Accepting request 416912 from home:bfrogers:branches:Virtualization
Synch with IBS qemu: includes xen patches, security patches, some spec file cleanup, and finally getting qemu-bridge-helper working right. Also temporarily disable librbd dependency in OBS until staging impact concerns get resolved. OBS-URL: https://build.opensuse.org/request/show/416912 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=309
This commit is contained in:
parent
1bce911f63
commit
431f30630a
@ -1,28 +0,0 @@
|
||||
From 49ca2dd08ac9edce6d828328069d1092f3a63b50 Mon Sep 17 00:00:00 2001
|
||||
From: Bruce Rogers <brogers@suse.com>
|
||||
Date: Fri, 10 Jun 2016 07:12:15 -0600
|
||||
Subject: [PATCH] usb: Fix conditions that xen-usb.c is used
|
||||
|
||||
When non-x86 arch targets are built on x86 we have a mismatched
|
||||
between what is built in support of xen. xen-usb.c is conditioned
|
||||
upon CONFIG_USB_LIBUSB and CONFIG_XEN_BACKEND, but it relies on
|
||||
an external reference that is instead controlled by CONFIG_XEN.
|
||||
Add a dependency on CONFIG_XEN as well.
|
||||
[BR: FATE#316612]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/usb/Makefile.objs | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs
|
||||
index 98b5c9d..2db2fa1 100644
|
||||
--- a/hw/usb/Makefile.objs
|
||||
+++ b/hw/usb/Makefile.objs
|
||||
@@ -39,6 +39,6 @@ common-obj-$(CONFIG_USB_REDIR) += redirect.o quirks.o
|
||||
# usb pass-through
|
||||
common-obj-y += $(patsubst %,host-%.o,$(HOST_USB))
|
||||
|
||||
-ifeq ($(CONFIG_USB_LIBUSB),y)
|
||||
+ifeq ($(CONFIG_XEN)$(CONFIG_USB_LIBUSB),yy)
|
||||
common-obj-$(CONFIG_XEN_BACKEND) += xen-usb.o
|
||||
endif
|
161
0058-xen-move-xen_sysdev-to-xen_backend..patch
Normal file
161
0058-xen-move-xen_sysdev-to-xen_backend..patch
Normal file
@ -0,0 +1,161 @@
|
||||
From ee2225e5f531d965aed352bf99ba339969216144 Mon Sep 17 00:00:00 2001
|
||||
From: Juergen Gross <jgross@suse.com>
|
||||
Date: Mon, 13 Jun 2016 11:12:21 +0200
|
||||
Subject: [PATCH] xen: move xen_sysdev to xen_backend.c
|
||||
|
||||
Commit 9432e53a5bc88681b2d3aec4dac9db07c5476d1b added xen_sysdev as a
|
||||
system device to serve as an anchor for removable virtual buses. This
|
||||
introduced a build failure for non-x86 builds with CONFIG_XEN_BACKEND
|
||||
set, as xen_sysdev was defined in a x86 specific file while being
|
||||
consumed in an architecture independent source.
|
||||
|
||||
Move the xen_sysdev definition and initialization to xen_backend.c to
|
||||
avoid the build failure.
|
||||
|
||||
Signed-off-by: Juergen Gross <jgross@suse.com>
|
||||
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
|
||||
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
|
||||
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
|
||||
---
|
||||
hw/xen/xen_backend.c | 41 +++++++++++++++++++++++++++++++++++++++++
|
||||
hw/xenpv/xen_machine_pv.c | 40 ----------------------------------------
|
||||
2 files changed, 41 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
|
||||
index c63f9df..6e52474 100644
|
||||
--- a/hw/xen/xen_backend.c
|
||||
+++ b/hw/xen/xen_backend.c
|
||||
@@ -27,12 +27,17 @@
|
||||
#include <sys/signal.h>
|
||||
|
||||
#include "hw/hw.h"
|
||||
+#include "hw/sysbus.h"
|
||||
#include "sysemu/char.h"
|
||||
#include "qemu/log.h"
|
||||
#include "hw/xen/xen_backend.h"
|
||||
|
||||
#include <xen/grant_table.h>
|
||||
|
||||
+#define TYPE_XENSYSDEV "xensysdev"
|
||||
+
|
||||
+DeviceState *xen_sysdev;
|
||||
+
|
||||
/* ------------------------------------------------------------- */
|
||||
|
||||
/* public */
|
||||
@@ -763,6 +768,10 @@ int xen_be_init(void)
|
||||
/* Check if xen_init() have been called */
|
||||
goto err;
|
||||
}
|
||||
+
|
||||
+ xen_sysdev = qdev_create(NULL, TYPE_XENSYSDEV);
|
||||
+ qdev_init_nofail(xen_sysdev);
|
||||
+
|
||||
return 0;
|
||||
|
||||
err:
|
||||
@@ -863,3 +872,35 @@ void xen_be_printf(struct XenDevice *xendev, int msg_level, const char *fmt, ...
|
||||
}
|
||||
qemu_log_flush();
|
||||
}
|
||||
+
|
||||
+static int xen_sysdev_init(SysBusDevice *dev)
|
||||
+{
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static Property xen_sysdev_properties[] = {
|
||||
+ {/* end of property list */},
|
||||
+};
|
||||
+
|
||||
+static void xen_sysdev_class_init(ObjectClass *klass, void *data)
|
||||
+{
|
||||
+ DeviceClass *dc = DEVICE_CLASS(klass);
|
||||
+ SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
|
||||
+
|
||||
+ k->init = xen_sysdev_init;
|
||||
+ dc->props = xen_sysdev_properties;
|
||||
+}
|
||||
+
|
||||
+static const TypeInfo xensysdev_info = {
|
||||
+ .name = TYPE_XENSYSDEV,
|
||||
+ .parent = TYPE_SYS_BUS_DEVICE,
|
||||
+ .instance_size = sizeof(SysBusDevice),
|
||||
+ .class_init = xen_sysdev_class_init,
|
||||
+};
|
||||
+
|
||||
+static void xenbe_register_types(void)
|
||||
+{
|
||||
+ type_register_static(&xensysdev_info);
|
||||
+}
|
||||
+
|
||||
+type_init(xenbe_register_types);
|
||||
diff --git a/hw/xenpv/xen_machine_pv.c b/hw/xenpv/xen_machine_pv.c
|
||||
index f68cf48..48f725c 100644
|
||||
--- a/hw/xenpv/xen_machine_pv.c
|
||||
+++ b/hw/xenpv/xen_machine_pv.c
|
||||
@@ -25,15 +25,10 @@
|
||||
#include "qemu/osdep.h"
|
||||
#include "hw/hw.h"
|
||||
#include "hw/boards.h"
|
||||
-#include "hw/sysbus.h"
|
||||
#include "hw/xen/xen_backend.h"
|
||||
#include "xen_domainbuild.h"
|
||||
#include "sysemu/block-backend.h"
|
||||
|
||||
-#define TYPE_XENSYSDEV "xensysdev"
|
||||
-
|
||||
-DeviceState *xen_sysdev;
|
||||
-
|
||||
static void xen_init_pv(MachineState *machine)
|
||||
{
|
||||
DriveInfo *dinfo;
|
||||
@@ -72,9 +67,6 @@ static void xen_init_pv(MachineState *machine)
|
||||
break;
|
||||
}
|
||||
|
||||
- xen_sysdev = qdev_create(NULL, TYPE_XENSYSDEV);
|
||||
- qdev_init_nofail(xen_sysdev);
|
||||
-
|
||||
xen_be_register("console", &xen_console_ops);
|
||||
xen_be_register("vkbd", &xen_kbdmouse_ops);
|
||||
xen_be_register("vfb", &xen_framebuffer_ops);
|
||||
@@ -112,38 +104,6 @@ static void xen_init_pv(MachineState *machine)
|
||||
xen_init_display(xen_domid);
|
||||
}
|
||||
|
||||
-static int xen_sysdev_init(SysBusDevice *dev)
|
||||
-{
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-static Property xen_sysdev_properties[] = {
|
||||
- {/* end of property list */},
|
||||
-};
|
||||
-
|
||||
-static void xen_sysdev_class_init(ObjectClass *klass, void *data)
|
||||
-{
|
||||
- DeviceClass *dc = DEVICE_CLASS(klass);
|
||||
- SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
|
||||
-
|
||||
- k->init = xen_sysdev_init;
|
||||
- dc->props = xen_sysdev_properties;
|
||||
-}
|
||||
-
|
||||
-static const TypeInfo xensysdev_info = {
|
||||
- .name = TYPE_XENSYSDEV,
|
||||
- .parent = TYPE_SYS_BUS_DEVICE,
|
||||
- .instance_size = sizeof(SysBusDevice),
|
||||
- .class_init = xen_sysdev_class_init,
|
||||
-};
|
||||
-
|
||||
-static void xenpv_register_types(void)
|
||||
-{
|
||||
- type_register_static(&xensysdev_info);
|
||||
-}
|
||||
-
|
||||
-type_init(xenpv_register_types);
|
||||
-
|
||||
static void xenpv_machine_init(MachineClass *mc)
|
||||
{
|
||||
mc->desc = "Xen Para-virtualized PC";
|
@ -1,4 +1,4 @@
|
||||
From 5af645d652290cf562a2f05fa8318d75ae6f04e3 Mon Sep 17 00:00:00 2001
|
||||
From 6a788961dd16f558d78ab7313f0b297409f37af7 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Wed, 1 Jun 2016 08:22:30 +0200
|
||||
Subject: [PATCH] vnc: add configurable keyboard delay
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 1702291e859964a4f5b448e1fe19ee5947555adc Mon Sep 17 00:00:00 2001
|
||||
From 702d446c9378b6d8415599780cf9f8bfb4c7cb9a Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Wed, 25 May 2016 17:41:44 +0530
|
||||
Subject: [PATCH] scsi: megasas: initialise local configuration data buffer
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 79607d09f8670a92feb8e63455f6be59842f985a Mon Sep 17 00:00:00 2001
|
||||
From 83775fe297c7cc8dae0d46c22accc2d7eb78c4a0 Mon Sep 17 00:00:00 2001
|
||||
From: Cole Robinson <crobinso@redhat.com>
|
||||
Date: Fri, 6 May 2016 14:03:09 -0400
|
||||
Subject: [PATCH] configure: add echo_version helper
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 8c4afe82d5eb1cfd33d64fa9b1a3f7fd92bc02f3 Mon Sep 17 00:00:00 2001
|
||||
From b673055ec7e4eda0454aacc2d042bd53405f85e6 Mon Sep 17 00:00:00 2001
|
||||
From: Cole Robinson <crobinso@redhat.com>
|
||||
Date: Fri, 6 May 2016 14:03:12 -0400
|
||||
Subject: [PATCH] configure: support vte-2.91
|
||||
|
@ -1,4 +1,4 @@
|
||||
From b38222880dde75c9e489f86af0b12a9e9a63b412 Mon Sep 17 00:00:00 2001
|
||||
From ced63da3c840792292a6ee8201c3f7789b80b7eb Mon Sep 17 00:00:00 2001
|
||||
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||
Date: Mon, 4 Jul 2016 13:06:36 +0100
|
||||
Subject: [PATCH] hw/arm/virt: mark the PCIe host controller as DMA coherent in
|
||||
|
47
0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
Normal file
47
0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From 1caba48fc19de7cdceda7577ccf6970d4eb7ed75 Mon Sep 17 00:00:00 2001
|
||||
From: Olaf Hering <ohering@suse.de>
|
||||
Date: Tue, 21 Jun 2016 18:42:45 +0200
|
||||
Subject: [PATCH] xen: SUSE xenlinux unplug for emulated PCI
|
||||
|
||||
Implement SUSE specific unplug protocol for emulated PCI devices
|
||||
in PVonHVM guests
|
||||
(bsc#953339, bsc#953362, bsc#953518, bsc#984981)
|
||||
|
||||
Signed-off-by: Olaf Hering <ohering@suse.de>
|
||||
---
|
||||
hw/i386/xen/xen_platform.c | 22 ++++++++++++++++++++++
|
||||
1 file changed, 22 insertions(+)
|
||||
|
||||
diff --git a/hw/i386/xen/xen_platform.c b/hw/i386/xen/xen_platform.c
|
||||
index aa78393..48800c1 100644
|
||||
--- a/hw/i386/xen/xen_platform.c
|
||||
+++ b/hw/i386/xen/xen_platform.c
|
||||
@@ -314,6 +314,28 @@ static void xen_platform_ioport_writeb(void *opaque, hwaddr addr,
|
||||
case 0: /* Platform flags */
|
||||
platform_fixed_ioport_writeb(opaque, 0, (uint32_t)val);
|
||||
break;
|
||||
+ case 4:
|
||||
+ if (val == 1 && size == 1) {
|
||||
+ /*
|
||||
+ * SUSE unplug for Xenlinux
|
||||
+ * xen-kmp used this since xen-3.0.4, instead the official protocol from xen-3.3+
|
||||
+ * It did an unconditional "outl(1, (ioaddr + 4));"
|
||||
+ * This approach was used until openSUSE 12.3, up to SLE11SP3 and in SLE10.
