SHA256
1
0
forked from pool/qemu

Accepting request 768144 from home:bfrogers:branches:Virtualization

A few more bug fixes from upstream. Also stop using system membarriers, and revert a recent xen migration fix (not the right one).

OBS-URL: https://build.opensuse.org/request/show/768144
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=528
This commit is contained in:
Bruce Rogers 2020-01-28 19:08:17 +00:00 committed by Git OBS Bridge
parent fc44851caa
commit 00d4d8e727
20 changed files with 1079 additions and 91 deletions

View File

@ -16,7 +16,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 12 insertions(+)
diff --git a/vl.c b/vl.c
index 6a65a64bfd647afcf539145f9cf9..57e68fdc4526b7156af155be933f 100644
index bf0a6345d2394ad25adfe53c4006..68de8184f91c6ef3903859c70526 100644
--- a/vl.c
+++ b/vl.c
@@ -33,6 +33,7 @@
@ -27,7 +27,7 @@ index 6a65a64bfd647afcf539145f9cf9..57e68fdc4526b7156af155be933f 100644
#include "sysemu/seccomp.h"
#include "sysemu/tcg.h"
@@ -2861,6 +2862,7 @@ int main(int argc, char **argv, char **envp)
@@ -2863,6 +2864,7 @@ int main(int argc, char **argv, char **envp)
char *dir, **dirs;
BlockdevOptionsQueue bdo_queue = QSIMPLEQ_HEAD_INITIALIZER(bdo_queue);
QemuPluginList plugin_list = QTAILQ_HEAD_INITIALIZER(plugin_list);
@ -35,7 +35,7 @@ index 6a65a64bfd647afcf539145f9cf9..57e68fdc4526b7156af155be933f 100644
os_set_line_buffering();
@@ -2872,6 +2874,16 @@ int main(int argc, char **argv, char **envp)
@@ -2874,6 +2876,16 @@ int main(int argc, char **argv, char **envp)
qemu_mutex_lock_iothread();

View File

@ -0,0 +1,69 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 21 Jan 2020 07:02:10 +0100
Subject: Revert "vnc: allow fall back to RAW encoding"
Git-commit: 0780ec7be82dd4781e9fd216b5d99a125882ff5a
This reverts commit de3f7de7f4e257ce44cdabb90f5f17ee99624557.
Remove VNC optimization to reencode framebuffer update as raw if it's
smaller than the default encoding.
QEMU's implementation was naive and didn't account for the ZLIB z_stream
mutating with each compression. Because of the mutation, simply
resetting the output buffer's offset wasn't sufficient to "rewind" the
operation. The mutated z_stream would generate future zlib blocks which
referred to symbols in past blocks which weren't sent. This would lead
to artifacting.
Considering that ZRLE is never larger than raw and even though ZLIB can
occasionally be fractionally larger than raw, the overhead of
implementing this optimization correctly isn't worth it.
Signed-off-by: Cameron Esfahani <dirty@apple.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
ui/vnc.c | 20 ++------------------
1 file changed, 2 insertions(+), 18 deletions(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index 87b8045afec2b7d52983914dbc08..f94b3a257ee3add364a0b0bd5101 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -898,8 +898,6 @@ int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
{
int n = 0;
- bool encode_raw = false;
- size_t saved_offs = vs->output.offset;
switch(vs->vnc_encoding) {
case VNC_ENCODING_ZLIB:
@@ -922,24 +920,10 @@ int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
break;
default:
- encode_raw = true;
+ vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
+ n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
break;
}
-
- /* If the client has the same pixel format as our internal buffer and
- * a RAW encoding would need less space fall back to RAW encoding to
- * save bandwidth and processing power in the client. */
- if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
- 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
- vs->output.offset = saved_offs;
- encode_raw = true;
- }
-
- if (encode_raw) {
- vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
- n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
- }
-
return n;
}

View File

@ -0,0 +1,47 @@
From: Eiichi Tsukata <devel@etsukata.com>
Date: Mon, 23 Dec 2019 18:06:32 +0900
Subject: block/backup: fix memory leak in bdrv_backup_top_append()
Git-commit: fb574de81bfdd71fdb0315105a3a7761efb68395
bdrv_open_driver() allocates bs->opaque according to drv->instance_size.
There is no need to allocate it and overwrite opaque in
bdrv_backup_top_append().
Reproducer:
$ QTEST_QEMU_BINARY=./x86_64-softmmu/qemu-system-x86_64 valgrind -q --leak-check=full tests/test-replication -p /replication/secondary/start
==29792== 24 bytes in 1 blocks are definitely lost in loss record 52 of 226
==29792== at 0x483AB1A: calloc (vg_replace_malloc.c:762)
==29792== by 0x4B07CE0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6000.7)
==29792== by 0x12BAB9: bdrv_open_driver (block.c:1289)
==29792== by 0x12BEA9: bdrv_new_open_driver (block.c:1359)
==29792== by 0x1D15CB: bdrv_backup_top_append (backup-top.c:190)
==29792== by 0x1CC11A: backup_job_create (backup.c:439)
==29792== by 0x1CD542: replication_start (replication.c:544)
==29792== by 0x1401B9: replication_start_all (replication.c:52)
==29792== by 0x128B50: test_secondary_start (test-replication.c:427)
...
Fixes: 7df7868b9640 ("block: introduce backup-top filter driver")
Signed-off-by: Eiichi Tsukata <devel@etsukata.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
block/backup-top.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/backup-top.c b/block/backup-top.c
index 818d3f26b48da425ba061e21887f..64e9e4f576ab27889fb4c0d8aa0a 100644
--- a/block/backup-top.c
+++ b/block/backup-top.c
@@ -196,7 +196,7 @@ BlockDriverState *bdrv_backup_top_append(BlockDriverState *source,
}
top->total_sectors = source->total_sectors;
- top->opaque = state = g_new0(BDRVBackupTopState, 1);
+ state = top->opaque;
bdrv_ref(target);
state->target = bdrv_attach_child(top, target, "target", &child_file, errp);

