SHA256
1
0
forked from pool/qemu

Accepting request 795118 from home:bfrogers:branches:Virtualization

- Include upstream patches targeted for the next stable release
  (bug fixes only)
  spapr-Fix-failure-path-for-attempting-to.patch
  target-i386-do-not-set-unsupported-VMX-s.patch
  target-xtensa-fix-pasto-in-pfwait.r-opco.patch
  tcg-i386-Fix-INDEX_op_dup2_vec.patch
  tcg-mips-mips-sync-encode-error.patch
  vhost-user-gpu-Release-memory-returned-b.patch
  vpc-Don-t-round-up-already-aligned-BAT-s.patch
  xen-block-Fix-double-qlist-remove-and-re.patch
- Fix bug causing weak encryption in PAuth for ARM
  (CVE-2020-10702 bsc#1168681)
  target-arm-Fix-PAuth-sbox-functions.patch
- Fix OOB in tulip NIC emulation (CVE-2020-11102 bsc#1168713
  net-tulip-check-frame-size-and-r-w-data-.patch
- Note that previously included patch addresses CVE-2020-1711
  and bsc#1166240
  iscsi-Cap-block-count-from-GET-LBA-STATU.patch
- Include performance improvement (and related?) patch
  aio-wait-delegate-polling-of-main-AioCon.patch
  async-use-explicit-memory-barriers.patch
- Rework previous patch at Olaf H.'s direction
  hw-i386-disable-smbus-migration-for-xenf.patch
- Eliminate is_opensuse usage in producing seabios version string
  what we are doing here is just replacing the upstream string
  with one indicating that the openSUSE build service built it,
  and so just leave it as "-rebuilt.opensuse.org"
- Alter algorithm used to produce "unique" symbol for coordinating
  qemu with the optional modules it may load. This is a reasonable
  relaxation for broader compatibility
  configure-remove-pkgversion-from-CONFIG_.patch
- Tweak supported.*.txt for latest deprecations, and other fixes
- Tweak update_git.sh, config.sh
- One more fix is needed for: s390x Protected Virtualization support
  - start and control guest in secure mode (bsc#1167075 jsc#SLE-7407)
  s390x-s390-virtio-ccw-Fix-build-on-syste.patch

OBS-URL: https://build.opensuse.org/request/show/795118
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=542
This commit is contained in:
Bruce Rogers 2020-04-17 20:48:15 +00:00 committed by Git OBS Bridge
parent a9015c1f40
commit aa42255b5b
26 changed files with 1389 additions and 905 deletions

View File

@ -0,0 +1,116 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 7 Apr 2020 10:07:45 -0400
Subject: aio-wait: delegate polling of main AioContext if BQL not held
Git-commit: 3c18a92dc4b55ca8cc37a755ed119f11c0f34099
Any thread that is not a iothread returns NULL for qemu_get_current_aio_context().
As a result, it would also return true for
in_aio_context_home_thread(qemu_get_aio_context()), causing
AIO_WAIT_WHILE to invoke aio_poll() directly. This is incorrect
if the BQL is not held, because aio_poll() does not expect to
run concurrently from multiple threads, and it can actually
happen when savevm writes to the vmstate file from the
migration thread.
Therefore, restrict in_aio_context_home_thread to return true
for the main AioContext only if the BQL is held.
The function is moved to aio-wait.h because it is mostly used
there and to avoid a circular reference between main-loop.h
and block/aio.h.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200407140746.8041-5-pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
include/block/aio-wait.h | 22 ++++++++++++++++++++++
include/block/aio.h | 29 ++++++++++-------------------
2 files changed, 32 insertions(+), 19 deletions(-)
diff --git a/include/block/aio-wait.h b/include/block/aio-wait.h
index afeeb18f95ebb593982b5d3f8917..716d2639df708f03e3f29d68315b 100644
--- a/include/block/aio-wait.h
+++ b/include/block/aio-wait.h
@@ -26,6 +26,7 @@
#define QEMU_AIO_WAIT_H
#include "block/aio.h"
+#include "qemu/main-loop.h"
/**
* AioWait:
@@ -124,4 +125,25 @@ void aio_wait_kick(void);
*/
void aio_wait_bh_oneshot(AioContext *ctx, QEMUBHFunc *cb, void *opaque);
+/**
+ * in_aio_context_home_thread:
+ * @ctx: the aio context
+ *
+ * Return whether we are running in the thread that normally runs @ctx. Note
+ * that acquiring/releasing ctx does not affect the outcome, each AioContext
+ * still only has one home thread that is responsible for running it.
+ */
+static inline bool in_aio_context_home_thread(AioContext *ctx)
+{
+ if (ctx == qemu_get_current_aio_context()) {
+ return true;
+ }
+
+ if (ctx == qemu_get_aio_context()) {
+ return qemu_mutex_iothread_locked();
+ } else {
+ return false;
+ }
+}
+
#endif /* QEMU_AIO_WAIT_H */
diff --git a/include/block/aio.h b/include/block/aio.h
index 6b0d52f732b86caef07602281574..9d28e247df7f0d3a556644fcd9d1 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -60,12 +60,16 @@ struct AioContext {
QLIST_HEAD(, AioHandler) aio_handlers;
/* Used to avoid unnecessary event_notifier_set calls in aio_notify;
- * accessed with atomic primitives. If this field is 0, everything
- * (file descriptors, bottom halves, timers) will be re-evaluated
- * before the next blocking poll(), thus the event_notifier_set call
- * can be skipped. If it is non-zero, you may need to wake up a
- * concurrent aio_poll or the glib main event loop, making
- * event_notifier_set necessary.
+ * only written from the AioContext home thread, or under the BQL in
+ * the case of the main AioContext. However, it is read from any
+ * thread so it is still accessed with atomic primitives.
+ *
+ * If this field is 0, everything (file descriptors, bottom halves,
+ * timers) will be re-evaluated before the next blocking poll() or
+ * io_uring wait; therefore, the event_notifier_set call can be
+ * skipped. If it is non-zero, you may need to wake up a concurrent
+ * aio_poll or the glib main event loop, making event_notifier_set
+ * necessary.
*
* Bit 0 is reserved for GSource usage of the AioContext, and is 1
* between a call to aio_ctx_prepare and the next call to aio_ctx_check.
@@ -580,19 +584,6 @@ void aio_co_enter(AioContext *ctx, struct Coroutine *co);
*/
AioContext *qemu_get_current_aio_context(void);
-/**
- * in_aio_context_home_thread:
- * @ctx: the aio context
- *
- * Return whether we are running in the thread that normally runs @ctx. Note
- * that acquiring/releasing ctx does not affect the outcome, each AioContext
- * still only has one home thread that is responsible for running it.
- */
-static inline bool in_aio_context_home_thread(AioContext *ctx)
-{
- return ctx == qemu_get_current_aio_context();
-}
-
/**
* aio_context_setup:
* @ctx: the aio context

View File

@ -0,0 +1,168 @@
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 7 Apr 2020 10:07:46 -0400
Subject: async: use explicit memory barriers
Git-commit: 5710a3e09f9b85801e5ce70797a4a511e5fc9e2c
When using C11 atomics, non-seqcst reads and writes do not participate
in the total order of seqcst operations. In util/async.c and util/aio-posix.c,
in particular, the pattern that we use
write ctx->notify_me write bh->scheduled
read bh->scheduled read ctx->notify_me
if !bh->scheduled, sleep if ctx->notify_me, notify
needs to use seqcst operations for both the write and the read. In
general this is something that we do not want, because there can be
many sources that are polled in addition to bottom halves. The
alternative is to place a seqcst memory barrier between the write
and the read. This also comes with a disadvantage, in that the
memory barrier is implicit on strongly-ordered architectures and
it wastes a few dozen clock cycles.
Fortunately, ctx->notify_me is never written concurrently by two
threads, so we can assert that and relax the writes to ctx->notify_me.
The resulting solution works and performs well on both aarch64 and x86.
Note that the atomic_set/atomic_read combination is not an atomic
read-modify-write, and therefore it is even weaker than C11 ATOMIC_RELAXED;
on x86, ATOMIC_RELAXED compiles to a locked operation.
Analyzed-by: Ying Fang <fangying1@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Ying Fang <fangying1@huawei.com>
Message-Id: <20200407140746.8041-6-pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
util/aio-posix.c | 16 ++++++++++++++--
util/aio-win32.c | 17 ++++++++++++++---
util/async.c | 16 ++++++++++++----
3 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/util/aio-posix.c b/util/aio-posix.c
index a4977f538ef28d56178267a1795c..fe2a46c439fa1505f5f688274566 100644
--- a/util/aio-posix.c
+++ b/util/aio-posix.c
@@ -616,6 +616,11 @@ bool aio_poll(AioContext *ctx, bool blocking)
int64_t timeout;
int64_t start = 0;
+ /*
+ * There cannot be two concurrent aio_poll calls for the same AioContext (or
+ * an aio_poll concurrent with a GSource prepare/check/dispatch callback).
+ * We rely on this below to avoid slow locked accesses to ctx->notify_me.
+ */
assert(in_aio_context_home_thread(ctx));
/* aio_notify can avoid the expensive event_notifier_set if
@@ -626,7 +631,13 @@ bool aio_poll(AioContext *ctx, bool blocking)
* so disable the optimization now.
*/
if (blocking) {
- atomic_add(&ctx->notify_me, 2);
+ atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) + 2);
+ /*
+ * Write ctx->notify_me before computing the timeout
+ * (reading bottom half flags, etc.). Pairs with
+ * smp_mb in aio_notify().
+ */
+ smp_mb();
}
qemu_lockcnt_inc(&ctx->list_lock);
@@ -671,7 +682,8 @@ bool aio_poll(AioContext *ctx, bool blocking)
}
if (blocking) {
- atomic_sub(&ctx->notify_me, 2);
+ /* Finish the poll before clearing the flag. */
+ atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) - 2);
aio_notify_accept(ctx);
}
diff --git a/util/aio-win32.c b/util/aio-win32.c
index a23b9c364db3a764a3e00c6b62e9..729d533faf4d807e0a5388edd2af 100644
--- a/util/aio-win32.c
+++ b/util/aio-win32.c
@@ -321,6 +321,12 @@ bool aio_poll(AioContext *ctx, bool blocking)
int count;
int timeout;
+ /*
+ * There cannot be two concurrent aio_poll calls for the same AioContext (or
+ * an aio_poll concurrent with a GSource prepare/check/dispatch callback).
+ * We rely on this below to avoid slow locked accesses to ctx->notify_me.
+ */
+ assert(in_aio_context_home_thread(ctx));
progress = false;
/* aio_notify can avoid the expensive event_notifier_set if
@@ -331,7 +337,13 @@ bool aio_poll(AioContext *ctx, bool blocking)
* so disable the optimization now.
*/
if (blocking) {
- atomic_add(&ctx->notify_me, 2);
+ atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) + 2);
+ /*
+ * Write ctx->notify_me before computing the timeout
+ * (reading bottom half flags, etc.). Pairs with
+ * smp_mb in aio_notify().
+ */
+ smp_mb();
}
qemu_lockcnt_inc(&ctx->list_lock);
@@ -364,8 +376,7 @@ bool aio_poll(AioContext *ctx, bool blocking)
ret = WaitForMultipleObjects(count, events, FALSE, timeout);
if (blocking) {
assert(first);
- assert(in_aio_context_home_thread(ctx));
- atomic_sub(&ctx->notify_me, 2);
+ atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) - 2);
aio_notify_accept(ctx);
}
diff --git a/util/async.c b/util/async.c
index b1fa5319e5bc7830d50108f91139..c65c58bbc9f57bf1bbdb6acd5fd1 100644
--- a/util/async.c
+++ b/util/async.c
@@ -220,7 +220,14 @@ aio_ctx_prepare(GSource *source, gint *timeout)
{
AioContext *ctx = (AioContext *) source;
- atomic_or(&ctx->notify_me, 1);
+ atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) | 1);
+
+ /*
+ * Write ctx->notify_me before computing the timeout
+ * (reading bottom half flags, etc.). Pairs with
+ * smp_mb in aio_notify().
+ */
+ smp_mb();
/* We assume there is no timeout already supplied */
*timeout = qemu_timeout_ns_to_ms(aio_compute_timeout(ctx));
@@ -238,7 +245,8 @@ aio_ctx_check(GSource *source)
AioContext *ctx = (AioContext *) source;
QEMUBH *bh;
- atomic_and(&ctx->notify_me, ~1);
+ /* Finish computing the timeout before clearing the flag. */
+ atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) & ~1);
aio_notify_accept(ctx);
for (bh = ctx->first_bh; bh; bh = bh->next) {
@@ -343,10 +351,10 @@ LinuxAioState *aio_get_linux_aio(AioContext *ctx)
void aio_notify(AioContext *ctx)
{
/* Write e.g. bh->scheduled before reading ctx->notify_me. Pairs
- * with atomic_or in aio_ctx_prepare or atomic_add in aio_poll.
+ * with smp_mb in aio_ctx_prepare or aio_poll.
*/
smp_mb();
- if (ctx->notify_me) {
+ if (atomic_read(&ctx->notify_me)) {
event_notifier_set(&ctx->notifier);
atomic_mb_set(&ctx->notified, true);
}