|
||||
+ * Starting with openSUSE 13.1, SLE11SP4 and SLE12 the official protocol is used.
|
||||
+ * pre VMDP 1.7 made use of 4 and 8 depending on how vmdp was configured.
|
||||
+ * If VMDP was to control both disk and LAN it would use 4.
|
||||
+ * If it controlled just disk or just LAN, it would use 8 below.
|
||||
+ */
|
||||
+ PCIDevice *pci_dev = PCI_DEVICE(s);
|
||||
+ DPRINTF("unplug disks\n");
|
||||
+ blk_drain_all();
|
||||
+ blk_flush_all();
|
||||
+ pci_unplug_disks(pci_dev->bus);
|
||||
+ DPRINTF("unplug nics\n");
|
||||
+ pci_unplug_nics(pci_dev->bus);
|
||||
+ DPRINTF("done\n");
|
||||
+ }
|
||||
+ break;
|
||||
case 8:
|
||||
log_writeb(s, (uint32_t)val);
|
||||
break;
|
36
0065-scsi-esp-check-buffer-length-before.patch
Normal file
36
0065-scsi-esp-check-buffer-length-before.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From 440a840f30f2439aece31ae59a5ee91675a78bb1 Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Tue, 31 May 2016 23:23:27 +0530
|
||||
Subject: [PATCH] scsi: esp: check buffer length before reading scsi command
|
||||
|
||||
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
|
||||
FIFO buffer. It is used to handle command and data transfer.
|
||||
Routine get_cmd() in non-DMA mode, uses 'ti_size' to read scsi
|
||||
command into a buffer. Add check to validate command length against
|
||||
buffer size to avoid any overrun.
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Message-Id: <1464717207-7549-1-git-send-email-ppandit@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit d3cdc49138c30be1d3c2f83d18f85d9fdee95f1a)
|
||||
[BR: CVE-2016-5238 BSC#982959]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/scsi/esp.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
||||
index 3adb685..4b94bbc 100644
|
||||
--- a/hw/scsi/esp.c
|
||||
+++ b/hw/scsi/esp.c
|
||||
@@ -98,6 +98,9 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
|
||||
s->dma_memory_read(s->dma_opaque, buf, dmalen);
|
||||
} else {
|
||||
dmalen = s->ti_size;
|
||||
+ if (dmalen > TI_BUFSZ) {
|
||||
+ return 0;
|
||||
+ }
|
||||
memcpy(buf, s->ti_buf, dmalen);
|
||||
buf[0] = buf[2] >> 5;
|
||||
}
|
29
0066-scsi-esp-respect-FIFO-invariant-aft.patch
Normal file
29
0066-scsi-esp-respect-FIFO-invariant-aft.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 9b2c1b6e771f01757b93cc92625ef48903786291 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 14 Jun 2016 15:10:24 +0200
|
||||
Subject: [PATCH] scsi: esp: respect FIFO invariant after message phase
|
||||
|
||||
The FIFO contains two bytes; hence the write ptr should be two bytes ahead
|
||||
of the read pointer.
|
||||
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit d020aa504cec8f525b55ba2ef982c09dc847c72e)
|
||||
[BR: CVE-2016-5238 BSC#982959]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/scsi/esp.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
||||
index 4b94bbc..3f08598 100644
|
||||
--- a/hw/scsi/esp.c
|
||||
+++ b/hw/scsi/esp.c
|
||||
@@ -222,7 +222,7 @@ static void write_response(ESPState *s)
|
||||
} else {
|
||||
s->ti_size = 2;
|
||||
s->ti_rptr = 0;
|
||||
- s->ti_wptr = 0;
|
||||
+ s->ti_wptr = 2;
|
||||
s->rregs[ESP_RFLAGS] = 2;
|
||||
}
|
||||
esp_raise_irq(s);
|
52
0067-pci-assign-Move-Invalid-ROM-error-m.patch
Normal file
52
0067-pci-assign-Move-Invalid-ROM-error-m.patch
Normal file
@ -0,0 +1,52 @@
|
||||
From f4fe76597dccb9017be71983c4204f21877fc69f Mon Sep 17 00:00:00 2001
|
||||
From: Lin Ma <lma@suse.com>
|
||||
Date: Thu, 16 Jun 2016 01:05:27 +0800
|
||||
Subject: [PATCH] pci-assign: Move "Invalid ROM" error message to
|
||||
pci-assign-load-rom.c
|
||||
|
||||
In function pci_assign_dev_load_option_rom, For those pci devices don't
|
||||
have 'rom' file under sysfs or if loading ROM from external file, The
|
||||
function returns NULL, and won't set the passed 'size' variable.
|
||||
|
||||
In these 2 cases, qemu still reports "Invalid ROM" error message, Users
|
||||
may be confused by it.
|
||||
|
||||
Signed-off-by: Lin Ma <lma@suse.com>
|
||||
Message-Id: <1466010327-22368-1-git-send-email-lma@suse.com>
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit be968c721ee9df49708691ab58f0e66b394dea82)
|
||||
[BR: BSC#982927]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/i386/kvm/pci-assign.c | 4 ----
|
||||
hw/i386/pci-assign-load-rom.c | 3 +++
|
||||
2 files changed, 3 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
|
||||
index bf425a2..8abce52 100644
|
||||
--- a/hw/i386/kvm/pci-assign.c
|
||||
+++ b/hw/i386/kvm/pci-assign.c
|
||||
@@ -1891,8 +1891,4 @@ static void assigned_dev_load_option_rom(AssignedDevice *dev)
|
||||
pci_assign_dev_load_option_rom(&dev->dev, OBJECT(dev), &size,
|
||||
dev->host.domain, dev->host.bus,
|
||||
dev->host.slot, dev->host.function);
|
||||
-
|
||||
- if (!size) {
|
||||
- error_report("pci-assign: Invalid ROM.");
|
||||
- }
|
||||
}
|
||||
diff --git a/hw/i386/pci-assign-load-rom.c b/hw/i386/pci-assign-load-rom.c
|
||||
index 4bbb08c..0d8e4b2 100644
|
||||
--- a/hw/i386/pci-assign-load-rom.c
|
||||
+++ b/hw/i386/pci-assign-load-rom.c
|
||||
@@ -40,6 +40,9 @@ void *pci_assign_dev_load_option_rom(PCIDevice *dev, struct Object *owner,
|
||||
domain, bus, slot, function);
|
||||
|
||||
if (stat(rom_file, &st)) {
|
||||
+ if (errno != ENOENT) {
|
||||
+ error_report("pci-assign: Invalid ROM.");
|
||||
+ }
|
||||
return NULL;
|
||||
}
|
||||
|
29
0068-Xen-PCI-passthrough-fix-passthrough.patch
Normal file
29
0068-Xen-PCI-passthrough-fix-passthrough.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From a4b6bbf1139ebc70375c48afe99fccdd9dcaa501 Mon Sep 17 00:00:00 2001
|
||||
From: Bruce Rogers <brogers@suse.com>
|
||||
Date: Tue, 26 Jul 2016 16:42:45 -0600
|
||||
Subject: [PATCH] Xen PCI passthrough: fix passthrough failure when no
|
||||
interrupt pin
|
||||
|
||||
Commit 5a11d0f7 mistakenly converted a log message into an error
|
||||
condition when no pin interrupt is found for the pci device being
|
||||
passed through. Revert that part of the commit.
|
||||
|
||||
[BR: BSC#981925, BSC#989250]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/xen/xen_pt.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
|
||||
index f593b04..b6d71bb 100644
|
||||
--- a/hw/xen/xen_pt.c
|
||||
+++ b/hw/xen/xen_pt.c
|
||||
@@ -842,7 +842,7 @@ static void xen_pt_realize(PCIDevice *d, Error **errp)
|
||||
goto err_out;
|
||||
}
|
||||
if (!scratch) {
|
||||
- error_setg(errp, "no pin interrupt");
|
||||
+ XEN_PT_LOG(d, "no pin interrupt\n");
|
||||
goto out;
|
||||
}
|
||||
|
73
0069-scsi-esp-make-cmdbuf-big-enough-for.patch
Normal file
73
0069-scsi-esp-make-cmdbuf-big-enough-for.patch
Normal file
@ -0,0 +1,73 @@
|
||||
From 20a82db8677dfb40288953ba296c372b66146f4d Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Thu, 16 Jun 2016 00:22:35 +0200
|
||||
Subject: [PATCH] scsi: esp: make cmdbuf big enough for maximum CDB size
|
||||
|
||||
While doing DMA read into ESP command buffer 's->cmdbuf', it could
|
||||
write past the 's->cmdbuf' area, if it was transferring more than 16
|
||||
bytes. Increase the command buffer size to 32, which is maximum when
|
||||
's->do_cmd' is set, and add a check on 'len' to avoid OOB access.
