QEMU is a FAST! processor emulator
CentOS Sources
2017-08-01 61982199be0fd7ef93affe3a47e6395142185453
import qemu-kvm-1.5.3-141.el7
53 files added
54 files modified
6872 ■■■■■ changed files
.gitignore 1 ●●●● patch | view | raw | blame | history
.qemu-kvm.metadata 1 ●●●● patch | view | raw | blame | history
SOURCES/kvm-Do-not-hang-on-full-PTY.patch 40 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-Fix-memory-slot-page-alignment-logic-bug-1455745.patch 61 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-HMP-Fix-documentation-of-__com.redhat.drive_add.patch 71 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-HMP-Fix-user-manual-typo-of-__com.redhat_qxl_screend.patch 42 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-blkdebug-Add-bdrv_truncate.patch 63 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-block-gluster-add-support-for-selecting-debug-loggin.patch 202 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-char-change-qemu_chr_fe_add_watch-to-return-unsigned.patch 22 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-char-serial-Fix-emptyness-check.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-char-serial-Fix-emptyness-handling.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-char-serial-Use-generic-Fifo8.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-char-serial-cosmetic-fixes.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-char-serial-fix-copy-paste-error-fifo8_is_full-vs-em.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-char-serial-serial_ioport_write-Factor-out-common-co.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-add-option-to-disable-blitter.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch 6 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-fix-blit-address-mask-handling.patch 6 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-fix-cirrus_invalidate_region.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch 6 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-fix-patterncopy-checks.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch 6 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch 47 ●●●● patch | view | raw | blame | history
SOURCES/kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch 6 ●●●● patch | view | raw | blame | history
SOURCES/kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch 6 ●●●● patch | view | raw | blame | history
SOURCES/kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch 6 ●●●● patch | view | raw | blame | history
SOURCES/kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-gluster-Correctly-propagate-errors-when-volume-isn-t.patch 75 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-gluster-correctly-propagate-errors.patch 111 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-hw-i386-regenerate-checked-in-AML-payload-RHEL-only.patch 10 ●●●● patch | view | raw | blame | history
SOURCES/kvm-i386-kvmvapic-initialise-imm32-variable.patch 46 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-ide-fix-halted-IO-segfault-at-reset.patch 16 ●●●● patch | view | raw | blame | history
SOURCES/kvm-iotests-Filter-for-Killed-in-qemu-io-output.patch 44 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-iotests-Fix-test-039.patch 116 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-memory-Allow-access-only-upto-the-maximum-alignment-.patch 169 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-nbd-Fix-regression-on-resiliency-to-port-scan.patch 18 ●●●● patch | view | raw | blame | history
SOURCES/kvm-nbd-Fully-initialize-client-in-case-of-failed-negoti.patch 18 ●●●● patch | view | raw | blame | history
SOURCES/kvm-net-check-packet-payload-length.patch 6 ●●●● patch | view | raw | blame | history
SOURCES/kvm-qcow2-Don-t-rely-on-free_cluster_index-in-alloc_ref2.patch 86 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-qemu-char-ignore-flow-control-if-a-PTY-s-slave-is-no.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-qemu-io-Add-sigraise-command.patch 98 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-qemu-iotests-Disable-030-040-041.patch 53 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-qemu-iotests-Filter-out-actual-image-size-in-067.patch 93 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-qemu-iotests-Fix-core-dump-suppression-in-test-039.patch 141 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-qxl-Only-emit-QXL_INTERRUPT_CLIENT_MONITORS_CONFIG-o.patch 125 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-change-retry-logic-to-avoid-concurrency.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-check-if-backed-by-a-physical-serial-port-at-.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-clean-up-THRE-TEMT-handling.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-fixing-vmstate-for-save-restore.patch 355 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-make-tsr_retry-unsigned.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-only-resample-THR-interrupt-on-rising-edge-of.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-poll-the-serial-console-with-G_IO_HUP.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-reinstate-watch-after-migration.patch 72 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-remove-watch-on-reset.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-reset-thri_pending-on-IER-writes-with-THRI-0.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-separate-serial_xmit-and-serial_watch_cb.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-simplify-tsr_retry-reset.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-serial-update-LSR-on-enabling-disabling-FIFOs.patch 14 ●●●● patch | view | raw | blame | history
SOURCES/kvm-spice-fix-spice_chr_add_watch-pre-condition.patch 33 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-spice-remove-spice-experimental.h-include.patch 58 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-spice-replace-use-of-deprecated-API.patch 179 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-Define-TCG_-_FEATURES-earlier-in-cpu.c.patch 171 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-Filter-FEAT_7_0_EBX-TCG-features-too.patch 56 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-Filter-KVM-and-0xC0000001-features-on-TC.patch 57 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-Loop-based-copying-and-setting-unsetting.patch 112 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-Loop-based-feature-word-filtering-in-TCG.patch 127 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-Make-TCG-feature-filtering-more-readable.patch 69 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-add-Ivy-Bridge-CPU-model.patch 73 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-get-set-migrate-XSAVES-state.patch 170 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-kvm_check_features_against_host-Kill-fea.patch 114 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-kvm_cpu_fill_host-Fill-feature-words-in-.patch 70 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-kvm_cpu_fill_host-Kill-unused-code.patch 46 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-CPU-v.patch 62 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-level.patch 66 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-kvm_cpu_fill_host-No-need-to-check-xleve.patch 68 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-target-i386-kvm_cpu_fill_host-Set-all-feature-words-.patch 82 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-ui-vnc-derive-cmp_bytes-from-VNC_DIRTY_PIXELS_PER_BI.patch 47 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-ui-vnc-fix-potential-memory-corruption-issues.patch 407 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-ui-vnc-fix-vmware-VGA-incompatiblities.patch 94 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-ui-vnc-introduce-VNC_DIRTY_PIXELS_PER_BIT-macro.patch 203 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-ui-vnc-optimize-dirty-bitmap-tracking.patch 287 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-ui-vnc-optimize-setting-in-vnc_dpy_update.patch 71 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-usb-ccid-add-check-message-size-checks.patch 64 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-usb-ccid-better-bulk_out-error-handling.patch 175 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-usb-ccid-check-ccid-apdu-length.patch 48 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-usb-ccid-move-header-size-check.patch 64 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-vhdx-Fix-zero-fill-iov-length.patch 57 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-virtio-add-virtqueue_rewind.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-virtio-balloon-fix-stats-vq-migration.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-virtio-blk-Release-s-rq-queue-at-system_reset.patch 18 ●●●● patch | view | raw | blame | history
SOURCES/kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-virtio-introduce-virtqueue_discard.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-virtio-introduce-virtqueue_unmap_sg.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-virtio-zero-vq-inuse-in-virtio_reset.patch 4 ●●●● patch | view | raw | blame | history
SOURCES/kvm-vl-Don-t-silently-change-topology-when-all-smp-optio.patch 57 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-vnc-fix-memory-corruption-CVE-2015-5225.patch 93 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-vnc-fix-overflow-in-vnc_update_stats.patch 56 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-x86-add-AVX512_4VNNIW-and-AVX512_4FMAPS-features.patch 174 ●●●●● patch | view | raw | blame | history
SOURCES/kvm-x86-add-AVX512_VPOPCNTDQ-features.patch 63 ●●●●● patch | view | raw | blame | history
SPECS/qemu-kvm.spec 657 ●●●● patch | view | raw | blame | history
.gitignore
@@ -5,3 +5,4 @@
SOURCES/rhel6-pcnet.rom
SOURCES/rhel6-rtl8139.rom
SOURCES/rhel6-virtio.rom
SOURCES/sample_images.tar
.qemu-kvm.metadata
@@ -5,3 +5,4 @@
f5ddbc9701698bc4adc5e98c63ad438c3b8e8510 SOURCES/rhel6-pcnet.rom
ca79836ccce0ffbf25aac4687a3aa64bf281a3c1 SOURCES/rhel6-rtl8139.rom
82eda3fb78a792745e46bcbbea8290cc444ae6bf SOURCES/rhel6-virtio.rom
598e252c89da31924fbd9a6734fd15e4e97b67d8 SOURCES/sample_images.tar
SOURCES/kvm-Do-not-hang-on-full-PTY.patch
New file
@@ -0,0 +1,40 @@
From 40f55392d0bbe867547e5705c2be21d65924b024 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 9 Jun 2017 11:43:57 +0200
Subject: [PATCH 2/6] Do not hang on full PTY
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20170609114359.13036-2-pbonzini@redhat.com>
Patchwork-id: 75565
O-Subject: [RHEL7.4 qemu-kvm PATCH v2 1/3] Do not hang on full PTY
Bugzilla: 1452067
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
From: Don Slutz <dslutz@verizon.com>
Signed-off-by: Don Slutz <dslutz@verizon.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit fac6688a18574b6f2caa8c699a936e729ed53ece)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 qemu-char.c | 1 +
 1 file changed, 1 insertion(+)
diff --git a/qemu-char.c b/qemu-char.c
index 5edca0a..08b2301 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -1182,6 +1182,7 @@ static CharDriverState *qemu_chr_open_pty(const char *id,
     }
     close(slave_fd);
+    qemu_set_nonblock(master_fd);
     chr = g_malloc0(sizeof(CharDriverState));
--
1.8.3.1
SOURCES/kvm-Fix-memory-slot-page-alignment-logic-bug-1455745.patch
New file
@@ -0,0 +1,61 @@
From be6123e0eadd895a9fa47005df38c4dce655236c Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 6 Jun 2017 17:08:19 +0200
Subject: [PATCH 1/6] kvm: Fix memory slot page alignment logic (bug#1455745)
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20170606170819.18875-1-pbonzini@redhat.com>
Patchwork-id: 75507
O-Subject: [RHEL7.4 qemu-kvm PATCH] kvm: Fix memory slot page alignment logic (bug#1455745)
Bugzilla: 1455745
RH-Acked-by: Alex Williamson <alex.williamson@redhat.com>
RH-Acked-by: Marcel Apfelbaum <marcel@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
From: Alexander Graf <agraf@suse.de>
Brew build: 13356300
Memory slots have to be page aligned to get entered into KVM. There
is existing logic that tries to ensure that we pad memory slots that
are not page aligned to the biggest region that would still fit in the
alignment requirements.
Unfortunately, that logic is broken. It tries to calculate the start
offset based on the region size.
Fix up the logic to do the thing it was intended to do and document it
properly in the comment above it.
With this patch applied, I can successfully run an e500 guest with more
than 3GB RAM (at which point RAM starts overlapping subpage memory regions).
[Paolo: in RHEL's case, the issue was reported with assigned devices]
Cc: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit f2a64032a14c642d0ddc9a7a846fc3d737deede5)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 kvm-all.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kvm-all.c b/kvm-all.c
index fc6e3ab..9486b9a 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -621,8 +621,10 @@ static void kvm_set_phys_mem(MemoryRegionSection *section, bool add)
     unsigned delta;
     /* kvm works in page size chunks, but the function may be called
-       with sub-page size and unaligned start address. */
-    delta = TARGET_PAGE_ALIGN(size) - size;
+       with sub-page size and unaligned start address. Pad the start
+       address to next and truncate size to previous page boundary. */
+    delta = (TARGET_PAGE_SIZE - (start_addr & ~TARGET_PAGE_MASK));
+    delta &= ~TARGET_PAGE_MASK;
     if (delta > size) {
         return;
     }
--
1.8.3.1
SOURCES/kvm-HMP-Fix-documentation-of-__com.redhat.drive_add.patch
New file
@@ -0,0 +1,71 @@
From cb8c7690048946dd298371876093997f07785269 Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@redhat.com>
Date: Tue, 7 Feb 2017 14:56:10 +0100
Subject: [PATCH 11/11] HMP: Fix documentation of __com.redhat.drive_add
RH-Author: Markus Armbruster <armbru@redhat.com>
Message-id: <1486479370-24026-3-git-send-email-armbru@redhat.com>
Patchwork-id: 73592
O-Subject: [RHEL-7.4 qemu-kvm PATCH 2/2] HMP: Fix documentation of __com.redhat.drive_add
Bugzilla: 1419898
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
It's similar to -drive if=none, not -device if=none.  Screwed up in
RHEL-6.0 commit 545d0d8, forward-ported to RHEL-7.0 in commit c18bb50.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 hmp-commands.hx | 4 ++--
 qmp-commands.hx | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/hmp-commands.hx b/hmp-commands.hx
index a8ba626..5356c4c 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1105,7 +1105,7 @@ ETEXI
         .name       = RFQDN_REDHAT "drive_add",
         .args_type  = "simple-drive:O",
         .params     = "id=name,[file=file][,format=f][,media=d]...",
-        .help       = "Create a drive similar to -device if=none.",
+        .help       = "Create a drive similar to -drive if=none.",
     .user_print = monitor_user_noop,
         .mhandler.cmd_new = simple_drive_add,
     },
@@ -1113,7 +1113,7 @@ ETEXI
 STEXI
 @item __com.redhat_drive_add
 @findex __com.redhat_drive_add
-Create a drive similar to -device if=none.
+Create a drive similar to -drive if=none.
 ETEXI
 #if defined(TARGET_I386) && 0 /* Disabled for Red Hat Enterprise Linux */
diff --git a/qmp-commands.hx b/qmp-commands.hx
index 9522c44..4a89c24 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -110,7 +110,7 @@ EQMP
         .name       = RFQDN_REDHAT "drive_add",
         .args_type  = "simple-drive:O",
         .params     = "id=name,[file=file][,format=f][,media=d]...",
-        .help       = "Create a drive similar to -device if=none.",
+        .help       = "Create a drive similar to -drive if=none.",
     .user_print = monitor_user_noop,
         .mhandler.cmd_new = simple_drive_add,
     },
@@ -119,7 +119,7 @@ SQMP
 __com.redhat_drive_add
 ----------------------
-Create a drive similar to -device if=none.
+Create a drive similar to -drive if=none.
 Arguments:
--
1.8.3.1
SOURCES/kvm-HMP-Fix-user-manual-typo-of-__com.redhat_qxl_screend.patch
New file
@@ -0,0 +1,42 @@
From ae12e1158b6a27d94070f95f36879ce2f0da604c Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@redhat.com>
Date: Tue, 7 Feb 2017 14:56:09 +0100
Subject: [PATCH 10/11] HMP: Fix user manual typo of
 __com.redhat_qxl_screendump
RH-Author: Markus Armbruster <armbru@redhat.com>
Message-id: <1486479370-24026-2-git-send-email-armbru@redhat.com>
Patchwork-id: 73590
O-Subject: [RHEL-7.4 qemu-kvm PATCH 1/2] HMP: Fix user manual typo of __com.redhat_qxl_screendump
Bugzilla: 1419898
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
Fat-fingered in RHEL-6.2 commit 1c6074d, forward ported to RHEL-7.0 in
commit faf00a8.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 hmp-commands.hx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hmp-commands.hx b/hmp-commands.hx
index dd528d2..a8ba626 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -264,8 +264,8 @@ ETEXI
     },
 STEXI
-@item __com.redhat_screendump @var{id} @var{filename}
-@findex __com.redhat_screendump
+@item __com.redhat_qxl_screendump @var{id} @var{filename}
+@findex __com.redhat_qxl_screendump
 Save screen from qxl device @var{id} into PPM image @var{filename}.
 ETEXI
--
1.8.3.1
SOURCES/kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch
@@ -1,4 +1,4 @@
From 1cd1297bf694c0a91d75a87b4fd22c2b80807b49 Mon Sep 17 00:00:00 2001
From abfd9c2acaf70c60ec70807ba4d021ade69c7b79 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 10 Feb 2017 08:30:14 +0100
Subject: [PATCH 2/3] Revert "cirrus: allow zero source pitch in pattern fill
@@ -8,7 +8,7 @@
Message-id: <1486715415-3462-3-git-send-email-kraxel@redhat.com>
Patchwork-id: 73774
O-Subject: [virt-devel] [RHEL-7.4 qemu-kvm PATCH 2/3] Revert "cirrus: allow zero source pitch in pattern fill rops"
Bugzilla: 1420490
Bugzilla: 1420492
CVE: CVE-2017-2620/20170221
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
SOURCES/kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch
@@ -1,4 +1,4 @@
From 75255574498fad12727529c4ecbd4ccdabe86839 Mon Sep 17 00:00:00 2001
From 1f177df6a47fb1e2961067a50e005efad52595cc Mon Sep 17 00:00:00 2001
From: Ladi Prosek <lprosek@redhat.com>
Date: Wed, 5 Oct 2016 17:22:26 +0200
Subject: [PATCH 4/8] balloon: fix segfault and harden the stats queue
@@ -7,7 +7,7 @@
Message-id: <1475666548-9186-5-git-send-email-lprosek@redhat.com>
Patchwork-id: 72483
O-Subject: [RHEL-7.4 qemu-kvm v2 PATCH 4/6] balloon: fix segfault and harden the stats queue
Bugzilla: 1393484
Bugzilla: 1377968
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
SOURCES/kvm-blkdebug-Add-bdrv_truncate.patch
New file
@@ -0,0 +1,63 @@
From 6c316a417a80fcf892935c51eb01c0e273561b32 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Mon, 13 Mar 2017 17:47:04 +0100
Subject: [PATCH 16/24] blkdebug: Add bdrv_truncate()
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20170313174706.29316-1-mreitz@redhat.com>
Patchwork-id: 74278
O-Subject: [RHEL-7.4 qemu-kvm PATCH 7/9] blkdebug: Add bdrv_truncate()
Bugzilla: 1427176
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
From: Kevin Wolf <kwolf@redhat.com>
This is, amongst others, required for qemu-iotests 033 to run as
intended on VHDX, which uses explicit bdrv_truncate() calls to bs->file
when allocating new blocks.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
(cherry picked from commit 8eedfbd4a50299f03b3630659c34ad1b01f69370)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Conflicts:
    block/blkdebug.c
Contextual conflict due to blkdebug_refresh_filename() missing from
downstream.
