Accepting request 734440 from home:bfrogers:branches:Virtualization
Add in upstream stable patches. Also a new more minor tweaks. OBS-URL: https://build.opensuse.org/request/show/734440 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=492
This commit is contained in:
parent
9616008bca
commit
6f08fa6f4d
93
block-create-Do-not-abort-if-a-block-dri.patch
Normal file
93
block-create-Do-not-abort-if-a-block-dri.patch
Normal file
@ -0,0 +1,93 @@
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 12 Sep 2019 00:08:49 +0200
|
||||
Subject: block/create: Do not abort if a block driver is not available
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Git-commit: d90d5cae2b10efc0e8d0b3cc91ff16201853d3ba
|
||||
|
||||
The 'blockdev-create' QMP command was introduced as experimental
|
||||
feature in commit b0292b851b8, using the assert() debug call.
|
||||
It got promoted to 'stable' command in 3fb588a0f2c, but the
|
||||
assert call was not removed.
|
||||
|
||||
Some block drivers are optional, and bdrv_find_format() might
|
||||
return a NULL value, triggering the assertion.
|
||||
|
||||
Stable code is not expected to abort, so return an error instead.
|
||||
|
||||
This is easily reproducible when libnfs is not installed:
|
||||
|
||||
./configure
|
||||
[...]
|
||||
module support no
|
||||
Block whitelist (rw)
|
||||
Block whitelist (ro)
|
||||
libiscsi support yes
|
||||
libnfs support no
|
||||
[...]
|
||||
|
||||
Start QEMU:
|
||||
|
||||
$ qemu-system-x86_64 -S -qmp unix:/tmp/qemu.qmp,server,nowait
|
||||
|
||||
Send the 'blockdev-create' with the 'nfs' driver:
|
||||
|
||||
$ ( cat << 'EOF'
|
||||
{'execute': 'qmp_capabilities'}
|
||||
{'execute': 'blockdev-create', 'arguments': {'job-id': 'x', 'options': {'size': 0, 'driver': 'nfs', 'location': {'path': '/', 'server': {'host': '::1', 'type': 'inet'}}}}, 'id': 'x'}
|
||||
EOF
|
||||
) | socat STDIO UNIX:/tmp/qemu.qmp
|
||||
{"QMP": {"version": {"qemu": {"micro": 50, "minor": 1, "major": 4}, "package": "v4.1.0-733-g89ea03a7dc"}, "capabilities": ["oob"]}}
|
||||
{"return": {}}
|
||||
|
||||
QEMU crashes:
|
||||
|
||||
$ gdb qemu-system-x86_64 core
|
||||
Program received signal SIGSEGV, Segmentation fault.
|
||||
(gdb) bt
|
||||
#0 0x00007ffff510957f in raise () at /lib64/libc.so.6
|
||||
#1 0x00007ffff50f3895 in abort () at /lib64/libc.so.6
|
||||
#2 0x00007ffff50f3769 in _nl_load_domain.cold.0 () at /lib64/libc.so.6
|
||||
#3 0x00007ffff5101a26 in .annobin_assert.c_end () at /lib64/libc.so.6
|
||||
#4 0x0000555555d7e1f1 in qmp_blockdev_create (job_id=0x555556baee40 "x", options=0x555557666610, errp=0x7fffffffc770) at block/create.c:69
|
||||
#5 0x0000555555c96b52 in qmp_marshal_blockdev_create (args=0x7fffdc003830, ret=0x7fffffffc7f8, errp=0x7fffffffc7f0) at qapi/qapi-commands-block-core.c:1314
|
||||
#6 0x0000555555deb0a0 in do_qmp_dispatch (cmds=0x55555645de70 <qmp_commands>, request=0x7fffdc005c70, allow_oob=false, errp=0x7fffffffc898) at qapi/qmp-dispatch.c:131
|
||||
#7 0x0000555555deb2a1 in qmp_dispatch (cmds=0x55555645de70 <qmp_commands>, request=0x7fffdc005c70, allow_oob=false) at qapi/qmp-dispatch.c:174
|
||||
|
||||
With this patch applied, QEMU returns a QMP error:
|
||||
|
||||
{'execute': 'blockdev-create', 'arguments': {'job-id': 'x', 'options': {'size': 0, 'driver': 'nfs', 'location': {'path': '/', 'server': {'host': '::1', 'type': 'inet'}}}}, 'id': 'x'}
|
||||
{"id": "x", "error": {"class": "GenericError", "desc": "Block driver 'nfs' not found or not supported"}}
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Reported-by: Xu Tian <xutian@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||
Reviewed-by: John Snow <jsnow@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/create.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/block/create.c b/block/create.c
|
||||
index 95341219efcd670a5151d0d3f4f5..de5e97bb186ffdf039fb39980874 100644
|
||||
--- a/block/create.c
|
||||
+++ b/block/create.c
|
||||
@@ -63,9 +63,13 @@ void qmp_blockdev_create(const char *job_id, BlockdevCreateOptions *options,
|
||||
const char *fmt = BlockdevDriver_str(options->driver);
|
||||
BlockDriver *drv = bdrv_find_format(fmt);
|
||||
|
||||
+ if (!drv) {
|
||||
+ error_setg(errp, "Block driver '%s' not found or not supported", fmt);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/* If the driver is in the schema, we know that it exists. But it may not
|
||||
* be whitelisted. */
|
||||
- assert(drv);
|
||||
if (bdrv_uses_whitelist() && !bdrv_is_whitelisted(drv, false)) {
|
||||
error_setg(errp, "Driver is not whitelisted");
|
||||
return;
|
163
block-file-posix-Reduce-xfsctl-use.patch
Normal file
163
block-file-posix-Reduce-xfsctl-use.patch
Normal file
@ -0,0 +1,163 @@
|
||||
From: Max Reitz <mreitz@redhat.com>
|
||||
Date: Fri, 23 Aug 2019 15:03:40 +0200
|
||||
Subject: block/file-posix: Reduce xfsctl() use
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Git-commit: b2c6f23f4a9f6d8f1b648705cd46d3713b78d6a2
|
||||
|
||||
This patch removes xfs_write_zeroes() and xfs_discard(). Both functions
|
||||
have been added just before the same feature was present through
|
||||
fallocate():
|
||||
|
||||
- fallocate() has supported PUNCH_HOLE for XFS since Linux 2.6.38 (March
|
||||
2011); xfs_discard() was added in December 2010.
|
||||
|
||||
- fallocate() has supported ZERO_RANGE for XFS since Linux 3.15 (June
|
||||
2014); xfs_write_zeroes() was added in November 2013.
|
||||
|
||||
Nowadays, all systems that qemu runs on should support both fallocate()
|
||||
features (RHEL 7's kernel does).
|
||||
|
||||
xfsctl() is still useful for getting the request alignment for O_DIRECT,
|
||||
so this patch does not remove our dependency on it completely.
|
||||
|
||||
Note that xfs_write_zeroes() had a bug: It calls ftruncate() when the
|
||||
file is shorter than the specified range (because ZERO_RANGE does not
|
||||
increase the file length). ftruncate() may yield and then discard data
|
||||
that parallel write requests have written past the EOF in the meantime.
|
||||
Dropping the function altogether fixes the bug.
|
||||
|
||||
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Fixes: 50ba5b2d994853b38fed10e0841b119da0f8b8e5
|
||||
Reported-by: Lukáš Doktor <ldoktor@redhat.com>
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
Reviewed-by: John Snow <jsnow@redhat.com>
|
||||
Tested-by: Stefano Garzarella <sgarzare@redhat.com>
|
||||
Tested-by: John Snow <jsnow@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/file-posix.c | 77 +---------------------------------------------
|
||||
1 file changed, 1 insertion(+), 76 deletions(-)
|
||||
|
||||
diff --git a/block/file-posix.c b/block/file-posix.c
|
||||
index 4479cc7ab467f217cff8b3efbd1f..992eb4a798b99fe02e93103028c6 100644
|
||||
--- a/block/file-posix.c
|
||||
+++ b/block/file-posix.c
|
||||
@@ -1445,59 +1445,6 @@ out:
|
||||
}
|
||||
}
|
||||
|
||||
-#ifdef CONFIG_XFS
|
||||
-static int xfs_write_zeroes(BDRVRawState *s, int64_t offset, uint64_t bytes)
|
||||
-{
|
||||
- int64_t len;
|
||||
- struct xfs_flock64 fl;
|
||||
- int err;
|
||||
-
|
||||
- len = lseek(s->fd, 0, SEEK_END);
|
||||
- if (len < 0) {
|
||||
- return -errno;
|
||||
- }
|
||||
-
|
||||
- if (offset + bytes > len) {
|
||||
- /* XFS_IOC_ZERO_RANGE does not increase the file length */
|
||||
- if (ftruncate(s->fd, offset + bytes) < 0) {
|
||||
- return -errno;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- memset(&fl, 0, sizeof(fl));
|
||||
- fl.l_whence = SEEK_SET;
|
||||
- fl.l_start = offset;
|
||||
- fl.l_len = bytes;
|
||||
-
|
||||
- if (xfsctl(NULL, s->fd, XFS_IOC_ZERO_RANGE, &fl) < 0) {
|
||||
- err = errno;
|
||||
- trace_file_xfs_write_zeroes(strerror(errno));
|
||||
- return -err;
|
||||
- }
|
||||
-
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-static int xfs_discard(BDRVRawState *s, int64_t offset, uint64_t bytes)
|
||||
-{
|
||||
- struct xfs_flock64 fl;
|
||||
- int err;
|
||||
-
|
||||
- memset(&fl, 0, sizeof(fl));
|
||||
- fl.l_whence = SEEK_SET;
|
||||
- fl.l_start = offset;
|
||||
- fl.l_len = bytes;
|
||||
-
|
||||
- if (xfsctl(NULL, s->fd, XFS_IOC_UNRESVSP64, &fl) < 0) {
|
||||
- err = errno;
|
||||
- trace_file_xfs_discard(strerror(errno));
|
||||
- return -err;
|
||||
- }
|
||||
-
|
||||
- return 0;
|
||||
-}
|
||||
-#endif
|
||||
-
|
||||
static int translate_err(int err)
|
||||
{
|
||||
if (err == -ENODEV || err == -ENOSYS || err == -EOPNOTSUPP ||
|
||||
@@ -1553,10 +1500,8 @@ static ssize_t handle_aiocb_write_zeroes_block(RawPosixAIOData *aiocb)
|
||||
static int handle_aiocb_write_zeroes(void *opaque)
|
||||
{
|
||||
RawPosixAIOData *aiocb = opaque;
|
||||
-#if defined(CONFIG_FALLOCATE) || defined(CONFIG_XFS)
|
||||
- BDRVRawState *s = aiocb->bs->opaque;
|
||||
-#endif
|
||||
#ifdef CONFIG_FALLOCATE
|
||||
+ BDRVRawState *s = aiocb->bs->opaque;
|
||||
int64_t len;
|
||||
#endif
|
||||
|
||||
@@ -1564,12 +1509,6 @@ static int handle_aiocb_write_zeroes(void *opaque)
|
||||
return handle_aiocb_write_zeroes_block(aiocb);
|
||||
}
|
||||
|
||||
-#ifdef CONFIG_XFS
|
||||
- if (s->is_xfs) {
|
||||
- return xfs_write_zeroes(s, aiocb->aio_offset, aiocb->aio_nbytes);
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
#ifdef CONFIG_FALLOCATE_ZERO_RANGE
|
||||
if (s->has_write_zeroes) {
|
||||
int ret = do_fallocate(s->fd, FALLOC_FL_ZERO_RANGE,
|
||||
@@ -1632,14 +1571,6 @@ static int handle_aiocb_write_zeroes_unmap(void *opaque)
|
||||
}
|
||||
#endif
|
||||
|
||||
-#ifdef CONFIG_XFS
|
||||
- if (s->is_xfs) {
|
||||
- /* xfs_discard() guarantees that the discarded area reads as all-zero
|
||||
- * afterwards, so we can use it here. */
|
||||
- return xfs_discard(s, aiocb->aio_offset, aiocb->aio_nbytes);
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
/* If we couldn't manage to unmap while guaranteed that the area reads as
|
||||
* all-zero afterwards, just write zeroes without unmapping */
|
||||
ret = handle_aiocb_write_zeroes(aiocb);
|
||||
@@ -1716,12 +1647,6 @@ static int handle_aiocb_discard(void *opaque)
|
||||
ret = -errno;
|
||||
#endif
|
||||
} else {
|
||||
-#ifdef CONFIG_XFS
|
||||
- if (s->is_xfs) {
|
||||
- return xfs_discard(s, aiocb->aio_offset, aiocb->aio_nbytes);
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
#ifdef CONFIG_FALLOCATE_PUNCH_HOLE
|
||||
ret = do_fallocate(s->fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
|
||||
aiocb->aio_offset, aiocb->aio_nbytes);
|
39
block-nfs-tear-down-aio-before-nfs_close.patch
Normal file
39
block-nfs-tear-down-aio-before-nfs_close.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From: Peter Lieven <pl@kamp.de>
|
||||
Date: Tue, 10 Sep 2019 17:41:09 +0200
|
||||
Subject: block/nfs: tear down aio before nfs_close
|
||||
|
||||
Git-commit: 601dc6559725f7a614b6f893611e17ff0908e914
|
||||
|
||||
nfs_close is a sync call from libnfs and has its own event
|
||||
handler polling on the nfs FD. Avoid that both QEMU and libnfs
|
||||
are intefering here.
