SHA256
1
0
forked from pool/qemu

Accepting request 825860 from Virtualization:Staging

Update to v5.1.0 qemu

OBS-URL: https://build.opensuse.org/request/show/825860
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=557
This commit is contained in:
Bruce Rogers 2020-08-11 22:53:07 +00:00 committed by Git OBS Bridge
parent 44644229e6
commit 139cdd2a16
84 changed files with 715 additions and 3405 deletions

View File

@ -20,10 +20,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/util/thread-pool.c b/util/thread-pool.c
index 4ed9b89ab2d9c4e6d805ea47c2b2..697c989885ca8aa4dd1185b780df 100644
index d763cea505b68575af8e1b39cd95..785487b8767d96ca76c643f1851f 100644
--- a/util/thread-pool.c
+++ b/util/thread-pool.c
@@ -307,7 +307,12 @@ static void thread_pool_init_one(ThreadPool *pool, AioContext *ctx)
@@ -306,7 +306,12 @@ static void thread_pool_init_one(ThreadPool *pool, AioContext *ctx)
qemu_mutex_init(&pool->lock);
qemu_cond_init(&pool->worker_stopped);
qemu_sem_init(&pool->sem, 0);

View File

@ -8,10 +8,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 2 insertions(+)
diff --git a/Makefile b/Makefile
index 1a2f649a21a85e1849a3ca40991d..a7851435c0ba8c60df39ebad492b 100644
index e7116289550f169a65f8aecfeccf..3da7feaf0d9e9b3f1222efb8823b 100644
--- a/Makefile
+++ b/Makefile
@@ -974,6 +974,7 @@ ifneq ($(DESCS),)
@@ -970,6 +970,7 @@ ifneq ($(DESCS),)
"$(DESTDIR)$(qemu_datadir)/firmware/$$x"; \
done
endif
@ -19,7 +19,7 @@ index 1a2f649a21a85e1849a3ca40991d..a7851435c0ba8c60df39ebad492b 100644
for s in $(ICON_SIZES); do \
mkdir -p "$(DESTDIR)$(qemu_icondir)/hicolor/$${s}/apps"; \
$(INSTALL_DATA) $(SRC_PATH)/ui/icons/qemu_$${s}.png \
@@ -988,6 +989,7 @@ endif
@@ -984,6 +985,7 @@ endif
mkdir -p "$(DESTDIR)$(qemu_desktopdir)"
$(INSTALL_DATA) $(SRC_PATH)/ui/qemu.desktop \
"$(DESTDIR)$(qemu_desktopdir)/qemu.desktop"

View File

@ -1,6 +1,6 @@
From: Michael Brown <mcb30@ipxe.org>
Date: Mon, 22 Jul 2019 14:51:28 +0100
Subject: [build] Do not apply WORKAROUND_CFLAGS for host compiler
Subject: Do not apply WORKAROUND_CFLAGS for host compiler
Git-commit: a4f8c6e31f6c62522cfc633bbbffa81b22f9d6f3
Include-If: %ifarch aarch64
@ -29,10 +29,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/roms/ipxe/src/Makefile.housekeeping b/roms/ipxe/src/Makefile.housekeeping
index 4b09e81f0b1eb82e79f6af11986d..1b175b9508c0d20f169801f8763d 100644
index d94eb1454c9168545c933ec6e900..9c33cc08c4db1bbd0f9966924fce 100644
--- a/roms/ipxe/src/Makefile.housekeeping
+++ b/roms/ipxe/src/Makefile.housekeeping
@@ -454,7 +454,7 @@ endif
@@ -455,7 +455,7 @@ endif
CFLAGS += $(WORKAROUND_CFLAGS) $(EXTRA_CFLAGS)
ASFLAGS += $(WORKAROUND_ASFLAGS) $(EXTRA_ASFLAGS)
LDFLAGS += $(WORKAROUND_LDFLAGS) $(EXTRA_LDFLAGS)

View File

@ -1,6 +1,6 @@
From: Valentine Barshak <gvaxon@gmail.com>
Date: Sun, 9 Jun 2019 13:30:11 +0300
Subject: [build] Fix "'%s' directive argument is null" error
Subject: Fix "'%s' directive argument is null" error
Git-commit: 412acd7854de10e7194f362a6b1a3257a17974f7
References: bsc#1121464

View File

@ -3,7 +3,7 @@ Date: Thu, 1 Apr 2010 17:36:23 +0200
Subject: Make char muxer more robust wrt small FIFOs
Virtio-Console can only process one character at a time. Using it on S390
gave me strage "lags" where I got the character I pressed before when
gave me strange "lags" where I got the character I pressed before when
pressing one. So I typed in "abc" and only received "a", then pressed "d"
but the guest received "b" and so on.
@ -24,12 +24,13 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
chardev/char-fe.c | 1 +
chardev/char-mux.c | 16 ++++++++++++++++
chardev/char.c | 1 +
include/chardev/char-mux.h | 3 +++
chardev/chardev-internal.h | 3 +++
chardev/chardev-sysemu.c | 1 +
tests/test-char.c | 1 +
5 files changed, 22 insertions(+)
6 files changed, 23 insertions(+)
diff --git a/chardev/char-fe.c b/chardev/char-fe.c
index f3530a90e6364d813097105b6113..f8aa0daf31692810efc7d5ca32eb 100644
index 474715c5a9257ae9e9e286d2e02d..eeb1b3e0b548027e2bcda0c272d5 100644
--- a/chardev/char-fe.c
+++ b/chardev/char-fe.c
@@ -21,6 +21,7 @@
@ -41,7 +42,7 @@ index f3530a90e6364d813097105b6113..f8aa0daf31692810efc7d5ca32eb 100644
#include "qemu/error-report.h"
#include "qapi/error.h"
diff --git a/chardev/char-mux.c b/chardev/char-mux.c
index 46c44af67c4ea5348eb1b6db637f..1d3eaf1e37bc2995ae4b8e80f0ff 100644
index 6f980bb83647da13c62f514391b3..094bc6703a3febdf5fefb7c0024f 100644
--- a/chardev/char-mux.c
+++ b/chardev/char-mux.c
@@ -22,6 +22,7 @@
@ -82,7 +83,7 @@ index 46c44af67c4ea5348eb1b6db637f..1d3eaf1e37bc2995ae4b8e80f0ff 100644
* set of muxes
*/
diff --git a/chardev/char.c b/chardev/char.c
index e77564060dbc8d60e964787b9150..7f08483a4fc8b1c2c01d57546eca 100644
index 77e7ec814f2196d8352e2f3ec75e..bcdec537e8753025b715e75214e6 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -22,6 +22,7 @@
@ -93,11 +94,11 @@ index e77564060dbc8d60e964787b9150..7f08483a4fc8b1c2c01d57546eca 100644
#include "qemu/osdep.h"
#include "qemu/cutils.h"
#include "monitor/monitor.h"
diff --git a/include/chardev/char-mux.h b/include/chardev/char-mux.h
index 417fe32eedf29b206c4c7a20f8ef..225a4d1c37d051bca576a1b73607 100644
--- a/include/chardev/char-mux.h
+++ b/include/chardev/char-mux.h
@@ -34,6 +34,9 @@ typedef struct MuxChardev {
diff --git a/chardev/chardev-internal.h b/chardev/chardev-internal.h
index f4d0429763bc28438e6cd6e7de1a..fc6cd39eb2d98af15aec25642438 100644
--- a/chardev/chardev-internal.h
+++ b/chardev/chardev-internal.h
@@ -36,6 +36,9 @@ typedef struct MuxChardev {
Chardev parent;
CharBackend *backends[MAX_MUX];
CharBackend chr;
@ -107,8 +108,20 @@ index 417fe32eedf29b206c4c7a20f8ef..225a4d1c37d051bca576a1b73607 100644
int focus;
int mux_cnt;
int term_got_escape;
diff --git a/chardev/chardev-sysemu.c b/chardev/chardev-sysemu.c
index eecdc615ee1c6c64060452ac837d..c052f101e89c193af1effa9c6fa5 100644
--- a/chardev/chardev-sysemu.c
+++ b/chardev/chardev-sysemu.c
@@ -22,6 +22,7 @@
* THE SOFTWARE.
*/
+#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */
#include "qemu/osdep.h"
#include "sysemu/sysemu.h"
#include "chardev/char.h"
diff --git a/tests/test-char.c b/tests/test-char.c
index 3afc9b1b8d59802919139012c2cb..530cf7c2414e85e00e2685e7482c 100644
index d35cc839bc60db1884c3f265629b..51635ba059ef2302608459e84a65 100644
--- a/tests/test-char.c
+++ b/tests/test-char.c
@@ -1,3 +1,4 @@

View File

@ -13,7 +13,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/analyze-migration.py b/scripts/analyze-migration.py
index 96a31d3974ba2af13d419b71c409..4cae695244a00003d1431c02febf 100755
index 95838cbff3f00f1ba097ee032032..d5f6c67bf1f7305461bb536f57b1 100755
--- a/scripts/analyze-migration.py
+++ b/scripts/analyze-migration.py
@@ -1,4 +1,4 @@

View File

@ -14,10 +14,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 2 insertions(+)
diff --git a/exec.c b/exec.c
index 2c419f327cf925ee55c46d111272..7adf108c66ed8912588cb83bc15e 100644
index 6f381f98e2a01c432c28c0c094db..0cec6a514147a1b90e2056f3eac4 100644
--- a/exec.c
+++ b/exec.c
@@ -2297,11 +2297,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
@@ -2328,11 +2328,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
return NULL;
}

View File

@ -1,11 +1,17 @@
The qemu package, and derived packages have a special maintenance workflow in
order to support git based patching. Please use it in order to have changes
you make be acceptable to the package maintainers.
The qemu package includes a special maintenance workflow in order to support git
based patching. Please use it in order to have changes you make be acceptable to
the package maintainers.
Currently a local clone of the upstream repo(s) is required for the packaging
workflow. It is anticipated that the need for any extra setup will be reduced or
even eliminated entirely in the future, but for now, you will need do so some
setup. See config.sh for details.
The qemu.spec file is generated from a qemu.spec.in template, so to make changes
to the spec file (besides the script generated patch references), you'll need to
edit the template, not the spec file. The spec file patch references are inserted
by a script as described below.
to the spec file beyond the patch name generation, patch reference and automated
versioning done by the scripts, you need to edit the template. Do not directly
edit the spec file. The spec file's version and patch references are added when
the update_git.sh script is passed certain commands, as described below.
If you are not modifying any patches or their order, but just need to update the
spec file from a changed template, run 'bash ./update_git.sh refresh'.
@ -22,16 +28,13 @@ upstream patches from there). Once you have the patch queue ready to go run
'bash ./update_git.sh git2pkg' which updates the bundles.tar.xz file, as well as
the spec and patch files.
The default action for update_git.sh is git2pkg, which helps simplify repeated
package updates as you modify the patch queue from the local git repo.
The maintainer and automation use another workflow mode dealing with packaging
the latest upstream qemu. See 'LATEST' references in the scripts for details.
** SPECIAL NOTE ABOUT CURRENT STATUS ***
The current status as of 31 Oct 2019 is that for this incarnation of qemu
packaging, the previous workflow which relied on the patches being in a shared
git repo on github or gitlab is no longer supported. This new bundle based
workflow is still a work in progress.
If it isn't working right, please contact Bruce Rogers <brogers@suse.com>.
*** END SPECIAL NOTE ***
* * * * * * * * *
Additional Notes:
@ -60,11 +63,12 @@ This will cause the patch application in the spec file to be done as follows:
%endif
A trick worth noting is, if a given git tracked patch is to be applied in a way
that can't be done in the normal patching section of the spec file, you can still
include the patch, and use it by name with the patch program elsewhere in the
spec file by doing something such as:
that can't be done in the normal patching section of the spec file, you can
still include the patch, and use it by name with the patch program elsewhere in
the spec file by doing something such as:
Include-If: %if 0%{?patch-possibly-applied-elsewhere}
(this variable will remain undefined in the spec file) And then elsewhere in spec
file, the actual patch (eg specially-handled-change.patch) is referenced as, eg:
(this variable will remain undefined in the spec file) And then elsewhere in the
spec file, the actual patch (eg specially-handled-change.patch) is referenced as
eg:
patch -p1 < %_sourcedir/specially-handled-change.patch

View File

@ -16,7 +16,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 12 insertions(+)
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 32c004788919e4f50b4bfc88113b..97e3888e832f0c9051f720bb701c 100644
index 4eb9d1f7fd54f27583bfb1ce9407..c6e7530b012db308d0c607ec749d 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -34,6 +34,7 @@
@ -26,8 +26,8 @@ index 32c004788919e4f50b4bfc88113b..97e3888e832f0c9051f720bb701c 100644
+#include <sys/resource.h>
#include "sysemu/seccomp.h"
#include "sysemu/tcg.h"
@@ -2851,6 +2852,7 @@ void qemu_init(int argc, char **argv, char **envp)
#include "sysemu/xen.h"
@@ -2868,6 +2869,7 @@ void qemu_init(int argc, char **argv, char **envp)
BlockdevOptionsQueue bdo_queue = QSIMPLEQ_HEAD_INITIALIZER(bdo_queue);
QemuPluginList plugin_list = QTAILQ_HEAD_INITIALIZER(plugin_list);
int mem_prealloc = 0; /* force preallocation of physical target memory */
@ -35,7 +35,7 @@ index 32c004788919e4f50b4bfc88113b..97e3888e832f0c9051f720bb701c 100644
os_set_line_buffering();
@@ -2862,6 +2864,16 @@ void qemu_init(int argc, char **argv, char **envp)
@@ -2879,6 +2881,16 @@ void qemu_init(int argc, char **argv, char **envp)
qemu_mutex_lock_iothread();

View File

@ -9,10 +9,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index 8a9113e6663eb51cf842b2f4f5a2..1a2f649a21a85e1849a3ca40991d 100644
index 13dd708c4af52df3bc932812fc60..e7116289550f169a65f8aecfeccf 100644
--- a/Makefile
+++ b/Makefile
@@ -619,7 +619,7 @@ fsdev/virtfs-proxy-helper$(EXESUF): fsdev/virtfs-proxy-helper.o fsdev/9p-marshal
@@ -613,7 +613,7 @@ fsdev/virtfs-proxy-helper$(EXESUF): fsdev/virtfs-proxy-helper.o fsdev/9p-marshal
scsi/qemu-pr-helper$(EXESUF): scsi/qemu-pr-helper.o scsi/utils.o $(authz-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
ifdef CONFIG_MPATH
@ -22,10 +22,10 @@ index 8a9113e6663eb51cf842b2f4f5a2..1a2f649a21a85e1849a3ca40991d 100644
qemu-img-cmds.h: $(SRC_PATH)/qemu-img-cmds.hx $(SRC_PATH)/scripts/hxtool
diff --git a/configure b/configure
index 23b5e93752b6a2597b2099b50218..ef127fb1e0715da446b4a822e3ab 100755
index 2acc4d1465f8165ae3a238784231..a47fda0fb5267e153a3f1f3ee3bc 100755
--- a/configure
+++ b/configure
@@ -3961,7 +3961,7 @@ int main(void) {
@@ -4100,7 +4100,7 @@ int main(void) {
return 0;
}
EOF

View File

@ -1,87 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Tue, 25 Feb 2020 06:09:23 -0500
Subject: Sync pv
Git-commit: 6807f464961cfee1dd81c95e22ddd91fa352fcc4
References: bsc#1167075
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
linux-headers/linux/kvm.h | 45 +++++++++++++++++++++++++++++++++++++--
1 file changed, 43 insertions(+), 2 deletions(-)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 265099100e65b3e86d9e42e8806e..c30344ab0095e8568e785a237c89 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -474,12 +474,17 @@ struct kvm_s390_mem_op {
__u32 size; /* amount of bytes */
__u32 op; /* type of operation */
__u64 buf; /* buffer in userspace */
- __u8 ar; /* the access register number */
- __u8 reserved[31]; /* should be set to 0 */
+ union {
+ __u8 ar; /* the access register number */
+ __u32 sida_offset; /* offset into the sida */
+ __u8 reserved[32]; /* should be set to 0 */
+ };
};
/* types for kvm_s390_mem_op->op */
#define KVM_S390_MEMOP_LOGICAL_READ 0
#define KVM_S390_MEMOP_LOGICAL_WRITE 1
+#define KVM_S390_MEMOP_SIDA_READ 2
+#define KVM_S390_MEMOP_SIDA_WRITE 3
/* flags for kvm_s390_mem_op->flags */
#define KVM_S390_MEMOP_F_CHECK_ONLY (1ULL << 0)
#define KVM_S390_MEMOP_F_INJECT_EXCEPTION (1ULL << 1)
@@ -1010,6 +1015,7 @@ struct kvm_ppc_resize_hpt {
#define KVM_CAP_ARM_NISV_TO_USER 177
#define KVM_CAP_ARM_INJECT_EXT_DABT 178
#define KVM_CAP_S390_VCPU_RESETS 179
+#define KVM_CAP_S390_PROTECTED 180
#ifdef KVM_CAP_IRQ_ROUTING
@@ -1478,6 +1484,41 @@ struct kvm_enc_region {
#define KVM_S390_NORMAL_RESET _IO(KVMIO, 0xc3)
#define KVM_S390_CLEAR_RESET _IO(KVMIO, 0xc4)
+struct kvm_s390_pv_sec_parm {
+ __u64 origin;
+ __u64 length;
+};
+
+struct kvm_s390_pv_unp {
+ __u64 addr;
+ __u64 size;
+ __u64 tweak;
+};
+
+enum pv_cmd_id {
+ KVM_PV_ENABLE,
+ KVM_PV_DISABLE,
+ KVM_PV_VM_SET_SEC_PARMS,
+ KVM_PV_VM_UNPACK,
+ KVM_PV_VM_VERIFY,
+ KVM_PV_VM_PREP_RESET,
+ KVM_PV_VM_UNSHARE_ALL,
+ KVM_PV_VCPU_CREATE,
+ KVM_PV_VCPU_DESTROY,
+};
+
+struct kvm_pv_cmd {
+ __u32 cmd; /* Command to be executed */
+ __u16 rc; /* Ultravisor return code */
+ __u16 rrc; /* Ultravisor return reason code */
+ __u64 data; /* Data or address */
+ __u32 flags; /* flags for future extensions. Must be 0 for now */
+ __u32 reserved[3];
+};
+
+/* Available with KVM_CAP_S390_PROTECTED */
+#define KVM_S390_PV_COMMAND _IOWR(KVMIO, 0xc5, struct kvm_pv_cmd)
+
/* Secure Encrypted Virtualization command */
enum sev_cmd_id {
/* Guest initialization commands */

View File

@ -1,5 +1,5 @@
<constraints>
<!-- All builds are fine with 8GB disk -->
<!-- All builds are fine with 9GB disk -->
<overwrite>
<conditions>
<package>qemu</package>
@ -8,10 +8,22 @@
</conditions>
<hardware>
<disk>
<size unit="G">8</size>
<size unit="G">9</size>
</disk>
</hardware>
</overwrite>
<!-- To test qemu-linux-user, armv7l needs more than the default memory -->
<overwrite>
<conditions>
<arch>armv7l</arch>
<package>qemu:linux-user</package>
</conditions>
<hardware>
<memory>
<size unit="M">8192</size>
</memory>
</hardware>
</overwrite>
<!-- To build qemu, s390x needs more than the default memory -->
<overwrite>
<conditions>

View File

@ -16,10 +16,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 964d6f5990faf6ff7521bb2377a2..7b5f8234444b8b29ae66098b8d39 100644
index 26bac4f16c18a7d32b3821e5e3e6..81c2a3410319e6236c1a09b07bb1 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -274,7 +274,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id)
@@ -275,7 +275,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id)
static const VMStateDescription vmstate_acpi = {
.name = "piix4_pm",
.version_id = 3,

View File

@ -1,58 +0,0 @@
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 4 Jun 2020 14:38:30 +0530
Subject: ati-vga: check mm_index before recursive call (CVE-2020-13800)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: a98610c429d52db0937c1e48659428929835c455
References: bsc#1172495, CVE-2020-13800
While accessing VGA registers via ati_mm_read/write routines,
a guest may set 's->regs.mm_index' such that it leads to infinite
recursion. Check mm_index value to avoid such recursion. Log an
error message for wrong values.
Reported-by: Ren Ding <rding@gatech.edu>
Reported-by: Hanqing Zhao <hanqing@gatech.edu>
Reported-by: Yi Ren <c4tren@gmail.com>
Message-id: 20200604090830.33885-1-ppandit@redhat.com
Suggested-by: BALATON Zoltan <balaton@eik.bme.hu>
Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/display/ati.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/hw/display/ati.c b/hw/display/ati.c
index 58ec8291d4601b70720fa1484f88..9228f1b242bb7b141eb50a19e12b 100644
--- a/hw/display/ati.c
+++ b/hw/display/ati.c
@@ -285,8 +285,11 @@ static uint64_t ati_mm_read(void *opaque, hwaddr addr, unsigned int size)
if (idx <= s->vga.vram_size - size) {
val = ldn_le_p(s->vga.vram_ptr + idx, size);
}
- } else {
+ } else if (s->regs.mm_index > MM_DATA + 3) {
val = ati_mm_read(s, s->regs.mm_index + addr - MM_DATA, size);
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "ati_mm_read: mm_index too small: %u\n", s->regs.mm_index);
}
break;
case BIOS_0_SCRATCH ... BUS_CNTL - 1:
@@ -520,8 +523,11 @@ static void ati_mm_write(void *opaque, hwaddr addr,
if (idx <= s->vga.vram_size - size) {
stn_le_p(s->vga.vram_ptr + idx, size, data);
}
- } else {
+ } else if (s->regs.mm_index > MM_DATA + 3) {
ati_mm_write(s, s->regs.mm_index + addr - MM_DATA, data, size);
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "ati_mm_write: mm_index too small: %u\n", s->regs.mm_index);
}
break;
case BIOS_0_SCRATCH ... BUS_CNTL - 1:

View File

@ -1,49 +0,0 @@
From: Bruce Rogers <brogers@suse.com>
Date: Thu, 21 May 2020 11:29:31 -0600
Subject: audio: fix wavcapture segfault
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: cbaf25d1f59ee13fc7542a06ea70784f2e000c04
References: boo#1171712
Commit 571a8c522e caused the HMP wavcapture command to segfault when
processing audio data in audio_pcm_sw_write(), where a NULL
sw->hw->pcm_ops is dereferenced. This fix checks that the pointer is
valid before dereferincing it. A similar fix is also made in the
parallel function audio_pcm_sw_read().
Fixes: 571a8c522e (audio: split ctl_* functions into enable_* and
volume_*)
Signed-off-by: Bruce Rogers <brogers@suse.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200521172931.121903-1-brogers@suse.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
audio/audio.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/audio/audio.c b/audio/audio.c
index 7a9e6803558b85ff8d4158aa35f9..08a067722b2c33b3f31cb8cf9884 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -649,7 +649,7 @@ static size_t audio_pcm_sw_read(SWVoiceIn *sw, void *buf, size_t size)
total += isamp;
}
- if (!hw->pcm_ops->volume_in) {
+ if (hw->pcm_ops && !hw->pcm_ops->volume_in) {
mixeng_volume (sw->buf, ret, &sw->vol);
}
@@ -736,7 +736,7 @@ static size_t audio_pcm_sw_write(SWVoiceOut *sw, void *buf, size_t size)
if (swlim) {
sw->conv (sw->buf, buf, swlim);
- if (!sw->hw->pcm_ops->volume_out) {
+ if (sw->hw->pcm_ops && !sw->hw->pcm_ops->volume_out) {
mixeng_volume (sw->buf, swlim, &sw->vol);
}
}

View File

@ -2,7 +2,7 @@ From: Bruce Rogers <brogers@suse.com>
Date: Wed, 6 May 2020 15:03:02 -0600
Subject: [build] Be explicit about -fcommon compiler directive
Git-commit: 6260364cc4bfea9a78867da63be8d4bf50e4a561
Git-commit: f982a712979619dbae2c6e0d741757e2ce94be11
References: boo#1171140
gcc10 switched default behavior from -fcommon to -fno-common. Since
@ -11,12 +11,13 @@ gcc10 switched default behavior from -fcommon to -fno-common. Since
Signed-off-by: Bruce Rogers <brogers@suse.com>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
src/Makefile.housekeeping | 1 +
1 file changed, 1 insertion(+)
diff --git a/roms/ipxe/src/Makefile.housekeeping b/roms/ipxe/src/Makefile.housekeeping
index 1b175b9508c0d20f169801f8763d..893bd20f1fd5cecf0e480dee05bd 100644
index 4b09e81f0b1eb82e79f6af11986d..f6f3e29248d3e59b76de690aeb0c 100644
--- a/roms/ipxe/src/Makefile.housekeeping
+++ b/roms/ipxe/src/Makefile.housekeeping
@@ -422,6 +422,7 @@ CFLAGS += -Os

View File

@ -4,6 +4,7 @@ Subject: [build] Workaround compilation error with gcc 9.1
Git-commit: 1dd56dbd11082fb622c2ed21cfaced4f47d798a6
References: bsc#1121464
Include-If: %if 0%{?suse_version} > 1500 && 0%{?is_opensuse}
Compiling with gcc 9.1 generates lots of "taking address of packed
member of ... may result in an unaligned pointer value" warnings.