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit 926cde5f3e4d2504ed161ed0cb771ac7cad6fd11)
|
||||
[BR: CVE-2016-6351 BSC#990835]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/scsi/esp.c | 6 ++++--
|
||||
include/hw/scsi/esp.h | 3 ++-
|
||||
2 files changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
||||
index 3f08598..9e318fd 100644
|
||||
--- a/hw/scsi/esp.c
|
||||
+++ b/hw/scsi/esp.c
|
||||
@@ -249,6 +249,8 @@ static void esp_do_dma(ESPState *s)
|
||||
len = s->dma_left;
|
||||
if (s->do_cmd) {
|
||||
trace_esp_do_dma(s->cmdlen, len);
|
||||
+ assert (s->cmdlen <= sizeof(s->cmdbuf) &&
|
||||
+ len <= sizeof(s->cmdbuf) - s->cmdlen);
|
||||
s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
|
||||
s->ti_size = 0;
|
||||
s->cmdlen = 0;
|
||||
@@ -348,7 +350,7 @@ static void handle_ti(ESPState *s)
|
||||
s->dma_counter = dmalen;
|
||||
|
||||
if (s->do_cmd)
|
||||
- minlen = (dmalen < 32) ? dmalen : 32;
|
||||
+ minlen = (dmalen < ESP_CMDBUF_SZ) ? dmalen : ESP_CMDBUF_SZ;
|
||||
else if (s->ti_size < 0)
|
||||
minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
|
||||
else
|
||||
@@ -452,7 +454,7 @@ void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
|
||||
break;
|
||||
case ESP_FIFO:
|
||||
if (s->do_cmd) {
|
||||
- if (s->cmdlen < TI_BUFSZ) {
|
||||
+ if (s->cmdlen < ESP_CMDBUF_SZ) {
|
||||
s->cmdbuf[s->cmdlen++] = val & 0xff;
|
||||
} else {
|
||||
trace_esp_error_fifo_overrun();
|
||||
diff --git a/include/hw/scsi/esp.h b/include/hw/scsi/esp.h
|
||||
index 6c79527..d2c4886 100644
|
||||
--- a/include/hw/scsi/esp.h
|
||||
+++ b/include/hw/scsi/esp.h
|
||||
@@ -14,6 +14,7 @@ void esp_init(hwaddr espaddr, int it_shift,
|
||||
|
||||
#define ESP_REGS 16
|
||||
#define TI_BUFSZ 16
|
||||
+#define ESP_CMDBUF_SZ 32
|
||||
|
||||
typedef struct ESPState ESPState;
|
||||
|
||||
@@ -31,7 +32,7 @@ struct ESPState {
|
||||
SCSIBus bus;
|
||||
SCSIDevice *current_dev;
|
||||
SCSIRequest *current_req;
|
||||
- uint8_t cmdbuf[TI_BUFSZ];
|
||||
+ uint8_t cmdbuf[ESP_CMDBUF_SZ];
|
||||
uint32_t cmdlen;
|
||||
uint32_t do_cmd;
|
||||
|
58
0070-scsi-esp-fix-migration.patch
Normal file
58
0070-scsi-esp-fix-migration.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From a4c62237f33857750850ef30066a5ae5d4d1194e Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Mon, 20 Jun 2016 16:32:39 +0200
|
||||
Subject: [PATCH] scsi: esp: fix migration
|
||||
|
||||
Commit 926cde5 ("scsi: esp: make cmdbuf big enough for maximum CDB size",
|
||||
2016-06-16) changed the size of a migrated field. Split it in two
|
||||
parts, and only migrate the second part in a new vmstate version.
|
||||
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit cc96677469388bad3d66479379735cf75db069e3)
|
||||
[BR: CVE-2016-6351 BSC#990835]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/scsi/esp.c | 5 +++--
|
||||
include/migration/vmstate.h | 5 ++++-
|
||||
2 files changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
||||
index 9e318fd..25c547c 100644
|
||||
--- a/hw/scsi/esp.c
|
||||
+++ b/hw/scsi/esp.c
|
||||
@@ -577,7 +577,7 @@ static bool esp_mem_accepts(void *opaque, hwaddr addr,
|
||||
|
||||
const VMStateDescription vmstate_esp = {
|
||||
.name ="esp",
|
||||
- .version_id = 3,
|
||||
+ .version_id = 4,
|
||||
.minimum_version_id = 3,
|
||||
.fields = (VMStateField[]) {
|
||||
VMSTATE_BUFFER(rregs, ESPState),
|
||||
@@ -588,7 +588,8 @@ const VMStateDescription vmstate_esp = {
|
||||
VMSTATE_BUFFER(ti_buf, ESPState),
|
||||
VMSTATE_UINT32(status, ESPState),
|
||||
VMSTATE_UINT32(dma, ESPState),
|
||||
- VMSTATE_BUFFER(cmdbuf, ESPState),
|
||||
+ VMSTATE_PARTIAL_BUFFER(cmdbuf, ESPState, 16),
|
||||
+ VMSTATE_BUFFER_START_MIDDLE_V(cmdbuf, ESPState, 16, 4),
|
||||
VMSTATE_UINT32(cmdlen, ESPState),
|
||||
VMSTATE_UINT32(do_cmd, ESPState),
|
||||
VMSTATE_UINT32(dma_left, ESPState),
|
||||
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
|
||||
index 84ee355..853a2bd 100644
|
||||
--- a/include/migration/vmstate.h
|
||||
+++ b/include/migration/vmstate.h
|
||||
@@ -888,8 +888,11 @@ extern const VMStateInfo vmstate_info_bitmap;
|
||||
#define VMSTATE_PARTIAL_BUFFER(_f, _s, _size) \
|
||||
VMSTATE_STATIC_BUFFER(_f, _s, 0, NULL, 0, _size)
|
||||
|
||||
+#define VMSTATE_BUFFER_START_MIDDLE_V(_f, _s, _start, _v) \
|
||||
+ VMSTATE_STATIC_BUFFER(_f, _s, _v, NULL, _start, sizeof(typeof_field(_s, _f)))
|
||||
+
|
||||
#define VMSTATE_BUFFER_START_MIDDLE(_f, _s, _start) \
|
||||
- VMSTATE_STATIC_BUFFER(_f, _s, 0, NULL, _start, sizeof(typeof_field(_s, _f)))
|
||||
+ VMSTATE_BUFFER_START_MIDDLE_V(_f, _s, _start, 0)
|
||||
|
||||
#define VMSTATE_PARTIAL_VBUFFER(_f, _s, _size) \
|
||||
VMSTATE_VBUFFER(_f, _s, 0, NULL, 0, _size)
|
65
0071-virtio-error-out-if-guest-exceeds-v.patch
Normal file
65
0071-virtio-error-out-if-guest-exceeds-v.patch
Normal file
@ -0,0 +1,65 @@
|
||||
From d9c626e4ede58130f64f24f4f9ca1140e4102a70 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Date: Tue, 19 Jul 2016 13:07:13 +0100
|
||||
Subject: [PATCH] virtio: error out if guest exceeds virtqueue size
|
||||
|
||||
A broken or malicious guest can submit more requests than the virtqueue
|
||||
size permits, causing unbounded memory allocation in QEMU.
|
||||
|
||||
The guest can submit requests without bothering to wait for completion
|
||||
and is therefore not bound by virtqueue size. This requires reusing
|
||||
vring descriptors in more than one request, which is not allowed by the
|
||||
VIRTIO 1.0 specification.
|
||||
|
||||
In "3.2.1 Supplying Buffers to The Device", the VIRTIO 1.0 specification
|
||||
says:
|
||||
|
||||
1. The driver places the buffer into free descriptor(s) in the
|
||||
descriptor table, chaining as necessary
|
||||
|
||||
and
|
||||
|
||||
Note that the above code does not take precautions against the
|
||||
available ring buffer wrapping around: this is not possible since the
|
||||
ring buffer is the same size as the descriptor table, so step (1) will
|
||||
prevent such a condition.
|
||||
|
||||
This implies that placing more buffers into the virtqueue than the
|
||||
descriptor table size is not allowed.
|
||||
|
||||
QEMU is missing the check to prevent this case. Processing a request
|
||||
allocates a VirtQueueElement leading to unbounded memory allocation
|
||||
controlled by the guest.
|
||||
|
||||
Exit with an error if the guest provides more requests than the
|
||||
virtqueue size permits. This bounds memory allocation and makes the
|
||||
buggy guest visible to the user.
|
||||
|
||||
This patch fixes CVE-2016-5403 and was reported by Zhenhao Hong from 360
|
||||
Marvel Team, China.