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a6556114711be59afb2bc4c87f4edbb71ab5a65f3b075c413c36b67aed707d17
size 65560
oid sha256:762feed085945e5748ef0337546b3ca80faf002511b7287457fa633931af3785
size 73408

View File

@ -1,38 +0,0 @@
From: Olaf Hering <olaf@aepfle.de>
Date: Mon, 13 Jan 2020 18:45:21 +0100
Subject: hw/i386: disable smbus migration for xenfv
Git-commit: 0000000000000000000000000000000000000000
References: bsc#1159755
With commit 7fccf2a06890e3bc3b30e29827ad3fb93fe88fea a new member
smbus_no_migration_support was added, and enabled in two places.
With commit 4ab2f2a8aabfea95cc53c64e13b3f67960b27fdf the vmstate_acpi
got new elements, which are conditionally filled. As a result, an
incoming migration expected smbus related data unless smbus migration
was disabled for a given MachineClass.
Since commit 7fccf2a06890e3bc3b30e29827ad3fb93fe88fea forgot to handle
xenfv, live migration to receiving hosts using qemu-4.0 and later is broken.
Therefore this patch must be applied to stable-4.x as well.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
[BR: changed patch as obtained from qemu-devel mailing list to reference
xenfv, not xenpv, as Olaf indicated in followup email]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/i386/pc_piix.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index d760d3589607daf4997ea76854c4..10d4972179a0dbe40aa9eaddf37e 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -1046,6 +1046,7 @@ static void xenfv_machine_options(MachineClass *m)
m->desc = "Xen Fully-virtualized PC";
m->max_cpus = HVM_MAX_VCPUS;
m->default_machine_opts = "accel=xen";
+ m->smbus_no_migration_support = true;
}
DEFINE_PC_MACHINE(xenfv, "xenfv", pc_xen_hvm_init,

View File

@ -0,0 +1,52 @@
From: Peter Wu <peter@lekensteyn.nl>
Date: Sat, 21 Dec 2019 17:21:24 +0100
Subject: hw/i386/pc: fix regression in parsing vga cmdline parameter
Git-commit: a88c40f02ace88f09b2a85a64831b277b2ebc88c
When the 'vga=' parameter is succeeded by another parameter, QEMU 4.2.0
would refuse to start with a rather cryptic message:
$ qemu-system-x86_64 -kernel /boot/vmlinuz-linux -append 'vga=792 quiet'
qemu: can't parse 'vga' parameter: Invalid argument
It was not clear whether this applied to the '-vga std' parameter or the
'-append' one. Fix the parsing regression and clarify the error.
Fixes: 133ef074bd ("hw/i386/pc: replace use of strtol with qemu_strtoui in x86_load_linux()")
Cc: Sergio Lopez <slp@redhat.com>
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Message-Id: <20191221162124.1159291-1-peter@lekensteyn.nl>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/i386/x86.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index 394edc2f720985c0910396181eeb..121650ae511c3814dcdbb908abdc 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -508,6 +508,7 @@ void x86_load_linux(X86MachineState *x86ms,
vmode = strstr(kernel_cmdline, "vga=");
if (vmode) {
unsigned int video_mode;
+ const char *end;
int ret;
/* skip "vga=" */
vmode += 4;
@@ -518,10 +519,9 @@ void x86_load_linux(X86MachineState *x86ms,
} else if (!strncmp(vmode, "ask", 3)) {
video_mode = 0xfffd;
} else {
- ret = qemu_strtoui(vmode, NULL, 0, &video_mode);
- if (ret != 0) {
- fprintf(stderr, "qemu: can't parse 'vga' parameter: %s\n",
- strerror(-ret));
+ ret = qemu_strtoui(vmode, &end, 0, &video_mode);
+ if (ret != 0 || (*end && *end != ' ')) {
+ fprintf(stderr, "qemu: invalid 'vga=' kernel parameter.\n");
exit(1);
}
}

View File

@ -0,0 +1,60 @@
From: Felipe Franciosi <felipe@nutanix.com>
Date: Thu, 23 Jan 2020 12:44:59 +0000
Subject: iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711)
Git-commit: 693fd2acdf14dd86c0bf852610f1c2cca80a74dc
When querying an iSCSI server for the provisioning status of blocks (via
GET LBA STATUS), Qemu only validates that the response descriptor zero's
LBA matches the one requested. Given the SCSI spec allows servers to
respond with the status of blocks beyond the end of the LUN, Qemu may
have its heap corrupted by clearing/setting too many bits at the end of
its allocmap for the LUN.
A malicious guest in control of the iSCSI server could carefully program
Qemu's heap (by selectively setting the bitmap) and then smash it.
This limits the number of bits that iscsi_co_block_status() will try to
update in the allocmap so it can't overflow the bitmap.
Fixes: CVE-2020-1711
Cc: qemu-stable@nongnu.org
Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com>
Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
block/iscsi.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/block/iscsi.c b/block/iscsi.c
index 2aea7e3f13f73662a838d2f8187f..cbd57294ab4417a33657af0fbce8 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
struct scsi_get_lba_status *lbas = NULL;
struct scsi_lba_status_descriptor *lbasd = NULL;
struct IscsiTask iTask;
- uint64_t lba;
+ uint64_t lba, max_bytes;
int ret;
iscsi_co_init_iscsitask(iscsilun, &iTask);
@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
}
lba = offset / iscsilun->block_size;
+ max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size;
qemu_mutex_lock(&iscsilun->mutex);
retry:
@@ -764,7 +765,7 @@ retry:
goto out_unlock;
}
- *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size;
+ *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes);
if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED ||
lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) {