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:98bbc84339311458aaa7725097230b2d8b9ab7076f44d830bb2d31a4b277a63a
size 60868
oid sha256:538acceeee5a8882a1bacc0a4601a05e402922c18bec4609c6491796073f8556
size 44000

View File

@ -7,7 +7,7 @@
# The following specifies the upstream tag or commit upon which our patchqueue
# gets rebased. The special value LATEST may be used to "automatically" track
# the upstream development tree in the master branch
GIT_UPSTREAM_COMMIT_ISH=v5.0.0
GIT_UPSTREAM_COMMIT_ISH=v5.1.0
# WARNING: If transitioning from using LATEST to not, MANUALLY re-set the
# tarball present. If transitioning TO LATEST, make sure that
# NEXT_RELEASE_IS_MAJOR is set correctly

View File

@ -12,10 +12,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index ef127fb1e0715da446b4a822e3ab..5a0a52e842df70b757252f89b74a 100755
index a47fda0fb5267e153a3f1f3ee3bc..3b3c5dc2f93b87a91d247079f4c8 100755
--- a/configure
+++ b/configure
@@ -6495,7 +6495,7 @@ if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } && \
@@ -6770,7 +6770,7 @@ if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } && \
fi
# Only build s390-ccw bios if we're on s390x and the compiler has -march=z900

View File

@ -18,10 +18,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index 5a0a52e842df70b757252f89b74a..790337b204cdfa6d84b1f8524f90 100755
index 3b3c5dc2f93b87a91d247079f4c8..4340229b47a3294307a08df3339e 100755
--- a/configure
+++ b/configure
@@ -6939,7 +6939,7 @@ fi
@@ -7229,7 +7229,7 @@ fi
if test "$modules" = "yes"; then
# $shacmd can generate a hash started with digit, which the compiler doesn't
# like as an symbol. So prefix it with an underscore

View File

@ -14,7 +14,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+)
diff --git a/docs/index.html.in b/docs/index.html.in
index e9a160384cfe939a3bccc51e5da9..2a76ade7bfd053f359d7782c7473 100644
index 6736fa4360cfb8c40cbab2a362b0..ad431321ee858bcbe3e237e687b5 100644
--- a/docs/index.html.in
+++ b/docs/index.html.in
@@ -7,6 +7,7 @@

View File

@ -6,6 +6,7 @@ Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 0000000000000000000000000000000000000000
Include-If: %if 0%{?suse_version} > 1500
In Fedora 33 rawhide, we now have sphinx 3.1.1, as opposed
to previous 2.2.2. This new version generates a warning on

View File

@ -8,7 +8,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/roms/seabios/Makefile b/roms/seabios/Makefile
index ca8d0283922bbfa931e85511e921..d807c558ef0f09b5975f6ccc38f1 100644
index edb83b7a1c77f7bb75c371330b2c..74a01853f26458d94d4a4e056b7b 100644
--- a/roms/seabios/Makefile
+++ b/roms/seabios/Makefile
@@ -13,7 +13,7 @@ export CONFIG_SHELL := sh

View File

@ -1,60 +0,0 @@
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri, 15 May 2020 01:36:08 +0530
Subject: es1370: check total frame count against current frame
Git-commit: 369ff955a8497988d079c4e3fa1e93c2570c1c69
References: bsc#1172384, CVE-2020-13361
A guest user may set channel frame count via es1370_write()
such that, in es1370_transfer_audio(), total frame count
'size' is lesser than the number of frames that are processed
'cnt'.
int cnt = d->frame_cnt >> 16;
int size = d->frame_cnt & 0xffff;
if (size < cnt), it results in incorrect calculations leading
to OOB access issue(s). Add check to avoid it.
Reported-by: Ren Ding <rding@gatech.edu>
Reported-by: Hanqing Zhao <hanqing@gatech.edu>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20200514200608.1744203-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/audio/es1370.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
index 89c4dabcd44fb2d7782e3cabc51d..5f8a83ff56241d94347c1e51419e 100644
--- a/hw/audio/es1370.c
+++ b/hw/audio/es1370.c
@@ -643,6 +643,9 @@ static void es1370_transfer_audio (ES1370State *s, struct chan *d, int loop_sel,
int csc_bytes = (csc + 1) << d->shift;
int cnt = d->frame_cnt >> 16;
int size = d->frame_cnt & 0xffff;
+ if (size < cnt) {
+ return;
+ }
int left = ((size - cnt + 1) << 2) + d->leftover;
int transferred = 0;
int temp = MIN (max, MIN (left, csc_bytes));
@@ -651,7 +654,7 @@ static void es1370_transfer_audio (ES1370State *s, struct chan *d, int loop_sel,
addr += (cnt << 2) + d->leftover;
if (index == ADC_CHANNEL) {
- while (temp) {
+ while (temp > 0) {
int acquired, to_copy;
to_copy = MIN ((size_t) temp, sizeof (tmpbuf));
@@ -669,7 +672,7 @@ static void es1370_transfer_audio (ES1370State *s, struct chan *d, int loop_sel,
else {
SWVoiceOut *voice = s->dac_voice[index];
- while (temp) {
+ while (temp > 0) {
int copied, to_copy;
to_copy = MIN ((size_t) temp, sizeof (tmpbuf));

View File

@ -1,54 +0,0 @@
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 26 May 2020 16:47:43 +0530
Subject: exec: set map length to zero when returning NULL
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 77f55eac6c433e23e82a1b88b2d74f385c4c7d82
References: bsc#1172386, CVE-2020-13659
When mapping physical memory into host's virtual address space,
'address_space_map' may return NULL if BounceBuffer is in_use.
Set and return '*plen = 0' to avoid later NULL pointer dereference.
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: https://bugs.launchpad.net/qemu/+bug/1878259
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20200526111743.428367-1-ppandit@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
exec.c | 1 +
include/exec/memory.h | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/exec.c b/exec.c
index 2874bb508853d353bca3b9790e5d..2c419f327cf925ee55c46d111272 100644
--- a/exec.c
+++ b/exec.c
@@ -3538,6 +3538,7 @@ void *address_space_map(AddressSpace *as,
if (!memory_access_is_direct(mr, is_write)) {
if (atomic_xchg(&bounce.in_use, true)) {
+ *plen = 0;
return NULL;
}
/* Avoid unbounded allocations */
diff --git a/include/exec/memory.h b/include/exec/memory.h
index e000bd2f97b2fce76a41f9b5d9f3..8fa2d3cab2d51e5328e28151c65c 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -2303,7 +2303,8 @@ bool address_space_access_valid(AddressSpace *as, hwaddr addr, hwaddr len,
/* address_space_map: map a physical memory region into a host virtual address
*
* May map a subset of the requested range, given by and returned in @plen.
- * May return %NULL if resources needed to perform the mapping are exhausted.
+ * May return %NULL and set *@plen to zero(0), if resources needed to perform
+ * the mapping are exhausted.
* Use only for reads OR writes - not for read-modify-write operations.
* Use cpu_register_map_client() to know when retrying the map operation is
* likely to succeed.

View File

@ -1,30 +0,0 @@
From: Bruce Rogers <brogers@suse.com>
Date: Wed, 22 Apr 2020 08:50:55 -0600
Subject: gcc10: maybe-uninitialized
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
References: boo#1169728
gcc 10 needs some help to understand that indeed cpu_irqs[0] does get
initialized in all cases. In this case an assert is sufficient.
Reported-by: Martin Liška <mliska@suse.cz>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/openrisc/openrisc_sim.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
index d08ce6181199aa1e75a7c5bc2157..02f5259e5e33272b17bba701f5d5 100644
--- a/hw/openrisc/openrisc_sim.c
+++ b/hw/openrisc/openrisc_sim.c
@@ -134,6 +134,7 @@ static void openrisc_sim_init(MachineState *machine)
int n;
unsigned int smp_cpus = machine->smp.cpus;
+ assert(smp_cpus >= 1 && smp_cpus <= 2);
for (n = 0; n < smp_cpus; n++) {
cpu = OPENRISC_CPU(cpu_create(machine->cpu_type));
if (cpu == NULL) {

View File

@ -0,0 +1,26 @@
From: Jon Doron <arilou@gmail.com>
Date: Wed, 15 Jul 2020 11:43:26 +0300
Subject: hw: hyperv: vmbus: Fix 32bit compilation
Git-commit: 0000000000000000000000000000000000000000
Signed-off-by: Jon Doron <arilou@gmail.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/hyperv/vmbus.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/hyperv/vmbus.c b/hw/hyperv/vmbus.c
index 34392e892af6228f270ec327563e..c28bb4201be449eb6dae4b0e0218 100644
--- a/hw/hyperv/vmbus.c
+++ b/hw/hyperv/vmbus.c
@@ -383,7 +383,8 @@ static ssize_t gpadl_iter_io(GpadlIter *iter, void *buf, uint32_t len)
}
}
- p = (void *)(((uintptr_t)iter->map & TARGET_PAGE_MASK) | off_in_page);
+ p = (void *)(uintptr_t)(((uintptr_t)iter->map & TARGET_PAGE_MASK) |
+ off_in_page);
if (iter->dir == DMA_DIRECTION_FROM_DEVICE) {
memcpy(p, buf, cplen);
} else {

View File

@ -41,10 +41,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/intc/exynos4210_gic.c b/hw/intc/exynos4210_gic.c
index 82c8f4192cbc34fe4c8762846728..50958b31c9173aba84b7443950cb 100644
index 0aa3b843a9e045348b719cb4b8a4..83506dda3c9142350319d7f4dd5c 100644
--- a/hw/intc/exynos4210_gic.c
+++ b/hw/intc/exynos4210_gic.c
@@ -290,8 +290,8 @@ static void exynos4210_gic_realize(DeviceState *dev, Error **errp)
@@ -291,8 +291,8 @@ static void exynos4210_gic_realize(DeviceState *dev, Error **errp)
SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
const char cpu_prefix[] = "exynos4210-gic-alias_cpu";
const char dist_prefix[] = "exynos4210-gic-alias_dist";

View File

@ -16,18 +16,18 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 39 insertions(+), 4 deletions(-)
diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index ffd98727ee9e503dfce5e5c92241..a50b5aea6545f1d702278e838cf2 100644
index f56082690437df2962681ea823d3..4ad74efc8e764429b5567c91d7ed 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -963,6 +963,7 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
@@ -962,6 +962,7 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
struct smbios_structure_header *header;
int size;
struct smbios_table *table; /* legacy mode only */
+ uint8_t *dbl_nulls, *orig_end;
qemu_opts_validate(opts, qemu_smbios_file_opts, &err);
if (err) {
@@ -977,11 +978,21 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
if (!qemu_opts_validate(opts, qemu_smbios_file_opts, errp)) {
return;
@@ -974,11 +975,21 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
}
/*
@ -53,7 +53,7 @@ index ffd98727ee9e503dfce5e5c92241..a50b5aea6545f1d702278e838cf2 100644
header = (struct smbios_structure_header *)(smbios_tables +
smbios_tables_len);
@@ -996,6 +1007,19 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
@@ -993,6 +1004,19 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
header->type);
return;
}
@ -73,7 +73,7 @@ index ffd98727ee9e503dfce5e5c92241..a50b5aea6545f1d702278e838cf2 100644
set_bit(header->type, have_binfile_bitmap);
if (header->type == 4) {
@@ -1016,6 +1040,17 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
@@ -1013,6 +1037,17 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
* delete the one we don't need from smbios_set_defaults(),
* once we know which machine version has been requested.
*/

View File

@ -17,10 +17,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 13 insertions(+)
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 20717f026bc03922944317f73a68..e640fe183a0b407db555aade6e16 100644
index 15a2243101f8c465e038e26c6551..d4d3a388f2034d735a6595fdaa36 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -1722,9 +1722,22 @@ static void usb_mtp_write_metadata(MTPState *s, uint64_t dlen)
@@ -1721,9 +1721,22 @@ static void usb_mtp_write_metadata(MTPState *s, uint64_t dlen)
assert(!s->write_pending);
assert(p != NULL);

View File

@ -28,7 +28,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index b330e36fe6cc69a3b47ddd51ccba..8c4e4b66dd33ee482125b98846b7 100644
index 67a18fe2b64c2cc0f77be5897c5d..79386df49b7aaec7c2f2b4c19b6f 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -3340,6 +3340,7 @@ static void usb_xhci_init(XHCIState *xhci)

View File

@ -1,36 +0,0 @@
From: Thomas Huth <thuth@redhat.com>
Date: Thu, 11 Jun 2020 11:36:40 -0600
Subject: hw/vfio/pci-quirks: Fix broken legacy IGD passthrough
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 643a4eacef87a318cf71800a4fb2ae1f78c4b245
The #ifdef CONFIG_VFIO_IGD in pci-quirks.c is not working since the
required header config-devices.h is not included, so that the legacy
IGD passthrough is currently broken. Let's include the right header
to fix this issue.
Buglink: https://bugs.launchpad.net/qemu/+bug/1882784
Fixes: 29d62771c81d ("hw/vfio: Move the IGD quirk code to a separate file")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/vfio/pci-quirks.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
index 2d348f8237fa6a8e7aac10a4a920..656098b827c69f04ac1d6e2ff227 100644
--- a/hw/vfio/pci-quirks.c
+++ b/hw/vfio/pci-quirks.c
@@ -11,6 +11,7 @@
*/
#include "qemu/osdep.h"
+#include "config-devices.h"
#include "exec/memop.h"
#include "qemu/units.h"
#include "qemu/error-report.h"

View File

@ -18,10 +18,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index e818fc712aca18df805859d10ede..bafc094406d16f6f8c1d41d69ff6 100644
index e1a5c174dce15c4620bb94bc2826..2dc6d4ae0b61303401cc08bfb7ae 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1942,7 +1942,7 @@ uint64_t cpu_get_tsc(CPUX86State *env);
@@ -1963,7 +1963,7 @@ uint64_t cpu_get_tsc(CPUX86State *env);
/* XXX: This value should match the one returned by CPUID
* and in exec.c */
# if defined(TARGET_X86_64)

View File

@ -4,7 +4,7 @@ Subject: [intel] Avoid spurious compiler warning on GCC 10
Git-commit: 28cf9806d1632d378485005babec295da0c77fcf
References: boo#1171123
`
GCC 10 produces a spurious warning about an out-of-bounds array access
for the unsized raw dword array in union intelvf_msg.

View File

@ -14,7 +14,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/roms/ipxe/src/Makefile.housekeeping b/roms/ipxe/src/Makefile.housekeeping
index 893bd20f1fd5cecf0e480dee05bd..9c33cc08c4db1bbd0f9966924fce 100644
index f6f3e29248d3e59b76de690aeb0c..d94eb1454c9168545c933ec6e900 100644
--- a/roms/ipxe/src/Makefile.housekeeping
+++ b/roms/ipxe/src/Makefile.housekeeping
@@ -1172,11 +1172,18 @@ blib : $(BLIB)

View File

@ -21,10 +21,10 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
1 file changed, 24 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 894627b9dc8d4f72c06bab90aa9b..39b824760a29765dc9538d8574e5 100644
index 1a835798d19cc77da8d7ec6bdc7b..5cd29859d6ac5349f04c03996b12 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7344,6 +7344,27 @@ static int open_self_stat(void *cpu_env, int fd)
@@ -7473,6 +7473,27 @@ static int open_self_stat(void *cpu_env, int fd)
return 0;
}
@ -52,8 +52,8 @@ index 894627b9dc8d4f72c06bab90aa9b..39b824760a29765dc9538d8574e5 100644
static int open_self_auxv(void *cpu_env, int fd)
{
CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
@@ -7486,6 +7507,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags,
#if defined(TARGET_SPARC)
@@ -7627,6 +7648,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags,
#if defined(TARGET_SPARC) || defined(TARGET_HPPA)
{ "/proc/cpuinfo", open_cpuinfo, is_proc },
#endif
+#if defined(TARGET_ARM)

View File

@ -35,7 +35,7 @@ Signed-off-by: Andreas Färber <afaerber@suse.de>
3 files changed, 56 insertions(+)
diff --git a/Makefile.target b/Makefile.target
index 8ed1eba95b9c29ab4e47349cbdb2..8b5d84006cb32d4463f13059de93 100644
index ffa2657269ac5e4ed4eab213e1bd..b6621549b8909d76e64cc0c5c2f3 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -39,6 +39,10 @@ endif
@ -58,7 +58,7 @@ index 8ed1eba95b9c29ab4e47349cbdb2..8b5d84006cb32d4463f13059de93 100644
endif #CONFIG_LINUX_USER
#########################################################
@@ -176,7 +182,11 @@ generated-files-y += config-devices.h
@@ -173,7 +179,11 @@ generated-files-y += config-devices.h
endif # CONFIG_SOFTMMU
@ -69,8 +69,8 @@ index 8ed1eba95b9c29ab4e47349cbdb2..8b5d84006cb32d4463f13059de93 100644
+endif
all-obj-y := $(obj-y)
include $(SRC_PATH)/Makefile.objs
@@ -211,6 +221,9 @@ ifdef CONFIG_DARWIN
#
@@ -222,6 +232,9 @@ ifdef CONFIG_DARWIN
$(call quiet-command,SetFile -a C $@,"SETFILE","$(TARGET_DIR)$@")
endif

View File

@ -15,10 +15,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 0317c64f4ae460c972fe4fe67ef8..6ada54d3a19e455c0c12a1d4b321 100644
index 9ec933bdc0078f3fc62bfd499957..78a1f6c347511b85634da898f831 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8005,8 +8005,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1,
@@ -8149,8 +8149,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1,
return ret;
#endif
#ifdef TARGET_NR_lseek

View File

@ -15,10 +15,10 @@ Signed-off-by: Andreas Schwab <schwab@suse.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 6ada54d3a19e455c0c12a1d4b321..69c9dee831d8fdb96cde3a0b996c 100644
index 78a1f6c347511b85634da898f831..d70d8a59f44feaf126d8b6187f17 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -10052,7 +10052,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1,
@@ -10207,7 +10207,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1,
{
struct timespec ts, *pts;

View File

@ -16,10 +16,10 @@ Signed-off-by: Alexander Graf <agraf@suse.de>
2 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 792c74290f8d376235b07f3f8ef0..956ad6db3df11684132402dd877b 100644
index 5c964389c101ce00fcffe206bc69..76d0399e82d5c2b599b9472e0743 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -207,10 +207,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src,
@@ -227,10 +227,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src,
void target_set_brk(abi_ulong new_brk);
abi_long do_brk(abi_ulong new_brk);
void syscall_init(void);
@ -35,10 +35,10 @@ index 792c74290f8d376235b07f3f8ef0..956ad6db3df11684132402dd877b 100644
void cpu_loop(CPUArchState *env);
const char *target_strerror(int err);
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 39b824760a29765dc9538d8574e5..0317c64f4ae460c972fe4fe67ef8 100644
index 5cd29859d6ac5349f04c03996b12..9ec933bdc0078f3fc62bfd499957 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7650,10 +7650,10 @@ static int host_to_target_cpu_mask(const unsigned long *host_mask,
@@ -7791,10 +7791,10 @@ static int host_to_target_cpu_mask(const unsigned long *host_mask,
* of syscall results, can be performed.
* All errnos that do_syscall() returns must be -TARGET_<errcode>.
*/
@ -53,7 +53,7 @@ index 39b824760a29765dc9538d8574e5..0317c64f4ae460c972fe4fe67ef8 100644
{
CPUState *cpu = env_cpu(cpu_env);
abi_long ret;
@@ -10423,7 +10423,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
@@ -10578,7 +10578,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
*/
ret = -TARGET_EINVAL;
if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env))
@ -62,7 +62,7 @@ index 39b824760a29765dc9538d8574e5..0317c64f4ae460c972fe4fe67ef8 100644
CPUARMState *env = cpu_env;
ARMCPU *cpu = env_archcpu(env);
uint32_t vq, old_vq;
@@ -12456,10 +12456,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
@@ -12610,10 +12610,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
return ret;
}

View File

@ -1,50 +0,0 @@
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 14 May 2020 00:55:38 +0530
Subject: megasas: use unsigned type for reply_queue_head and check index
Git-commit: f50ab86a2620bd7e8507af865b164655ee921661
References: bsc#1172383, CVE-2020-13362
A guest user may set 'reply_queue_head' field of MegasasState to
a negative value. Later in 'megasas_lookup_frame' it is used to
index into s->frames[] array. Use unsigned type to avoid OOB
access issue.
Also check that 'index' value stays within s->frames[] bounds
through the while() loop in 'megasas_lookup_frame' to avoid OOB
access.
Reported-by: Ren Ding <rding@gatech.edu>
Reported-by: Hanqing Zhao <hanqing@gatech.edu>
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200513192540.1583887-2-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/scsi/megasas.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index af18c88b656e7f5fa299c5f0dda1..6ce598cd6908b5223470b506c481 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -112,7 +112,7 @@ typedef struct MegasasState {
uint64_t reply_queue_pa;
void *reply_queue;
int reply_queue_len;
- int reply_queue_head;
+ uint16_t reply_queue_head;
int reply_queue_tail;
uint64_t consumer_pa;
uint64_t producer_pa;
@@ -445,7 +445,7 @@ static MegasasCmd *megasas_lookup_frame(MegasasState *s,
index = s->reply_queue_head;
- while (num < s->fw_cmds) {
+ while (num < s->fw_cmds && index < MEGASAS_MAX_FRAMES) {
if (s->frames[index].pa && s->frames[index].pa == frame) {
cmd = &s->frames[index];
break;

View File

@ -1,148 +0,0 @@
From: Eric Blake <eblake@redhat.com>
Date: Mon, 8 Jun 2020 13:26:37 -0500
Subject: nbd/server: Avoid long error message assertions CVE-2020-10761
Git-commit: 5c4fe018c025740fef4a0a4421e8162db0c3eefd
References: bsc#1172710, CVE-2020-10761
Ever since commit 36683283 (v2.8), the server code asserts that error
strings sent to the client are well-formed per the protocol by not
exceeding the maximum string length of 4096. At the time the server
first started sending error messages, the assertion could not be
triggered, because messages were completely under our control.
However, over the years, we have added latent scenarios where a client
could trigger the server to attempt an error message that would
include the client's information if it passed other checks first:
- requesting NBD_OPT_INFO/GO on an export name that is not present
(commit 0cfae925 in v2.12 echoes the name)
- requesting NBD_OPT_LIST/SET_META_CONTEXT on an export name that is
not present (commit e7b1948d in v2.12 echoes the name)
At the time, those were still safe because we flagged names larger
than 256 bytes with a different message; but that changed in commit
93676c88 (v4.2) when we raised the name limit to 4096 to match the NBD
string limit. (That commit also failed to change the magic number
4096 in nbd_negotiate_send_rep_err to the just-introduced named
constant.) So with that commit, long client names appended to server
text can now trigger the assertion, and thus be used as a denial of
service attack against a server. As a mitigating factor, if the
server requires TLS, the client cannot trigger the problematic paths
unless it first supplies TLS credentials, and such trusted clients are
less likely to try to intentionally crash the server.
We may later want to further sanitize the user-supplied strings we
place into our error messages, such as scrubbing out control
characters, but that is less important to the CVE fix, so it can be a
later patch to the new nbd_sanitize_name.
Consideration was given to changing the assertion in
nbd_negotiate_send_rep_verr to instead merely log a server error and
truncate the message, to avoid leaving a latent path that could
trigger a future CVE DoS on any new error message. However, this
merely complicates the code for something that is already (correctly)
flagging coding errors, and now that we are aware of the long message
pitfall, we are less likely to introduce such errors in the future,
which would make such error handling dead code.
Reported-by: Xueqiang Wei <xuwei@redhat.com>
CC: qemu-stable@nongnu.org
Fixes: https://bugzilla.redhat.com/1843684 CVE-2020-10761
Fixes: 93676c88d7
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200610163741.3745251-2-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
nbd/server.c | 23 ++++++++++++++++++++---
tests/qemu-iotests/143 | 4 ++++
tests/qemu-iotests/143.out | 2 ++
3 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/nbd/server.c b/nbd/server.c
index 02b1ed080145b3f99979887d4268..20754e9ebc3c1342692c99e7a99f 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -217,7 +217,7 @@ nbd_negotiate_send_rep_verr(NBDClient *client, uint32_t type,
msg = g_strdup_vprintf(fmt, va);
len = strlen(msg);
- assert(len < 4096);
+ assert(len < NBD_MAX_STRING_SIZE);
trace_nbd_negotiate_send_rep_err(msg);
ret = nbd_negotiate_send_rep_len(client, type, len, errp);
if (ret < 0) {
@@ -231,6 +231,19 @@ nbd_negotiate_send_rep_verr(NBDClient *client, uint32_t type,
return 0;
}
+/*
+ * Return a malloc'd copy of @name suitable for use in an error reply.
+ */
+static char *
+nbd_sanitize_name(const char *name)
+{
+ if (strnlen(name, 80) < 80) {
+ return g_strdup(name);
+ }
+ /* XXX Should we also try to sanitize any control characters? */
+ return g_strdup_printf("%.80s...", name);
+}
+
/* Send an error reply.
* Return -errno on error, 0 on success. */
static int GCC_FMT_ATTR(4, 5)
@@ -595,9 +608,11 @@ static int nbd_negotiate_handle_info(NBDClient *client, Error **errp)
exp = nbd_export_find(name);
if (!exp) {
+ g_autofree char *sane_name = nbd_sanitize_name(name);
+
return nbd_negotiate_send_rep_err(client, NBD_REP_ERR_UNKNOWN,
errp, "export '%s' not present",
- name);
+ sane_name);
}
/* Don't bother sending NBD_INFO_NAME unless client requested it */
@@ -995,8 +1010,10 @@ static int nbd_negotiate_meta_queries(NBDClient *client,
meta->exp = nbd_export_find(export_name);
if (meta->exp == NULL) {
+ g_autofree char *sane_name = nbd_sanitize_name(export_name);
+
return nbd_opt_drop(client, NBD_REP_ERR_UNKNOWN, errp,
- "export '%s' not present", export_name);
+ "export '%s' not present", sane_name);
}
ret = nbd_opt_read(client, &nb_queries, sizeof(nb_queries), errp);
diff --git a/tests/qemu-iotests/143 b/tests/qemu-iotests/143
index f649b36195011e9b0f19e4b51a8d..d2349903b1b5fa1b48ffc3e7a00d 100755
--- a/tests/qemu-iotests/143
+++ b/tests/qemu-iotests/143
@@ -58,6 +58,10 @@ _send_qemu_cmd $QEMU_HANDLE \
$QEMU_IO_PROG -f raw -c quit \
"nbd+unix:///no_such_export?socket=$SOCK_DIR/nbd" 2>&1 \
| _filter_qemu_io | _filter_nbd
+# Likewise, with longest possible name permitted in NBD protocol
+$QEMU_IO_PROG -f raw -c quit \
+ "nbd+unix:///$(printf %4096d 1 | tr ' ' a)?socket=$SOCK_DIR/nbd" 2>&1 \
+ | _filter_qemu_io | _filter_nbd | sed 's/aaaa*aa/aa--aa/'
_send_qemu_cmd $QEMU_HANDLE \
"{ 'execute': 'quit' }" \
diff --git a/tests/qemu-iotests/143.out b/tests/qemu-iotests/143.out
index 1f4001c6013137a13d90f64b4f86..fc9c0a761fa107a5c800d27af843 100644
--- a/tests/qemu-iotests/143.out
+++ b/tests/qemu-iotests/143.out
@@ -5,6 +5,8 @@ QA output created by 143
{"return": {}}
qemu-io: can't open device nbd+unix:///no_such_export?socket=SOCK_DIR/nbd: Requested export not available
server reported: export 'no_such_export' not present
+qemu-io: can't open device nbd+unix:///aa--aa1?socket=SOCK_DIR/nbd: Requested export not available
+server reported: export 'aa--aa...' not present
{ 'execute': 'quit' }
{"return": {}}
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}