|
||||
|
||||
CC: qemu-stable@nongnu.org
|
||||
Signed-off-by: Peter Lieven <pl@kamp.de>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/nfs.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/block/nfs.c b/block/nfs.c
|
||||
index d93241b3bb84cf0a662f0ddec582..2b7a0782419af82aea80dd76e474 100644
|
||||
--- a/block/nfs.c
|
||||
+++ b/block/nfs.c
|
||||
@@ -390,12 +390,14 @@ static void nfs_attach_aio_context(BlockDriverState *bs,
|
||||
static void nfs_client_close(NFSClient *client)
|
||||
{
|
||||
if (client->context) {
|
||||
+ qemu_mutex_lock(&client->mutex);
|
||||
+ aio_set_fd_handler(client->aio_context, nfs_get_fd(client->context),
|
||||
+ false, NULL, NULL, NULL, NULL);
|
||||
+ qemu_mutex_unlock(&client->mutex);
|
||||
if (client->fh) {
|
||||
nfs_close(client->context, client->fh);
|
||||
client->fh = NULL;
|
||||
}
|
||||
- aio_set_fd_handler(client->aio_context, nfs_get_fd(client->context),
|
||||
- false, NULL, NULL, NULL, NULL);
|
||||
nfs_destroy_context(client->context);
|
||||
client->context = NULL;
|
||||
}
|
59
blockjob-update-nodes-head-while-removin.patch
Normal file
59
blockjob-update-nodes-head-while-removin.patch
Normal file
@ -0,0 +1,59 @@
|
||||
From: Sergio Lopez <slp@redhat.com>
|
||||
Date: Wed, 11 Sep 2019 12:03:16 +0200
|
||||
Subject: blockjob: update nodes head while removing all bdrv
|
||||
|
||||
Git-commit: d876bf676f5e7c6aa9ac64555e48cba8734ecb2f
|
||||
|
||||
block_job_remove_all_bdrv() iterates through job->nodes, calling
|
||||
bdrv_root_unref_child() for each entry. The call to the latter may
|
||||
reach child_job_[can_]set_aio_ctx(), which will also attempt to
|
||||
traverse job->nodes, potentially finding entries that where freed
|
||||
on previous iterations.
|
||||
|
||||
To avoid this situation, update job->nodes head on each iteration to
|
||||
ensure that already freed entries are no longer linked to the list.
|
||||
|
||||
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1746631
|
||||
Signed-off-by: Sergio Lopez <slp@redhat.com>
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Message-id: 20190911100316.32282-1-mreitz@redhat.com
|
||||
Reviewed-by: Sergio Lopez <slp@redhat.com>
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
blockjob.c | 17 +++++++++++++----
|
||||
1 file changed, 13 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/blockjob.c b/blockjob.c
|
||||
index 20b7f557da3e491927b99b113b73..74abb97bfdf27b5a9f4f82cd55b4 100644
|
||||
--- a/blockjob.c
|
||||
+++ b/blockjob.c
|
||||
@@ -186,14 +186,23 @@ static const BdrvChildRole child_job = {
|
||||
|
||||
void block_job_remove_all_bdrv(BlockJob *job)
|
||||
{
|
||||
- GSList *l;
|
||||
- for (l = job->nodes; l; l = l->next) {
|
||||
+ /*
|
||||
+ * bdrv_root_unref_child() may reach child_job_[can_]set_aio_ctx(),
|
||||
+ * which will also traverse job->nodes, so consume the list one by
|
||||
+ * one to make sure that such a concurrent access does not attempt
|
||||
+ * to process an already freed BdrvChild.
|
||||
+ */
|
||||
+ while (job->nodes) {
|
||||
+ GSList *l = job->nodes;
|
||||
BdrvChild *c = l->data;
|
||||
+
|
||||
+ job->nodes = l->next;
|
||||
+
|
||||
bdrv_op_unblock_all(c->bs, job->blocker);
|
||||
bdrv_root_unref_child(c);
|
||||
+
|
||||
+ g_slist_free_1(l);
|
||||
}
|
||||
- g_slist_free(job->nodes);
|
||||
- job->nodes = NULL;
|
||||
}
|
||||
|
||||
bool block_job_has_bdrv(BlockJob *job, BlockDriverState *bs)
|
@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2aa664ee29f9254cf714362c9239c1b5b549f0d2d836cf30c25a9ed0962da796
|
||||
size 37808
|
||||
oid sha256:956551eb5fd32778ff718dd66924f10f4dc2ac7c46466065a4724d4a1f1edd05
|
||||
size 52432
|
||||
|
71
curl-Check-completion-in-curl_multi_do.patch
Normal file
71
curl-Check-completion-in-curl_multi_do.patch
Normal file
@ -0,0 +1,71 @@
|
||||
From: Max Reitz <mreitz@redhat.com>
|
||||
Date: Tue, 10 Sep 2019 14:41:32 +0200
|
||||
Subject: curl: Check completion in curl_multi_do()
|
||||
|
||||
Git-commit: 948403bcb1c7e71dcbe8ab8479cf3934a0efcbb5
|
||||
|
||||
While it is more likely that transfers complete after some file
|
||||
descriptor has data ready to read, we probably should not rely on it.
|
||||
Better be safe than sorry and call curl_multi_check_completion() in
|
||||
curl_multi_do(), too, just like it is done in curl_multi_read().
|
||||
|
||||
With this change, curl_multi_do() and curl_multi_read() are actually the
|
||||
same, so drop curl_multi_read() and use curl_multi_do() as the sole FD
|
||||
handler.
|
||||
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Message-id: 20190910124136.10565-4-mreitz@redhat.com
|
||||
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
|
||||
Reviewed-by: John Snow <jsnow@redhat.com>
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/curl.c | 14 ++------------
|
||||
1 file changed, 2 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/block/curl.c b/block/curl.c
|
||||
index 95d7b77dc0b1cf25443effdb9eb3..5838afef99e070d8e7b704fa55e7 100644
|
||||
--- a/block/curl.c
|
||||
+++ b/block/curl.c
|
||||
@@ -139,7 +139,6 @@ typedef struct BDRVCURLState {
|
||||
|
||||
static void curl_clean_state(CURLState *s);
|
||||
static void curl_multi_do(void *arg);
|
||||
-static void curl_multi_read(void *arg);
|
||||
|
||||
#ifdef NEED_CURL_TIMER_CALLBACK
|
||||
/* Called from curl_multi_do_locked, with s->mutex held. */
|
||||
@@ -186,7 +185,7 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
|
||||
switch (action) {
|
||||
case CURL_POLL_IN:
|
||||
aio_set_fd_handler(s->aio_context, fd, false,
|
||||
- curl_multi_read, NULL, NULL, state);
|
||||
+ curl_multi_do, NULL, NULL, state);
|
||||
break;
|
||||
case CURL_POLL_OUT:
|
||||
aio_set_fd_handler(s->aio_context, fd, false,
|
||||
@@ -194,7 +193,7 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
|
||||
break;
|
||||
case CURL_POLL_INOUT:
|
||||
aio_set_fd_handler(s->aio_context, fd, false,
|
||||
- curl_multi_read, curl_multi_do, NULL, state);
|
||||
+ curl_multi_do, curl_multi_do, NULL, state);
|
||||
break;
|
||||
case CURL_POLL_REMOVE:
|
||||
aio_set_fd_handler(s->aio_context, fd, false,
|
||||
@@ -416,15 +415,6 @@ static void curl_multi_do(void *arg)
|
||||
{
|
||||
CURLState *s = (CURLState *)arg;
|
||||
|
||||
- qemu_mutex_lock(&s->s->mutex);
|
||||
- curl_multi_do_locked(s);
|
||||
- qemu_mutex_unlock(&s->s->mutex);
|
||||
-}
|
||||
-
|
||||
-static void curl_multi_read(void *arg)
|
||||
-{
|
||||
- CURLState *s = (CURLState *)arg;
|
||||
-
|
||||
qemu_mutex_lock(&s->s->mutex);
|
||||
curl_multi_do_locked(s);
|
||||
curl_multi_check_completion(s->s);
|
146
curl-Handle-success-in-multi_check_compl.patch
Normal file
146
curl-Handle-success-in-multi_check_compl.patch
Normal file
@ -0,0 +1,146 @@
|
||||
From: Max Reitz <mreitz@redhat.com>
|
||||
Date: Tue, 10 Sep 2019 14:41:35 +0200
|
||||
Subject: curl: Handle success in multi_check_completion
|
||||
|
||||
Git-commit: bfb23b480a49114315877aacf700b49453e0f9d9
|
||||
|
||||
Background: As of cURL 7.59.0, it verifies that several functions are
|
||||
not called from within a callback. Among these functions is
|
||||
curl_multi_add_handle().
|
||||
|
||||
curl_read_cb() is a callback from cURL and not a coroutine. Waking up
|
||||
acb->co will lead to entering it then and there, which means the current
|
||||
request will settle and the caller (if it runs in the same coroutine)
|
||||
may then issue the next request. In such a case, we will enter
|
||||
curl_setup_preadv() effectively from within curl_read_cb().
|
||||
|
||||
Calling curl_multi_add_handle() will then fail and the new request will
|
||||
not be processed.
|
||||
|
||||
Fix this by not letting curl_read_cb() wake up acb->co. Instead, leave
|
||||
the whole business of settling the AIOCB objects to
|
||||
curl_multi_check_completion() (which is called from our timer callback
|
||||
and our FD handler, so not from any cURL callbacks).