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:01029bd0e2cbba3484407c43afb4238a48cc7c66473832fa566be57c0439681e
size 129648
oid sha256:f7fba468b339538a09628a5a0b4521cd094b49037c1c7be7148a8c54330876ba
size 150040

View File

@ -67,6 +67,17 @@ LOCAL_REPO_MAP=(
~/git/qemu-edk2-openssl-pyca-cryptography
)
# TEMPORARY! FOR NOW WE REQUIRE THESE LOCALLY TO DO WORK ON PACKAGE
REQUIRED_LOCAL_REPO_MAP=(
~/git/qemu-opensuse
~/git/qemu-seabios
~/git/qemu-ipxe
~/git/qemu-sgabios
~/git/qemu-keycodemapdb
~/git/qemu-slirp
~/git/qemu-qboot
)
PATCH_PATH_MAP=(
""
"roms/seabios/"

View File

@ -0,0 +1,32 @@
From: Bruce Rogers <brogers@suse.com>
Date: Fri, 17 Apr 2020 13:07:37 -0600
Subject: configure: remove $pkgversion from CONFIG_STAMP input to broaden
compatibility
As part of the effort to close the gap with Leap I think we are fine
removing the $pkgversion component to creating a unique CONFIG_STAMP.
This stamp is only used in creating a unique symbol used in ensuring the
dynamically loaded modules correspond correctly to the loading qemu.
The default inputs to producing this unique symbol are somewhat reasonable
as a generic mechanism, but specific packaging and maintenance practices
might require the default to be modified for best use. This is an example
of that.
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
configure | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index 94984691ab378620ac2e0ae771ca..c68e378776336748b227013a1a3f 100755
--- a/configure
+++ b/configure
@@ -6811,7 +6811,7 @@ fi
if test "$modules" = "yes"; then
# $shacmd can generate a hash started with digit, which the compiler doesn't
# like as an symbol. So prefix it with an underscore
- echo "CONFIG_STAMP=_$( (echo $qemu_version; echo $pkgversion; cat $0) | $shacmd - | cut -f1 -d\ )" >> $config_host_mak
+ echo "CONFIG_STAMP=_$( (echo $qemu_version; cat $0) | $shacmd - | cut -f1 -d\ )" >> $config_host_mak
echo "CONFIG_MODULES=y" >> $config_host_mak
fi
if test "$have_x11" = "yes" && test "$need_x11" = "yes"; then

View File

@ -23,23 +23,21 @@ Adjust 'xenfv' to stay compatible with with 'pc-i440fx-3.1':
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[BR: Adjust implementation to simply call pc_i440fx_3_1_machine_options]
---
hw/i386/pc_piix.c | 5 +++++
1 file changed, 5 insertions(+)
hw/i386/pc_piix.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index d760d3589607daf4997ea76854c4..7bf1021200a3baa06a58fa36c430 100644
index d760d3589607daf4997ea76854c4..000e692d0e5af449270214ea9345 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -1043,6 +1043,11 @@ DEFINE_PC_MACHINE(isapc, "isapc", pc_init_isa,
@@ -1043,6 +1043,8 @@ DEFINE_PC_MACHINE(isapc, "isapc", pc_init_isa,
#ifdef CONFIG_XEN
static void xenfv_machine_options(MachineClass *m)
{
+ /* compat with pc_i440fx_3_1_machine_options */
+ PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
+ pcmc->do_not_add_smb_acpi = true;
+ m->smbus_no_migration_support = true;
+ pcmc->pvh_enabled = false; /* FIXME */
+ pc_i440fx_3_1_machine_options(m);
m->desc = "Xen Fully-virtualized PC";
m->max_cpus = HVM_MAX_VCPUS;
m->default_machine_opts = "accel=xen";

View File

@ -3,6 +3,7 @@ Date: Thu, 23 Jan 2020 12:44:59 +0000
Subject: iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711)
Git-commit: 693fd2acdf14dd86c0bf852610f1c2cca80a74dc
References: bsc#1166240, CVE-2020-1711
When querying an iSCSI server for the provisioning status of blocks (via
GET LBA STATUS), Qemu only validates that the response descriptor zero's

View File

@ -0,0 +1,144 @@
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 24 Mar 2020 22:57:22 +0530
Subject: net: tulip: check frame size and r/w data length
Git-commit: 8ffb7265af64ec81748335ec8f20e7ab542c3850
References: bsc#1168713, CVE-2020-11102
Tulip network driver while copying tx/rx buffers does not check
frame size against r/w data length. This may lead to OOB buffer
access. Add check to avoid it.
Limit iterations over descriptors to avoid potential infinite
loop issue in tulip_xmit_list_update.
Reported-by: Li Qiang <pangpei.lq@antfin.com>
Reported-by: Ziming Zhang <ezrakiez@gmail.com>
Reported-by: Jason Wang <jasowang@redhat.com>
Tested-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/net/tulip.c | 36 +++++++++++++++++++++++++++---------
1 file changed, 27 insertions(+), 9 deletions(-)
diff --git a/hw/net/tulip.c b/hw/net/tulip.c
index f85f54341fab635a4d5756a6c444..1167c1bb07d74783f3fa47b01996 100644
--- a/hw/net/tulip.c
+++ b/hw/net/tulip.c
@@ -170,6 +170,10 @@ static void tulip_copy_rx_bytes(TULIPState *s, struct tulip_descriptor *desc)
} else {
len = s->rx_frame_len;
}
+
+ if (s->rx_frame_len + len > sizeof(s->rx_frame)) {
+ return;
+ }
pci_dma_write(&s->dev, desc->buf_addr1, s->rx_frame +
(s->rx_frame_size - s->rx_frame_len), len);
s->rx_frame_len -= len;
@@ -181,6 +185,10 @@ static void tulip_copy_rx_bytes(TULIPState *s, struct tulip_descriptor *desc)
} else {
len = s->rx_frame_len;
}
+
+ if (s->rx_frame_len + len > sizeof(s->rx_frame)) {
+ return;
+ }
pci_dma_write(&s->dev, desc->buf_addr2, s->rx_frame +
(s->rx_frame_size - s->rx_frame_len), len);
s->rx_frame_len -= len;
@@ -227,7 +235,8 @@ static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size)
trace_tulip_receive(buf, size);
- if (size < 14 || size > 2048 || s->rx_frame_len || tulip_rx_stopped(s)) {
+ if (size < 14 || size > sizeof(s->rx_frame) - 4
+ || s->rx_frame_len || tulip_rx_stopped(s)) {
return 0;
}
@@ -275,7 +284,6 @@ static ssize_t tulip_receive_nc(NetClientState *nc,
return tulip_receive(qemu_get_nic_opaque(nc), buf, size);
}
-
static NetClientInfo net_tulip_info = {
.type = NET_CLIENT_DRIVER_NIC,
.size = sizeof(NICState),
@@ -558,7 +566,7 @@ static void tulip_tx(TULIPState *s, struct tulip_descriptor *desc)
if ((s->csr[6] >> CSR6_OM_SHIFT) & CSR6_OM_MASK) {
/* Internal or external Loopback */
tulip_receive(s, s->tx_frame, s->tx_frame_len);
- } else {
+ } else if (s->tx_frame_len <= sizeof(s->tx_frame)) {
qemu_send_packet(qemu_get_queue(s->nic),
s->tx_frame, s->tx_frame_len);
}
@@ -570,23 +578,31 @@ static void tulip_tx(TULIPState *s, struct tulip_descriptor *desc)
}
}
-static void tulip_copy_tx_buffers(TULIPState *s, struct tulip_descriptor *desc)
+static int tulip_copy_tx_buffers(TULIPState *s, struct tulip_descriptor *desc)
{
int len1 = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK;
int len2 = (desc->control >> TDES1_BUF2_SIZE_SHIFT) & TDES1_BUF2_SIZE_MASK;
+ if (s->tx_frame_len + len1 > sizeof(s->tx_frame)) {
+ return -1;
+ }
if (len1) {
pci_dma_read(&s->dev, desc->buf_addr1,
s->tx_frame + s->tx_frame_len, len1);
s->tx_frame_len += len1;
}
+ if (s->tx_frame_len + len2 > sizeof(s->tx_frame)) {
+ return -1;
+ }
if (len2) {
pci_dma_read(&s->dev, desc->buf_addr2,
s->tx_frame + s->tx_frame_len, len2);
s->tx_frame_len += len2;
}
desc->status = (len1 + len2) ? 0 : 0x7fffffff;
+
+ return 0;
}
static void tulip_setup_filter_addr(TULIPState *s, uint8_t *buf, int n)
@@ -651,13 +667,15 @@ static uint32_t tulip_ts(TULIPState *s)
static void tulip_xmit_list_update(TULIPState *s)
{
+#define TULIP_DESC_MAX 128
+ uint8_t i = 0;
struct tulip_descriptor desc;
if (tulip_ts(s) != CSR5_TS_SUSPENDED) {
return;
}
- for (;;) {
+ for (i = 0; i < TULIP_DESC_MAX; i++) {
tulip_desc_read(s, s->current_tx_desc, &desc);
tulip_dump_tx_descriptor(s, &desc);
@@ -675,10 +693,10 @@ static void tulip_xmit_list_update(TULIPState *s)
s->tx_frame_len = 0;
}
- tulip_copy_tx_buffers(s, &desc);
-
- if (desc.control & TDES1_LS) {
- tulip_tx(s, &desc);
+ if (!tulip_copy_tx_buffers(s, &desc)) {
+ if (desc.control & TDES1_LS) {
+ tulip_tx(s, &desc);
+ }
}
}
tulip_desc_write(s, s->current_tx_desc, &desc);

View File

@ -1,3 +1,47 @@
-------------------------------------------------------------------
Fri Apr 17 19:23:38 UTC 2020 - Bruce Rogers <brogers@suse.com>
- Include upstream patches targeted for the next stable release
(bug fixes only)
spapr-Fix-failure-path-for-attempting-to.patch
target-i386-do-not-set-unsupported-VMX-s.patch
target-xtensa-fix-pasto-in-pfwait.r-opco.patch
tcg-i386-Fix-INDEX_op_dup2_vec.patch
tcg-mips-mips-sync-encode-error.patch
vhost-user-gpu-Release-memory-returned-b.patch
vpc-Don-t-round-up-already-aligned-BAT-s.patch
xen-block-Fix-double-qlist-remove-and-re.patch
- Fix bug causing weak encryption in PAuth for ARM
(CVE-2020-10702 bsc#1168681)
target-arm-Fix-PAuth-sbox-functions.patch
- Fix OOB in tulip NIC emulation (CVE-2020-11102 bsc#1168713
net-tulip-check-frame-size-and-r-w-data-.patch
- Note that previously included patch addresses CVE-2020-1711
and bsc#1166240
iscsi-Cap-block-count-from-GET-LBA-STATU.patch
- Include performance improvement (and related?) patch
aio-wait-delegate-polling-of-main-AioCon.patch
async-use-explicit-memory-barriers.patch
- Rework previous patch at Olaf H.'s direction
hw-i386-disable-smbus-migration-for-xenf.patch
- Eliminate is_opensuse usage in producing seabios version string
what we are doing here is just replacing the upstream string
with one indicating that the openSUSE build service built it,
and so just leave it as "-rebuilt.opensuse.org"
- Alter algorithm used to produce "unique" symbol for coordinating
qemu with the optional modules it may load. This is a reasonable
relaxation for broader compatibility
configure-remove-pkgversion-from-CONFIG_.patch
- Tweak supported.*.txt for latest deprecations, and other fixes
- Tweak update_git.sh, config.sh
-------------------------------------------------------------------
Mon Apr 6 14:29:50 UTC 2020 - Bruce Rogers <brogers@suse.com>
- One more fix is needed for: s390x Protected Virtualization support
- start and control guest in secure mode (bsc#1167075 jsc#SLE-7407)
s390x-s390-virtio-ccw-Fix-build-on-syste.patch
-------------------------------------------------------------------
Thu Mar 26 18:28:03 UTC 2020 - Bruce Rogers <brogers@suse.com>