View File

@ -11,13 +11,13 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+)
diff --git a/pc-bios/s390-ccw/netboot.mak b/pc-bios/s390-ccw/netboot.mak
index 5eefb7c289395ca37fcd241ce53d..ea2994722cde7e8a65796d374dc7 100644
index 577c023afe3db17ada307b2abbcc..cea8fb8532ddccda2390d936c93f 100644
--- a/pc-bios/s390-ccw/netboot.mak
+++ b/pc-bios/s390-ccw/netboot.mak
@@ -53,6 +53,7 @@ libc.a: $(LIBCOBJS)
LIBNETOBJS := args.o dhcp.o dns.o icmpv6.o ipv6.o tcp.o udp.o bootp.o \
@@ -54,6 +54,7 @@ LIBNETOBJS := args.o dhcp.o dns.o icmpv6.o ipv6.o tcp.o udp.o bootp.o \
dhcpv6.o ethernet.o ipv4.o ndp.o tftp.o pxelinux.o
LIBNETCFLAGS := $(QEMU_CFLAGS) $(CFLAGS) -DDHCPARCH=0x1F $(LIBC_INC) $(LIBNET_INC)
LIBNETCFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
-DDHCPARCH=0x1F -MMD -MP -MT $@ -MF $(@:%.o=%.d)
+LIBNETCFLAGS += -Wno-address-of-packed-member
%.o : $(SLOF_DIR)/lib/libnet/%.c

View File

@ -1,38 +0,0 @@
From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Date: Tue, 12 Jun 2018 15:16:30 +1000
Subject: ppc/spapr_caps: Don't disable cap_cfpc on POWER8 by default
Git-commit: b2540203bdf4a390c3489146eae82ce237303653
References: bsc#1174374
In default_caps_with_cpu() we set spapr_cap_cfpc to broken for POWER8
processors and before.
Since we no longer require private l1d cache on POWER8 for this cap to
be set to workaround change this to default to broken for POWER7
processors and before.
Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Liang Yan <lyan@suse.com>
---
hw/ppc/spapr_caps.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index eb54f9422722f8be922c275c4217..1134f7a1c7cd51be7d0111c6bf85 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -643,11 +643,6 @@ static SpaprCapabilities default_caps_with_cpu(SpaprMachineState *spapr,
caps = smc->default_caps;
- if (!ppc_type_check_compat(cputype, CPU_POWERPC_LOGICAL_3_00,
- 0, spapr->max_compat_pvr)) {
- caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
- }
-
if (!ppc_type_check_compat(cputype, CPU_POWERPC_LOGICAL_2_07,
0, spapr->max_compat_pvr)) {
caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2f13a92a0fa5c8b69ff0796b59b86b080bbb92ebad5d301a7724dd06b5e78cb6
size 62426192

Binary file not shown.

3
qemu-5.1.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c9174eb5933d9eb5e61f541cd6d1184cd3118dfe4c5c4955bc1bdc4d390fa4e5
size 62911540

BIN
qemu-5.1.0.tar.xz.sig Normal file

Binary file not shown.

View File

@ -11,10 +11,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 3 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 05f03919ff070a06444d82e86a70..1a350d1a9e0ff9f99e36817a6ecc 100644
index 945fc252791ce79d968dba5f9545..b1e68b7b1b3d689af62cd271cf31 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8837,6 +8837,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
@@ -8988,6 +8988,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
{
struct timeval tv;
struct timezone tz;

View File

@ -13,10 +13,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 1a350d1a9e0ff9f99e36817a6ecc..946c1e3a1957ea43368311acecda 100644
index b1e68b7b1b3d689af62cd271cf31..8a80cf418ab4299548a85b90e427 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5301,8 +5301,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
@@ -5440,8 +5440,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
ie = ioctl_entries;
for(;;) {
if (ie->target_cmd == 0) {

View File

@ -16,10 +16,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 8 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 946c1e3a1957ea43368311acecda..894627b9dc8d4f72c06bab90aa9b 100644
index 8a80cf418ab4299548a85b90e427..1a835798d19cc77da8d7ec6bdc7b 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5346,6 +5346,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
@@ -5485,6 +5485,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
arg_type++;
target_size = thunk_type_size(arg_type, 0);
switch(ie->access) {
@ -33,7 +33,7 @@ index 946c1e3a1957ea43368311acecda..894627b9dc8d4f72c06bab90aa9b 100644
case IOC_R:
ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
if (!is_error(ret)) {
@@ -5364,6 +5371,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
@@ -5503,6 +5510,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
unlock_user(argptr, arg, 0);
ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
break;

View File

@ -1,3 +1,78 @@
-------------------------------------------------------------------
Tue Aug 11 20:05:25 UTC 2020 - Bruce Rogers <brogers@suse.com>
- Update to v5.1.0: See http://wiki.qemu.org/ChangeLog/5.1
Take note that ongoing feature deprecation is tracked at both
http://wiki.qemu-project.org/Features/LegacyRemoval and in
the deprecated.html file installed with the qemu package
Some noteworthy changes:
* s390: Protected virtualization (secure execute) is fully merged
upstream
* s390: vfio-ccw devices no longer require setting the allow
prefetch bit in the ORB, but is still dependent on host kernel
support
* s390: vfio-ccw now has basic support for relaying path state
changes to the guest
* PowerPC: pseries: NVDIMMs require label-size property
* PowerPC: pseries: POWER10 support
* PowerPC: added interface to inject POWER style NMIs
* ARM: new board: sonorapass-bmc
* ARM: new emulated features: ARMv8.2-TTSUXN, ARMv8.5-MemTag
* ARM: Raspberry Pi boards now support a USB controller
* ARM: virt board now supports hot-remove memory
* RISC-V lots of improvements
* qemu-img resize now requires -shrink to shrinking raw images
* The mem parameter of the -numa option is no longer recognized
starting with 5.1 machine types - instead use the memdev parameter
* The ACPI WAET table is now exposed to guests
* The max blocksize for virtual storage device is now 2 MiB
* NVMe improvements
* Crypto subsystem improvements
* Block backends and tools: Numerous improvements and fixes
* Firmware updates: SeaBIOS (essentially v1.14.0), OpenBIOS, SLOF
(20200717), OpenSBI (v0.7)
* Patches dropped (upstream unless otherwise noted):
ati-vga-check-mm_index-before-recursive-.patch
audio-fix-wavcapture-segfault.patch
es1370-check-total-frame-count-against-c.patch
exec-set-map-length-to-zero-when-returni.patch
gcc10-maybe-uninitialized.patch
hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch
megasas-use-unsigned-type-for-reply_queu.patch
nbd-server-Avoid-long-error-message-asse.patch
ppc-spapr_caps-Don-t-disable-cap_cfpc-on.patch
s390x-Add-SIDA-memory-ops.patch
s390x-Add-unpack-facility-feature-to-GA1.patch
s390x-Move-diagnose-308-subcodes-and-rcs.patch
s390x-protvirt-Add-migration-blocker.patch
s390x-protvirt-Disable-address-checks-fo.patch
s390x-protvirt-Handle-SIGP-store-status-.patch
s390x-protvirt-Inhibit-balloon-when-swit.patch
s390x-protvirt-KVM-intercept-changes.patch
s390x-protvirt-Move-diag-308-data-over-S.patch
s390x-protvirt-Move-IO-control-structure.patch
s390x-protvirt-Move-STSI-data-over-SIDAD.patch
s390x-protvirt-SCLP-interpretation.patch
s390x-protvirt-Set-guest-IPL-PSW.patch
s390x-protvirt-Support-unpack-facility.patch
s390x-s390-virtio-ccw-Fix-build-on-syste.patch
Sync-pv.patch
tests-Disable-some-block-tests-for-now.patch (no longer needed)
vga-fix-cirrus-bios.patch
virtiofsd-add-rlimit-nofile-NUM-option.patch
virtiofsd-stay-below-fs.file-max-sysctl-.patch
* Patches renamed:
build-Do-not-apply-WORKAROUND_CFLAGS-for.patch
-> Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
build-Fix-s-directive-argument-is-null-e.patch
-> Fix-s-directive-argument-is-null-error.patch
* Patches added:
hw-hyperv-vmbus-Fix-32bit-compilation.patch
- New subpackages, due to modularization: qemu-chardev-baum,
qemu-hw-display-qxl, qemu-hw-usb-redirect, qemu-hw-usb-smartcard
- Configure to use "system" libslirp and libdaxctl (libnvdimm)
when available
-------------------------------------------------------------------
Thu Jul 23 19:26:05 UTC 2020 - Liang Yan <lyan@suse.com>

410
qemu.spec
View File

@ -73,6 +73,12 @@
%define with_rbd 1
%endif
%if 0%{?is_opensuse}
%ifarch x86_64 ppc64le
%define with_daxctl 1
%endif
%endif
# qemu, qemu-linux-user, and qemu-testsuite "flavors" enabled via OBS Multibuild
%define flavor @BUILD_FLAVOR@%{nil}
%if "%flavor" == ""
@ -89,9 +95,9 @@
%bcond_with system_membarrier
%define qemuver 5.0.0
%define srcver 5.0.0
%define sbver 1.13.0
%define qemuver 5.1.0
%define srcver 5.1.0
%define sbver 1.13.0_48_gd9c812d
%define srcname qemu
Name: qemu%{name_suffix}
URL: https://www.qemu.org/
@ -127,90 +133,62 @@ Source303: README.PACKAGING
# This patch queue is auto-generated - see README.PACKAGING for process
# Patches applied in base project:
Patch00000: s390x-Move-diagnose-308-subcodes-and-rcs.patch
Patch00001: Sync-pv.patch
Patch00002: s390x-protvirt-Support-unpack-facility.patch
Patch00003: s390x-protvirt-Add-migration-blocker.patch
Patch00004: s390x-protvirt-Inhibit-balloon-when-swit.patch
Patch00005: s390x-protvirt-KVM-intercept-changes.patch
Patch00006: s390x-Add-SIDA-memory-ops.patch
Patch00007: s390x-protvirt-Move-STSI-data-over-SIDAD.patch
Patch00008: s390x-protvirt-SCLP-interpretation.patch
Patch00009: s390x-protvirt-Set-guest-IPL-PSW.patch
Patch00010: s390x-protvirt-Move-diag-308-data-over-S.patch
Patch00011: s390x-protvirt-Disable-address-checks-fo.patch
Patch00012: s390x-protvirt-Move-IO-control-structure.patch
Patch00013: s390x-protvirt-Handle-SIGP-store-status-.patch
Patch00014: s390x-Add-unpack-facility-feature-to-GA1.patch
Patch00015: virtiofsd-add-rlimit-nofile-NUM-option.patch
Patch00016: virtiofsd-stay-below-fs.file-max-sysctl-.patch
Patch00017: es1370-check-total-frame-count-against-c.patch
Patch00018: audio-fix-wavcapture-segfault.patch
Patch00019: ati-vga-check-mm_index-before-recursive-.patch
Patch00020: nbd-server-Avoid-long-error-message-asse.patch
Patch00021: hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch
Patch00022: megasas-use-unsigned-type-for-reply_queu.patch
Patch00023: exec-set-map-length-to-zero-when-returni.patch
Patch00024: XXX-dont-dump-core-on-sigabort.patch
Patch00025: qemu-binfmt-conf-Modify-default-path.patch
Patch00026: qemu-cvs-gettimeofday.patch
Patch00027: qemu-cvs-ioctl_debug.patch
Patch00028: qemu-cvs-ioctl_nodirection.patch
Patch00029: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00030: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00031: linux-user-binfmt-support-host-binaries.patch
Patch00032: linux-user-Fake-proc-cpuinfo.patch
Patch00033: linux-user-use-target_ulong.patch
Patch00034: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00035: linux-user-lseek-explicitly-cast-non-set.patch
Patch00036: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00037: xen_disk-Add-suse-specific-flush-disable.patch
Patch00038: qemu-bridge-helper-reduce-security-profi.patch
Patch00039: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00040: linux-user-properly-test-for-infinite-ti.patch
Patch00041: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00042: Raise-soft-address-space-limit-to-hard-l.patch
Patch00043: increase-x86_64-physical-bits-to-42.patch
Patch00044: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00045: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00046: Switch-order-of-libraries-for-mpath-supp.patch
Patch00047: Make-installed-scripts-explicitly-python.patch
Patch00048: hw-smbios-handle-both-file-formats-regar.patch
Patch00049: xen-add-block-resize-support-for-xen-dis.patch
Patch00050: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00051: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00052: xen-ignore-live-parameter-from-xen-save-.patch
Patch00053: Conditionalize-ui-bitmap-installation-be.patch
Patch00054: tests-change-error-message-in-test-162.patch
Patch00055: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
Patch00056: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
Patch00057: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00058: configure-only-populate-roms-if-softmmu.patch
Patch00059: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00060: roms-change-cross-compiler-naming-to-be-.patch
Patch00061: tests-Disable-some-block-tests-for-now.patch
Patch00062: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00063: roms-Makefile-enable-cross-compile-for-b.patch
Patch00064: s390x-s390-virtio-ccw-Fix-build-on-syste.patch
Patch00065: configure-remove-pkgversion-from-CONFIG_.patch
Patch00066: gcc10-maybe-uninitialized.patch
Patch00067: docs-add-SUSE-support-statements-to-html.patch
Patch00068: docs-fix-trace-docs-build-with-sphinx-3..patch
Patch00069: ppc-spapr_caps-Don-t-disable-cap_cfpc-on.patch
Patch00000: docs-fix-trace-docs-build-with-sphinx-3..patch
Patch00001: hw-hyperv-vmbus-Fix-32bit-compilation.patch
Patch00002: XXX-dont-dump-core-on-sigabort.patch
Patch00003: qemu-binfmt-conf-Modify-default-path.patch
Patch00004: qemu-cvs-gettimeofday.patch
Patch00005: qemu-cvs-ioctl_debug.patch
Patch00006: qemu-cvs-ioctl_nodirection.patch
Patch00007: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00008: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00009: linux-user-binfmt-support-host-binaries.patch
Patch00010: linux-user-Fake-proc-cpuinfo.patch
Patch00011: linux-user-use-target_ulong.patch
Patch00012: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00013: linux-user-lseek-explicitly-cast-non-set.patch
Patch00014: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00015: xen_disk-Add-suse-specific-flush-disable.patch
Patch00016: qemu-bridge-helper-reduce-security-profi.patch
Patch00017: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00018: linux-user-properly-test-for-infinite-ti.patch
Patch00019: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00020: Raise-soft-address-space-limit-to-hard-l.patch
Patch00021: increase-x86_64-physical-bits-to-42.patch
Patch00022: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00023: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00024: Switch-order-of-libraries-for-mpath-supp.patch
Patch00025: Make-installed-scripts-explicitly-python.patch
Patch00026: hw-smbios-handle-both-file-formats-regar.patch
Patch00027: xen-add-block-resize-support-for-xen-dis.patch
Patch00028: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00029: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00030: xen-ignore-live-parameter-from-xen-save-.patch
Patch00031: Conditionalize-ui-bitmap-installation-be.patch
Patch00032: tests-change-error-message-in-test-162.patch
Patch00033: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
Patch00034: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
Patch00035: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00036: configure-only-populate-roms-if-softmmu.patch
Patch00037: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00038: roms-change-cross-compiler-naming-to-be-.patch
Patch00039: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00040: roms-Makefile-enable-cross-compile-for-b.patch
Patch00041: configure-remove-pkgversion-from-CONFIG_.patch
Patch00042: docs-add-SUSE-support-statements-to-html.patch
# Patches applied in roms/seabios/:
Patch01000: seabios-use-python2-explicitly-as-needed.patch
Patch01001: seabios-switch-to-python3-as-needed.patch
Patch01002: enable-cross-compilation-on-ARM.patch
Patch01003: vga-fix-cirrus-bios.patch
# Patches applied in roms/ipxe/:
Patch02000: build-Fix-s-directive-argument-is-null-e.patch
Patch02000: Fix-s-directive-argument-is-null-error.patch
Patch02001: build-Workaround-compilation-error-with-.patch
Patch02002: build-Do-not-apply-WORKAROUND_CFLAGS-for.patch
Patch02003: build-Be-explicit-about-fcommon-compiler.patch
Patch02004: intel-Avoid-spurious-compiler-warning-on.patch
Patch02005: golan-Add-explicit-type-casts-for-nodnic.patch
Patch02006: stub-out-the-SAN-req-s-in-int13.patch
Patch02007: ipxe-Makefile-fix-issues-of-build-reprod.patch
Patch02002: build-Be-explicit-about-fcommon-compiler.patch
Patch02003: intel-Avoid-spurious-compiler-warning-on.patch
Patch02004: golan-Add-explicit-type-casts-for-nodnic.patch
Patch02005: stub-out-the-SAN-req-s-in-int13.patch
Patch02006: ipxe-Makefile-fix-issues-of-build-reprod.patch
Patch02007: Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
# Patches applied in roms/sgabios/:
Patch03000: sgabios-Makefile-fix-issues-of-build-rep.patch
Patch03001: roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
@ -290,7 +268,7 @@ BuildRequires: glibc-devel-32bit
%if 0%{?with_glusterfs}
BuildRequires: glusterfs-devel >= 3
%endif
BuildRequires: gtk3-devel >= 3.16
BuildRequires: gtk3-devel >= 3.22
BuildRequires: libaio-devel
BuildRequires: libattr-devel
BuildRequires: libbz2-devel
@ -306,6 +284,9 @@ BuildRequires: libgcrypt-devel >= 1.5.0
BuildRequires: libgnutls-devel >= 3.1.18
BuildRequires: libiscsi-devel >= 1.9.0
BuildRequires: libjpeg-devel
%if 0%{?with_daxctl}
BuildRequires: libndctl-devel
%endif
%if 0%{?is_opensuse}
BuildRequires: libnfs-devel >= 1.9.3
%endif
@ -327,6 +308,9 @@ BuildRequires: libSDL2-devel
BuildRequires: libSDL2_image-devel
%endif
BuildRequires: libseccomp-devel >= 2.3.0
%if 0%{?is_opensuse}
BuildRequires: libslirp-devel >= 4.2.0
%endif
BuildRequires: libspice-server-devel >= 0.12.5
BuildRequires: libssh-devel >= 0.8
BuildRequires: libusb-1_0-devel >= 1.0.13
@ -388,11 +372,17 @@ BuildRequires: qemu-block-nfs = %{qemuver}
BuildRequires: qemu-block-rbd = %{qemuver}
%endif
BuildRequires: qemu-block-ssh = %{qemuver}
BuildRequires: qemu-chardev-baum = %{qemuver}
%if %{provide_edk2_firmware}
BuildRequires: qemu-edk2 = %{qemuver}
%endif
BuildRequires: qemu-extra = %{qemuver}
BuildRequires: qemu-guest-agent = %{qemuver}
BuildRequires: qemu-hw-display-qxl = %{qemuver}
BuildRequires: qemu-hw-usb-redirect = %{qemuver}
%if 0%{?is_opensuse}
BuildRequires: qemu-hw-usb-smartcard = %{qemuver}
%endif
BuildRequires: qemu-ipxe = 1.0.0+
%if 0%{?is_opensuse}
BuildRequires: qemu-ksm = %{qemuver}
@ -423,6 +413,11 @@ Requires(post): procps
Recommends: kvm_stat
%endif
Recommends: qemu-block-curl
Recommends: qemu-hw-display-qxl
Recommends: qemu-hw-usb-redirect
%if 0%{?is_opensuse}
Recommends: qemu-hw-usb-smartcard
%endif
Recommends: qemu-tools
Recommends: qemu-ui-curses
Recommends: qemu-ui-gtk
@ -461,6 +456,7 @@ Suggests: qemu-block-nfs
Suggests: qemu-block-rbd
%endif
Suggests: qemu-block-ssh
Suggests: qemu-chardev-baum
Suggests: qemu-extra
Suggests: qemu-lang
%if 0%{?is_opensuse}
@ -608,6 +604,38 @@ Conflicts: %name > %{qemuver}-%{release} \
Conflicts: qemu-tools < %{qemuver}-%{release} \
Conflicts: qemu-tools > %{qemuver}-%{release}
%package audio-alsa
Summary: ALSA based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-alsa
This package contains a module for ALSA based audio support for QEMU.
%package audio-pa
Summary: Pulse Audio based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-pa
This package contains a module for Pulse Audio based audio support for QEMU.
%if 0%{?is_opensuse}
%package audio-sdl
Summary: SDL based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-sdl
This package contains a module for SDL based audio support for QEMU.
%endif
%package block-curl
Summary: cURL block support for QEMU
Group: System/Emulators/PC
@ -690,6 +718,46 @@ Release: 0
This package contains a module for accessing network-based image files over an
SSH network connection from qemu-img tool and QEMU system emulation.
%package chardev-baum
Summary: Baum braille chardev support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description chardev-baum
This package contains a module for baum braille chardev support.
%package hw-display-qxl
Summary: QXL display support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description hw-display-qxl
This package contains a module for QXL display support.
%package hw-usb-redirect
Summary: USB redirection support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description hw-usb-redirect
This package contains a module for USB redirection support.
%package hw-usb-smartcard
Summary: USB smartcard support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description hw-usb-smartcard
This package contains a modules for USB smartcard support.
%package ui-curses
Summary: Curses based UI support for QEMU
Group: System/Emulators/PC
@ -732,38 +800,6 @@ Release: 0
%description ui-spice-app
This package contains a module for doing Spice based UI for QEMU.
%package audio-alsa
Summary: ALSA based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-alsa
This package contains a module for ALSA based audio support for QEMU.
%package audio-pa
Summary: Pulse Audio based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-pa
This package contains a module for Pulse Audio based audio support for QEMU.
%if 0%{?is_opensuse}
%package audio-sdl
Summary: SDL based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-sdl
This package contains a module for SDL based audio support for QEMU.
%endif
%package vhost-user-gpu
Summary: Vhost user mode virtio-gpu 2D/3D rendering backend for QEMU
Group: System/Emulators/PC
@ -906,7 +942,9 @@ This package provides a service file for starting and stopping KSM.
# ========================================================================
%prep
%setup -q -n %{srcname}-%{expand:%%(SV=%{srcver};echo ${SV%%%%+git*})}
%if 0%{?suse_version} > 1500
%patch00000 -p1
%endif
%patch00001 -p1
%patch00002 -p1
%patch00003 -p1
@ -948,52 +986,26 @@ This package provides a service file for starting and stopping KSM.
%patch00039 -p1
%patch00040 -p1
%patch00041 -p1
%patch00042 -p1
%patch00043 -p1
%patch00044 -p1
%patch00045 -p1
%patch00046 -p1
%patch00047 -p1
%patch00048 -p1
%patch00049 -p1
%patch00050 -p1
%patch00051 -p1
%patch00052 -p1
%patch00053 -p1
%patch00054 -p1
%patch00055 -p1
%patch00056 -p1
%patch00057 -p1
%patch00058 -p1
%patch00059 -p1
%patch00060 -p1
%patch00061 -p1
%patch00062 -p1
%patch00063 -p1
%patch00064 -p1
%patch00065 -p1
%patch00066 -p1
%if %{legacy_qemu_kvm} && 0%{?is_opensuse} == 0
%patch00067 -p1
%patch00042 -p1
%endif
%patch00068 -p1
%patch00069 -p1
%patch01000 -p1
%patch01001 -p1
%patch01002 -p1
%patch01003 -p1
%patch02000 -p1
%if 0%{?suse_version} > 1500 && 0%{?is_opensuse}
%patch02001 -p1
%ifarch aarch64
%patch02002 -p1
%endif
%patch02002 -p1
%patch02003 -p1
%patch02004 -p1
%patch02005 -p1
%if 0%{?patch-possibly-applied-elsewhere}
%patch02006 -p1
%patch02005 -p1
%endif
%patch02006 -p1
%ifarch aarch64
%patch02007 -p1
%endif
%patch03000 -p1
%patch03001 -p1
%patch08000 -p1
@ -1145,6 +1157,11 @@ cd %mybuilddir
--enable-tools --enable-guest-agent \
--enable-modules \
--disable-module-upgrades \
%if 0%{?is_opensuse}
--enable-slirp=system \
%else
--enable-slirp=git \
%endif
--enable-pie \
--enable-docs \
%if 0%{?is_opensuse}
@ -1182,6 +1199,11 @@ cd %mybuilddir
--enable-kvm \
%else
--disable-kvm \
%endif
%if 0%{?with_daxctl}
--enable-libdaxctl \
%else
--disable-libdaxctl \
%endif
--enable-libiscsi \
%if 0%{?is_opensuse}
@ -1231,6 +1253,7 @@ cd %mybuilddir
%endif
--enable-rdma \
--enable-replication \
--disable-safe-stack \
--disable-sanitizers \
%if 0%{?is_opensuse}
--enable-sdl \
@ -1259,6 +1282,7 @@ cd %mybuilddir
--enable-vhost-scsi \
--enable-vhost-user \
--enable-vhost-user-fs \
--enable-vhost-vdpa \
--enable-vhost-vsock \
--enable-virglrenderer \
--enable-virtfs \
@ -1297,6 +1321,7 @@ cd %mybuilddir
--disable-fdt \
--disable-iconv \
--disable-kvm \
--disable-libdaxctl \
--disable-malloc-trim \
%if %{with system_membarrier}
--enable-membarrier \
@ -1309,6 +1334,7 @@ cd %mybuilddir
--disable-qed \
--disable-replication \
--disable-sheepdog \
--disable-safe-stack \
--disable-slirp \
--disable-tpm \
--disable-vdi \
@ -1402,8 +1428,7 @@ make -C %{_builddir}/%buildsubdir/roms sgabios \
pushd %{_builddir}/%buildsubdir
patch -p1 < %_sourcedir/stub-out-the-SAN-req-s-in-int13.patch
popd
make %{?_smp_mflags} -C %{_builddir}/%buildsubdir/roms \
pxerom_variants=virtio pxerom_targets=1af41000 pxerom
make %{?_smp_mflags} -C %{_builddir}/%buildsubdir/roms pxerom_variants=virtio pxerom_targets=1af41000 pxerom
%endif
# enforce pxe rom sizes for migration compatability from SLE 11 SP3 forward
@ -1772,16 +1797,18 @@ fi
%_docdir/%name/interop/live-block-operations.html
%_docdir/%name/interop/objects.inv
%_docdir/%name/interop/pr-helper.html
%_docdir/%name/interop/qemu-ga-ref.html
%_docdir/%name/interop/qemu-ga-ref.txt
%_docdir/%name/interop/qemu-qmp-ref.html
%_docdir/%name/interop/qemu-qmp-ref.txt
%_docdir/%name/interop/search.html
%_docdir/%name/interop/searchindex.js
%_docdir/%name/interop/vhost-user.html
%_docdir/%name/interop/vhost-user-gpu.html
%_docdir/%name/qemu-qmp-ref.txt
%_docdir/%name/qemu-qmp-ref.html
%_docdir/%name/qemu-ga-ref.txt
%_docdir/%name/qemu-ga-ref.html
%_docdir/%name/interop/vhost-vdpa.html
%_docdir/%name/specs/.buildinfo
%_docdir/%name/specs/_static/*
%_docdir/%name/specs/acpi_hest_ghes.html
%_docdir/%name/specs/acpi_hw_reduced_hotplug.html
%_docdir/%name/specs/genindex.html
%_docdir/%name/specs/index.html
@ -1793,8 +1820,14 @@ fi
%_docdir/%name/specs/tpm.html
%_docdir/%name/system/.buildinfo
%_docdir/%name/system/_static/*
%_docdir/%name/system/arm/aspeed.html
%_docdir/%name/system/arm/collie.html
%_docdir/%name/system/arm/cpu-features.html
%_docdir/%name/system/arm/digic.html
%_docdir/%name/system/arm/gumstix.html
%_docdir/%name/system/arm/integratorcp.html
%_docdir/%name/system/arm/mps2.html
%_docdir/%name/system/arm/musca.html
%_docdir/%name/system/arm/musicpal.html
%_docdir/%name/system/arm/nseries.html
%_docdir/%name/system/arm/orangepi.html
@ -1803,6 +1836,8 @@ fi
%_docdir/%name/system/arm/stellaris.html
%_docdir/%name/system/arm/sx1.html
%_docdir/%name/system/arm/versatile.html
%_docdir/%name/system/arm/vexpress.html
%_docdir/%name/system/arm/virt.html
%_docdir/%name/system/arm/xscale.html
%_docdir/%name/system/build-platforms.html
%_docdir/%name/system/deprecated.html
@ -1824,20 +1859,26 @@ fi
%_docdir/%name/system/qemu-cpu-models.html
%_docdir/%name/system/qemu-manpage.html
%_docdir/%name/system/quickstart.html
%_docdir/%name/system/s390x/3270.html
%_docdir/%name/system/s390x/css.html
%_docdir/%name/system/s390x/protvirt.html
%_docdir/%name/system/s390x/vfio-ap.html
%_docdir/%name/system/s390x/vfio-ccw.html
%_docdir/%name/system/search.html
%_docdir/%name/system/searchindex.js
%_docdir/%name/system/security.html
%_docdir/%name/system/target-arm.html
%_docdir/%name/system/target-avr.html
%_docdir/%name/system/target-i386.html
%_docdir/%name/system/target-m68k.html
%_docdir/%name/system/target-mips.html
%_docdir/%name/system/target-ppc.html
%_docdir/%name/system/targets.html
%_docdir/%name/system/target-rx.html
%_docdir/%name/system/target-s390x.html
%_docdir/%name/system/target-sparc64.html
%_docdir/%name/system/target-sparc.html
%_docdir/%name/system/target-xtensa.html
%_docdir/%name/system/targets.html
%_docdir/%name/system/tls.html
%_docdir/%name/system/usb.html
%_docdir/%name/system/vnc-security.html
@ -1932,6 +1973,7 @@ fi
%files extra
%defattr(-, root, root)
%_bindir/qemu-system-alpha
%_bindir/qemu-system-avr
%_bindir/qemu-system-cris
%_bindir/qemu-system-hppa
%_bindir/qemu-system-lm32
@ -1981,6 +2023,23 @@ fi
%endif
%endif
%files audio-alsa
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-alsa.so
%files audio-pa
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-pa.so
%if 0%{?is_opensuse}
%files audio-sdl
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-sdl.so
%endif
%files block-curl
%defattr(-, root, root)
%dir %_libdir/%name
@ -2025,6 +2084,28 @@ fi
%dir %_libdir/%name
%_libdir/%name/block-ssh.so
%files chardev-baum
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/chardev-baum.so
%files hw-display-qxl
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/hw-display-qxl.so
%files hw-usb-redirect
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/hw-usb-redirect.so
%if 0%{?is_opensuse}
%files hw-usb-smartcard
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/hw-usb-smartcard.so
%endif
%files ui-curses
%defattr(-, root, root)
%dir %_libdir/%name
@ -2047,23 +2128,6 @@ fi
%dir %_libdir/%name
%_libdir/%name/ui-spice-app.so
%files audio-alsa
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-alsa.so
%files audio-pa
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-pa.so
%if 0%{?is_opensuse}
%files audio-sdl
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-sdl.so
%endif
%files lang -f %mybuilddir/%name.lang
%defattr(-, root, root)
@ -2157,11 +2221,11 @@ fi
%_bindir/qemu-io
%_bindir/qemu-keymap
%_bindir/qemu-nbd
%_bindir/qemu-pr-helper
%_bindir/qemu-storage-daemon
%_bindir/virtfs-proxy-helper
%_bindir/vmstate-static-checker.py
%verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper
%_libexecdir/qemu-pr-helper
%_libexecdir/virtfs-proxy-helper
%_libexecdir/virtiofsd
%_mandir/man1/qemu-img.1.gz
%_mandir/man1/virtfs-proxy-helper.1.gz