|
||||
|
||||
Reported-by: Natalie Gavrielov <ngavrilo@redhat.com>
|
||||
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1740193
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Message-id: 20190910124136.10565-7-mreitz@redhat.com
|
||||
Reviewed-by: John Snow <jsnow@redhat.com>
|
||||
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/curl.c | 69 ++++++++++++++++++++++------------------------------
|
||||
1 file changed, 29 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/block/curl.c b/block/curl.c
|
||||
index fd70f1ebc458f22f6d1a4bc01e1e..c343c7ed3ddad205051d7e3b0196 100644
|
||||
--- a/block/curl.c
|
||||
+++ b/block/curl.c
|
||||
@@ -229,7 +229,6 @@ static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
|
||||
{
|
||||
CURLState *s = ((CURLState*)opaque);
|
||||
size_t realsize = size * nmemb;
|
||||
- int i;
|
||||
|
||||
trace_curl_read_cb(realsize);
|
||||
|
||||
@@ -245,32 +244,6 @@ static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque)
|
||||
memcpy(s->orig_buf + s->buf_off, ptr, realsize);
|
||||
s->buf_off += realsize;
|
||||
|
||||
- for(i=0; i<CURL_NUM_ACB; i++) {
|
||||
- CURLAIOCB *acb = s->acb[i];
|
||||
-
|
||||
- if (!acb)
|
||||
- continue;
|
||||
-
|
||||
- if ((s->buf_off >= acb->end)) {
|
||||
- size_t request_length = acb->bytes;
|
||||
-
|
||||
- qemu_iovec_from_buf(acb->qiov, 0, s->orig_buf + acb->start,
|
||||
- acb->end - acb->start);
|
||||
-
|
||||
- if (acb->end - acb->start < request_length) {
|
||||
- size_t offset = acb->end - acb->start;
|
||||
- qemu_iovec_memset(acb->qiov, offset, 0,
|
||||
- request_length - offset);
|
||||
- }
|
||||
-
|
||||
- acb->ret = 0;
|
||||
- s->acb[i] = NULL;
|
||||
- qemu_mutex_unlock(&s->s->mutex);
|
||||
- aio_co_wake(acb->co);
|
||||
- qemu_mutex_lock(&s->s->mutex);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
read_end:
|
||||
/* curl will error out if we do not return this value */
|
||||
return size * nmemb;
|
||||
@@ -351,13 +324,14 @@ static void curl_multi_check_completion(BDRVCURLState *s)
|
||||
break;
|
||||
|
||||
if (msg->msg == CURLMSG_DONE) {
|
||||
+ int i;
|
||||
CURLState *state = NULL;
|
||||
+ bool error = msg->data.result != CURLE_OK;
|
||||
+
|
||||
curl_easy_getinfo(msg->easy_handle, CURLINFO_PRIVATE,
|
||||
(char **)&state);
|
||||
|
||||
- /* ACBs for successful messages get completed in curl_read_cb */
|
||||
- if (msg->data.result != CURLE_OK) {
|
||||
- int i;
|
||||
+ if (error) {
|
||||
static int errcount = 100;
|
||||
|
||||
/* Don't lose the original error message from curl, since
|
||||
@@ -369,20 +343,35 @@ static void curl_multi_check_completion(BDRVCURLState *s)
|
||||
error_report("curl: further errors suppressed");
|
||||
}
|
||||
}
|
||||
+ }
|
||||
|
||||
- for (i = 0; i < CURL_NUM_ACB; i++) {
|
||||
- CURLAIOCB *acb = state->acb[i];
|
||||
+ for (i = 0; i < CURL_NUM_ACB; i++) {
|
||||
+ CURLAIOCB *acb = state->acb[i];
|
||||
|
||||
- if (acb == NULL) {
|
||||
- continue;
|
||||
- }
|
||||
+ if (acb == NULL) {
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ if (!error) {
|
||||
+ /* Assert that we have read all data */
|
||||
+ assert(state->buf_off >= acb->end);
|
||||
+
|
||||
+ qemu_iovec_from_buf(acb->qiov, 0,
|
||||
+ state->orig_buf + acb->start,
|
||||
+ acb->end - acb->start);
|
||||
|
||||
- acb->ret = -EIO;
|
||||
- state->acb[i] = NULL;
|
||||
- qemu_mutex_unlock(&s->mutex);
|
||||
- aio_co_wake(acb->co);
|
||||
- qemu_mutex_lock(&s->mutex);
|
||||
+ if (acb->end - acb->start < acb->bytes) {
|
||||
+ size_t offset = acb->end - acb->start;
|
||||
+ qemu_iovec_memset(acb->qiov, offset, 0,
|
||||
+ acb->bytes - offset);
|
||||
+ }
|
||||
}
|
||||
+
|
||||
+ acb->ret = error ? -EIO : 0;
|
||||
+ state->acb[i] = NULL;
|
||||
+ qemu_mutex_unlock(&s->mutex);
|
||||
+ aio_co_wake(acb->co);
|
||||
+ qemu_mutex_lock(&s->mutex);
|
||||
}
|
||||
|
||||
curl_clean_state(state);
|
49
curl-Keep-pointer-to-the-CURLState-in-CU.patch
Normal file
49
curl-Keep-pointer-to-the-CURLState-in-CU.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From: Max Reitz <mreitz@redhat.com>
|
||||
Date: Tue, 10 Sep 2019 14:41:30 +0200
|
||||
Subject: curl: Keep pointer to the CURLState in CURLSocket
|
||||
|
||||
Git-commit: 0487861685294660b23bc146e1ebd5304aa8bbe0
|
||||
|
||||
A follow-up patch will make curl_multi_do() and curl_multi_read() take a
|
||||
CURLSocket instead of the CURLState. They still need the latter,
|
||||
though, so add a pointer to it to the former.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Reviewed-by: John Snow <jsnow@redhat.com>
|
||||
Message-id: 20190910124136.10565-2-mreitz@redhat.com
|
||||
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/curl.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/block/curl.c b/block/curl.c
|
||||
index d4c8e94f3e0fe26ee221e763356e..92dc2f630e20f4a6b138c9c82b8b 100644
|
||||
--- a/block/curl.c
|
||||
+++ b/block/curl.c
|
||||
@@ -80,6 +80,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
|
||||
#define CURL_BLOCK_OPT_TIMEOUT_DEFAULT 5
|
||||
|
||||
struct BDRVCURLState;
|
||||
+struct CURLState;
|
||||
|
||||
static bool libcurl_initialized;
|
||||
|
||||
@@ -97,6 +98,7 @@ typedef struct CURLAIOCB {
|
||||
|
||||
typedef struct CURLSocket {
|
||||
int fd;
|
||||
+ struct CURLState *state;
|
||||
QLIST_ENTRY(CURLSocket) next;
|
||||
} CURLSocket;
|
||||
|
||||
@@ -180,6 +182,7 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
|
||||
if (!socket) {
|
||||
socket = g_new0(CURLSocket, 1);
|
||||
socket->fd = fd;
|
||||
+ socket->state = state;
|
||||
QLIST_INSERT_HEAD(&state->sockets, socket, next);
|
||||
}
|
||||
socket = NULL;
|
56
curl-Keep-socket-until-the-end-of-curl_s.patch
Normal file
56
curl-Keep-socket-until-the-end-of-curl_s.patch
Normal file
@ -0,0 +1,56 @@
|
||||
From: Max Reitz <mreitz@redhat.com>
|
||||
Date: Tue, 10 Sep 2019 14:41:31 +0200
|
||||
Subject: curl: Keep *socket until the end of curl_sock_cb()
|
||||
|
||||
Git-commit: 007f339b1099af46a008dac438ca0943e31dba72
|
||||
|
||||
This does not really change anything, but it makes the code a bit easier
|
||||
to follow once we use @socket as the opaque pointer for
|
||||
aio_set_fd_handler().
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Message-id: 20190910124136.10565-3-mreitz@redhat.com
|
||||
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
|
||||
Reviewed-by: John Snow <jsnow@redhat.com>
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/curl.c | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/block/curl.c b/block/curl.c
|
||||
index 92dc2f630e20f4a6b138c9c82b8b..95d7b77dc0b1cf25443effdb9eb3 100644
|
||||
--- a/block/curl.c
|
||||
+++ b/block/curl.c
|
||||
@@ -172,10 +172,6 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
|
||||
|
||||
QLIST_FOREACH(socket, &state->sockets, next) {
|
||||
if (socket->fd == fd) {
|
||||
- if (action == CURL_POLL_REMOVE) {
|
||||
- QLIST_REMOVE(socket, next);
|
||||
- g_free(socket);
|
||||
- }
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -185,7 +181,6 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
|
||||
socket->state = state;
|
||||
QLIST_INSERT_HEAD(&state->sockets, socket, next);
|
||||
}
|
||||
- socket = NULL;
|
||||
|
||||
trace_curl_sock_cb(action, (int)fd);
|
||||
switch (action) {
|
||||
@@ -207,6 +202,11 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
|
||||
break;
|
||||
}
|
||||
|
||||
+ if (action == CURL_POLL_REMOVE) {
|
||||
+ QLIST_REMOVE(socket, next);
|
||||
+ g_free(socket);
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
77
curl-Pass-CURLSocket-to-curl_multi_do.patch
Normal file
77
curl-Pass-CURLSocket-to-curl_multi_do.patch
Normal file
@ -0,0 +1,77 @@
|
||||
From: Max Reitz <mreitz@redhat.com>
|
||||
Date: Tue, 10 Sep 2019 14:41:33 +0200
|
||||
Subject: curl: Pass CURLSocket to curl_multi_do()
|
||||
|
||||
Git-commit: 9dbad87d25587ff640ef878f7b6159fc368ff541
|
||||
|
||||
curl_multi_do_locked() currently marks all sockets as ready. That is
|
||||
not only inefficient, but in fact unsafe (the loop is). A follow-up
|
||||
patch will change that, but to do so, curl_multi_do_locked() needs to
|
||||
know exactly which socket is ready; and that is accomplished by this
|
||||
patch here.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Message-id: 20190910124136.10565-5-mreitz@redhat.com
|
||||
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
|
||||
Reviewed-by: John Snow <jsnow@redhat.com>
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/curl.c | 20 +++++++++++---------
|
||||
1 file changed, 11 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/block/curl.c b/block/curl.c
|
||||
index 5838afef99e070d8e7b704fa55e7..cf2686218dcf4bc7d2db1a7026f9 100644
|
||||
--- a/block/curl.c
|
||||
+++ b/block/curl.c
|
||||
@@ -185,15 +185,15 @@ static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action,
|
||||
switch (action) {
|
||||
case CURL_POLL_IN:
|
||||
aio_set_fd_handler(s->aio_context, fd, false,
|
||||
- curl_multi_do, NULL, NULL, state);
|
||||
+ curl_multi_do, NULL, NULL, socket);
|
||||
break;
|
||||
case CURL_POLL_OUT:
|
||||
aio_set_fd_handler(s->aio_context, fd, false,
|
||||
- NULL, curl_multi_do, NULL, state);
|
||||
+ NULL, curl_multi_do, NULL, socket);
|
||||
break;
|
||||
case CURL_POLL_INOUT:
|
||||
aio_set_fd_handler(s->aio_context, fd, false,
|
||||
- curl_multi_do, curl_multi_do, NULL, state);
|
||||
+ curl_multi_do, curl_multi_do, NULL, socket);
|
||||
break;
|
||||
case CURL_POLL_REMOVE:
|
||||
aio_set_fd_handler(s->aio_context, fd, false,
|
||||
@@ -392,9 +392,10 @@ static void curl_multi_check_completion(BDRVCURLState *s)
|
||||
}
|
||||
|
||||
/* Called with s->mutex held. */
|
||||
-static void curl_multi_do_locked(CURLState *s)
|
||||
+static void curl_multi_do_locked(CURLSocket *ready_socket)
|
||||
{
|
||||
CURLSocket *socket, *next_socket;
|
||||
+ CURLState *s = ready_socket->state;
|
||||
int running;
|
||||
int r;
|
||||
|
||||
@@ -413,12 +414,13 @@ static void curl_multi_do_locked(CURLState *s)
|
||||
|
||||
static void curl_multi_do(void *arg)
|
||||
{
|
||||
- CURLState *s = (CURLState *)arg;
|
||||
+ CURLSocket *socket = arg;
|
||||
+ BDRVCURLState *s = socket->state->s;
|
||||
|
||||
- qemu_mutex_lock(&s->s->mutex);
|
||||
- curl_multi_do_locked(s);
|
||||
- curl_multi_check_completion(s->s);
|
||||
- qemu_mutex_unlock(&s->s->mutex);
|
||||
+ qemu_mutex_lock(&s->mutex);
|
||||
+ curl_multi_do_locked(socket);
|
||||
+ curl_multi_check_completion(s);
|
||||
+ qemu_mutex_unlock(&s->mutex);
|
||||
}
|
||||
|
||||
static void curl_multi_timeout_do(void *arg)
|
61
curl-Report-only-ready-sockets.patch
Normal file
61
curl-Report-only-ready-sockets.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From: Max Reitz <mreitz@redhat.com>
|
||||
Date: Tue, 10 Sep 2019 14:41:34 +0200
|
||||
Subject: curl: Report only ready sockets
|
||||
|
||||
Git-commit: 9abaf9fc474c3dd53e8e119326abc774c977c331
|
||||
|
||||
Instead of reporting all sockets to cURL, only report the one that has
|
||||
caused curl_multi_do_locked() to be called. This lets us get rid of the
|
||||
QLIST_FOREACH_SAFE() list, which was actually wrong: SAFE foreaches are
|
||||
only safe when the current element is removed in each iteration. If it
|
||||
possible for the list to be concurrently modified, we cannot guarantee
|
||||
that only the current element will be removed. Therefore, we must not
|
||||
use QLIST_FOREACH_SAFE() here.
