MINOR_VERSION+1] + if [ "$NEXT_RELEASE_IS_MAJOR" = "0" ]; then + GIT_BRANCH=opensuse-$MAJOR_VERSION.$[$MINOR_VERSION+1] + else + GIT_BRANCH=opensuse-$[MAJOR_VERSION+1].0 + fi fi WRITE_LOG=0 echo "Processing LATEST upstream changes" diff --git a/vnc-prioritize-ZRLE-compression-over-ZLI.patch b/vnc-prioritize-ZRLE-compression-over-ZLI.patch new file mode 100644 index 0000000..9ba7461 --- /dev/null +++ b/vnc-prioritize-ZRLE-compression-over-ZLI.patch @@ -0,0 +1,59 @@ +From: Cameron Esfahani +Date: Mon, 20 Jan 2020 21:00:52 -0800 +Subject: vnc: prioritize ZRLE compression over ZLIB + +Git-commit: 557ba0e57200014bd4f453f6516f02b61bdfc782 + +In my investigation, ZRLE always compresses better than ZLIB so +prioritize ZRLE over ZLIB, even if the client hints that ZLIB is +preferred. + +zlib buffer is always reset in zrle_compress_data(), so using offset to +calculate next_out and avail_out is useless. + +Signed-off-by: Cameron Esfahani +Message-Id: +Signed-off-by: Gerd Hoffmann +Signed-off-by: Bruce Rogers +--- + ui/vnc-enc-zrle.c | 4 ++-- + ui/vnc.c | 11 +++++++++-- + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/ui/vnc-enc-zrle.c b/ui/vnc-enc-zrle.c +index 17fd28a2e2b078bd135496e75c6b..b4f71e32cfe8ca3dd645103f999d 100644 +--- a/ui/vnc-enc-zrle.c ++++ b/ui/vnc-enc-zrle.c +@@ -98,8 +98,8 @@ static int zrle_compress_data(VncState *vs, int level) + /* set pointers */ + zstream->next_in = vs->zrle->zrle.buffer; + zstream->avail_in = vs->zrle->zrle.offset; +- zstream->next_out = vs->zrle->zlib.buffer + vs->zrle->zlib.offset; +- zstream->avail_out = vs->zrle->zlib.capacity - vs->zrle->zlib.offset; ++ zstream->next_out = vs->zrle->zlib.buffer; ++ zstream->avail_out = vs->zrle->zlib.capacity; + zstream->data_type = Z_BINARY; + + /* start encoding */ +diff --git a/ui/vnc.c b/ui/vnc.c +index f94b3a257ee3add364a0b0bd5101..70bd8bf05d163e2ef0911c3b19fd 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -2077,8 +2077,15 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) + break; + #endif + case VNC_ENCODING_ZLIB: +- vs->features |= VNC_FEATURE_ZLIB_MASK; +- vs->vnc_encoding = enc; ++ /* ++ * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB. ++ * So prioritize ZRLE, even if the client hints that it prefers ++ * ZLIB. ++ */ ++ if ((vs->features & VNC_FEATURE_ZRLE_MASK) == 0) { ++ vs->features |= VNC_FEATURE_ZLIB_MASK; ++ vs->vnc_encoding = enc; ++ } + break; + case VNC_ENCODING_ZRLE: + vs->features |= VNC_FEATURE_ZRLE_MASK;