|
||||
|
||||
Reported-by: Zhenhao Hong <hongzhenhao@360.cn>
|
||||
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
(cherry picked from commit afd9096eb1882f23929f5b5c177898ed231bac66)
|
||||
[BR: CVE-2016-5403 BSC#991080]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/virtio/virtio.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
|
||||
index 30ede3d..e5ead0d 100644
|
||||
--- a/hw/virtio/virtio.c
|
||||
+++ b/hw/virtio/virtio.c
|
||||
@@ -561,6 +561,11 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
|
||||
|
||||
max = vq->vring.num;
|
||||
|
||||
+ if (vq->inuse >= vq->vring.num) {
|
||||
+ error_report("Virtqueue size exceeded");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
|
||||
if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) {
|
||||
vring_set_avail_event(vq, vq->last_avail_idx);
|
103
0072-xen-when-removing-a-backend-don-t-r.patch
Normal file
103
0072-xen-when-removing-a-backend-don-t-r.patch
Normal file
@ -0,0 +1,103 @@
|
||||
From 0d4ea8a7847a76415ed0d0db0392be5b7d1b71a6 Mon Sep 17 00:00:00 2001
|
||||
From: Juergen Gross <jgross@suse.com>
|
||||
Date: Fri, 29 Jul 2016 12:51:53 +0200
|
||||
Subject: [PATCH] xen: when removing a backend don't remove many of them
|
||||
|
||||
When a Xenstore watch fires indicating a backend has to be removed
|
||||
don't remove all backends for that domain with the specified device
|
||||
index, but just the one which has the correct type.
|
||||
|
||||
The easiest way to achieve this is to use the already determined
|
||||
xendev as parameter for xen_be_del_xendev() instead of only the domid
|
||||
and device index.
|
||||
|
||||
This at once removes the open coded QTAILQ_FOREACH_SAVE() in
|
||||
xen_be_del_xendev() as there is no need to search for the correct
|
||||
xendev any longer.
|
||||
|
||||
Signed-off-by: Juergen Gross <jgross@suse.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/xen/xen_backend.c | 58 +++++++++++++++++-----------------------------------
|
||||
1 file changed, 19 insertions(+), 39 deletions(-)
|
||||
|
||||
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
|
||||
index 6e52474..8f347da 100644
|
||||
--- a/hw/xen/xen_backend.c
|
||||
+++ b/hw/xen/xen_backend.c
|
||||
@@ -322,48 +322,28 @@ static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev,
|
||||
/*
|
||||
* release xen backend device.
|
||||
*/
|
||||
-static struct XenDevice *xen_be_del_xendev(int dom, int dev)
|
||||
+static void xen_be_del_xendev(struct XenDevice *xendev)
|
||||
{
|
||||
- struct XenDevice *xendev, *xnext;
|
||||
-
|
||||
- /*
|
||||
- * This is pretty much like QTAILQ_FOREACH(xendev, &xendevs, next) but
|
||||
- * we save the next pointer in xnext because we might free xendev.
|
||||
- */
|
||||
- xnext = xendevs.tqh_first;
|
||||
- while (xnext) {
|
||||
- xendev = xnext;
|
||||
- xnext = xendev->next.tqe_next;
|
||||
-
|
||||
- if (xendev->dom != dom) {
|
||||
- continue;
|
||||
- }
|
||||
- if (xendev->dev != dev && dev != -1) {
|
||||
- continue;
|
||||
- }
|
||||
-
|
||||
- if (xendev->ops->free) {
|
||||
- xendev->ops->free(xendev);
|
||||
- }
|
||||
-
|
||||
- if (xendev->fe) {
|
||||
- char token[XEN_BUFSIZE];
|
||||
- snprintf(token, sizeof(token), "fe:%p", xendev);
|
||||
- xs_unwatch(xenstore, xendev->fe, token);
|
||||
- g_free(xendev->fe);
|
||||
- }
|
||||
+ if (xendev->ops->free) {
|
||||
+ xendev->ops->free(xendev);
|
||||
+ }
|
||||
|
||||
- if (xendev->evtchndev != NULL) {
|
||||
- xenevtchn_close(xendev->evtchndev);
|
||||
- }
|
||||
- if (xendev->gnttabdev != NULL) {
|
||||
- xengnttab_close(xendev->gnttabdev);
|
||||
- }
|
||||
+ if (xendev->fe) {
|
||||
+ char token[XEN_BUFSIZE];
|
||||
+ snprintf(token, sizeof(token), "fe:%p", xendev);
|
||||
+ xs_unwatch(xenstore, xendev->fe, token);
|
||||
+ g_free(xendev->fe);
|
||||
+ }
|
||||
|
||||
- QTAILQ_REMOVE(&xendevs, xendev, next);
|
||||
- g_free(xendev);
|
||||
+ if (xendev->evtchndev != NULL) {
|
||||
+ xenevtchn_close(xendev->evtchndev);
|
||||
}
|
||||
- return NULL;
|
||||
+ if (xendev->gnttabdev != NULL) {
|
||||
+ xengnttab_close(xendev->gnttabdev);
|
||||
+ }
|
||||
+
|
||||
+ QTAILQ_REMOVE(&xendevs, xendev, next);
|
||||
+ g_free(xendev);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -683,7 +663,7 @@ static void xenstore_update_be(char *watch, char *type, int dom,
|
||||
if (xendev != NULL) {
|
||||
bepath = xs_read(xenstore, 0, xendev->be, &len);
|
||||
if (bepath == NULL) {
|
||||
- xen_be_del_xendev(dom, dev);
|
||||
+ xen_be_del_xendev(xendev);
|
||||
} else {
|
||||
free(bepath);
|
||||
xen_be_backend_changed(xendev, path);
|
210
0073-xen-drain-submit-queue-in-xen-usb-b.patch
Normal file
210
0073-xen-drain-submit-queue-in-xen-usb-b.patch
Normal file
@ -0,0 +1,210 @@
|
||||
From afb94bcc5bbb8b58f8c96821caaab268f96cabdb Mon Sep 17 00:00:00 2001
|
||||
From: Juergen Gross <jgross@suse.com>
|
||||
Date: Wed, 27 Jul 2016 08:17:41 +0200
|
||||
Subject: [PATCH] xen: drain submit queue in xen-usb before removing device
|
||||
|
||||
When unplugging a device in the Xen pvusb backend drain the submit
|
||||
queue before deallocation of the control structures. Otherwise there
|
||||
will be bogus memory accesses when I/O contracts are finished.
|
||||
|
||||
Correlated to this issue is the handling of cancel requests: a packet
|
||||
cancelled will still lead to the call of complete, so add a flag
|
||||
to the request indicating it should be just dropped on complete.
|
||||
|
||||
Signed-off-by: Juergen Gross <jgross@suse.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/usb/xen-usb.c | 95 ++++++++++++++++++++++++++++++++++++--------------------
|
||||
1 file changed, 61 insertions(+), 34 deletions(-)
|
||||
|
||||
diff --git a/hw/usb/xen-usb.c b/hw/usb/xen-usb.c
|
||||
index 664df04..6f4b99d 100644
|
||||
--- a/hw/usb/xen-usb.c
|
||||
+++ b/hw/usb/xen-usb.c
|
||||
@@ -94,6 +94,8 @@ struct usbback_req {
|
||||
void *buffer;
|
||||
void *isoc_buffer;
|
||||
struct libusb_transfer *xfer;
|
||||
+
|
||||
+ bool cancelled;
|
||||
};
|
||||
|
||||
struct usbback_hotplug {
|
||||
@@ -304,20 +306,23 @@ static void usbback_do_response(struct usbback_req *usbback_req, int32_t status,
|
||||
usbback_req->isoc_buffer = NULL;
|
||||
}
|
||||
|
||||
- res = RING_GET_RESPONSE(&usbif->urb_ring, usbif->urb_ring.rsp_prod_pvt);
|
||||
- res->id = usbback_req->req.id;
|
||||
- res->status = status;
|
||||
- res->actual_length = actual_length;
|
||||
- res->error_count = error_count;
|
||||
- res->start_frame = 0;
|
||||
- usbif->urb_ring.rsp_prod_pvt++;
|
||||
- RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&usbif->urb_ring, notify);
|
||||
-
|
||||
- if (notify) {
|
||||
- xen_be_send_notify(xendev);
|
||||
+ if (usbif->urb_sring) {
|
||||
+ res = RING_GET_RESPONSE(&usbif->urb_ring, usbif->urb_ring.rsp_prod_pvt);
|
||||
+ res->id = usbback_req->req.id;
|
||||
+ res->status = status;
|
||||
+ res->actual_length = actual_length;
|
||||
+ res->error_count = error_count;
|
||||
+ res->start_frame = 0;
|
||||
+ usbif->urb_ring.rsp_prod_pvt++;
|
||||
+ RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&usbif->urb_ring, notify);
|
||||
+
|
||||
+ if (notify) {
|
||||
+ xen_be_send_notify(xendev);
|
||||
+ }
|
||||
}
|
||||
|
||||
- usbback_put_req(usbback_req);
|
||||
+ if (!usbback_req->cancelled)
|
||||
+ usbback_put_req(usbback_req);
|
||||
}
|
||||
|
||||
static void usbback_do_response_ret(struct usbback_req *usbback_req,
|
||||
@@ -369,15 +374,14 @@ static void usbback_set_address(struct usbback_info *usbif,
|
||||
}
|
||||
}
|
||||
|
||||
-static bool usbback_cancel_req(struct usbback_req *usbback_req)
|
||||
+static void usbback_cancel_req(struct usbback_req *usbback_req)
|
||||
{
|
||||
- bool ret = false;
|
||||
-
|
||||
if (usb_packet_is_inflight(&usbback_req->packet)) {
|
||||
usb_cancel_packet(&usbback_req->packet);
|
||||
- ret = true;
|
||||
+ QTAILQ_REMOVE(&usbback_req->stub->submit_q, usbback_req, q);
|
||||
+ usbback_req->cancelled = true;
|
||||
+ usbback_do_response_ret(usbback_req, -EPROTO);
|
||||
}
|
||||
- return ret;
|
||||
}
|
||||
|
||||
static void usbback_process_unlink_req(struct usbback_req *usbback_req)
|
||||
@@ -394,7 +398,7 @@ static void usbback_process_unlink_req(struct usbback_req *usbback_req)
|
||||
devnum = usbif_pipedevice(usbback_req->req.pipe);
|
||||
if (unlikely(devnum == 0)) {
|
||||
usbback_req->stub = usbif->ports +
|
||||
- usbif_pipeportnum(usbback_req->req.pipe);
|
||||
+ usbif_pipeportnum(usbback_req->req.pipe) - 1;
|
||||
if (unlikely(!usbback_req->stub)) {
|
||||
ret = -ENODEV;
|
||||
goto fail_response;
|
||||
@@ -409,9 +413,7 @@ static void usbback_process_unlink_req(struct usbback_req *usbback_req)
|
||||
|
||||
QTAILQ_FOREACH(unlink_req, &usbback_req->stub->submit_q, q) {