Signed-off-by: Max Reitz <mreitz@redhat.com>
---
 block/blkdebug.c | 6 ++++++
 1 file changed, 6 insertions(+)
diff --git a/block/blkdebug.c b/block/blkdebug.c
index 8e468b2..7cfeccb 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -652,6 +652,11 @@ static int64_t blkdebug_getlength(BlockDriverState *bs)
     return bdrv_getlength(bs->file);
 }
+static int blkdebug_truncate(BlockDriverState *bs, int64_t offset)
+{
+    return bdrv_truncate(bs->file, offset);
+}
+
 static BlockDriver bdrv_blkdebug = {
     .format_name            = "blkdebug",
     .protocol_name          = "blkdebug",
@@ -661,6 +666,7 @@ static BlockDriver bdrv_blkdebug = {
     .bdrv_file_open         = blkdebug_open,
     .bdrv_close             = blkdebug_close,
     .bdrv_getlength         = blkdebug_getlength,
+    .bdrv_truncate          = blkdebug_truncate,
     .bdrv_aio_readv         = blkdebug_aio_readv,
     .bdrv_aio_writev        = blkdebug_aio_writev,
--
1.8.3.1
SOURCES/kvm-block-gluster-add-support-for-selecting-debug-loggin.patch
New file
@@ -0,0 +1,202 @@
From 2ffc3b31eafe39cc11678ef0e0ea39cdfef0469d Mon Sep 17 00:00:00 2001
From: Jeffrey Cody <jcody@redhat.com>
Date: Tue, 17 Jan 2017 19:51:32 +0100
Subject: [PATCH 3/3] block/gluster: add support for selecting debug logging
 level
RH-Author: Jeffrey Cody <jcody@redhat.com>
Message-id: <87a60937c8dfa4bee63e59871811dbda7794e818.1484682588.git.jcody@redhat.com>
Patchwork-id: 73255
O-Subject: [RHEL-7.4 qemu-kvm 3/3] block/gluster: add support for selecting debug logging level
Bugzilla: 1151859
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
This adds commandline support for the logging level of the
gluster protocol driver, output to stdout.  The option is 'debug',
e.g.:
-drive filename=gluster://192.168.15.180/gv2/test.qcow2,debug=9
Debug levels are 0-9, with 9 being the most verbose, and 0 representing
no debugging output.  The default is the same as it was before, which
is a level of 4.  The current logging levels defined in the gluster
source are:
    0 - None
    1 - Emergency
    2 - Alert
    3 - Critical
    4 - Error
    5 - Warning
    6 - Notice
    7 - Info
    8 - Debug
    9 - Trace
(From: glusterfs/logging.h)
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
(cherry picked from commit 7eac868a508cdbf4cccef5c2084941b63fa3aded)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 block/gluster.c | 61 +++++++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 48 insertions(+), 13 deletions(-)
diff --git a/block/gluster.c b/block/gluster.c
index 5266dce..86e136d 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -35,6 +35,7 @@ typedef struct BDRVGlusterState {
     int qemu_aio_count;
     int event_reader_pos;
     GlusterAIOCB *event_acb;
+    int debug_level;
 } BDRVGlusterState;
 #define GLUSTER_FD_READ  0
@@ -46,6 +47,7 @@ typedef struct GlusterConf {
     char *volname;
     char *image;
     char *transport;
+    int debug_level;
 } GlusterConf;
 static void qemu_gluster_gconf_free(GlusterConf *gconf)
@@ -208,11 +210,7 @@ static struct glfs *qemu_gluster_init(GlusterConf *gconf, const char *filename,
         goto out;
     }
-    /*
-     * TODO: Use GF_LOG_ERROR instead of hard code value of 4 here when
-     * GlusterFS makes GF_LOG_* macros available to libgfapi users.
-     */
-    ret = glfs_set_logging(glfs, "-", 4);
+    ret = glfs_set_logging(glfs, "-", gconf->debug_level);
     if (ret < 0) {
         goto out;
     }
@@ -292,16 +290,26 @@ static int qemu_gluster_aio_flush_cb(void *opaque)
     return (s->qemu_aio_count > 0);
 }
+#define GLUSTER_OPT_FILENAME "filename"
+#define GLUSTER_OPT_DEBUG "debug"
+#define GLUSTER_DEBUG_DEFAULT 4
+#define GLUSTER_DEBUG_MAX 9
+
 /* TODO Convert to fine grained options */
 static QemuOptsList runtime_opts = {
     .name = "gluster",
     .head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
     .desc = {
         {
-            .name = "filename",
+            .name = GLUSTER_OPT_FILENAME,
             .type = QEMU_OPT_STRING,
             .help = "URL to the gluster image",
         },
+        {
+            .name = GLUSTER_OPT_DEBUG,
+            .type = QEMU_OPT_NUMBER,
+            .help = "Gluster log level, valid range is 0-9",
+        },
         { /* end of list */ }
     },
 };
@@ -342,8 +350,17 @@ static int qemu_gluster_open(BlockDriverState *bs,  QDict *options,
         goto out;
     }
-    filename = qemu_opt_get(opts, "filename");
+    filename = qemu_opt_get(opts, GLUSTER_OPT_FILENAME);
+    s->debug_level = qemu_opt_get_number(opts, GLUSTER_OPT_DEBUG,
+                                         GLUSTER_DEBUG_DEFAULT);
+    if (s->debug_level < 0) {
+        s->debug_level = 0;
+    } else if (s->debug_level > GLUSTER_DEBUG_MAX) {
+        s->debug_level = GLUSTER_DEBUG_MAX;
+    }
+
+    gconf->debug_level = s->debug_level;
     s->glfs = qemu_gluster_init(gconf, filename, errp);
     if (!s->glfs) {
         ret = -errno;
@@ -398,6 +415,7 @@ static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
                                        BlockReopenQueue *queue, Error **errp)
 {
     int ret = 0;
+    BDRVGlusterState *s;
     BDRVGlusterReopenState *reop_s;
     GlusterConf *gconf = NULL;
     int open_flags = 0;
@@ -405,6 +423,8 @@ static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
     assert(state != NULL);
     assert(state->bs != NULL);
+    s = state->bs->opaque;
+
     state->opaque = g_malloc0(sizeof(BDRVGlusterReopenState));
     reop_s = state->opaque;
@@ -412,6 +432,7 @@ static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
     gconf = g_malloc0(sizeof(GlusterConf));
+    gconf->debug_level = s->debug_level;
     reop_s->glfs = qemu_gluster_init(gconf, state->bs->filename, errp);
     if (reop_s->glfs == NULL) {
         ret = -errno;
@@ -487,19 +508,28 @@ static int qemu_gluster_create(const char *filename,
     int64_t total_size = 0;
     GlusterConf *gconf = g_malloc0(sizeof(GlusterConf));
-    glfs = qemu_gluster_init(gconf, filename, errp);
-    if (!glfs) {
-        ret = -errno;
-        goto out;
-    }
-
+    gconf->debug_level = GLUSTER_DEBUG_DEFAULT;
     while (options && options->name) {
         if (!strcmp(options->name, BLOCK_OPT_SIZE)) {
             total_size = options->value.n / BDRV_SECTOR_SIZE;
         }
+        if (!strcmp(options->name, GLUSTER_OPT_DEBUG)) {
+            gconf->debug_level = options->value.n;
+            if (gconf->debug_level < 0) {
+                gconf->debug_level = 0;
+            } else if (gconf->debug_level > GLUSTER_DEBUG_MAX) {
+                gconf->debug_level = GLUSTER_DEBUG_MAX;
+            }
+        }
         options++;
     }
+    glfs = qemu_gluster_init(gconf, filename, errp);
+    if (!glfs) {
+        ret = -errno;
+        goto out;
+    }
+
     fd = glfs_creat(glfs, gconf->image,
         O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, S_IRUSR | S_IWUSR);
     if (!fd) {
@@ -732,6 +762,11 @@ static QEMUOptionParameter qemu_gluster_create_options[] = {
         .type = OPT_SIZE,
         .help = "Virtual disk size"
     },
+    {
+        .name = GLUSTER_OPT_DEBUG,
+        .type = QEMU_OPT_NUMBER,
+        .help = "Gluster log level, valid range is 0-9",
+    },
     { NULL }
 };
--
1.8.3.1
SOURCES/kvm-char-change-qemu_chr_fe_add_watch-to-return-unsigned.patch
@@ -1,21 +1,21 @@
From 357b8e45c81e79a1547f65ea4109b0882050b1e9 Mon Sep 17 00:00:00 2001
From 6106261b0f1501a3772f4f9b67ae329697c7b815 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Tue, 23 May 2017 14:15:10 +0200
Date: Tue, 23 May 2017 13:43:59 +0200
Subject: [PATCH] char: change qemu_chr_fe_add_watch to return unsigned
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
Message-id: <20170523141510.24762-1-ehabkost@redhat.com>
Patchwork-id: 75397
O-Subject: [RHEL-7.3.z qemu-kvm PATCH] char: change qemu_chr_fe_add_watch to return unsigned
Bugzilla: 1452332
Message-id: <20170523134359.8747-1-ehabkost@redhat.com>
Patchwork-id: 75396
O-Subject: [RHEL-7.4 qemu-kvm PATCH] char: change qemu_chr_fe_add_watch to return unsigned
Bugzilla: 1451470
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1452332
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=13257135
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1451470#c32
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=13257025
g_source_attach can return any value between 1 and UINT_MAX if you let
QEMU run long enough.  However, qemu_chr_fe_add_watch can also return
@@ -26,11 +26,7 @@
Fix the cadence_uart which asserts in this case (easily obtained with
"-serial pty").
Backport notes:
  This is the same patch submitted to the 7.4 branch.
7.4 backport conflicts:
Backport Conflicts:
    hw/char/cadence_uart.c (no qemu_chr_fe_add_watch() call)
    net/vhost-user.c (doesn't exit)
    qemu-char.c (trivial conflict)
SOURCES/kvm-char-serial-Fix-emptyness-check.patch
@@ -1,15 +1,15 @@
From c9b0af3739fc5b79a20bf2492b5e8c1dea055dc0 Mon Sep 17 00:00:00 2001
From a7f735cccb7d7b98998600eebc789c709eac5bca Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:10 +0200
Date: Thu, 18 May 2017 09:21:18 +0200
Subject: [PATCH 05/18] char/serial: Fix emptyness check
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-6-famz@redhat.com>
Patchwork-id: 75361
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 05/18] char/serial: Fix emptyness check
Bugzilla: 1452332
Message-id: <20170518092131.16571-6-famz@redhat.com>
Patchwork-id: 75296
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 05/18] char/serial: Fix emptyness check
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
SOURCES/kvm-char-serial-Fix-emptyness-handling.patch
@@ -1,15 +1,15 @@
From a14715c6b64f4764259028923a9c04ae7844c546 Mon Sep 17 00:00:00 2001
From 63857964e14bbf4bcb91eaa56ca46a30d14934ed Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:11 +0200
Date: Thu, 18 May 2017 09:21:19 +0200
Subject: [PATCH 06/18] char/serial: Fix emptyness handling
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-7-famz@redhat.com>
Patchwork-id: 75359
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 06/18] char/serial: Fix emptyness handling
Bugzilla: 1452332
Message-id: <20170518092131.16571-7-famz@redhat.com>
Patchwork-id: 75298
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 06/18] char/serial: Fix emptyness handling
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Don Slutz <dslutz@verizon.com>
SOURCES/kvm-char-serial-Use-generic-Fifo8.patch
@@ -1,15 +1,15 @@
From 462caff619f890c56194ac50b70b095c26cd133e Mon Sep 17 00:00:00 2001
From 18e92ed681383c787912d0cd4b8164d8e7df26d4 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:07 +0200
Date: Thu, 18 May 2017 09:21:15 +0200
Subject: [PATCH 02/18] char/serial: Use generic Fifo8
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-3-famz@redhat.com>
Patchwork-id: 75358
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 02/18] char/serial: Use generic Fifo8
Bugzilla: 1452332
Message-id: <20170518092131.16571-3-famz@redhat.com>
Patchwork-id: 75292
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 02/18] char/serial: Use generic Fifo8
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
SOURCES/kvm-char-serial-cosmetic-fixes.patch
@@ -1,18 +1,18 @@
From f3c1372702f7cac6d8b405cf8c51e15eabc7c054 Mon Sep 17 00:00:00 2001
From 30482e796857e7d29877d93cc017aca5c844e4e1 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:06 +0200
Date: Thu, 18 May 2017 09:21:14 +0200
Subject: [PATCH 01/18] char/serial: cosmetic fixes.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-2-famz@redhat.com>
Patchwork-id: 75356
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 01/18] char/serial: cosmetic fixes.
Bugzilla: 1452332
Message-id: <20170518092131.16571-2-famz@redhat.com>
Patchwork-id: 75293
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 01/18] char/serial: cosmetic fixes.
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
SOURCES/kvm-char-serial-fix-copy-paste-error-fifo8_is_full-vs-em.patch
@@ -1,16 +1,16 @@
From a04a0d4cf131163600ebede71d223d9d01a32511 Mon Sep 17 00:00:00 2001
From 6239c2bb55847293db2defeff645e1d5e6456a19 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:09 +0200
Date: Thu, 18 May 2017 09:21:17 +0200
Subject: [PATCH 04/18] char/serial: fix copy&paste error (fifo8_is_full vs
 empty)
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-5-famz@redhat.com>
Patchwork-id: 75360
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 04/18] char/serial: fix copy&paste error (fifo8_is_full vs empty)
Bugzilla: 1452332
Message-id: <20170518092131.16571-5-famz@redhat.com>
Patchwork-id: 75294
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 04/18] char/serial: fix copy&paste error (fifo8_is_full vs empty)
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Vladimir Senkov <hangup@gmail.com>
SOURCES/kvm-char-serial-serial_ioport_write-Factor-out-common-co.patch
@@ -1,6 +1,6 @@
From 5114efc4a077a1fdfa9873e6f44a00d5f8101f65 Mon Sep 17 00:00:00 2001
From e675e8ae59a4eb6a39fa9d1f13011fd4e718ce67 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:08 +0200
Date: Thu, 18 May 2017 09:21:16 +0200
Subject: [PATCH 03/18] char/serial: serial_ioport_write: Factor out common
 code
MIME-Version: 1.0
@@ -8,12 +8,12 @@
Content-Transfer-Encoding: 8bit
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-4-famz@redhat.com>
Patchwork-id: 75357
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 03/18] char/serial: serial_ioport_write: Factor out common code
Bugzilla: 1452332
Message-id: <20170518092131.16571-4-famz@redhat.com>
Patchwork-id: 75295
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 03/18] char/serial: serial_ioport_write: Factor out common code
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
SOURCES/kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch
@@ -1,4 +1,4 @@
From e894ec03d7e6229488ae24d83809009162a0f9e0 Mon Sep 17 00:00:00 2001
From 74db251c34369bd32148864b3abea6d6586270dc Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 10 Feb 2017 08:30:15 +0100
Subject: [PATCH 3/3] cirrus: add blit_is_unsafe call to
@@ -8,7 +8,7 @@
Message-id: <1486715415-3462-4-git-send-email-kraxel@redhat.com>
Patchwork-id: 73773
O-Subject: [virt-devel] [EMBARGOED RHEL-7.4 qemu-kvm PATCH 3/3] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
Bugzilla: 1420490
Bugzilla: 1420492
CVE: CVE-2017-2620/20170221
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
SOURCES/kvm-cirrus-add-option-to-disable-blitter.patch
@@ -1,16 +1,16 @@
From 319f3876fafc35412bbf0ef6797c6764c95af6f3 Mon Sep 17 00:00:00 2001
From 04b0eed67c2564cf9c10a62f57ed606f627c9317 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 21 Mar 2017 09:58:03 +0100
Date: Mon, 27 Mar 2017 10:01:18 +0200
Subject: [PATCH 3/7] cirrus: add option to disable blitter
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1490090287-1503-4-git-send-email-kraxel@redhat.com>
Patchwork-id: 74424
O-Subject: [RHEL-7.4 qemu-kvm PATCH 3/7] cirrus: add option to disable blitter
Bugzilla: 1430059
Message-id: <1490608882-10242-4-git-send-email-kraxel@redhat.com>
Patchwork-id: 74551
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 3/7] cirrus: add option to disable blitter
Bugzilla: 1430060
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Ok, we have this beast in the cirrus code which is not used at all by
modern guests, except when you try to find security holes in qemu.  So,
SOURCES/kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch
@@ -1,13 +1,13 @@
From 9fd5f5b599e19c4485c3c7e6689081965e833df6 Mon Sep 17 00:00:00 2001
From 03b4fe1dacb0e4a2bdebb86d11e1cff13b2972c1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 7 Feb 2017 10:07:50 +0100
Subject: [PATCH 6/8] cirrus: allow zero source pitch in pattern fill rops
Subject: [PATCH 07/11] cirrus: allow zero source pitch in pattern fill rops
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1486462072-32174-6-git-send-email-kraxel@redhat.com>
Patchwork-id: 73569
O-Subject: [RHEL-7.4 qemu-kvm PATCH 5/7] cirrus: allow zero source pitch in pattern fill rops
Bugzilla: 1418232
Bugzilla: 1418233
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
SOURCES/kvm-cirrus-fix-blit-address-mask-handling.patch
@@ -1,13 +1,13 @@
From fdb1ec384fe65b7ca2ab7303b56c2731e5999058 Mon Sep 17 00:00:00 2001
From a5ce32ef09ab8eb8ba2467e12d37020048c8803f Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 7 Feb 2017 10:07:51 +0100
Subject: [PATCH 7/8] cirrus: fix blit address mask handling
Subject: [PATCH 08/11] cirrus: fix blit address mask handling
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1486462072-32174-7-git-send-email-kraxel@redhat.com>
Patchwork-id: 73570
O-Subject: [RHEL-7.4 qemu-kvm PATCH 6/7] cirrus: fix blit address mask handling
Bugzilla: 1418232
Bugzilla: 1418233
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
SOURCES/kvm-cirrus-fix-cirrus_invalidate_region.patch
@@ -1,16 +1,16 @@
From 6c17f6355cac0bc40bae876acf4d31e32978991f Mon Sep 17 00:00:00 2001
From 8396435dbcd13dc27c7f1c7576499354be48d2c7 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 21 Mar 2017 09:58:04 +0100
Date: Mon, 27 Mar 2017 10:01:19 +0200
Subject: [PATCH 4/7] cirrus: fix cirrus_invalidate_region
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1490090287-1503-5-git-send-email-kraxel@redhat.com>
Patchwork-id: 74423
O-Subject: [RHEL-7.4 qemu-kvm PATCH 4/7] cirrus: fix cirrus_invalidate_region
Bugzilla: 1430059
Message-id: <1490608882-10242-5-git-send-email-kraxel@redhat.com>
Patchwork-id: 74552
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 4/7] cirrus: fix cirrus_invalidate_region
Bugzilla: 1430060
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
off_cur_end is exclusive, so off_cur_end == cirrus_addr_mask is valid.