170
qemu.spec
View File

@ -214,74 +214,88 @@ Patch00083: migration-colo-fix-use-after-free-of-loc.patch
Patch00084: migration-ram-fix-use-after-free-of-loca.patch
Patch00085: qcow2-List-autoclear-bit-names-in-header.patch
Patch00086: sheepdog-Consistently-set-bdrv_has_zero_.patch
Patch00087: XXX-dont-dump-core-on-sigabort.patch
Patch00088: qemu-binfmt-conf-Modify-default-path.patch
Patch00089: qemu-cvs-gettimeofday.patch
Patch00090: qemu-cvs-ioctl_debug.patch
Patch00091: qemu-cvs-ioctl_nodirection.patch
Patch00092: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00093: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00094: linux-user-binfmt-support-host-binaries.patch
Patch00095: linux-user-Fake-proc-cpuinfo.patch
Patch00096: linux-user-use-target_ulong.patch
Patch00097: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00098: linux-user-lseek-explicitly-cast-non-set.patch
Patch00099: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00100: xen_disk-Add-suse-specific-flush-disable.patch
Patch00101: qemu-bridge-helper-reduce-security-profi.patch
Patch00102: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00103: linux-user-properly-test-for-infinite-ti.patch
Patch00104: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00105: Raise-soft-address-space-limit-to-hard-l.patch
Patch00106: increase-x86_64-physical-bits-to-42.patch
Patch00107: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch
Patch00108: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00109: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00110: Switch-order-of-libraries-for-mpath-supp.patch
Patch00111: Make-installed-scripts-explicitly-python.patch
Patch00112: hw-smbios-handle-both-file-formats-regar.patch
Patch00113: xen-add-block-resize-support-for-xen-dis.patch
Patch00114: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00115: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00116: xen-ignore-live-parameter-from-xen-save-.patch
Patch00117: Conditionalize-ui-bitmap-installation-be.patch
Patch00118: tests-change-error-message-in-test-162.patch
Patch00119: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
Patch00120: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
Patch00121: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00122: configure-only-populate-roms-if-softmmu.patch
Patch00123: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00124: roms-change-cross-compiler-naming-to-be-.patch
Patch00125: tests-Disable-some-block-tests-for-now.patch
Patch00126: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00127: roms-Makefile-enable-cross-compile-for-b.patch
Patch00128: hw-i386-disable-smbus-migration-for-xenf.patch
Patch00129: s390x-Don-t-do-a-normal-reset-on-the-ini.patch
Patch00130: s390x-Move-reset-normal-to-shared-reset-.patch
Patch00131: s390x-Move-initial-reset.patch
Patch00132: s390x-Move-clear-reset.patch
Patch00133: s390x-kvm-Make-kvm_sclp_service_call-voi.patch
Patch00134: s390x-ipl-Consolidate-iplb-validity-chec.patch
Patch00135: s390x-Beautify-diag308-handling.patch
Patch00136: s390x-Add-missing-vcpu-reset-functions.patch
Patch00137: pc-bios-s390x-Save-iplb-location-in-lowc.patch
Patch00138: s390-sclp-improve-special-wait-psw-logic.patch
Patch00139: s390x-Move-diagnose-308-subcodes-and-rcs.patch
Patch00140: vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch
Patch00141: Sync-pv.patch
Patch00142: s390x-protvirt-Support-unpack-facility.patch
Patch00143: s390x-protvirt-Add-migration-blocker.patch
Patch00144: s390x-protvirt-Inhibit-balloon-when-swit.patch
Patch00145: s390x-protvirt-KVM-intercept-changes.patch
Patch00146: s390x-Add-SIDA-memory-ops.patch
Patch00147: s390x-protvirt-Move-STSI-data-over-SIDAD.patch
Patch00148: s390x-protvirt-SCLP-interpretation.patch
Patch00149: s390x-protvirt-Set-guest-IPL-PSW.patch
Patch00150: s390x-protvirt-Move-diag-308-data-over-S.patch
Patch00151: s390x-protvirt-Disable-address-checks-fo.patch
Patch00152: s390x-protvirt-Move-IO-control-structure.patch
Patch00153: s390x-protvirt-Handle-SIGP-store-status-.patch
Patch00154: s390x-Add-unpack-facility-feature-to-GA1.patch
Patch00087: target-arm-Fix-PAuth-sbox-functions.patch
Patch00088: tcg-i386-Fix-INDEX_op_dup2_vec.patch
Patch00089: net-tulip-check-frame-size-and-r-w-data-.patch
Patch00090: target-i386-do-not-set-unsupported-VMX-s.patch
Patch00091: spapr-Fix-failure-path-for-attempting-to.patch
Patch00092: xen-block-Fix-double-qlist-remove-and-re.patch
Patch00093: vpc-Don-t-round-up-already-aligned-BAT-s.patch
Patch00094: target-xtensa-fix-pasto-in-pfwait.r-opco.patch
Patch00095: aio-wait-delegate-polling-of-main-AioCon.patch
Patch00096: async-use-explicit-memory-barriers.patch
Patch00097: tcg-mips-mips-sync-encode-error.patch
Patch00098: vhost-user-gpu-Release-memory-returned-b.patch
Patch00099: XXX-dont-dump-core-on-sigabort.patch
Patch00100: qemu-binfmt-conf-Modify-default-path.patch
Patch00101: qemu-cvs-gettimeofday.patch
Patch00102: qemu-cvs-ioctl_debug.patch
Patch00103: qemu-cvs-ioctl_nodirection.patch
Patch00104: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00105: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00106: linux-user-binfmt-support-host-binaries.patch
Patch00107: linux-user-Fake-proc-cpuinfo.patch
Patch00108: linux-user-use-target_ulong.patch
Patch00109: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00110: linux-user-lseek-explicitly-cast-non-set.patch
Patch00111: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00112: xen_disk-Add-suse-specific-flush-disable.patch
Patch00113: qemu-bridge-helper-reduce-security-profi.patch
Patch00114: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00115: linux-user-properly-test-for-infinite-ti.patch
Patch00116: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00117: Raise-soft-address-space-limit-to-hard-l.patch
Patch00118: increase-x86_64-physical-bits-to-42.patch
Patch00119: vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch
Patch00120: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00121: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00122: Switch-order-of-libraries-for-mpath-supp.patch
Patch00123: Make-installed-scripts-explicitly-python.patch
Patch00124: hw-smbios-handle-both-file-formats-regar.patch
Patch00125: xen-add-block-resize-support-for-xen-dis.patch
Patch00126: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00127: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00128: xen-ignore-live-parameter-from-xen-save-.patch
Patch00129: Conditionalize-ui-bitmap-installation-be.patch
Patch00130: tests-change-error-message-in-test-162.patch
Patch00131: hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
Patch00132: hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
Patch00133: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00134: configure-only-populate-roms-if-softmmu.patch
Patch00135: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00136: roms-change-cross-compiler-naming-to-be-.patch
Patch00137: tests-Disable-some-block-tests-for-now.patch
Patch00138: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00139: roms-Makefile-enable-cross-compile-for-b.patch
Patch00140: hw-i386-disable-smbus-migration-for-xenf.patch
Patch00141: s390x-Don-t-do-a-normal-reset-on-the-ini.patch
Patch00142: s390x-Move-reset-normal-to-shared-reset-.patch
Patch00143: s390x-Move-initial-reset.patch
Patch00144: s390x-Move-clear-reset.patch
Patch00145: s390x-kvm-Make-kvm_sclp_service_call-voi.patch
Patch00146: s390x-ipl-Consolidate-iplb-validity-chec.patch
Patch00147: s390x-Beautify-diag308-handling.patch
Patch00148: s390x-Add-missing-vcpu-reset-functions.patch
Patch00149: pc-bios-s390x-Save-iplb-location-in-lowc.patch
Patch00150: s390-sclp-improve-special-wait-psw-logic.patch
Patch00151: s390x-Move-diagnose-308-subcodes-and-rcs.patch
Patch00152: vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch
Patch00153: Sync-pv.patch
Patch00154: s390x-protvirt-Support-unpack-facility.patch
Patch00155: s390x-protvirt-Add-migration-blocker.patch
Patch00156: s390x-protvirt-Inhibit-balloon-when-swit.patch
Patch00157: s390x-protvirt-KVM-intercept-changes.patch
Patch00158: s390x-Add-SIDA-memory-ops.patch
Patch00159: s390x-protvirt-Move-STSI-data-over-SIDAD.patch
Patch00160: s390x-protvirt-SCLP-interpretation.patch
Patch00161: s390x-protvirt-Set-guest-IPL-PSW.patch
Patch00162: s390x-protvirt-Move-diag-308-data-over-S.patch
Patch00163: s390x-protvirt-Disable-address-checks-fo.patch
Patch00164: s390x-protvirt-Move-IO-control-structure.patch
Patch00165: s390x-protvirt-Handle-SIGP-store-status-.patch
Patch00166: s390x-Add-unpack-facility-feature-to-GA1.patch
Patch00167: s390x-s390-virtio-ccw-Fix-build-on-syste.patch
Patch00168: configure-remove-pkgversion-from-CONFIG_.patch
# Patches applied in roms/seabios/:
Patch01000: seabios-use-python2-explicitly-as-needed.patch
Patch01001: seabios-switch-to-python3-as-needed.patch
@ -1152,6 +1166,20 @@ This package provides a service file for starting and stopping KSM.
%patch00152 -p1
%patch00153 -p1
%patch00154 -p1
%patch00155 -p1
%patch00156 -p1
%patch00157 -p1
%patch00158 -p1
%patch00159 -p1
%patch00160 -p1
%patch00161 -p1
%patch00162 -p1
%patch00163 -p1
%patch00164 -p1
%patch00165 -p1
%patch00166 -p1
%patch00167 -p1
%patch00168 -p1
%patch01000 -p1
%patch01001 -p1
%patch01002 -p1
@ -1300,7 +1328,7 @@ mkdir -p %mybuilddir
cd %mybuilddir
%endif
%{_builddir}/%buildsubdir/configure \
../%buildsubdir/configure \
--prefix=%_prefix \
--sysconfdir=%_sysconfdir \
--libdir=%_libdir \
@ -1538,11 +1566,7 @@ export LD=x86_64-suse-linux-ld
%endif
make %{?_smp_mflags} -C %{_builddir}/%buildsubdir/roms bios \
%if 0%{?is_opensuse} == 0
SEABIOS_EXTRAVERSION="-rebuilt.suse.com" \
%else
SEABIOS_EXTRAVERSION="-rebuilt.opensuse.org" \
%endif
%ifnarch %ix86 x86_64
HOSTCC=cc \
%endif

View File

@ -942,7 +942,7 @@ mkdir -p %mybuilddir
cd %mybuilddir
%endif
%{_builddir}/%buildsubdir/configure \
../%buildsubdir/configure \
--prefix=%_prefix \
--sysconfdir=%_sysconfdir \
--libdir=%_libdir \
@ -1180,11 +1180,7 @@ export LD=x86_64-suse-linux-ld
%endif
make %{?_smp_mflags} -C %{_builddir}/%buildsubdir/roms bios \
%if 0%{?is_opensuse} == 0
SEABIOS_EXTRAVERSION="-rebuilt.suse.com" \
%else
SEABIOS_EXTRAVERSION="-rebuilt.opensuse.org" \
%endif
%ifnarch %ix86 x86_64
HOSTCC=cc \
%endif