View File

@ -0,0 +1,100 @@
From: Laurent Vivier <laurent@vivier.eu>
Date: Thu, 16 Jan 2020 17:54:54 +0100
Subject: m68k: Fix regression causing Single-Step via GDB/RSP to not single
step
Git-commit: 322f244aaa80a5208090d41481c1c09c6face66b
A regression that was introduced, with the refactor to TranslatorOps,
drops two lines that update the PC when single-stepping is being performed.
Fixes: 11ab74b01e0a ("target/m68k: Convert to TranslatorOps")
Reported-by: Lucien Murray-Pitts <lucienmp_antispam@yahoo.com>
Suggested-by: Lucien Murray-Pitts <lucienmp_antispam@yahoo.com>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200116165454.2076265-1-laurent@vivier.eu>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/m68k/translate.c | 42 ++++++++++++++++++++++++++---------------
1 file changed, 27 insertions(+), 15 deletions(-)
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index fcdb7bc8e4eeabc2f3b0e336c064..16fae5ac9ec3f729ef402b805e41 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -289,16 +289,21 @@ static void gen_jmp(DisasContext *s, TCGv dest)
s->base.is_jmp = DISAS_JUMP;
}
-static void gen_exception(DisasContext *s, uint32_t dest, int nr)
+static void gen_raise_exception(int nr)
{
TCGv_i32 tmp;
- update_cc_op(s);
- tcg_gen_movi_i32(QREG_PC, dest);
-
tmp = tcg_const_i32(nr);
gen_helper_raise_exception(cpu_env, tmp);
tcg_temp_free_i32(tmp);
+}
+
+static void gen_exception(DisasContext *s, uint32_t dest, int nr)
+{
+ update_cc_op(s);
+ tcg_gen_movi_i32(QREG_PC, dest);
+
+ gen_raise_exception(nr);
s->base.is_jmp = DISAS_NORETURN;
}
@@ -6198,29 +6203,36 @@ static void m68k_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
{
DisasContext *dc = container_of(dcbase, DisasContext, base);
- if (dc->base.is_jmp == DISAS_NORETURN) {
- return;
- }
- if (dc->base.singlestep_enabled) {
- gen_helper_raise_exception(cpu_env, tcg_const_i32(EXCP_DEBUG));
- return;
- }
-
switch (dc->base.is_jmp) {
+ case DISAS_NORETURN:
+ break;
case DISAS_TOO_MANY:
update_cc_op(dc);
- gen_jmp_tb(dc, 0, dc->pc);
+ if (dc->base.singlestep_enabled) {
+ tcg_gen_movi_i32(QREG_PC, dc->pc);
+ gen_raise_exception(EXCP_DEBUG);
+ } else {
+ gen_jmp_tb(dc, 0, dc->pc);
+ }
break;
case DISAS_JUMP:
/* We updated CC_OP and PC in gen_jmp/gen_jmp_im. */
- tcg_gen_lookup_and_goto_ptr();
+ if (dc->base.singlestep_enabled) {
+ gen_raise_exception(EXCP_DEBUG);
+ } else {
+ tcg_gen_lookup_and_goto_ptr();
+ }
break;
case DISAS_EXIT:
/*
* We updated CC_OP and PC in gen_exit_tb, but also modified
* other state that may require returning to the main loop.
*/
- tcg_gen_exit_tb(NULL, 0);
+ if (dc->base.singlestep_enabled) {
+ gen_raise_exception(EXCP_DEBUG);
+ } else {
+ tcg_gen_exit_tb(NULL, 0);
+ }
break;
default:
g_assert_not_reached();

View File

@ -0,0 +1,149 @@
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Date: Thu, 5 Dec 2019 10:29:18 +0000
Subject: migration: Rate limit inside host pages
Git-commit: 97e1e06780e70f6e98a0d2df881e0c0927d3aeb6
When using hugepages, rate limiting is necessary within each huge
page, since a 1G huge page can take a significant time to send, so
you end up with bursty behaviour.
Fixes: 4c011c37ecb3 ("postcopy: Send whole huge pages")
Reported-by: Lin Ma <LMa@suse.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
migration/migration.c | 57 ++++++++++++++++++++++++------------------
migration/migration.h | 1 +
migration/ram.c | 2 ++
migration/trace-events | 4 +--
4 files changed, 37 insertions(+), 27 deletions(-)
diff --git a/migration/migration.c b/migration/migration.c
index 354ad072fa5553333c5b1e0d8023..27500d09a94a8615c935245e23ed 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -3224,6 +3224,37 @@ void migration_consume_urgent_request(void)
qemu_sem_wait(&migrate_get_current()->rate_limit_sem);
}
+/* Returns true if the rate limiting was broken by an urgent request */
+bool migration_rate_limit(void)
+{
+ int64_t now = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
+ MigrationState *s = migrate_get_current();
+
+ bool urgent = false;
+ migration_update_counters(s, now);
+ if (qemu_file_rate_limit(s->to_dst_file)) {
+ /*
+ * Wait for a delay to do rate limiting OR
+ * something urgent to post the semaphore.
+ */
+ int ms = s->iteration_start_time + BUFFER_DELAY - now;
+ trace_migration_rate_limit_pre(ms);
+ if (qemu_sem_timedwait(&s->rate_limit_sem, ms) == 0) {
+ /*
+ * We were woken by one or more urgent things but
+ * the timedwait will have consumed one of them.
+ * The service routine for the urgent wake will dec
+ * the semaphore itself for each item it consumes,
+ * so add this one we just eat back.
+ */
+ qemu_sem_post(&s->rate_limit_sem);
+ urgent = true;
+ }
+ trace_migration_rate_limit_post(urgent);
+ }
+ return urgent;
+}
+
/*
* Master migration thread on the source VM.
* It drives the migration and pumps the data down the outgoing channel.
@@ -3290,8 +3321,6 @@ static void *migration_thread(void *opaque)
trace_migration_thread_setup_complete();
while (migration_is_active(s)) {
- int64_t current_time;
-
if (urgent || !qemu_file_rate_limit(s->to_dst_file)) {
MigIterateState iter_state = migration_iteration_run(s);
if (iter_state == MIG_ITERATE_SKIP) {
@@ -3318,29 +3347,7 @@ static void *migration_thread(void *opaque)
update_iteration_initial_status(s);
}
- current_time = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
-
- migration_update_counters(s, current_time);
-
- urgent = false;
- if (qemu_file_rate_limit(s->to_dst_file)) {
- /* Wait for a delay to do rate limiting OR
- * something urgent to post the semaphore.
- */
- int ms = s->iteration_start_time + BUFFER_DELAY - current_time;
- trace_migration_thread_ratelimit_pre(ms);
- if (qemu_sem_timedwait(&s->rate_limit_sem, ms) == 0) {
- /* We were worken by one or more urgent things but
- * the timedwait will have consumed one of them.
- * The service routine for the urgent wake will dec
- * the semaphore itself for each item it consumes,
- * so add this one we just eat back.
- */
- qemu_sem_post(&s->rate_limit_sem);
- urgent = true;
- }
- trace_migration_thread_ratelimit_post(urgent);
- }
+ urgent = migration_rate_limit();
}
trace_migration_thread_after_loop();
diff --git a/migration/migration.h b/migration/migration.h
index 79b3dda146f716955f413383bf39..aa9ff6f27b19d7ee165048aa7b6d 100644
--- a/migration/migration.h
+++ b/migration/migration.h
@@ -341,5 +341,6 @@ int foreach_not_ignored_block(RAMBlockIterFunc func, void *opaque);
void migration_make_urgent_request(void);
void migration_consume_urgent_request(void);
+bool migration_rate_limit(void);
#endif
diff --git a/migration/ram.c b/migration/ram.c
index 5078f94490de7a1bc71670376078..b6de7d1d5552a0aa39b0d232c2d6 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2616,6 +2616,8 @@ static int ram_save_host_page(RAMState *rs, PageSearchStatus *pss,
pages += tmppages;
pss->page++;
+ /* Allow rate limiting to happen in the middle of huge pages */
+ migration_rate_limit();
} while ((pss->page & (pagesize_bits - 1)) &&
offset_in_ramblock(pss->block, pss->page << TARGET_PAGE_BITS));
diff --git a/migration/trace-events b/migration/trace-events
index 6dee7b5389dc2be37b3851820919..2f9129e213d41a6350fe7e968697 100644
--- a/migration/trace-events
+++ b/migration/trace-events
@@ -138,12 +138,12 @@ migrate_send_rp_recv_bitmap(char *name, int64_t size) "block '%s' size 0x%"PRIi6
migration_completion_file_err(void) ""
migration_completion_postcopy_end(void) ""
migration_completion_postcopy_end_after_complete(void) ""
+migration_rate_limit_pre(int ms) "%d ms"
+migration_rate_limit_post(int urgent) "urgent: %d"
migration_return_path_end_before(void) ""
migration_return_path_end_after(int rp_error) "%d"
migration_thread_after_loop(void) ""
migration_thread_file_err(void) ""
-migration_thread_ratelimit_pre(int ms) "%d ms"
-migration_thread_ratelimit_post(int urgent) "urgent: %d"
migration_thread_setup_complete(void) ""
open_return_path_on_source(void) ""
open_return_path_on_source_continue(void) ""