|
||||
|
||||
Fixes: ff5ca1664af85b24a4180d595ea6873fd3deac57
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Message-id: 20190910124136.10565-6-mreitz@redhat.com
|
||||
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
|
||||
Reviewed-by: John Snow <jsnow@redhat.com>
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/curl.c | 17 ++++++-----------
|
||||
1 file changed, 6 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/block/curl.c b/block/curl.c
|
||||
index cf2686218dcf4bc7d2db1a7026f9..fd70f1ebc458f22f6d1a4bc01e1e 100644
|
||||
--- a/block/curl.c
|
||||
+++ b/block/curl.c
|
||||
@@ -392,24 +392,19 @@ static void curl_multi_check_completion(BDRVCURLState *s)
|
||||
}
|
||||
|
||||
/* Called with s->mutex held. */
|
||||
-static void curl_multi_do_locked(CURLSocket *ready_socket)
|
||||
+static void curl_multi_do_locked(CURLSocket *socket)
|
||||
{
|
||||
- CURLSocket *socket, *next_socket;
|
||||
- CURLState *s = ready_socket->state;
|
||||
+ BDRVCURLState *s = socket->state->s;
|
||||
int running;
|
||||
int r;
|
||||
|
||||
- if (!s->s->multi) {
|
||||
+ if (!s->multi) {
|
||||
return;
|
||||
}
|
||||
|
||||
- /* Need to use _SAFE because curl_multi_socket_action() may trigger
|
||||
- * curl_sock_cb() which might modify this list */
|
||||
- QLIST_FOREACH_SAFE(socket, &s->sockets, next, next_socket) {
|
||||
- do {
|
||||
- r = curl_multi_socket_action(s->s->multi, socket->fd, 0, &running);
|
||||
- } while (r == CURLM_CALL_MULTI_PERFORM);
|
||||
- }
|
||||
+ do {
|
||||
+ r = curl_multi_socket_action(s->multi, socket->fd, 0, &running);
|
||||
+ } while (r == CURLM_CALL_MULTI_PERFORM);
|
||||
}
|
||||
|
||||
static void curl_multi_do(void *arg)
|
45
hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch
Normal file
45
hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From: Peter Maydell <peter.maydell@linaro.org>
|
||||
Date: Fri, 20 Sep 2019 18:40:39 +0100
|
||||
Subject: hw/arm/boot.c: Set NSACR.{CP11,CP10} for NS kernel boots
|
||||
|
||||
Git-commit: ece628fcf69cbbd4b3efb6fbd203af07609467a2
|
||||
|
||||
If we're booting a Linux kernel directly into Non-Secure
|
||||
state on a CPU which has Secure state, then make sure we
|
||||
set the NSACR CP11 and CP10 bits, so that Non-Secure is allowed
|
||||
to access the FPU. Otherwise an AArch32 kernel will UNDEF as
|
||||
soon as it tries to use the FPU.
|
||||
|
||||
It used to not matter that we didn't do this until commit
|
||||
fc1120a7f5f2d4b6, where we implemented actually honouring
|
||||
these NSACR bits.
|
||||
|
||||
The problem only exists for CPUs where EL3 is AArch32; the
|
||||
equivalent AArch64 trap bits are in CPTR_EL3 and are "0 to
|
||||
not trap, 1 to trap", so the reset value of the register
|
||||
permits NS access, unlike NSACR.
|
||||
|
||||
Fixes: fc1120a7f5
|
||||
Fixes: https://bugs.launchpad.net/qemu/+bug/1844597
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Message-id: 20190920174039.3916-1-peter.maydell@linaro.org
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/arm/boot.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
|
||||
index c2b89b3bb9b6b92b0293d859712e..fc4e021a38a6bc1e5e2aa5b5876c 100644
|
||||
--- a/hw/arm/boot.c
|
||||
+++ b/hw/arm/boot.c
|
||||
@@ -754,6 +754,8 @@ static void do_cpu_reset(void *opaque)
|
||||
(cs != first_cpu || !info->secure_board_setup)) {
|
||||
/* Linux expects non-secure state */
|
||||
env->cp15.scr_el3 |= SCR_NS;
|
||||
+ /* Set NSACR.{CP11,CP10} so NS can access the FPU */
|
||||
+ env->cp15.nsacr |= 3 << 10;
|
||||
}
|
||||
}
|
||||
|
43
hw-core-loader-Fix-possible-crash-in-rom.patch
Normal file
43
hw-core-loader-Fix-possible-crash-in-rom.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From: Thomas Huth <thuth@redhat.com>
|
||||
Date: Wed, 25 Sep 2019 14:16:43 +0200
|
||||
Subject: hw/core/loader: Fix possible crash in rom_copy()
|
||||
|
||||
Git-commit: e423455c4f23a1a828901c78fe6d03b7dde79319
|
||||
|
||||
Both, "rom->addr" and "addr" are derived from the binary image
|
||||
that can be loaded with the "-kernel" paramer. The code in
|
||||
rom_copy() then calculates:
|
||||
|
||||
d = dest + (rom->addr - addr);
|
||||
|
||||
and uses "d" as destination in a memcpy() some lines later. Now with
|
||||
bad kernel images, it is possible that rom->addr is smaller than addr,
|
||||
thus "rom->addr - addr" gets negative and the memcpy() then tries to
|
||||
copy contents from the image to a bad memory location. This could
|
||||
maybe be used to inject code from a kernel image into the QEMU binary,
|
||||
so we better fix it with an additional sanity check here.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Reported-by: Guangming Liu
|
||||
Buglink: https://bugs.launchpad.net/qemu/+bug/1844635
|
||||
Message-Id: <20190925130331.27825-1-thuth@redhat.com>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/core/loader.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/core/loader.c b/hw/core/loader.c
|
||||
index 425bf69a9968765b4604a442eb0a..838a34174ac2039d55f557fa427a 100644
|
||||
--- a/hw/core/loader.c
|
||||
+++ b/hw/core/loader.c
|
||||
@@ -1242,7 +1242,7 @@ int rom_copy(uint8_t *dest, hwaddr addr, size_t size)
|
||||
if (rom->addr + rom->romsize < addr) {
|
||||
continue;
|
||||
}
|
||||
- if (rom->addr > end) {
|
||||
+ if (rom->addr > end || rom->addr < addr) {
|
||||
break;
|
||||
}
|
||||
|
44
memory-Provide-an-equality-function-for-.patch
Normal file
44
memory-Provide-an-equality-function-for-.patch
Normal file
@ -0,0 +1,44 @@
|
||||
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
|
||||
Date: Wed, 14 Aug 2019 18:55:34 +0100
|
||||
Subject: memory: Provide an equality function for MemoryRegionSections
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Git-commit: 9366cf02e4e31c2a8128904d4d8290a0fad5f888
|
||||
|
||||
Provide a comparison function that checks all the fields are the same.
|
||||
|
||||
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Message-Id: <20190814175535.2023-3-dgilbert@redhat.com>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
include/exec/memory.h | 12 ++++++++++++
|
||||
1 file changed, 12 insertions(+)
|
||||
|
||||
diff --git a/include/exec/memory.h b/include/exec/memory.h
|
||||
index bb0961ddb96788539e7138d4f5b3..25bc7ef1adc04d6de1ce1a41a38a 100644
|
||||
--- a/include/exec/memory.h
|
||||
+++ b/include/exec/memory.h
|
||||
@@ -496,6 +496,18 @@ struct MemoryRegionSection {
|
||||
bool nonvolatile;
|
||||
};
|
||||
|
||||
+static inline bool MemoryRegionSection_eq(MemoryRegionSection *a,
|
||||
+ MemoryRegionSection *b)
|
||||
+{
|
||||
+ return a->mr == b->mr &&
|
||||
+ a->fv == b->fv &&
|
||||
+ a->offset_within_region == b->offset_within_region &&
|
||||
+ a->offset_within_address_space == b->offset_within_address_space &&
|
||||
+ int128_eq(a->size, b->size) &&
|
||||
+ a->readonly == b->readonly &&
|
||||
+ a->nonvolatile == b->nonvolatile;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* memory_region_init: Initialize a memory region
|
||||
*
|
50
mirror-Keep-mirror_top_bs-drained-after-.patch
Normal file
50
mirror-Keep-mirror_top_bs-drained-after-.patch
Normal file
@ -0,0 +1,50 @@
|
||||
From: Kevin Wolf <kwolf@redhat.com>
|
||||
Date: Mon, 22 Jul 2019 17:44:27 +0200
|
||||
Subject: mirror: Keep mirror_top_bs drained after dropping permissions
|
||||
|
||||
Git-commit: d2da5e288a2e71e82866c8fdefd41b5727300124
|
||||
|
||||
mirror_top_bs is currently implicitly drained through its connection to
|
||||
the source or the target node. However, the drain section for target_bs
|
||||
ends early after moving mirror_top_bs from src to target_bs, so that
|
||||
requests can already be restarted while mirror_top_bs is still present
|
||||
in the chain, but has dropped all permissions and therefore runs into an
|
||||
assertion failure like this:
|
||||
|
||||
qemu-system-x86_64: block/io.c:1634: bdrv_co_write_req_prepare:
|
||||
Assertion `child->perm & BLK_PERM_WRITE' failed.