View File

@ -0,0 +1,129 @@
From: Christian Borntraeger <borntraeger@de.ibm.com>
Date: Mon, 6 Apr 2020 06:01:58 -0400
Subject: s390x/s390-virtio-ccw: Fix build on systems without KVM
References: bsc#1167075
linux/kvm.h is not available on all platforms. Let us move
s390_machine_inject_pv_error into pv.c as it uses KVM structures.
Also rename the function to s390_pv_inject_reset_error.
While at it, ipl.h needs an include for "exec/address-spaces.h"
as it uses address_space_memory.
Fixes: 49fc3220175e ("s390x: protvirt: Support unpack facility")
Reported-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/s390x/ipl.h | 1 +
hw/s390x/pv.c | 11 +++++++++++
hw/s390x/s390-virtio-ccw.c | 12 +-----------
include/hw/s390x/pv.h | 3 +++
4 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
index 89b3044d7a2ee54014daa8eeafc9..53cc9eb5ac4d326b2b61bf1668a8 100644
--- a/hw/s390x/ipl.h
+++ b/hw/s390x/ipl.h
@@ -14,6 +14,7 @@
#define HW_S390_IPL_H
#include "cpu.h"
+#include "exec/address-spaces.h"
#include "hw/qdev-core.h"
struct IPLBlockPVComp {
diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 8cf5cd2c9bcd48b03af1e546fb3a..2c4d5e89890b7d21abdcd718c2f2 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -13,8 +13,10 @@
#include <linux/kvm.h>
+#include "cpu.h"
#include "qemu/error-report.h"
#include "sysemu/kvm.h"
+#include "hw/s390x/ipl.h"
#include "hw/s390x/pv.h"
static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data)
@@ -96,3 +98,12 @@ void s390_pv_unshare(void)
{
s390_pv_cmd_exit(KVM_PV_VM_UNSHARE_ALL, NULL);
}
+
+void s390_pv_inject_reset_error(CPUState *cs)
+{
+ int r1 = (cs->kvm_run->s390_sieic.ipa & 0x00f0) >> 4;
+ CPUS390XState *env = &S390_CPU(cs)->env;
+
+ /* Report that we are unable to enter protected mode */
+ env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
+}
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 85250bf046ed72313b03c6ff6c54..5df455e065504bc0eef0f1f084dc 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -44,7 +44,6 @@
#include "sysemu/sysemu.h"
#include "sysemu/balloon.h"
#include "hw/s390x/pv.h"
-#include <linux/kvm.h>
#include "migration/blocker.h"
static Error *pv_mig_blocker;
@@ -392,15 +391,6 @@ out_err:
return rc;
}
-static void s390_machine_inject_pv_error(CPUState *cs)
-{
- int r1 = (cs->kvm_run->s390_sieic.ipa & 0x00f0) >> 4;
- CPUS390XState *env = &S390_CPU(cs)->env;
-
- /* Report that we are unable to enter protected mode */
- env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
-}
-
static void s390_pv_prepare_reset(S390CcwMachineState *ms)
{
CPUState *cs;
@@ -486,7 +476,7 @@ static void s390_machine_reset(MachineState *machine)
run_on_cpu(cs, s390_do_cpu_reset, RUN_ON_CPU_NULL);
if (s390_machine_protect(ms)) {
- s390_machine_inject_pv_error(cs);
+ s390_pv_inject_reset_error(cs);
/*
* Continue after the diag308 so the guest knows something
* went wrong.
diff --git a/include/hw/s390x/pv.h b/include/hw/s390x/pv.h
index c6cb360f2f6a0a32a37970769e1b..522ca6a04ee877940ff1de9f410b 100644
--- a/include/hw/s390x/pv.h
+++ b/include/hw/s390x/pv.h
@@ -13,6 +13,7 @@
#define HW_S390_PV_H
#ifdef CONFIG_KVM
+#include "cpu.h"
#include "hw/s390x/s390-virtio-ccw.h"
static inline bool s390_is_pv(void)
@@ -41,6 +42,7 @@ int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak);
void s390_pv_perf_clear_reset(void);
int s390_pv_verify(void);
void s390_pv_unshare(void);
+void s390_pv_inject_reset_error(CPUState *cs);
#else /* CONFIG_KVM */
static inline bool s390_is_pv(void) { return false; }
static inline int s390_pv_vm_enable(void) { return 0; }
@@ -50,6 +52,7 @@ static inline int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak) {
static inline void s390_pv_perf_clear_reset(void) {}
static inline int s390_pv_verify(void) { return 0; }
static inline void s390_pv_unshare(void) {}
+static inline void s390_pv_inject_reset_error(CPUState *cs) {};
#endif /* CONFIG_KVM */
#endif /* HW_S390_PV_H */

View File

@ -0,0 +1,33 @@
From: David Gibson <david@gibson.dropbear.id.au>
Date: Thu, 26 Mar 2020 16:12:40 +1100
Subject: spapr: Fix failure path for attempting to hot unplug PCI bridges
Git-commit: 7aab5899764887f6b0512cb2e5c11bdc2a5d3644
For various technical reasons we can't currently allow unplug a PCI to PCI
bridge on the pseries machine. spapr_pci_unplug_request() correctly
generates an error message if that's attempted.
But.. if the given errp is not error_abort or error_fatal, it doesn't
actually stop trying to unplug the bridge anyway.
Fixes: 14e714900f6b "spapr: Allow hot plug/unplug of PCI bridges and devices under PCI bridges"
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/ppc/spapr_pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index f6fbcf99edaaf9844fe669951716..5b544adb4a4d7868cf17d6534e19 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -1663,6 +1663,7 @@ static void spapr_pci_unplug_request(HotplugHandler *plug_handler,
if (pc->is_bridge) {
error_setg(errp, "PCI: Hot unplug of PCI bridges not supported");
+ return;
}
/* ensure any other present functions are pending unplug */

View File

@ -28,7 +28,8 @@ Overview
QEMU is a primary component of KVM based virtualization. The QEMU emulator
binary qemu-system-aarch64 is the program to use to access KVM virtualization.
When using this program, the -machine option accel=kvm (or its alias
-enable-kvm) must be specified for KVM acceleration to be used by the guest.
-enable-kvm) or --accel kvm option must be specified for KVM acceleration to
be used by the guest.
Libvirt is the preferred means of accessing QEMU/KVM functionality and is
documented elsewhere. This document focuses on the features and direct usage
@ -134,6 +135,10 @@ Noteworthy QEMU/KVM Unsupported Features
- GlusterFS integration is not enabled.
- 32 bit ARM KVM has never been supported by SUSE, but it's worth noting that
this capability will cease to even be possible in a near-future QEMU/KVM
(kernel) combination.
Deprecated, Superseded, Modified and Dropped Features
-----------------------------------------------------
@ -163,8 +168,11 @@ Deprecated, Superseded, Modified and Dropped Features
considered deprecated. In the future those names will be standardized to
acpitable, boot, and smp respectively.
- This previously supported command line options is now considered deprecated:
-device scsi-disk (use scsi-hd or scsi-cd)
- These previously supported command line options are now considered deprecated:
-device scsi-disk (use scsi-hd or scsi-cd instead)
-device virtio-blk,scsi= (use virtio-scsi instead)
-device virtio-blk-pci,scsi= (use virtio-scsi instead)
-realtime mlock= (use -overcommit mem-lock- instead)
- These previously supported command line options are no longer supported:
<previously mentioned items have been moved to another category>