View File

@ -0,0 +1,55 @@
From: Laurent Vivier <lvivier@redhat.com>
Date: Tue, 7 Jan 2020 17:34:37 +0100
Subject: migration-test: ppc64: fix FORTH test program
Git-commit: 16c5c6928ff53bd95e6504301ef6c285501531e7
Commit e51e711b1bef has moved the initialization of start_address and
end_address after the definition of the command line argument,
where the nvramrc is initialized, and thus the loop is between 0 and 0
rather than 1 MiB and 100 MiB.
It doesn't affect the result of the test if all the tests are run in
sequence because the two first tests don't run the loop, so the
values are correctly initialized when we actually need them.
But it hangs when we ask to run only one test, for instance:
QTEST_QEMU_BINARY=ppc64-softmmu/qemu-system-ppc64 \
tests/migration-test -m=quick -p /ppc64/migration/validate_uuid_error
Fixes: e51e711b1bef ("tests/migration: Add migration-test header file")
Cc: wei@redhat.com
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20200107163437.52139-1-lvivier@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
tests/migration-test.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/migration-test.c b/tests/migration-test.c
index ebd77a581affd8872138f6f36d5e..d79980fbe39dfaa3fa89999ee64f 100644
--- a/tests/migration-test.c
+++ b/tests/migration-test.c
@@ -614,6 +614,8 @@ static int test_migrate_start(QTestState **from, QTestState **to,
end_address = S390_TEST_MEM_END;
} else if (strcmp(arch, "ppc64") == 0) {
extra_opts = use_shmem ? get_shmem_opts("256M", shmem_path) : NULL;
+ start_address = PPC_TEST_MEM_START;
+ end_address = PPC_TEST_MEM_END;
cmd_src = g_strdup_printf("-machine accel=%s,vsmt=8 -m 256M -nodefaults"
" -name source,debug-threads=on"
" -serial file:%s/src_serial"
@@ -630,8 +632,6 @@ static int test_migrate_start(QTestState **from, QTestState **to,
accel, tmpfs, uri,
extra_opts ? extra_opts : "", opts_dst);
- start_address = PPC_TEST_MEM_START;
- end_address = PPC_TEST_MEM_END;
} else if (strcmp(arch, "aarch64") == 0) {
init_bootfile(bootpath, aarch64_kernel, sizeof(aarch64_kernel));
extra_opts = use_shmem ? get_shmem_opts("150M", shmem_path) : NULL;

View File

@ -1,3 +1,34 @@
-------------------------------------------------------------------
Tue Jan 28 16:24:31 UTC 2020 - Bruce Rogers <brogers@suse.com>
- Stop using system membarriers (ie switch from --enable-membarrier
to --disable-membarrier). This is a blocker for using qemu in the
context of containers (boo#1130134 jsc#SLE-11089)
- Drop this recently added patch - in consultation with upstream it
was decided it needed to be solved a different way (bsc#1159755)
hw-i386-disable-smbus-migration-for-xenf.patch
- Include upstream patches targeted for the next stable release
(bug fixes only)
block-backup-fix-memory-leak-in-bdrv_bac.patch
iscsi-Cap-block-count-from-GET-LBA-STATU.patch
s390x-adapter-routes-error-handling.patch
target-i386-kvm-initialize-feature-MSRs-.patch
-------------------------------------------------------------------
Fri Jan 24 19:50:50 UTC 2020 - Bruce Rogers <brogers@suse.com>
- Include upstream patches targeted for the next stable release
(bug fixes only)
hw-i386-pc-fix-regression-in-parsing-vga.patch
m68k-Fix-regression-causing-Single-Step-.patch
migration-Rate-limit-inside-host-pages.patch
migration-test-ppc64-fix-FORTH-test-prog.patch
Revert-vnc-allow-fall-back-to-RAW-encodi.patch
runstate-ignore-finishmigrate-prelaunch-.patch
target-arm-Return-correct-IL-bit-in-merg.patch
target-arm-Set-ISSIs16Bit-in-make_issinf.patch
vnc-prioritize-ZRLE-compression-over-ZLI.patch
-------------------------------------------------------------------
Fri Jan 24 14:59:33 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>