Fix calculation to make sure to allow that, otherwise the assert added
SOURCES/kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch
@@ -1,6 +1,6 @@
From 8c2a803f9ba8b4293c207917a2acfcfac0548d24 Mon Sep 17 00:00:00 2001
From 081ddf9d66155dbec8ec064d7671ba0799642fd6 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 21 Mar 2017 09:58:07 +0100
Date: Mon, 27 Mar 2017 10:01:22 +0200
Subject: [PATCH 7/7] cirrus: fix off-by-one in
 cirrus_bitblt_rop_bkwd_transp_*_16
MIME-Version: 1.0
@@ -8,13 +8,13 @@
Content-Transfer-Encoding: 8bit
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1490090287-1503-8-git-send-email-kraxel@redhat.com>
Patchwork-id: 74422
O-Subject: [RHEL-7.4 qemu-kvm PATCH 7/7] cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16
Bugzilla: 1430059
Message-id: <1490608882-10242-8-git-send-email-kraxel@redhat.com>
Patchwork-id: 74555
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 7/7] cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16
Bugzilla: 1430060
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
The switch from pointers to addresses (commit
026aeffcb4752054830ba203020ed6eb05bcaba8 and
SOURCES/kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch
@@ -1,13 +1,13 @@
From 55c542cca671a5a130c44359c73d1e908353418e Mon Sep 17 00:00:00 2001
From 2ff46c139a37bbe66732b9024daa771eff3e6c36 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 7 Feb 2017 10:07:52 +0100
Subject: [PATCH 8/8] cirrus: fix oob access issue (CVE-2017-2615)
Subject: [PATCH 09/11] cirrus: fix oob access issue (CVE-2017-2615)
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1486462072-32174-8-git-send-email-kraxel@redhat.com>
Patchwork-id: 73565
O-Subject: [RHEL-7.4 qemu-kvm PATCH 7/7] cirrus: fix oob access issue (CVE-2017-2615)
Bugzilla: 1418232
Bugzilla: 1418233
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
SOURCES/kvm-cirrus-fix-patterncopy-checks.patch
@@ -1,4 +1,4 @@
From 46da39c9f9a9a72cf9e833d46ce10d785581ce63 Mon Sep 17 00:00:00 2001
From 8ce7227f70248c7f4926124e16baab74c5689841 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 10 Feb 2017 08:30:13 +0100
Subject: [PATCH 1/3] cirrus: fix patterncopy checks
@@ -7,7 +7,7 @@
Message-id: <1486715415-3462-2-git-send-email-kraxel@redhat.com>
Patchwork-id: 73775
O-Subject: [virt-devel] [RHEL-7.4 qemu-kvm PATCH 1/3] cirrus: fix patterncopy checks
Bugzilla: 1420490
Bugzilla: 1420492
CVE: CVE-2017-2620/20170221
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
SOURCES/kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch
@@ -1,14 +1,14 @@
From 1d7bdd730d1537f931a95897b14fdb6c5754ea2c Mon Sep 17 00:00:00 2001
From 45023277a5822c89806eae1cc5f4d5f897e28fcd Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 7 Feb 2017 10:07:49 +0100
Subject: [PATCH 5/8] cirrus: handle negative pitch in
Subject: [PATCH 06/11] cirrus: handle negative pitch in
 cirrus_invalidate_region()
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1486462072-32174-5-git-send-email-kraxel@redhat.com>
Patchwork-id: 73566
O-Subject: [RHEL-7.4 qemu-kvm PATCH 4/7] cirrus: handle negative pitch in cirrus_invalidate_region()
Bugzilla: 1418232
Bugzilla: 1418233
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
SOURCES/kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch
@@ -1,16 +1,16 @@
From c4928f394f862c78024f4dccb6ea1398dc743c49 Mon Sep 17 00:00:00 2001
From f0327afe876acff27221cdeead1aca0444364133 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 21 Mar 2017 09:58:05 +0100
Date: Mon, 27 Mar 2017 10:01:20 +0200
Subject: [PATCH 5/7] cirrus: stop passing around dst pointers in the blitter
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1490090287-1503-6-git-send-email-kraxel@redhat.com>
Patchwork-id: 74421
O-Subject: [RHEL-7.4 qemu-kvm PATCH 5/7] cirrus: stop passing around dst pointers in the blitter
Bugzilla: 1430059
Message-id: <1490608882-10242-6-git-send-email-kraxel@redhat.com>
Patchwork-id: 74550
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 5/7] cirrus: stop passing around dst pointers in the blitter
Bugzilla: 1430060
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Instead pass around the address (aka offset into vga memory).  Calculate
the pointer in the rop_* functions, after applying the mask to the
SOURCES/kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch
@@ -1,16 +1,16 @@
From d29af2a00b6126d2c3af535d128beeb80216c197 Mon Sep 17 00:00:00 2001
From cc965429746aac94b7c37991f676dcd323ef212d Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 21 Mar 2017 09:58:06 +0100
Date: Mon, 27 Mar 2017 10:01:21 +0200
Subject: [PATCH 6/7] cirrus: stop passing around src pointers in the blitter
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1490090287-1503-7-git-send-email-kraxel@redhat.com>
Patchwork-id: 74417
O-Subject: [RHEL-7.4 qemu-kvm PATCH 6/7] cirrus: stop passing around src pointers in the blitter
Bugzilla: 1430059
Message-id: <1490608882-10242-7-git-send-email-kraxel@redhat.com>
Patchwork-id: 74549
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 6/7] cirrus: stop passing around src pointers in the blitter
Bugzilla: 1430060
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Does basically the same as "cirrus: stop passing around dst pointers in
the blitter", just for the src pointer instead of the dst pointer.
SOURCES/kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch
@@ -1,16 +1,16 @@
From de457fc23e747a0c622e0fd23e49893c1f1da460 Mon Sep 17 00:00:00 2001
From 9bd81fb917c9ac22055e0dc7b3a89a22d5cfbfc1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 21 Mar 2017 09:58:02 +0100
Date: Mon, 27 Mar 2017 10:01:17 +0200
Subject: [PATCH 2/7] cirrus/vnc: zap bitblit support from console code.
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1490090287-1503-3-git-send-email-kraxel@redhat.com>
Patchwork-id: 74418
O-Subject: [RHEL-7.4 qemu-kvm PATCH 2/7] cirrus/vnc: zap bitblit support from console code.
Bugzilla: 1430059
Message-id: <1490608882-10242-3-git-send-email-kraxel@redhat.com>
Patchwork-id: 74554
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 2/7] cirrus/vnc: zap bitblit support from console code.
Bugzilla: 1430060
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
There is a special code path (dpy_gfx_copy) to allow graphic emulation
notify user interface code about bitblit operations carryed out by
@@ -51,11 +51,11 @@
    include/ui/console.h
    ui/vnc.c
---
 hw/display/cirrus_vga.c | 12 ++-----
 hw/display/cirrus_vga.c | 12 ++----
 include/ui/console.h    |  7 ----
 ui/console.c            | 28 ---------------
 ui/vnc.c                | 96 -------------------------------------------------
 4 files changed, 3 insertions(+), 140 deletions(-)
 ui/console.c            | 28 --------------
 ui/vnc.c                | 99 -------------------------------------------------
 4 files changed, 3 insertions(+), 143 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 1b972db..83cef70 100644
@@ -165,7 +165,7 @@
 {
     return console->surface;
diff --git a/ui/vnc.c b/ui/vnc.c
index a0e2d33..c7a7853 100644
index b68918e..1834db0 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -417,7 +417,6 @@ out_error:
@@ -176,7 +176,7 @@
 static void vnc_disconnect_start(VncState *vs);
 
 static void vnc_colordepth(VncState *vs);
@@ -721,93 +720,6 @@ int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
@@ -728,96 +727,6 @@ int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
     return n;
 }
 
@@ -228,11 +228,12 @@
-        y = dst_y + h - 1;
-        inc = -1;
-    }
-    w_lim = w - (16 - (dst_x % 16));
-    if (w_lim < 0)
-    w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
-    if (w_lim < 0) {
-        w_lim = w;
-    else
-        w_lim = w - (w_lim % 16);
-    } else {
-        w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT);
-    }
-    for (i = 0; i < h; i++) {
-        for (x = 0; x <= w_lim;
-                x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
@@ -240,10 +241,11 @@
-                if ((s = w - w_lim) == 0)
-                    break;
-            } else if (!x) {
-                s = (16 - (dst_x % 16));
-                s = (VNC_DIRTY_PIXELS_PER_BIT -
-                    (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
-                s = MIN(s, w_lim);
-            } else {
-                s = 16;
-                s = VNC_DIRTY_PIXELS_PER_BIT;
-            }
-            cmp_bytes = s * VNC_SERVER_FB_BYTES;
-            if (memcmp(src_row, dst_row, cmp_bytes) == 0)
@@ -251,7 +253,8 @@
-            memmove(dst_row, src_row, cmp_bytes);
-            QTAILQ_FOREACH(vs, &vd->clients, next) {
-                if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
-                    set_bit(((x + dst_x) / 16), vs->dirty[y]);
-                    set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT),
-                            vs->dirty[y]);
-                }
-            }
-        }
@@ -270,7 +273,7 @@
 static void vnc_mouse_set(DisplayChangeListener *dcl,
                           int x, int y, int visible)
 {
@@ -873,13 +785,6 @@ static int find_and_clear_dirty_height(struct VncState *vs,
@@ -883,13 +792,6 @@ static int find_and_clear_dirty_height(struct VncState *vs,
     return h;
 }
 
@@ -284,7 +287,7 @@
 static int vnc_update_client(VncState *vs, int has_dirty)
 {
     if (vs->need_update && vs->csock != -1) {
@@ -2912,7 +2817,6 @@ static void vnc_listen_websocket_read(void *opaque)
@@ -2936,7 +2838,6 @@ static void vnc_listen_websocket_read(void *opaque)
 static const DisplayChangeListenerOps dcl_ops = {
     .dpy_name          = "vnc",
     .dpy_refresh       = vnc_refresh,
SOURCES/kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch
@@ -1,13 +1,13 @@
From 900ccf5cf6497234e1d3b1e80f4dfa8a60bcfb06 Mon Sep 17 00:00:00 2001
From 8d230a5a57512c84545bd6345775e69b4b3b1983 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 7 Feb 2017 10:07:46 +0100
Subject: [PATCH 2/8] cirrus_vga: fix off-by-one in blit_region_is_unsafe
Subject: [PATCH 03/11] cirrus_vga: fix off-by-one in blit_region_is_unsafe
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1486462072-32174-2-git-send-email-kraxel@redhat.com>
Patchwork-id: 73564
O-Subject: [RHEL-7.4 qemu-kvm PATCH 1/7] cirrus_vga: fix off-by-one in blit_region_is_unsafe
Bugzilla: 1418232
Bugzilla: 1418233
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
SOURCES/kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch
@@ -1,13 +1,13 @@
From e0ec8bdaf64a147c83334ae6f59e279c4560d01b Mon Sep 17 00:00:00 2001
From 4394f52159cec32cded60ec8f86cd4b92a85bfe5 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 7 Feb 2017 10:07:47 +0100
Subject: [PATCH 3/8] display: cirrus: check vga bits per pixel(bpp) value
Subject: [PATCH 04/11] display: cirrus: check vga bits per pixel(bpp) value
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1486462072-32174-3-git-send-email-kraxel@redhat.com>
Patchwork-id: 73568
O-Subject: [RHEL-7.4 qemu-kvm PATCH 2/7] display: cirrus: check vga bits per pixel(bpp) value
Bugzilla: 1418232
Bugzilla: 1418233
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
SOURCES/kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch
@@ -1,14 +1,14 @@
From 3178cae91f9fc3ddd025f1daa415b74ed387b6ca Mon Sep 17 00:00:00 2001
From 23ae0a2bec72997626c3ba834f036b9a3626eedc Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 7 Feb 2017 10:07:48 +0100
Subject: [PATCH 4/8] display: cirrus: ignore source pitch value as needed in
Subject: [PATCH 05/11] display: cirrus: ignore source pitch value as needed in
 blit_is_unsafe
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1486462072-32174-4-git-send-email-kraxel@redhat.com>
Patchwork-id: 73563
O-Subject: [RHEL-7.4 qemu-kvm PATCH 3/7] display: cirrus: ignore source pitch value as needed in blit_is_unsafe
Bugzilla: 1418232
Bugzilla: 1418233
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
SOURCES/kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch
@@ -1,16 +1,16 @@
From d27fae125c1efd59ba3263260d41f8e054b070a2 Mon Sep 17 00:00:00 2001
From f9b9adc4b66f991e655f51f2ef67dac46f6bd7d4 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 21 Mar 2017 09:58:01 +0100
Date: Mon, 27 Mar 2017 10:01:16 +0200
Subject: [PATCH 1/7] fix :cirrus_vga fix OOB read case qemu Segmentation fault
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
Message-id: <1490090287-1503-2-git-send-email-kraxel@redhat.com>
Patchwork-id: 74419
O-Subject: [RHEL-7.4 qemu-kvm PATCH 1/7] fix :cirrus_vga fix OOB read case qemu Segmentation fault
Bugzilla: 1430059
Message-id: <1490608882-10242-2-git-send-email-kraxel@redhat.com>
Patchwork-id: 74553
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 1/7] fix :cirrus_vga fix OOB read case qemu Segmentation fault
Bugzilla: 1430060
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
From: hangaohuai <hangaohuai@huawei.com>
SOURCES/kvm-gluster-Correctly-propagate-errors-when-volume-isn-t.patch
New file
@@ -0,0 +1,75 @@
From 22e47c104ff73885357a0be7b94270f3955427ea Mon Sep 17 00:00:00 2001
From: Jeffrey Cody <jcody@redhat.com>
Date: Tue, 17 Jan 2017 19:51:31 +0100
Subject: [PATCH 2/3] gluster: Correctly propagate errors when volume isn't
 accessible
RH-Author: Jeffrey Cody <jcody@redhat.com>
Message-id: <963a714d4eae919df79e2031e02c77af5a8697e2.1484682588.git.jcody@redhat.com>
Patchwork-id: 73256
O-Subject: [RHEL-7.4 qemu-kvm 2/3] gluster: Correctly propagate errors when volume isn't accessible
Bugzilla: 1151859
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
The docs for glfs_init suggest that the function sets errno on every
failure. In fact it doesn't. As other functions such as
qemu_gluster_open() in the gluster block code report their errors based
on this fact we need to make sure that errno is set on each failure.
This fixes a crash of qemu-img/qemu when a gluster brick isn't
accessible from given host while the server serving the volume
description is.
Thread 1 (Thread 0x7ffff7fba740 (LWP 203880)):
 #0  0x00007ffff77673f8 in glfs_lseek () from /usr/lib64/libgfapi.so.0
 #1  0x0000555555574a68 in qemu_gluster_getlength ()
 #2  0x0000555555565742 in refresh_total_sectors ()
 #3  0x000055555556914f in bdrv_open_common ()
 #4  0x000055555556e8e8 in bdrv_open ()
 #5  0x000055555556f02f in bdrv_open_image ()
 #6  0x000055555556e5f6 in bdrv_open ()
 #7  0x00005555555c5775 in bdrv_new_open ()
 #8  0x00005555555c5b91 in img_info ()
 #9  0x00007ffff62c9c05 in __libc_start_main () from /lib64/libc.so.6
 #10 0x00005555555648ad in _start ()
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 4557117d9eed8cadc360aec23b42fc39a7011864)
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 block/gluster.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/block/gluster.c b/block/gluster.c
index 248a031..5266dce 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -224,6 +224,11 @@ static struct glfs *qemu_gluster_init(GlusterConf *gconf, const char *filename,
                          "volume=%s image=%s transport=%s", gconf->server,
                          gconf->port, gconf->volname, gconf->image,
                          gconf->transport);
+
+        /* glfs_init sometimes doesn't set errno although docs suggest that */
+        if (errno == 0)
+            errno = EINVAL;
+
         goto out;
     }
     return glfs;
@@ -484,7 +489,7 @@ static int qemu_gluster_create(const char *filename,
     glfs = qemu_gluster_init(gconf, filename, errp);
     if (!glfs) {
-        ret = -EINVAL;
+        ret = -errno;
         goto out;
     }
--
1.8.3.1
SOURCES/kvm-gluster-correctly-propagate-errors.patch
New file
@@ -0,0 +1,111 @@
From 582eb6c9eef89809283e8d79b3f39e1ae9eeb64a Mon Sep 17 00:00:00 2001
From: Jeffrey Cody <jcody@redhat.com>
Date: Tue, 17 Jan 2017 19:51:30 +0100
Subject: [PATCH 1/3] gluster: correctly propagate errors
RH-Author: Jeffrey Cody <jcody@redhat.com>
Message-id: <9299039bbb1797e4e61cdc8b4be062efeb152abb.1484682588.git.jcody@redhat.com>
Patchwork-id: 73254
O-Subject: [RHEL-7.4 qemu-kvm 1/3] gluster: correctly propagate errors
Bugzilla: 1151859
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit a7451cb850d115f257080aff3fbc54f255ebf8f7)
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 block/gluster.c | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/block/gluster.c b/block/gluster.c
index 1793386..248a031 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -182,7 +182,8 @@ out:
     return ret;
 }
-static struct glfs *qemu_gluster_init(GlusterConf *gconf, const char *filename)
+static struct glfs *qemu_gluster_init(GlusterConf *gconf, const char *filename,
+                                      Error **errp)
 {
     struct glfs *glfs = NULL;
     int ret;
@@ -190,8 +191,8 @@ static struct glfs *qemu_gluster_init(GlusterConf *gconf, const char *filename)
     ret = qemu_gluster_parseuri(gconf, filename);
     if (ret < 0) {
-        error_report("Usage: file=gluster[+transport]://[server[:port]]/"
-            "volname/image[?socket=...]");
+        error_setg(errp, "Usage: file=gluster[+transport]://[server[:port]]/"
+                   "volname/image[?socket=...]");
         errno = -ret;
         goto out;
     }
@@ -218,9 +219,11 @@ static struct glfs *qemu_gluster_init(GlusterConf *gconf, const char *filename)
     ret = glfs_init(glfs);
     if (ret) {
-        error_report("Gluster connection failed for server=%s port=%d "
-             "volume=%s image=%s transport=%s", gconf->server, gconf->port,
-             gconf->volname, gconf->image, gconf->transport);
+        error_setg_errno(errp, errno,
+                         "Gluster connection failed for server=%s port=%d "
+                         "volume=%s image=%s transport=%s", gconf->server,
+                         gconf->port, gconf->volname, gconf->image,
+                         gconf->transport);
         goto out;
     }
     return glfs;
@@ -328,17 +331,15 @@ static int qemu_gluster_open(BlockDriverState *bs,  QDict *options,
     opts = qemu_opts_create_nofail(&runtime_opts);
     qemu_opts_absorb_qdict(opts, options, &local_err);
-    if (error_is_set(&local_err)) {
-        qerror_report_err(local_err);
-        error_free(local_err);
+    if (local_err) {
+        error_propagate(errp, local_err);
         ret = -EINVAL;
         goto out;
     }
     filename = qemu_opt_get(opts, "filename");
-
-    s->glfs = qemu_gluster_init(gconf, filename);
+    s->glfs = qemu_gluster_init(gconf, filename, errp);
     if (!s->glfs) {
         ret = -errno;
         goto out;
@@ -406,7 +407,7 @@ static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
     gconf = g_malloc0(sizeof(GlusterConf));
-    reop_s->glfs = qemu_gluster_init(gconf, state->bs->filename);
+    reop_s->glfs = qemu_gluster_init(gconf, state->bs->filename, errp);
     if (reop_s->glfs == NULL) {
         ret = -errno;
         goto exit;
@@ -481,9 +482,9 @@ static int qemu_gluster_create(const char *filename,
     int64_t total_size = 0;
     GlusterConf *gconf = g_malloc0(sizeof(GlusterConf));
-    glfs = qemu_gluster_init(gconf, filename);
+    glfs = qemu_gluster_init(gconf, filename, errp);
     if (!glfs) {
-        ret = -errno;
+        ret = -EINVAL;
         goto out;
     }
--
1.8.3.1
SOURCES/kvm-hw-i386-regenerate-checked-in-AML-payload-RHEL-only.patch
@@ -1,13 +1,13 @@
From 4f55d2d2f6efdce59440b57726f09578b8692158 Mon Sep 17 00:00:00 2001
From 436e7a406724efa98d05d4c32cae027f31a66033 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 23 Sep 2016 14:39:35 +0200
Subject: [PATCH 2/3] hw/i386: regenerate checked-in AML payload (RHEL only)
Date: Fri, 23 Sep 2016 14:39:35 -0300
Subject: [PATCH 1/2] hw/i386: regenerate checked-in AML payload (RHEL only)
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20160923143936.25594-2-lersek@redhat.com>
Patchwork-id: 72414
O-Subject: [RHEL-7.3 qemu-kvm PATCH 1/2] hw/i386: regenerate checked-in AML payload (RHEL only)
Bugzilla: 1392027
Bugzilla: 1377087
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
@@ -24,7 +24,7 @@
remained identical across this change.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
 hw/i386/acpi-dsdt.hex.generated     |  8 ++++----
 hw/i386/q35-acpi-dsdt.hex.generated |  8 ++++----
SOURCES/kvm-i386-kvmvapic-initialise-imm32-variable.patch
New file
@@ -0,0 +1,46 @@
From edb9059eb8f42f892d67df324eeb0098c05d1f4a Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 28 Feb 2017 12:07:54 +0100
Subject: [PATCH 09/24] i386: kvmvapic: initialise imm32 variable
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20170228120754.16073-1-pbonzini@redhat.com>
Patchwork-id: 74089
O-Subject: [RHEL7.4 qemu-kvm PATCH] i386: kvmvapic: initialise imm32 variable
Bugzilla: 1335751
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
When processing Task Priorty Register(TPR) access, it could leak
automatic stack variable 'imm32' in patch_instruction().