|
||||
|
||||
Keep mirror_top_bs drained until all graph changes have completed.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Reviewed-by: Max Reitz <mreitz@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/mirror.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/block/mirror.c b/block/mirror.c
|
||||
index 9f5c59ece1df391babc4461f63cb..642d6570cc97e1239b119a46c457 100644
|
||||
--- a/block/mirror.c
|
||||
+++ b/block/mirror.c
|
||||
@@ -656,7 +656,10 @@ static int mirror_exit_common(Job *job)
|
||||
s->target = NULL;
|
||||
|
||||
/* We don't access the source any more. Dropping any WRITE/RESIZE is
|
||||
- * required before it could become a backing file of target_bs. */
|
||||
+ * required before it could become a backing file of target_bs. Not having
|
||||
+ * these permissions any more means that we can't allow any new requests on
|
||||
+ * mirror_top_bs from now on, so keep it drained. */
|
||||
+ bdrv_drained_begin(mirror_top_bs);
|
||||
bs_opaque->stop = true;
|
||||
bdrv_child_refresh_perms(mirror_top_bs, mirror_top_bs->backing,
|
||||
&error_abort);
|
||||
@@ -724,6 +727,7 @@ static int mirror_exit_common(Job *job)
|
||||
bs_opaque->job = NULL;
|
||||
|
||||
bdrv_drained_end(src);
|
||||
+ bdrv_drained_end(mirror_top_bs);
|
||||
s->in_drain = false;
|
||||
bdrv_unref(mirror_top_bs);
|
||||
bdrv_unref(src);
|
37
pr-manager-Fix-invalid-g_free-crash-bug.patch
Normal file
37
pr-manager-Fix-invalid-g_free-crash-bug.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From: Markus Armbruster <armbru@redhat.com>
|
||||
Date: Thu, 22 Aug 2019 15:38:46 +0200
|
||||
Subject: pr-manager: Fix invalid g_free() crash bug
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Git-commit: 6b9d62c2a9e83bbad73fb61406f0ff69b46ff6f3
|
||||
|
||||
pr_manager_worker() passes its @opaque argument to g_free(). Wrong;
|
||||
it points to pr_manager_worker()'s automatic @data. Broken when
|
||||
commit 2f3a7ab39be converted @data from heap- to stack-allocated. Fix
|
||||
by deleting the g_free().
|
||||
|
||||
Fixes: 2f3a7ab39bec4ba8022dc4d42ea641165b004e3e
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Markus Armbruster <armbru@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
scsi/pr-manager.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/scsi/pr-manager.c b/scsi/pr-manager.c
|
||||
index ee43663576ed32c3d27649157e83..0c866e869835930767dacd3a0b21 100644
|
||||
--- a/scsi/pr-manager.c
|
||||
+++ b/scsi/pr-manager.c
|
||||
@@ -39,7 +39,6 @@ static int pr_manager_worker(void *opaque)
|
||||
int fd = data->fd;
|
||||
int r;
|
||||
|
||||
- g_free(data);
|
||||
trace_pr_manager_run(fd, hdr->cmdp[0], hdr->cmdp[1]);
|
||||
|
||||
/* The reference was taken in pr_manager_execute. */
|
56
qcow2-Fix-the-calculation-of-the-maximum.patch
Normal file
56
qcow2-Fix-the-calculation-of-the-maximum.patch
Normal file
@ -0,0 +1,56 @@
|
||||
From: Alberto Garcia <berto@igalia.com>
|
||||
Date: Fri, 16 Aug 2019 15:17:42 +0300
|
||||
Subject: qcow2: Fix the calculation of the maximum L2 cache size
|
||||
|
||||
Git-commit: b70d08205b2e4044c529eefc21df2c8ab61b473b
|
||||
|
||||
The size of the qcow2 L2 cache defaults to 32 MB, which can be easily
|
||||
larger than the maximum amount of L2 metadata that the image can have.
|
||||
For example: with 64 KB clusters the user would need a qcow2 image
|
||||
with a virtual size of 256 GB in order to have 32 MB of L2 metadata.
|
||||
|
||||
Because of that, since commit b749562d9822d14ef69c9eaa5f85903010b86c30
|
||||
we forbid the L2 cache to become larger than the maximum amount of L2
|
||||
metadata for the image, calculated using this formula:
|
||||
|
||||
uint64_t max_l2_cache = virtual_disk_size / (s->cluster_size / 8);
|
||||
|
||||
The problem with this formula is that the result should be rounded up
|
||||
to the cluster size because an L2 table on disk always takes one full
|
||||
cluster.
|
||||
|
||||
For example, a 1280 MB qcow2 image with 64 KB clusters needs exactly
|
||||
160 KB of L2 metadata, but we need 192 KB on disk (3 clusters) even if
|
||||
the last 32 KB of those are not going to be used.
|
||||
|
||||
However QEMU rounds the numbers down and only creates 2 cache tables
|
||||
(128 KB), which is not enough for the image.
|
||||
|
||||
A quick test doing 4KB random writes on a 1280 MB image gives me
|
||||
around 500 IOPS, while with the correct cache size I get 16K IOPS.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Alberto Garcia <berto@igalia.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/qcow2.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/block/qcow2.c b/block/qcow2.c
|
||||
index 039bdc2f7e799f935f5364daed5c..865839682cd639d1b7aba0cc328f 100644
|
||||
--- a/block/qcow2.c
|
||||
+++ b/block/qcow2.c
|
||||
@@ -826,7 +826,11 @@ static void read_cache_sizes(BlockDriverState *bs, QemuOpts *opts,
|
||||
bool l2_cache_entry_size_set;
|
||||
int min_refcount_cache = MIN_REFCOUNT_CACHE_SIZE * s->cluster_size;
|
||||
uint64_t virtual_disk_size = bs->total_sectors * BDRV_SECTOR_SIZE;
|
||||
- uint64_t max_l2_cache = virtual_disk_size / (s->cluster_size / 8);
|
||||
+ uint64_t max_l2_entries = DIV_ROUND_UP(virtual_disk_size, s->cluster_size);
|
||||
+ /* An L2 table is always one cluster in size so the max cache size
|
||||
+ * should be a multiple of the cluster size. */
|
||||
+ uint64_t max_l2_cache = ROUND_UP(max_l2_entries * sizeof(uint64_t),
|
||||
+ s->cluster_size);
|
||||
|
||||
combined_cache_size_set = qemu_opt_get(opts, QCOW2_OPT_CACHE_SIZE);
|
||||
l2_cache_size_set = qemu_opt_get(opts, QCOW2_OPT_L2_CACHE_SIZE);
|
30
qemu.changes
30
qemu.changes
@ -1,3 +1,33 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 1 22:07:37 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
- Add some post v4.1.0 upstream stable patches
|
||||
* Patches added:
|
||||
mirror-Keep-mirror_top_bs-drained-after-.patch
|
||||
s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch
|
||||
target-alpha-fix-tlb_fill-trap_arg2-valu.patch
|
||||
target-arm-Free-TCG-temps-in-trans_VMOV_.patch
|
||||
target-arm-Don-t-abort-on-M-profile-exce.patch
|
||||
qcow2-Fix-the-calculation-of-the-maximum.patch
|
||||
block-file-posix-Reduce-xfsctl-use.patch
|
||||
pr-manager-Fix-invalid-g_free-crash-bug.patch
|
||||
vpc-Return-0-from-vpc_co_create-on-succe.patch
|
||||
block-nfs-tear-down-aio-before-nfs_close.patch
|
||||
block-create-Do-not-abort-if-a-block-dri.patch
|
||||
curl-Keep-pointer-to-the-CURLState-in-CU.patch
|
||||
curl-Keep-socket-until-the-end-of-curl_s.patch
|
||||
curl-Check-completion-in-curl_multi_do.patch
|
||||
curl-Pass-CURLSocket-to-curl_multi_do.patch
|
||||
curl-Report-only-ready-sockets.patch
|
||||
curl-Handle-success-in-multi_check_compl.patch
|
||||
blockjob-update-nodes-head-while-removin.patch
|
||||
memory-Provide-an-equality-function-for-.patch
|
||||
vhost-Fix-memory-region-section-comparis.patch
|
||||
hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch
|
||||
s390-PCI-fix-IOMMU-region-init.patch
|
||||
hw-core-loader-Fix-possible-crash-in-rom.patch
|
||||
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 11 14:31:26 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||
|
||||
|
133
qemu.spec
133
qemu.spec
@ -111,54 +111,78 @@ Source10: supported.arm.txt
|
||||
Source11: supported.ppc.txt
|
||||
Source12: supported.x86.txt
|
||||
Source13: supported.s390.txt
|
||||
# this is to make lint happy
|
||||
Source200: qemu-rpmlintrc
|
||||
%endif # qemu
|
||||
Source300: update_git.sh
|
||||
Source301: config.sh
|
||||
Source200: qemu-rpmlintrc
|
||||
Source300: bundles.tar.xz
|
||||
Source301: update_git.sh
|
||||
Source302: config.sh
|
||||
Source303: README.PACKAGING
|
||||
# Upstream First -- https://wiki.qemu.org/Contribute/SubmitAPatch
|
||||
# This patch queue is auto-generated - see README.PACKAGING for process
|
||||
|
||||
# Patches applied in base project:
|
||||
Patch00000: XXX-dont-dump-core-on-sigabort.patch
|
||||
Patch00001: qemu-binfmt-conf-Modify-default-path.patch
|
||||
Patch00002: qemu-cvs-gettimeofday.patch
|
||||
Patch00003: qemu-cvs-ioctl_debug.patch
|
||||
Patch00004: qemu-cvs-ioctl_nodirection.patch
|
||||
Patch00005: linux-user-add-binfmt-wrapper-for-argv-0.patch
|
||||
Patch00006: PPC-KVM-Disable-mmu-notifier-check.patch
|
||||
Patch00007: linux-user-binfmt-support-host-binaries.patch
|
||||
Patch00008: linux-user-Fake-proc-cpuinfo.patch
|
||||
Patch00009: linux-user-use-target_ulong.patch
|
||||
Patch00010: Make-char-muxer-more-robust-wrt-small-FI.patch
|
||||
Patch00011: linux-user-lseek-explicitly-cast-non-set.patch
|
||||
Patch00012: AIO-Reduce-number-of-threads-for-32bit-h.patch
|
||||
Patch00013: xen_disk-Add-suse-specific-flush-disable.patch
|
||||
Patch00014: qemu-bridge-helper-reduce-security-profi.patch
|
||||
Patch00015: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
|
||||
Patch00016: linux-user-properly-test-for-infinite-ti.patch
|
||||
Patch00017: roms-Makefile-pass-a-packaging-timestamp.patch
|
||||
Patch00018: Raise-soft-address-space-limit-to-hard-l.patch
|
||||
Patch00019: increase-x86_64-physical-bits-to-42.patch
|
||||
Patch00020: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch
|
||||
Patch00021: i8254-Fix-migration-from-SLE11-SP2.patch
|
||||
Patch00022: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
|
||||
Patch00023: Switch-order-of-libraries-for-mpath-supp.patch
|
||||
Patch00024: Make-installed-scripts-explicitly-python.patch
|
||||
Patch00025: hw-smbios-handle-both-file-formats-regar.patch
|
||||
Patch00026: xen-add-block-resize-support-for-xen-dis.patch
|
||||
Patch00027: tests-qemu-iotests-Triple-timeout-of-i-o.patch
|
||||
Patch00028: tests-block-io-test-130-needs-some-delay.patch
|
||||
Patch00029: xen-ignore-live-parameter-from-xen-save-.patch
|
||||
Patch00030: Conditionalize-ui-bitmap-installation-be.patch
|
||||
Patch00031: tests-change-error-message-in-test-162.patch
|
||||
Patch00032: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
|
||||
Patch00033: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
|
||||
Patch00034: hw-intc-exynos4210_gic-provide-more-room.patch
|
||||
Patch00035: configure-only-populate-roms-if-softmmu.patch
|
||||
Patch00036: pc-bios-s390-ccw-net-avoid-warning-about.patch
|
||||
Patch00037: roms-change-cross-compiler-naming-to-be-.patch
|
||||
Patch00038: roms-Makefile.edk2-don-t-invoke-git-sinc.patch
|
||||
Patch00000: mirror-Keep-mirror_top_bs-drained-after-.patch