|
||||
if (unlink_req->req.id == id) {
|
||||
- if (usbback_cancel_req(unlink_req)) {
|
||||
- usbback_do_response_ret(unlink_req, -EPROTO);
|
||||
- }
|
||||
+ usbback_cancel_req(unlink_req);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -684,6 +686,31 @@ static void usbback_hotplug_enq(struct usbback_info *usbif, unsigned port)
|
||||
usbback_hotplug_notify(usbif);
|
||||
}
|
||||
|
||||
+static void usbback_portid_drain(struct usbback_info *usbif, unsigned port)
|
||||
+{
|
||||
+ struct usbback_req *req, *tmp;
|
||||
+ bool sched = false;
|
||||
+
|
||||
+ QTAILQ_FOREACH_SAFE(req, &usbif->ports[port - 1].submit_q, q, tmp) {
|
||||
+ usbback_cancel_req(req);
|
||||
+ sched = true;
|
||||
+ }
|
||||
+
|
||||
+ if (sched)
|
||||
+ qemu_bh_schedule(usbif->bh);
|
||||
+}
|
||||
+
|
||||
+static void usbback_portid_detach(struct usbback_info *usbif, unsigned port)
|
||||
+{
|
||||
+ if (!usbif->ports[port - 1].attached)
|
||||
+ return;
|
||||
+
|
||||
+ usbif->ports[port - 1].speed = USBIF_SPEED_NONE;
|
||||
+ usbif->ports[port - 1].attached = false;
|
||||
+ usbback_portid_drain(usbif, port);
|
||||
+ usbback_hotplug_enq(usbif, port);
|
||||
+}
|
||||
+
|
||||
static void usbback_portid_remove(struct usbback_info *usbif, unsigned port)
|
||||
{
|
||||
USBPort *p;
|
||||
@@ -697,9 +724,7 @@ static void usbback_portid_remove(struct usbback_info *usbif, unsigned port)
|
||||
|
||||
object_unparent(OBJECT(usbif->ports[port - 1].dev));
|
||||
usbif->ports[port - 1].dev = NULL;
|
||||
- usbif->ports[port - 1].speed = USBIF_SPEED_NONE;
|
||||
- usbif->ports[port - 1].attached = false;
|
||||
- usbback_hotplug_enq(usbif, port);
|
||||
+ usbback_portid_detach(usbif, port);
|
||||
|
||||
TR_BUS(&usbif->xendev, "port %d removed\n", port);
|
||||
}
|
||||
@@ -804,7 +829,6 @@ static void usbback_process_port(struct usbback_info *usbif, unsigned port)
|
||||
static void usbback_disconnect(struct XenDevice *xendev)
|
||||
{
|
||||
struct usbback_info *usbif;
|
||||
- struct usbback_req *req, *tmp;
|
||||
unsigned int i;
|
||||
|
||||
TR_BUS(xendev, "start\n");
|
||||
@@ -823,12 +847,8 @@ static void usbback_disconnect(struct XenDevice *xendev)
|
||||
}
|
||||
|
||||
for (i = 0; i < usbif->num_ports; i++) {
|
||||
- if (!usbif->ports[i].dev) {
|
||||
- continue;
|
||||
- }
|
||||
- QTAILQ_FOREACH_SAFE(req, &usbif->ports[i].submit_q, q, tmp) {
|
||||
- usbback_cancel_req(req);
|
||||
- }
|
||||
+ if (usbif->ports[i].dev)
|
||||
+ usbback_portid_drain(usbif, i + 1);
|
||||
}
|
||||
|
||||
TR_BUS(xendev, "finished\n");
|
||||
@@ -947,8 +967,7 @@ static void xen_bus_detach(USBPort *port)
|
||||
|
||||
usbif = port->opaque;
|
||||
TR_BUS(&usbif->xendev, "\n");
|
||||
- usbif->ports[port->index].attached = false;
|
||||
- usbback_hotplug_enq(usbif, port->index + 1);
|
||||
+ usbback_portid_detach(usbif, port->index + 1);
|
||||
}
|
||||
|
||||
static void xen_bus_child_detach(USBPort *port, USBDevice *child)
|
||||
@@ -961,9 +980,16 @@ static void xen_bus_child_detach(USBPort *port, USBDevice *child)
|
||||
|
||||
static void xen_bus_complete(USBPort *port, USBPacket *packet)
|
||||
{
|
||||
+ struct usbback_req *usbback_req;
|
||||
struct usbback_info *usbif;
|
||||
|
||||
- usbif = port->opaque;
|
||||
+ usbback_req = container_of(packet, struct usbback_req, packet);
|
||||
+ if (usbback_req->cancelled) {
|
||||
+ g_free(usbback_req);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ usbif = usbback_req->usbif;
|
||||
TR_REQ(&usbif->xendev, "\n");
|
||||
usbback_packet_complete(packet);
|
||||
}
|
||||
@@ -1040,6 +1066,7 @@ static int usbback_free(struct XenDevice *xendev)
|
||||
}
|
||||
|
||||
usb_bus_release(&usbif->bus);
|
||||
+ object_unparent(OBJECT(&usbif->bus));
|
||||
|
||||
TR_BUS(xendev, "finished\n");
|
||||
|
104
0074-qcow2-avoid-extra-flushes-in-qcow2.patch
Normal file
104
0074-qcow2-avoid-extra-flushes-in-qcow2.patch
Normal file
@ -0,0 +1,104 @@
|
||||
From 197d526012602fbac75392a86e991539e4400bf0 Mon Sep 17 00:00:00 2001
|
||||
From: "Denis V. Lunev" <den@openvz.org>
|
||||
Date: Thu, 2 Jun 2016 18:58:15 +0300
|
||||
Subject: [PATCH] qcow2: avoid extra flushes in qcow2
|
||||
|
||||
The problem with excessive flushing was found by a couple of performance
|
||||
tests:
|
||||
- parallel directory tree creation (from 2 processes)
|
||||
- 32 cached writes + fsync at the end in a loop
|
||||
|
||||
For the first one results improved from 2.6 loops/sec to 3.5 loops/sec.
|
||||
Each loop creates 10^3 directories with 10 files in each.
|
||||
|
||||
For the second one results improved from ~600 fsync/sec to ~1100
|
||||
fsync/sec. Though, it was run on SSD so it probably won't show such
|
||||
performance gain on rotational media.
|
||||
|
||||
qcow2_cache_flush() calls bdrv_flush() unconditionally after writing
|
||||
cache entries of a particular cache. This can lead to as many as
|
||||
2 additional fdatasyncs inside bdrv_flush.
|
||||
|
||||
We can simply skip all fdatasync calls inside qcow2_co_flush_to_os
|
||||
as bdrv_flush for sure will do the job. These flushes are necessary to
|
||||
keep the right order of writes to the different caches. Though this is
|
||||
not necessary in the current code base as this ordering is ensured through
|
||||
the flush in qcow2_cache_flush_dependency().
|
||||
|
||||
Signed-off-by: Denis V. Lunev <den@openvz.org>
|
||||
CC: Pavel Borzenkov <pborzenkov@virtuozzo.com>
|
||||
CC: Kevin Wolf <kwolf@redhat.com>
|
||||
CC: Max Reitz <mreitz@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
(cherry picked from commit f3c3b87dae44ac6c82246ceb3953793951800a9a)
|
||||
[BR: BSC#991296]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/qcow2-cache.c | 11 +++++++++--
|
||||
block/qcow2.c | 4 ++--
|
||||
block/qcow2.h | 1 +
|
||||
3 files changed, 12 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/block/qcow2-cache.c b/block/qcow2-cache.c
|
||||
index 0fe8eda..208a060 100644
|
||||
--- a/block/qcow2-cache.c
|
||||
+++ b/block/qcow2-cache.c
|
||||
@@ -226,7 +226,7 @@ static int qcow2_cache_entry_flush(BlockDriverState *bs, Qcow2Cache *c, int i)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-int qcow2_cache_flush(BlockDriverState *bs, Qcow2Cache *c)
|
||||
+int qcow2_cache_write(BlockDriverState *bs, Qcow2Cache *c)
|
||||
{
|
||||
BDRVQcow2State *s = bs->opaque;
|
||||
int result = 0;
|
||||
@@ -242,8 +242,15 @@ int qcow2_cache_flush(BlockDriverState *bs, Qcow2Cache *c)
|
||||
}
|
||||
}
|
||||
|
||||
+ return result;
|
||||
+}
|
||||
+
|
||||
+int qcow2_cache_flush(BlockDriverState *bs, Qcow2Cache *c)
|
||||
+{
|
||||
+ int result = qcow2_cache_write(bs, c);
|
||||
+
|
||||
if (result == 0) {
|
||||
- ret = bdrv_flush(bs->file->bs);
|
||||
+ int ret = bdrv_flush(bs->file->bs);
|
||||
if (ret < 0) {
|
||||
result = ret;
|
||||
}
|
||||
diff --git a/block/qcow2.c b/block/qcow2.c
|
||||
index 470734b..dc609a1 100644
|
||||
--- a/block/qcow2.c
|
||||
+++ b/block/qcow2.c
|
||||
@@ -2774,14 +2774,14 @@ static coroutine_fn int qcow2_co_flush_to_os(BlockDriverState *bs)
|
||||
int ret;
|
||||
|
||||
qemu_co_mutex_lock(&s->lock);
|
||||
- ret = qcow2_cache_flush(bs, s->l2_table_cache);
|
||||
+ ret = qcow2_cache_write(bs, s->l2_table_cache);
|
||||
if (ret < 0) {
|
||||
qemu_co_mutex_unlock(&s->lock);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (qcow2_need_accurate_refcounts(s)) {
|
||||
- ret = qcow2_cache_flush(bs, s->refcount_block_cache);
|
||||
+ ret = qcow2_cache_write(bs, s->refcount_block_cache);
|
||||
if (ret < 0) {
|
||||
qemu_co_mutex_unlock(&s->lock);
|
||||
return ret;
|
||||
diff --git a/block/qcow2.h b/block/qcow2.h
|
||||
index a063a3c..7db9795 100644
|
||||
--- a/block/qcow2.h
|
||||
+++ b/block/qcow2.h
|
||||
@@ -583,6 +583,7 @@ int qcow2_cache_destroy(BlockDriverState* bs, Qcow2Cache *c);
|
||||
void qcow2_cache_entry_mark_dirty(BlockDriverState *bs, Qcow2Cache *c,
|
||||
void *table);
|
||||
int qcow2_cache_flush(BlockDriverState *bs, Qcow2Cache *c);
|
||||
+int qcow2_cache_write(BlockDriverState *bs, Qcow2Cache *c);
|
||||
int qcow2_cache_set_dependency(BlockDriverState *bs, Qcow2Cache *c,
|
||||
Qcow2Cache *dependency);
|
||||
void qcow2_cache_depends_on_flush(Qcow2Cache *c);
|
83
0075-qemu-bridge-helper-reduce-security-.patch
Normal file
83
0075-qemu-bridge-helper-reduce-security-.patch
Normal file
@ -0,0 +1,83 @@
|
||||
From 4bbd77b07de2f0df2e8a0dba9c4ca51299ee2518 Mon Sep 17 00:00:00 2001
|
||||
From: Bruce Rogers <brogers@suse.com>
|
||||
Date: Tue, 2 Aug 2016 11:36:02 -0600
|
||||
Subject: [PATCH] qemu-bridge-helper: reduce security profile
|
||||
|
||||
Change from using glib alloc and free routines to those
|
||||
from libc. Also perform safety measure of dropping privs
|
||||
to user if configured no-caps.