110
qemu.spec
View File

@ -87,7 +87,7 @@
%define summary_string Machine emulator and virtualizer
%endif
%bcond_without system_membarrier
%bcond_with system_membarrier
%define qemuver 4.2.0
%define srcver 4.2.0
@ -165,48 +165,60 @@ Patch00034: virtio-net-delete-also-control-queue-whe.patch
Patch00035: intel_iommu-a-fix-to-vtd_find_as_from_bu.patch
Patch00036: target-i386-Add-new-bit-definitions-of-M.patch
Patch00037: target-i386-Add-missed-features-to-Coope.patch
Patch00038: XXX-dont-dump-core-on-sigabort.patch
Patch00039: qemu-binfmt-conf-Modify-default-path.patch
Patch00040: qemu-cvs-gettimeofday.patch
Patch00041: qemu-cvs-ioctl_debug.patch
Patch00042: qemu-cvs-ioctl_nodirection.patch
Patch00043: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00044: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00045: linux-user-binfmt-support-host-binaries.patch
Patch00046: linux-user-Fake-proc-cpuinfo.patch
Patch00047: linux-user-use-target_ulong.patch
Patch00048: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00049: linux-user-lseek-explicitly-cast-non-set.patch
Patch00050: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00051: xen_disk-Add-suse-specific-flush-disable.patch
Patch00052: qemu-bridge-helper-reduce-security-profi.patch
Patch00053: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00054: linux-user-properly-test-for-infinite-ti.patch
Patch00055: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00056: Raise-soft-address-space-limit-to-hard-l.patch
Patch00057: increase-x86_64-physical-bits-to-42.patch
Patch00058: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch
Patch00059: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00060: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00061: Switch-order-of-libraries-for-mpath-supp.patch
Patch00062: Make-installed-scripts-explicitly-python.patch
Patch00063: hw-smbios-handle-both-file-formats-regar.patch
Patch00064: xen-add-block-resize-support-for-xen-dis.patch
Patch00065: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00066: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00067: xen-ignore-live-parameter-from-xen-save-.patch
Patch00068: Conditionalize-ui-bitmap-installation-be.patch
Patch00069: tests-change-error-message-in-test-162.patch
Patch00070: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
Patch00071: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
Patch00072: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00073: configure-only-populate-roms-if-softmmu.patch
Patch00074: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00075: roms-change-cross-compiler-naming-to-be-.patch
Patch00076: tests-Disable-some-block-tests-for-now.patch
Patch00077: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00078: roms-Makefile-enable-cross-compile-for-b.patch
Patch00079: hw-i386-disable-smbus-migration-for-xenf.patch
Patch00038: hw-i386-pc-fix-regression-in-parsing-vga.patch
Patch00039: migration-test-ppc64-fix-FORTH-test-prog.patch
Patch00040: target-arm-Return-correct-IL-bit-in-merg.patch
Patch00041: target-arm-Set-ISSIs16Bit-in-make_issinf.patch
Patch00042: runstate-ignore-finishmigrate-prelaunch-.patch
Patch00043: migration-Rate-limit-inside-host-pages.patch
Patch00044: m68k-Fix-regression-causing-Single-Step-.patch
Patch00045: Revert-vnc-allow-fall-back-to-RAW-encodi.patch
Patch00046: vnc-prioritize-ZRLE-compression-over-ZLI.patch
Patch00047: target-i386-kvm-initialize-feature-MSRs-.patch
Patch00048: s390x-adapter-routes-error-handling.patch
Patch00049: XXX-dont-dump-core-on-sigabort.patch
Patch00050: qemu-binfmt-conf-Modify-default-path.patch
Patch00051: qemu-cvs-gettimeofday.patch
Patch00052: qemu-cvs-ioctl_debug.patch
Patch00053: qemu-cvs-ioctl_nodirection.patch
Patch00054: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00055: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00056: linux-user-binfmt-support-host-binaries.patch
Patch00057: linux-user-Fake-proc-cpuinfo.patch
Patch00058: linux-user-use-target_ulong.patch
Patch00059: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00060: linux-user-lseek-explicitly-cast-non-set.patch
Patch00061: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00062: xen_disk-Add-suse-specific-flush-disable.patch
Patch00063: qemu-bridge-helper-reduce-security-profi.patch
Patch00064: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00065: linux-user-properly-test-for-infinite-ti.patch
Patch00066: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00067: Raise-soft-address-space-limit-to-hard-l.patch
Patch00068: increase-x86_64-physical-bits-to-42.patch
Patch00069: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch
Patch00070: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00071: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00072: Switch-order-of-libraries-for-mpath-supp.patch
Patch00073: Make-installed-scripts-explicitly-python.patch
Patch00074: hw-smbios-handle-both-file-formats-regar.patch
Patch00075: xen-add-block-resize-support-for-xen-dis.patch
Patch00076: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00077: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00078: xen-ignore-live-parameter-from-xen-save-.patch
Patch00079: Conditionalize-ui-bitmap-installation-be.patch
Patch00080: tests-change-error-message-in-test-162.patch
Patch00081: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
Patch00082: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
Patch00083: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00084: configure-only-populate-roms-if-softmmu.patch
Patch00085: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00086: roms-change-cross-compiler-naming-to-be-.patch
Patch00087: tests-Disable-some-block-tests-for-now.patch
Patch00088: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00089: roms-Makefile-enable-cross-compile-for-b.patch
Patch00090: iscsi-Cap-block-count-from-GET-LBA-STATU.patch
Patch00091: block-backup-fix-memory-leak-in-bdrv_bac.patch
# Patches applied in roms/seabios/:
Patch01000: seabios-use-python2-explicitly-as-needed.patch
Patch01001: seabios-switch-to-python3-as-needed.patch
@ -993,6 +1005,18 @@ This package provides a service file for starting and stopping KSM.
%patch00077 -p1
%patch00078 -p1
%patch00079 -p1
%patch00080 -p1
%patch00081 -p1
%patch00082 -p1
%patch00083 -p1
%patch00084 -p1
%patch00085 -p1
%patch00086 -p1
%patch00087 -p1
%patch00088 -p1
%patch00089 -p1
%patch00090 -p1
%patch00091 -p1
%patch01000 -p1
%patch01001 -p1
%patch01002 -p1