View File

@ -73,6 +73,12 @@
%define with_rbd 1
%endif
%if 0%{?is_opensuse}
%ifarch x86_64 ppc64le
%define with_daxctl 1
%endif
%endif
# qemu, qemu-linux-user, and qemu-testsuite "flavors" enabled via OBS Multibuild
%define flavor @BUILD_FLAVOR@%{nil}
%if "%flavor" == ""
@ -195,7 +201,7 @@ BuildRequires: glibc-devel-32bit
%if 0%{?with_glusterfs}
BuildRequires: glusterfs-devel >= 3
%endif
BuildRequires: gtk3-devel >= 3.16
BuildRequires: gtk3-devel >= 3.22
BuildRequires: libaio-devel
BuildRequires: libattr-devel
BuildRequires: libbz2-devel
@ -211,6 +217,9 @@ BuildRequires: libgcrypt-devel >= 1.5.0
BuildRequires: libgnutls-devel >= 3.1.18
BuildRequires: libiscsi-devel >= 1.9.0
BuildRequires: libjpeg-devel
%if 0%{?with_daxctl}
BuildRequires: libndctl-devel
%endif
%if 0%{?is_opensuse}
BuildRequires: libnfs-devel >= 1.9.3
%endif
@ -232,6 +241,9 @@ BuildRequires: libSDL2-devel
BuildRequires: libSDL2_image-devel
%endif
BuildRequires: libseccomp-devel >= 2.3.0
%if 0%{?is_opensuse}
BuildRequires: libslirp-devel >= 4.2.0
%endif
BuildRequires: libspice-server-devel >= 0.12.5
BuildRequires: libssh-devel >= 0.8
BuildRequires: pkgconfig(libudev)
@ -293,11 +305,17 @@ BuildRequires: qemu-block-nfs = %{qemuver}
BuildRequires: qemu-block-rbd = %{qemuver}
%endif
BuildRequires: qemu-block-ssh = %{qemuver}
BuildRequires: qemu-chardev-baum = %{qemuver}
%if %{provide_edk2_firmware}
BuildRequires: qemu-edk2 = %{qemuver}
%endif
BuildRequires: qemu-extra = %{qemuver}
BuildRequires: qemu-guest-agent = %{qemuver}
BuildRequires: qemu-hw-display-qxl = %{qemuver}
BuildRequires: qemu-hw-usb-redirect = %{qemuver}
%if 0%{?is_opensuse}
BuildRequires: qemu-hw-usb-smartcard = %{qemuver}
%endif
BuildRequires: qemu-ipxe = 1.0.0+
%if 0%{?is_opensuse}
BuildRequires: qemu-ksm = %{qemuver}
@ -328,6 +346,11 @@ Requires(post): procps
Recommends: kvm_stat
%endif
Recommends: qemu-block-curl
Recommends: qemu-hw-display-qxl
Recommends: qemu-hw-usb-redirect
%if 0%{?is_opensuse}
Recommends: qemu-hw-usb-smartcard
%endif
Recommends: qemu-tools
Recommends: qemu-ui-curses
Recommends: qemu-ui-gtk
@ -366,6 +389,7 @@ Suggests: qemu-block-nfs
Suggests: qemu-block-rbd
%endif
Suggests: qemu-block-ssh
Suggests: qemu-chardev-baum
Suggests: qemu-extra
Suggests: qemu-lang
%if 0%{?is_opensuse}
@ -513,6 +537,38 @@ Conflicts: %name > %{qemuver}-%{release} \
Conflicts: qemu-tools < %{qemuver}-%{release} \
Conflicts: qemu-tools > %{qemuver}-%{release}
%package audio-alsa
Summary: ALSA based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-alsa
This package contains a module for ALSA based audio support for QEMU.
%package audio-pa
Summary: Pulse Audio based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-pa
This package contains a module for Pulse Audio based audio support for QEMU.
%if 0%{?is_opensuse}
%package audio-sdl
Summary: SDL based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-sdl
This package contains a module for SDL based audio support for QEMU.
%endif
%package block-curl
Summary: cURL block support for QEMU
Group: System/Emulators/PC
@ -595,6 +651,46 @@ Release: 0
This package contains a module for accessing network-based image files over an
SSH network connection from qemu-img tool and QEMU system emulation.
%package chardev-baum
Summary: Baum braille chardev support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description chardev-baum
This package contains a module for baum braille chardev support.
%package hw-display-qxl
Summary: QXL display support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description hw-display-qxl
This package contains a module for QXL display support.
%package hw-usb-redirect
Summary: USB redirection support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description hw-usb-redirect
This package contains a module for USB redirection support.
%package hw-usb-smartcard
Summary: USB smartcard support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description hw-usb-smartcard
This package contains a modules for USB smartcard support.
%package ui-curses
Summary: Curses based UI support for QEMU
Group: System/Emulators/PC
@ -637,38 +733,6 @@ Release: 0
%description ui-spice-app
This package contains a module for doing Spice based UI for QEMU.
%package audio-alsa
Summary: ALSA based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-alsa
This package contains a module for ALSA based audio support for QEMU.
%package audio-pa
Summary: Pulse Audio based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-pa
This package contains a module for Pulse Audio based audio support for QEMU.
%if 0%{?is_opensuse}
%package audio-sdl
Summary: SDL based audio support for QEMU
Group: System/Emulators/PC
Version: %{qemuver}
Release: 0
%{qemu_module_conflicts}
%description audio-sdl
This package contains a module for SDL based audio support for QEMU.
%endif
%package vhost-user-gpu
Summary: Vhost user mode virtio-gpu 2D/3D rendering backend for QEMU
Group: System/Emulators/PC
@ -958,6 +1022,11 @@ cd %mybuilddir
--enable-tools --enable-guest-agent \
--enable-modules \
--disable-module-upgrades \
%if 0%{?is_opensuse}
--enable-slirp=system \
%else
--enable-slirp=git \
%endif
--enable-pie \
--enable-docs \
%if 0%{?is_opensuse}
@ -995,6 +1064,11 @@ cd %mybuilddir
--enable-kvm \
%else
--disable-kvm \
%endif
%if 0%{?with_daxctl}
--enable-libdaxctl \
%else
--disable-libdaxctl \
%endif
--enable-libiscsi \
%if 0%{?is_opensuse}
@ -1044,6 +1118,7 @@ cd %mybuilddir
%endif
--enable-rdma \
--enable-replication \
--disable-safe-stack \
--disable-sanitizers \
%if 0%{?is_opensuse}
--enable-sdl \
@ -1072,6 +1147,7 @@ cd %mybuilddir
--enable-vhost-scsi \
--enable-vhost-user \
--enable-vhost-user-fs \
--enable-vhost-vdpa \
--enable-vhost-vsock \
--enable-virglrenderer \
--enable-virtfs \
@ -1110,6 +1186,7 @@ cd %mybuilddir
--disable-fdt \
--disable-iconv \
--disable-kvm \
--disable-libdaxctl \
--disable-malloc-trim \
%if %{with system_membarrier}
--enable-membarrier \
@ -1122,6 +1199,7 @@ cd %mybuilddir
--disable-qed \
--disable-replication \
--disable-sheepdog \
--disable-safe-stack \
--disable-slirp \
--disable-tpm \
--disable-vdi \
@ -1215,8 +1293,7 @@ make -C %{_builddir}/%buildsubdir/roms sgabios \
pushd %{_builddir}/%buildsubdir
patch -p1 < %_sourcedir/stub-out-the-SAN-req-s-in-int13.patch
popd
make %{?_smp_mflags} -C %{_builddir}/%buildsubdir/roms \
pxerom_variants=virtio pxerom_targets=1af41000 pxerom
make %{?_smp_mflags} -C %{_builddir}/%buildsubdir/roms pxerom_variants=virtio pxerom_targets=1af41000 pxerom
%endif
# enforce pxe rom sizes for migration compatability from SLE 11 SP3 forward
@ -1585,16 +1662,18 @@ fi
%_docdir/%name/interop/live-block-operations.html
%_docdir/%name/interop/objects.inv
%_docdir/%name/interop/pr-helper.html
%_docdir/%name/interop/qemu-ga-ref.html
%_docdir/%name/interop/qemu-ga-ref.txt
%_docdir/%name/interop/qemu-qmp-ref.html
%_docdir/%name/interop/qemu-qmp-ref.txt
%_docdir/%name/interop/search.html
%_docdir/%name/interop/searchindex.js
%_docdir/%name/interop/vhost-user.html
%_docdir/%name/interop/vhost-user-gpu.html
%_docdir/%name/qemu-qmp-ref.txt
%_docdir/%name/qemu-qmp-ref.html
%_docdir/%name/qemu-ga-ref.txt
%_docdir/%name/qemu-ga-ref.html
%_docdir/%name/interop/vhost-vdpa.html
%_docdir/%name/specs/.buildinfo
%_docdir/%name/specs/_static/*
%_docdir/%name/specs/acpi_hest_ghes.html
%_docdir/%name/specs/acpi_hw_reduced_hotplug.html
%_docdir/%name/specs/genindex.html
%_docdir/%name/specs/index.html
@ -1606,8 +1685,14 @@ fi
%_docdir/%name/specs/tpm.html
%_docdir/%name/system/.buildinfo
%_docdir/%name/system/_static/*
%_docdir/%name/system/arm/aspeed.html
%_docdir/%name/system/arm/collie.html
%_docdir/%name/system/arm/cpu-features.html
%_docdir/%name/system/arm/digic.html
%_docdir/%name/system/arm/gumstix.html
%_docdir/%name/system/arm/integratorcp.html
%_docdir/%name/system/arm/mps2.html
%_docdir/%name/system/arm/musca.html
%_docdir/%name/system/arm/musicpal.html
%_docdir/%name/system/arm/nseries.html
%_docdir/%name/system/arm/orangepi.html
@ -1616,6 +1701,8 @@ fi
%_docdir/%name/system/arm/stellaris.html
%_docdir/%name/system/arm/sx1.html
%_docdir/%name/system/arm/versatile.html
%_docdir/%name/system/arm/vexpress.html
%_docdir/%name/system/arm/virt.html
%_docdir/%name/system/arm/xscale.html
%_docdir/%name/system/build-platforms.html
%_docdir/%name/system/deprecated.html
@ -1637,20 +1724,26 @@ fi
%_docdir/%name/system/qemu-cpu-models.html
%_docdir/%name/system/qemu-manpage.html
%_docdir/%name/system/quickstart.html
%_docdir/%name/system/s390x/3270.html
%_docdir/%name/system/s390x/css.html
%_docdir/%name/system/s390x/protvirt.html
%_docdir/%name/system/s390x/vfio-ap.html
%_docdir/%name/system/s390x/vfio-ccw.html
%_docdir/%name/system/search.html
%_docdir/%name/system/searchindex.js
%_docdir/%name/system/security.html
%_docdir/%name/system/target-arm.html
%_docdir/%name/system/target-avr.html
%_docdir/%name/system/target-i386.html
%_docdir/%name/system/target-m68k.html
%_docdir/%name/system/target-mips.html
%_docdir/%name/system/target-ppc.html
%_docdir/%name/system/targets.html
%_docdir/%name/system/target-rx.html
%_docdir/%name/system/target-s390x.html
%_docdir/%name/system/target-sparc64.html
%_docdir/%name/system/target-sparc.html
%_docdir/%name/system/target-xtensa.html
%_docdir/%name/system/targets.html
%_docdir/%name/system/tls.html
%_docdir/%name/system/usb.html
%_docdir/%name/system/vnc-security.html
@ -1745,6 +1838,7 @@ fi
%files extra
%defattr(-, root, root)
%_bindir/qemu-system-alpha
%_bindir/qemu-system-avr
%_bindir/qemu-system-cris
%_bindir/qemu-system-hppa
%_bindir/qemu-system-lm32
@ -1794,6 +1888,23 @@ fi
%endif
%endif
%files audio-alsa
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-alsa.so
%files audio-pa
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-pa.so
%if 0%{?is_opensuse}
%files audio-sdl
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-sdl.so
%endif
%files block-curl
%defattr(-, root, root)
%dir %_libdir/%name
@ -1838,6 +1949,28 @@ fi
%dir %_libdir/%name
%_libdir/%name/block-ssh.so
%files chardev-baum
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/chardev-baum.so
%files hw-display-qxl
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/hw-display-qxl.so
%files hw-usb-redirect
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/hw-usb-redirect.so
%if 0%{?is_opensuse}
%files hw-usb-smartcard
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/hw-usb-smartcard.so
%endif
%files ui-curses
%defattr(-, root, root)
%dir %_libdir/%name
@ -1860,23 +1993,6 @@ fi
%dir %_libdir/%name
%_libdir/%name/ui-spice-app.so
%files audio-alsa
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-alsa.so
%files audio-pa
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-pa.so
%if 0%{?is_opensuse}
%files audio-sdl
%defattr(-, root, root)
%dir %_libdir/%name
%_libdir/%name/audio-sdl.so
%endif
%files lang -f %mybuilddir/%name.lang
%defattr(-, root, root)
@ -1970,11 +2086,11 @@ fi
%_bindir/qemu-io
%_bindir/qemu-keymap
%_bindir/qemu-nbd
%_bindir/qemu-pr-helper
%_bindir/qemu-storage-daemon
%_bindir/virtfs-proxy-helper
%_bindir/vmstate-static-checker.py
%verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper
%_libexecdir/qemu-pr-helper
%_libexecdir/virtfs-proxy-helper
%_libexecdir/virtiofsd
%_mandir/man1/qemu-img.1.gz
%_mandir/man1/virtfs-proxy-helper.1.gz

View File

@ -1,135 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Wed, 5 Feb 2020 06:57:35 -0500
Subject: s390x: Add SIDA memory ops
Git-commit a9f21cec3bc9c86062c7c24bb2143d22cb3c2950
References: bsc#1167075
Protected guests save the instruction control blocks in the SIDA
instead of QEMU/KVM directly accessing the guest's memory.
Let's introduce new functions to access the SIDA.
The memops for doing so are available with KVM_CAP_S390_PROTECTED, so
let's check for that.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/s390x/cpu.h | 7 ++++++-
target/s390x/kvm.c | 26 ++++++++++++++++++++++++++
target/s390x/kvm_s390x.h | 2 ++
target/s390x/mmu_helper.c | 14 ++++++++++++++
4 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 1d17709d6e10b5e0668bc09e21c7..035427521cec252877c70288d597 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -823,7 +823,12 @@ int s390_cpu_virt_mem_rw(S390CPU *cpu, vaddr laddr, uint8_t ar, void *hostbuf,
#define s390_cpu_virt_mem_check_write(cpu, laddr, ar, len) \
s390_cpu_virt_mem_rw(cpu, laddr, ar, NULL, len, true)
void s390_cpu_virt_mem_handle_exc(S390CPU *cpu, uintptr_t ra);
-
+int s390_cpu_pv_mem_rw(S390CPU *cpu, unsigned int offset, void *hostbuf,
+ int len, bool is_write);
+#define s390_cpu_pv_mem_read(cpu, offset, dest, len) \
+ s390_cpu_pv_mem_rw(cpu, offset, dest, len, false)
+#define s390_cpu_pv_mem_write(cpu, offset, dest, len) \
+ s390_cpu_pv_mem_rw(cpu, offset, dest, len, true)
/* sigp.c */
int s390_cpu_restart(S390CPU *cpu);
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index 1988809ec2e7b1b6db33ba85eaef..0e93778ed15d0e04e83eff1baccf 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -154,6 +154,7 @@ static int cap_ri;
static int cap_gs;
static int cap_hpage_1m;
static int cap_vcpu_resets;
+static int cap_protected;
static int active_cmma;
@@ -351,6 +352,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
cap_mem_op = kvm_check_extension(s, KVM_CAP_S390_MEM_OP);
cap_s390_irq = kvm_check_extension(s, KVM_CAP_S390_INJECT_IRQ);
cap_vcpu_resets = kvm_check_extension(s, KVM_CAP_S390_VCPU_RESETS);
+ cap_protected = kvm_check_extension(s, KVM_CAP_S390_PROTECTED);
if (!kvm_check_extension(s, KVM_CAP_S390_GMAP)
|| !kvm_check_extension(s, KVM_CAP_S390_COW)) {
@@ -851,6 +853,30 @@ int kvm_s390_mem_op(S390CPU *cpu, vaddr addr, uint8_t ar, void *hostbuf,
return ret;
}
+int kvm_s390_mem_op_pv(S390CPU *cpu, uint64_t offset, void *hostbuf,
+ int len, bool is_write)
+{
+ struct kvm_s390_mem_op mem_op = {
+ .sida_offset = offset,
+ .size = len,
+ .op = is_write ? KVM_S390_MEMOP_SIDA_WRITE
+ : KVM_S390_MEMOP_SIDA_READ,
+ .buf = (uint64_t)hostbuf,
+ };
+ int ret;
+
+ if (!cap_mem_op || !cap_protected) {
+ return -ENOSYS;
+ }
+
+ ret = kvm_vcpu_ioctl(CPU(cpu), KVM_S390_MEM_OP, &mem_op);
+ if (ret < 0) {
+ error_report("KVM_S390_MEM_OP failed: %s", strerror(-ret));
+ abort();
+ }
+ return ret;
+}
+
/*
* Legacy layout for s390:
* Older S390 KVM requires the topmost vma of the RAM to be
diff --git a/target/s390x/kvm_s390x.h b/target/s390x/kvm_s390x.h
index dea813f450153c34e1269424772d..6ab17c81b73a0011e32213552698 100644
--- a/target/s390x/kvm_s390x.h
+++ b/target/s390x/kvm_s390x.h
@@ -19,6 +19,8 @@ void kvm_s390_vcpu_interrupt(S390CPU *cpu, struct kvm_s390_irq *irq);
void kvm_s390_access_exception(S390CPU *cpu, uint16_t code, uint64_t te_code);
int kvm_s390_mem_op(S390CPU *cpu, vaddr addr, uint8_t ar, void *hostbuf,
int len, bool is_write);
+int kvm_s390_mem_op_pv(S390CPU *cpu, vaddr addr, void *hostbuf, int len,
+ bool is_write);
void kvm_s390_program_interrupt(S390CPU *cpu, uint16_t code);
int kvm_s390_set_cpu_state(S390CPU *cpu, uint8_t cpu_state);
void kvm_s390_vcpu_interrupt_pre_save(S390CPU *cpu);
diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index 0be2f300bbe4ac8b68619b8c2285..7d9f3059cd502c49108b459c8d23 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -474,6 +474,20 @@ static int translate_pages(S390CPU *cpu, vaddr addr, int nr_pages,
return 0;
}
+int s390_cpu_pv_mem_rw(S390CPU *cpu, unsigned int offset, void *hostbuf,
+ int len, bool is_write)
+{
+ int ret;
+
+ if (kvm_enabled()) {
+ ret = kvm_s390_mem_op_pv(cpu, offset, hostbuf, len, is_write);
+ } else {
+ /* Protected Virtualization is a KVM/Hardware only feature */
+ g_assert_not_reached();
+ }
+ return ret;
+}
+
/**
* s390_cpu_virt_mem_rw:
* @laddr: the logical start address