|
||||
|
||||
[BR: BOO#988279]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
qemu-bridge-helper.c | 29 ++++++++++++++++++++++++-----
|
||||
1 file changed, 24 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
|
||||
index 830fb9e..73ac49b 100644
|
||||
--- a/qemu-bridge-helper.c
|
||||
+++ b/qemu-bridge-helper.c
|
||||
@@ -15,8 +15,6 @@
|
||||
|
||||
#include "qemu/osdep.h"
|
||||
|
||||
-#include <glib.h>
|
||||
-
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
@@ -111,7 +109,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
|
||||
*argend = 0;
|
||||
|
||||
if (strcmp(cmd, "deny") == 0) {
|
||||
- acl_rule = g_malloc(sizeof(*acl_rule));
|
||||
+ acl_rule = calloc(1, sizeof(*acl_rule));
|
||||
+ if (!acl_rule) {
|
||||
+ fclose(f);
|
||||
+ errno = ENOMEM;
|
||||
+ return -1;
|
||||
+ }
|
||||
if (strcmp(arg, "all") == 0) {
|
||||
acl_rule->type = ACL_DENY_ALL;
|
||||
} else {
|
||||
@@ -120,7 +123,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
|
||||
}
|
||||
QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry);
|
||||
} else if (strcmp(cmd, "allow") == 0) {
|
||||
- acl_rule = g_malloc(sizeof(*acl_rule));
|
||||
+ acl_rule = calloc(1, sizeof(*acl_rule));
|
||||
+ if (!acl_rule) {
|
||||
+ fclose(f);
|
||||
+ errno = ENOMEM;
|
||||
+ return -1;
|
||||
+ }
|
||||
if (strcmp(arg, "all") == 0) {
|
||||
acl_rule->type = ACL_ALLOW_ALL;
|
||||
} else {
|
||||
@@ -414,6 +422,17 @@ int main(int argc, char **argv)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+#ifndef CONFIG_LIBCAP
|
||||
+ /* avoid sending the fd as root user if running suid to not fool
|
||||
+ * peer credentials to daemons that dont expect that
|
||||
+ */
|
||||
+ if (setuid(getuid()) < 0) {
|
||||
+ fprintf(stderr, "Failed to drop privileges.\n");
|
||||
+ ret = EXIT_FAILURE;
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/* write fd to the domain socket */
|
||||
if (send_fd(unixfd, fd) == -1) {
|
||||
fprintf(stderr, "failed to write fd to unix socket: %s\n",
|
||||
@@ -435,7 +454,7 @@ cleanup:
|
||||
}
|
||||
while ((acl_rule = QSIMPLEQ_FIRST(&acl_list)) != NULL) {
|
||||
QSIMPLEQ_REMOVE_HEAD(&acl_list, entry);
|
||||
- g_free(acl_rule);
|
||||
+ free(acl_rule);
|
||||
}
|
||||
|
||||
return ret;
|
95
0076-xen-use-a-common-function-for-pv-an.patch
Normal file
95
0076-xen-use-a-common-function-for-pv-an.patch
Normal file
@ -0,0 +1,95 @@
|
||||
From ddbfdd2c5396aa810a789f5cb681879f78cb693f Mon Sep 17 00:00:00 2001
|
||||
From: Juergen Gross <jgross@suse.com>
|
||||
Date: Tue, 2 Aug 2016 08:32:32 +0200
|
||||
Subject: [PATCH] xen: use a common function for pv and hvm guest backend
|
||||
register calls
|
||||
|
||||
Instead of calling xen_be_register() for each supported backend type
|
||||
for hvm and pv guests in their machine init functions use a common
|
||||
function in order not to have to add new backends twice.
|
||||
|
||||
This at once fixes the error that hvm domains couldn't use the qusb
|
||||
backend.
|
||||
|
||||
Signed-off-by: Juergen Gross <jgross@suse.com>
|
||||
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
|
||||
Message-id: 1470119552-16170-1-git-send-email-jgross@suse.com
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
(cherry picked from commit 0e39bb022b5fa8c11964968885f3263c02ce42b0)
|
||||
[BR: BSC#991785]
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/xen/xen_backend.c | 10 ++++++++++
|
||||
hw/xenpv/xen_machine_pv.c | 7 +------
|
||||
include/hw/xen/xen_backend.h | 1 +
|
||||
xen-hvm.c | 4 +---
|
||||
4 files changed, 13 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
|
||||
index 8f347da..f4d302d 100644
|
||||
--- a/hw/xen/xen_backend.c
|
||||
+++ b/hw/xen/xen_backend.c
|
||||
@@ -781,6 +781,16 @@ int xen_be_register(const char *type, struct XenDevOps *ops)
|
||||
return xenstore_scan(type, xen_domid, ops);
|
||||
}
|
||||
|
||||
+void xen_be_register_common(void)
|
||||
+{
|
||||
+ xen_be_register("console", &xen_console_ops);
|
||||
+ xen_be_register("vkbd", &xen_kbdmouse_ops);
|
||||
+ xen_be_register("qdisk", &xen_blkdev_ops);
|
||||
+#ifdef CONFIG_USB_LIBUSB
|
||||
+ xen_be_register("qusb", &xen_usb_ops);
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
int xen_be_bind_evtchn(struct XenDevice *xendev)
|
||||
{
|
||||
if (xendev->local_port != -1) {
|
||||
diff --git a/hw/xenpv/xen_machine_pv.c b/hw/xenpv/xen_machine_pv.c
|
||||
index 48f725c..79aef4e 100644
|
||||
--- a/hw/xenpv/xen_machine_pv.c
|
||||
+++ b/hw/xenpv/xen_machine_pv.c
|
||||
@@ -67,14 +67,9 @@ static void xen_init_pv(MachineState *machine)
|
||||
break;
|
||||
}
|
||||
|
||||
- xen_be_register("console", &xen_console_ops);
|
||||
- xen_be_register("vkbd", &xen_kbdmouse_ops);
|
||||
+ xen_be_register_common();
|
||||
xen_be_register("vfb", &xen_framebuffer_ops);
|
||||
- xen_be_register("qdisk", &xen_blkdev_ops);
|
||||
xen_be_register("qnic", &xen_netdev_ops);
|
||||
-#ifdef CONFIG_USB_LIBUSB
|
||||
- xen_be_register("qusb", &xen_usb_ops);
|
||||
-#endif
|
||||
|
||||
/* configure framebuffer */
|
||||
if (xenfb_enabled) {
|
||||
diff --git a/include/hw/xen/xen_backend.h b/include/hw/xen/xen_backend.h
|
||||
index 6e18a46..0e9af28 100644
|
||||
--- a/include/hw/xen/xen_backend.h
|
||||
+++ b/include/hw/xen/xen_backend.h
|
||||
@@ -87,6 +87,7 @@ void xen_be_check_state(struct XenDevice *xendev);
|
||||
|
||||
/* xen backend driver bits */
|
||||
int xen_be_init(void);
|
||||
+void xen_be_register_common(void);
|
||||
int xen_be_register(const char *type, struct XenDevOps *ops);
|
||||
int xen_be_set_state(struct XenDevice *xendev, enum xenbus_state state);
|
||||
int xen_be_bind_evtchn(struct XenDevice *xendev);
|
||||
diff --git a/xen-hvm.c b/xen-hvm.c
|
||||
index 039680a..93c958a 100644
|
||||
--- a/xen-hvm.c
|
||||
+++ b/xen-hvm.c
|
||||
@@ -1305,9 +1305,7 @@ void xen_hvm_init(PCMachineState *pcms, MemoryRegion **ram_memory)
|
||||
error_report("xen backend core setup failed");
|
||||
goto err;
|
||||
}
|
||||
- xen_be_register("console", &xen_console_ops);
|
||||
- xen_be_register("vkbd", &xen_kbdmouse_ops);
|
||||
- xen_be_register("qdisk", &xen_blkdev_ops);
|
||||
+ xen_be_register_common();
|
||||
xen_read_physmap(state);
|
||||
return;
|
||||
|
@ -1,3 +1,31 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 3 17:09:11 UTC 2016 - brogers@suse.com
|
||||
|
||||
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
|
||||
* Patches dropped:
|
||||
0058-usb-Fix-conditions-that-xen-usb.c-i.patch
|
||||
* Patches added:
|
||||
0058-xen-move-xen_sysdev-to-xen_backend..patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 3 13:51:47 UTC 2016 - brogers@suse.com
|
||||
|
||||
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
|
||||
* Patches added:
|
||||
0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||
0065-scsi-esp-check-buffer-length-before.patch
|
||||
0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
||||
0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
||||
0068-Xen-PCI-passthrough-fix-passthrough.patch
|
||||
0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
||||
0070-scsi-esp-fix-migration.patch
|
||||
0071-virtio-error-out-if-guest-exceeds-v.patch
|
||||
0072-xen-when-removing-a-backend-don-t-r.patch
|
||||
0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||
0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||
0075-qemu-bridge-helper-reduce-security-.patch
|
||||
0076-xen-use-a-common-function-for-pv-an.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 28 10:53:18 UTC 2016 - agraf@suse.com