Initialise the variable to avoid it.
Reported by: Donghai Zdh <donghai.zdh@alibaba-inc.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1460013608-16670-1-git-send-email-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 691a02e2ce0c413236a78dee6f2651c937b09fb0)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 hw/i386/kvmvapic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index 577ae64..a5dd9dd 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -390,7 +390,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
     CPUX86State *env = &cpu->env;
     VAPICHandlers *handlers;
     uint8_t opcode[2];
-    uint32_t imm32;
+    uint32_t imm32 = 0;
     target_ulong current_pc = 0;
     target_ulong current_cs_base = 0;
     int current_flags = 0;
--
1.8.3.1
SOURCES/kvm-ide-fix-halted-IO-segfault-at-reset.patch
@@ -1,15 +1,15 @@
From 4d3c9646213bdf992af4e28eaf0d57610eb79fec Mon Sep 17 00:00:00 2001
From 4fbb16d71e7e9a893c665926642122b165c63425 Mon Sep 17 00:00:00 2001
From: John Snow <jsnow@redhat.com>
Date: Thu, 29 Sep 2016 00:02:14 +0200
Subject: [PATCH 1/3] ide: fix halted IO segfault at reset
Date: Wed, 26 Apr 2017 23:49:07 +0200
Subject: [PATCH] ide: fix halted IO segfault at reset
RH-Author: John Snow <jsnow@redhat.com>
Message-id: <1475107334-14972-2-git-send-email-jsnow@redhat.com>
Patchwork-id: 72436
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 1/1] ide: fix halted IO segfault at reset
Bugzilla: 1393042
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-id: <20170426234907.21151-2-jsnow@redhat.com>
Patchwork-id: 74905
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 1/1] ide: fix halted IO segfault at reset
Bugzilla: 1299875
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
If one attempts to perform a system_reset after a failed IO request
SOURCES/kvm-iotests-Filter-for-Killed-in-qemu-io-output.patch
New file
@@ -0,0 +1,44 @@
From 27158eec51a5a443d9ae9a7b565b40b749f6f41b Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Mon, 13 Mar 2017 17:46:45 +0100
Subject: [PATCH 14/24] iotests: Filter for "Killed" in qemu-io output
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20170313174649.28932-1-mreitz@redhat.com>
Patchwork-id: 74276
O-Subject: [RHEL-7.4 qemu-kvm PATCH 5/9] iotests: Filter for "Killed" in qemu-io output
Bugzilla: 1427176
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
_filter_qemu_io already filters out the process ID when qemu-io is
aborted; the same should be done when it is killed.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1418032092-16813-3-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 9e0c3e8df5d1b12517d587d60b2fe587ea252ebe)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 tests/qemu-iotests/common.filter | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index dcd246d..041e001 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -150,7 +150,7 @@ _filter_win32()
 _filter_qemu_io()
 {
     _filter_win32 | sed -e "s/[0-9]* ops\; [0-9/:. sec]* ([0-9/.inf]* [EPTGMKiBbytes]*\/sec and [0-9/.inf]* ops\/sec)/X ops\; XX:XX:XX.X (XXX YYY\/sec and XXX ops\/sec)/" \
-        -e "s/: line [0-9][0-9]*:  *[0-9][0-9]*\( Aborted\)/:\1/" \
+        -e "s/: line [0-9][0-9]*:  *[0-9][0-9]*\( Aborted\| Killed\)/:\1/" \
         -e "s/qemu-io> //g"
 }
--
1.8.3.1
SOURCES/kvm-iotests-Fix-test-039.patch
New file
@@ -0,0 +1,116 @@
From 5eef8556fa85c070a242f93b675e7fb8e24a2fa0 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Mon, 13 Mar 2017 17:46:56 +0100
Subject: [PATCH 15/24] iotests: Fix test 039
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20170313174659.29164-1-mreitz@redhat.com>
Patchwork-id: 74277
O-Subject: [RHEL-7.4 qemu-kvm PATCH 6/9] iotests: Fix test 039
Bugzilla: 1427176
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
Test 039 used qemu-io -c abort for simulating a qemu crash; however,
abort() generally results in a core dump and ulimit -c 0 is no reliable
way of preventing that. Use "sigraise $(kill -l KILL)" instead to have
it crash without a core dump.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1418032092-16813-4-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 3f394472c5bca59de5cab9baafdff1984b0213a3)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 tests/qemu-iotests/039     | 18 +++++++++++++-----
 tests/qemu-iotests/039.out |  6 +++---
 2 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/tests/qemu-iotests/039 b/tests/qemu-iotests/039
index 1e50651..ac85476 100755
--- a/tests/qemu-iotests/039
+++ b/tests/qemu-iotests/039
@@ -46,9 +46,11 @@ _supported_proto generic
 _supported_os Linux
 _unsupported_qemu_io_options --nocache
-_no_dump_exec()
+_subshell_exec()
 {
-    (ulimit -c 0; exec "$@")
+    # Executing crashing commands in a subshell prevents information like the
+    # "Killed" line from being lost
+    (exec "$@")
 }
 size=128M
@@ -71,7 +73,9 @@ echo "== Creating a dirty image file =="
 IMGOPTS="compat=1.1,lazy_refcounts=on"
 _make_test_img $size
-_no_dump_exec $QEMU_IO -c "write -P 0x5a 0 512" -c "abort" "$TEST_IMG" 2>&1 | _filter_qemu_io
+_subshell_exec $QEMU_IO -c "write -P 0x5a 0 512" \
+                        -c "sigraise $(kill -l KILL)" "$TEST_IMG" 2>&1 \
+    | _filter_qemu_io
 # The dirty bit must be set
 ./qcow2.py "$TEST_IMG" dump-header | grep incompatible_features
@@ -104,7 +108,9 @@ echo "== Opening a dirty image read/write should repair it =="
 IMGOPTS="compat=1.1,lazy_refcounts=on"
 _make_test_img $size
-_no_dump_exec $QEMU_IO -c "write -P 0x5a 0 512" -c "abort" "$TEST_IMG" 2>&1 | _filter_qemu_io
+_subshell_exec $QEMU_IO -c "write -P 0x5a 0 512" \
+                        -c "sigraise $(kill -l KILL)" "$TEST_IMG" 2>&1 \
+    | _filter_qemu_io
 # The dirty bit must be set
 ./qcow2.py "$TEST_IMG" dump-header | grep incompatible_features
@@ -120,7 +126,9 @@ echo "== Creating an image file with lazy_refcounts=off =="
 IMGOPTS="compat=1.1,lazy_refcounts=off"
 _make_test_img $size
-_no_dump_exec $QEMU_IO -c "write -P 0x5a 0 512" -c "abort" "$TEST_IMG" 2>&1 | _filter_qemu_io
+_subshell_exec $QEMU_IO -c "write -P 0x5a 0 512" \
+                        -c "sigraise $(kill -l KILL)" "$TEST_IMG" 2>&1 \
+    | _filter_qemu_io
 # The dirty bit must not be set since lazy_refcounts=off
 ./qcow2.py "$TEST_IMG" dump-header | grep incompatible_features
diff --git a/tests/qemu-iotests/039.out b/tests/qemu-iotests/039.out
index af62da1..f3fe58b 100644
--- a/tests/qemu-iotests/039.out
+++ b/tests/qemu-iotests/039.out
@@ -11,7 +11,7 @@ No errors were found on the image.
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
 wrote 512/512 bytes at offset 0
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-./039: Aborted                 ( ulimit -c 0; exec "$@" )
+./039: Killed                  ( exec "$@" )
 incompatible_features     0x1
 ERROR cluster 5 refcount=0 reference=1
 ERROR OFLAG_COPIED data cluster: l2_entry=8000000000050000 refcount=0
@@ -46,7 +46,7 @@ read 512/512 bytes at offset 0
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
 wrote 512/512 bytes at offset 0
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-./039: Aborted                 ( ulimit -c 0; exec "$@" )
+./039: Killed                  ( exec "$@" )
 incompatible_features     0x1
 ERROR cluster 5 refcount=0 reference=1
 Rebuilding refcount structure
@@ -60,7 +60,7 @@ incompatible_features     0x0
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
 wrote 512/512 bytes at offset 0
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-./039: Aborted                 ( ulimit -c 0; exec "$@" )
+./039: Killed                  ( exec "$@" )
 incompatible_features     0x0
 No errors were found on the image.
 *** done
--
1.8.3.1
SOURCES/kvm-memory-Allow-access-only-upto-the-maximum-alignment-.patch
New file
@@ -0,0 +1,169 @@
From 2ee2492513f9685cb716dc1cb4cf5b580da43e07 Mon Sep 17 00:00:00 2001
From: Bandan Das <bsd@redhat.com>
Date: Wed, 25 Jan 2017 03:36:07 +0100
Subject: [PATCH 01/11] memory: Allow access only upto the maximum alignment
 for memory_region_* functions
RH-Author: Bandan Das <bsd@redhat.com>
Message-id: <jpgefzrn74o.fsf@linux.bootlegged.copy>
Patchwork-id: 73367
O-Subject: [RHEL-7.4 qemu-kvm PATCH] memory: Allow access only upto the maximum alignment for memory_region_* functions
Bugzilla: 1342768
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342768
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=12437870
Upstream: N/A, upstream doesn't exhibit this behavior
Currently, there is no check in memory_region_iorange_* functions for whether
the size requested is greater than the maximum alignment. This causes
an abort with a specific version of the Linux kernel (4.7.0-RC1):
/usr/libexec/qemu-kvm -kernel ~/vmlinuz-4.7.0-rc1 --enable-kvm -m 1G -vnc :2 -monitor stdio
0  0x00007fb057cb65f7 in raise () from /lib64/libc.so.6
1  0x00007fb057cb7ce8 in abort () from /lib64/libc.so.6
2  0x00007fb05eca5537 in acpi_gpe_ioport_readb ()
3  0x00007fb05eca5ff0 in gpe_readb ()
4  0x00007fb05ede6f4c in memory_region_read_accessor ()
5  0x00007fb05ede6993 in access_with_adjusted_size ()
6  0x00007fb05ede7ce8 in memory_region_iorange_read ()
7  0x00007fb05ede2ac7 in ioport_readl_thunk ()
8  0x00007fb05ede3141 in cpu_inl ()
9  0x00007fb05ede5c49 in kvm_cpu_exec ()
10 0x00007fb05ed98485 in qemu_kvm_cpu_thread_fn ()
11 0x00007fb05bcc9dc5 in start_thread () from /lib64/libpthread.so.0
12 0x00007fb057d77ced in clone () from /lib64/libc.so.6
This happens because guest code tries to read(l=4) from 0xafe2
with GPE base being 0xafe0 which causes the abort in
acpi_gpe_ioport_get_ptr() to trigger. This change adds a
memory_access_size() which is similar to the one in upstream that
forces size to be equal to the maximum alignment if it's greater.
It also keeps the other checks present in upstream for safety and
is called from the memory_region_read/write functions before
calling the call specific access functions.
Signed-off-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 memory.c | 44 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 40 insertions(+), 4 deletions(-)
diff --git a/memory.c b/memory.c
index 7bd6e87..573ecdd 100644
--- a/memory.c
+++ b/memory.c
@@ -381,6 +381,33 @@ static const MemoryRegionPortio *find_portio(MemoryRegion *mr, uint64_t offset,
     return NULL;
 }
+static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
+{
+  unsigned access_size_max = mr->ops->valid.max_access_size;
+
+  /* Regions are assumed to support 1-4 byte accesses unless
+     otherwise specified.  */
+  if (access_size_max == 0) {
+    access_size_max = 4;
+  }
+
+  /* Bound the maximum access by the alignment of the address.  */
+  if (!mr->ops->impl.unaligned) {
+    unsigned align_size_max = addr & -addr;
+    if (align_size_max != 0 && align_size_max < access_size_max) {
+        access_size_max = align_size_max;
+    }
+  }
+
+  /* Don't attempt accesses larger than the maximum.  */
+  if (l > access_size_max) {
+    l = access_size_max;
+  }
+  l = pow2floor(l);
+
+  return l;
+}
+
 static void memory_region_iorange_read(IORange *iorange,
                                        uint64_t offset,
                                        unsigned width,
@@ -389,6 +416,7 @@ static void memory_region_iorange_read(IORange *iorange,
     MemoryRegionIORange *mrio
         = container_of(iorange, MemoryRegionIORange, iorange);
     MemoryRegion *mr = mrio->mr;
+    unsigned l;
     offset += mrio->offset;
     if (mr->ops->old_portio) {
@@ -407,7 +435,8 @@ static void memory_region_iorange_read(IORange *iorange,
         return;
     }
     *data = 0;
-    access_with_adjusted_size(offset, data, width,
+    l = memory_access_size(mr, width, offset);
+    access_with_adjusted_size(offset, data, l,
                               mr->ops->impl.min_access_size,
                               mr->ops->impl.max_access_size,
                               memory_region_read_accessor, mr);
@@ -421,6 +450,7 @@ static void memory_region_iorange_write(IORange *iorange,
     MemoryRegionIORange *mrio
         = container_of(iorange, MemoryRegionIORange, iorange);
     MemoryRegion *mr = mrio->mr;
+    unsigned l;
     offset += mrio->offset;
     if (mr->ops->old_portio) {
@@ -437,7 +467,8 @@ static void memory_region_iorange_write(IORange *iorange,
         }
         return;
     }
-    access_with_adjusted_size(offset, &data, width,
+    l = memory_access_size(mr, width, offset);
+    access_with_adjusted_size(offset, &data, l,
                               mr->ops->impl.min_access_size,
                               mr->ops->impl.max_access_size,
                               memory_region_write_accessor, mr);
@@ -850,6 +881,7 @@ static uint64_t memory_region_dispatch_read1(MemoryRegion *mr,
                                              unsigned size)
 {
     uint64_t data = 0;
+    unsigned l;
     if (!memory_region_access_valid(mr, addr, size, false)) {
         return -1U; /* FIXME: better signalling */
@@ -859,8 +891,9 @@ static uint64_t memory_region_dispatch_read1(MemoryRegion *mr,
         return mr->ops->old_mmio.read[ctz32(size)](mr->opaque, addr);
     }
+    l = memory_access_size(mr, size, addr);
     /* FIXME: support unaligned access */
-    access_with_adjusted_size(addr, &data, size,
+    access_with_adjusted_size(addr, &data, l,
                               mr->ops->impl.min_access_size,
                               mr->ops->impl.max_access_size,
                               memory_region_read_accessor, mr);
@@ -902,6 +935,8 @@ static void memory_region_dispatch_write(MemoryRegion *mr,
                                          uint64_t data,
                                          unsigned size)
 {
+    unsigned l;
+
     if (!memory_region_access_valid(mr, addr, size, true)) {
         return; /* FIXME: better signalling */
     }
@@ -913,8 +948,9 @@ static void memory_region_dispatch_write(MemoryRegion *mr,
         return;
     }
+    l = memory_access_size(mr, size, addr);
     /* FIXME: support unaligned access */
-    access_with_adjusted_size(addr, &data, size,
+    access_with_adjusted_size(addr, &data, l,
                               mr->ops->impl.min_access_size,
                               mr->ops->impl.max_access_size,
                               memory_region_write_accessor, mr);
--
1.8.3.1
SOURCES/kvm-nbd-Fix-regression-on-resiliency-to-port-scan.patch
@@ -1,15 +1,15 @@
From 8ead1a8129b42b14a6ccddbf4c24535b3cb80209 Mon Sep 17 00:00:00 2001
From 5bd3c61792fe793b1d42e675b53e47396f4219a3 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Fri, 9 Jun 2017 22:07:15 +0200
Subject: [PATCH 2/2] nbd: Fix regression on resiliency to port scan
Date: Fri, 9 Jun 2017 22:04:13 +0200
Subject: [PATCH 6/6] nbd: Fix regression on resiliency to port scan
RH-Author: Eric Blake <eblake@redhat.com>
Message-id: <20170609220715.29645-3-eblake@redhat.com>
Patchwork-id: 75578
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 2/2] nbd: Fix regression on resiliency to port scan
Bugzilla: 1460179
Message-id: <20170609220413.28793-3-eblake@redhat.com>
Patchwork-id: 75575
O-Subject: [RHEL-7.4 qemu-kvm PATCH 2/2] nbd: Fix regression on resiliency to port scan
Bugzilla: 1451614
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
@@ -52,7 +52,7 @@
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20170608222617.20376-1-eblake@redhat.com>
(cherry picked from commit ???)
https://bugzilla.redhat.com/show_bug.cgi?id=1460179
https://bugzilla.redhat.com/show_bug.cgi?id=1451614
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Conflicts:
SOURCES/kvm-nbd-Fully-initialize-client-in-case-of-failed-negoti.patch
@@ -1,16 +1,16 @@
From e34b480cd9a1fb23e361a514c98439672140bd37 Mon Sep 17 00:00:00 2001
From 0e97bcfd7ab3c7b3d489de3cf4c7c4977b73cd23 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Fri, 9 Jun 2017 22:07:14 +0200
Subject: [PATCH 1/2] nbd: Fully initialize client in case of failed
Date: Fri, 9 Jun 2017 22:04:12 +0200
Subject: [PATCH 5/6] nbd: Fully initialize client in case of failed
 negotiation
RH-Author: Eric Blake <eblake@redhat.com>
Message-id: <20170609220715.29645-2-eblake@redhat.com>
Patchwork-id: 75580
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 1/2] nbd: Fully initialize client in case of failed negotiation
Bugzilla: 1460179
Message-id: <20170609220413.28793-2-eblake@redhat.com>
Patchwork-id: 75576
O-Subject: [RHEL-7.4 qemu-kvm PATCH 1/2] nbd: Fully initialize client in case of failed negotiation
Bugzilla: 1451614
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Thomas Huth <thuth@redhat.com>
If a non-NBD client connects to qemu-nbd, we would end up with
@@ -44,7 +44,7 @@
Message-Id: <20170527030421.28366-1-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit ???)
https://bugzilla.redhat.com/show_bug.cgi?id=1460179
https://bugzilla.redhat.com/show_bug.cgi?id=1451614
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Conflicts:
SOURCES/kvm-net-check-packet-payload-length.patch
@@ -1,13 +1,13 @@
From 6d126da8f958c57413a4505d98cb4a3ff48cbbfe Mon Sep 17 00:00:00 2001
From fa1aaeeab2f10d7f107dd45a2c06e40e71bde1c3 Mon Sep 17 00:00:00 2001
From: "wexu@redhat.com" <wexu@redhat.com>
Date: Wed, 21 Dec 2016 06:04:24 +0100
Subject: [PATCH] net: check packet payload length
Subject: [PATCH 3/4] net: check packet payload length
RH-Author: wexu@redhat.com
Message-id: <1482300264-29708-2-git-send-email-wexu@redhat.com>
Patchwork-id: 73088
O-Subject: [RHEL-7.4/7.3.z qemu-kvm Patch v2] net: check packet payload length
Bugzilla: 1398217
Bugzilla: 1398218
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
SOURCES/kvm-qcow2-Don-t-rely-on-free_cluster_index-in-alloc_ref2.patch
New file
@@ -0,0 +1,86 @@
From 32dcdb3b1623e351d66bfe7cccbdcef3087f9b7b Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Mon, 13 Mar 2017 17:45:09 +0100
Subject: [PATCH 11/24] qcow2: Don't rely on free_cluster_index in
 alloc_refcount_block() (CVE-2014-0147)
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20170313174516.28044-3-mreitz@redhat.com>
Patchwork-id: 74274
O-Subject: [RHEL-7.4 qemu-kvm PATCH 2/9] qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147)
Bugzilla: 1427176
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
From: Kevin Wolf <kwolf@redhat.com>
free_cluster_index is only correct if update_refcount() was called from
an allocation function, and even there it's brittle because it's used to
protect unfinished allocations which still have a refcount of 0 - if it
moves in the wrong place, the unfinished allocation can be corrupted.