View File

@ -87,7 +87,7 @@
%define summary_string Machine emulator and virtualizer
%endif
%bcond_without system_membarrier
%bcond_with system_membarrier
INSERT_VERSIONING
%define srcname qemu
@ -259,8 +259,8 @@ BuildRequires: python3-base
BuildRequires: rdma-core-devel
BuildRequires: snappy-devel
BuildRequires: spice-protocol-devel >= 0.12.3
BuildRequires: systemd
%{?systemd_requires}
BuildRequires: pkgconfig(systemd)
%{?systemd_ordering}
%if %{kvm_available}
BuildRequires: pkgconfig(udev)
%endif
@ -709,7 +709,7 @@ Requires(post): udev
Supplements: modalias(acpi*:QEMU0002%3A*)
Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*)
Supplements: modalias(pci:v00005853d00000001sv*sd*bc*sc*i*)
%{?systemd_requires}
%{?systemd_ordering}
%description guest-agent
This package contains the QEMU guest agent. It is installed in the linux guest

View File

@ -0,0 +1,61 @@
From: Laurent Vivier <lvivier@redhat.com>
Date: Fri, 29 Nov 2019 12:51:32 +0100
Subject: runstate: ignore finishmigrate -> prelaunch transition
Git-commit: ddad81bd28de665475a87693a93e6cf5d6fd8bab
Commit 1bd71dce4bf2 tries to prevent a finishmigrate -> prelaunch
transition by exiting at the beginning of the main_loop_should_exit()
function if the state is already finishmigrate.
As the finishmigrate state is set in the migration thread it can
happen concurrently to the function. The migration thread and the
function are normally protected by the iothread mutex and thus the
state should no evolve between the start of the function and its end.
Unfortunately during the function life the lock is released by
pause_all_vcpus() just before the point we need to be sure we are
not in finishmigrate state and if the migration thread is waiting
for the lock it will take the opportunity to change the state
to finishmigrate.
The only way to be sure we are not in the finishmigrate state when
we need is to check the state after the pause_all_vcpus() function.
Fixes: 1bd71dce4bf2 ("runstate: ignore exit request in finish migrate state")
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
vl.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/vl.c b/vl.c
index 6a65a64bfd647afcf539145f9cf9..bf0a6345d2394ad25adfe53c4006 100644
--- a/vl.c
+++ b/vl.c
@@ -1745,9 +1745,6 @@ static bool main_loop_should_exit(void)
RunState r;
ShutdownCause request;
- if (runstate_check(RUN_STATE_FINISH_MIGRATE)) {
- return false;
- }
if (preconfig_exit_requested) {
if (runstate_check(RUN_STATE_PRECONFIG)) {
runstate_set(RUN_STATE_PRELAUNCH);
@@ -1776,8 +1773,13 @@ static bool main_loop_should_exit(void)
pause_all_vcpus();
qemu_system_reset(request);
resume_all_vcpus();
+ /*
+ * runstate can change in pause_all_vcpus()
+ * as iothread mutex is unlocked
+ */
if (!runstate_check(RUN_STATE_RUNNING) &&
- !runstate_check(RUN_STATE_INMIGRATE)) {
+ !runstate_check(RUN_STATE_INMIGRATE) &&
+ !runstate_check(RUN_STATE_FINISH_MIGRATE)) {
runstate_set(RUN_STATE_PRELAUNCH);
}
}

View File

@ -0,0 +1,76 @@
From: Cornelia Huck <cohuck@redhat.com>
Date: Thu, 16 Jan 2020 13:10:35 +0100
Subject: s390x: adapter routes error handling
Git-commit: 3c5fd8074335c67777d9391b84f97070c35d9c63
If the kernel irqchip has been disabled, we don't want the
{add,release}_adapter_routes routines to call any kvm_irqchip_*
interfaces, as they may rely on an irqchip actually having been
created. Just take a quick exit in that case instead. If you are
trying to use irqfd without a kernel irqchip, we will fail with
an error.
Also initialize routes->gsi[] with -1 in the virtio-ccw handling,
to make sure we don't trip over other errors, either. (Nobody
else uses the gsi array in that structure.)
Fixes: d426d9fba8ea ("s390x/virtio-ccw: wire up irq routing and irqfds")
Reviewed-by: Thomas Huth <thuth@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200117111147.5006-1-cohuck@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/intc/s390_flic_kvm.c | 8 ++++++++
hw/s390x/virtio-ccw.c | 4 ++++
2 files changed, 12 insertions(+)
diff --git a/hw/intc/s390_flic_kvm.c b/hw/intc/s390_flic_kvm.c
index c9ee80eaae02dea3a46bbaf82d4a..98cc15868374034d9d18b539dc42 100644
--- a/hw/intc/s390_flic_kvm.c
+++ b/hw/intc/s390_flic_kvm.c
@@ -331,6 +331,10 @@ static int kvm_s390_add_adapter_routes(S390FLICState *fs,
int ret, i;
uint64_t ind_offset = routes->adapter.ind_offset;
+ if (!kvm_gsi_routing_enabled()) {
+ return -ENOSYS;
+ }
+
for (i = 0; i < routes->num_routes; i++) {
ret = kvm_irqchip_add_adapter_route(kvm_state, &routes->adapter);
if (ret < 0) {
@@ -358,6 +362,10 @@ static void kvm_s390_release_adapter_routes(S390FLICState *fs,
{
int i;
+ if (!kvm_gsi_routing_enabled()) {
+ return;
+ }
+
for (i = 0; i < routes->num_routes; i++) {
if (routes->gsi[i] >= 0) {
kvm_irqchip_release_virq(kvm_state, routes->gsi[i]);
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index 6580ce5907dd0b3c87bae8e04923..13f57e7b67f18c644dee4c292fdf 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -697,6 +697,7 @@ static void virtio_ccw_device_realize(VirtioCcwDevice *dev, Error **errp)
CCWDeviceClass *ck = CCW_DEVICE_GET_CLASS(ccw_dev);
SubchDev *sch;
Error *err = NULL;
+ int i;
sch = css_create_sch(ccw_dev->devno, errp);
if (!sch) {
@@ -717,6 +718,9 @@ static void virtio_ccw_device_realize(VirtioCcwDevice *dev, Error **errp)
ccw_dev->sch = sch;
dev->indicators = NULL;
dev->revision = -1;
+ for (i = 0; i < ADAPTER_ROUTES_MAX_GSI; i++) {
+ dev->routes.gsi[i] = -1;
+ }
css_sch_build_virtual_schib(sch, 0, VIRTIO_CCW_CHPID_TYPE);
trace_virtio_ccw_new_device(