View File

@ -2,785 +2,4 @@
SLES 15 SP2 QEMU/KVM RELATED SUPPORT STATEMENTS
Overview
--------
The QEMU based packages included with SLES 15 SP2 provide a large variety of
features, from the very latest customer requests to features of questionable
quality or value. The linux kernel includes components which contribute KVM
virtualization features as well. This document was created to assist the user
in deciding which features can be relied upon to build enterprise class
virtualization solutions. KVM based virtualization for x86 (Intel 64/AMD64),
for IBM System z (s390x), and for the ARM64 architecture (AArch64) are
offered at the L3 (full support) level. The bulk of this document is primarily
Power8 centric. This document should be considered a companion to the standard
virtualization documentation delivered with the product.
KVM is implemented in linux kernel modules which enable the linux kernel to
function as an integral part of the KVM hypervisor. The hypervisor-guest
interaction is managed by QEMU through the /dev/kvm ioctl interface. The linux
host assists in the virtualization of storage, networking and display
resources as well as allowing direct hardware passthrough of PCI and USB
devices. Linux memory and cpu management features are used by QEMU/KVM to
enable guests to share those host resources as efficiently as possible.
The kvm_hv kernel module is required. The kvm_pr kernel module is unsupported.
QEMU is a primary component of KVM based virtualization. The QEMU emulator
binary qemu-system-ppc64 is the program to use to access KVM virtualization.
When using this program, the -machine option accel=kvm (or its alias
-enable-kvm) must be specified for KVM acceleration to be used by the guest.
Libvirt is the preferred means of accessing QEMU/KVM functionality and is
documented elsewhere. This document focuses on the features and direct usage
of QEMU/KVM as provided by the QEMU based packages.
Major QEMU/KVM Supported Features
---------------------------------
- KVM virtualization is accomplished by using the QEMU program in KVM
acceleration mode. KVM acceleration requires that both guest and host have
the same fundamental architecture.
- Guest images created under previous QEMU versions are supported by machine
version compatibilities built into more recent QEMU versions.
- For ease of use, the QEMU program has defaults which represent traditional
usage patterns.
- Guest virtual machine characteristics are specified by a combination of
internal defaults, options provided on the QEMU program command-line, runtime
configurations set via the monitor interfaces and optional config files. The
runtime control of a VM is effected either through the Human Monitor
"Protocol" (HMP), or the JSON based programmatical QEMU Monitor Protocol (QMP)
interface. For QMP details, see qemu-qmp-ref man page.
Since a KVM guest runs in the context of a normal linux process, some types
of execution controls are managed with linux tools.
- QEMU uses SLOF (Slimline Open Firmware) for booting ppc guests, which allow
boot options common to physical systems.Various VGABIOS ROMs, from the SEABIOS
project, are also available.
- Some QEMU messages have been localized to various languages. This is provided
by the optional qemu-lang package. Keyboard mappings for various nationalities
is also provided.
- Virtual machine lifecycle controls include startup through firmware or kernel
boot, firmware based shutdown, execution pausing, the saving and restoring of
machine state or disk state, VM migration to another host, and miscellaneous
controls available through the "monitors" mentioned above.
- Guest execution state may be "moved" in both time (save/restore) and space
(static and live migration). These migrations or save/restore operations can
take place either from certain prior SLES versioned hosts to a SLES 12 SP3
or between hosts of the same version. Certain other restrictions also apply.
- Security considerations include privileged helpers and a security model which
allows running guests as a non-root user.
- QEMU provides best effort reuse of existing disk images, including those with
systems installed, through geometry probing. Also disk images produced by
other popular virtualization technologies may be imported into QEMU supported
storage formats. These QEMU formats include features which exploit the
benefits of virtualization.
- Memory, cpu and disk space overcommit are possible and can be beneficial when
done responsibly. Additional management of these resources comes in the form
of memory ballooning or hotplug, host KSM, vcpu hot-add, online disk resizing,
trim, discard and hole punching.
- Guest performance is enhanced through the use of virtio devices, various disk
caching modes, network acceleration via the vhost-net kernel module, multi-
queue network transmit capabilities, host transparent huge pages (THP) and
direct hugetlb usage. Physical PCI and USB devices may also be passed through
to the guest, including SR-IOV VF's.
- The guest UI is accessable via GTK, VNC, and serial (including curses TUI)
interfaces.
- Guest timekeeping is supported in a variety of ways, including a paravirtual
clocksource, and options for the various guest clocks for how to handle the
timeslicing of the guest's execution on the host.
- In addition to the para-virtualized devices already mentioned, other devices
and infrastructure designed to avoid virtualization "problem areas" are
available such as SPICE graphics, vmmouse emulation, tablet style pointer
interfaces and virtio based UI interfaces.
- A built-in user-mode network (SLIRP) stack is available.
- Portions of the host file system may be shared with a guest by using virtFS.
- A guest "agent" is available for SLES 15 SP2 KVM guests via the
qemu-guest-agent package. This allows some introspection and control of the
guest OS environment from the host.
QEMU/KVM Technology Previews
----------------------------
- All features indicated as not being supported in this document fall under the
Technology Preview definition contained in the main product's release notes.
Noteworthy QEMU/KVM Unsupported Features
----------------------------------------
- Note that some features are unsupported simply due to lack of validation. If
an existing feature is desired, but not marked supported, let SUSE know about
your requirements.
- The TCG "acceleration" mode may be helpful for problem isolation, but
otherwise presents insufficient benefit and stability.
- GlusterFS integration is not enabled.
Deprecated, Superseded, Modified and Dropped Features
-----------------------------------------------------
- http://wiki.qemu-project.org/Features/LegacyRemoval
This website tracks feature deprecation and removal at the upstream
development level. Our qemu package inherits this community direction, but be
aware that we can and will deviate as needed. Those deviations and additional
information can be found in this section. Feature deprecation is also tracked
in Appendix B of the qemu-doc.* files installed with the qemu package.
- The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M",
"-machine" and "-d" is now considered deprecated. Use "help"
instead.
- The use of "if=scsi" as a parameter to "-drive" does not work anymore with PC
machine types, as it created an obsolete SCSI controller model.
- Use of aio=native without direct cache mode also being specified (cache=none,
cache=directsync, or cache.direct=on) is no longer allowed.
- The use of image encryption in qcow and qcow2 formats is now considered
deprecated.
Analysis has shown it to be weak encryption, in addition to suffering from
poor design. Images can easily be converted to a non-encrypted format.
- Use of acpi, boot-opts, and smp-opts in a -readconfig config file are now
considered deprecated. In the future those names will be standardized to
acpitable, boot, and smp respectively.
- This previously supported command line option is now considered deprecated:
-device scsi-disk (use scsi-hd or scsi-cd)
- These previously supported command line options are no longer supported:
<previously mentioned items have been moved to another category>
- These previously supported command line options are no longer recognized:
-balloon (use -device virtio-balloon instead)
-clock
-device ivshmem (use ivshmem-doorbell or ivshmem-plain instead)
-device pc-sysfw (no longer needed)
-device pci-assign, -device kvm-pci-assign (use -device vfio-pci instead)
-display sdl
-no-frame
-nodefconfig (use -no-user-config instead)
-sdl
-virtioconsole (use -device virtconsole instead)
- These previously unsupported command line options are no longer recognized:
-device cmd646-ide
-device macio-newworld
-device macio-oldworld
-device spapr-pci-vfio-host-bridge
- Specifying a cpu feature with both "+feature/-feature" and "feature=on/off"
will now cause a warning. The current behavior for this combination where
"+feature/-feature" wins over "feature=on/off", will be changed going forward
so that "+feature" and "-feature" will be synonyms for "feature=on" and
"feature=off" respectively.
- The previously supported blkdev-add QMP command has been flagged as lacking
and could possibly change syntax in the future.
- These previously unsupported command line options are now deprecated:
-bt
-machine prep (use -machine 40p instead)
-M prep (use -M 40p instead)
- These previously unsupported command line options are no longer recognized:
-device isa-cirrus-vga
-device ramfb
-enable-hax
-tdf
-xen-create
- These previously supported QMPs command are now deprecated:
change (use blockdev-change-medium or change-vnc-password instead)
cpu-add
migrate-set-cache-size (use migrate-set-parameters instead)
migrate_set_downtime (use migrate-set-parameters instead)
migrate_set_speed (use migrate-set-parameters instead)
query-cpus (use query-cpus-fast instead)
query-events
query-migrate-cache-size (use query-migrate-parameters instead)
- These previously supported monitor commands are now deprecated:
change
cpu-add
migrate_set_downtime
migrate_set_speed
- These previously supported monitor commands are no longer recognized:
pci_add (use device_add instead)
pci_del (use device_del instead)
usb_add (use device_add instead)
usb_del (use device_del instead)
- These previously unsupported monitor command are now deprecated:
acl_add ...
acl_policy ...
acl_remove ...
acl_reset ...
acl_show ...
- These previously unsupported monitor commands are no longer recognized:
host_net_add
host_net_remove
- These previously unsupported QMP commands are now supported under a new name:
x-block-dirty-bitmap-disable (use block-dirty-bitmap-disable instead)
x-block-dirty-bitmap-enable (use block-dirty-bitmap-enable instead)
x-block-dirty-bitmap-merge (use block-dirty-bitmap-merge instead)
x-block-latency-histogram-set (use block-latency-histogram-set instead)
x-blockdev-create (use blockdev-create instead)
- This previously unsupported QMP commands is no longer recognized:
x-nbd-server-add-bitmap
- Due to upstream's decision to no longer fully support the qed storage format
going forward (since it really provides no benefit over qcow2 and is now no
longer actively maintained upstream), creating qed storage images is no longer
supported and it is highly discouraged to continue using existing qed images.
They should instead be converted to another supported format.
QEMU Command-Line and Monitor Syntax and Support
------------------------------------------------
- The QEMU program command-line syntax is as follows:
qemu-system-ppc64 [options]
Where 'options' are taken from the options listed below.
The images used with -drive or -cdrom, may be in the raw (no format) or qcow2
storage formats, and may be located in files within the host filesystem,
logical volumes, host physical disks, or network based storage. Read only
media may also be accessed via URL style protocol specifiers.
Note that as a general rule, as new command line options are added which serve
to replace an older option or interface, you are strongly encouraged to adapt
your usage to the new option. The new option is being introduced to provide
better functionality and usability going forward. In some cases existing
problems or even bugs in older interfaces cannot be fixed due to functional
expectations, but are resolved in the newer interface or option.
This advice includes moving to the most recent machine type (eg pseries-4.2
instead of pseries-3.1) if possible.
- The following command line options are supported:
-accel ...
-add-fd ...
-alt-grab
-append ...
-audio-help
-audiodev
-bios ...
-blockdev ...
-boot ...
-cdrom ...
-chardev ..
-cpu host
-ctrl-grab
-d ...
-daemonize
-debugcon ...
-device [VGA|rtl8139|virtio-net-pci|virtio-blk-pci|virtio-balloon-pci|
virtio-9p-pci|usb-hub|usb-ehci|usb-tablet|usb-storage|usb-mouse|
usb-kbd|virtserialport|virtconsole|virtio-serial-pci|i82559er|
virtio-scsi-pci|scsi-cd|scsi-hd|scsi-generic|scsi-disk|scsi-block|
pci-serial|pci-serial-2x|pci-serial-4x|ich9-ahci|usb-host|usb-serial|
usb-wacom-tablet|usb-braille|usb-net|pci-ohci|virtio-rng-pci|i6300esb|
qxl|qxl-vga|pvpanic|vfio-pci|ivshmem-doorbell|ivshmem-plain|
virtio-crypto-pci|virtio-mmio|vhost-vsock-pci|vhost-user-blk|
vhost-user-blk-pci|pci-bridge|megasas-gen2|e1000e|e1000|cirrus-vga|
virtio-vga|vhost-scsi-pci-non-transitional|
vhost-scsi-pci-transitional|vhost-user-blk-pci-non-transitional|
vhost-user-blk-pci-transitional|vhost-user-scsi-pci-non-transitional|
vhost-user-scsi-pci-transitional|vhost-vsock-pci-non-transitional|
vhost-vsock-pci-transitional|virtio-9p-pci-non-transitional|
virtio-9p-pci-transitional|virtio-balloon-pci-non-transitional|
virtio-balloon-pci-transitional|virtio-blk-pci-non-transitional|
virtio-blk-pci-transitional|virtio-input-host-pci-non-transitional|
virtio-input-host-pci-transitional|virtio-net-pci-non-transitional|
virtio-net-pci-transitional|virtio-rng-pci-non-transitional|
virtio-rng-pci-transitional|virtio-scsi-pci-non-transitional|
virtio-scsi-pci-transitional|virtio-serial-pci-non-transitional|
virtio-serial-pci-transitional|vhost-user-fs-pci|vhost-user-gpu|
vhost-user-pci-pci|vhost-user-input|vhost-user-input-pci|
vhost-user-vga|mc146818rtc]
(the following are aliases of these supported devices: ahci|
virtio-blk|virtio-net|virtio-serial|virtio-balloon| virtio-9p|
virtio-input-host|virtio-keyboard|virtio-mouse|virtio-tablet|
virtio-gpu|virtio-scsi|virtio-rng|e1000-82540em)
-dfilter range, ...
-display ...
-drive ... (if specified if=[virtio] and format=[qcow2|raw] and
snapshot=off only)
-echr ...
-enable-fips
-enable-kvm
-fsdev ...
-full-screen
-fw_cfg ...
-gdb ...
-global ...
-h
-help
-incoming ...
-initrd ...
-iscsi ...
-k ...
-kernel ...
-loadvm ...
-m ...
-M [help|?|none|pseries|pseries-2.11|pseries-3.1|pseries-4.2]
-machine [help|?|none|pseries|pseries-2.11|pseries-3.1|pseries-4.2]
-mem-path ...
-mem-prealloc
-mon ...
-monitor ...
-msg ...
-name ...
-net [bridge|l2tpv3|nic|none|tap|user] ... (for model= only e1000, rtl8139,
and virtio are supported)
-netdev [bridge|tap|user] ...
-nic ...
-nodefaults
-nographic
-no-quit
-no-reboot
-no-shutdown
-no-user-config
-object ...
-only-migratable
-parallel ...
-pidfile ...
-plugin ...
-qmp ...
-qmp-pretty ...
-readconfig ...
-realtime ...
-rtc ...
-runas ...
-s
-S
-sandbox ...
-seed ...
-serial ...
-show-cursor
-smbios ...
-smp ...
-tpmdev passthrough ...
-trace ...
-usb
-usbdevice [braile|disk|host|mouse|net|serial|tablet]
-uuid ..
-version
-vga [none|qxl|std|virtio]
-virtfs ...
-vnc ...
-watchdog ...
-watchdog-action ...
-writeconfig ...
- The following monitor commands are supported:
?
announce_self ...
balloon ...
block_resize ...
boot_set ...
c
change ...
chardev-add ...
chardev-remove ...
client_migrate_info ...
closefd ...
cont
cpu ...
cpu-add ...
delvm ...
device_add ...
device_del ...
drive_add ...
drive_backup ...
drive_del ...
dump_guest_memory ...
eject ...
gdbserver ...
gpa2hpa ...
gpa2hva ...
gva2gpa ...
help
i ...
info ...
loadvm ...
logfile ...
logitem ...
mce ...
memsave ...
migrate ...
migrate_cancel
migrate_continue ...
migrate_incoming
migrate_pause
migrate_recover ...
migrate_set_cache_size ...
migrate_set_capability ...
migrate_set_downtime ...
migrate_set_parameter ...
migrate_set_speed ...
migrate_start_post_copy
mouse_button ...
mouse_move ...
mouse_set ...
nmi ...
o ...
object_add ...
object_del ...
p ...
pmemsave ...
print ...
q
qemu-io ...
qom-list
qom-set
ringbuf_read ...
ringbuf_write ...
savevm ...
screendump ...
sendkey ...
snapshot_blkdev_internal ...
snapshot_delete_blkdev_internal ...
stop
sum ...
system_powerdown
system_reset
system_wakeup
trace-event ...
watchdog_action ...
x ...
xp ...
- The following QMP commands are supported:
add_client
add-fd
announce-self
balloon
blockdev-add
blockdev-backup
blockdev-change-medium
blockdev-close-tray
blockdev-create
blockdev-del
blockdev-mirror
blockdev-open-tray
blockdev-snapshot
blockdev-snapshot-delete-internal-sync
blockdev-snapshot-internal-sync
blockdev-snapshot-sync
block-commit
block-dirty-bitmap-add
block-dirty-bitmap-clear
block-dirty-bitmap-disable
block-dirty-bitmap-enable
block-dirty-bitmap-merge
block-dirty-bitmap-remove
block-latency-histogram-set
block_passwd
block_resize
block_set_io_throttle
block-set-write-threshold
block_stream
change
change-vnc-password
chardev-add
chardev-remove
client_migrate_info
closefd
cont
cpu
cpu-add
device_add
device_del
device-list-properties
dump-guest-memory
eject
expire_password
getfd
human-monitor-command
inject-nmi
input-send-event
job-cancel
job-complete
job-dismiss
job-finalize
job-pause
job-resume
memsave
migrate
migrate_cancel
migrate-continue
migrate-incoming
migrate-pause
migrate-resume
migrate-set-cache-size
migrate-set-capabilities
migrate_set_downtime
migrate_set_speed
migrate-set-parameters
migrate-start-postcopy
object-add
object-del
pmemsave
qmp_capabilities
qom-get
qom-list
qom-list-types
qom-set
query-acpi-ospm-status
query-balloon
query-block
query-block-jobs
query-blockstats
query-chardev
query-chardev-backends
query-command-line-options
query-commands
query-cpu-definitions
query-cpu-model-baseline
query-cpu-model-comparison
query-cpu-model-expansion
query-cpus
query-cpus-fast
query-current-machine
query-display-options
query-dump
query-dump-guest-memory-capability
query-events
query-fdsets
query-gic-capabilities
query-hotpluggable-cpus
query-iothreads
query-jobs
query-kvm
query-machines
query-memdev
query-memory-devices
query-memory-size-summary
query-mice
query-migrate
query-migrate-cache-size
query-migrate-capabilities
query-migrate-parameters
query-name
query-named-block-nodes
query-pci
query-pr-managers
query-qmp-schema
query-rocker
query-rocker-of-dpa-flows
query-rocker-of-dpa-groups
query-rocker-ports
query-rx-filter
query-spice
query-status
query-target
query-tpm
query-tpm-models
query-tpm-types
query-uuid
query-version
query-vnc
query-vnc-servers
query-xen-replication-status
quit
remove-fd
ringbuf-read
ringbuf-write
rtc-reset-reinjection
screendump
send-key
set_link
set_password
stop
system_powerdown
system_reset
system_wakeup
trace-event-get-state
trace-event-set-state
transaction
watchdog-set-action
- The following command line options are unsupported:
-acpitable ...
-bt ...
-chroot ...
-cpu ... (all except host)
-curses
-device [adb-keyboard|adb-mouse|adlib|amd-iommu|AMDVI-PCI|ccid-card-emulated|
ccid-card-passthrough|cfi.pflash02|cirrus-vga|cs4231a|
dec-21154-p2p-bridge|dec-21154-sysbus|e1000 e500-ccsr|e500-pcihost|
e500-spin|escc|esp|eTSEC|floppy|generic-sdhci|gus|grackle-pcihost|
host-spapr-cpu-core|hyperv-testdev|i8042|i82374|i82378|ib700|icp|
icp-kvm|ics|icskvm|igd-passthrough-isa-bridge|intel_iommu|
ipmi-bmc-extern|ipmi-bmc-sim|isa-applesmc|isa-debugcon|isa-debug-exit|
isa-fdc|isa-ide|isa-ipmi-bt|isa-ipmi-kcs|isa-m48t59|isa-parallel|
isa-vga|isabus-bridge|kvm-openpic|loader|lsi53c810a|macio-ide|
macio-nvram|mpc8544-guts|mpc8xxx_gpio|ne2k_isa|nvdimm|openpic|pc-dimm|
pc-testdev|pc87312|piix3-ide|piix3-ide|piix3-ide-xen|piix3-usb-uhci|
platform-bus-device|powernv-chip-POWER8|powernv-chip-POWER8E|
powernv-chip-POWER8NVL|powernv-chip-POWER9|powernv-cpu-core-POWER8|
powernv-cpu-core-POWER8E|powernv-cpu-core-POWER8NVL|
powernv-cpu-core-POWER9|ppc4xx-pcihost|prep-systemio|raven-pcihost|
rs6000-mc|sb16|sdhci-pci|sga spapr-nvram|spapr-rng|spapr-rtc|
spapr-tce-table|spapr-vio-bridge|spapr-vlan|spapr-vscsi|spapr-vty|
sysbus-m48t02|sysbus-m48t08|sysbus-m48t59|u3-agp-pcihost|
uni-north-agp-pcihost|uni-north-internal-pci-pcihost|uni-north-pci|
uni-north-pci-pcihost|unimplemented-device|usb-redir|
vfio-pci-igd-lpc-bridge|vfio-pci-nohotplug|vfio-platform|
virtio-crypto-device|vhost-vsock-device|virtconsole|vmgenid|
vmware-svga|xen-backend|xen-pci-passthrough|xen-platform|
xen-pvdevice|xen-sysdev|xlnx.xps-ethernetlite|xlnx.xps-intc|
xlnx.xps-timer|xlnx.xps-uartlite|*-i386-cpu|*-powerpc64-cpu|
*-spapr-cpu-core|*-x86_64-cpu|vmcoreinfo|sii3112|pvrdma|sungem|
ccid-card-emulated|ccid-card-passthru| bochs-display|isa-cirrus-vga|
at24c-eeprom|i2c-ddc|kvaser_pci|m41t80|mioe3680_pci|pcm3680_pci|
ati-vga|cpu-cluster|ds1338|i82801b11-bridge|ib700|ioh3420|mpc-i2c|
pcie-pci-bridge|pcie-root-port|platform-ehci-usb|pnv-lpc-POWER8|
pnv-lpc-POWER9|pnv-occ-POWER8|pnv-occ-POWER9|pnv-psi-POWER8|
pnv-psi-POWER9|pnv-xive|powernv-cpu-quad|spapr-drc-phb|spapr-xive|
vfio-amd-xgbe|vfio-calxeda-xgmac|vmxnet3|x3130-upstream|
xio3130-downstream|xive-end-source|xive-source|xive-tctx|
vhost-user-fs-device|tulip|ati-vga]
(the following are aliases of these unsupported devices: lsi|
piix3-usb-uhci|mac-dbdma|ppc4xx-i2c)
(note that some of these device names represent supported devices and
are used internally, but are not specifyable via -device even though
they appear in the list of devices)
-drive ,if=[scsi|mtd|pflash], snapshot=on, format=[anything besides qcow2 or
raw]
-dtb file
-enable-hax
-enable-sync-profile
-fda/-fdb ...
-g ...
-hda/-hdb/-hdc/-hdd ...
-icount ...
-L ...
-M [40p|bamboo|g3beige|mac99|mpc8544ds|powernv|powernv8|powernv9|ppce500|prep|
pseries-2.1|pseries-2.2|pseries-2.3|pseries-2.4|pseries-2.5|pseries-2.6|
pseries-2.7|pseries-2.8|pseries-2.9|pseries-2.10|pseries-2.12|
pseries-2.12-sxxm|pseries-3.0|pseries-4.0|pseries-4.1|ref405ep|sam460ex|
taihu|virtex-ml507]
-machine [40p|bamboo|g3beige|mac99|mpc8544ds|powernv|powernv8|powernv9|
ppce500|prep|pseries-2.1|pseries-2.2|pseries-2.3|pseries-2.4|
pseries-2.5|pseries-2.6|pseries-2.7|pseries-2.8|pseries-2.10|
pseries-2.12|pseries-2.12-sxxm|pseries-3.0|pseries-4.0|pseries-4.1|
ref405ep|sam460ex|taihu|virtex-ml507]
-mtdblock file
-net [dump|socket|vde] ...
-netdev [dump|hubport|l2tpv3|socket|vde] ...
-no-acpi
-no-fd-bootchk
-no-hpet
-no-kvm
-no-kvm-irqchip
-no-kvm-pit
-no-kvm-pit-reinjection
-numa ...
-option-rom ...
-overcommit ...
-pflash file
-portrait
-preconfig
-prom-env ...
-qtest ...
-qtest-log ...
-rotate
-sd file
-sdl
-set ...
-singlestep
-snapshot
-soundhw ...
-spice
-tb-size ...
-tpmdev emulator ...
-vga [cg3|tcx|virtio|cirrus|xenfb]
-win2k-hack
-xen-attach ...
-xen-domid ...
- The following monitor commands are unsupported:
acl_add ...
acl_policy ...
acl_remove ...
acl_reset ...
acl_show ...
block_job_cancel ...
block_job_complete ...
block_job_pause ...
block_job_resume ...
block_job_set_speed ...
block_passwd ...
commit ...
drive_mirror ...
expire_password ...
hostfwd_add ...
hostfwd_remove ...
nbd_server_add ...
nbd server_start ...
nbd_server_stop ...
netdev_add
netdev_del ...
pcie_aer_inject_error ...
set_link ...
set_password ...
singlestep ...
snapshot_blkdev ...
stopcapture ...
sync-profile ...
wavcapture ...
x_colo_lost_heartbeat
- The following QMP commands are unsupported:
block-job-cancel
block-job-complete
block-job-pause
block-job-resume
block-job-set-speed
change-backing-file
drive-backup
drive-mirror
exit_preconfig
dump-skeys
netdev_add
netdev_del
nbd-server-add
nbd-server-start
nbd-server-stop
query-colo-status
query-sev
query-sev-launch-measure
x-blockdev-change
x-blockdev-insert-medium
x-blockdev-remove-medium
x-blockdev-reopen
x-colo-lost-heartbeat
x-exit-preconfig
x-debug-block-dirty-bitmap-sha256
x-debug-query-block-graph
xen-colo-do-checkpoint
xen-load-devices-state
xen-save-devices-state
xen-set-global-dirty-log
xen-set-replication
QEMU/KVM on ppc is not supported.