So not using it any more seems to be a good idea. Instead, use the
first requested cluster to do the calculations. Return -EAGAIN if
unfinished allocations could become invalid and let the caller restart
its search for some free clusters.
The context of creating a snapsnot is one situation where
update_refcount() is called outside of a cluster allocation. For this
case, the change fixes a buffer overflow if a cluster is referenced in
an L2 table that cannot be represented by an existing refcount block.
(new_table[refcount_table_index] was out of bounds)
[Bump the qemu-iotests 026 refblock_alloc.write leak count from 10 to
11.
--Stefan]
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit b106ad9185f35fc4ad669555ad0e79e276083bd7)
This patch was committed downstream before upstream (commit ID
a2b10eec76a72aa7fe63e797181b93f69de9600e), therefore the change to 026's
reference output is missing, which is amended by this backport.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 tests/qemu-iotests/026.out | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tests/qemu-iotests/026.out b/tests/qemu-iotests/026.out
index 0764389..5cedefc 100644
--- a/tests/qemu-iotests/026.out
+++ b/tests/qemu-iotests/026.out
@@ -491,7 +491,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 Event: refblock_alloc.write_blocks; errno: 28; imm: off; once: off; write
 write failed: No space left on device
-10 leaked clusters were found on the image.
+11 leaked clusters were found on the image.
 This means waste of disk space, but no harm to data.
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
@@ -515,7 +515,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 Event: refblock_alloc.write_table; errno: 28; imm: off; once: off; write
 write failed: No space left on device
-10 leaked clusters were found on the image.
+11 leaked clusters were found on the image.
 This means waste of disk space, but no harm to data.
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
@@ -539,7 +539,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 Event: refblock_alloc.switch_table; errno: 28; imm: off; once: off; write
 write failed: No space left on device
-10 leaked clusters were found on the image.
+11 leaked clusters were found on the image.
 This means waste of disk space, but no harm to data.
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
--
1.8.3.1
SOURCES/kvm-qemu-char-ignore-flow-control-if-a-PTY-s-slave-is-no.patch
@@ -1,16 +1,16 @@
From 1e2929d890fb4cc88162b9771ed93b1c61f89b33 Mon Sep 17 00:00:00 2001
From 6a40d58e03beaef265f6c1293301f5f8860ecbea Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:14 +0200
Date: Thu, 18 May 2017 09:21:22 +0200
Subject: [PATCH 09/18] qemu-char: ignore flow control if a PTY's slave is not
 connected
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-10-famz@redhat.com>
Patchwork-id: 75364
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 09/18] qemu-char: ignore flow control if a PTY's slave is not connected
Bugzilla: 1452332
Message-id: <20170518092131.16571-10-famz@redhat.com>
Patchwork-id: 75301
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 09/18] qemu-char: ignore flow control if a PTY's slave is not connected
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
SOURCES/kvm-qemu-io-Add-sigraise-command.patch
New file
@@ -0,0 +1,98 @@
From 9bf536ecc296516cb5d82d5e9630663aaac56629 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Mon, 13 Mar 2017 17:46:24 +0100
Subject: [PATCH 13/24] qemu-io: Add sigraise command
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20170313174629.28735-2-mreitz@redhat.com>
Patchwork-id: 74275
O-Subject: [RHEL-7.4 qemu-kvm PATCH 4/9] qemu-io: Add sigraise command
Bugzilla: 1427176
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
abort() has the sometimes undesirable side-effect of generating a core
dump. If that is not needed, SIGKILL has the same effect of abruptly
crash qemu; without a core dump.
Thus, -c abort is not always useful to simulate a qemu-io crash;
therefore, this patch adds a new sigraise command which allows raising
a signal.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1418032092-16813-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 0e82dc7bbd96f9b0fb76e5fe263ba04b15e68127)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 qemu-io-cmds.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index b41d6ee..010f05f 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -2050,6 +2050,51 @@ static const cmdinfo_t abort_cmd = {
        .oneline        = "simulate a program crash using abort(3)",
 };
+static void sigraise_help(void)
+{
+    printf(
+"\n"
+" raises the given signal\n"
+"\n"
+" Example:\n"
+" 'sigraise %i' - raises SIGTERM\n"
+"\n"
+" Invokes raise(signal), where \"signal\" is the mandatory integer argument\n"
+" given to sigraise.\n"
+"\n", SIGTERM);
+}
+
+static int sigraise_f(BlockDriverState *bs, int argc, char **argv);
+
+static const cmdinfo_t sigraise_cmd = {
+    .name       = "sigraise",
+    .cfunc      = sigraise_f,
+    .argmin     = 1,
+    .argmax     = 1,
+    .flags      = CMD_NOFILE_OK,
+    .args       = "signal",
+    .oneline    = "raises a signal",
+    .help       = sigraise_help,
+};
+
+static int sigraise_f(BlockDriverState *bs, int argc, char **argv)
+{
+    int sig = cvtnum(argv[1]);
+    if (sig < 0) {
+        printf("non-numeric signal number argument -- %s\n", argv[1]);
+        return 0;
+    }
+
+    /* Using raise() to kill this process does not necessarily flush all open
+     * streams. At least stdout and stderr (although the latter should be
+     * non-buffered anyway) should be flushed, though. */
+    fflush(stdout);
+    fflush(stderr);
+
+    raise(sig);
+    return 0;
+}
+
 static void sleep_cb(void *opaque)
 {
     bool *expired = opaque;
@@ -2203,4 +2248,5 @@ static void __attribute((constructor)) init_qemuio_commands(void)
     qemuio_add_command(&wait_break_cmd);
     qemuio_add_command(&abort_cmd);
     qemuio_add_command(&sleep_cmd);
+    qemuio_add_command(&sigraise_cmd);
 }
--
1.8.3.1
SOURCES/kvm-qemu-iotests-Disable-030-040-041.patch
New file
@@ -0,0 +1,53 @@
From 17c2dbd411ce0b2221b5559c3c0eff01920dea40 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Mon, 13 Mar 2017 17:47:19 +0100
Subject: [PATCH 18/24] qemu-iotests: Disable 030, 040, 041
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20170313174719.29543-1-mreitz@redhat.com>
Patchwork-id: 74280
O-Subject: [RHEL-7.4 qemu-kvm PATCH 9/9] qemu-iotests: Disable 030, 040, 041
Bugzilla: 1427176
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
Upstream: N/A
All of these tests require (and test) live block operations, 030 and 041
also need blkdebug support. Both of these features are disabled
downstream, so the tests need to be disabled, too.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 tests/qemu-iotests/group | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 58b3d05..c1fc89d 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -36,7 +36,7 @@
 027 rw auto quick
 028 rw backing auto
 029 rw auto quick
-030 rw auto backing
+# 030 rw auto backing -- requires blkdebug and block jobs
 031 rw auto quick
 032 rw auto
 033 rw auto quick
@@ -46,8 +46,8 @@
 037 rw auto backing
 038 rw auto backing
 039 rw auto
-040 rw auto
-041 rw auto backing
+# 040 rw auto -- requires block jobs
+# 041 rw auto backing -- requires blkdebug and block jobs
 042 rw auto quick
 043 rw auto backing
 044 rw auto
--
1.8.3.1
SOURCES/kvm-qemu-iotests-Filter-out-actual-image-size-in-067.patch
New file
@@ -0,0 +1,93 @@
From 858514a037db08493b7cdd6adaf87466ee2f7831 Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Mon, 13 Mar 2017 17:45:08 +0100
Subject: [PATCH 10/24] qemu-iotests: Filter out actual image size in 067
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20170313174516.28044-2-mreitz@redhat.com>
Patchwork-id: 74273
O-Subject: [RHEL-7.4 qemu-kvm PATCH 1/9] qemu-iotests: Filter out actual image size in 067
Bugzilla: 1427176
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
The actual size of the image file may differ depending on the Linux
kernel currently running on the host. Filtering out this value makes
this test pass in such cases.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 64815e2a966f0a3f18818b9d542f1ef02dc992a2)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 tests/qemu-iotests/067     |  2 +-
 tests/qemu-iotests/067.out | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/tests/qemu-iotests/067 b/tests/qemu-iotests/067
index 79dc38b..d025192 100644
--- a/tests/qemu-iotests/067
+++ b/tests/qemu-iotests/067
@@ -45,7 +45,7 @@ function do_run_qemu()
 function run_qemu()
 {
-    do_run_qemu "$@" 2>&1 | _filter_testdir | _filter_qmp
+    do_run_qemu "$@" 2>&1 | _filter_testdir | _filter_qmp | sed -e 's/\("actual-size":\s*\)[0-9]\+/\1SIZE/g'
 }
 size=128M
diff --git a/tests/qemu-iotests/067.out b/tests/qemu-iotests/067.out
index 4bb9ff9..8d271cc 100644
--- a/tests/qemu-iotests/067.out
+++ b/tests/qemu-iotests/067.out
@@ -6,7 +6,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
 Testing: -drive file=TEST_DIR/t.qcow2,format=qcow2,if=none,id=disk -device virtio-blk-pci,drive=disk,id=virtio0
 QMP_VERSION
 {"return": {}}
-{"return": [{"io-status": "ok", "device": "disk", "locked": false, "removable": false, "inserted": {"iops_rd": 0, "image": {"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": 139264, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", "lazy-refcounts": false}}, "dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "type": "unknown"}, {"io-status": "ok", "device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}]}
+{"return": [{"io-status": "ok", "device": "disk", "locked": false, "removable": false, "inserted": {"iops_rd": 0, "image": {"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": SIZE, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", "lazy-refcounts": false}}, "dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "type": "unknown"}, {"io-status": "ok", "device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}]}
 {"return": {}}
 {"return": {}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "DEVICE_DELETED", "data": {"path": "/machine/peripheral/virtio0/virtio-backend"}}
@@ -24,7 +24,7 @@ QMP_VERSION
 Testing: -drive file=TEST_DIR/t.qcow2,format=qcow2,if=none,id=disk
 QMP_VERSION
 {"return": {}}
-{"return": [{"device": "disk", "locked": false, "removable": true, "inserted": {"iops_rd": 0, "image": {"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": 139264, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", "lazy-refcounts": false}}, "dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "tray_open": false, "type": "unknown"}, {"io-status": "ok", "device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}]}
+{"return": [{"device": "disk", "locked": false, "removable": true, "inserted": {"iops_rd": 0, "image": {"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": SIZE, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", "lazy-refcounts": false}}, "dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "tray_open": false, "type": "unknown"}, {"io-status": "ok", "device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}]}
 {"return": {}}
 {"return": {}}
 {"return": {}}
@@ -44,7 +44,7 @@ Testing:
 QMP_VERSION
 {"return": {}}
 {"return": "OK\r\n"}
-{"return": [{"io-status": "ok", "device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "disk", "locked": false, "removable": true, "inserted": {"iops_rd": 0, "image": {"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": 139264, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", "lazy-refcounts": false}}, "dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "tray_open": false, "type": "unknown"}]}
+{"return": [{"io-status": "ok", "device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "disk", "locked": false, "removable": true, "inserted": {"iops_rd": 0, "image": {"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": SIZE, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", "lazy-refcounts": false}}, "dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "tray_open": false, "type": "unknown"}]}
 {"return": {}}
 {"return": {}}
 {"return": {}}
@@ -64,14 +64,14 @@ Testing:
 QMP_VERSION
 {"return": {}}
 {"return": {}}
-{"return": [{"io-status": "ok", "device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "disk", "locked": false, "removable": true, "inserted": {"iops_rd": 0, "image": {"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": 139264, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", "lazy-refcounts": false}}, "dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "tray_open": false, "type": "unknown"}]}
+{"return": [{"io-status": "ok", "device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "disk", "locked": false, "removable": true, "inserted": {"iops_rd": 0, "image": {"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": SIZE, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", "lazy-refcounts": false}}, "dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "tray_open": false, "type": "unknown"}]}
 {"return": {}}
 {"return": {}}
 {"return": {}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "DEVICE_DELETED", "data": {"path": "/machine/peripheral/virtio0/virtio-backend"}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "DEVICE_DELETED", "data": {"device": "virtio0", "path": "/machine/peripheral/virtio0"}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "RESET"}
-{"return": [{"io-status": "ok", "device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"io-status": "ok", "device": "disk", "locked": false, "removable": true, "inserted": {"iops_rd": 0, "image": {"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": 139264, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", "lazy-refcounts": false}}, "dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "tray_open": false, "type": "unknown"}]}
+{"return": [{"io-status": "ok", "device": "ide1-cd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "floppy0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"device": "sd0", "locked": false, "removable": true, "tray_open": false, "type": "unknown"}, {"io-status": "ok", "device": "disk", "locked": false, "removable": true, "inserted": {"iops_rd": 0, "image": {"virtual-size": 134217728, "filename": "TEST_DIR/t.qcow2", "cluster-size": 65536, "format": "qcow2", "actual-size": SIZE, "format-specific": {"type": "qcow2", "data": {"compat": "1.1", "lazy-refcounts": false}}, "dirty-flag": false}, "iops_wr": 0, "ro": false, "backing_file_depth": 0, "drv": "qcow2", "iops": 0, "bps_wr": 0, "encrypted": false, "bps": 0, "bps_rd": 0, "file": "TEST_DIR/t.qcow2", "encryption_key_missing": false}, "tray_open": false, "type": "unknown"}]}
 {"return": {}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "SHUTDOWN"}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "DEVICE_TRAY_MOVED", "data": {"device": "ide1-cd0", "tray-open": true}}
--
1.8.3.1
SOURCES/kvm-qemu-iotests-Fix-core-dump-suppression-in-test-039.patch
New file
@@ -0,0 +1,141 @@
From 3d0fa39257aac5ee843c0f3e5e69703e299bb90c Mon Sep 17 00:00:00 2001
From: Max Reitz <mreitz@redhat.com>
Date: Mon, 13 Mar 2017 17:46:23 +0100
Subject: [PATCH 12/24] qemu-iotests: Fix core dump suppression in test 039
RH-Author: Max Reitz <mreitz@redhat.com>
Message-id: <20170313174629.28735-1-mreitz@redhat.com>
Patchwork-id: 74281
O-Subject: [RHEL-7.4 qemu-kvm PATCH 3/9] qemu-iotests: Fix core dump suppression in test 039
Bugzilla: 1427176
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
From: Markus Armbruster <armbru@redhat.com>
The shell script attempts to suppress core dumps like this:
    old_ulimit=$(ulimit -c)
    ulimit -c 0
    $QEMU_IO arg...
    ulimit -c "$old_ulimit"
This breaks the test hard unless the limit was zero to begin with!
ulimit sets both hard and soft limit by default, and (re-)raising the
hard limit requires privileges.  Broken since it was added in commit
dc68afe.
Could be fixed by adding -S to set only the soft limit, but I'm not
sure how portable that is in practice.  Simply do it in a subshell
instead, like this:
    (ulimit -c 0; exec $QEMU_IO arg...)
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit d530e342320d4db3c9522bfadc60a7bc8142343a)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 tests/qemu-iotests/039           | 20 ++++++++------------
 tests/qemu-iotests/039.out       |  3 +++
 tests/qemu-iotests/common.filter |  1 +
 3 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/tests/qemu-iotests/039 b/tests/qemu-iotests/039
index 8bade92..1e50651 100755
--- a/tests/qemu-iotests/039
+++ b/tests/qemu-iotests/039
@@ -46,6 +46,11 @@ _supported_proto generic
 _supported_os Linux
 _unsupported_qemu_io_options --nocache
+_no_dump_exec()
+{
+    (ulimit -c 0; exec "$@")
+}
+
 size=128M
 echo
@@ -66,10 +71,7 @@ echo "== Creating a dirty image file =="
 IMGOPTS="compat=1.1,lazy_refcounts=on"
 _make_test_img $size
-old_ulimit=$(ulimit -c)
-ulimit -c 0 # do not produce a core dump on abort(3)
-$QEMU_IO -c "write -P 0x5a 0 512" -c "abort" "$TEST_IMG" | _filter_qemu_io
-ulimit -c "$old_ulimit"
+_no_dump_exec $QEMU_IO -c "write -P 0x5a 0 512" -c "abort" "$TEST_IMG" 2>&1 | _filter_qemu_io
 # The dirty bit must be set
 ./qcow2.py "$TEST_IMG" dump-header | grep incompatible_features
@@ -102,10 +104,7 @@ echo "== Opening a dirty image read/write should repair it =="
 IMGOPTS="compat=1.1,lazy_refcounts=on"
 _make_test_img $size
-old_ulimit=$(ulimit -c)
-ulimit -c 0 # do not produce a core dump on abort(3)
-$QEMU_IO -c "write -P 0x5a 0 512" -c "abort" "$TEST_IMG" | _filter_qemu_io
-ulimit -c "$old_ulimit"
+_no_dump_exec $QEMU_IO -c "write -P 0x5a 0 512" -c "abort" "$TEST_IMG" 2>&1 | _filter_qemu_io
 # The dirty bit must be set
 ./qcow2.py "$TEST_IMG" dump-header | grep incompatible_features
@@ -121,10 +120,7 @@ echo "== Creating an image file with lazy_refcounts=off =="
 IMGOPTS="compat=1.1,lazy_refcounts=off"
 _make_test_img $size
-old_ulimit=$(ulimit -c)
-ulimit -c 0 # do not produce a core dump on abort(3)
-$QEMU_IO -c "write -P 0x5a 0 512" -c "abort" "$TEST_IMG" | _filter_qemu_io
-ulimit -c "$old_ulimit"
+_no_dump_exec $QEMU_IO -c "write -P 0x5a 0 512" -c "abort" "$TEST_IMG" 2>&1 | _filter_qemu_io
 # The dirty bit must not be set since lazy_refcounts=off
 ./qcow2.py "$TEST_IMG" dump-header | grep incompatible_features
diff --git a/tests/qemu-iotests/039.out b/tests/qemu-iotests/039.out
index d25bf0b..af62da1 100644
--- a/tests/qemu-iotests/039.out
+++ b/tests/qemu-iotests/039.out
@@ -11,6 +11,7 @@ No errors were found on the image.