View File

@ -1,61 +0,0 @@
From: Christian Borntraeger <borntraeger@de.ibm.com>
Date: Tue, 25 Feb 2020 06:28:51 -0500
Subject: s390x: Add unpack facility feature to GA1
Git-commit: 3034eaac3b2970ba85a1d77814ceef1352d05357
References: bsc#1167075
The unpack facility is an indication that diagnose 308 subcodes 8-10
are available to the guest. That means, that the guest can put itself
into protected mode.
Once it is in protected mode, the hardware stops any attempt of VM
introspection by the hypervisor.
Some features are currently not supported in protected mode:
* vfio devices
* Migration
* Huge page backings
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/s390x/gen-features.c | 1 +
target/s390x/kvm.c | 8 ++++++++
2 files changed, 9 insertions(+)
diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
index 6278845b12b8dee84c086413c60a..8ddeebc54419a3e2481e21916389 100644
--- a/target/s390x/gen-features.c
+++ b/target/s390x/gen-features.c
@@ -562,6 +562,7 @@ static uint16_t full_GEN15_GA1[] = {
S390_FEAT_GROUP_MSA_EXT_9,
S390_FEAT_GROUP_MSA_EXT_9_PCKMO,
S390_FEAT_ETOKEN,
+ S390_FEAT_UNPACK,
};
/* Default features (in order of release)
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index 870dd1b52b6e424f6cbd751cce0d..69881a0da0b31f72c4c3794d17ab 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -2425,6 +2425,14 @@ void kvm_s390_get_host_cpu_model(S390CPUModel *model, Error **errp)
clear_bit(S390_FEAT_BPB, model->features);
}
+ /*
+ * If we have support for protected virtualization, indicate
+ * the protected virtualization IPL unpack facility.
+ */
+ if (cap_protected) {
+ set_bit(S390_FEAT_UNPACK, model->features);
+ }
+
/* We emulate a zPCI bus and AEN, therefore we don't need HW support */
set_bit(S390_FEAT_ZPCI, model->features);
set_bit(S390_FEAT_ADAPTER_EVENT_NOTIFICATION, model->features);

View File

@ -1,61 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Fri, 13 Mar 2020 10:35:02 -0400
Subject: s390x: Move diagnose 308 subcodes and rcs into ipl.h
Git-commit: 284bc3dd6e9a978e6e34b00777ce72007a88d6d9
References: bsc#1167075
They are part of the IPL process, so let's put them into the ipl
header.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/s390x/ipl.h | 11 +++++++++++
target/s390x/diag.c | 11 -----------
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
index 3e44abe1c651d8a01f4708c2801c..a5665e6bfde2e8cfbb1b2e6c7234 100644
--- a/hw/s390x/ipl.h
+++ b/hw/s390x/ipl.h
@@ -159,6 +159,17 @@ struct S390IPLState {
typedef struct S390IPLState S390IPLState;
QEMU_BUILD_BUG_MSG(offsetof(S390IPLState, iplb) & 3, "alignment of iplb wrong");
+#define DIAG_308_RC_OK 0x0001
+#define DIAG_308_RC_NO_CONF 0x0102
+#define DIAG_308_RC_INVALID 0x0402
+
+#define DIAG308_RESET_MOD_CLR 0
+#define DIAG308_RESET_LOAD_NORM 1
+#define DIAG308_LOAD_CLEAR 3
+#define DIAG308_LOAD_NORMAL_DUMP 4
+#define DIAG308_SET 5
+#define DIAG308_STORE 6
+
#define S390_IPL_TYPE_FCP 0x00
#define S390_IPL_TYPE_CCW 0x02
#define S390_IPL_TYPE_QEMU_SCSI 0xff
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 54e5670b3fd6d960bd3fb4baca8b..8aba6341f94848e1ce8fff420ed8 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -49,17 +49,6 @@ int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3)
return diag288_class->handle_timer(diag288, func, timeout);
}
-#define DIAG_308_RC_OK 0x0001
-#define DIAG_308_RC_NO_CONF 0x0102
-#define DIAG_308_RC_INVALID 0x0402
-
-#define DIAG308_RESET_MOD_CLR 0
-#define DIAG308_RESET_LOAD_NORM 1
-#define DIAG308_LOAD_CLEAR 3
-#define DIAG308_LOAD_NORMAL_DUMP 4
-#define DIAG308_SET 5
-#define DIAG308_STORE 6
-
static int diag308_parm_check(CPUS390XState *env, uint64_t r1, uint64_t addr,
uintptr_t ra, bool write)
{

View File

@ -1,64 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Fri, 6 Mar 2020 06:40:13 -0500
Subject: s390x: protvirt: Add migration blocker
Git-commit: e721e55a3dabb2897081614b17dd4565e85249ac
References: bsc#1167075
Migration is not yet supported.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/s390x/s390-virtio-ccw.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index b4d681da43af43f23f66206cacf6..e00040a00ba60b20b42ee26a299b 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -45,6 +45,9 @@
#include "sysemu/sysemu.h"
#include "hw/s390x/pv.h"
#include <linux/kvm.h>
+#include "migration/blocker.h"
+
+static Error *pv_mig_blocker;
S390CPU *s390_cpu_addr2state(uint16_t cpu_addr)
{
@@ -324,15 +327,30 @@ static void s390_machine_unprotect(S390CcwMachineState *ms)
{
s390_pv_vm_disable();
ms->pv = false;
+ migrate_del_blocker(pv_mig_blocker);
+ error_free_or_abort(&pv_mig_blocker);
}
static int s390_machine_protect(S390CcwMachineState *ms)
{
+ Error *local_err = NULL;
int rc;
+ error_setg(&pv_mig_blocker,
+ "protected VMs are currently not migrateable.");
+ rc = migrate_add_blocker(pv_mig_blocker, &local_err);
+ if (rc) {
+ error_report_err(local_err);
+ error_free_or_abort(&pv_mig_blocker);
+ return rc;
+ }
+
/* Create SE VM */
rc = s390_pv_vm_enable();
if (rc) {
+ error_report_err(local_err);
+ migrate_del_blocker(pv_mig_blocker);
+ error_free_or_abort(&pv_mig_blocker);
return rc;
}

View File

@ -1,119 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Fri, 29 Nov 2019 04:22:41 -0500
Subject: s390x: protvirt: Disable address checks for PV guest IO emulation
Git-commit f658bf14295ad49caf8d1b21033982ce69423fb7
References: bsc#1167075
IO instruction data is routed through SIDAD for protected guests, so
adresses do not need to be checked, as this is kernel memory which is
always available.
Also the instruction data always starts at offset 0 of the SIDAD.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/s390x/ioinst.c | 35 ++++++++++++++++++++++++++++-------
1 file changed, 28 insertions(+), 7 deletions(-)
diff --git a/target/s390x/ioinst.c b/target/s390x/ioinst.c
index 0e840cc5792afe02d543568ba880..8828482eec306a2bccd8bef269b7 100644
--- a/target/s390x/ioinst.c
+++ b/target/s390x/ioinst.c
@@ -16,6 +16,25 @@
#include "hw/s390x/ioinst.h"
#include "trace.h"
#include "hw/s390x/s390-pci-bus.h"
+#include "hw/s390x/pv.h"
+
+/* All I/O instructions but chsc use the s format */
+static uint64_t get_address_from_regs(CPUS390XState *env, uint32_t ipb,
+ uint8_t *ar)
+{
+ /*
+ * Addresses for protected guests are all offsets into the
+ * satellite block which holds the IO control structures. Those
+ * control structures are always starting at offset 0 and are
+ * always aligned and accessible. So we can return 0 here which
+ * will pass the following address checks.
+ */
+ if (s390_is_pv()) {
+ *ar = 0;
+ return 0;
+ }
+ return decode_basedisp_s(env, ipb, ar);
+}
int ioinst_disassemble_sch_ident(uint32_t value, int *m, int *cssid, int *ssid,
int *schid)
@@ -114,7 +133,7 @@ void ioinst_handle_msch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
CPUS390XState *env = &cpu->env;
uint8_t ar;
- addr = decode_basedisp_s(env, ipb, &ar);
+ addr = get_address_from_regs(env, ipb, &ar);
if (addr & 3) {
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return;
@@ -171,7 +190,7 @@ void ioinst_handle_ssch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
CPUS390XState *env = &cpu->env;
uint8_t ar;
- addr = decode_basedisp_s(env, ipb, &ar);
+ addr = get_address_from_regs(env, ipb, &ar);
if (addr & 3) {
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return;
@@ -203,7 +222,7 @@ void ioinst_handle_stcrw(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
CPUS390XState *env = &cpu->env;
uint8_t ar;
- addr = decode_basedisp_s(env, ipb, &ar);
+ addr = get_address_from_regs(env, ipb, &ar);
if (addr & 3) {
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return;
@@ -234,7 +253,7 @@ void ioinst_handle_stsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb,
CPUS390XState *env = &cpu->env;
uint8_t ar;
- addr = decode_basedisp_s(env, ipb, &ar);
+ addr = get_address_from_regs(env, ipb, &ar);
if (addr & 3) {
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return;
@@ -303,7 +322,7 @@ int ioinst_handle_tsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
return -EIO;
}
trace_ioinst_sch_id("tsch", cssid, ssid, schid);
- addr = decode_basedisp_s(env, ipb, &ar);
+ addr = get_address_from_regs(env, ipb, &ar);
if (addr & 3) {
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return -EIO;
@@ -601,7 +620,7 @@ void ioinst_handle_chsc(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
{
ChscReq *req;
ChscResp *res;
- uint64_t addr;
+ uint64_t addr = 0;
int reg;
uint16_t len;
uint16_t command;
@@ -610,7 +629,9 @@ void ioinst_handle_chsc(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
trace_ioinst("chsc");
reg = (ipb >> 20) & 0x00f;
- addr = env->regs[reg];
+ if (!s390_is_pv()) {
+ addr = env->regs[reg];
+ }
/* Page boundary? */
if (addr & 0xfff) {
s390_program_interrupt(env, PGM_SPECIFICATION, ra);

View File

@ -1,44 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Tue, 6 Aug 2019 15:40:05 +0200
Subject: s390x: protvirt: Handle SIGP store status correctly
Git-commit: 398fc6874438c320407449d1c9560925aba2280b
References: bsc#1167075
For protected VMs status storing is not done by QEMU anymore.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/s390x/helper.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/target/s390x/helper.c b/target/s390x/helper.c
index ed726849114f2f353471233f670b..09f60406aa33c938ff54a0dbda13 100644
--- a/target/s390x/helper.c
+++ b/target/s390x/helper.c
@@ -25,6 +25,7 @@
#include "qemu/timer.h"
#include "qemu/qemu-print.h"
#include "hw/s390x/ioinst.h"
+#include "hw/s390x/pv.h"
#include "sysemu/hw_accel.h"
#include "sysemu/runstate.h"
#ifndef CONFIG_USER_ONLY
@@ -246,6 +247,11 @@ int s390_store_status(S390CPU *cpu, hwaddr addr, bool store_arch)
hwaddr len = sizeof(*sa);
int i;
+ /* For PVMs storing will occur when this cpu enters SIE again */
+ if (s390_is_pv()) {
+ return 0;
+ }
+
sa = cpu_physical_memory_map(addr, &len, true);
if (!sa) {
return -EFAULT;

View File

@ -1,84 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Mon, 24 Feb 2020 07:49:06 -0500
Subject: s390x: protvirt: Inhibit balloon when switching to protected mode
Git-commit: 59dc32a3494d6afdd420f3e401f1f324a1179256
References: bsc#1167075
Ballooning in protected VMs can only be done when the guest shares the
pages it gives to the host. If pages are not shared, the integrity
checks will fail once those pages have been altered and are given back
to the guest.
As we currently do not yet have a solution for this we will continue
like this:
1. We block ballooning now in QEMU (with this patch).
2. Later we will provide a change to virtio that removes the blocker
and adds VIRTIO_F_IOMMU_PLATFORM automatically by QEMU when doing the
protvirt switch. This is OK, as the balloon driver in Linux (the only
supported guest) will refuse to work with the IOMMU_PLATFORM feature
bit set.
3. Later, we can fix the guest balloon driver to accept the IOMMU
feature bit and correctly exercise sharing and unsharing of balloon
pages.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/s390x/s390-virtio-ccw.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index e00040a00ba60b20b42ee26a299b..db45249320abf7920ec8730790c2 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -43,6 +43,7 @@
#include "hw/qdev-properties.h"
#include "hw/s390x/tod.h"
#include "sysemu/sysemu.h"
+#include "sysemu/balloon.h"
#include "hw/s390x/pv.h"
#include <linux/kvm.h>
#include "migration/blocker.h"
@@ -329,6 +330,7 @@ static void s390_machine_unprotect(S390CcwMachineState *ms)
ms->pv = false;
migrate_del_blocker(pv_mig_blocker);
error_free_or_abort(&pv_mig_blocker);
+ qemu_balloon_inhibit(false);
}
static int s390_machine_protect(S390CcwMachineState *ms)
@@ -336,10 +338,18 @@ static int s390_machine_protect(S390CcwMachineState *ms)
Error *local_err = NULL;
int rc;
+ /*
+ * Ballooning on protected VMs needs support in the guest for
+ * sharing and unsharing balloon pages. Block ballooning for
+ * now, until we have a solution to make at least Linux guests
+ * either support it or fail gracefully.
+ */
+ qemu_balloon_inhibit(true);
error_setg(&pv_mig_blocker,
"protected VMs are currently not migrateable.");
rc = migrate_add_blocker(pv_mig_blocker, &local_err);
if (rc) {
+ qemu_balloon_inhibit(false);
error_report_err(local_err);
error_free_or_abort(&pv_mig_blocker);
return rc;
@@ -348,6 +358,7 @@ static int s390_machine_protect(S390CcwMachineState *ms)
/* Create SE VM */
rc = s390_pv_vm_enable();
if (rc) {
+ qemu_balloon_inhibit(false);
error_report_err(local_err);
migrate_del_blocker(pv_mig_blocker);
error_free_or_abort(&pv_mig_blocker);

View File

@ -1,60 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Mon, 13 May 2019 10:35:27 +0200
Subject: s390x: protvirt: KVM intercept changes
Git-commit: fd70eb764f176c200d6723c2ad88362f23536bfa
References: bsc#1167075
Protected VMs no longer intercept with code 4 for an instruction
interception. Instead they have codes 104 and 108 for protected
instruction interception and protected instruction notification
respectively.
The 104 mirrors the 4 interception.
The 108 is a notification interception to let KVM and QEMU know that
something changed and we need to update tracking information or
perform specific tasks. It's currently taken for the following
instructions:
* spx (To inform about the changed prefix location)
* sclp (On incorrect SCCB values, so we can inject a IRQ)
* sigp (All but "stop and store status")
* diag308 (Subcodes 0/1)
Of these exits only sclp errors, state changing sigps and diag308 will
reach QEMU. QEMU will do its parts of the job, while the ultravisor
has done the instruction part of the job.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/s390x/kvm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index b2b14bde2b251986230153adca9a..1988809ec2e7b1b6db33ba85eaef 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -115,6 +115,8 @@
#define ICPT_CPU_STOP 0x28
#define ICPT_OPEREXC 0x2c
#define ICPT_IO 0x40
+#define ICPT_PV_INSTR 0x68
+#define ICPT_PV_INSTR_NOTIFICATION 0x6c
#define NR_LOCAL_IRQS 32
/*
@@ -1698,6 +1700,8 @@ static int handle_intercept(S390CPU *cpu)
(long)cs->kvm_run->psw_addr);
switch (icpt_code) {
case ICPT_INSTRUCTION:
+ case ICPT_PV_INSTR:
+ case ICPT_PV_INSTR_NOTIFICATION:
r = handle_instruction(cpu, run);
break;
case ICPT_PROGRAM:

View File

@ -1,156 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Wed, 5 Feb 2020 07:02:33 -0500
Subject: s390x: protvirt: Move IO control structures over SIDA
Git-commit: 4989e18cbe5621df39020ef812316f479d8f5246
References: bsc#1167075
For protected guests, we need to put the IO emulation results into the
SIDA, so SIE will write them into the guest at the next entry.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/s390x/ioinst.c | 61 +++++++++++++++++++++++++++++++------------
1 file changed, 45 insertions(+), 16 deletions(-)
diff --git a/target/s390x/ioinst.c b/target/s390x/ioinst.c
index 8828482eec306a2bccd8bef269b7..7a14c52c123b842bba0b13f96b16 100644
--- a/target/s390x/ioinst.c
+++ b/target/s390x/ioinst.c
@@ -138,7 +138,9 @@ void ioinst_handle_msch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return;
}
- if (s390_cpu_virt_mem_read(cpu, addr, ar, &schib, sizeof(schib))) {
+ if (s390_is_pv()) {
+ s390_cpu_pv_mem_read(cpu, addr, &schib, sizeof(schib));
+ } else if (s390_cpu_virt_mem_read(cpu, addr, ar, &schib, sizeof(schib))) {
s390_cpu_virt_mem_handle_exc(cpu, ra);
return;
}
@@ -195,7 +197,9 @@ void ioinst_handle_ssch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return;
}
- if (s390_cpu_virt_mem_read(cpu, addr, ar, &orig_orb, sizeof(orb))) {
+ if (s390_is_pv()) {
+ s390_cpu_pv_mem_read(cpu, addr, &orig_orb, sizeof(orb));
+ } else if (s390_cpu_virt_mem_read(cpu, addr, ar, &orig_orb, sizeof(orb))) {
s390_cpu_virt_mem_handle_exc(cpu, ra);
return;
}
@@ -231,14 +235,19 @@ void ioinst_handle_stcrw(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
cc = css_do_stcrw(&crw);
/* 0 - crw stored, 1 - zeroes stored */
- if (s390_cpu_virt_mem_write(cpu, addr, ar, &crw, sizeof(crw)) == 0) {
+ if (s390_is_pv()) {
+ s390_cpu_pv_mem_write(cpu, addr, &crw, sizeof(crw));
setcc(cpu, cc);
} else {
- if (cc == 0) {
- /* Write failed: requeue CRW since STCRW is suppressing */
- css_undo_stcrw(&crw);
+ if (s390_cpu_virt_mem_write(cpu, addr, ar, &crw, sizeof(crw)) == 0) {
+ setcc(cpu, cc);
+ } else {
+ if (cc == 0) {
+ /* Write failed: requeue CRW since STCRW is suppressing */
+ css_undo_stcrw(&crw);
+ }
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
}
- s390_cpu_virt_mem_handle_exc(cpu, ra);
}
}
@@ -260,6 +269,13 @@ void ioinst_handle_stsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb,
}
if (ioinst_disassemble_sch_ident(reg1, &m, &cssid, &ssid, &schid)) {
+ /*
+ * The Ultravisor checks schid bit 16 to be one and bits 0-12
+ * to be 0 and injects a operand exception itself.
+ *
+ * Hence we should never end up here.
+ */
+ g_assert(!s390_is_pv());
/*
* As operand exceptions have a lower priority than access exceptions,
* we check whether the memory area is writeable (injecting the
@@ -292,14 +308,17 @@ void ioinst_handle_stsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb,
}
}
if (cc != 3) {
- if (s390_cpu_virt_mem_write(cpu, addr, ar, &schib,
- sizeof(schib)) != 0) {
+ if (s390_is_pv()) {
+ s390_cpu_pv_mem_write(cpu, addr, &schib, sizeof(schib));
+ } else if (s390_cpu_virt_mem_write(cpu, addr, ar, &schib,
+ sizeof(schib)) != 0) {
s390_cpu_virt_mem_handle_exc(cpu, ra);
return;
}
} else {
/* Access exceptions have a higher priority than cc3 */
- if (s390_cpu_virt_mem_check_write(cpu, addr, ar, sizeof(schib)) != 0) {
+ if (!s390_is_pv() &&
+ s390_cpu_virt_mem_check_write(cpu, addr, ar, sizeof(schib)) != 0) {
s390_cpu_virt_mem_handle_exc(cpu, ra);
return;
}
@@ -336,7 +355,9 @@ int ioinst_handle_tsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
}
/* 0 - status pending, 1 - not status pending, 3 - not operational */
if (cc != 3) {
- if (s390_cpu_virt_mem_write(cpu, addr, ar, &irb, irb_len) != 0) {
+ if (s390_is_pv()) {
+ s390_cpu_pv_mem_write(cpu, addr, &irb, irb_len);
+ } else if (s390_cpu_virt_mem_write(cpu, addr, ar, &irb, irb_len) != 0) {
s390_cpu_virt_mem_handle_exc(cpu, ra);
return -EFAULT;
}
@@ -344,7 +365,8 @@ int ioinst_handle_tsch(S390CPU *cpu, uint64_t reg1, uint32_t ipb, uintptr_t ra)
} else {
irb_len = sizeof(irb) - sizeof(irb.emw);
/* Access exceptions have a higher priority than cc3 */
- if (s390_cpu_virt_mem_check_write(cpu, addr, ar, irb_len) != 0) {
+ if (!s390_is_pv() &&
+ s390_cpu_virt_mem_check_write(cpu, addr, ar, irb_len) != 0) {
s390_cpu_virt_mem_handle_exc(cpu, ra);
return -EFAULT;
}
@@ -642,7 +664,9 @@ void ioinst_handle_chsc(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
* present CHSC sub-handlers ... if we ever need more, we should take
* care of req->len here first.
*/
- if (s390_cpu_virt_mem_read(cpu, addr, reg, buf, sizeof(ChscReq))) {
+ if (s390_is_pv()) {
+ s390_cpu_pv_mem_read(cpu, addr, buf, sizeof(ChscReq));
+ } else if (s390_cpu_virt_mem_read(cpu, addr, reg, buf, sizeof(ChscReq))) {
s390_cpu_virt_mem_handle_exc(cpu, ra);
return;
}
@@ -675,11 +699,16 @@ void ioinst_handle_chsc(S390CPU *cpu, uint32_t ipb, uintptr_t ra)
break;
}
- if (!s390_cpu_virt_mem_write(cpu, addr + len, reg, res,
- be16_to_cpu(res->len))) {
+ if (s390_is_pv()) {
+ s390_cpu_pv_mem_write(cpu, addr + len, res, be16_to_cpu(res->len));
setcc(cpu, 0); /* Command execution complete */
} else {
- s390_cpu_virt_mem_handle_exc(cpu, ra);
+ if (!s390_cpu_virt_mem_write(cpu, addr + len, reg, res,
+ be16_to_cpu(res->len))) {
+ setcc(cpu, 0); /* Command execution complete */
+ } else {
+ s390_cpu_virt_mem_handle_exc(cpu, ra);
+ }
}
}