View File

@ -0,0 +1,40 @@
From: Jeff Kubascik <jeff.kubascik@dornerworks.com>
Date: Fri, 17 Jan 2020 14:09:31 +0000
Subject: target/arm: Return correct IL bit in merge_syn_data_abort
Git-commit: 30d544839e278dc76017b9a42990c41e84a34377
The IL bit is set for 32-bit instructions, thus passing false
with the is_16bit parameter to syn_data_abort_with_iss() makes
a syn mask that always has the IL bit set.
Pass is_16bit as true to make the initial syn mask have IL=0,
so that the final IL value comes from or'ing template_syn.
Cc: qemu-stable@nongnu.org
Fixes: aaa1f954d4ca ("target-arm: A64: Create Instruction Syndromes for Data Aborts")
Signed-off-by: Jeff Kubascik <jeff.kubascik@dornerworks.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200117004618.2742-2-richard.henderson@linaro.org
[rth: Extracted this as a self-contained bug fix from a larger patch]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/arm/tlb_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index 5feb3129417a5c55bdbe6b77b540..e63f8bda29636d8b23eead31004a 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -44,7 +44,7 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn,
syn = syn_data_abort_with_iss(same_el,
0, 0, 0, 0, 0,
ea, 0, s1ptw, is_write, fsc,
- false);
+ true);
/* Merge the runtime syndrome with the template syndrome. */
syn |= template_syn;
}

View File

@ -0,0 +1,36 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Fri, 17 Jan 2020 14:09:31 +0000
Subject: target/arm: Set ISSIs16Bit in make_issinfo
Git-commit: 1a1fbc6cbb34c26d43d8360c66c1d21681af14a9
During the conversion to decodetree, the setting of
ISSIs16Bit got lost. This causes the guest os to
incorrectly adjust trapping memory operations.
Cc: qemu-stable@nongnu.org
Fixes: 46beb58efbb8a2a32 ("target/arm: Convert T16, load (literal)")
Reported-by: Jeff Kubascik <jeff.kubascik@dornerworks.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200117004618.2742-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/arm/translate.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 4d5d4bd8886c138196cec746f0e7..24e3d6619b202c78835dc068a2ce 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -8552,6 +8552,9 @@ static ISSInfo make_issinfo(DisasContext *s, int rd, bool p, bool w)
/* ISS not valid if writeback */
if (p && !w) {
ret = rd;
+ if (s->base.pc_next - s->pc_curr == 2) {
+ ret |= ISSIs16Bit;
+ }
} else {
ret = ISSInvalid;
}