|
||||
Patch00001: s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch
|
||||
Patch00002: target-alpha-fix-tlb_fill-trap_arg2-valu.patch
|
||||
Patch00003: target-arm-Free-TCG-temps-in-trans_VMOV_.patch
|
||||
Patch00004: target-arm-Don-t-abort-on-M-profile-exce.patch
|
||||
Patch00005: qcow2-Fix-the-calculation-of-the-maximum.patch
|
||||
Patch00006: block-file-posix-Reduce-xfsctl-use.patch
|
||||
Patch00007: pr-manager-Fix-invalid-g_free-crash-bug.patch
|
||||
Patch00008: vpc-Return-0-from-vpc_co_create-on-succe.patch
|
||||
Patch00009: block-nfs-tear-down-aio-before-nfs_close.patch
|
||||
Patch00010: block-create-Do-not-abort-if-a-block-dri.patch
|
||||
Patch00011: curl-Keep-pointer-to-the-CURLState-in-CU.patch
|
||||
Patch00012: curl-Keep-socket-until-the-end-of-curl_s.patch
|
||||
Patch00013: curl-Check-completion-in-curl_multi_do.patch
|
||||
Patch00014: curl-Pass-CURLSocket-to-curl_multi_do.patch
|
||||
Patch00015: curl-Report-only-ready-sockets.patch
|
||||
Patch00016: curl-Handle-success-in-multi_check_compl.patch
|
||||
Patch00017: blockjob-update-nodes-head-while-removin.patch
|
||||
Patch00018: memory-Provide-an-equality-function-for-.patch
|
||||
Patch00019: vhost-Fix-memory-region-section-comparis.patch
|
||||
Patch00020: hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch
|
||||
Patch00021: s390-PCI-fix-IOMMU-region-init.patch
|
||||
Patch00022: hw-core-loader-Fix-possible-crash-in-rom.patch
|
||||
Patch00023: XXX-dont-dump-core-on-sigabort.patch
|
||||
Patch00024: qemu-binfmt-conf-Modify-default-path.patch
|
||||
Patch00025: qemu-cvs-gettimeofday.patch
|
||||
Patch00026: qemu-cvs-ioctl_debug.patch
|
||||
Patch00027: qemu-cvs-ioctl_nodirection.patch
|
||||
Patch00028: linux-user-add-binfmt-wrapper-for-argv-0.patch
|
||||
Patch00029: PPC-KVM-Disable-mmu-notifier-check.patch
|
||||
Patch00030: linux-user-binfmt-support-host-binaries.patch
|
||||
Patch00031: linux-user-Fake-proc-cpuinfo.patch
|
||||
Patch00032: linux-user-use-target_ulong.patch
|
||||
Patch00033: Make-char-muxer-more-robust-wrt-small-FI.patch
|
||||
Patch00034: linux-user-lseek-explicitly-cast-non-set.patch
|
||||
Patch00035: AIO-Reduce-number-of-threads-for-32bit-h.patch
|
||||
Patch00036: xen_disk-Add-suse-specific-flush-disable.patch
|
||||
Patch00037: qemu-bridge-helper-reduce-security-profi.patch
|
||||
Patch00038: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
|
||||
Patch00039: linux-user-properly-test-for-infinite-ti.patch
|
||||
Patch00040: roms-Makefile-pass-a-packaging-timestamp.patch
|
||||
Patch00041: Raise-soft-address-space-limit-to-hard-l.patch
|
||||
Patch00042: increase-x86_64-physical-bits-to-42.patch
|
||||
Patch00043: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch
|
||||
Patch00044: i8254-Fix-migration-from-SLE11-SP2.patch
|
||||
Patch00045: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
|
||||
Patch00046: Switch-order-of-libraries-for-mpath-supp.patch
|
||||
Patch00047: Make-installed-scripts-explicitly-python.patch
|
||||
Patch00048: hw-smbios-handle-both-file-formats-regar.patch
|
||||
Patch00049: xen-add-block-resize-support-for-xen-dis.patch
|
||||
Patch00050: tests-qemu-iotests-Triple-timeout-of-i-o.patch
|
||||
Patch00051: tests-block-io-test-130-needs-some-delay.patch
|
||||
Patch00052: xen-ignore-live-parameter-from-xen-save-.patch
|
||||
Patch00053: Conditionalize-ui-bitmap-installation-be.patch
|
||||
Patch00054: tests-change-error-message-in-test-162.patch
|
||||
Patch00055: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
|
||||
Patch00056: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
|
||||
Patch00057: hw-intc-exynos4210_gic-provide-more-room.patch
|
||||
Patch00058: configure-only-populate-roms-if-softmmu.patch
|
||||
Patch00059: pc-bios-s390-ccw-net-avoid-warning-about.patch
|
||||
Patch00060: roms-change-cross-compiler-naming-to-be-.patch
|
||||
Patch00061: roms-Makefile.edk2-don-t-invoke-git-sinc.patch
|
||||
# Patches applied in roms/seabios/:
|
||||
Patch01000: seabios-use-python2-explicitly-as-needed.patch
|
||||
Patch01001: seabios-switch-to-python3-as-needed.patch
|
||||
@ -911,6 +935,29 @@ This package provides a service file for starting and stopping KSM.
|
||||
%patch00036 -p1
|
||||
%patch00037 -p1
|
||||
%patch00038 -p1
|
||||
%patch00039 -p1
|
||||
%patch00040 -p1
|
||||
%patch00041 -p1
|
||||
%patch00042 -p1
|
||||
%patch00043 -p1
|
||||
%patch00044 -p1
|
||||
%patch00045 -p1
|
||||
%patch00046 -p1
|
||||
%patch00047 -p1
|
||||
%patch00048 -p1
|
||||
%patch00049 -p1
|
||||
%patch00050 -p1
|
||||
%patch00051 -p1
|
||||
%patch00052 -p1
|
||||
%patch00053 -p1
|
||||
%patch00054 -p1
|
||||
%patch00055 -p1
|
||||
%patch00056 -p1
|
||||
%patch00057 -p1
|
||||
%patch00058 -p1
|
||||
%patch00059 -p1
|
||||
%patch00060 -p1
|
||||
%patch00061 -p1
|
||||
%patch01000 -p1
|
||||
%patch01001 -p1
|
||||
%patch01002 -p1
|
||||
|
@ -109,11 +109,12 @@ Source10: supported.arm.txt
|
||||
Source11: supported.ppc.txt
|
||||
Source12: supported.x86.txt
|
||||
Source13: supported.s390.txt
|
||||
# this is to make lint happy
|
||||
Source200: qemu-rpmlintrc
|
||||
%endif # qemu
|
||||
Source300: update_git.sh
|
||||
Source301: config.sh
|
||||
Source200: qemu-rpmlintrc
|
||||
Source300: bundles.tar.xz
|
||||
Source301: update_git.sh
|
||||
Source302: config.sh
|
||||
Source303: README.PACKAGING
|
||||
# Upstream First -- https://wiki.qemu.org/Contribute/SubmitAPatch
|
||||
# This patch queue is auto-generated - see README.PACKAGING for process
|
||||
|
||||
|
48
s390-PCI-fix-IOMMU-region-init.patch
Normal file
48
s390-PCI-fix-IOMMU-region-init.patch
Normal file
@ -0,0 +1,48 @@
|
||||
From: Matthew Rosato <mjrosato@linux.ibm.com>
|
||||
Date: Thu, 26 Sep 2019 10:10:36 -0400
|
||||
Subject: s390: PCI: fix IOMMU region init
|
||||
|
||||
Git-commit: 7df1dac5f1c85312474df9cb3a8fcae72303da62
|
||||
|
||||
The fix in dbe9cf606c shrinks the IOMMU memory region to a size
|
||||
that seems reasonable on the surface, however is actually too
|
||||
small as it is based against a 0-mapped address space. This
|
||||
causes breakage with small guests as they can overrun the IOMMU window.
|
||||
|
||||
Let's go back to the prior method of initializing iommu for now.
|
||||
|
||||
Fixes: dbe9cf606c ("s390x/pci: Set the iommu region size mpcifc request")
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
|
||||
Reported-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
|
||||
Tested-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
|
||||
Reported-by: Stefan Zimmerman <stzi@linux.ibm.com>
|
||||
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
|
||||
Message-Id: <1569507036-15314-1-git-send-email-mjrosato@linux.ibm.com>
|
||||
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/s390x/s390-pci-bus.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
|
||||
index 2c6e084e2c2636b55980799b5837..9a935f22b5b06a67c8fbd7b6abb6 100644
|
||||
--- a/hw/s390x/s390-pci-bus.c
|
||||
+++ b/hw/s390x/s390-pci-bus.c
|
||||
@@ -694,10 +694,15 @@ static const MemoryRegionOps s390_msi_ctrl_ops = {
|
||||
|
||||
void s390_pci_iommu_enable(S390PCIIOMMU *iommu)
|
||||
{
|
||||
+ /*
|
||||
+ * The iommu region is initialized against a 0-mapped address space,
|
||||
+ * so the smallest IOMMU region we can define runs from 0 to the end
|
||||
+ * of the PCI address space.
|
||||
+ */
|
||||
char *name = g_strdup_printf("iommu-s390-%04x", iommu->pbdev->uid);
|
||||
memory_region_init_iommu(&iommu->iommu_mr, sizeof(iommu->iommu_mr),
|
||||
TYPE_S390_IOMMU_MEMORY_REGION, OBJECT(&iommu->mr),
|
||||
- name, iommu->pal - iommu->pba + 1);
|
||||
+ name, iommu->pal + 1);
|
||||
iommu->enabled = true;
|
||||
memory_region_add_subregion(&iommu->mr, 0, MEMORY_REGION(&iommu->iommu_mr));
|
||||
g_free(name);
|
34
s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch
Normal file
34
s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From: David Hildenbrand <david@redhat.com>
|
||||
Date: Wed, 14 Aug 2019 17:12:42 +0200
|
||||
Subject: s390x/tcg: Fix VERIM with 32/64 bit elements
|
||||
|
||||
Git-commit: 25bcb45d1b81d22634daa2b1a2d8bee746ac129b
|
||||
|
||||
Wrong order of operands. The constant always comes last. Makes QEMU crash
|
||||
reliably on specific git fetch invocations.
|
||||
|
||||
Reported-by: Stefano Brivio <sbrivio@redhat.com>
|
||||
Signed-off-by: David Hildenbrand <david@redhat.com>
|
||||
Message-Id: <20190814151242.27199-1-david@redhat.com>
|
||||
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
|
||||
Fixes: 5c4b0ab460ef ("s390x/tcg: Implement VECTOR ELEMENT ROTATE AND INSERT UNDER MASK")
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
target/s390x/translate_vx.inc.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/target/s390x/translate_vx.inc.c b/target/s390x/translate_vx.inc.c
|
||||
index 41d5cf869f94ef4c5842582bf830..0caddb3958cdbc820c0d4f1a074b 100644
|
||||
--- a/target/s390x/translate_vx.inc.c
|
||||
+++ b/target/s390x/translate_vx.inc.c
|
||||
@@ -213,7 +213,7 @@ static void get_vec_element_ptr_i64(TCGv_ptr ptr, uint8_t reg, TCGv_i64 enr,
|
||||
vec_full_reg_offset(v3), ptr, 16, 16, data, fn)
|
||||
#define gen_gvec_3i(v1, v2, v3, c, gen) \
|
||||
tcg_gen_gvec_3i(vec_full_reg_offset(v1), vec_full_reg_offset(v2), \
|
||||
- vec_full_reg_offset(v3), c, 16, 16, gen)
|
||||
+ vec_full_reg_offset(v3), 16, 16, c, gen)
|
||||
#define gen_gvec_4(v1, v2, v3, v4, gen) \
|
||||
tcg_gen_gvec_4(vec_full_reg_offset(v1), vec_full_reg_offset(v2), \
|
||||
vec_full_reg_offset(v3), vec_full_reg_offset(v4), \
|
41
target-alpha-fix-tlb_fill-trap_arg2-valu.patch
Normal file
41
target-alpha-fix-tlb_fill-trap_arg2-valu.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From: Aurelien Jarno <aurelien@aurel32.net>
|
||||
Date: Thu, 22 Aug 2019 10:45:14 -0700
|
||||
Subject: target/alpha: fix tlb_fill trap_arg2 value for instruction fetch
|
||||
|
||||
Git-commit: cb1de55a83eaca9ee32be9c959dca99e11f2fea8
|
||||
|
||||
Commit e41c94529740cc26 ("target/alpha: Convert to CPUClass::tlb_fill")
|
||||
slightly changed the way the trap_arg2 value is computed in case of TLB
|
||||
fill. The type of the variable used in the ternary operator has been
|
||||
changed from an int to an enum. This causes the -1 value to not be
|
||||
sign-extended to 64-bit in case of an instruction fetch. The trap_arg2
|
||||
ends up with 0xffffffff instead of 0xffffffffffffffff. Fix that by
|
||||
changing the -1 into -1LL.