|
||||
|
||||
|
@ -82,12 +82,25 @@ Patch0054: 0054-scsi-esp-check-TI-buffer-index-befo.patch
|
||||
Patch0055: 0055-xen-introduce-dummy-system-device.patch
|
||||
Patch0056: 0056-xen-write-information-about-support.patch
|
||||
Patch0057: 0057-xen-add-pvUSB-backend.patch
|
||||
Patch0058: 0058-usb-Fix-conditions-that-xen-usb.c-i.patch
|
||||
Patch0058: 0058-xen-move-xen_sysdev-to-xen_backend..patch
|
||||
Patch0059: 0059-vnc-add-configurable-keyboard-delay.patch
|
||||
Patch0060: 0060-scsi-megasas-initialise-local-confi.patch
|
||||
Patch0061: 0061-configure-add-echo_version-helper.patch
|
||||
Patch0062: 0062-configure-support-vte-2.91.patch
|
||||
Patch0063: 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||
Patch0064: 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||
Patch0065: 0065-scsi-esp-check-buffer-length-before.patch
|
||||
Patch0066: 0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
||||
Patch0067: 0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
||||
Patch0068: 0068-Xen-PCI-passthrough-fix-passthrough.patch
|
||||
Patch0069: 0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
||||
Patch0070: 0070-scsi-esp-fix-migration.patch
|
||||
Patch0071: 0071-virtio-error-out-if-guest-exceeds-v.patch
|
||||
Patch0072: 0072-xen-when-removing-a-backend-don-t-r.patch
|
||||
Patch0073: 0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||
Patch0074: 0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||
Patch0075: 0075-qemu-bridge-helper-reduce-security-.patch
|
||||
Patch0076: 0076-xen-use-a-common-function-for-pv-an.patch
|
||||
# Please do not add patches manually here, run update_git.sh.
|
||||
# this is to make lint happy
|
||||
Source300: qemu-rpmlintrc
|
||||
@ -204,6 +217,19 @@ run cross-architecture builds.
|
||||
%patch0061 -p1
|
||||
%patch0062 -p1
|
||||
%patch0063 -p1
|
||||
%patch0064 -p1
|
||||
%patch0065 -p1
|
||||
%patch0066 -p1
|
||||
%patch0067 -p1
|
||||
%patch0068 -p1
|
||||
%patch0069 -p1
|
||||
%patch0070 -p1
|
||||
%patch0071 -p1
|
||||
%patch0072 -p1
|
||||
%patch0073 -p1
|
||||
%patch0074 -p1
|
||||
%patch0075 -p1
|
||||
%patch0076 -p1
|
||||
|
||||
%build
|
||||
./configure --prefix=%_prefix --sysconfdir=%_sysconfdir \
|
||||
|
@ -1,3 +1,54 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 3 21:36:14 UTC 2016 - brogers@suse.com
|
||||
|
||||
- Temporarily disable ceph (rbd) functionality in OBS due to staging
|
||||
issues.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 3 17:09:05 UTC 2016 - brogers@suse.com
|
||||
|
||||
- use upstream solution for building xen-usb.c correctly
|
||||
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
|
||||
* Patches dropped:
|
||||
0058-usb-Fix-conditions-that-xen-usb.c-i.patch
|
||||
* Patches added:
|
||||
0058-xen-move-xen_sysdev-to-xen_backend..patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 3 13:51:42 UTC 2016 - brogers@suse.com
|
||||
|
||||
- Incorporate patch carried in Xen's qemu to get same support
|
||||
as Xen switches to use the qemu package (bsc#953339, bsc#953362,
|
||||
bsc#953518, bsc#984981)
|
||||
0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||
- Fix more potential OOB accesses in 53C9X emulation
|
||||
(CVE-2016-5238 bsc#982959)
|
||||
0065-scsi-esp-check-buffer-length-before.patch
|
||||
0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
||||
- Avoid "Invalid ROM" error message when it is not appropriate
|
||||
(bsc#982927)
|
||||
0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
||||
- Fix failure in Xen HVM PCI passthrough (bsc#981925, bsc#989250)
|
||||
0068-Xen-PCI-passthrough-fix-passthrough.patch
|
||||
- Fix OOB access in 53C9X emulation (CVE-2016-6351 bsc#990835)
|
||||
0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
||||
0070-scsi-esp-fix-migration.patch
|
||||
- Avoid potential for guest initiated OOM condition in qemu through
|
||||
virtio interface (CVE-2016-5403 bsc#991080)
|
||||
0071-virtio-error-out-if-guest-exceeds-v.patch
|
||||
- Fix potential crashes in qemu from pvusb bugs (bsc#986156)
|
||||
0072-xen-when-removing-a-backend-don-t-r.patch
|
||||
0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||
- Avoid unneeded flushes in qcow2 which impact performance (bsc#991296)
|
||||
0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||
- Finally get qemu-bridge-helper the permissions it needs for non-
|
||||
root usage. The kvm group is leveraged to control access. (boo#988279)
|
||||
0075-qemu-bridge-helper-reduce-security-.patch
|
||||
- Fix pvusb not working for HVM guests (bsc#991785)
|
||||
0076-xen-use-a-common-function-for-pv-an.patch
|
||||
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
|
||||
- Minor spec file formatting fixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 28 10:53:14 UTC 2016 - agraf@suse.com
|
||||
|
||||
|
@ -44,6 +44,7 @@
|
||||
%endif
|
||||
%define noarch_supported 1110
|
||||
|
||||
%if 0%{?is_opensuse} == 0
|
||||
%ifarch x86_64
|
||||
%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && ( 0%{?is_opensuse} == 0 || 0%{?sle_version} > 120100 ) )
|
||||
%define with_rbd 1
|
||||
@ -55,6 +56,7 @@
|
||||
%define with_rbd 1
|
||||
%endif
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if 0%{?suse_version} > 1320
|
||||
%define with_seccomp 1
|
||||
@ -142,12 +144,25 @@ Patch0054: 0054-scsi-esp-check-TI-buffer-index-befo.patch
|
||||
Patch0055: 0055-xen-introduce-dummy-system-device.patch
|
||||
Patch0056: 0056-xen-write-information-about-support.patch
|
||||
Patch0057: 0057-xen-add-pvUSB-backend.patch
|
||||
Patch0058: 0058-usb-Fix-conditions-that-xen-usb.c-i.patch
|
||||
Patch0058: 0058-xen-move-xen_sysdev-to-xen_backend..patch
|
||||
Patch0059: 0059-vnc-add-configurable-keyboard-delay.patch
|
||||
Patch0060: 0060-scsi-megasas-initialise-local-confi.patch
|
||||
Patch0061: 0061-configure-add-echo_version-helper.patch
|
||||
Patch0062: 0062-configure-support-vte-2.91.patch
|
||||
Patch0063: 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||
Patch0064: 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||
Patch0065: 0065-scsi-esp-check-buffer-length-before.patch
|
||||
Patch0066: 0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
||||
Patch0067: 0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
||||
Patch0068: 0068-Xen-PCI-passthrough-fix-passthrough.patch
|
||||
Patch0069: 0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
||||
Patch0070: 0070-scsi-esp-fix-migration.patch
|
||||
Patch0071: 0071-virtio-error-out-if-guest-exceeds-v.patch
|
||||
Patch0072: 0072-xen-when-removing-a-backend-don-t-r.patch
|
||||
Patch0073: 0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||
Patch0074: 0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||
Patch0075: 0075-qemu-bridge-helper-reduce-security-.patch
|
||||
Patch0076: 0076-xen-use-a-common-function-for-pv-an.patch
|
||||
# Please do not add QEMU patches manually here.
|
||||
# Run update_git.sh to regenerate this queue.
|
||||
|
||||
@ -379,11 +394,11 @@ Recommends: qemu-ksm = %{version}
|
||||
%define x86_64_only_b_f_f {efi-e1000.rom efi-eepro100.rom \
|
||||
efi-pcnet.rom efi-ne2k_pci.rom efi-rtl8139.rom efi-virtio.rom}
|
||||
%endif
|
||||
%define built_firmware_files {bios.bin bios-256k.bin \
|
||||
sgabios.bin vgabios.bin vgabios-cirrus.bin \
|
||||
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin vgabios-qxl.bin \
|
||||
optionrom/linuxboot.bin optionrom/multiboot.bin optionrom/kvmvapic.bin \
|
||||
pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}}
|
||||
%define built_firmware_files {bios.bin bios-256k.bin sgabios.bin vgabios.bin \
|
||||
vgabios-cirrus.bin vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \
|
||||
vgabios-qxl.bin optionrom/linuxboot.bin optionrom/multiboot.bin \
|
||||
optionrom/kvmvapic.bin pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom \
|
||||
pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}}
|
||||
|
||||
%description
|
||||
QEMU is an extremely well-performing CPU emulator that allows you to
|
||||
@ -791,6 +806,19 @@ This package provides a service file for starting and stopping KSM.
