From 492d6c1fff32243a7dbc5b9b9ab67fd2e6af2523 Mon Sep 17 00:00:00 2001
From: Fabiano Fidêncio <fidencio@redhat.com>
Date: Mar 17 2020 10:12:56 +0000
Subject: qemu-4.2.0-7.fc33


Fix segfault with SR-IOV hot-{plug,unplug} (bz #1814017)

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

---

diff --git a/0118-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch b/0118-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch
new file mode 100644
index 0000000..a510fc1
--- /dev/null
+++ b/0118-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch
@@ -0,0 +1,45 @@
+From 0446f8121723b134ca1d1ed0b73e96d4a0a8689d Mon Sep 17 00:00:00 2001
+From: Peter Xu <peterx@redhat.com>
+Date: Mon, 6 Jan 2020 13:34:45 -0700
+Subject: [PATCH] vfio/pci: Don't remove irqchip notifier if not registered
+
+The kvm irqchip notifier is only registered if the device supports
+INTx, however it's unconditionally removed.  If the assigned device
+does not support INTx, this will cause QEMU to crash when unplugging
+the device from the system.  Change it to conditionally remove the
+notifier only if the notify hook is setup.
+
+CC: Eduardo Habkost <ehabkost@redhat.com>
+CC: David Gibson <david@gibson.dropbear.id.au>
+CC: Alex Williamson <alex.williamson@redhat.com>
+Cc: qemu-stable@nongnu.org # v4.2
+Reported-by: yanghliu@redhat.com
+Debugged-by: Eduardo Habkost <ehabkost@redhat.com>
+Fixes: c5478fea27ac ("vfio/pci: Respond to KVM irqchip change notifier")
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1782678
+Signed-off-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
+Reviewed-by: Greg Kurz <groug@kaod.org>
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+---
+ hw/vfio/pci.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 2d40b396f2..337a173ce7 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3076,7 +3076,9 @@ static void vfio_exitfn(PCIDevice *pdev)
+     vfio_unregister_req_notifier(vdev);
+     vfio_unregister_err_notifier(vdev);
+     pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
+-    kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
++    if (vdev->irqchip_change_notifier.notify) {
++        kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
++    }
+     vfio_disable_interrupts(vdev);
+     if (vdev->intx.mmap_timer) {
+         timer_free(vdev->intx.mmap_timer);
+-- 
+2.25.1
+
diff --git a/qemu.spec b/qemu.spec
index db565ae..66c2948 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -161,7 +161,7 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
 Version: 4.2.0
-Release: 6%{?rcrel}%{?dist}
+Release: 7%{?rcrel}%{?dist}
 Epoch: 2
 License: GPLv2 and BSD and MIT and CC-BY
 URL: http://www.qemu.org/
@@ -305,6 +305,8 @@ Patch0114: 0114-virtiofsd-Convert-lo_destroy-to-take-the-lo-mutex-lo.patch
 Patch0115: 0115-virtiofsd-passthrough_ll-Pass-errno-to-fuse_reply_er.patch
 Patch0116: 0116-virtiofsd-stop-all-queue-threads-on-exit-in-virtio_l.patch
 Patch0117: 0117-virtiofsd-add-some-options-to-the-help-message.patch
+# Fix segfault with SR-IOV hot-{plug,unplug}
+Patch0118: 0118-vfio-pci-Don-t-remove-irqchip-notifier-if-not-regist.patch
 
 # Fix ppc shutdown issue (bz #1784961)
 Patch0201: 0201-spapr-Don-t-trigger-a-CAS-reboot-for-XICS-XIVE-mode-.patch
@@ -2010,6 +2012,9 @@ getent passwd qemu >/dev/null || \
 
 
 %changelog
+* Tue Mar 17 2020 Fabiano Fidêncio <fidencio@redhat.com> - 2:4.2.0-7
+- Fix segfault with SR-IOV hot-{plug,unplug} (bz #1814017)
+
 * Tue Feb 25 2020 Cole Robinson <crobinso@redhat.com> - 2:4.2.0-6
 - Rebuild for libiscsi soname bump