View File

@ -1,55 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Wed, 5 Feb 2020 07:02:51 -0500
Subject: s390x: protvirt: Move STSI data over SIDAD
Git-commit: ccce7a654911ae507c962aff5f41004a7a88fad6
References: bsc#1167075
For protected guests, we need to put the STSI emulation results into
the SIDA, so SIE will write them into the guest at the next entry.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/s390x/kvm.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index 0e93778ed15d0e04e83eff1baccf..e0b61680ab086a5ff5875c42b7e5 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -50,6 +50,7 @@
#include "exec/memattrs.h"
#include "hw/s390x/s390-virtio-ccw.h"
#include "hw/s390x/s390-virtio-hcall.h"
+#include "hw/s390x/pv.h"
#ifndef DEBUG_KVM
#define DEBUG_KVM 0
@@ -1808,7 +1809,9 @@ static void insert_stsi_3_2_2(S390CPU *cpu, __u64 addr, uint8_t ar)
SysIB_322 sysib;
int del, i;
- if (s390_cpu_virt_mem_read(cpu, addr, ar, &sysib, sizeof(sysib))) {
+ if (s390_is_pv()) {
+ s390_cpu_pv_mem_read(cpu, 0, &sysib, sizeof(sysib));
+ } else if (s390_cpu_virt_mem_read(cpu, addr, ar, &sysib, sizeof(sysib))) {
return;
}
/* Shift the stack of Extended Names to prepare for our own data */
@@ -1861,7 +1864,11 @@ static void insert_stsi_3_2_2(S390CPU *cpu, __u64 addr, uint8_t ar)
/* Insert UUID */
memcpy(sysib.vm[0].uuid, &qemu_uuid, sizeof(sysib.vm[0].uuid));
- s390_cpu_virt_mem_write(cpu, addr, ar, &sysib, sizeof(sysib));
+ if (s390_is_pv()) {
+ s390_cpu_pv_mem_write(cpu, 0, &sysib, sizeof(sysib));
+ } else {
+ s390_cpu_virt_mem_write(cpu, addr, ar, &sysib, sizeof(sysib));
+ }
}
static int handle_stsi(S390CPU *cpu)

View File

@ -1,78 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Wed, 31 Jul 2019 17:49:08 +0200
Subject: s390x: protvirt: Move diag 308 data over SIDA
Git-commit: 258da1c7736d3aa4604ceea6cce00995c6f30058
References: bsc#1167075
For protected guests the IPIB is written/read to/from the SIDA, so we
need those accesses to go through s390_cpu_pv_mem_read/write().
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/s390x/diag.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index b2cbefb8cfe4e5a244219e761fb4..1a4842956402e308426c0ed5ce5c 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -75,6 +75,7 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
{
bool valid;
CPUState *cs = env_cpu(env);
+ S390CPU *cpu = S390_CPU(cs);
uint64_t addr = env->regs[r1];
uint64_t subcode = env->regs[r3];
IplParameterBlock *iplb;
@@ -111,13 +112,22 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
return;
}
iplb = g_new0(IplParameterBlock, 1);
- cpu_physical_memory_read(addr, iplb, sizeof(iplb->len));
+ if (!s390_is_pv()) {
+ cpu_physical_memory_read(addr, iplb, sizeof(iplb->len));
+ } else {
+ s390_cpu_pv_mem_read(cpu, 0, iplb, sizeof(iplb->len));
+ }
+
if (!iplb_valid_len(iplb)) {
env->regs[r1 + 1] = DIAG_308_RC_INVALID;
goto out;
}
- cpu_physical_memory_read(addr, iplb, be32_to_cpu(iplb->len));
+ if (!s390_is_pv()) {
+ cpu_physical_memory_read(addr, iplb, be32_to_cpu(iplb->len));
+ } else {
+ s390_cpu_pv_mem_read(cpu, 0, iplb, be32_to_cpu(iplb->len));
+ }
valid = subcode == DIAG308_PV_SET ? iplb_valid_pv(iplb) : iplb_valid(iplb);
if (!valid) {
@@ -140,12 +150,17 @@ out:
} else {
iplb = s390_ipl_get_iplb();
}
- if (iplb) {
+ if (!iplb) {
+ env->regs[r1 + 1] = DIAG_308_RC_NO_CONF;
+ return;
+ }
+
+ if (!s390_is_pv()) {
cpu_physical_memory_write(addr, iplb, be32_to_cpu(iplb->len));
- env->regs[r1 + 1] = DIAG_308_RC_OK;
} else {
- env->regs[r1 + 1] = DIAG_308_RC_NO_CONF;
+ s390_cpu_pv_mem_write(cpu, 0, iplb, be32_to_cpu(iplb->len));
}
+ env->regs[r1 + 1] = DIAG_308_RC_OK;
return;
case DIAG308_PV_START:
iplb = s390_ipl_get_iplb_pv();

View File

@ -1,156 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Mon, 3 Jun 2019 16:40:29 +0200
Subject: s390x: protvirt: SCLP interpretation
Git-commit: 32633cf4539341180dbc7a92c2655c711b4a6996
References: bsc#1167075
SCLP for a protected guest is done over the SIDAD, so we need to use
the s390_cpu_pv_mem_* functions to access the SIDAD instead of guest
memory when reading/writing SCBs.
To not confuse the sclp emulation, we set 0x4000 as the SCCB address,
since the function that injects the sclp external interrupt would
reject a zero sccb address.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/s390x/sclp.c | 56 +++++++++++++++++++++++++++++++++--------
include/hw/s390x/sclp.h | 2 ++
target/s390x/kvm.c | 25 ++++++++++++++----
3 files changed, 67 insertions(+), 16 deletions(-)
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index f0c35aa57afde03f7ec3e5f52f49..ede056b3efd7d92445d00f2e1298 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -33,6 +33,22 @@ static inline SCLPDevice *get_sclp_device(void)
return sclp;
}
+static inline bool sclp_command_code_valid(uint32_t code)
+{
+ switch (code & SCLP_CMD_CODE_MASK) {
+ case SCLP_CMDW_READ_SCP_INFO:
+ case SCLP_CMDW_READ_SCP_INFO_FORCED:
+ case SCLP_CMDW_READ_CPU_INFO:
+ case SCLP_CMDW_CONFIGURE_IOA:
+ case SCLP_CMDW_DECONFIGURE_IOA:
+ case SCLP_CMD_READ_EVENT_DATA:
+ case SCLP_CMD_WRITE_EVENT_DATA:
+ case SCLP_CMD_WRITE_EVENT_MASK:
+ return true;
+ }
+ return false;
+}
+
static void prepare_cpu_entries(SCLPDevice *sclp, CPUEntry *entry, int *count)
{
MachineState *ms = MACHINE(qdev_get_machine());
@@ -193,6 +209,34 @@ static void sclp_execute(SCLPDevice *sclp, SCCB *sccb, uint32_t code)
}
}
+/*
+ * We only need the address to have something valid for the
+ * service_interrupt call.
+ */
+#define SCLP_PV_DUMMY_ADDR 0x4000
+int sclp_service_call_protected(CPUS390XState *env, uint64_t sccb,
+ uint32_t code)
+{
+ SCLPDevice *sclp = get_sclp_device();
+ SCLPDeviceClass *sclp_c = SCLP_GET_CLASS(sclp);
+ SCCB work_sccb;
+ hwaddr sccb_len = sizeof(SCCB);
+
+ s390_cpu_pv_mem_read(env_archcpu(env), 0, &work_sccb, sccb_len);
+
+ if (!sclp_command_code_valid(code)) {
+ work_sccb.h.response_code = cpu_to_be16(SCLP_RC_INVALID_SCLP_COMMAND);
+ goto out_write;
+ }
+
+ sclp_c->execute(sclp, &work_sccb, code);
+out_write:
+ s390_cpu_pv_mem_write(env_archcpu(env), 0, &work_sccb,
+ be16_to_cpu(work_sccb.h.length));
+ sclp_c->service_interrupt(sclp, SCLP_PV_DUMMY_ADDR);
+ return 0;
+}
+
int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code)
{
SCLPDevice *sclp = get_sclp_device();
@@ -225,17 +269,7 @@ int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code)
return -PGM_SPECIFICATION;
}
- switch (code & SCLP_CMD_CODE_MASK) {
- case SCLP_CMDW_READ_SCP_INFO:
- case SCLP_CMDW_READ_SCP_INFO_FORCED:
- case SCLP_CMDW_READ_CPU_INFO:
- case SCLP_CMDW_CONFIGURE_IOA:
- case SCLP_CMDW_DECONFIGURE_IOA:
- case SCLP_CMD_READ_EVENT_DATA:
- case SCLP_CMD_WRITE_EVENT_DATA:
- case SCLP_CMD_WRITE_EVENT_MASK:
- break;
- default:
+ if (!sclp_command_code_valid(code)) {
work_sccb.h.response_code = cpu_to_be16(SCLP_RC_INVALID_SCLP_COMMAND);
goto out_write;
}
diff --git a/include/hw/s390x/sclp.h b/include/hw/s390x/sclp.h
index cd7b24359f28deb4b659b1f284f6..822eff4396ff5dded7496e50575d 100644
--- a/include/hw/s390x/sclp.h
+++ b/include/hw/s390x/sclp.h
@@ -217,5 +217,7 @@ void s390_sclp_init(void);
void sclp_service_interrupt(uint32_t sccb);
void raise_irq_cpu_hotplug(void);
int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code);
+int sclp_service_call_protected(CPUS390XState *env, uint64_t sccb,
+ uint32_t code);
#endif
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index e0b61680ab086a5ff5875c42b7e5..870dd1b52b6e424f6cbd751cce0d 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -1233,12 +1233,27 @@ static void kvm_sclp_service_call(S390CPU *cpu, struct kvm_run *run,
sccb = env->regs[ipbh0 & 0xf];
code = env->regs[(ipbh0 & 0xf0) >> 4];
- r = sclp_service_call(env, sccb, code);
- if (r < 0) {
- kvm_s390_program_interrupt(cpu, -r);
- return;
+ switch (run->s390_sieic.icptcode) {
+ case ICPT_PV_INSTR_NOTIFICATION:
+ g_assert(s390_is_pv());
+ /* The notification intercepts are currently handled by KVM */
+ error_report("unexpected SCLP PV notification");
+ exit(1);
+ break;
+ case ICPT_PV_INSTR:
+ g_assert(s390_is_pv());
+ sclp_service_call_protected(env, sccb, code);
+ /* Setting the CC is done by the Ultravisor. */
+ break;
+ case ICPT_INSTRUCTION:
+ g_assert(!s390_is_pv());
+ r = sclp_service_call(env, sccb, code);
+ if (r < 0) {
+ kvm_s390_program_interrupt(cpu, -r);
+ return;
+ }
+ setcc(cpu, r);
}
- setcc(cpu, r);
}
static int handle_b2(S390CPU *cpu, struct kvm_run *run, uint8_t ipa1)

View File

@ -1,60 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Tue, 23 Jul 2019 13:17:32 +0200
Subject: s390x: protvirt: Set guest IPL PSW
Git-commit: e8686d9849f1625f4f4b28403f0555181b72d1b6
References: bsc#1167075
Handling of CPU reset and setting of the IPL psw from guest storage at
offset 0 is done by a Ultravisor call. Let's only fetch it if
necessary.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/s390x/cpu.c | 26 +++++++++++++++++---------
1 file changed, 17 insertions(+), 9 deletions(-)
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index bb7a588e3b791fe48b4e0a0826dd..f2ccf0a06a0c9c1dde202988ceee 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -77,16 +77,24 @@ static bool s390_cpu_has_work(CPUState *cs)
static void s390_cpu_load_normal(CPUState *s)
{
S390CPU *cpu = S390_CPU(s);
- uint64_t spsw = ldq_phys(s->as, 0);
-
- cpu->env.psw.mask = spsw & PSW_MASK_SHORT_CTRL;
- /*
- * Invert short psw indication, so SIE will report a specification
- * exception if it was not set.
- */
- cpu->env.psw.mask ^= PSW_MASK_SHORTPSW;
- cpu->env.psw.addr = spsw & PSW_MASK_SHORT_ADDR;
+ uint64_t spsw;
+ if (!s390_is_pv()) {
+ spsw = ldq_phys(s->as, 0);
+ cpu->env.psw.mask = spsw & PSW_MASK_SHORT_CTRL;
+ /*
+ * Invert short psw indication, so SIE will report a specification
+ * exception if it was not set.
+ */
+ cpu->env.psw.mask ^= PSW_MASK_SHORTPSW;
+ cpu->env.psw.addr = spsw & PSW_MASK_SHORT_ADDR;
+ } else {
+ /*
+ * Firmware requires us to set the load state before we set
+ * the cpu to operating on protected guests.
+ */
+ s390_cpu_set_state(S390_CPU_STATE_LOAD, cpu);
+ }
s390_cpu_set_state(S390_CPU_STATE_OPERATING, cpu);
}
#endif