View File

@ -29,8 +29,8 @@ Overview
program is available for continuity with pre SLES 12 usage, including in
libvirt domain xml references. The QEMU emulator binary qemu-system-s390x is
now the primary program to use to access KVM virtualization. When using this
program, the -machine option accel=kvm (or its alias -enable-kvm) must be
specified for KVM acceleration to be used by the guest.
program, the -machine option accel=kvm (or its alias -enable-kvm) or --accel
kvm option must be specified for KVM acceleration to be used by the guest.
Libvirt is the preferred means of accessing QEMU/KVM functionality and is
documented elsewhere. This document focuses on the features and direct usage
@ -164,8 +164,10 @@ Deprecated, Superseded, Modified and Dropped Features
considered deprecated. In the future those names will be standardized to
acpitable, boot, and smp respectively.
- These previously supported command line options are now considered deprecated:
<none>
- This previously supported command line option is now considered deprecated:
-device virtio-blk,scsi= (use virtio-scsi instead)
-device virtio-blk-pci,scsi= (use virtio-scsi instead)
-realtime mlock= (use -overcommit mem-lock= instead)
- These previously supported command line options are no longer supported:
<previously mentioned items have been moved to another category>

View File

@ -30,9 +30,10 @@ Overview
libvirt domain xml references. The QEMU emulator binaries qemu-system-x86_64
and qemu-system-i386 (x86 host) are now the primary programs to use to access
KVM virtualization. When using these programs, the -machine option accel=kvm
(or its alias -enable-kvm) must be specified for KVM acceleration to be
used by the guest. Although Xen uses QEMU for virtualization as well, this
document does not identify Xen supported features.
(or its alias -enable-kvm), or --accel kvm option must be specified for KVM
acceleration to be used by the guest. Although Xen uses QEMU for
virtualization as well, this document does not identify Xen supported
features.
Libvirt is the preferred means of accessing QEMU/KVM functionality and is
documented elsewhere. This document focuses on the features and direct usage
@ -208,8 +209,11 @@ Deprecated, Superseded, Modified and Dropped Features
deprecated.
- These previously supported command line options are now considered deprecated:
-device ide-drive (use ide-hd or ide-cd)
-device scsi-disk (use scsi-hd or scsi-cd)
-device ide-drive (use ide-hd or ide-cd instead)
-device scsi-disk (use scsi-hd or scsi-cd instead)
-device virtio-blk,scsi= (use virtio-scsi instead)
-device virtio-blk-pci,scsi= (use virtio-scsi instead)
-realtime mlock= (use -overcommit mem-lock= instead)
- These previously supported command line options are no longer supported:
<previously mentioned items have been moved to another category>

View File

@ -0,0 +1,48 @@
From: Vincent Dehors <vincent.dehors@smile.fr>
Date: Thu, 23 Jan 2020 15:22:38 +0000
Subject: target/arm: Fix PAuth sbox functions
Git-commit: de0b1bae6461f67243282555475f88b2384a1eb9
References: bsc#1168681, CVE-2020-10702
In the PAC computation, sbox was applied over wrong bits.
As this is a 4-bit sbox, bit index should be incremented by 4 instead of 16.
Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf) was
used to verify one computation of the pauth_computepac() function which
uses sbox2.
Launchpad: https://bugs.launchpad.net/bugs/1859713
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Vincent DEHORS <vincent.dehors@smile.fr>
Signed-off-by: Adrien GRASSEIN <adrien.grassein@smile.fr>
Message-id: 20200116230809.19078-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/arm/pauth_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c
index d3194f20437b717ec1cc13a1003e..0a5f41e10c5f03d85a727b2b7c42 100644
--- a/target/arm/pauth_helper.c
+++ b/target/arm/pauth_helper.c
@@ -89,7 +89,7 @@ static uint64_t pac_sub(uint64_t i)
uint64_t o = 0;
int b;
- for (b = 0; b < 64; b += 16) {
+ for (b = 0; b < 64; b += 4) {
o |= (uint64_t)sub[(i >> b) & 0xf] << b;
}
return o;
@@ -104,7 +104,7 @@ static uint64_t pac_inv_sub(uint64_t i)
uint64_t o = 0;
int b;
- for (b = 0; b < 64; b += 16) {
+ for (b = 0; b < 64; b += 4) {
o |= (uint64_t)inv_sub[(i >> b) & 0xf] << b;
}
return o;

View File

@ -0,0 +1,100 @@
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Tue, 31 Mar 2020 18:27:52 +0200
Subject: target/i386: do not set unsupported VMX secondary execution controls
Git-commit: 4a910e1f6ab4155ec8b24c49b2585cc486916985
Commit 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for
secondary execution controls") added a workaround for KVM pre-dating
commit 6defc591846d ("KVM: nVMX: include conditional controls in /dev/kvm
KVM_GET_MSRS") which wasn't setting certain available controls. The
workaround uses generic CPUID feature bits to set missing VMX controls.
It was found that in some cases it is possible to observe hosts which
have certain CPUID features but lack the corresponding VMX control.
In particular, it was reported that Azure VMs have RDSEED but lack
VMX_SECONDARY_EXEC_RDSEED_EXITING; attempts to enable this feature
bit result in QEMU abort.
Resolve the issue but not applying the workaround when we don't have
to. As there is no good way to find out if KVM has the fix itself, use
95c5c7c77c ("KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST") instead
as these [are supposed to] come together.
Fixes: 048c95163b4 ("target/i386: work around KVM_GET_MSRS bug for secondary execution controls")
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20200331162752.1209928-1-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/i386/kvm.c | 41 ++++++++++++++++++++++++++---------------
1 file changed, 26 insertions(+), 15 deletions(-)
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index b8ea67a644c802358826a840bdf1..91cd4976e262ad6bbb83206114b3 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -105,6 +105,7 @@ static bool has_msr_smi_count;
static bool has_msr_arch_capabs;
static bool has_msr_core_capabs;
static bool has_msr_vmx_vmfunc;
+static bool has_msr_vmx_procbased_ctls2;
static uint32_t has_architectural_pmu_version;
static uint32_t num_architectural_pmu_gp_counters;
@@ -489,21 +490,28 @@ uint64_t kvm_arch_get_supported_msr_feature(KVMState *s, uint32_t index)
value = msr_data.entries[0].data;
switch (index) {
case MSR_IA32_VMX_PROCBASED_CTLS2:
- /* KVM forgot to add these bits for some time, do this ourselves. */
- if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & CPUID_XSAVE_XSAVES) {
- value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32;
- }
- if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & CPUID_EXT_RDRAND) {
- value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32;
- }
- if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_INVPCID) {
- value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32;
- }
- if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_RDSEED) {
- value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32;
- }
- if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & CPUID_EXT2_RDTSCP) {
- value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32;
+ if (!has_msr_vmx_procbased_ctls2) {
+ /* KVM forgot to add these bits for some time, do this ourselves. */
+ if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) &
+ CPUID_XSAVE_XSAVES) {
+ value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32;
+ }
+ if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) &
+ CPUID_EXT_RDRAND) {
+ value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32;
+ }
+ if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) &
+ CPUID_7_0_EBX_INVPCID) {
+ value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32;
+ }
+ if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) &
+ CPUID_7_0_EBX_RDSEED) {
+ value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32;
+ }
+ if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) &
+ CPUID_EXT2_RDTSCP) {
+ value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32;
+ }
}
/* fall through */
case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
@@ -2056,6 +2064,9 @@ static int kvm_get_supported_msrs(KVMState *s)
case MSR_IA32_VMX_VMFUNC:
has_msr_vmx_vmfunc = true;
break;
+ case MSR_IA32_VMX_PROCBASED_CTLS2:
+ has_msr_vmx_procbased_ctls2 = true;
+ break;
}
}
}