|
||||
|
||||
This fixes the execution of user space processes in qemu-system-alpha.
|
||||
|
||||
Fixes: e41c94529740cc26
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
||||
[rth: Test MMU_DATA_LOAD and MMU_DATA_STORE instead of implying them.]
|
||||
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
target/alpha/helper.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/target/alpha/helper.c b/target/alpha/helper.c
|
||||
index 93b8e788b185f8b199b71256e5ff..d0cc6231925c932c192640632658 100644
|
||||
--- a/target/alpha/helper.c
|
||||
+++ b/target/alpha/helper.c
|
||||
@@ -283,7 +283,9 @@ bool alpha_cpu_tlb_fill(CPUState *cs, vaddr addr, int size,
|
||||
cs->exception_index = EXCP_MMFAULT;
|
||||
env->trap_arg0 = addr;
|
||||
env->trap_arg1 = fail;
|
||||
- env->trap_arg2 = (access_type == MMU_INST_FETCH ? -1 : access_type);
|
||||
+ env->trap_arg2 = (access_type == MMU_DATA_LOAD ? 0ull :
|
||||
+ access_type == MMU_DATA_STORE ? 1ull :
|
||||
+ /* access_type == MMU_INST_FETCH */ -1ull);
|
||||
cpu_loop_exit_restore(cs, retaddr);
|
||||
}
|
||||
|
101
target-arm-Don-t-abort-on-M-profile-exce.patch
Normal file
101
target-arm-Don-t-abort-on-M-profile-exce.patch
Normal file
@ -0,0 +1,101 @@
|
||||
From: Peter Maydell <peter.maydell@linaro.org>
|
||||
Date: Thu, 22 Aug 2019 14:15:34 +0100
|
||||
Subject: target/arm: Don't abort on M-profile exception return in linux-user
|
||||
mode
|
||||
|
||||
Git-commit: 5e5584c89f36b302c666bc6db535fd3f7ff35ad2
|
||||
|
||||
An attempt to do an exception-return (branch to one of the magic
|
||||
addresses) in linux-user mode for M-profile should behave like
|
||||
a normal branch, because linux-user mode is always going to be
|
||||
in 'handler' mode. This used to work, but we broke it when we added
|
||||
support for the M-profile security extension in commit d02a8698d7ae2bfed.
|
||||
|
||||
In that commit we allowed even handler-mode calls to magic return
|
||||
values to be checked for and dealt with by causing an
|
||||
EXCP_EXCEPTION_EXIT exception to be taken, because this is
|
||||
needed for the FNC_RETURN return-from-non-secure-function-call
|
||||
handling. For system mode we added a check in do_v7m_exception_exit()
|
||||
to make any spurious calls from Handler mode behave correctly, but
|
||||
forgot that linux-user mode would also be affected.
|
||||
|
||||
How an attempted return-from-non-secure-function-call in linux-user
|
||||
mode should be handled is not clear -- on real hardware it would
|
||||
result in return to secure code (not to the Linux kernel) which
|
||||
could then handle the error in any way it chose. For QEMU we take
|
||||
the simple approach of treating this erroneous return the same way
|
||||
it would be handled on a CPU without the security extensions --
|
||||
treat it as a normal branch.
|
||||
|
||||
The upshot of all this is that for linux-user mode we should never
|
||||
do any of the bx_excret magic, so the code change is simple.
|
||||
|
||||
This ought to be a weird corner case that only affects broken guest
|
||||
code (because Linux user processes should never be attempting to do
|
||||
exception returns or NS function returns), except that the code that
|
||||
assigns addresses in RAM for the process and stack in our linux-user
|
||||
code does not attempt to avoid this magic address range, so
|
||||
legitimate code attempting to return to a trampoline routine on the
|
||||
stack can fall into this case. This change fixes those programs,
|
||||
but we should also look at restricting the range of memory we
|
||||
use for M-profile linux-user guests to the area that would be
|
||||
real RAM in hardware.
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Reported-by: Christophe Lyon <christophe.lyon@linaro.org>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Message-id: 20190822131534.16602-1-peter.maydell@linaro.org
|
||||
Fixes: https://bugs.launchpad.net/qemu/+bug/1840922
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
target/arm/translate.c | 21 ++++++++++++++++++++-
|
||||
1 file changed, 20 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/target/arm/translate.c b/target/arm/translate.c
|
||||
index 7853462b21b870fdc3e3d2166a3e..24cb4ba075d095e050b193570ad2 100644
|
||||
--- a/target/arm/translate.c
|
||||
+++ b/target/arm/translate.c
|
||||
@@ -952,10 +952,27 @@ static inline void gen_bx(DisasContext *s, TCGv_i32 var)
|
||||
store_cpu_field(var, thumb);
|
||||
}
|
||||
|
||||
-/* Set PC and Thumb state from var. var is marked as dead.
|
||||
+/*
|
||||
+ * Set PC and Thumb state from var. var is marked as dead.
|
||||
* For M-profile CPUs, include logic to detect exception-return
|
||||
* branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC,
|
||||
* and BX reg, and no others, and happens only for code in Handler mode.
|
||||
+ * The Security Extension also requires us to check for the FNC_RETURN
|
||||
+ * which signals a function return from non-secure state; this can happen
|
||||
+ * in both Handler and Thread mode.
|
||||
+ * To avoid having to do multiple comparisons in inline generated code,
|
||||
+ * we make the check we do here loose, so it will match for EXC_RETURN
|
||||
+ * in Thread mode. For system emulation do_v7m_exception_exit() checks
|
||||
+ * for these spurious cases and returns without doing anything (giving
|
||||
+ * the same behaviour as for a branch to a non-magic address).
|
||||
+ *
|
||||
+ * In linux-user mode it is unclear what the right behaviour for an
|
||||
+ * attempted FNC_RETURN should be, because in real hardware this will go
|
||||
+ * directly to Secure code (ie not the Linux kernel) which will then treat
|
||||
+ * the error in any way it chooses. For QEMU we opt to make the FNC_RETURN
|
||||
+ * attempt behave the way it would on a CPU without the security extension,
|
||||
+ * which is to say "like a normal branch". That means we can simply treat
|
||||
+ * all branches as normal with no magic address behaviour.
|
||||
*/
|
||||
static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
|
||||
{
|
||||
@@ -963,10 +980,12 @@ static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
|
||||
* s->base.is_jmp that we need to do the rest of the work later.
|
||||
*/
|
||||
gen_bx(s, var);
|
||||
+#ifndef CONFIG_USER_ONLY
|
||||
if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) ||
|
||||
(s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) {
|
||||
s->base.is_jmp = DISAS_BX_EXCRET;
|
||||
}
|
||||
+#endif
|
||||
}
|
||||
|
||||
static inline void gen_bx_excret_final_code(DisasContext *s)
|
38
target-arm-Free-TCG-temps-in-trans_VMOV_.patch
Normal file
38
target-arm-Free-TCG-temps-in-trans_VMOV_.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From: Peter Maydell <peter.maydell@linaro.org>
|
||||
Date: Tue, 27 Aug 2019 13:19:31 +0100
|
||||
Subject: target/arm: Free TCG temps in trans_VMOV_64_sp()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Git-commit: 342d27581bd3ecdb995e4fc55fcd383cf3242888
|
||||
|
||||
The function neon_store_reg32() doesn't free the TCG temp that it
|
||||
is passed, so the caller must do that. We got this right in most
|
||||
places but forgot to free the TCG temps in trans_VMOV_64_sp().
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Message-id: 20190827121931.26836-1-peter.maydell@linaro.org
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
target/arm/translate-vfp.inc.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
|
||||
index 092eb5ec53d944e078f4449c10f1..ef45cecbeac18edb6dffbcad7980 100644
|
||||
--- a/target/arm/translate-vfp.inc.c
|
||||
+++ b/target/arm/translate-vfp.inc.c
|
||||
@@ -881,8 +881,10 @@ static bool trans_VMOV_64_sp(DisasContext *s, arg_VMOV_64_sp *a)
|
||||
/* gpreg to fpreg */
|
||||
tmp = load_reg(s, a->rt);
|
||||
neon_store_reg32(tmp, a->vm);
|
||||
+ tcg_temp_free_i32(tmp);
|
||||
tmp = load_reg(s, a->rt2);
|
||||
neon_store_reg32(tmp, a->vm + 1);
|
||||
+ tcg_temp_free_i32(tmp);
|
||||
}
|
||||
|
||||
return true;
|
@ -50,12 +50,10 @@ initbundle() {
|
||||
# To alter the content of this tarball, lets use git to track these changes, and produce patches which can be included
|
||||
# in the package spec file
|
||||
|
||||
# The following can get things a bit out of the expected order, but I don't think that is really much of a problem, as long as we're guaranteed to patch the superproject before any of it's submodules
|
||||
# !!!! actually the simply submodule status --recursive w/out the additional processing we do for the groking of the bundle files
|
||||
SUBMODULE_COMMIT_IDS=($(git -C ~/git/qemu-opensuse submodule status --recursive|awk '{print $1}'))
|
||||
SUBMODULE_DIRS=($(git -C ~/git/qemu-opensuse submodule status --recursive|awk '{print $2}'))
|
||||
SUBMODULE_COMMIT_IDS=($(git -C ${LOCAL_REPO_MAP[0]} submodule status --recursive|awk '{print $1}'))
|
||||
SUBMODULE_DIRS=($(git -C ${LOCAL_REPO_MAP[0]} submodule status --recursive|awk '{print $2}'))
|
||||
SUBMODULE_COUNT=${#SUBMODULE_COMMIT_IDS[@]}
|
||||
# !!! I should be able to do this with simply math - ie: use (( ... ))
|
||||
# TODO: do this with simply math - ie: use (( ... ))
|
||||
if [[ "$REPO_COUNT" != "$(expr $SUBMODULE_COUNT + 1)" ]]; then
|
||||
echo "ERROR: submodule count doesn't match the REPO_COUNT variable in config.sh file!"