|
||||
%patch0061 -p1
|
||||
%patch0062 -p1
|
||||
%patch0063 -p1
|
||||
%patch0064 -p1
|
||||
%patch0065 -p1
|
||||
%patch0066 -p1
|
||||
%patch0067 -p1
|
||||
%patch0068 -p1
|
||||
%patch0069 -p1
|
||||
%patch0070 -p1
|
||||
%patch0071 -p1
|
||||
%patch0072 -p1
|
||||
%patch0073 -p1
|
||||
%patch0074 -p1
|
||||
%patch0075 -p1
|
||||
%patch0076 -p1
|
||||
|
||||
%if %{build_x86_fw_from_source}
|
||||
pushd roms/seabios
|
||||
@ -1374,7 +1402,7 @@ fi
|
||||
%_bindir/qemu-nbd
|
||||
%_bindir/virtfs-proxy-helper
|
||||
#%_bindir/vscclient
|
||||
%verify(not mode) %_libexecdir/qemu-bridge-helper
|
||||
%verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper
|
||||
%dir %_sysconfdir/%name
|
||||
%config %_sysconfdir/%name/bridge.conf
|
||||
%dir %_libdir/%name
|
||||
|
51
qemu.changes
51
qemu.changes
@ -1,3 +1,54 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 3 21:36:14 UTC 2016 - brogers@suse.com
|
||||
|
||||
- Temporarily disable ceph (rbd) functionality in OBS due to staging
|
||||
issues.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 3 17:09:05 UTC 2016 - brogers@suse.com
|
||||
|
||||
- use upstream solution for building xen-usb.c correctly
|
||||
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
|
||||
* Patches dropped:
|
||||
0058-usb-Fix-conditions-that-xen-usb.c-i.patch
|
||||
* Patches added:
|
||||
0058-xen-move-xen_sysdev-to-xen_backend..patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 3 13:51:42 UTC 2016 - brogers@suse.com
|
||||
|
||||
- Incorporate patch carried in Xen's qemu to get same support
|
||||
as Xen switches to use the qemu package (bsc#953339, bsc#953362,
|
||||
bsc#953518, bsc#984981)
|
||||
0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||
- Fix more potential OOB accesses in 53C9X emulation
|
||||
(CVE-2016-5238 bsc#982959)
|
||||
0065-scsi-esp-check-buffer-length-before.patch
|
||||
0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
||||
- Avoid "Invalid ROM" error message when it is not appropriate
|
||||
(bsc#982927)
|
||||
0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
||||
- Fix failure in Xen HVM PCI passthrough (bsc#981925, bsc#989250)
|
||||
0068-Xen-PCI-passthrough-fix-passthrough.patch
|
||||
- Fix OOB access in 53C9X emulation (CVE-2016-6351 bsc#990835)
|
||||
0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
||||
0070-scsi-esp-fix-migration.patch
|
||||
- Avoid potential for guest initiated OOM condition in qemu through
|
||||
virtio interface (CVE-2016-5403 bsc#991080)
|
||||
0071-virtio-error-out-if-guest-exceeds-v.patch
|
||||
- Fix potential crashes in qemu from pvusb bugs (bsc#986156)
|
||||
0072-xen-when-removing-a-backend-don-t-r.patch
|
||||
0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||
- Avoid unneeded flushes in qcow2 which impact performance (bsc#991296)
|
||||
0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||
- Finally get qemu-bridge-helper the permissions it needs for non-
|
||||
root usage. The kvm group is leveraged to control access. (boo#988279)
|
||||
0075-qemu-bridge-helper-reduce-security-.patch
|
||||
- Fix pvusb not working for HVM guests (bsc#991785)
|
||||
0076-xen-use-a-common-function-for-pv-an.patch
|
||||
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
|
||||
- Minor spec file formatting fixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 28 10:53:14 UTC 2016 - agraf@suse.com
|
||||
|
||||
|
42
qemu.spec
42
qemu.spec
@ -44,6 +44,7 @@
|
||||
%endif
|
||||
%define noarch_supported 1110
|
||||
|
||||
%if 0%{?is_opensuse} == 0
|
||||
%ifarch x86_64
|
||||
%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && ( 0%{?is_opensuse} == 0 || 0%{?sle_version} > 120100 ) )
|
||||
%define with_rbd 1
|
||||
@ -55,6 +56,7 @@
|
||||
%define with_rbd 1
|
||||
%endif
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if 0%{?suse_version} > 1320
|
||||
%define with_seccomp 1
|
||||
@ -142,12 +144,25 @@ Patch0054: 0054-scsi-esp-check-TI-buffer-index-befo.patch
|
||||
Patch0055: 0055-xen-introduce-dummy-system-device.patch
|
||||
Patch0056: 0056-xen-write-information-about-support.patch
|
||||
Patch0057: 0057-xen-add-pvUSB-backend.patch
|
||||
Patch0058: 0058-usb-Fix-conditions-that-xen-usb.c-i.patch
|
||||
Patch0058: 0058-xen-move-xen_sysdev-to-xen_backend..patch
|
||||
Patch0059: 0059-vnc-add-configurable-keyboard-delay.patch
|
||||
Patch0060: 0060-scsi-megasas-initialise-local-confi.patch
|
||||
Patch0061: 0061-configure-add-echo_version-helper.patch
|
||||
Patch0062: 0062-configure-support-vte-2.91.patch
|
||||
Patch0063: 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch
|
||||
Patch0064: 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
|
||||
Patch0065: 0065-scsi-esp-check-buffer-length-before.patch
|
||||
Patch0066: 0066-scsi-esp-respect-FIFO-invariant-aft.patch
|
||||
Patch0067: 0067-pci-assign-Move-Invalid-ROM-error-m.patch
|
||||
Patch0068: 0068-Xen-PCI-passthrough-fix-passthrough.patch
|
||||
Patch0069: 0069-scsi-esp-make-cmdbuf-big-enough-for.patch
|
||||
Patch0070: 0070-scsi-esp-fix-migration.patch
|
||||
Patch0071: 0071-virtio-error-out-if-guest-exceeds-v.patch
|
||||
Patch0072: 0072-xen-when-removing-a-backend-don-t-r.patch
|
||||
Patch0073: 0073-xen-drain-submit-queue-in-xen-usb-b.patch
|
||||
Patch0074: 0074-qcow2-avoid-extra-flushes-in-qcow2.patch
|
||||
Patch0075: 0075-qemu-bridge-helper-reduce-security-.patch
|
||||
Patch0076: 0076-xen-use-a-common-function-for-pv-an.patch
|
||||
# Please do not add QEMU patches manually here.
|
||||
# Run update_git.sh to regenerate this queue.
|
||||
|
||||
@ -379,11 +394,11 @@ Recommends: qemu-ksm = %{version}
|
||||
%define x86_64_only_b_f_f {efi-e1000.rom efi-eepro100.rom \
|
||||
efi-pcnet.rom efi-ne2k_pci.rom efi-rtl8139.rom efi-virtio.rom}
|
||||
%endif
|
||||
%define built_firmware_files {bios.bin bios-256k.bin \
|
||||
sgabios.bin vgabios.bin vgabios-cirrus.bin \
|
||||
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin vgabios-qxl.bin \
|
||||
optionrom/linuxboot.bin optionrom/multiboot.bin optionrom/kvmvapic.bin \
|
||||
pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}}
|
||||
%define built_firmware_files {bios.bin bios-256k.bin sgabios.bin vgabios.bin \
|
||||
vgabios-cirrus.bin vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \
|
||||
vgabios-qxl.bin optionrom/linuxboot.bin optionrom/multiboot.bin \
|
||||
optionrom/kvmvapic.bin pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom \
|
||||
pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}}
|
||||
|
||||
%description
|
||||
QEMU is an extremely well-performing CPU emulator that allows you to
|
||||
@ -791,6 +806,19 @@ This package provides a service file for starting and stopping KSM.
|
||||
%patch0061 -p1
|
||||
%patch0062 -p1
|
||||
%patch0063 -p1
|
||||
%patch0064 -p1
|
||||
%patch0065 -p1
|
||||
%patch0066 -p1
|
||||
%patch0067 -p1
|
||||
%patch0068 -p1
|
||||
%patch0069 -p1
|
||||
%patch0070 -p1
|
||||
%patch0071 -p1
|
||||
%patch0072 -p1
|
||||
%patch0073 -p1
|
||||
%patch0074 -p1
|
||||
%patch0075 -p1
|
||||
%patch0076 -p1
|
||||
|
||||
%if %{build_x86_fw_from_source}
|
||||
pushd roms/seabios
|
||||
@ -1374,7 +1402,7 @@ fi
|
||||
%_bindir/qemu-nbd
|
||||
%_bindir/virtfs-proxy-helper
|
||||
#%_bindir/vscclient
|
||||
%verify(not mode) %_libexecdir/qemu-bridge-helper
|
||||
%verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper
|
||||
%dir %_sysconfdir/%name
|
||||
%config %_sysconfdir/%name/bridge.conf
|
||||
%dir %_libdir/%name
|
||||
|
14
qemu.spec.in
14
qemu.spec.in
@ -44,6 +44,7 @@
|
||||
%endif
|
||||
%define noarch_supported 1110
|
||||
|
||||
%if 0%{?is_opensuse} == 0
|
||||
%ifarch x86_64
|
||||
%if 0%{?suse_version} > 1320 || ( 0%{?suse_version} == 1315 && ( 0%{?is_opensuse} == 0 || 0%{?sle_version} > 120100 ) )
|
||||
%define with_rbd 1
|
||||
@ -55,6 +56,7 @@
|
||||
%define with_rbd 1
|
||||
%endif
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if 0%{?suse_version} > 1320
|
||||
%define with_seccomp 1
|
||||
@ -317,11 +319,11 @@ Recommends: qemu-ksm = %{version}
|
||||
%define x86_64_only_b_f_f {efi-e1000.rom efi-eepro100.rom \
|
||||
efi-pcnet.rom efi-ne2k_pci.rom efi-rtl8139.rom efi-virtio.rom}
|
||||
%endif
|
||||
%define built_firmware_files {bios.bin bios-256k.bin \
|
||||
sgabios.bin vgabios.bin vgabios-cirrus.bin \
|
||||
vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin vgabios-qxl.bin \
|
||||
optionrom/linuxboot.bin optionrom/multiboot.bin optionrom/kvmvapic.bin \
|
||||
pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}}
|
||||
%define built_firmware_files {bios.bin bios-256k.bin sgabios.bin vgabios.bin \
|
||||
vgabios-cirrus.bin vgabios-stdvga.bin vgabios-virtio.bin vgabios-vmware.bin \
|
||||
vgabios-qxl.bin optionrom/linuxboot.bin optionrom/multiboot.bin \
|
||||
optionrom/kvmvapic.bin pxe-e1000.rom pxe-pcnet.rom pxe-ne2k_pci.rom \
|
||||
pxe-rtl8139.rom pxe-eepro100.rom pxe-virtio.rom %{?x86_64_only_b_f_f}}
|
||||
|
||||
%description
|
||||
QEMU is an extremely well-performing CPU emulator that allows you to
|
||||
@ -1253,7 +1255,7 @@ fi
|
||||
%_bindir/qemu-nbd
|
||||
%_bindir/virtfs-proxy-helper
|
||||
#%_bindir/vscclient
|
||||
%verify(not mode) %_libexecdir/qemu-bridge-helper
|
||||
%verify(not mode) %attr(4750,root,kvm) %_libexecdir/qemu-bridge-helper
|
||||
%dir %_sysconfdir/%name
|
||||
%config %_sysconfdir/%name/bridge.conf
|
||||
%dir %_libdir/%name
|
||||
|
Loading…
Reference in New Issue
Block a user