View File

@ -0,0 +1,28 @@
From: Max Filippov <jcmvbkbc@gmail.com>
Date: Wed, 26 Feb 2020 12:43:52 -0800
Subject: target/xtensa: fix pasto in pfwait.r opcode name
Git-commit: 1a03362b14affa4d8ddede55df6e21d7a07b87c2
Core xtensa opcode table has pfwait.o instead of pfwait.r. Fix that.
Fixes: c884400f2988 ("target/xtensa: implement block prefetch option opcodes")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
target/xtensa/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index a99f5296e2f4f1d01fd21cfb3fd0..2ec0e5a047ed0e9b9c0926518649 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -3740,7 +3740,7 @@ static const XtensaOpcodeOps core_ops[] = {
.name = "pfwait.a",
.translate = translate_nop,
}, {
- .name = "pfwait.o",
+ .name = "pfwait.r",
.translate = translate_nop,
}, {
.name = "pitlb",

View File

@ -0,0 +1,37 @@
From: Richard Henderson <richard.henderson@linaro.org>
Date: Sat, 28 Mar 2020 18:16:10 -0700
Subject: tcg/i386: Fix INDEX_op_dup2_vec
Git-commit: e20cb81d9c5a3d0f9c08f3642728a210a1c162c9
We were only constructing the 64-bit element, and not
replicating the 64-bit element across the rest of the vector.
Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
tcg/i386/tcg-target.inc.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/tcg/i386/tcg-target.inc.c b/tcg/i386/tcg-target.inc.c
index 9d8ed974e011152d2df4cba613ad..77b78c941c5afcd065a8e153dca7 100644
--- a/tcg/i386/tcg-target.inc.c
+++ b/tcg/i386/tcg-target.inc.c
@@ -2855,9 +2855,13 @@ static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
goto gen_simd;
#if TCG_TARGET_REG_BITS == 32
case INDEX_op_dup2_vec:
- /* Constraints have already placed both 32-bit inputs in xmm regs. */
- insn = OPC_PUNPCKLDQ;
- goto gen_simd;
+ /* First merge the two 32-bit inputs to a single 64-bit element. */
+ tcg_out_vex_modrm(s, OPC_PUNPCKLDQ, a0, a1, a2);
+ /* Then replicate the 64-bit elements across the rest of the vector. */
+ if (type != TCG_TYPE_V64) {
+ tcg_out_dup_vec(s, type, MO_64, a0, a0);
+ }
+ break;
#endif
case INDEX_op_abs_vec:
insn = abs_insn[vece];

View File

@ -0,0 +1,49 @@
From: lixinyu <precinct@mail.ustc.edu.cn>
Date: Sat, 11 Apr 2020 20:46:12 +0800
Subject: tcg/mips: mips sync* encode error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: a4e57084c16d5b0eff3651693fba04f26b30b551
OPC_SYNC_WMB, OPC_SYNC_MB, OPC_SYNC_ACQUIRE, OPC_SYNC_RELEASE and
OPC_SYNC_RMB have wrong encode. According to the mips manual,
their encode should be 'OPC_SYNC | 0x?? << 6' rather than
'OPC_SYNC | 0x?? << 5'. Wrong encode can lead illegal instruction
errors. These instructions often appear with multi-threaded
simulation.
Fixes: 6f0b99104a3 ("tcg/mips: Add support for fence")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: lixinyu <precinct@mail.ustc.edu.cn>
Message-Id: <20200411124612.12560-1-precinct@mail.ustc.edu.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
tcg/mips/tcg-target.inc.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tcg/mips/tcg-target.inc.c b/tcg/mips/tcg-target.inc.c
index 544216704526a4bd24dce51ade83..006835348fe5c5818d89b0806ba3 100644
--- a/tcg/mips/tcg-target.inc.c
+++ b/tcg/mips/tcg-target.inc.c
@@ -404,11 +404,11 @@ typedef enum {
/* MIPS r6 introduced names for weaker variants of SYNC. These are
backward compatible to previous architecture revisions. */
- OPC_SYNC_WMB = OPC_SYNC | 0x04 << 5,
- OPC_SYNC_MB = OPC_SYNC | 0x10 << 5,
- OPC_SYNC_ACQUIRE = OPC_SYNC | 0x11 << 5,
- OPC_SYNC_RELEASE = OPC_SYNC | 0x12 << 5,
- OPC_SYNC_RMB = OPC_SYNC | 0x13 << 5,
+ OPC_SYNC_WMB = OPC_SYNC | 0x04 << 6,
+ OPC_SYNC_MB = OPC_SYNC | 0x10 << 6,
+ OPC_SYNC_ACQUIRE = OPC_SYNC | 0x11 << 6,
+ OPC_SYNC_RELEASE = OPC_SYNC | 0x12 << 6,
+ OPC_SYNC_RMB = OPC_SYNC | 0x13 << 6,
/* Aliases for convenience. */
ALIAS_PADD = sizeof(void *) == 4 ? OPC_ADDU : OPC_DADDU,

View File

@ -1,4 +1,8 @@
#!/bin/bash
#POKEALL used to document where ALL repos are POKED
#POKEALL? question what repos are actually poked here
#TEMP_CHECK - try to eliminate
# !! FIX AFTER RUN - LEAVING REPO NOT IN GOOD STATE
# update_git.sh: script to manage package maintenance using a git-based
# workflow. Commands are as follows:
@ -64,16 +68,6 @@ fi
#==============================================================================
TEMP_CHECK() {
# TEMPORARY! FOR NOW WE REQUIRE THESE LOCALLY TO DO WORK ON PACKAGE
REQUIRED_LOCAL_REPO_MAP=(
~/git/qemu-opensuse
~/git/qemu-seabios
~/git/qemu-ipxe
~/git/qemu-sgabios
~/git/qemu-skiboot
~/git/qemu-keycodemapdb
~/git/qemu-qboot
)
# Validate that all the local repos that we currently have patches in are available
# TEMPORARY REQUIREMENT!
@ -129,22 +123,25 @@ touch $BUNDLE_DIR/$GIT_UPSTREAM_COMMIT.id
# Now go through all the submodule local repos that are present and create a bundle file for the patches found there
for (( i=0; i <$REPO_COUNT; i++ )); do
#POKEALL (conditional on whether it IS there)
if [[ -e $(readlink -f ${LOCAL_REPO_MAP[$i]}) ]]; then
SUBDIR=${PATCH_PATH_MAP[$i]}
GITREPO_COMMIT_ISH=($BUNDLE_DIR/$SUBDIR*.id)
if [[ $GITREPO_COMMIT_ISH =~ .*(.{40})[.]id ]]; then
GITREPO_COMMIT_ISH=${BASH_REMATCH[1]}
echo "Using $GITREPO_COMMIT_ISH"
PATCH_RANGE_INDEX=$i
mkdir -p $GIT_DIR/$SUBDIR
git -C $GIT_DIR/$SUBDIR init
#POKEALL
git -C $GIT_DIR/$SUBDIR remote add origin file://$(readlink -f \
${LOCAL_REPO_MAP[$PATCH_RANGE_INDEX]})
git -C $(readlink -f ${LOCAL_REPO_MAP[$PATCH_RANGE_INDEX]}) remote get-url origin >$BUNDLE_DIR/$SUBDIR/repo
${LOCAL_REPO_MAP[$i]})
if [[ $(git -C $GIT_DIR/$SUBDIR ls-remote --heads origin $GIT_BRANCH) ]]; then
git -C $GIT_DIR/$SUBDIR fetch origin $GIT_BRANCH
if [[ $(git -C $GIT_DIR/$SUBDIR rev-list $GITREPO_COMMIT_ISH..FETCH_HEAD) ]]; then
git -C $GIT_DIR/$SUBDIR bundle create $BUNDLE_DIR/$SUBDIR$GITREPO_COMMIT_ISH.bundle $GITREPO_COMMIT_ISH..FETCH_HEAD
#TODO: post-process repo info to avoid un-needed diffs (eg git vs https)
#POKEALL
git -C $(readlink -f ${LOCAL_REPO_MAP[$i]}) remote get-url origin >$BUNDLE_DIR/$SUBDIR/repo
fi
fi
fi
@ -180,12 +177,12 @@ for entry in ${BUNDLE_FILES[@]}; do
fi
for (( i=0; i <$REPO_COUNT; i++ )); do
if [[ "$SUBDIR" = "${PATCH_PATH_MAP[$i]}" ]]; then
PATCH_RANGE_INDEX=$i
break
fi
done
LOCAL_REPO=$(readlink -f ${LOCAL_REPO_MAP[$PATCH_RANGE_INDEX]})
#POKEALL ?
LOCAL_REPO=$(readlink -f ${LOCAL_REPO_MAP[$i]})
if [ -e $LOCAL_REPO ]; then
git -C $LOCAL_REPO remote remove bundlerepo || true
# git won't let you delete a branch we're on - so get onto master temporarily (TODO: is there a better approach?)
@ -283,6 +280,7 @@ mkdir -p $BUNDLE_DIR
tar xJf bundles.tar.xz -C $BUNDLE_DIR
# Now go through all the submodule local repos that are present and create a bundle file for the patches found there
for (( i=0; i <$REPO_COUNT; i++ )); do
#POKEALL
if [[ -e $(readlink -f ${LOCAL_REPO_MAP[$i]}) ]]; then
if $(git -C ${LOCAL_REPO_MAP[$i]} branch | grep -F "frombundle" >/dev/null); then
SUBDIR=${PATCH_PATH_MAP[$i]}
@ -334,15 +332,19 @@ for entry in ${BUNDLE_FILES[@]}; do
fi
for (( i=0; i <$REPO_COUNT; i++ )); do
if [[ "$SUBDIR" = "${PATCH_PATH_MAP[$i]}" ]]; then
PATCH_RANGE_INDEX=$i
break
fi
done
if [[ $i = $REPO_COUNT ]]; then
echo "Error matching bundle dir to project submodule path"
exit
fi
mkdir -p $GIT_DIR/$SUBDIR
git -C $GIT_DIR/$SUBDIR init
#POKEALL?
git -C $GIT_DIR/$SUBDIR remote add origin file://$(readlink -f \
${LOCAL_REPO_MAP[$PATCH_RANGE_INDEX]})
${LOCAL_REPO_MAP[$i]})
git -C $GIT_DIR/$SUBDIR fetch origin $GIT_BRANCH
git -C $GIT_DIR/$SUBDIR reset --hard $GITREPO_COMMIT_ISH
git -C $GIT_DIR/$SUBDIR remote add bundle $BUNDLE_DIR/$entry
@ -350,7 +352,7 @@ for entry in ${BUNDLE_FILES[@]}; do
git -C $GIT_DIR/$SUBDIR format-patch -N --suffix= --no-renames -o $CMP_DIR -k --stat=72 \
--indent-heuristic --zero-commit --no-signature --full-index \
--src-prefix=a/$SUBDIR --dst-prefix=b/$SUBDIR \
--start-number=$(expr $PATCH_RANGE_INDEX \* $PATCH_RANGE) \
--start-number=$(expr $i \* $PATCH_RANGE) \
$GITREPO_COMMIT_ISH..FETCH_HEAD > /dev/null
done
@ -584,6 +586,10 @@ rm -rf $BUNDLE_DIR
if [ -e qemu.changes.added ]; then
rm -f qemu.changes.added
fi
# Decide if there is a better way to handle the no change case:
if [[ "0" = "$(expr $CHANGED_COUNT + $DELETED_COUNT + $ADDED_COUNT)" ]]; then
osc revert bundles.tar.xz
fi
echo "git patch summary"
echo " unchanged: $UNCHANGED_COUNT"
echo " changed: $CHANGED_COUNT"
@ -611,9 +617,27 @@ echo "(See script for details on doing 'LATEST' workflow)"
#==============================================================================
explain_setup() {
echo "Currently we require local git repos at these locations:"
echo "${REQUIRED_LOCAL_REPO_MAP[@]}"
echo "Where each has as it's remote the uri: https://github.com/opensuse/*.git"
echo "and where * is replaced by the qemu-whatever, and the remote is named origin"
echo "and the qemu or qemu submodule repos as remotes named upstream"
}
#==============================================================================
#?? Should we be LATEST or not specific here?
if [[ ! -e $(readlink -f ${LOCAL_REPO_MAP[0]}) ]]; then
echo "ERROR: Main local QEMU related git repo not found. Please follow these setup instructions:"
explain_setup
exit
fi
echo "WARNING: Script using local git repos. Some operations may be time consuming..."
#TODO: Most of these checks are not necessary
for (( i=0; i <$REPO_COUNT; i++ )); do
#POKEALL
if [[ -e $(readlink -f ${LOCAL_REPO_MAP[$i]}) ]]; then
if [[ -d ${LOCAL_REPO_MAP[$i]}/.git/rebase-merge || \
-d ${LOCAL_REPO_MAP[$i]}/.git/rebase-apply ]]; then
@ -660,6 +684,7 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then
fi
fi
fi
#POKEALL
for (( i=0; i <$REPO_COUNT; i++ )); do
if [[ -e $(readlink -f ${LOCAL_REPO_MAP[$i]}) ]]; then
git -C ${LOCAL_REPO_MAP[$i]} remote update upstream &> /dev/null
@ -692,13 +717,13 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then
WRITE_LOG=0
echo "Processing LATEST upstream changes"
echo "(If SUCCESS is not printed upon completion, see /tmp/latest.log for issues)"
TEMP_CHECK
TEMP_CHECK # DOING LATEST
if [[ $QEMU_TARBALL =~ $BASE_RE$EXTRA_RE$SUFFIX_RE ]]; then
OLD_COMMIT_ISH=${BASH_REMATCH[3]}
else
#Assume release (or release candidate) tarball with equivalent tag:
OLD_COMMIT_ISH=$(cd ${LOCAL_REPO_MAP[0]} && git rev-list --abbrev-commit \
--abbrev=9 -1 v$OLD_SOURCE_VERSION_AND_EXTRA)
--abbrev=8 -1 v$OLD_SOURCE_VERSION_AND_EXTRA)
fi
if [ ${#QEMU_TARBALL_SIG[@]} -ne 0 ]; then
echo "INFO: Ignoring signature file: $QEMU_TARBALL_SIG"
@ -737,10 +762,18 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then
echo "SUCCESS"
tail -9 /tmp/latest.log
else # not LATEST
if [ ! "$GIT_UPSTREAM_COMMIT_ISH" = "v$OLD_SOURCE_VERSION_AND_EXTRA" ]; then
echo "Tarball name (which we decode) doesn't correspond to the \$GIT_UPSTREAM_COMMIT_ISH in config.sh"
exit
fi
git -C ${LOCAL_REPO_MAP[0]} checkout $GIT_UPSTREAM_COMMIT_ISH --recurse-submodules -f &> /dev/null
NEW_COMMIT_ISH=
SOURCE_VERSION=$OLD_SOURCE_VERSION_AND_EXTRA
QEMU_VERSION=$(tar JxfO qemu-$SOURCE_VERSION$VERSION_EXTRA.tar.xz qemu-$SOURCE_VERSION/VERSION)
if [ ! "$QEMU_VERSION" = "$OLD_SOURCE_VERSION_AND_EXTRA" ]; then
echo "Tarball name (which we decode) doesn't correspond to the VERSION file contained therein"
exit
fi
MAJOR_VERSION=$(echo $QEMU_VERSION|awk -F. '{print $1}')
MINOR_VERSION=$(echo $QEMU_VERSION|awk -F. '{print $2}')
GIT_BRANCH=opensuse-$MAJOR_VERSION.$MINOR_VERSION
@ -755,7 +788,7 @@ else # not LATEST
git2pkg )
echo "Updating the package using the $GIT_BRANCH branch of the local repos."
echo "(If SUCCESS is not printed upon completion, see /tmp/git2pkg.log for issues)"
TEMP_CHECK
TEMP_CHECK #NOT LATEST
initbundle &> /tmp/git2pkg.log
bundle2spec &>> /tmp/git2pkg.log
echo "SUCCESS"
@ -764,7 +797,7 @@ else # not LATEST
pkg2git )
echo "Exporting the package's git bundles to the local repo's frombundle branches..."
echo "(If SUCCESS is not printed upon completion, see /tmp/pkg2git.log for issues)"
TEMP_CHECK
TEMP_CHECK #NOT LATEST
bundle2local &> /tmp/pkg2git.log
echo "SUCCESS"
echo "To modify package patches, use the frombundle branch as the basis for updating"
@ -775,7 +808,7 @@ else # not LATEST
echo "Updating the spec file and patches from the spec file template and the bundle"
echo "of bundles (bundles.tar.xz)"
echo "(If SUCCESS is not printed upon completion, see /tmp/refresh.log for issues)"
TEMP_CHECK
TEMP_CHECK #NOT LATEST
bundle2spec &> /tmp/refresh.log
echo "SUCCESS"
tail -9 /tmp/refresh.log