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
 wrote 512/512 bytes at offset 0
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+./039: Aborted                 ( ulimit -c 0; exec "$@" )
 incompatible_features     0x1
 ERROR cluster 5 refcount=0 reference=1
 ERROR OFLAG_COPIED data cluster: l2_entry=8000000000050000 refcount=0
@@ -45,6 +46,7 @@ read 512/512 bytes at offset 0
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
 wrote 512/512 bytes at offset 0
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+./039: Aborted                 ( ulimit -c 0; exec "$@" )
 incompatible_features     0x1
 ERROR cluster 5 refcount=0 reference=1
 Rebuilding refcount structure
@@ -58,6 +60,7 @@ incompatible_features     0x0
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
 wrote 512/512 bytes at offset 0
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+./039: Aborted                 ( ulimit -c 0; exec "$@" )
 incompatible_features     0x0
 No errors were found on the image.
 *** done
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index 9c82c77..dcd246d 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -150,6 +150,7 @@ _filter_win32()
 _filter_qemu_io()
 {
     _filter_win32 | sed -e "s/[0-9]* ops\; [0-9/:. sec]* ([0-9/.inf]* [EPTGMKiBbytes]*\/sec and [0-9/.inf]* ops\/sec)/X ops\; XX:XX:XX.X (XXX YYY\/sec and XXX ops\/sec)/" \
+        -e "s/: line [0-9][0-9]*:  *[0-9][0-9]*\( Aborted\)/:\1/" \
         -e "s/qemu-io> //g"
 }
--
1.8.3.1
SOURCES/kvm-qxl-Only-emit-QXL_INTERRUPT_CLIENT_MONITORS_CONFIG-o.patch
New file
@@ -0,0 +1,125 @@
From de84e9659aa6b91bd1a7c4fb30fde859882b9201 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Thu, 5 Jan 2017 23:58:10 +0100
Subject: [PATCH 4/4] qxl: Only emit QXL_INTERRUPT_CLIENT_MONITORS_CONFIG on
 config changes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: <20170105235810.27189-1-marcandre.lureau@redhat.com>
Patchwork-id: 73185
O-Subject: [RHEL-7.4 qemu-kvm PATCH] qxl: Only emit QXL_INTERRUPT_CLIENT_MONITORS_CONFIG on config changes
Bugzilla: 1342489
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Acked-by: Christophe Fergeau <cfergeau@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Christophe Fergeau <cfergeau@redhat.com>
Currently if the client keeps sending the same monitor config to
QEMU/spice-server, QEMU will always raise
a QXL_INTERRUPT_CLIENT_MONITORS_CONFIG regardless of whether there was a
change or not.
Guest-side (with fedora 25), the kernel QXL KMS driver will also forward the
event to user-space without checking if there were actual changes.
Next in line are gnome-shell/mutter (on a default f25 install), which
will try to reconfigure everything without checking if there is anything
to do.
Where this gets ugly is that when applying the resolution changes,
gnome-shell/mutter will call drmModeRmFB, drmModeAddFB, and
drmModeSetCrtc, which will cause the primary surface to be destroyed and
recreated by the QXL KMS driver. This in turn will cause the client to
resend a client monitors config message, which will cause QEMU to reemit
an interrupt with an unchanged monitors configuration, ...
This causes https://bugzilla.redhat.com/show_bug.cgi?id=1266484
This commit makes sure that we only emit
QXL_INTERRUPT_CLIENT_MONITORS_CONFIG when there are actual configuration
changes the guest should act on.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Message-id: 20161028144840.18326-1-cfergeau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 6c7565028c272c4c6f2a83c3a90b044eeaf2804a)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 hw/display/qxl.c | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index f762439..c76c237 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -989,6 +989,34 @@ static uint32_t qxl_crc32(const uint8_t *p, unsigned len)
     return crc32(0xffffffff, p, len) ^ 0xffffffff;
 }
+static bool qxl_rom_monitors_config_changed(QXLRom *rom,
+        VDAgentMonitorsConfig *monitors_config,
+        unsigned int max_outputs)
+{
+    int i;
+    unsigned int monitors_count;
+
+    monitors_count = MIN(monitors_config->num_of_monitors, max_outputs);
+
+    if (rom->client_monitors_config.count != monitors_count) {
+        return true;
+    }
+
+    for (i = 0 ; i < rom->client_monitors_config.count ; ++i) {
+        VDAgentMonConfig *monitor = &monitors_config->monitors[i];
+        QXLURect *rect = &rom->client_monitors_config.heads[i];
+        /* monitor->depth ignored */
+        if ((rect->left != monitor->x) ||
+            (rect->top != monitor->y)  ||
+            (rect->right != monitor->x + monitor->width) ||
+            (rect->bottom != monitor->y + monitor->height)) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
 /* called from main context only */
 static int interface_client_monitors_config(QXLInstance *sin,
                                         VDAgentMonitorsConfig *monitors_config)
@@ -997,6 +1025,7 @@ static int interface_client_monitors_config(QXLInstance *sin,
     QXLRom *rom = memory_region_get_ram_ptr(&qxl->rom_bar);
     int i;
     unsigned max_outputs = ARRAY_SIZE(rom->client_monitors_config.heads);
+    bool config_changed = false;
     if (qxl->revision < 4) {
         trace_qxl_client_monitors_config_unsupported_by_device(qxl->id,
@@ -1027,6 +1056,10 @@ static int interface_client_monitors_config(QXLInstance *sin,
     }
 #endif
+    config_changed = qxl_rom_monitors_config_changed(rom,
+                                                     monitors_config,
+                                                     max_outputs);
+
     memset(&rom->client_monitors_config, 0,
            sizeof(rom->client_monitors_config));
     rom->client_monitors_config.count = monitors_config->num_of_monitors;
@@ -1056,7 +1089,9 @@ static int interface_client_monitors_config(QXLInstance *sin,
     trace_qxl_interrupt_client_monitors_config(qxl->id,
                         rom->client_monitors_config.count,
                         rom->client_monitors_config.heads);
-    qxl_send_events(qxl, QXL_INTERRUPT_CLIENT_MONITORS_CONFIG);
+    if (config_changed) {
+        qxl_send_events(qxl, QXL_INTERRUPT_CLIENT_MONITORS_CONFIG);
+    }
     return 1;
 }
--
1.8.3.1
SOURCES/kvm-serial-change-retry-logic-to-avoid-concurrency.patch
@@ -1,15 +1,15 @@
From 3ddb1809fc188f9aca337b19a81b40da5b992057 Mon Sep 17 00:00:00 2001
From 19651bdbf15a4ce03d6fc6e3a6be514a3f46a118 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:13 +0200
Date: Thu, 18 May 2017 09:21:21 +0200
Subject: [PATCH 08/18] serial: change retry logic to avoid concurrency
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-9-famz@redhat.com>
Patchwork-id: 75362
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 08/18] serial: change retry logic to avoid concurrency
Bugzilla: 1452332
Message-id: <20170518092131.16571-9-famz@redhat.com>
Patchwork-id: 75300
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 08/18] serial: change retry logic to avoid concurrency
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Kirill Batuzov <batuzovk@ispras.ru>
SOURCES/kvm-serial-check-if-backed-by-a-physical-serial-port-at-.patch
@@ -1,16 +1,16 @@
From 1882bb1a0967e7d513b0d5bd060fa214bc44efcb Mon Sep 17 00:00:00 2001
From 3ad8bb6f424f7ff1d4bbf73237fb1590f0ce1810 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:15 +0200
Date: Thu, 18 May 2017 09:21:23 +0200
Subject: [PATCH 10/18] serial: check if backed by a physical serial port at
 realize time
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-11-famz@redhat.com>
Patchwork-id: 75366
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 10/18] serial: check if backed by a physical serial port at realize time
Bugzilla: 1452332
Message-id: <20170518092131.16571-11-famz@redhat.com>
Patchwork-id: 75299
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 10/18] serial: check if backed by a physical serial port at realize time
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
SOURCES/kvm-serial-clean-up-THRE-TEMT-handling.patch
@@ -1,15 +1,15 @@
From 9afba2b1b9f8c2af3165fb0d9b68888996fe2330 Mon Sep 17 00:00:00 2001
From 1b37b298fc1f0d69e24229191e4bbe741e4d96ab Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:17 +0200
Date: Thu, 18 May 2017 09:21:25 +0200
Subject: [PATCH 12/18] serial: clean up THRE/TEMT handling
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-13-famz@redhat.com>
Patchwork-id: 75367
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 12/18] serial: clean up THRE/TEMT handling
Bugzilla: 1452332
Message-id: <20170518092131.16571-13-famz@redhat.com>
Patchwork-id: 75303
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 12/18] serial: clean up THRE/TEMT handling
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
SOURCES/kvm-serial-fixing-vmstate-for-save-restore.patch
New file
@@ -0,0 +1,355 @@
From 7d2e8f9662feb64c0b15b6fd53e06e3c56921f27 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 9 Jun 2017 11:43:58 +0200
Subject: [PATCH 3/6] serial: fixing vmstate for save/restore
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20170609114359.13036-3-pbonzini@redhat.com>
Patchwork-id: 75567
O-Subject: [RHEL7.4 qemu-kvm PATCH v2 2/3] serial: fixing vmstate for save/restore
Bugzilla: 1452067
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
From: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Some fields were added to VMState by this patch to preserve correct
loading of the serial port controller state.
Updating FCR value while loading was also modified to disable generating
an interrupt by loadvm.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 7385b275d9ae8bdf3c012bc4e2ae9779fcea6312)
[RHEL: omit some subsections.  thr_ipending can be reconstructed fairly
       reliably by serial_post_load.  The others are features that are
       unlikely to be used in RHEL, respectively receive timeout (Linux
       does not even have the UART_IIR_CTI symbol in the driver) and
       physical serial ports connected to a modem]
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 hw/char/serial.c | 245 ++++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 215 insertions(+), 30 deletions(-)
diff --git a/hw/char/serial.c b/hw/char/serial.c
index 39de1ca..0518a6f 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -275,6 +275,36 @@ static void serial_xmit(SerialState *s)
     s->lsr |= UART_LSR_TEMT;
 }
+/* Setter for FCR.
+   is_load flag means, that value is set while loading VM state
+   and interrupt should not be invoked */
+static void serial_write_fcr(SerialState *s, uint8_t val)
+{
+    /* Set fcr - val only has the bits that are supposed to "stick" */
+    s->fcr = val;
+
+    if (val & UART_FCR_FE) {
+        s->iir |= UART_IIR_FE;
+        /* Set recv_fifo trigger Level */
+        switch (val & 0xC0) {
+        case UART_FCR_ITL_1:
+            s->recv_fifo_itl = 1;
+            break;
+        case UART_FCR_ITL_2:
+            s->recv_fifo_itl = 4;
+            break;
+        case UART_FCR_ITL_3:
+            s->recv_fifo_itl = 8;
+            break;
+        case UART_FCR_ITL_4:
+            s->recv_fifo_itl = 14;
+            break;
+        }
+    } else {
+        s->iir &= ~UART_IIR_FE;
+    }
+}
+
 static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
                                 unsigned size)
 {
@@ -351,21 +381,17 @@ static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
         }
         break;
     case 2:
-        val = val & 0xFF;
-
-        if (s->fcr == val)
-            break;
-
         /* Did the enable/disable flag change? If so, make sure FIFOs get flushed */
-        if ((val ^ s->fcr) & UART_FCR_FE)
+        if ((val ^ s->fcr) & UART_FCR_FE) {
             val |= UART_FCR_XFR | UART_FCR_RFR;
+        }
         /* FIFO clear */
         if (val & UART_FCR_RFR) {
             s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
             qemu_del_timer(s->fifo_timeout_timer);
-            s->timeout_ipending=0;
+            s->timeout_ipending = 0;
             fifo8_reset(&s->recv_fifo);
         }
@@ -375,28 +401,7 @@ static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
             fifo8_reset(&s->xmit_fifo);
         }
-        if (val & UART_FCR_FE) {
-            s->iir |= UART_IIR_FE;
-            /* Set recv_fifo trigger Level */
-            switch (val & 0xC0) {
-            case UART_FCR_ITL_1:
-                s->recv_fifo_itl = 1;
-                break;
-            case UART_FCR_ITL_2:
-                s->recv_fifo_itl = 4;
-                break;
-            case UART_FCR_ITL_3:
-                s->recv_fifo_itl = 8;
-                break;
-            case UART_FCR_ITL_4:
-                s->recv_fifo_itl = 14;
-                break;
-            }
-        } else
-            s->iir &= ~UART_IIR_FE;
-
-        /* Set fcr - or at least the bits in it that are supposed to "stick" */
-        s->fcr = val & 0xC9;
+        serial_write_fcr(s, val & 0xC9);
         serial_update_irq(s);
         break;
     case 3:
@@ -617,6 +622,14 @@ static void serial_pre_save(void *opaque)
     s->fcr_vmstate = s->fcr;
 }
+static int serial_pre_load(void *opaque)
+{
+    SerialState *s = opaque;
+    s->thr_ipending = -1;
+    s->poll_msl = -1;
+    return 0;
+}
+
 static int serial_post_load(void *opaque, int version_id)
 {
     SerialState *s = opaque;
@@ -628,17 +641,159 @@ static int serial_post_load(void *opaque, int version_id)
         s->tsr_retry = MAX_XMIT_RETRY;
     }
+    if (s->thr_ipending == -1) {
+        s->thr_ipending = ((s->iir & UART_IIR_ID) == UART_IIR_THRI);
+    }
+    s->last_break_enable = (s->lcr >> 6) & 1;
     /* Initialize fcr via setter to perform essential side-effects */
-    serial_ioport_write(s, 0x02, s->fcr_vmstate, 1);
+    serial_write_fcr(s, s->fcr_vmstate);
     serial_update_parameters(s);
     return 0;
 }
+static bool serial_thr_ipending_needed(void *opaque)
+{
+#if 0
+    SerialState *s = opaque;
+    bool expected_value = ((s->iir & UART_IIR_ID) == UART_IIR_THRI);
+    return s->thr_ipending != expected_value;
+#else
+    /* for migration compatibility with RHEL <= 7.3 */
+    return 0;
+#endif
+}
+
+const VMStateDescription vmstate_serial_thr_ipending = {
+    .name = "serial/thr_ipending",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .fields = (VMStateField[]) {
+        VMSTATE_INT32(thr_ipending, SerialState),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
+static bool serial_tsr_needed(void *opaque)
+{
+    SerialState *s = (SerialState *)opaque;
+    return s->tsr_retry != 0;
+}
+
+const VMStateDescription vmstate_serial_tsr = {
+    .name = "serial/tsr",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .fields = (VMStateField[]) {
+        VMSTATE_UINT32(tsr_retry, SerialState),
+        VMSTATE_UINT8(thr, SerialState),
+        VMSTATE_UINT8(tsr, SerialState),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
+static bool serial_recv_fifo_needed(void *opaque)
+{
+    SerialState *s = (SerialState *)opaque;
+    return !fifo8_is_empty(&s->recv_fifo);
+
+}
+
+const VMStateDescription vmstate_serial_recv_fifo = {
+    .name = "serial/recv_fifo",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .fields = (VMStateField[]) {
+        VMSTATE_STRUCT(recv_fifo, SerialState, 1, vmstate_fifo8, Fifo8),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
+static bool serial_xmit_fifo_needed(void *opaque)
+{
+    SerialState *s = (SerialState *)opaque;
+    return !fifo8_is_empty(&s->xmit_fifo);
+}
+
+const VMStateDescription vmstate_serial_xmit_fifo = {
+    .name = "serial/xmit_fifo",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .fields = (VMStateField[]) {
+        VMSTATE_STRUCT(xmit_fifo, SerialState, 1, vmstate_fifo8, Fifo8),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
+static bool serial_fifo_timeout_timer_needed(void *opaque)
+{
+#if 0
+    SerialState *s = (SerialState *)opaque;
+    return timer_pending(s->fifo_timeout_timer);
+#else
+    /* for migration compatibility with RHEL <= 7.3 */
+    return 0;
+#endif
+}
+
+const VMStateDescription vmstate_serial_fifo_timeout_timer = {
+    .name = "serial/fifo_timeout_timer",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .fields = (VMStateField[]) {
+        VMSTATE_TIMER(fifo_timeout_timer, SerialState),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
+static bool serial_timeout_ipending_needed(void *opaque)
+{
+#if 0
+    SerialState *s = (SerialState *)opaque;
+    return s->timeout_ipending != 0;
+#else
+    /* for migration compatibility with RHEL <= 7.3 */
+    return 0;
+#endif
+}
+
+const VMStateDescription vmstate_serial_timeout_ipending = {
+    .name = "serial/timeout_ipending",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .fields = (VMStateField[]) {
+        VMSTATE_INT32(timeout_ipending, SerialState),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
+static bool serial_poll_needed(void *opaque)
+{
+#if 0
+    SerialState *s = (SerialState *)opaque;
+    return s->poll_msl >= 0;
+#else
+    /* for migration compatibility with RHEL <= 7.3 */
+    return 0;
+#endif
+}
+
+const VMStateDescription vmstate_serial_poll = {
+    .name = "serial/poll",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .fields = (VMStateField[]) {
+        VMSTATE_INT32(poll_msl, SerialState),
+        VMSTATE_TIMER(modem_status_poll, SerialState),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
 const VMStateDescription vmstate_serial = {
     .name = "serial",
     .version_id = 3,
     .minimum_version_id = 2,
     .pre_save = serial_pre_save,
+    .pre_load = serial_pre_load,
     .post_load = serial_post_load,
     .fields      = (VMStateField []) {
         VMSTATE_UINT16_V(divider, SerialState, 2),
@@ -652,6 +807,32 @@ const VMStateDescription vmstate_serial = {
         VMSTATE_UINT8(scr, SerialState),
         VMSTATE_UINT8_V(fcr_vmstate, SerialState, 3),
         VMSTATE_END_OF_LIST()
+    },
+    .subsections = (VMStateSubsection[]) {
+        {
+            .vmsd = &vmstate_serial_thr_ipending,
+            .needed = &serial_thr_ipending_needed,
+        } , {
+            .vmsd = &vmstate_serial_tsr,
+            .needed = &serial_tsr_needed,
+        } , {
+            .vmsd = &vmstate_serial_recv_fifo,
+            .needed = &serial_recv_fifo_needed,
+        } , {
+            .vmsd = &vmstate_serial_xmit_fifo,
+            .needed = &serial_xmit_fifo_needed,
+        } , {
+            .vmsd = &vmstate_serial_fifo_timeout_timer,
+            .needed = &serial_fifo_timeout_timer_needed,
+        } , {
+            .vmsd = &vmstate_serial_timeout_ipending,
+            .needed = &serial_timeout_ipending_needed,
+        } , {
+            .vmsd = &vmstate_serial_poll,
+            .needed = &serial_poll_needed,
+        } , {
+            /* empty */
+        }
     }
 };
@@ -678,6 +859,10 @@ static void serial_reset(void *opaque)
     s->char_transmit_time = (get_ticks_per_sec() / 9600) * 10;
     s->poll_msl = 0;
+    s->timeout_ipending = 0;
+    qemu_del_timer(s->fifo_timeout_timer);
+    qemu_del_timer(s->modem_status_poll);
+
     fifo8_reset(&s->recv_fifo);
     fifo8_reset(&s->xmit_fifo);
--
1.8.3.1
SOURCES/kvm-serial-make-tsr_retry-unsigned.patch
@@ -1,15 +1,15 @@
From fece1f0b57a8daa08e04338baab90202d75766ec Mon Sep 17 00:00:00 2001
From 03b9104f9cf6c0b4f7b7976b987753afddb32599 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:20 +0200
Date: Thu, 18 May 2017 09:21:28 +0200
Subject: [PATCH 15/18] serial: make tsr_retry unsigned
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-16-famz@redhat.com>
Patchwork-id: 75371
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 15/18] serial: make tsr_retry unsigned
Bugzilla: 1452332
Message-id: <20170518092131.16571-16-famz@redhat.com>
Patchwork-id: 75305
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 15/18] serial: make tsr_retry unsigned
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
SOURCES/kvm-serial-only-resample-THR-interrupt-on-rising-edge-of.patch
@@ -1,16 +1,16 @@
From 95388b9e0745ca0125012f050c53f651811b5189 Mon Sep 17 00:00:00 2001
From 0c6d2ffcebff88c6cda738aa46fa77c09b93b78b Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:19 +0200
Date: Thu, 18 May 2017 09:21:27 +0200
Subject: [PATCH 14/18] serial: only resample THR interrupt on rising edge of
 IER.THRI
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-15-famz@redhat.com>
Patchwork-id: 75370
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 14/18] serial: only resample THR interrupt on rising edge of IER.THRI
Bugzilla: 1452332
Message-id: <20170518092131.16571-15-famz@redhat.com>
Patchwork-id: 75304
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 14/18] serial: only resample THR interrupt on rising edge of IER.THRI
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
SOURCES/kvm-serial-poll-the-serial-console-with-G_IO_HUP.patch
@@ -1,18 +1,18 @@
From 3ca9dc028e21f6e66e4ad21d6b2948e23691d2ae Mon Sep 17 00:00:00 2001
From 4b71b3a9e37d06da2ecc48e06eea7e4a4ae1cfe9 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:12 +0200
Date: Thu, 18 May 2017 09:21:20 +0200
Subject: [PATCH 07/18] serial: poll the serial console with G_IO_HUP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-8-famz@redhat.com>
Patchwork-id: 75363
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 07/18] serial: poll the serial console with G_IO_HUP
Bugzilla: 1452332
Message-id: <20170518092131.16571-8-famz@redhat.com>
Patchwork-id: 75297
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 07/18] serial: poll the serial console with G_IO_HUP
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Roger Pau Monne <roger.pau@citrix.com>
SOURCES/kvm-serial-reinstate-watch-after-migration.patch
New file
@@ -0,0 +1,72 @@
From ba96da130a625a71b574c1bb9f6027e3b8d655ab Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 9 Jun 2017 11:43:59 +0200
Subject: [PATCH 4/6] serial: reinstate watch after migration
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20170609114359.13036-4-pbonzini@redhat.com>
Patchwork-id: 75566
O-Subject: [RHEL7.4 qemu-kvm PATCH v2 3/3] serial: reinstate watch after migration
Bugzilla: 1452067
RH-Acked-by: David Hildenbrand <david@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Otherwise, a serial port can get stuck if it is migrated while flow control
is in effect.
Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 9f34a35e0020b0b2b2e21c086a486d7dfd18df4f)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 hw/char/serial.c | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)
diff --git a/hw/char/serial.c b/hw/char/serial.c
index 0518a6f..820960b 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -637,13 +637,34 @@ static int serial_post_load(void *opaque, int version_id)
     if (version_id < 3) {
         s->fcr_vmstate = 0;
     }
-    if (s->tsr_retry > MAX_XMIT_RETRY) {
-        s->tsr_retry = MAX_XMIT_RETRY;
-    }
-
     if (s->thr_ipending == -1) {
         s->thr_ipending = ((s->iir & UART_IIR_ID) == UART_IIR_THRI);
     }
+
+    if (s->tsr_retry > 0) {
+        /* tsr_retry > 0 implies LSR.TEMT = 0 (transmitter not empty).  */
+        if (s->lsr & UART_LSR_TEMT) {
+            error_report("inconsistent state in serial device "
+                         "(tsr empty, tsr_retry=%d", s->tsr_retry);
+            return -1;
+        }
+
+        if (s->tsr_retry > MAX_XMIT_RETRY) {
+            s->tsr_retry = MAX_XMIT_RETRY;
+        }
+
+        assert(s->watch_tag == 0);
+        s->watch_tag = qemu_chr_fe_add_watch(s->chr, G_IO_OUT|G_IO_HUP,
+                                             serial_watch_cb, s);
+    } else {
+        /* tsr_retry == 0 implies LSR.TEMT = 1 (transmitter empty).  */
+        if (!(s->lsr & UART_LSR_TEMT)) {
+            error_report("inconsistent state in serial device "
+                         "(tsr not empty, tsr_retry=0");
+            return -1;
+        }
+    }
+
     s->last_break_enable = (s->lcr >> 6) & 1;
     /* Initialize fcr via setter to perform essential side-effects */
     serial_write_fcr(s, s->fcr_vmstate);
--
1.8.3.1
SOURCES/kvm-serial-remove-watch-on-reset.patch
@@ -1,15 +1,15 @@
From ac39e63d788b8bcb748f08347312b0fccde7ce0e Mon Sep 17 00:00:00 2001
From 768dddfbe60ecc3a9a920101aa755804f8a5700e Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:23 +0200
Date: Thu, 18 May 2017 09:21:31 +0200
Subject: [PATCH 18/18] serial: remove watch on reset
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-19-famz@redhat.com>
Patchwork-id: 75373
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 18/18] serial: remove watch on reset
Bugzilla: 1452332
Message-id: <20170518092131.16571-19-famz@redhat.com>
Patchwork-id: 75308
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 18/18] serial: remove watch on reset
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
SOURCES/kvm-serial-reset-thri_pending-on-IER-writes-with-THRI-0.patch
@@ -1,15 +1,15 @@
From 6d2a5ef7994e753197bb9653872601db4e6cff5d Mon Sep 17 00:00:00 2001
From 09ff2706109ce647d1fe59e99f44f96810d80b7c Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:16 +0200
Date: Thu, 18 May 2017 09:21:24 +0200
Subject: [PATCH 11/18] serial: reset thri_pending on IER writes with THRI=0
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-12-famz@redhat.com>
Patchwork-id: 75365
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 11/18] serial: reset thri_pending on IER writes with THRI=0
Bugzilla: 1452332
Message-id: <20170518092131.16571-12-famz@redhat.com>
Patchwork-id: 75302
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 11/18] serial: reset thri_pending on IER writes with THRI=0
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
SOURCES/kvm-serial-separate-serial_xmit-and-serial_watch_cb.patch
@@ -1,15 +1,15 @@
From 2600e8a94c5434d07e820c7cf5bcd62d69849099 Mon Sep 17 00:00:00 2001
From 8497b21c6dabe117b27d76f3bdbd86d80b0dd1d7 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:22 +0200
Date: Thu, 18 May 2017 09:21:30 +0200
Subject: [PATCH 17/18] serial: separate serial_xmit and serial_watch_cb
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-18-famz@redhat.com>
Patchwork-id: 75368
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 17/18] serial: separate serial_xmit and serial_watch_cb
Bugzilla: 1452332
Message-id: <20170518092131.16571-18-famz@redhat.com>
Patchwork-id: 75309
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 17/18] serial: separate serial_xmit and serial_watch_cb
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
SOURCES/kvm-serial-simplify-tsr_retry-reset.patch
@@ -1,15 +1,15 @@
From 4a5819d1786be74df4b2393f72d6901e05d0eb4a Mon Sep 17 00:00:00 2001
From 8f143ae501a5bd1010dc4526ff8e0e85c4d2baf1 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:21 +0200
Date: Thu, 18 May 2017 09:21:29 +0200
Subject: [PATCH 16/18] serial: simplify tsr_retry reset
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-17-famz@redhat.com>
Patchwork-id: 75372
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 16/18] serial: simplify tsr_retry reset
Bugzilla: 1452332
Message-id: <20170518092131.16571-17-famz@redhat.com>
Patchwork-id: 75307
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 16/18] serial: simplify tsr_retry reset
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
SOURCES/kvm-serial-update-LSR-on-enabling-disabling-FIFOs.patch
@@ -1,15 +1,15 @@
From 727ebf3f24a6f519aab1306bad6e63014c76aec5 Mon Sep 17 00:00:00 2001
From d6acc0368578932ee6a2949054a6f640a5b6fa09 Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Fri, 19 May 2017 00:35:18 +0200
Date: Thu, 18 May 2017 09:21:26 +0200
Subject: [PATCH 13/18] serial: update LSR on enabling/disabling FIFOs
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170519003523.21163-14-famz@redhat.com>
Patchwork-id: 75369
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 13/18] serial: update LSR on enabling/disabling FIFOs
Bugzilla: 1452332
Message-id: <20170518092131.16571-14-famz@redhat.com>
Patchwork-id: 75306
O-Subject: [RHEL-7.4 qemu-kvm PATCH v3 13/18] serial: update LSR on enabling/disabling FIFOs
Bugzilla: 1451470
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
SOURCES/kvm-spice-fix-spice_chr_add_watch-pre-condition.patch
@@ -1,19 +1,19 @@
From 9b379db2f11257f5ef88979fdf9660eaa0ad6b4b Mon Sep 17 00:00:00 2001
From: Fam Zheng <famz@redhat.com>
Date: Tue, 6 Jun 2017 06:16:56 +0200
From a88811fcdd3dbc600a669eed0b106a5bf8f6b907 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Wed, 31 May 2017 08:09:49 +0200
Subject: [PATCH] spice: fix spice_chr_add_watch() pre-condition
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Fam Zheng <famz@redhat.com>
Message-id: <20170606061656.29212-2-famz@redhat.com>
Patchwork-id: 75488
O-Subject: [RHEL-7.3.z qemu-kvm PATCH 1/1] spice: fix spice_chr_add_watch() pre-condition
Bugzilla: 1452332
RH-Acked-by: John Snow <jsnow@redhat.com>
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: <20170531080949.17102-1-marcandre.lureau@redhat.com>
Patchwork-id: 75440
O-Subject: [RHEL-7.4 qemu-kvm PATCH] spice: fix spice_chr_add_watch() pre-condition
Bugzilla: 1456983
RH-Acked-by: Fam Zheng <famz@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: John Snow <jsnow@redhat.com>
From: Marc-André Lureau <marcandre.lureau@gmail.com>
@@ -24,18 +24,25 @@
https://bugzilla.redhat.com/show_bug.cgi?id=1128992
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1456983
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=13310981
"serial: poll the serial console with G_IO_HUP" was backported without
the Spice related fix.
(cherry picked from commit f7a8beb5e6a13dc924895244777d9ef08b23b367)
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 spice-qemu-char.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/spice-qemu-char.c b/spice-qemu-char.c
index 6d147a7..079c214 100644
index cd51f3c..02c568c 100644
--- a/spice-qemu-char.c
+++ b/spice-qemu-char.c
@@ -171,7 +171,7 @@ static GSource *spice_chr_add_watch(CharDriverState *chr, GIOCondition cond)
@@ -170,7 +170,7 @@ static GSource *spice_chr_add_watch(CharDriverState *chr, GIOCondition cond)
     SpiceCharDriver *scd = chr->opaque;
     SpiceCharSource *src;
 
SOURCES/kvm-spice-remove-spice-experimental.h-include.patch
New file
@@ -0,0 +1,58 @@
From 8ed773749fd59ff4036ded5ad106de027f92cefe Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 9 Mar 2017 06:12:04 +0100
Subject: [PATCH 16/17] spice: remove spice-experimental.h include
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
Message-id: <ed3cc22a1061a82e508c44c2c4b045997185c0e1.1489039263.git.mrezanin@redhat.com>
Patchwork-id: 74258
O-Subject: [RHEL-7.4 qemu-kvm PATCH 1/2] spice: remove spice-experimental.h include
Bugzilla: 1430606
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Acked-by: Marc-André Lureau <mlureau@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
From: Marc-André Lureau <marcandre.lureau@gmail.com>
Nothing seems to be using functions from spice-experimental.h (better
that way). Let's remove its inclusion.
Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit e0883e2de0ef36f254acc274e80ddeac13a2a8f6)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 spice-qemu-char.c | 1 -
 ui/spice-core.c   | 1 -
 2 files changed, 2 deletions(-)
diff --git a/spice-qemu-char.c b/spice-qemu-char.c
index 6d147a7..cd51f3c 100644
--- a/spice-qemu-char.c
+++ b/spice-qemu-char.c
@@ -3,7 +3,6 @@
 #include "ui/qemu-spice.h"
 #include "sysemu/char.h"
 #include <spice.h>
-#include <spice-experimental.h>
 #include <spice/protocol.h>
 #include "qemu/osdep.h"
diff --git a/ui/spice-core.c b/ui/spice-core.c
index 8d6e726..0585267 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -16,7 +16,6 @@
  */
 #include <spice.h>
-#include <spice-experimental.h>
 #include <netdb.h>
 #include "sysemu/sysemu.h"
--
1.8.3.1
SOURCES/kvm-spice-replace-use-of-deprecated-API.patch
New file
@@ -0,0 +1,179 @@
From 43d3585ba869c97c46cffc3c9fd7e46885d539c0 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 9 Mar 2017 06:12:05 +0100
Subject: [PATCH 17/17] spice: replace use of deprecated API
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
Message-id: <4696b589a948f544ea081abeb496cb383a466020.1489039263.git.mrezanin@redhat.com>
Patchwork-id: 74259
O-Subject: [RHEL-7.4 qemu-kvm PATCH 2/2] spice: replace use of deprecated API
Bugzilla: 1430606
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Acked-by: Marc-André Lureau <mlureau@redhat.com>
RH-Acked-by: David Hildenbrand <david@redhat.com>
From: Marc-André Lureau <marcandre.lureau@gmail.com>
hose API are deprecated since 0.11, and qemu depends on 0.12 already.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 26defe81f6a878f33e0aaeb1df4d0d7022c929ca)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 hw/display/qxl.c   | 16 ++++++++--------
 ui/spice-core.c    | 15 +++++++--------
 ui/spice-display.c | 10 +++++-----
 3 files changed, 20 insertions(+), 21 deletions(-)
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index c76c237..0a755df 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -162,7 +162,7 @@ void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id,
     trace_qxl_spice_update_area_rest(qxl->id, num_dirty_rects,
                                      clear_dirty_region);
     if (async == QXL_SYNC) {
-        qxl->ssd.worker->update_area(qxl->ssd.worker, surface_id, area,
+        spice_qxl_update_area(&qxl->ssd.qxl, surface_id, area,
                         dirty_rects, num_dirty_rects, clear_dirty_region);
     } else {
         assert(cookie != NULL);
@@ -193,7 +193,7 @@ static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id,
         cookie->u.surface_id = id;
         spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, (uintptr_t)cookie);
     } else {
-        qxl->ssd.worker->destroy_surface_wait(qxl->ssd.worker, id);
+        spice_qxl_destroy_surface_wait(&qxl->ssd.qxl, id);
         qxl_spice_destroy_surface_wait_complete(qxl, id);
     }
 }
@@ -211,19 +211,19 @@ void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext,
                                uint32_t count)
 {
     trace_qxl_spice_loadvm_commands(qxl->id, ext, count);
-    qxl->ssd.worker->loadvm_commands(qxl->ssd.worker, ext, count);
+    spice_qxl_loadvm_commands(&qxl->ssd.qxl, ext, count);
 }
 void qxl_spice_oom(PCIQXLDevice *qxl)
 {
     trace_qxl_spice_oom(qxl->id);
-    qxl->ssd.worker->oom(qxl->ssd.worker);
+    spice_qxl_oom(&qxl->ssd.qxl);
 }
 void qxl_spice_reset_memslots(PCIQXLDevice *qxl)
 {
     trace_qxl_spice_reset_memslots(qxl->id);
-    qxl->ssd.worker->reset_memslots(qxl->ssd.worker);
+    spice_qxl_reset_memslots(&qxl->ssd.qxl);
 }
 static void qxl_spice_destroy_surfaces_complete(PCIQXLDevice *qxl)
@@ -244,7 +244,7 @@ static void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl, qxl_async_io async)
                 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
                                           QXL_IO_DESTROY_ALL_SURFACES_ASYNC));
     } else {
-        qxl->ssd.worker->destroy_surfaces(qxl->ssd.worker);
+        spice_qxl_destroy_surfaces(&qxl->ssd.qxl);
         qxl_spice_destroy_surfaces_complete(qxl);
     }
 }
@@ -283,13 +283,13 @@ static void qxl_spice_monitors_config_async(PCIQXLDevice *qxl, int replay)
 void qxl_spice_reset_image_cache(PCIQXLDevice *qxl)
 {
     trace_qxl_spice_reset_image_cache(qxl->id);
-    qxl->ssd.worker->reset_image_cache(qxl->ssd.worker);
+    spice_qxl_reset_image_cache(&qxl->ssd.qxl);
 }
 void qxl_spice_reset_cursor(PCIQXLDevice *qxl)
 {
     trace_qxl_spice_reset_cursor(qxl->id);
-    qxl->ssd.worker->reset_cursor(qxl->ssd.worker);
+    spice_qxl_reset_cursor(&qxl->ssd.qxl);
     qemu_mutex_lock(&qxl->track_lock);
     qxl->guest_cursor = 0;
     qemu_mutex_unlock(&qxl->track_lock);
diff --git a/ui/spice-core.c b/ui/spice-core.c
index 0585267..0cd60f3 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -383,17 +383,16 @@ static SpiceChannelList *qmp_query_spice_channels(void)
         struct sockaddr *paddr;
         socklen_t plen;
+        if (!(item->info->flags & SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT)) {
+            error_report("invalid channel event");
+            return NULL;
+        }
+
         chan = g_malloc0(sizeof(*chan));
         chan->value = g_malloc0(sizeof(*chan->value));
-        if (item->info->flags & SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT) {
-            paddr = (struct sockaddr *)&item->info->paddr_ext;
-            plen = item->info->plen_ext;
-        } else {
-            paddr = &item->info->paddr;
-            plen = item->info->plen;
-        }
-
+        paddr = (struct sockaddr *)&item->info->paddr_ext;
+        plen = item->info->plen_ext;
         getnameinfo(paddr, plen,
                     host, sizeof(host), port, sizeof(port),
                     NI_NUMERICHOST | NI_NUMERICSERV);
diff --git a/ui/spice-display.c b/ui/spice-display.c
index d29d2ab..e2c24a9 100644
--- a/ui/spice-display.c
+++ b/ui/spice-display.c
@@ -83,14 +83,14 @@ void qemu_spice_add_memslot(SimpleSpiceDisplay *ssd, QXLDevMemSlot *memslot,
                 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
                                           QXL_IO_MEMSLOT_ADD_ASYNC));
     } else {
-        ssd->worker->add_memslot(ssd->worker, memslot);
+        spice_qxl_add_memslot(&ssd->qxl, memslot);
     }
 }
 void qemu_spice_del_memslot(SimpleSpiceDisplay *ssd, uint32_t gid, uint32_t sid)
 {
     trace_qemu_spice_del_memslot(ssd->qxl.id, gid, sid);
-    ssd->worker->del_memslot(ssd->worker, gid, sid);
+    spice_qxl_del_memslot(&ssd->qxl, gid, sid);
 }
 void qemu_spice_create_primary_surface(SimpleSpiceDisplay *ssd, uint32_t id,
@@ -103,7 +103,7 @@ void qemu_spice_create_primary_surface(SimpleSpiceDisplay *ssd, uint32_t id,
                 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
                                           QXL_IO_CREATE_PRIMARY_ASYNC));
     } else {
-        ssd->worker->create_primary_surface(ssd->worker, id, surface);
+        spice_qxl_create_primary_surface(&ssd->qxl, id, surface);
     }
 }
@@ -116,14 +116,14 @@ void qemu_spice_destroy_primary_surface(SimpleSpiceDisplay *ssd,
                 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
                                           QXL_IO_DESTROY_PRIMARY_ASYNC));