|
||||
exit
|
||||
@ -69,7 +67,7 @@ for (( i=0; i <$SUBMODULE_COUNT; i++ )); do
|
||||
done
|
||||
# also handle the superproject (I need to make this smarter, or change something - works for tag, but not normal commit:
|
||||
|
||||
GIT_UPSTREAM_COMMIT=$(git -C ~/git/qemu-opensuse show-ref -d $GIT_UPSTREAM_COMMIT_ISH|grep -F "^{}"|awk '{print $1}')
|
||||
GIT_UPSTREAM_COMMIT=$(git -C ${LOCAL_REPO_MAP[0]} show-ref -d $GIT_UPSTREAM_COMMIT_ISH|grep -F "^{}"|awk '{print $1}')
|
||||
touch $BUNDLE_DIR/$GIT_UPSTREAM_COMMIT.id
|
||||
|
||||
# Now go through all the submodule local repos that are present and create a bundle file for the patches found there
|
||||
@ -100,11 +98,7 @@ rm -rf $GIT_DIR
|
||||
#==============================================================================
|
||||
|
||||
bundle2local() {
|
||||
rm -rf $GIT_DIR
|
||||
rm -rf $CMP_DIR
|
||||
rm -rf $BUNDLE_DIR
|
||||
rm -f checkpatch.log
|
||||
|
||||
mkdir -p $BUNDLE_DIR
|
||||
tar xJf bundles.tar.xz -C $BUNDLE_DIR
|
||||
BUNDLE_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "bundle$")
|
||||
@ -137,13 +131,12 @@ for entry in ${BUNDLE_FILES[@]}; do
|
||||
git -C $LOCAL_REPO remote add bundlerepo $BUNDLE_DIR/$entry
|
||||
# in next, the head may be FETCH_HEAD or HEAD depending on how we created:
|
||||
git -C $LOCAL_REPO fetch bundlerepo FETCH_HEAD
|
||||
#git -C $LOCAL_REPO fetch bundlerepo HEAD
|
||||
git -C $LOCAL_REPO branch frombundle FETCH_HEAD
|
||||
git -C $LOCAL_REPO remote remove bundlerepo
|
||||
done
|
||||
echo "For each local repo found a branch named frombundle contains the patches from the bundle."
|
||||
echo "Use this as the starting point for making changes to the $GIT_BRANCH, which gets used as"
|
||||
echo "the source when updating the bundle stored with the package."
|
||||
echo "For each local repo found, a branch named frombundle is created containing the"
|
||||
echo "patches from the bundle. Use this as the starting point for making changes to"
|
||||
echo "the $GIT_BRANCH, which is used when updating the bundle stored with the package."
|
||||
rm -rf $BUNDLE_DIR
|
||||
}
|
||||
|
||||
@ -154,7 +147,7 @@ rm -rf $GIT_DIR
|
||||
rm -rf $CMP_DIR
|
||||
rm -rf $BUNDLE_DIR
|
||||
rm -f checkpatch.log
|
||||
rm -rf checkthese
|
||||
rm -f checkthese
|
||||
|
||||
if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then
|
||||
# This is just a safety valve in case the above gets edited wrong:
|
||||
@ -192,15 +185,15 @@ if [ "$OLD_SOURCE_VERSION_AND_EXTRA" = "" ]; then
|
||||
fi
|
||||
|
||||
mkdir -p $BUNDLE_DIR
|
||||
# TODO: (repo file not yet done)
|
||||
# This tarball has git bundles stored in a directory structure which mimics the
|
||||
# submodule locations in the containing git repo. Also at that same dir level
|
||||
# is a file named repo which contains the one line git repo url (with git:// or
|
||||
# http(s) prefix). The bundles are named as follows:
|
||||
# "{path/}{git_sha}.{patch_prefix}.{bundle}", where {path/} isn't present for
|
||||
# "{path/}{git_sha}.{bundle}", where {path/} isn't present for
|
||||
# the top (qemu) bundle (ie it's for submodules).
|
||||
|
||||
tar xJf bundles.tar.xz -C $BUNDLE_DIR
|
||||
# !!! The following may be overkill, since it seems that find does do a depth first, which is all we need
|
||||
BUNDLE_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "bundle$")
|
||||
|
||||
if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then
|
||||
@ -383,7 +376,6 @@ rm -rf $BUNDLE_DIR
|
||||
if [[ "$NUMBERED_PATCHES" = "0" ]]; then
|
||||
for i in [0-9]*.patch; do
|
||||
osc rm --force $i
|
||||
echo "calling osc rm on $i"
|
||||
done
|
||||
# we need to make sure that w/out the numbered prefixes, the patchnames are all unique
|
||||
mkdir checkdir
|
||||
@ -401,9 +393,6 @@ rm -rf $BUNDLE_DIR
|
||||
else
|
||||
CHECK_DIR=$CMP_DIR
|
||||
fi
|
||||
#step 0, and 0.1 are done above - question remains if the numbered case should use check dir
|
||||
|
||||
rm -f checkthese
|
||||
if [ "$FIVE_DIGIT_POTENTIAL" = "0" ]; then
|
||||
CHECK_PREFIX="0"
|
||||
else
|
||||
@ -438,19 +427,16 @@ rm -rf $BUNDLE_DIR
|
||||
else
|
||||
NUMBERED_PATCH_RE="^[[:digit:]]{5}-.*[.]patch$"
|
||||
fi
|
||||
#NEXT is #2 in lgorithm
|
||||
for i in *.patch; do
|
||||
if [[ $i =~ $NUMBERED_PATCH_RE ]]; then
|
||||
if [[ "$NUMBERED_PATCHES" = "1" ]]; then
|
||||
osc rm --force $i
|
||||
echo "calling osc rm on $i"
|
||||
echo " $i" >> qemu.changes.deleted
|
||||
let DELETED_COUNT+=1
|
||||
let TOTAL_COUNT+=1
|
||||
fi
|
||||
else
|
||||
osc rm --force $i
|
||||
echo "calling osc rm on $i"
|
||||
echo " $i" >> qemu.changes.deleted
|
||||
let DELETED_COUNT+=1
|
||||
let TOTAL_COUNT+=1
|
||||
@ -459,15 +445,11 @@ rm -rf $BUNDLE_DIR
|
||||
mv $CHECK_DIR/* .
|
||||
if [ -e qemu.changes.added ]; then
|
||||
xargs osc add < qemu.changes.added
|
||||
echo "calling osc add on:"; cat qemu.changes.added
|
||||
fi
|
||||
|
||||
# NYI do we need this check?
|
||||
if [ ! -e checkpatch.pl ]; then
|
||||
if [[ -e checkthese ]]; then
|
||||
tar Jxf qemu-$SOURCE_VERSION$VERSION_EXTRA.tar.xz \
|
||||
qemu-$SOURCE_VERSION/scripts/checkpatch.pl --strip-components=2
|
||||
fi
|
||||
if [[ -e checkthese ]]; then
|
||||
for i in $(cat checkthese); do
|
||||
./checkpatch.pl --no-tree --terse --no-summary --summary-file \
|
||||
--patch $i >> checkpatch.log || true
|
||||
@ -609,12 +591,11 @@ osc service localrun format_spec_file
|
||||
|
||||
usage() {
|
||||
echo "Usage:"
|
||||
echo "git_update.sh: script to manage package maintenance using a git-based"
|
||||
echo "workflow. Commands are as follows:"
|
||||
echo " git2pkg (update package spec file and patches from git)"
|
||||
echo "bash ./git_update.sh <command>: script to manage package maintenance"
|
||||
echo "using a git-based workflow. Commands are as follows:"
|
||||
echo " git2pkg (update package spec file and patches from git. Is default)"
|
||||
echo " pkg2git (update git (frombundle branch) from the package "bundleofbundles")"
|
||||
echo " refresh (refresh spec file from spec file template and "bundlofbundles")"
|
||||
echo " (default is git2pkg)"
|
||||
}
|
||||
|
||||
#==============================================================================
|
||||
@ -643,7 +624,7 @@ case $1 in
|
||||
echo "SUCCESS"
|
||||
echo "To modify package patches, use the frombundle branch as the basis for updating"
|
||||
echo "the $GIT_BRANCH branch with the new patch queue."
|
||||
echo "Then export the changes back to the package using git2pkg.sh"
|
||||
echo "Then export the changes back to the package using update_git.sh git2pkg"
|
||||
;;
|
||||
refresh )
|
||||
echo "Updating the spec file and patches from the spec file template and the bundle"
|
||||
|
42
vhost-Fix-memory-region-section-comparis.patch
Normal file
42
vhost-Fix-memory-region-section-comparis.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
|
||||
Date: Wed, 14 Aug 2019 18:55:35 +0100
|
||||
Subject: vhost: Fix memory region section comparison
|
||||
|
||||
Git-commit: 3fc4a64cbaed2ddee4c60ddc06740b320e18ab82
|
||||
|
||||
Using memcmp to compare structures wasn't safe,
|
||||
as I found out on ARM when I was getting falce miscompares.
|
||||
|
||||
Use the helper function for comparing the MRSs.
|
||||
|
||||
Fixes: ade6d081fc33948e56e6 ("vhost: Regenerate region list from changed sections list")
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Message-Id: <20190814175535.2023-4-dgilbert@redhat.com>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
hw/virtio/vhost.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
|
||||
index bc899fc60e8bad1651340910c1ca..2ef4bc720f04ddadca3305a73df2 100644
|
||||
--- a/hw/virtio/vhost.c
|
||||
+++ b/hw/virtio/vhost.c
|
||||
@@ -451,8 +451,13 @@ static void vhost_commit(MemoryListener *listener)
|
||||
changed = true;
|
||||
} else {
|
||||
/* Same size, lets check the contents */
|
||||
- changed = n_old_sections && memcmp(dev->mem_sections, old_sections,
|
||||
- n_old_sections * sizeof(old_sections[0])) != 0;
|
||||
+ for (int i = 0; i < n_old_sections; i++) {
|
||||
+ if (!MemoryRegionSection_eq(&old_sections[i],
|
||||
+ &dev->mem_sections[i])) {
|
||||
+ changed = true;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
trace_vhost_commit(dev->started, changed);
|
47
vpc-Return-0-from-vpc_co_create-on-succe.patch
Normal file
47
vpc-Return-0-from-vpc_co_create-on-succe.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From: Max Reitz <mreitz@redhat.com>
|
||||
Date: Mon, 2 Sep 2019 21:33:16 +0200
|
||||
Subject: vpc: Return 0 from vpc_co_create() on success
|
||||
|
||||
Git-commit: 1a37e3124407b5a145d44478d3ecbdb89c63789f
|
||||
|
||||
blockdev_create_run() directly uses .bdrv_co_create()'s return value as
|
||||
the job's return value. Jobs must return 0 on success, not just any
|
||||
nonnegative value. Therefore, using blockdev-create for VPC images may
|
||||
currently fail as the vpc driver may return a positive integer.
|
||||
|
||||
Because there is no point in returning a positive integer anywhere in
|
||||
the block layer (all non-negative integers are generally treated as
|
||||
complete success), we probably do not want to add more such cases.
|
||||
Therefore, fix this problem by making the vpc driver always return 0 in
|
||||
case of success.
|
||||
|
||||
Suggested-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Max Reitz <mreitz@redhat.com>
|
||||
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
---
|
||||
block/vpc.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/block/vpc.c b/block/vpc.c
|
||||
index d4776ee8a5229ff43e8fb4fb6e0f..3a88e28e2be18553ff50a9b5c070 100644
|
||||
--- a/block/vpc.c
|
||||
+++ b/block/vpc.c
|
||||
@@ -885,6 +885,7 @@ static int create_dynamic_disk(BlockBackend *blk, uint8_t *buf,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
+ ret = 0;
|
||||
fail:
|
||||
return ret;
|
||||
}
|
||||
@@ -908,7 +909,7 @@ static int create_fixed_disk(BlockBackend *blk, uint8_t *buf,
|
||||
return ret;
|
||||
}
|
||||
|
||||
- return ret;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
static int calculate_rounded_image_size(BlockdevCreateOptionsVpc *vpc_opts,
|
Loading…
Reference in New Issue
Block a user