View File

@ -0,0 +1,58 @@
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Mon, 23 Mar 2020 12:29:41 +0100
Subject: vhost-user-gpu: Release memory returned by vu_queue_pop() with free()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 4ff97121a3ee631971aadc87e3d4e7fb66f15aa8
vu_queue_pop() returns memory that must be freed with free().
Cc: qemu-stable@nongnu.org
Reported-by: Coverity (CID 1421887 ALLOC_FREE_MISMATCH)
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
contrib/vhost-user-gpu/main.c | 4 ++--
contrib/vhost-user-gpu/virgl.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/contrib/vhost-user-gpu/main.c b/contrib/vhost-user-gpu/main.c
index b45d2019b46bdfac64b59d5702ae..a019d0a9acea61a7629f1c74c79a 100644
--- a/contrib/vhost-user-gpu/main.c
+++ b/contrib/vhost-user-gpu/main.c
@@ -848,7 +848,7 @@ vg_handle_ctrl(VuDev *dev, int qidx)
QTAILQ_INSERT_TAIL(&vg->fenceq, cmd, next);
vg->inflight++;
} else {
- g_free(cmd);
+ free(cmd);
}
}
}
@@ -939,7 +939,7 @@ vg_handle_cursor(VuDev *dev, int qidx)
}
vu_queue_push(dev, vq, elem, 0);
vu_queue_notify(dev, vq);
- g_free(elem);
+ free(elem);
}
}
diff --git a/contrib/vhost-user-gpu/virgl.c b/contrib/vhost-user-gpu/virgl.c
index 43413e29df9d46739c09d2d501df..b0bc22c3c13db0e8b0b450dac19d 100644
--- a/contrib/vhost-user-gpu/virgl.c
+++ b/contrib/vhost-user-gpu/virgl.c
@@ -519,7 +519,7 @@ virgl_write_fence(void *opaque, uint32_t fence)
g_debug("FENCE %" PRIu64, cmd->cmd_hdr.fence_id);
vg_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA);
QTAILQ_REMOVE(&g->fenceq, cmd, next);
- g_free(cmd);
+ free(cmd);
g->inflight--;
}
}

View File

@ -0,0 +1,47 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 2 Apr 2020 11:36:03 +0200
Subject: vpc: Don't round up already aligned BAT sizes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 3f6de653b946fe849330208becf79d6af7e876cb
As reported on Launchpad, Azure apparently doesn't accept images for
upload that are not both aligned to 1 MB blocks and have a BAT size that
matches the image size exactly.
As far as I can tell, there is no real reason why we create a BAT that
is one entry longer than necessary for aligned image sizes, so change
that.
(Even though the condition is only mentioned as "should" in the spec and
previous products accepted larger BATs - but we'll try to maintain
compatibility with as many of Microsoft's ever-changing interpretations
of the VHD spec as possible.)
Fixes: https://bugs.launchpad.net/bugs/1870098
Reported-by: Tobias Witek
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200402093603.2369-1-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
block/vpc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/vpc.c b/block/vpc.c
index a65550298e195af52c51a31d1f9f..21b08033a6ab56115c6258b7ef3c 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -835,7 +835,7 @@ static int create_dynamic_disk(BlockBackend *blk, uint8_t *buf,
/* Write the footer (twice: at the beginning and at the end) */
block_size = 0x200000;
- num_bat_entries = (total_sectors + block_size / 512) / (block_size / 512);
+ num_bat_entries = DIV_ROUND_UP(total_sectors, block_size / 512);
ret = blk_pwrite(blk, offset, buf, HEADER_SIZE, 0);
if (ret < 0) {

View File

@ -0,0 +1,155 @@
From: Anthony PERARD <anthony.perard@citrix.com>
Date: Mon, 6 Apr 2020 15:02:17 +0100
Subject: xen-block: Fix double qlist remove and request leak
Git-commit: 36d883ba0de8a281072ded2b51e0a711fd002139
Commit a31ca6801c02 ("qemu/queue.h: clear linked list pointers on
remove") revealed that a request was removed twice from a list, once
in xen_block_finish_request() and a second time in
xen_block_release_request() when both function are called from
xen_block_complete_aio(). But also, the `requests_inflight' counter is
decreased twice, and thus became negative.
This is a bug that was introduced in bfd0d6366043 ("xen-block: improve
response latency"), where a `finished' list was removed.
That commit also introduced a leak of request in xen_block_do_aio().
That function calls xen_block_finish_request() but the request is
never released after that.
To fix both issue, we do two changes:
- we squash finish_request() and release_request() together as we want
to remove a request from 'inflight' list to add it to 'freelist'.
- before releasing a request, we need to let the other end know the
result, thus we should call xen_block_send_response() before
releasing a request.
The first change fixes the double QLIST_REMOVE() as we remove the extra
call. The second change makes the leak go away because if we want to
call finish_request(), we need to call a function that does all of
finish, send response, and release.
Fixes: bfd0d6366043 ("xen-block: improve response latency")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200406140217.1441858-1-anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
[mreitz: Amended commit message as per Paul's suggestions]
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/block/dataplane/xen-block.c | 48 ++++++++++++----------------------
1 file changed, 16 insertions(+), 32 deletions(-)
diff --git a/hw/block/dataplane/xen-block.c b/hw/block/dataplane/xen-block.c
index 3b9caeb2fa00a1f4eb338fca7a89..c4ed2870ecd779bf40eb4f3eded3 100644
--- a/hw/block/dataplane/xen-block.c
+++ b/hw/block/dataplane/xen-block.c
@@ -64,6 +64,8 @@ struct XenBlockDataPlane {
AioContext *ctx;
};
+static int xen_block_send_response(XenBlockRequest *request);
+
static void reset_request(XenBlockRequest *request)
{
memset(&request->req, 0, sizeof(request->req));
@@ -115,23 +117,26 @@ out:
return request;
}
-static void xen_block_finish_request(XenBlockRequest *request)
+static void xen_block_complete_request(XenBlockRequest *request)
{
XenBlockDataPlane *dataplane = request->dataplane;
- QLIST_REMOVE(request, list);
- dataplane->requests_inflight--;
-}
+ if (xen_block_send_response(request)) {
+ Error *local_err = NULL;
-static void xen_block_release_request(XenBlockRequest *request)
-{
- XenBlockDataPlane *dataplane = request->dataplane;
+ xen_device_notify_event_channel(dataplane->xendev,
+ dataplane->event_channel,
+ &local_err);
+ if (local_err) {
+ error_report_err(local_err);
+ }
+ }
QLIST_REMOVE(request, list);
+ dataplane->requests_inflight--;
reset_request(request);
request->dataplane = dataplane;
QLIST_INSERT_HEAD(&dataplane->freelist, request, list);
- dataplane->requests_inflight--;
}
/*
@@ -246,7 +251,6 @@ static int xen_block_copy_request(XenBlockRequest *request)
}
static int xen_block_do_aio(XenBlockRequest *request);
-static int xen_block_send_response(XenBlockRequest *request);
static void xen_block_complete_aio(void *opaque, int ret)
{
@@ -286,7 +290,6 @@ static void xen_block_complete_aio(void *opaque, int ret)
}
request->status = request->aio_errors ? BLKIF_RSP_ERROR : BLKIF_RSP_OKAY;
- xen_block_finish_request(request);
switch (request->req.operation) {
case BLKIF_OP_WRITE:
@@ -306,17 +309,8 @@ static void xen_block_complete_aio(void *opaque, int ret)
default:
break;
}
- if (xen_block_send_response(request)) {
- Error *local_err = NULL;
- xen_device_notify_event_channel(dataplane->xendev,
- dataplane->event_channel,
- &local_err);
- if (local_err) {
- error_report_err(local_err);
- }
- }
- xen_block_release_request(request);
+ xen_block_complete_request(request);
if (dataplane->more_work) {
qemu_bh_schedule(dataplane->bh);
@@ -420,8 +414,8 @@ static int xen_block_do_aio(XenBlockRequest *request)
return 0;
err:
- xen_block_finish_request(request);
request->status = BLKIF_RSP_ERROR;
+ xen_block_complete_request(request);
return -1;
}
@@ -575,17 +569,7 @@ static bool xen_block_handle_requests(XenBlockDataPlane *dataplane)
break;
};
- if (xen_block_send_response(request)) {
- Error *local_err = NULL;
-
- xen_device_notify_event_channel(dataplane->xendev,
- dataplane->event_channel,
- &local_err);
- if (local_err) {
- error_report_err(local_err);
- }
- }
- xen_block_release_request(request);
+ xen_block_complete_request(request);
continue;
}