View File

@ -1,869 +0,0 @@
From: Janosch Frank <frankja@linux.ibm.com>
Date: Mon, 11 Feb 2019 16:07:19 +0100
Subject: s390x: protvirt: Support unpack facility
Git-commit: 2150c92b9b7d12b5fbdd2c59e5b17197d28f53db
References: bsc#1167075
The unpack facility provides the means to setup a protected guest. A
protected guest cannot be introspected by the hypervisor or any
user/administrator of the machine it is running on.
Protected guests are encrypted at rest and need a special boot
mechanism via diag308 subcode 8 and 10.
Code 8 sets the PV specific IPLB which is retained separately from
those set via code 5.
Code 10 is used to unpack the VM into protected memory, verify its
integrity and start it.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Co-developed-by: Christian Borntraeger <borntraeger@de.ibm.com> [Changes
to machine]
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
[BR: Needed to fix a compiler warning on i586 in hw/s390x/ipl.c]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
MAINTAINERS | 2 +
hw/s390x/Makefile.objs | 1 +
hw/s390x/ipl.c | 59 +++++++++++++-
hw/s390x/ipl.h | 91 ++++++++++++++++++++-
hw/s390x/pv.c | 98 +++++++++++++++++++++++
hw/s390x/s390-virtio-ccw.c | 119 +++++++++++++++++++++++++++-
include/hw/s390x/pv.h | 55 +++++++++++++
include/hw/s390x/s390-virtio-ccw.h | 1 +
target/s390x/cpu.c | 1 +
target/s390x/cpu_features_def.inc.h | 1 +
target/s390x/diag.c | 39 ++++++++-
target/s390x/kvm-stub.c | 5 ++
target/s390x/kvm.c | 5 ++
target/s390x/kvm_s390x.h | 1 +
14 files changed, 468 insertions(+), 10 deletions(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index 8cbc1fac2bfcec86e0e9415ab244..831d4b014aea8c3ce17050cea880 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -396,6 +396,8 @@ F: target/s390x/machine.c
F: target/s390x/sigp.c
F: target/s390x/cpu_features*.[ch]
F: target/s390x/cpu_models.[ch]
+F: hw/s390x/pv.c
+F: include/hw/s390x/pv.h
F: hw/intc/s390_flic.c
F: hw/intc/s390_flic_kvm.c
F: include/hw/s390x/s390_flic.h
diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index e02ed80b6829a511362abc3525ec..a46a1c7894e0f612a2d74cec74f6 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -31,6 +31,7 @@ obj-y += tod-qemu.o
obj-$(CONFIG_KVM) += tod-kvm.o
obj-$(CONFIG_KVM) += s390-skeys-kvm.o
obj-$(CONFIG_KVM) += s390-stattrib-kvm.o
+obj-$(CONFIG_KVM) += pv.o
obj-y += s390-ccw.o
obj-y += ap-device.o
obj-y += ap-bridge.o
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 8c3e019571764920857540be62aa..ce21494c08f77a35269b5e4b3ad5 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -1,10 +1,11 @@
/*
* bootloader support
*
- * Copyright IBM, Corp. 2012
+ * Copyright IBM, Corp. 2012, 2020
*
* Authors:
* Christian Borntraeger <borntraeger@de.ibm.com>
+ * Janosch Frank <frankja@linux.ibm.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or (at your
* option) any later version. See the COPYING file in the top-level directory.
@@ -27,6 +28,7 @@
#include "hw/s390x/vfio-ccw.h"
#include "hw/s390x/css.h"
#include "hw/s390x/ebcdic.h"
+#include "hw/s390x/pv.h"
#include "ipl.h"
#include "qemu/error-report.h"
#include "qemu/config-file.h"
@@ -566,12 +568,31 @@ void s390_ipl_update_diag308(IplParameterBlock *iplb)
{
S390IPLState *ipl = get_ipl_device();
- ipl->iplb = *iplb;
- ipl->iplb_valid = true;
+ /*
+ * The IPLB set and retrieved by subcodes 8/9 is completely
+ * separate from the one managed via subcodes 5/6.
+ */
+ if (iplb->pbt == S390_IPL_TYPE_PV) {
+ ipl->iplb_pv = *iplb;
+ ipl->iplb_valid_pv = true;
+ } else {
+ ipl->iplb = *iplb;
+ ipl->iplb_valid = true;
+ }
ipl->netboot = is_virtio_net_device(iplb);
update_machine_ipl_properties(iplb);
}
+IplParameterBlock *s390_ipl_get_iplb_pv(void)
+{
+ S390IPLState *ipl = get_ipl_device();
+
+ if (!ipl->iplb_valid_pv) {
+ return NULL;
+ }
+ return &ipl->iplb_pv;
+}
+
IplParameterBlock *s390_ipl_get_iplb(void)
{
S390IPLState *ipl = get_ipl_device();
@@ -660,6 +681,38 @@ static void s390_ipl_prepare_qipl(S390CPU *cpu)
cpu_physical_memory_unmap(addr, len, 1, len);
}
+int s390_ipl_prepare_pv_header(void)
+{
+ IplParameterBlock *ipib = s390_ipl_get_iplb_pv();
+ IPLBlockPV *ipib_pv = &ipib->pv;
+ void *hdr = g_malloc(ipib_pv->pv_header_len);
+ int rc;
+
+ cpu_physical_memory_read(ipib_pv->pv_header_addr, hdr,
+ ipib_pv->pv_header_len);
+ rc = s390_pv_set_sec_parms((uintptr_t)hdr,
+ ipib_pv->pv_header_len);
+ g_free(hdr);
+ return rc;
+}
+
+int s390_ipl_pv_unpack(void)
+{
+ IplParameterBlock *ipib = s390_ipl_get_iplb_pv();
+ IPLBlockPV *ipib_pv = &ipib->pv;
+ int i, rc = 0;
+
+ for (i = 0; i < ipib_pv->num_comp; i++) {
+ rc = s390_pv_unpack(ipib_pv->components[i].addr,
+ TARGET_PAGE_ALIGN(ipib_pv->components[i].size),
+ ipib_pv->components[i].tweak_pref);
+ if (rc) {
+ break;
+ }
+ }
+ return rc;
+}
+
void s390_ipl_prepare_cpu(S390CPU *cpu)
{
S390IPLState *ipl = get_ipl_device();
diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
index a5665e6bfde2e8cfbb1b2e6c7234..89b3044d7a2ee54014daa8eeafc9 100644
--- a/hw/s390x/ipl.h
+++ b/hw/s390x/ipl.h
@@ -1,8 +1,9 @@
/*
* s390 IPL device
*
- * Copyright 2015 IBM Corp.
+ * Copyright 2015, 2020 IBM Corp.
* Author(s): Zhang Fan <bjfanzh@cn.ibm.com>
+ * Janosch Frank <frankja@linux.ibm.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or (at
* your option) any later version. See the COPYING file in the top-level
@@ -15,6 +16,24 @@
#include "cpu.h"
#include "hw/qdev-core.h"
+struct IPLBlockPVComp {
+ uint64_t tweak_pref;
+ uint64_t addr;
+ uint64_t size;
+} QEMU_PACKED;
+typedef struct IPLBlockPVComp IPLBlockPVComp;
+
+struct IPLBlockPV {
+ uint8_t reserved18[87]; /* 0x18 */
+ uint8_t version; /* 0x6f */
+ uint32_t reserved70; /* 0x70 */
+ uint32_t num_comp; /* 0x74 */
+ uint64_t pv_header_addr; /* 0x78 */
+ uint64_t pv_header_len; /* 0x80 */
+ struct IPLBlockPVComp components[];
+} QEMU_PACKED;
+typedef struct IPLBlockPV IPLBlockPV;
+
struct IplBlockCcw {
uint8_t reserved0[85];
uint8_t ssid;
@@ -71,6 +90,7 @@ union IplParameterBlock {
union {
IplBlockCcw ccw;
IplBlockFcp fcp;
+ IPLBlockPV pv;
IplBlockQemuScsi scsi;
};
} QEMU_PACKED;
@@ -85,8 +105,11 @@ typedef union IplParameterBlock IplParameterBlock;
int s390_ipl_set_loadparm(uint8_t *loadparm);
void s390_ipl_update_diag308(IplParameterBlock *iplb);
+int s390_ipl_prepare_pv_header(void);
+int s390_ipl_pv_unpack(void);
void s390_ipl_prepare_cpu(S390CPU *cpu);
IplParameterBlock *s390_ipl_get_iplb(void);
+IplParameterBlock *s390_ipl_get_iplb_pv(void);
enum s390_reset {
/* default is a reset not triggered by a CPU e.g. issued by QMP */
@@ -94,6 +117,7 @@ enum s390_reset {
S390_RESET_REIPL,
S390_RESET_MODIFIED_CLEAR,
S390_RESET_LOAD_NORMAL,
+ S390_RESET_PV,
};
void s390_ipl_reset_request(CPUState *cs, enum s390_reset reset_type);
void s390_ipl_get_reset_request(CPUState **cs, enum s390_reset *reset_type);
@@ -133,6 +157,7 @@ struct S390IPLState {
/*< private >*/
DeviceState parent_obj;
IplParameterBlock iplb;
+ IplParameterBlock iplb_pv;
QemuIplParameters qipl;
uint64_t start_addr;
uint64_t compat_start_addr;
@@ -140,6 +165,7 @@ struct S390IPLState {
uint64_t compat_bios_start_addr;
bool enforce_bios;
bool iplb_valid;
+ bool iplb_valid_pv;
bool netboot;
/* reset related properties don't have to be migrated or reset */
enum s390_reset reset_type;
@@ -162,6 +188,8 @@ QEMU_BUILD_BUG_MSG(offsetof(S390IPLState, iplb) & 3, "alignment of iplb wrong");
#define DIAG_308_RC_OK 0x0001
#define DIAG_308_RC_NO_CONF 0x0102
#define DIAG_308_RC_INVALID 0x0402
+#define DIAG_308_RC_NO_PV_CONF 0x0902
+#define DIAG_308_RC_INVAL_FOR_PV 0x0a02
#define DIAG308_RESET_MOD_CLR 0
#define DIAG308_RESET_LOAD_NORM 1
@@ -169,12 +197,17 @@ QEMU_BUILD_BUG_MSG(offsetof(S390IPLState, iplb) & 3, "alignment of iplb wrong");
#define DIAG308_LOAD_NORMAL_DUMP 4
#define DIAG308_SET 5
#define DIAG308_STORE 6
+#define DIAG308_PV_SET 8
+#define DIAG308_PV_STORE 9
+#define DIAG308_PV_START 10
#define S390_IPL_TYPE_FCP 0x00
#define S390_IPL_TYPE_CCW 0x02
+#define S390_IPL_TYPE_PV 0x05
#define S390_IPL_TYPE_QEMU_SCSI 0xff
#define S390_IPLB_HEADER_LEN 8
+#define S390_IPLB_MIN_PV_LEN 148
#define S390_IPLB_MIN_CCW_LEN 200
#define S390_IPLB_MIN_FCP_LEN 384
#define S390_IPLB_MIN_QEMU_SCSI_LEN 200
@@ -184,6 +217,62 @@ static inline bool iplb_valid_len(IplParameterBlock *iplb)
return be32_to_cpu(iplb->len) <= sizeof(IplParameterBlock);
}
+static inline bool ipl_valid_pv_components(IplParameterBlock *iplb)
+{
+ IPLBlockPV *ipib_pv = &iplb->pv;
+ int i;
+
+ if (ipib_pv->num_comp == 0) {
+ return false;
+ }
+
+ for (i = 0; i < ipib_pv->num_comp; i++) {
+ /* Addr must be 4k aligned */
+ if (ipib_pv->components[i].addr & ~TARGET_PAGE_MASK) {
+ return false;
+ }
+
+ /* Tweak prefix is monotonically increasing with each component */
+ if (i < ipib_pv->num_comp - 1 &&
+ ipib_pv->components[i].tweak_pref >=
+ ipib_pv->components[i + 1].tweak_pref) {
+ return false;
+ }
+ }
+ return true;
+}
+
+static inline bool ipl_valid_pv_header(IplParameterBlock *iplb)
+{
+ IPLBlockPV *ipib_pv = &iplb->pv;
+
+ if (ipib_pv->pv_header_len > 2 * TARGET_PAGE_SIZE) {
+ return false;
+ }
+
+ if (!address_space_access_valid(&address_space_memory,
+ ipib_pv->pv_header_addr,
+ ipib_pv->pv_header_len,
+ false,
+ MEMTXATTRS_UNSPECIFIED)) {
+ return false;
+ }
+
+ return true;
+}
+
+static inline bool iplb_valid_pv(IplParameterBlock *iplb)
+{
+ if (iplb->pbt != S390_IPL_TYPE_PV ||
+ be32_to_cpu(iplb->len) < S390_IPLB_MIN_PV_LEN) {
+ return false;
+ }
+ if (!ipl_valid_pv_header(iplb)) {
+ return false;
+ }
+ return ipl_valid_pv_components(iplb);
+}
+
static inline bool iplb_valid(IplParameterBlock *iplb)
{
switch (iplb->pbt) {
diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
new file mode 100644
index 0000000000000000000000000000000000000000..8cf5cd2c9bcd48b03af1e546fb3a85cdc7ac28bb
--- /dev/null
+++ b/hw/s390x/pv.c
@@ -0,0 +1,98 @@
+/*
+ * Protected Virtualization functions
+ *
+ * Copyright IBM Corp. 2020
+ * Author(s):
+ * Janosch Frank <frankja@linux.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+#include "qemu/osdep.h"
+
+#include <linux/kvm.h>
+
+#include "qemu/error-report.h"
+#include "sysemu/kvm.h"
+#include "hw/s390x/pv.h"
+
+static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data)
+{
+ struct kvm_pv_cmd pv_cmd = {
+ .cmd = cmd,
+ .data = (uint64_t)data,
+ };
+ int rc = kvm_vm_ioctl(kvm_state, KVM_S390_PV_COMMAND, &pv_cmd);
+
+ if (rc) {
+ error_report("KVM PV command %d (%s) failed: header rc %x rrc %x "
+ "IOCTL rc: %d", cmd, cmdname, pv_cmd.rc, pv_cmd.rrc,
+ rc);
+ }
+ return rc;
+}
+
+/*
+ * This macro lets us pass the command as a string to the function so
+ * we can print it on an error.
+ */
+#define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data);
+#define s390_pv_cmd_exit(cmd, data) \
+{ \
+ int rc; \
+ \
+ rc = __s390_pv_cmd(cmd, #cmd, data);\
+ if (rc) { \
+ exit(1); \
+ } \
+}
+
+int s390_pv_vm_enable(void)
+{
+ return s390_pv_cmd(KVM_PV_ENABLE, NULL);
+}
+
+void s390_pv_vm_disable(void)
+{
+ s390_pv_cmd_exit(KVM_PV_DISABLE, NULL);
+}
+
+int s390_pv_set_sec_parms(uint64_t origin, uint64_t length)
+{
+ struct kvm_s390_pv_sec_parm args = {
+ .origin = origin,
+ .length = length,
+ };
+
+ return s390_pv_cmd(KVM_PV_VM_SET_SEC_PARMS, &args);
+}
+
+/*
+ * Called for each component in the SE type IPL parameter block 0.
+ */
+int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak)
+{
+ struct kvm_s390_pv_unp args = {
+ .addr = addr,
+ .size = size,
+ .tweak = tweak,
+ };
+
+ return s390_pv_cmd(KVM_PV_VM_UNPACK, &args);
+}
+
+void s390_pv_perf_clear_reset(void)
+{
+ s390_pv_cmd_exit(KVM_PV_VM_PREP_RESET, NULL);
+}
+
+int s390_pv_verify(void)
+{
+ return s390_pv_cmd(KVM_PV_VM_VERIFY, NULL);
+}
+
+void s390_pv_unshare(void)
+{
+ s390_pv_cmd_exit(KVM_PV_VM_UNSHARE_ALL, NULL);
+}
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 0fa00a9fff3dbda8b34d29aad187..b4d681da43af43f23f66206cacf6 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -1,9 +1,10 @@
/*
* virtio ccw machine
*
- * Copyright 2012 IBM Corp.
+ * Copyright 2012, 2020 IBM Corp.
* Copyright (c) 2009 Alexander Graf <agraf@suse.de>
* Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
+ * Janosch Frank <frankja@linux.ibm.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or (at
* your option) any later version. See the COPYING file in the top-level
@@ -42,6 +43,8 @@
#include "hw/qdev-properties.h"
#include "hw/s390x/tod.h"
#include "sysemu/sysemu.h"
+#include "hw/s390x/pv.h"
+#include <linux/kvm.h>
S390CPU *s390_cpu_addr2state(uint16_t cpu_addr)
{
@@ -317,10 +320,78 @@ static inline void s390_do_cpu_ipl(CPUState *cs, run_on_cpu_data arg)
s390_cpu_set_state(S390_CPU_STATE_OPERATING, cpu);
}
+static void s390_machine_unprotect(S390CcwMachineState *ms)
+{
+ s390_pv_vm_disable();
+ ms->pv = false;
+}
+
+static int s390_machine_protect(S390CcwMachineState *ms)
+{
+ int rc;
+
+ /* Create SE VM */
+ rc = s390_pv_vm_enable();
+ if (rc) {
+ return rc;
+ }
+
+ ms->pv = true;
+
+ /* Set SE header and unpack */
+ rc = s390_ipl_prepare_pv_header();
+ if (rc) {
+ goto out_err;
+ }
+
+ /* Decrypt image */
+ rc = s390_ipl_pv_unpack();
+ if (rc) {
+ goto out_err;
+ }
+
+ /* Verify integrity */
+ rc = s390_pv_verify();
+ if (rc) {
+ goto out_err;
+ }
+ return rc;
+
+out_err:
+ s390_machine_unprotect(ms);
+ return rc;
+}
+
+static void s390_machine_inject_pv_error(CPUState *cs)
+{
+ int r1 = (cs->kvm_run->s390_sieic.ipa & 0x00f0) >> 4;
+ CPUS390XState *env = &S390_CPU(cs)->env;
+
+ /* Report that we are unable to enter protected mode */
+ env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
+}
+
+static void s390_pv_prepare_reset(S390CcwMachineState *ms)
+{
+ CPUState *cs;
+
+ if (!s390_is_pv()) {
+ return;
+ }
+ /* Unsharing requires all cpus to be stopped */
+ CPU_FOREACH(cs) {
+ s390_cpu_set_state(S390_CPU_STATE_STOPPED, S390_CPU(cs));
+ }
+ s390_pv_unshare();
+ s390_pv_perf_clear_reset();
+}
+
static void s390_machine_reset(MachineState *machine)
{
+ S390CcwMachineState *ms = S390_CCW_MACHINE(machine);
enum s390_reset reset_type;
CPUState *cs, *t;
+ S390CPU *cpu;
/* get the reset parameters, reset them once done */
s390_ipl_get_reset_request(&cs, &reset_type);
@@ -328,9 +399,15 @@ static void s390_machine_reset(MachineState *machine)
/* all CPUs are paused and synchronized at this point */
s390_cmma_reset();
+ cpu = S390_CPU(cs);
+
switch (reset_type) {
case S390_RESET_EXTERNAL:
case S390_RESET_REIPL:
+ if (s390_is_pv()) {
+ s390_machine_unprotect(ms);
+ }
+
qemu_devices_reset();
s390_crypto_reset();
@@ -338,22 +415,56 @@ static void s390_machine_reset(MachineState *machine)
run_on_cpu(cs, s390_do_cpu_ipl, RUN_ON_CPU_NULL);
break;
case S390_RESET_MODIFIED_CLEAR:
+ /*
+ * Susbsystem reset needs to be done before we unshare memory
+ * and lose access to VIRTIO structures in guest memory.
+ */
+ subsystem_reset();
+ s390_crypto_reset();
+ s390_pv_prepare_reset(ms);
CPU_FOREACH(t) {
run_on_cpu(t, s390_do_cpu_full_reset, RUN_ON_CPU_NULL);
}
- subsystem_reset();
- s390_crypto_reset();
run_on_cpu(cs, s390_do_cpu_load_normal, RUN_ON_CPU_NULL);
break;
case S390_RESET_LOAD_NORMAL:
+ /*
+ * Susbsystem reset needs to be done before we unshare memory
+ * and lose access to VIRTIO structures in guest memory.
+ */
+ subsystem_reset();
+ s390_pv_prepare_reset(ms);
CPU_FOREACH(t) {
if (t == cs) {
continue;
}
run_on_cpu(t, s390_do_cpu_reset, RUN_ON_CPU_NULL);
}
- subsystem_reset();
run_on_cpu(cs, s390_do_cpu_initial_reset, RUN_ON_CPU_NULL);
+ run_on_cpu(cs, s390_do_cpu_load_normal, RUN_ON_CPU_NULL);
+ break;
+ case S390_RESET_PV: /* Subcode 10 */
+ subsystem_reset();
+ s390_crypto_reset();
+
+ CPU_FOREACH(t) {
+ if (t == cs) {
+ continue;
+ }
+ run_on_cpu(t, s390_do_cpu_full_reset, RUN_ON_CPU_NULL);
+ }
+ run_on_cpu(cs, s390_do_cpu_reset, RUN_ON_CPU_NULL);
+
+ if (s390_machine_protect(ms)) {
+ s390_machine_inject_pv_error(cs);
+ /*
+ * Continue after the diag308 so the guest knows something
+ * went wrong.
+ */
+ s390_cpu_set_state(S390_CPU_STATE_OPERATING, cpu);
+ return;
+ }
+
run_on_cpu(cs, s390_do_cpu_load_normal, RUN_ON_CPU_NULL);
break;
default:
diff --git a/include/hw/s390x/pv.h b/include/hw/s390x/pv.h
new file mode 100644
index 0000000000000000000000000000000000000000..c6cb360f2f6a0a32a37970769e1bf2eb0220b199
--- /dev/null
+++ b/include/hw/s390x/pv.h
@@ -0,0 +1,55 @@
+/*
+ * Protected Virtualization header
+ *
+ * Copyright IBM Corp. 2020
+ * Author(s):
+ * Janosch Frank <frankja@linux.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+#ifndef HW_S390_PV_H
+#define HW_S390_PV_H
+
+#ifdef CONFIG_KVM
+#include "hw/s390x/s390-virtio-ccw.h"
+
+static inline bool s390_is_pv(void)
+{
+ static S390CcwMachineState *ccw;
+ Object *obj;
+
+ if (ccw) {
+ return ccw->pv;
+ }
+
+ /* we have to bail out for the "none" machine */
+ obj = object_dynamic_cast(qdev_get_machine(),
+ TYPE_S390_CCW_MACHINE);
+ if (!obj) {
+ return false;
+ }
+ ccw = S390_CCW_MACHINE(obj);
+ return ccw->pv;
+}
+
+int s390_pv_vm_enable(void);
+void s390_pv_vm_disable(void);
+int s390_pv_set_sec_parms(uint64_t origin, uint64_t length);
+int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak);
+void s390_pv_perf_clear_reset(void);
+int s390_pv_verify(void);
+void s390_pv_unshare(void);
+#else /* CONFIG_KVM */
+static inline bool s390_is_pv(void) { return false; }
+static inline int s390_pv_vm_enable(void) { return 0; }
+static inline void s390_pv_vm_disable(void) {}
+static inline int s390_pv_set_sec_parms(uint64_t origin, uint64_t length) { return 0; }
+static inline int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak) { return 0; }
+static inline void s390_pv_perf_clear_reset(void) {}
+static inline int s390_pv_verify(void) { return 0; }
+static inline void s390_pv_unshare(void) {}
+#endif /* CONFIG_KVM */
+
+#endif /* HW_S390_PV_H */
diff --git a/include/hw/s390x/s390-virtio-ccw.h b/include/hw/s390x/s390-virtio-ccw.h
index 8aa27199c9123bab03d3450313a5..cd1dccc6e3ba86455a9de5eb41cb 100644
--- a/include/hw/s390x/s390-virtio-ccw.h
+++ b/include/hw/s390x/s390-virtio-ccw.h
@@ -28,6 +28,7 @@ typedef struct S390CcwMachineState {
/*< public >*/
bool aes_key_wrap;
bool dea_key_wrap;
+ bool pv;
uint8_t loadparm[8];
} S390CcwMachineState;
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index 427a46e3e1b61da1b7aae1f0e543..bb7a588e3b791fe48b4e0a0826dd 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -37,6 +37,7 @@
#include "sysemu/hw_accel.h"
#include "hw/qdev-properties.h"
#ifndef CONFIG_USER_ONLY
+#include "hw/s390x/pv.h"
#include "hw/boards.h"
#include "sysemu/arch_init.h"
#include "sysemu/sysemu.h"
diff --git a/target/s390x/cpu_features_def.inc.h b/target/s390x/cpu_features_def.inc.h
index 31dff0d84e9724513b1945f8d447..60db28351d059091b6e05fd62c37 100644
--- a/target/s390x/cpu_features_def.inc.h
+++ b/target/s390x/cpu_features_def.inc.h
@@ -107,6 +107,7 @@ DEF_FEAT(DEFLATE_BASE, "deflate-base", STFL, 151, "Deflate-conversion facility (
DEF_FEAT(VECTOR_PACKED_DECIMAL_ENH, "vxpdeh", STFL, 152, "Vector-Packed-Decimal-Enhancement Facility")
DEF_FEAT(MSA_EXT_9, "msa9-base", STFL, 155, "Message-security-assist-extension-9 facility (excluding subfunctions)")
DEF_FEAT(ETOKEN, "etoken", STFL, 156, "Etoken facility")
+DEF_FEAT(UNPACK, "unpack", STFL, 161, "Unpack facility")
/* Features exposed via SCLP SCCB Byte 80 - 98 (bit numbers relative to byte-80) */
DEF_FEAT(SIE_GSLS, "gsls", SCLP_CONF_CHAR, 40, "SIE: Guest-storage-limit-suppression facility")
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 8aba6341f94848e1ce8fff420ed8..b2cbefb8cfe4e5a244219e761fb4 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -20,6 +20,8 @@
#include "sysemu/cpus.h"
#include "hw/s390x/ipl.h"
#include "hw/s390x/s390-virtio-ccw.h"
+#include "hw/s390x/pv.h"
+#include "kvm_s390x.h"
int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3)
{
@@ -52,6 +54,10 @@ int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3)
static int diag308_parm_check(CPUS390XState *env, uint64_t r1, uint64_t addr,
uintptr_t ra, bool write)
{
+ /* Handled by the Ultravisor */
+ if (s390_is_pv()) {
+ return 0;
+ }
if ((r1 & 1) || (addr & ~TARGET_PAGE_MASK)) {
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return -1;
@@ -67,6 +73,7 @@ static int diag308_parm_check(CPUS390XState *env, uint64_t r1, uint64_t addr,
void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
{
+ bool valid;
CPUState *cs = env_cpu(env);
uint64_t addr = env->regs[r1];
uint64_t subcode = env->regs[r3];
@@ -82,6 +89,11 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
return;
}
+ if (subcode >= DIAG308_PV_SET && !s390_has_feat(S390_FEAT_UNPACK)) {
+ s390_program_interrupt(env, PGM_SPECIFICATION, ra);
+ return;
+ }
+
switch (subcode) {
case DIAG308_RESET_MOD_CLR:
s390_ipl_reset_request(cs, S390_RESET_MODIFIED_CLEAR);
@@ -94,6 +106,7 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
s390_ipl_reset_request(cs, S390_RESET_REIPL);
break;
case DIAG308_SET:
+ case DIAG308_PV_SET:
if (diag308_parm_check(env, r1, addr, ra, false)) {
return;
}
@@ -106,7 +119,8 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
cpu_physical_memory_read(addr, iplb, be32_to_cpu(iplb->len));
- if (!iplb_valid(iplb)) {
+ valid = subcode == DIAG308_PV_SET ? iplb_valid_pv(iplb) : iplb_valid(iplb);
+ if (!valid) {
env->regs[r1 + 1] = DIAG_308_RC_INVALID;
goto out;
}
@@ -117,10 +131,15 @@ out:
g_free(iplb);
return;
case DIAG308_STORE:
+ case DIAG308_PV_STORE:
if (diag308_parm_check(env, r1, addr, ra, true)) {
return;
}
- iplb = s390_ipl_get_iplb();
+ if (subcode == DIAG308_PV_STORE) {
+ iplb = s390_ipl_get_iplb_pv();
+ } else {
+ iplb = s390_ipl_get_iplb();
+ }
if (iplb) {
cpu_physical_memory_write(addr, iplb, be32_to_cpu(iplb->len));
env->regs[r1 + 1] = DIAG_308_RC_OK;
@@ -128,6 +147,22 @@ out:
env->regs[r1 + 1] = DIAG_308_RC_NO_CONF;
}
return;
+ case DIAG308_PV_START:
+ iplb = s390_ipl_get_iplb_pv();
+ if (!iplb) {
+ env->regs[r1 + 1] = DIAG_308_RC_NO_PV_CONF;
+ return;
+ }
+
+ if (kvm_s390_get_hpage_1m()) {
+ error_report("Protected VMs can currently not be backed with "
+ "huge pages");
+ env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
+ return;
+ }
+
+ s390_ipl_reset_request(cs, S390_RESET_PV);
+ break;
default:
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
break;
diff --git a/target/s390x/kvm-stub.c b/target/s390x/kvm-stub.c
index c4cd497f850eb9c7a859932b0f1f..aa185017a2a886ca300fa75747ed 100644
--- a/target/s390x/kvm-stub.c
+++ b/target/s390x/kvm-stub.c
@@ -39,6 +39,11 @@ int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu)
return 0;
}
+int kvm_s390_get_hpage_1m(void)
+{
+ return 0;
+}
+
int kvm_s390_get_ri(void)
{
return 0;
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index 7f7ebab84279290cb0992d41e706..b2b14bde2b251986230153adca9a 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -321,6 +321,11 @@ void kvm_s390_set_max_pagesize(uint64_t pagesize, Error **errp)
cap_hpage_1m = 1;
}
+int kvm_s390_get_hpage_1m(void)
+{
+ return cap_hpage_1m;
+}
+
static void ccw_machine_class_foreach(ObjectClass *oc, void *opaque)
{
MachineClass *mc = MACHINE_CLASS(oc);
diff --git a/target/s390x/kvm_s390x.h b/target/s390x/kvm_s390x.h
index 0b21789796d7c462bdc72160166f..dea813f450153c34e1269424772d 100644
--- a/target/s390x/kvm_s390x.h
+++ b/target/s390x/kvm_s390x.h
@@ -23,6 +23,7 @@ void kvm_s390_program_interrupt(S390CPU *cpu, uint16_t code);
int kvm_s390_set_cpu_state(S390CPU *cpu, uint8_t cpu_state);
void kvm_s390_vcpu_interrupt_pre_save(S390CPU *cpu);
int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu);
+int kvm_s390_get_hpage_1m(void);
int kvm_s390_get_ri(void);
int kvm_s390_get_gs(void);
int kvm_s390_get_clock(uint8_t *tod_high, uint64_t *tod_clock);

View File

@ -1,129 +0,0 @@
From: Christian Borntraeger <borntraeger@de.ibm.com>
Date: Mon, 6 Apr 2020 06:01:58 -0400
Subject: s390x/s390-virtio-ccw: Fix build on systems without KVM
References: bsc#1167075
linux/kvm.h is not available on all platforms. Let us move
s390_machine_inject_pv_error into pv.c as it uses KVM structures.
Also rename the function to s390_pv_inject_reset_error.
While at it, ipl.h needs an include for "exec/address-spaces.h"
as it uses address_space_memory.
Fixes: 49fc3220175e ("s390x: protvirt: Support unpack facility")
Reported-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/s390x/ipl.h | 1 +
hw/s390x/pv.c | 11 +++++++++++
hw/s390x/s390-virtio-ccw.c | 12 +-----------
include/hw/s390x/pv.h | 3 +++
4 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
index 89b3044d7a2ee54014daa8eeafc9..53cc9eb5ac4d326b2b61bf1668a8 100644
--- a/hw/s390x/ipl.h
+++ b/hw/s390x/ipl.h
@@ -14,6 +14,7 @@
#define HW_S390_IPL_H
#include "cpu.h"
+#include "exec/address-spaces.h"
#include "hw/qdev-core.h"
struct IPLBlockPVComp {
diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 8cf5cd2c9bcd48b03af1e546fb3a..2c4d5e89890b7d21abdcd718c2f2 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -13,8 +13,10 @@
#include <linux/kvm.h>
+#include "cpu.h"
#include "qemu/error-report.h"
#include "sysemu/kvm.h"
+#include "hw/s390x/ipl.h"
#include "hw/s390x/pv.h"
static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data)
@@ -96,3 +98,12 @@ void s390_pv_unshare(void)
{
s390_pv_cmd_exit(KVM_PV_VM_UNSHARE_ALL, NULL);
}
+
+void s390_pv_inject_reset_error(CPUState *cs)
+{
+ int r1 = (cs->kvm_run->s390_sieic.ipa & 0x00f0) >> 4;
+ CPUS390XState *env = &S390_CPU(cs)->env;
+
+ /* Report that we are unable to enter protected mode */
+ env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
+}
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index db45249320abf7920ec8730790c2..501d4a66b346cfe9a987cebe884d 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -45,7 +45,6 @@
#include "sysemu/sysemu.h"
#include "sysemu/balloon.h"
#include "hw/s390x/pv.h"
-#include <linux/kvm.h>
#include "migration/blocker.h"
static Error *pv_mig_blocker;
@@ -391,15 +390,6 @@ out_err:
return rc;
}
-static void s390_machine_inject_pv_error(CPUState *cs)
-{
- int r1 = (cs->kvm_run->s390_sieic.ipa & 0x00f0) >> 4;
- CPUS390XState *env = &S390_CPU(cs)->env;
-
- /* Report that we are unable to enter protected mode */
- env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
-}
-
static void s390_pv_prepare_reset(S390CcwMachineState *ms)
{
CPUState *cs;
@@ -485,7 +475,7 @@ static void s390_machine_reset(MachineState *machine)
run_on_cpu(cs, s390_do_cpu_reset, RUN_ON_CPU_NULL);
if (s390_machine_protect(ms)) {
- s390_machine_inject_pv_error(cs);
+ s390_pv_inject_reset_error(cs);
/*
* Continue after the diag308 so the guest knows something
* went wrong.
diff --git a/include/hw/s390x/pv.h b/include/hw/s390x/pv.h
index c6cb360f2f6a0a32a37970769e1b..522ca6a04ee877940ff1de9f410b 100644
--- a/include/hw/s390x/pv.h
+++ b/include/hw/s390x/pv.h
@@ -13,6 +13,7 @@
#define HW_S390_PV_H
#ifdef CONFIG_KVM
+#include "cpu.h"
#include "hw/s390x/s390-virtio-ccw.h"
static inline bool s390_is_pv(void)
@@ -41,6 +42,7 @@ int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak);
void s390_pv_perf_clear_reset(void);
int s390_pv_verify(void);
void s390_pv_unshare(void);
+void s390_pv_inject_reset_error(CPUState *cs);
#else /* CONFIG_KVM */
static inline bool s390_is_pv(void) { return false; }
static inline int s390_pv_vm_enable(void) { return 0; }
@@ -50,6 +52,7 @@ static inline int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak) {
static inline void s390_pv_perf_clear_reset(void) {}
static inline int s390_pv_verify(void) { return 0; }
static inline void s390_pv_unshare(void) {}
+static inline void s390_pv_inject_reset_error(CPUState *cs) {};
#endif /* CONFIG_KVM */
#endif /* HW_S390_PV_H */

View File

@ -17,7 +17,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
5 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/roms/seabios/Makefile b/roms/seabios/Makefile
index de1fa90035b82ef3608d68d62f59..ca8d0283922bbfa931e85511e921 100644
index 87a6ac92e69f23c1ce799d16512a..edb83b7a1c77f7bb75c371330b2c 100644
--- a/roms/seabios/Makefile
+++ b/roms/seabios/Makefile
@@ -22,7 +22,7 @@ LD=$(CROSS_PREFIX)ld

View File

@ -14,7 +14,7 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/roms/seabios/Makefile b/roms/seabios/Makefile
index 5f7d5370198abac950b24e08a7aa..de1fa90035b82ef3608d68d62f59 100644
index 3d8943ef5f25afb9c41db84ad2a0..87a6ac92e69f23c1ce799d16512a 100644
--- a/roms/seabios/Makefile
+++ b/roms/seabios/Makefile
@@ -22,7 +22,7 @@ LD=$(CROSS_PREFIX)ld

View File

@ -202,6 +202,7 @@ Deprecated, Superseded, Modified and Dropped Features
and could possibly change syntax in the future.
- This previously unsupported command line option is now deprecated:
-soundhw (use -device ... instead)
-tb-size
- These previously unsupported command line options are no longer recognized:
@ -732,7 +733,9 @@ QEMU Command-Line and Monitor Syntax and Support
allwinner-rtc-sun6i|allwinner-rtc-sun7i|allwinner-sdhost-sun4i|
allwinner-sdhost-sun5i|allwinner-sid|allwinner-sun8i-emac|imx.rngc|
imx.usbphy|serial|serial-io|stm32f405-soc|stm32f4xx-exti|
stm32f4xx-syscfg|tpm-tis-device]
stm32f4xx-syscfg|tpm-tis-device|nvdimm|vhost-user-vsock-device|i
vhost-user-vsock-pci|vhost-user-vsock-pci-non-transitional|
vhost-user-vsock-pci-transitional]
(the following are aliases of these unsupported devices: lsi|
piix3-usb-uhci)
(note that some of these device names represent supported devices and
@ -760,10 +763,10 @@ QEMU Command-Line and Monitor Syntax and Support
mps2-an511|mps2-an521|musca-a|musca-b1|musicpal|n800|n810|netduino2|
netduinoplus2|nuri|orangepi-pc|palmetto-bmc|raspi2|raspi3|realview-eb|
realview-eb-mpcore|realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite|
sbsa-ref|smdkc210|spitz|swift-bmc|sx1|sx1-v1|tacoma-bmc|terrier|tosa|
verdex|versatileab|versatilepb|vexpress-a15|vexpress-a9|virt-2.7|virt-2.8|
virt-2.12|virt-3.0|virt-4.0|virt-4.1|virt-5.0|witherspoon-bmc|
xilinx-zynq-a9|xlnx-versal-virt|xlnx-zcu102|z2]
sbsa-ref|smdkc210|sonorapass-bmc|spitz|swift-bmc|sx1|sx1-v1|tacoma-bmc|
terrier|tosa|verdex|versatileab|versatilepb|vexpress-a15|vexpress-a9|
virt-2.7|virt-2.8|virt-2.12|virt-3.0|virt-4.0|virt-4.1|virt-5.0|virt-5.1|
witherspoon-bmc|xilinx-zynq-a9|xlnx-versal-virt|xlnx-zcu102|z2]
-machine
@ -774,10 +777,11 @@ QEMU Command-Line and Monitor Syntax and Support
musicpal|n800|n810|netduino2|netduinoplus2|nuri|orangepi-pc|
palmetto-bmc|raspi2|raspi3|realview-eb|realview-eb-mpcore|
realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite|sbsa-ref|
smdkc210|spitz|swift-bmc|sx1|sx1-v1|tacoma-bmc|terrier|tosa|verdex|
versatileab|versatilepb|vexpress-a15|vexpress-a9|virt-2.7|virt-2.8|
virt-2.12|virt-3.0|virt-4.0|virt-4.1|virt-5.0|witherspoon-bmc|
xilinx-zynq-a9|xlnx-versal-virt|xlnx-zcu102|z2]
smdkc210|sonorapass-bmc|spitz|swift-bmc|sx1|sx1-v1|tacoma-bmc|
terrier|tosa|verdex|versatileab|versatilepb|vexpress-a15|vexpress-a9|
virt-2.7|virt-2.8|virt-2.12|virt-3.0|virt-4.0|virt-4.1|virt-5.0|
virt-5.1|witherspoon-bmc|xilinx-zynq-a9|xlnx-versal-virt|xlnx-zcu102|
z2]
-mtdblock file
-net [dump|socket|vde] ...
@ -865,6 +869,7 @@ QEMU Command-Line and Monitor Syntax and Support
query-colo-status
query-sev
query-sev-launch-measure
x-blockdev-amend
x-blockdev-change
x-blockdev-insert-medium
x-blockdev-remove-medium

