From 58d4fdd06823b00c7eae52346e6351eb699c61d0 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Dec 15 2020 16:08:24 +0000
Subject: import qemu-kvm-4.2.0-34.module+el8.3.0+8829+e7a0a3ea.1


---

diff --git a/SOURCES/kvm-seccomp-fix-killing-of-whole-process-instead-of-thre.patch b/SOURCES/kvm-seccomp-fix-killing-of-whole-process-instead-of-thre.patch
new file mode 100644
index 0000000..b22b2b2
--- /dev/null
+++ b/SOURCES/kvm-seccomp-fix-killing-of-whole-process-instead-of-thre.patch
@@ -0,0 +1,79 @@
+From 2edf1c3a2ee65ef0e4f6bd4f8de650e529f5481d Mon Sep 17 00:00:00 2001
+From: Eduardo Otubo <otubo@redhat.com>
+Date: Tue, 15 Sep 2020 15:15:49 -0400
+Subject: [PATCH] seccomp: fix killing of whole process instead of thread
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eduardo Otubo <otubo@redhat.com>
+Message-id: <20200915151549.5007-1-otubo@redhat.com>
+Patchwork-id: 98392
+O-Subject: [RHEL-AV-8.3.0/RHEL-8.3.0 qemu-kvm PATCH] seccomp: fix killing of whole process instead of thread
+Bugzilla: 1890885
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Acked-by: Daniel P. Berrange <berrange@redhat.com>
+
+BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1752376
+BRANCH: rhel-av-8.3.0
+UPSTREAM: Merged
+BREW: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=31339152
+
+BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1752376
+BRANCH: rhel-8.3.0
+UPSTREAM: Merged
+BREW: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=31339111
+
+From: Daniel P. Berrangé <berrange@redhat.com>
+
+Back in 2018 we introduced support for killing the whole QEMU process
+instead of just one thread, when a seccomp rule is violated:
+
+  commit bda08a5764d470f101fa38635d30b41179a313e1
+  Author: Marc-André Lureau <marcandre.lureau@redhat.com>
+  Date:   Wed Aug 22 19:02:48 2018 +0200
+
+    seccomp: prefer SCMP_ACT_KILL_PROCESS if available
+
+Fast forward a year and we introduced a patch to avoid killing the
+process for resource control syscalls tickled by Mesa.
+
+  commit 9a1565a03b79d80b236bc7cc2dbce52a2ef3a1b8
+  Author: Daniel P. Berrangé <berrange@redhat.com>
+  Date:   Wed Mar 13 09:49:03 2019 +0000
+
+    seccomp: don't kill process for resource control syscalls
+
+Unfortunately a logic bug effectively reverted the first commit
+mentioned so that we go back to only killing the thread, not the whole
+process.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Acked-by: Eduardo Otubo <otubo@redhat.com>
+(cherry picked from commit e474e3aacf4276eb0781d11c45e2fab996f9dc56)
+Signed-off-by: Eduardo Otubo <otubo@redhat.com>
+Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
+---
+ qemu-seccomp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/qemu-seccomp.c b/qemu-seccomp.c
+index e0a1829b3dd..8325ecb766e 100644
+--- a/qemu-seccomp.c
++++ b/qemu-seccomp.c
+@@ -136,8 +136,9 @@ static uint32_t qemu_seccomp_get_action(int set)
+ 
+             if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
+                 kill_process = 1;
++            } else {
++                kill_process = 0;
+             }
+-            kill_process = 0;
+         }
+         if (kill_process == 1) {
+             return SCMP_ACT_KILL_PROCESS;
+-- 
+2.27.0
+
diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec
index 0e99a6f..483b69d 100644
--- a/SPECS/qemu-kvm.spec
+++ b/SPECS/qemu-kvm.spec
@@ -67,7 +67,7 @@ Obsoletes: %1-rhev
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 4.2.0
-Release: 34%{?dist}
+Release: 34%{?dist}.1
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 Epoch: 15
 License: GPLv2 and GPLv2+ and CC-BY
@@ -938,6 +938,8 @@ Patch390: kvm-target-i386-sev-fail-query-sev-capabilities-if-QEMU-.patch
 Patch391: kvm-s390x-protvirt-allow-to-IPL-secure-guests-with-no-re.patch
 # For bz#1869710 - CVE-2020-14364 qemu-kvm: QEMU: usb: out-of-bounds r/w access issue while processing usb packets [rhel-8.3.0]
 Patch392: kvm-usb-fix-setup_len-init-CVE-2020-14364.patch
+# For bz#1890885 - qemu use SCMP_ACT_TRAP even SCMP_ACT_KILL_PROCESS is available [rhel-8.3.0.z]
+Patch393: kvm-seccomp-fix-killing-of-whole-process-instead-of-thre.patch
 
 BuildRequires: wget
 BuildRequires: rpm-build
@@ -1873,6 +1875,11 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 
 
 %changelog
+* Mon Nov 23 2020 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-34.el8_3.1
+- kvm-seccomp-fix-killing-of-whole-process-instead-of-thre.patch [bz#1890885]
+- Resolves: bz#1890885
+  (qemu use SCMP_ACT_TRAP even SCMP_ACT_KILL_PROCESS is available [rhel-8.3.0.z])
+
 * Tue Sep 08 2020 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.2.0-34.el8
 - kvm-usb-fix-setup_len-init-CVE-2020-14364.patch [bz#1869710]
 - Resolves: bz#1869710