View File

@ -0,0 +1,163 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 20 Jan 2020 19:21:42 +0100
Subject: target/i386: kvm: initialize feature MSRs very early
Git-commit: 420ae1fc51c99abfd03b1c590f55617edd2a2bed
Some read-only MSRs affect the behavior of ioctls such as
KVM_SET_NESTED_STATE. We can initialize them once and for all
right after the CPU is realized, since they will never be modified
by the guest.
Reported-by: Qingua Cheng <qcheng@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1579544504-3616-2-git-send-email-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/i386/kvm.c | 81 +++++++++++++++++++++++++-----------------
target/i386/kvm_i386.h | 1 +
2 files changed, 49 insertions(+), 33 deletions(-)
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 1d10046a6c31b1f412b403c3ab20..b8ea67a644c802358826a840bdf1 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -67,6 +67,8 @@
* 255 kvm_msr_entry structs */
#define MSR_BUF_SIZE 4096
+static void kvm_init_msrs(X86CPU *cpu);
+
const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
KVM_CAP_INFO(SET_TSS_ADDR),
KVM_CAP_INFO(EXT_CPUID),
@@ -1842,6 +1844,8 @@ int kvm_arch_init_vcpu(CPUState *cs)
has_msr_tsc_aux = false;
}
+ kvm_init_msrs(cpu);
+
r = hyperv_init_vcpu(cpu);
if (r) {
goto fail;
@@ -2660,11 +2664,53 @@ static void kvm_msr_entry_add_vmx(X86CPU *cpu, FeatureWordArray f)
VMCS12_MAX_FIELD_INDEX << 1);
}
+static int kvm_buf_set_msrs(X86CPU *cpu)
+{
+ int ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf);
+ if (ret < 0) {
+ return ret;
+ }
+
+ if (ret < cpu->kvm_msr_buf->nmsrs) {
+ struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret];
+ error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64,
+ (uint32_t)e->index, (uint64_t)e->data);
+ }
+
+ assert(ret == cpu->kvm_msr_buf->nmsrs);
+ return 0;
+}
+
+static void kvm_init_msrs(X86CPU *cpu)
+{
+ CPUX86State *env = &cpu->env;
+
+ kvm_msr_buf_reset(cpu);
+ if (has_msr_arch_capabs) {
+ kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
+ env->features[FEAT_ARCH_CAPABILITIES]);
+ }
+
+ if (has_msr_core_capabs) {
+ kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY,
+ env->features[FEAT_CORE_CAPABILITY]);
+ }
+
+ /*
+ * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but
+ * all kernels with MSR features should have them.
+ */
+ if (kvm_feature_msrs && cpu_has_vmx(env)) {
+ kvm_msr_entry_add_vmx(cpu, env->features);
+ }
+
+ assert(kvm_buf_set_msrs(cpu) == 0);
+}
+
static int kvm_put_msrs(X86CPU *cpu, int level)
{
CPUX86State *env = &cpu->env;
int i;
- int ret;
kvm_msr_buf_reset(cpu);
@@ -2722,17 +2768,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
}
#endif
- /* If host supports feature MSR, write down. */
- if (has_msr_arch_capabs) {
- kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
- env->features[FEAT_ARCH_CAPABILITIES]);
- }
-
- if (has_msr_core_capabs) {
- kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY,
- env->features[FEAT_CORE_CAPABILITY]);
- }
-
/*
* The following MSRs have side effects on the guest or are too heavy
* for normal writeback. Limit them to reset or full state updates.
@@ -2910,14 +2945,6 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
/* Note: MSR_IA32_FEATURE_CONTROL is written separately, see
* kvm_put_msr_feature_control. */
-
- /*
- * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but
- * all kernels with MSR features should have them.
- */
- if (kvm_feature_msrs && cpu_has_vmx(env)) {
- kvm_msr_entry_add_vmx(cpu, env->features);
- }
}
if (env->mcg_cap) {
@@ -2933,19 +2960,7 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
}
}
- ret = kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, cpu->kvm_msr_buf);
- if (ret < 0) {
- return ret;
- }
-
- if (ret < cpu->kvm_msr_buf->nmsrs) {
- struct kvm_msr_entry *e = &cpu->kvm_msr_buf->entries[ret];
- error_report("error: failed to set MSR 0x%" PRIx32 " to 0x%" PRIx64,
- (uint32_t)e->index, (uint64_t)e->data);
- }
-
- assert(ret == cpu->kvm_msr_buf->nmsrs);
- return 0;
+ return kvm_buf_set_msrs(cpu);
}
diff --git a/target/i386/kvm_i386.h b/target/i386/kvm_i386.h
index 06fe06bdb3d6d647d8cfb0eee87b..d98c6f69d08af549fe5f31fc4264 100644
--- a/target/i386/kvm_i386.h
+++ b/target/i386/kvm_i386.h
@@ -66,4 +66,5 @@ bool kvm_enable_x2apic(void);
bool kvm_has_x2apic_api(void);
bool kvm_hv_vpindex_settable(void);
+
#endif

View File

@ -683,7 +683,11 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then
fi
else
SOURCE_VERSION=$MAJOR_VERSION.$MINOR_VERSION.$X
GIT_BRANCH=opensuse-$MAJOR_VERSION.$[$MINOR_VERSION+1]
if [ "$NEXT_RELEASE_IS_MAJOR" = "0" ]; then
GIT_BRANCH=opensuse-$MAJOR_VERSION.$[$MINOR_VERSION+1]
else
GIT_BRANCH=opensuse-$[MAJOR_VERSION+1].0
fi
fi
WRITE_LOG=0
echo "Processing LATEST upstream changes"

View File

@ -0,0 +1,59 @@
From: Cameron Esfahani <dirty@apple.com>
Date: Mon, 20 Jan 2020 21:00:52 -0800
Subject: vnc: prioritize ZRLE compression over ZLIB
Git-commit: 557ba0e57200014bd4f453f6516f02b61bdfc782
In my investigation, ZRLE always compresses better than ZLIB so
prioritize ZRLE over ZLIB, even if the client hints that ZLIB is
preferred.
zlib buffer is always reset in zrle_compress_data(), so using offset to
calculate next_out and avail_out is useless.
Signed-off-by: Cameron Esfahani <dirty@apple.com>
Message-Id: <b5d129895d08a90d0a2a6183b95875bacfa998b8.1579582674.git.dirty@apple.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
ui/vnc-enc-zrle.c | 4 ++--
ui/vnc.c | 11 +++++++++--
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/ui/vnc-enc-zrle.c b/ui/vnc-enc-zrle.c
index 17fd28a2e2b078bd135496e75c6b..b4f71e32cfe8ca3dd645103f999d 100644
--- a/ui/vnc-enc-zrle.c
+++ b/ui/vnc-enc-zrle.c
@@ -98,8 +98,8 @@ static int zrle_compress_data(VncState *vs, int level)
/* set pointers */
zstream->next_in = vs->zrle->zrle.buffer;
zstream->avail_in = vs->zrle->zrle.offset;
- zstream->next_out = vs->zrle->zlib.buffer + vs->zrle->zlib.offset;
- zstream->avail_out = vs->zrle->zlib.capacity - vs->zrle->zlib.offset;
+ zstream->next_out = vs->zrle->zlib.buffer;
+ zstream->avail_out = vs->zrle->zlib.capacity;
zstream->data_type = Z_BINARY;
/* start encoding */
diff --git a/ui/vnc.c b/ui/vnc.c
index f94b3a257ee3add364a0b0bd5101..70bd8bf05d163e2ef0911c3b19fd 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2077,8 +2077,15 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
break;
#endif
case VNC_ENCODING_ZLIB:
- vs->features |= VNC_FEATURE_ZLIB_MASK;
- vs->vnc_encoding = enc;
+ /*
+ * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB.
+ * So prioritize ZRLE, even if the client hints that it prefers
+ * ZLIB.
+ */
+ if ((vs->features & VNC_FEATURE_ZRLE_MASK) == 0) {
+ vs->features |= VNC_FEATURE_ZLIB_MASK;
+ vs->vnc_encoding = enc;
+ }
break;
case VNC_ENCODING_ZRLE:
vs->features |= VNC_FEATURE_ZRLE_MASK;