View File

@ -197,6 +197,7 @@ Deprecated, Superseded, Modified and Dropped Features
-bt
-device ide-drive (use ide-hd or ide-cd)
-device scsi-disk (use scsi-hd or scsi-cd)
-soundhw (use -device ... instead)
-tb-size
- These previously unsupported command line options are no longer recognized:
@ -687,7 +688,10 @@ QEMU Command-Line and Monitor Syntax and Support
zEC12.2-s390x-cpu|zEC12-base-s390x-cpu|zEC12-s390x-cpu|cpu-cluster|
z14.2-base-s390x-cpu|z14.2-s390x-cpu|vhost-user-fs-device|
virtio-iommu-device|virtio-iommu-pci|
virtio-iommu-pci-non-transitional|virtio-iommu-pci-transitional]
virtio-iommu-pci-non-transitional|virtio-iommu-pci-transitional|
vhost-user-vsock-device|vhost-user-vsock-pci|
vhost-user-vsock-pci-non-transitional|
vhost-user-vsock-pci-transitional]
(the following are aliases of these unsupported devices: lsi|
ahci|e1000-82540em|vfio-ccw)
(note that some of these device names represent supported devices and
@ -712,14 +716,14 @@ QEMU Command-Line and Monitor Syntax and Support
[s390-ccw-virtio-2.4|s390-ccw-virtio-2.5|s390-ccw-virtio-2.7|
s390-ccw-virtio-2.8|s390-ccw-virtio-2.10|s390-ccw-virtio-2.12|
s390-ccw-virtio-3.0|s390-ccw-virtio-4.0|s390-ccw-virtio-4.1|
s390-ccw-virtio-5.0]
s390-ccw-virtio-5.0|s390-ccw-virtio-5.1]
-machine
[s390-ccw-virtio-2.4|s390-ccw-virtio-2.5|s390-ccw-virtio-2.7|
s390-ccw-virtio-2.8|s390-ccw-virtio-2.10|s390-ccw-virtio-2.12|
s390-ccw-virtio-3.0|s390-ccw-virtio-4.0|s390-ccw-virtio-4.1|
s390-ccw-virtio-5.0]
s390-ccw-virtio-5.0|s390-ccw-virtio-5.1]
-mtdblock file
-net [dump|socket|vde] ...
@ -817,6 +821,7 @@ QEMU Command-Line and Monitor Syntax and Support
query-tpm
query-tpm-models
query-tpm-types
x-blockdev-amend
x-blockdev-change
x-blockdev-insert-medium
x-blockdev-remove-medium

View File

@ -241,6 +241,7 @@ Deprecated, Superseded, Modified and Dropped Features
- These previously unsupported command line options are now deprecated:
-no-kvm-pit
-soundhw (use -device ... instead)
-tb-size
- The case of specified sockets, cores, and threads not matching the vcpu count
@ -802,7 +803,10 @@ QEMU Command-Line and Monitor Syntax and Support
intel-iommu|vhost-user-fs-device|tulip|ati-vga|i2c-ddc|pci-ipmi-bt|
pci-ipmi-kcs|serial|serial-io|serial-mm|virtio-iommu-device|
virtio-iommu-pci|virtio-iommu-pci-nontransitional|
virtio-iommu-pci-transitional|xen-sysdev|imx.usbphy]
virtio-iommu-pci-transitional|xen-sysdev|imx.usbphy|vmbus-bridge|
vhost-user-vsock-device|vhost-user-vsock-pci|
vhost-user-vsock-pci-non-transitional|
vhost-user-vsock-pci-transitional|virtio-mem|virtio-mem-pci]
(the following are aliases of these unsupported devices: lsi)
(note that some of these device names represent supported devices and
are used internally, but are not specifyable via -device even though
@ -824,10 +828,10 @@ QEMU Command-Line and Monitor Syntax and Support
[isapc|microvm|pc-1.0|pc-1.1|pc-1.2|pc-1.3|pc-i440fx-1.5|pc-i440fx-1.6|
pc-i440fx-2.1|pc-i440fx-2.2|pc-i440fx-2.4|pc-i440fx-2.5|pc-i440fx-2.7|
pc-i440fx-2.8|pc-i440fx-2.10|pc-i440fx-2.12|pc-i440fx-3.0|pc-i440fx-4.0|
pc-i440fx-4.1|pc-i440fx-5.0|pc-q35-1.4|pc-q35-1.5|pc-q35-1.6|pc-q35-1.7|
pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3|pc-q35-2.4|pc-q35-2.5|
pc-q35-2.7|pc-q35-2.8|pc-q35-2.10|pc-q35-2.12|pc-q35-3.0|pc-q35-4.0|
pc-q35-4.1|pc-q35-5.0]
pc-i440fx-4.1|pc-i440fx-5.0|pc-i440fx-5.1|pc-q35-1.4|pc-q35-1.5|pc-q35-1.6|
pc-q35-1.7|pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3|pc-q35-2.4|
pc-q35-2.5|pc-q35-2.7|pc-q35-2.8|pc-q35-2.10|pc-q35-2.12|pc-q35-3.0|
pc-q35-4.0|pc-q35-4.1|pc-q35-5.0|pc-q35-5.1]
-machine
@ -835,10 +839,10 @@ QEMU Command-Line and Monitor Syntax and Support
pc-i440fx-1.6|pc-i440fx-2.1|pc-i440fx-2.2|pc-i440fx-2.4|
pc-i440fx-2.5|pc-i440fx-2.7|pc-i440fx-2.8|pc-i440fx-2.10|
pc-i440fx-2.12|pc-i440fx-3.0|pc-i440fx-4.0|pc-i440fx-4.1|
pc-i440fx-5.0|pc-q35-1.4|pc-q35-1.5|pc-q35-1.6|pc-q35-1.7|
pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3|pc-q35-2.4|pc-q35-2.5|
pc-q35-2.7|pc-q35-2.8|pc-q35-2.10|pc-q35-2.12|pc-q35-3.0|
pc-q35-4.0|pc-q35-4.1|pc-q35-5.0]
pc-i440fx-5.0|pc-i440fx-5.1|pc-q35-1.4|pc-q35-1.5|pc-q35-1.6|
pc-q35-1.7|pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3|pc-q35-2.4|
pc-q35-2.5|pc-q35-2.7|pc-q35-2.8|pc-q35-2.10|pc-q35-2.12|pc-q35-3.0|
pc-q35-4.0|pc-q35-4.1|pc-q35-5.0|pc-q35-5.1]
-mtdblock file
-net [dump|socket|vde] ...
@ -916,6 +920,7 @@ QEMU Command-Line and Monitor Syntax and Support
query-colo-status
query-sev
query-sev-launch-measure
x-blockdev-amend
x-blockdev-change
x-blockdev-insert-medium
x-blockdev-remove-medium

View File

@ -1,28 +0,0 @@
From: Bruce Rogers <brogers@suse.com>
Date: Wed, 2 Oct 2019 07:28:04 -0600
Subject: tests: Disable some block tests for now
Most tests previously disabled for qemu-testsuite to be able to complete
successfully are no longer (as of v4.1) listed as auto, and therefore
do not get run anymore.
27NOV2019 - added 161 since it is failing on s390x and ppc consistently
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
tests/qemu-iotests/group | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 435dccd5af90754a3f80f4455bdb..a6c8ed8a5cdef50383594305c0c1 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -182,7 +182,7 @@
158 rw auto quick
159 rw auto quick
160 rw quick
-161 rw auto quick
+#DISABLE FOR NOW 161 rw auto quick
162 quick
163 rw
165 rw quick

View File

@ -16,10 +16,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
4 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/tests/qemu-iotests/130 b/tests/qemu-iotests/130
index 77ad2aa13a06094f26d2c8991e48..fd84a4c77d192e15ee961b07994b 100755
index a7b365701c490b4b4894eb0c26a8..02cb0f8216a6618b5e0dc526c361 100755
--- a/tests/qemu-iotests/130
+++ b/tests/qemu-iotests/130
@@ -64,7 +64,8 @@ echo
@@ -63,7 +63,8 @@ echo
_launch_qemu -drive id=testdisk,file="$TEST_IMG",backing.file.filename="$TEST_IMG.base"
_send_qemu_cmd $QEMU_HANDLE "commit testdisk" "(qemu)"
_send_qemu_cmd $QEMU_HANDLE '' '(qemu)'
@ -29,7 +29,7 @@ index 77ad2aa13a06094f26d2c8991e48..fd84a4c77d192e15ee961b07994b 100755
_img_info | _filter_img_info
# Make sure that if there was a backing file that was just overridden on the
@@ -73,7 +74,8 @@ _make_test_img -F raw -b "$TEST_IMG.orig" 64M
@@ -72,7 +73,8 @@ _make_test_img -F raw -b "$TEST_IMG.orig" 64M
_launch_qemu -drive id=testdisk,file="$TEST_IMG",backing.file.filename="$TEST_IMG.base",backing.driver=$IMGFMT
_send_qemu_cmd $QEMU_HANDLE "commit testdisk" "(qemu)"
_send_qemu_cmd $QEMU_HANDLE '' '(qemu)'
@ -60,10 +60,10 @@ index e45285ccc311522481ac1b27ba99..7168bdf70c3eb32d4de0d28bb947 100644
file format: IMGFMT
virtual size: 64 MiB (67108864 bytes)
diff --git a/tests/qemu-iotests/153 b/tests/qemu-iotests/153
index 2b1311176801e30485cf39ec65d8..608a377af5f3662dc25ddcebb01e 100755
index 34045ea3cfeb5e30acac17ae8a10..b5cec71dd9a718055d9264e51946 100755
--- a/tests/qemu-iotests/153
+++ b/tests/qemu-iotests/153
@@ -202,7 +202,8 @@ _send_qemu_cmd $QEMU_HANDLE \
@@ -201,7 +201,8 @@ _send_qemu_cmd $QEMU_HANDLE \
'return'
_run_cmd $QEMU_IMG commit -b "${TEST_IMG}.b" "${TEST_IMG}.c"
@ -73,7 +73,7 @@ index 2b1311176801e30485cf39ec65d8..608a377af5f3662dc25ddcebb01e 100755
_launch_qemu
@@ -254,7 +255,8 @@ _send_qemu_cmd $QEMU_HANDLE \
@@ -253,7 +254,8 @@ _send_qemu_cmd $QEMU_HANDLE \
_run_cmd $QEMU_IO "${TEST_IMG}" -c 'write 0 512'
@ -84,10 +84,10 @@ index 2b1311176801e30485cf39ec65d8..608a377af5f3662dc25ddcebb01e 100755
echo
echo "== Detecting -U and force-share conflicts =="
diff --git a/tests/qemu-iotests/153.out b/tests/qemu-iotests/153.out
index f7464dd8d345a853f7b64a67c6d0..8bc14f6abf94662473d6d93b5672 100644
index 8a79e1ee870d72c6d346898113b1..d1d6b673b22d5443700ae9c146c7 100644
--- a/tests/qemu-iotests/153.out
+++ b/tests/qemu-iotests/153.out
@@ -421,6 +421,8 @@ Is another process using the image [TEST_DIR/t.qcow2]?
@@ -424,6 +424,8 @@ Is another process using the image [TEST_DIR/t.qcow2]?
_qemu_img_wrapper commit -b TEST_DIR/t.qcow2.b TEST_DIR/t.qcow2.c
{ 'execute': 'qmp_capabilities' }
{"return": {}}
@ -96,7 +96,7 @@ index f7464dd8d345a853f7b64a67c6d0..8bc14f6abf94662473d6d93b5672 100644
Adding drive
{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } }
{"return": "OKrn"}
@@ -454,6 +456,8 @@ Closing the other
@@ -457,6 +459,8 @@ Closing the other
{"return": ""}
_qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512

View File

@ -245,6 +245,7 @@ osc add qemu-$SOURCE_VERSION$VERSION_EXTRA.tar.xz
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# !! We (perhaps temporarily) do MORE recursive submodules, since we are tracking ALL in these scripts, while upstream doesn't include all in tarball currently
# !!! THIS IS AT LEAST PARTLY REDUNDANT WITH THE update --init DONE ABOUT 30 LINES AGO
(cd $GIT_DIR && git submodule update --init --recursive &>/dev/null)
SUBMODULE_COMMIT_IDS=($(git -C $GIT_DIR submodule status --recursive|awk '{print $1}'))
SUBMODULE_DIRS=($(git -C $GIT_DIR submodule status --recursive|awk '{print $2}'))
@ -479,8 +480,9 @@ rm -rf $BUNDLE_DIR
echo "QEMU source version: $SOURCE_VERSION"
echo "QEMU version extra: $VERSION_EXTRA"
# get rid of "rel-" prefix to the seabios version - keep any trailing git info, such as: "-44-g88ab0c1"
SEABIOS_VERSION=${SEABIOS_VERSION:-$(tar JxfO qemu-$SOURCE_VERSION$VERSION_EXTRA.tar.xz \
qemu-$SOURCE_VERSION/roms/seabios/.version | cut -d '-' -f 2)}
qemu-$SOURCE_VERSION/roms/seabios/.version | cut -c5- | tr '-' '_')}
for package in qemu; do
while IFS= read -r line; do

View File

@ -1,30 +0,0 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 25 Jun 2020 11:17:09 +0200
Subject: vga: fix cirrus bios
Git-commit: d11c75185276ded944f2ea0277532b7fee849bbc
Little mistake, big effect. The patch adding the ati driver broke
cirrus due to a missing "else", which effectively downgrades cirrus
to standard vga.
Fixes: 34b6ecc16074 ("vga: add atiext driver")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
vgasrc/vgahw.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/roms/seabios/vgasrc/vgahw.h b/roms/seabios/vgasrc/vgahw.h
index c774f4f2c6b7c8012096bac2f0ed..8b64660e5ef70d71b440013300bc 100644
--- a/roms/seabios/vgasrc/vgahw.h
+++ b/roms/seabios/vgasrc/vgahw.h
@@ -36,7 +36,7 @@ static inline int vgahw_set_mode(struct vgamode_s *vmode_g, int flags) {
static inline void vgahw_list_modes(u16 seg, u16 *dest, u16 *last) {
if (CONFIG_VGA_CIRRUS)
clext_list_modes(seg, dest, last);
- if (CONFIG_VGA_ATI)
+ else if (CONFIG_VGA_ATI)
ati_list_modes(seg, dest, last);
else if (CONFIG_VGA_BOCHS)
bochsvga_list_modes(seg, dest, last);

View File

@ -1,147 +0,0 @@
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Fri, 1 May 2020 15:06:43 +0100
Subject: virtiofsd: add --rlimit-nofile=NUM option
Git-commit: 6dbb716877728ce4eb51619885ef6ef4ada9565f
References: bsc#1171110
Make it possible to specify the RLIMIT_NOFILE on the command-line.
Users running multiple virtiofsd processes should allocate a certain
number to each process so that the system-wide limit can never be
exhausted.
When this option is set to 0 the rlimit is left at its current value.
This is useful when a management tool wants to configure the rlimit
itself.
The default behavior remains unchanged: try to set the limit to
1,000,000 file descriptors if the current rlimit is lower.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200501140644.220940-2-stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
tools/virtiofsd/fuse_lowlevel.h | 1 +
tools/virtiofsd/helper.c | 23 +++++++++++++++++++++++
tools/virtiofsd/passthrough_ll.c | 22 ++++++++--------------
3 files changed, 32 insertions(+), 14 deletions(-)
diff --git a/tools/virtiofsd/fuse_lowlevel.h b/tools/virtiofsd/fuse_lowlevel.h
index 8f6d705b5ccdb318b860ed2d2dc7..562fd5241ed400013f6fa65116ee 100644
--- a/tools/virtiofsd/fuse_lowlevel.h
+++ b/tools/virtiofsd/fuse_lowlevel.h
@@ -1777,6 +1777,7 @@ struct fuse_cmdline_opts {
int syslog;
int log_level;
unsigned int max_idle_threads;
+ unsigned long rlimit_nofile;
};
/**
diff --git a/tools/virtiofsd/helper.c b/tools/virtiofsd/helper.c
index 819c2bc13cf7c23c2876f175104b..dc59f38af02c73c2a492fd3b2d6f 100644
--- a/tools/virtiofsd/helper.c
+++ b/tools/virtiofsd/helper.c
@@ -23,6 +23,8 @@
#include <stdlib.h>
#include <string.h>
#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/resource.h>
#include <unistd.h>
#define FUSE_HELPER_OPT(t, p) \
@@ -53,6 +55,7 @@ static const struct fuse_opt fuse_helper_opts[] = {
FUSE_HELPER_OPT("subtype=", nodefault_subtype),
FUSE_OPT_KEY("subtype=", FUSE_OPT_KEY_KEEP),
FUSE_HELPER_OPT("max_idle_threads=%u", max_idle_threads),
+ FUSE_HELPER_OPT("--rlimit-nofile=%lu", rlimit_nofile),
FUSE_HELPER_OPT("--syslog", syslog),
FUSE_HELPER_OPT_VALUE("log_level=debug", log_level, FUSE_LOG_DEBUG),
FUSE_HELPER_OPT_VALUE("log_level=info", log_level, FUSE_LOG_INFO),
@@ -171,6 +174,9 @@ void fuse_cmdline_help(void)
" default: no_writeback\n"
" -o xattr|no_xattr enable/disable xattr\n"
" default: no_xattr\n"
+ " --rlimit-nofile=<num> set maximum number of file descriptors\n"
+ " (0 leaves rlimit unchanged)\n"
+ " default: 1,000,000 if the current rlimit is lower\n"
);
}
@@ -191,11 +197,28 @@ static int fuse_helper_opt_proc(void *data, const char *arg, int key,
}
}
+static unsigned long get_default_rlimit_nofile(void)
+{
+ rlim_t max_fds = 1000000; /* our default RLIMIT_NOFILE target */
+ struct rlimit rlim;
+
+ if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
+ fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n");
+ exit(1);
+ }
+
+ if (rlim.rlim_cur >= max_fds) {
+ return 0; /* we have more fds available than required! */
+ }
+ return max_fds;
+}
+
int fuse_parse_cmdline(struct fuse_args *args, struct fuse_cmdline_opts *opts)
{
memset(opts, 0, sizeof(struct fuse_cmdline_opts));
opts->max_idle_threads = 10;
+ opts->rlimit_nofile = get_default_rlimit_nofile();
opts->foreground = 1;
if (fuse_opt_parse(args, opts, fuse_helper_opts, fuse_helper_opt_proc) ==
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 4c35c95b256cbaa5d888037800a7..f7b9c1d20c312d1eefb4c8782c27 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2707,24 +2707,18 @@ static void setup_sandbox(struct lo_data *lo, struct fuse_session *se,
setup_seccomp(enable_syslog);
}
-/* Raise the maximum number of open file descriptors */
-static void setup_nofile_rlimit(void)
+/* Set the maximum number of open file descriptors */
+static void setup_nofile_rlimit(unsigned long rlimit_nofile)
{
- const rlim_t max_fds = 1000000;
- struct rlimit rlim;
-
- if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
- fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n");
- exit(1);
- }
+ struct rlimit rlim = {
+ .rlim_cur = rlimit_nofile,
+ .rlim_max = rlimit_nofile,
+ };
- if (rlim.rlim_cur >= max_fds) {
+ if (rlimit_nofile == 0) {
return; /* nothing to do */
}
- rlim.rlim_cur = max_fds;
- rlim.rlim_max = max_fds;
-
if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
/* Ignore SELinux denials */
if (errno == EPERM) {
@@ -2977,7 +2971,7 @@ int main(int argc, char *argv[])
fuse_daemonize(opts.foreground);
- setup_nofile_rlimit();
+ setup_nofile_rlimit(opts.rlimit_nofile);
/* Must be before sandbox since it wants /proc */
setup_capng();

View File

@ -1,74 +0,0 @@
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Fri, 1 May 2020 15:06:44 +0100
Subject: virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
Git-commit: 8c1d353d107b4fc344e27f2f08ea7fa25de2eea2
References: bsc#1171110, CVE-2020-10717
The system-wide fs.file-max sysctl value determines how many files can
be open. It defaults to a value calculated based on the machine's RAM
size. Previously virtiofsd would try to set RLIMIT_NOFILE to 1,000,000
and this allowed the FUSE client to exhaust the number of open files
system-wide on Linux hosts with less than 10 GB of RAM!
Take fs.file-max into account when choosing the default RLIMIT_NOFILE
value.
Fixes: CVE-2020-10717
Reported-by: Yuval Avrahami <yavrahami@paloaltonetworks.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200501140644.220940-3-stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
tools/virtiofsd/helper.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/tools/virtiofsd/helper.c b/tools/virtiofsd/helper.c
index dc59f38af02c73c2a492fd3b2d6f..00a1ef666a510068bb687bb34756 100644
--- a/tools/virtiofsd/helper.c
+++ b/tools/virtiofsd/helper.c
@@ -176,7 +176,8 @@ void fuse_cmdline_help(void)
" default: no_xattr\n"
" --rlimit-nofile=<num> set maximum number of file descriptors\n"
" (0 leaves rlimit unchanged)\n"
- " default: 1,000,000 if the current rlimit is lower\n"
+ " default: min(1000000, fs.file-max - 16384)\n"
+ " if the current rlimit is lower\n"
);
}
@@ -199,9 +200,32 @@ static int fuse_helper_opt_proc(void *data, const char *arg, int key,
static unsigned long get_default_rlimit_nofile(void)
{
+ g_autofree gchar *file_max_str = NULL;
+ const rlim_t reserved_fds = 16384; /* leave at least this many fds free */
rlim_t max_fds = 1000000; /* our default RLIMIT_NOFILE target */
+ rlim_t file_max;
struct rlimit rlim;
+ /*
+ * Reduce max_fds below the system-wide maximum, if necessary. This
+ * ensures there are fds available for other processes so we don't
+ * cause resource exhaustion.
+ */
+ if (!g_file_get_contents("/proc/sys/fs/file-max", &file_max_str,
+ NULL, NULL)) {
+ fuse_log(FUSE_LOG_ERR, "can't read /proc/sys/fs/file-max\n");
+ exit(1);
+ }
+ file_max = g_ascii_strtoull(file_max_str, NULL, 10);
+ if (file_max < 2 * reserved_fds) {
+ fuse_log(FUSE_LOG_ERR,
+ "The fs.file-max sysctl is too low (%lu) to allow a "
+ "reasonable number of open files.\n",
+ (unsigned long)file_max);
+ exit(1);
+ }
+ max_fds = MIN(file_max - reserved_fds, max_fds);
+
if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n");
exit(1);

View File

@ -15,10 +15,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 3 insertions(+)
diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 57d0e2804860e6776b509c5b6d6e..f9a22ec8d7d13a242775797f1e1f 100644
index 1a379e8771faee970808dd2efd89..310b9639e06b0d543f22652fadd9 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -275,6 +275,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp)
@@ -270,6 +270,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp)
xen_block_set_size(blockdev);

View File

@ -27,10 +27,10 @@ Signed-off-by: Bruce Rogers <brogers@suse.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/migration/savevm.c b/migration/savevm.c
index c00a6807d92371380208762dc440..03ff4491a64861fcdf2b91d3ffed 100644
index a843d202b5b4dd449e6982b59d80..d75642353e8276f5d3c391fe2c48 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -2782,7 +2782,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live,
@@ -2820,7 +2820,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live,
* So call bdrv_inactivate_all (release locks) here to let the other
* side of the migration take controle of the images.
*/

View File

@ -18,10 +18,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
1 file changed, 12 insertions(+)
diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 99cb4c67cb09aa2bd8f12982984f..57d0e2804860e6776b509c5b6d6e 100644
index 8a7a3f54523ed050587c3e2047de..1a379e8771faee970808dd2efd89 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -744,6 +744,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
@@ -729,6 +729,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
const char *mode = qdict_get_try_str(opts, "mode");
const char *direct_io_safe = qdict_get_try_str(opts, "direct-io-safe");
const char *discard_enable = qdict_get_try_str(opts, "discard-enable");
@ -30,7 +30,7 @@ index 99cb4c67cb09aa2bd8f12982984f..57d0e2804860e6776b509c5b6d6e 100644
char *driver = NULL;
char *filename = NULL;
XenBlockDrive *drive = NULL;
@@ -813,6 +815,16 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
@@ -797,6 +799,16 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
}
}