     } else {
-        ssd->worker->destroy_primary_surface(ssd->worker, id);
+        spice_qxl_destroy_primary_surface(&ssd->qxl, id);
     }
 }
 void qemu_spice_wakeup(SimpleSpiceDisplay *ssd)
 {
     trace_qemu_spice_wakeup(ssd->qxl.id);
-    ssd->worker->wakeup(ssd->worker);
+    spice_qxl_wakeup(&ssd->qxl);
 }
 static void qemu_spice_create_one_update(SimpleSpiceDisplay *ssd,
--
1.8.3.1
SOURCES/kvm-target-i386-Define-TCG_-_FEATURES-earlier-in-cpu.c.patch
New file
@@ -0,0 +1,171 @@
From 30c05c032f0af4e959b304f5223dbaf331955488 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Thu, 23 Feb 2017 14:29:43 +0100
Subject: [PATCH 13/17] target-i386: Define TCG_*_FEATURES earlier in cpu.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
Message-id: <20170223142945.17790-13-ehabkost@redhat.com>
Patchwork-id: 74042
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 12/14] target-i386: Define TCG_*_FEATURES earlier in cpu.c
Bugzilla: 1382122
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
Those macros will be used in the feature_word_info array data, so need
to be defined earlier.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 621626ce7d44f008298c7e6cfefa9fbb80a33dc2)
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 target-i386/cpu.c | 121 +++++++++++++++++++++++++++---------------------------
 1 file changed, 61 insertions(+), 60 deletions(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index e6821b6..d611062 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -187,6 +187,67 @@ static const char *cpuid_xsave_feature_name[] = {
     NULL, NULL, NULL, NULL,
 };
+#define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
+#define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \
+          CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC)
+#define PENTIUM2_FEATURES (PENTIUM_FEATURES | CPUID_PAE | CPUID_SEP | \
+          CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
+          CPUID_PSE36 | CPUID_FXSR)
+#define PENTIUM3_FEATURES (PENTIUM2_FEATURES | CPUID_SSE)
+#define PPRO_FEATURES (CPUID_FP87 | CPUID_DE | CPUID_PSE | CPUID_TSC | \
+          CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_PGE | CPUID_CMOV | \
+          CPUID_PAT | CPUID_FXSR | CPUID_MMX | CPUID_SSE | CPUID_SSE2 | \
+          CPUID_PAE | CPUID_SEP | CPUID_APIC)
+
+#define TCG_FEATURES (CPUID_FP87 | CPUID_PSE | CPUID_TSC | CPUID_MSR | \
+          CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC | CPUID_SEP | \
+          CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
+          CPUID_PSE36 | CPUID_CLFLUSH | CPUID_ACPI | CPUID_MMX | \
+          CPUID_FXSR | CPUID_SSE | CPUID_SSE2 | CPUID_SS)
+          /* partly implemented:
+          CPUID_MTRR, CPUID_MCA, CPUID_CLFLUSH (needed for Win64)
+          CPUID_PSE36 (needed for Solaris) */
+          /* missing:
+          CPUID_VME, CPUID_DTS, CPUID_SS, CPUID_HT, CPUID_TM, CPUID_PBE */
+#define TCG_EXT_FEATURES (CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | \
+          CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | \
+          CPUID_EXT_SSE41 | CPUID_EXT_SSE42 | CPUID_EXT_POPCNT | \
+          CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR)
+          /* missing:
+          CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_VMX, CPUID_EXT_SMX,
+          CPUID_EXT_EST, CPUID_EXT_TM2, CPUID_EXT_CID, CPUID_EXT_FMA,
+          CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_PCID, CPUID_EXT_DCA,
+          CPUID_EXT_X2APIC, CPUID_EXT_TSC_DEADLINE_TIMER, CPUID_EXT_XSAVE,
+          CPUID_EXT_OSXSAVE, CPUID_EXT_AVX, CPUID_EXT_F16C,
+          CPUID_EXT_RDRAND */
+
+#ifdef TARGET_X86_64
+#define TCG_EXT2_X86_64_FEATURES (CPUID_EXT2_SYSCALL | CPUID_EXT2_LM)
+#else
+#define TCG_EXT2_X86_64_FEATURES 0
+#endif
+
+#define TCG_EXT2_FEATURES ((TCG_FEATURES & CPUID_EXT2_AMD_ALIASES) | \
+          CPUID_EXT2_NX | CPUID_EXT2_MMXEXT | CPUID_EXT2_RDTSCP | \
+          CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT | \
+          TCG_EXT2_X86_64_FEATURES)
+          /* missing:
+          CPUID_EXT2_PDPE1GB */
+#define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \
+          CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A)
+#define TCG_EXT4_FEATURES 0
+#define TCG_SVM_FEATURES 0
+#define TCG_KVM_FEATURES 0
+#define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
+          CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX)
+          /* missing:
+          CPUID_7_0_EBX_FSGSBASE, CPUID_7_0_EBX_HLE, CPUID_7_0_EBX_AVX2,
+          CPUID_7_0_EBX_ERMS, CPUID_7_0_EBX_INVPCID, CPUID_7_0_EBX_RTM,
+          CPUID_7_0_EBX_RDSEED */
+#define TCG_7_0_ECX_FEATURES 0
+#define TCG_7_0_EDX_FEATURES 0
+
+
 typedef struct FeatureWordInfo {
     const char **feat_names;
     uint32_t cpuid_eax;   /* Input EAX for CPUID */
@@ -453,66 +514,6 @@ typedef struct x86_def_t {
     char model_id[48];
 } x86_def_t;
-#define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
-#define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \
-          CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC)
-#define PENTIUM2_FEATURES (PENTIUM_FEATURES | CPUID_PAE | CPUID_SEP | \
-          CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
-          CPUID_PSE36 | CPUID_FXSR)
-#define PENTIUM3_FEATURES (PENTIUM2_FEATURES | CPUID_SSE)
-#define PPRO_FEATURES (CPUID_FP87 | CPUID_DE | CPUID_PSE | CPUID_TSC | \
-          CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_PGE | CPUID_CMOV | \
-          CPUID_PAT | CPUID_FXSR | CPUID_MMX | CPUID_SSE | CPUID_SSE2 | \
-          CPUID_PAE | CPUID_SEP | CPUID_APIC)
-
-#define TCG_FEATURES (CPUID_FP87 | CPUID_PSE | CPUID_TSC | CPUID_MSR | \
-          CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC | CPUID_SEP | \
-          CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
-          CPUID_PSE36 | CPUID_CLFLUSH | CPUID_ACPI | CPUID_MMX | \
-          CPUID_FXSR | CPUID_SSE | CPUID_SSE2 | CPUID_SS)
-          /* partly implemented:
-          CPUID_MTRR, CPUID_MCA, CPUID_CLFLUSH (needed for Win64)
-          CPUID_PSE36 (needed for Solaris) */
-          /* missing:
-          CPUID_VME, CPUID_DTS, CPUID_SS, CPUID_HT, CPUID_TM, CPUID_PBE */
-#define TCG_EXT_FEATURES (CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | \
-          CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | \
-          CPUID_EXT_SSE41 | CPUID_EXT_SSE42 | CPUID_EXT_POPCNT | \
-          CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR)
-          /* missing:
-          CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_VMX, CPUID_EXT_SMX,
-          CPUID_EXT_EST, CPUID_EXT_TM2, CPUID_EXT_CID, CPUID_EXT_FMA,
-          CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_PCID, CPUID_EXT_DCA,
-          CPUID_EXT_X2APIC, CPUID_EXT_TSC_DEADLINE_TIMER, CPUID_EXT_XSAVE,
-          CPUID_EXT_OSXSAVE, CPUID_EXT_AVX, CPUID_EXT_F16C,
-          CPUID_EXT_RDRAND */
-
-#ifdef TARGET_X86_64
-#define TCG_EXT2_X86_64_FEATURES (CPUID_EXT2_SYSCALL | CPUID_EXT2_LM)
-#else
-#define TCG_EXT2_X86_64_FEATURES 0
-#endif
-
-#define TCG_EXT2_FEATURES ((TCG_FEATURES & CPUID_EXT2_AMD_ALIASES) | \
-          CPUID_EXT2_NX | CPUID_EXT2_MMXEXT | CPUID_EXT2_RDTSCP | \
-          CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT | \
-          TCG_EXT2_X86_64_FEATURES)
-          /* missing:
-          CPUID_EXT2_PDPE1GB */
-#define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \
-          CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A)
-#define TCG_EXT4_FEATURES 0
-#define TCG_SVM_FEATURES 0
-#define TCG_KVM_FEATURES 0
-#define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
-          CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX)
-          /* missing:
-          CPUID_7_0_EBX_FSGSBASE, CPUID_7_0_EBX_HLE, CPUID_7_0_EBX_AVX2,
-          CPUID_7_0_EBX_ERMS, CPUID_7_0_EBX_INVPCID, CPUID_7_0_EBX_RTM,
-          CPUID_7_0_EBX_RDSEED */
-#define TCG_7_0_ECX_FEATURES 0
-#define TCG_7_0_EDX_FEATURES 0
-
 /* built-in CPU model definitions
  */
 static x86_def_t builtin_x86_defs[] = {
--
1.8.3.1
SOURCES/kvm-target-i386-Filter-FEAT_7_0_EBX-TCG-features-too.patch
New file
@@ -0,0 +1,56 @@
From 65c528e40cc9e6d3d887fd79284d465bb482bbe2 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Thu, 23 Feb 2017 14:29:41 +0100
Subject: [PATCH 11/17] target-i386: Filter FEAT_7_0_EBX TCG features too
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
Message-id: <20170223142945.17790-11-ehabkost@redhat.com>
Patchwork-id: 74044
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 10/14] target-i386: Filter FEAT_7_0_EBX TCG features too
Bugzilla: 1382122
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
The TCG_7_0_EBX_FEATURES macro was defined but never used (it even had a
typo that was never noticed). Make the existing TCG feature filtering
code use it.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit d0a70f46fa9a3257089a56f2f620b0eff868557f)
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 target-i386/cpu.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index e32d4d7..d424211 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -502,7 +502,7 @@ typedef struct x86_def_t {
 #define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \
           CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A)
 #define TCG_SVM_FEATURES 0
-#define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP \
+#define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
           CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX)
           /* missing:
           CPUID_7_0_EBX_FSGSBASE, CPUID_7_0_EBX_HLE, CPUID_7_0_EBX_AVX2,
@@ -2640,6 +2640,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
     if (!kvm_enabled()) {
         env->features[FEAT_1_EDX] &= TCG_FEATURES;
         env->features[FEAT_1_ECX] &= TCG_EXT_FEATURES;
+        env->features[FEAT_7_0_EBX] &= TCG_7_0_EBX_FEATURES;
         env->features[FEAT_8000_0001_EDX] &= TCG_EXT2_FEATURES;
         env->features[FEAT_8000_0001_ECX] &= TCG_EXT3_FEATURES;
         env->features[FEAT_SVM] &= TCG_SVM_FEATURES;
--
1.8.3.1
SOURCES/kvm-target-i386-Filter-KVM-and-0xC0000001-features-on-TC.patch
New file
@@ -0,0 +1,57 @@
From d037664335efca55df79abcde79f4f2733ca535b Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Thu, 23 Feb 2017 14:29:42 +0100
Subject: [PATCH 12/17] target-i386: Filter KVM and 0xC0000001 features on TCG
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
Message-id: <20170223142945.17790-12-ehabkost@redhat.com>
Patchwork-id: 74040
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 11/14] target-i386: Filter KVM and 0xC0000001 features on TCG
Bugzilla: 1382122
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
TCG doesn't support any of the feature flags on FEAT_KVM and
FEAT_C000_0001_EDX feature words, so clear all bits on those feature
words.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 84a6c6cd40687598c7e85d7de8095e08b5e636d7)
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 target-i386/cpu.c | 4 ++++
 1 file changed, 4 insertions(+)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index d424211..e6821b6 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -501,7 +501,9 @@ typedef struct x86_def_t {
           CPUID_EXT2_PDPE1GB */
 #define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \
           CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A)
+#define TCG_EXT4_FEATURES 0
 #define TCG_SVM_FEATURES 0
+#define TCG_KVM_FEATURES 0
 #define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
           CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX)
           /* missing:
@@ -2644,6 +2646,8 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
         env->features[FEAT_8000_0001_EDX] &= TCG_EXT2_FEATURES;
         env->features[FEAT_8000_0001_ECX] &= TCG_EXT3_FEATURES;
         env->features[FEAT_SVM] &= TCG_SVM_FEATURES;
+        env->features[FEAT_KVM] &= TCG_KVM_FEATURES;
+        env->features[FEAT_C000_0001_EDX] &= TCG_EXT4_FEATURES;
         env->features[FEAT_XSAVE] = 0;
         env->features[FEAT_7_0_ECX] &= TCG_7_0_ECX_FEATURES;
         env->features[FEAT_7_0_EDX] &= TCG_7_0_EDX_FEATURES;
--
1.8.3.1
SOURCES/kvm-target-i386-Loop-based-copying-and-setting-unsetting.patch
New file
@@ -0,0 +1,112 @@
From 04a8a3d76b171deb5eaf8318591e5cfaea3cc843 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Thu, 23 Feb 2017 14:29:44 +0100
Subject: [PATCH 14/17] target-i386: Loop-based copying and setting/unsetting
 of feature words
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
Message-id: <20170223142945.17790-14-ehabkost@redhat.com>
Patchwork-id: 74045
O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 13/14] target-i386: Loop-based copying and setting/unsetting of feature words
Bugzilla: 1382122
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
Now that we have the feature word arrays, we don't need to manually copy
each array item, we can simply iterate through each feature word.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit e1c224b4eb3b8693c230bb2762a959ae1f531f76)
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 target-i386/cpu.c | 44 ++++++++++----------------------------------
 1 file changed, 10 insertions(+), 34 deletions(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index d611062..010b95f 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1755,6 +1755,7 @@ static inline void feat2prop(char *s)
 static void cpu_x86_parse_featurestr(X86CPU *cpu, char *features, Error **errp)
 {
     char *featurestr; /* Single 'key=value" string being parsed */
+    FeatureWord w;
     /* Features to be added */
     FeatureWordArray plus_features = { 0 };
     /* Features to be removed */
@@ -1844,28 +1845,11 @@ static void cpu_x86_parse_featurestr(X86CPU *cpu, char *features, Error **errp)
         }
         featurestr = strtok(NULL, ",");
     }
-    env->features[FEAT_1_EDX] |= plus_features[FEAT_1_EDX];
-    env->features[FEAT_1_ECX] |= plus_features[FEAT_1_ECX];
-    env->features[FEAT_8000_0001_EDX] |= plus_features[FEAT_8000_0001_EDX];
-    env->features[FEAT_8000_0001_ECX] |= plus_features[FEAT_8000_0001_ECX];
-    env->features[FEAT_C000_0001_EDX] |= plus_features[FEAT_C000_0001_EDX];
-    env->features[FEAT_KVM] |= plus_features[FEAT_KVM];
-    env->features[FEAT_SVM] |= plus_features[FEAT_SVM];
-    env->features[FEAT_7_0_EBX] |= plus_features[FEAT_7_0_EBX];
-    env->features[FEAT_7_0_ECX] |= plus_features[FEAT_7_0_ECX];
-    env->features[FEAT_7_0_EDX] |= plus_features[FEAT_7_0_EDX];
-    env->features[FEAT_XSAVE] |= plus_features[FEAT_XSAVE];
-    env->features[FEAT_1_EDX] &= ~minus_features[FEAT_1_EDX];
-    env->features[FEAT_1_ECX] &= ~minus_features[FEAT_1_ECX];
-    env->features[FEAT_8000_0001_EDX] &= ~minus_features[FEAT_8000_0001_EDX];
-    env->features[FEAT_8000_0001_ECX] &= ~minus_features[FEAT_8000_0001_ECX];
-    env->features[FEAT_C000_0001_EDX] &= ~minus_features[FEAT_C000_0001_EDX];
-    env->features[FEAT_KVM] &= ~minus_features[FEAT_KVM];
-    env->features[FEAT_SVM] &= ~minus_features[FEAT_SVM];
-    env->features[FEAT_7_0_EBX] &= ~minus_features[FEAT_7_0_EBX];
-    env->features[FEAT_7_0_ECX] &= ~minus_features[FEAT_7_0_ECX];
-    env->features[FEAT_7_0_EDX] &= ~minus_features[FEAT_7_0_EDX];
-    env->features[FEAT_XSAVE] &= ~minus_features[FEAT_XSAVE];
+
+    for (w = 0; w < FEATURE_WORDS; w++) {
+        env->features[w] |= plus_features[w];
+        env->features[w] &= ~minus_features[w];
+    }
 out:
     return;
@@ -1974,6 +1958,7 @@ static void cpu_x86_register(X86CPU *cpu, const char *name, Error **errp)
 {
     CPUX86State *env = &cpu->env;
     x86_def_t def1, *def = &def1;
+    FeatureWord w;
     memset(def, 0, sizeof(*def));
@@ -1992,21 +1977,12 @@ static void cpu_x86_register(X86CPU *cpu, const char *name, Error **errp)
     object_property_set_int(OBJECT(cpu), def->family, "family", errp);
     object_property_set_int(OBJECT(cpu), def->model, &qu