From dc1fe05711e34d24222accdceffdb4741c3f275f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 05 2022 10:21:07 +0000 Subject: import qemu-kvm-6.2.0-11.el9_0.2 --- diff --git a/SOURCES/kvm-RHEL-mark-old-machine-types-as-deprecated.patch b/SOURCES/kvm-RHEL-mark-old-machine-types-as-deprecated.patch new file mode 100644 index 0000000..b6d4003 --- /dev/null +++ b/SOURCES/kvm-RHEL-mark-old-machine-types-as-deprecated.patch @@ -0,0 +1,110 @@ +From dcc64971bf25e5c2303d551fb2fef448a5e8f4fd Mon Sep 17 00:00:00 2001 +From: Cornelia Huck +Date: Thu, 3 Mar 2022 10:57:37 +0100 +Subject: [PATCH 1/5] RHEL: mark old machine types as deprecated +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Cornelia Huck +RH-MergeRequest: 119: RHEL: mark old machine types as deprecated +RH-Commit: [1/1] 5d7531d23fac5dd67c3cc202f538b25f26393600 (cohuck/qemu-kvm) +RH-Bugzilla: 2052050 +RH-Acked-by: Thomas Huth +RH-Acked-by: Dr. David Alan Gilbert +RH-Acked-by: Daniel P. Berrangé + +We want to make it obvious that we consider machine types for older +RHEL major releases to be deprecated; we only carry them for +compatibility purposes. + +Let's mark all rhel-7.x and rhel-8.x machine type as deprecated via +QEMU's existing deprecation mechanism; those machine types will +continue to work as expected, but commands like 'virsh capabilities', +'virsh dominfo', or the libvirt log will tag the machine as +deprecated. + +Signed-off-by: Cornelia Huck +--- + hw/core/machine.c | 6 ++++++ + hw/i386/pc_piix.c | 4 ++++ + hw/i386/pc_q35.c | 4 ++++ + hw/s390x/s390-virtio-ccw.c | 3 +++ + include/hw/boards.h | 2 ++ + 5 files changed, 19 insertions(+) + +diff --git a/hw/core/machine.c b/hw/core/machine.c +index 669d3d8b91..5fae55d6cd 100644 +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -37,6 +37,12 @@ + #include "hw/virtio/virtio.h" + #include "hw/virtio/virtio-pci.h" + ++/* ++ * RHEL only: machine types for previous major releases are deprecated ++ */ ++const char *rhel_old_machine_deprecation = ++ "machine types for previous major releases are deprecated"; ++ + /* + * Mostly the same as hw_compat_6_0 and hw_compat_6_1 + */ +diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c +index fccb7f5fc9..cf68d7498c 100644 +--- a/hw/i386/pc_piix.c ++++ b/hw/i386/pc_piix.c +@@ -989,6 +989,10 @@ static void pc_machine_rhel760_options(MachineClass *m) + m->desc = "RHEL 7.6.0 PC (i440FX + PIIX, 1996)"; + m->async_pf_vmexit_disable = true; + m->smbus_no_migration_support = true; ++ ++ /* All RHEL machines for prior major releases are deprecated */ ++ m->deprecation_reason = rhel_old_machine_deprecation; ++ + pcmc->pvh_enabled = false; + pcmc->default_cpu_version = CPU_VERSION_LEGACY; + pcmc->kvmclock_create_always = false; +diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c +index bf9ad32f0e..c8e06da084 100644 +--- a/hw/i386/pc_q35.c ++++ b/hw/i386/pc_q35.c +@@ -674,6 +674,10 @@ static void pc_q35_machine_rhel860_options(MachineClass *m) + pc_q35_machine_rhel900_options(m); + m->desc = "RHEL-8.6.0 PC (Q35 + ICH9, 2009)"; + m->alias = NULL; ++ ++ /* All RHEL machines for prior major releases are deprecated */ ++ m->deprecation_reason = rhel_old_machine_deprecation; ++ + pcmc->smbios_stream_product = "RHEL-AV"; + pcmc->smbios_stream_version = "8.6.0"; + } +diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c +index 9da6e9b1d4..cc78a315e3 100644 +--- a/hw/s390x/s390-virtio-ccw.c ++++ b/hw/s390x/s390-virtio-ccw.c +@@ -1121,6 +1121,9 @@ static void ccw_machine_rhel860_instance_options(MachineState *machine) + static void ccw_machine_rhel860_class_options(MachineClass *mc) + { + ccw_machine_rhel900_class_options(mc); ++ ++ /* All RHEL machines for prior major releases are deprecated */ ++ mc->deprecation_reason = rhel_old_machine_deprecation; + } + DEFINE_CCW_MACHINE(rhel860, "rhel8.6.0", false); + +diff --git a/include/hw/boards.h b/include/hw/boards.h +index 3c3d2ad450..21d8d5528e 100644 +--- a/include/hw/boards.h ++++ b/include/hw/boards.h +@@ -464,4 +464,6 @@ extern const size_t hw_compat_rhel_8_0_len; + extern GlobalProperty hw_compat_rhel_7_6[]; + extern const size_t hw_compat_rhel_7_6_len; + ++extern const char *rhel_old_machine_deprecation; ++ + #endif +-- +2.31.1 + diff --git a/SOURCES/kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch b/SOURCES/kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch new file mode 100644 index 0000000..d9d5145 --- /dev/null +++ b/SOURCES/kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch @@ -0,0 +1,45 @@ +From 213d2c6d3138f3570bca36edaacfd1ee86b18967 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Fri, 4 Feb 2022 06:45:51 +0100 +Subject: [PATCH 1/6] Revert "ui/clipboard: Don't use g_autoptr just to free a + variable" +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Gerd Hoffmann +RH-MergeRequest: 75: fix vnc cut+paste crash +RH-Commit: [1/4] 0937d15054ad6e902bc22d1872231504f442ddcc (kraxel/centos-qemu-kvm) +RH-Bugzilla: 2042820 +RH-Acked-by: Marc-André Lureau +RH-Acked-by: Daniel P. Berrangé +RH-Acked-by: Miroslav Rezanina + +This reverts commit 8df1ea81ee6c674522967d056daa8d3748fa3883. +--- + ui/clipboard.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/ui/clipboard.c b/ui/clipboard.c +index d53576b0f6..d7b008d62a 100644 +--- a/ui/clipboard.c ++++ b/ui/clipboard.c +@@ -44,14 +44,13 @@ void qemu_clipboard_peer_release(QemuClipboardPeer *peer, + + void qemu_clipboard_update(QemuClipboardInfo *info) + { +- QemuClipboardInfo *old = NULL; ++ g_autoptr(QemuClipboardInfo) old = NULL; + assert(info->selection < QEMU_CLIPBOARD_SELECTION__COUNT); + + notifier_list_notify(&clipboard_notifiers, info); + + old = cbinfo[info->selection]; + cbinfo[info->selection] = qemu_clipboard_info_ref(info); +- g_free(old); + } + + QemuClipboardInfo *qemu_clipboard_info(QemuClipboardSelection selection) +-- +2.27.0 + diff --git a/SOURCES/kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch b/SOURCES/kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch new file mode 100644 index 0000000..1e620ff --- /dev/null +++ b/SOURCES/kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch @@ -0,0 +1,70 @@ +From 473b05bbdad50dc3877ab6da4ac52b5a4fc7d5e1 Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Wed, 12 Jan 2022 08:03:31 -0500 +Subject: [PATCH 11/14] acpi: fix OEM ID/OEM Table ID padding + +RH-Author: Igor Mammedov +RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table +RH-Commit: [7/10] 276af1aa7650e79f146c75ef4ec19f792e7e163c +RH-Bugzilla: 2043531 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: MST + +Commit [2] broke original '\0' padding of OEM ID and OEM Table ID +fields in headers of ACPI tables. While it doesn't have impact on +default values since QEMU uses 6 and 8 characters long values +respectively, it broke usecase where IDs are provided on QEMU CLI. +It shouldn't affect guest (but may cause licensing verification +issues in guest OS). +One of the broken usecases is user supplied SLIC table with IDs +shorter than max possible length, where [2] mangles IDs with extra +spaces in RSDT and FADT tables whereas guest OS expects those to +mirror the respective values of the used SLIC table. + +Fix it by replacing whitespace padding with '\0' padding in +accordance with [1] and expectations of guest OS + +1) ACPI spec, v2.0b + 17.2 AML Grammar Definition + ... + //OEM ID of up to 6 characters. If the OEM ID is + //shorter than 6 characters, it can be terminated + //with a NULL character. + +2) +Fixes: 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed") +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/707 +Reported-by: Dmitry V. Orekhov +Signed-off-by: Igor Mammedov +Cc: qemu-stable@nongnu.org +Message-Id: <20220112130332.1648664-4-imammedo@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Ani Sinha +Tested-by: Dmitry V. Orekhov dima.orekhov@gmail.com +(cherry picked from commit 748c030f360a940fe0c9382c8ca1649096c3a80d) +Signed-off-by: Igor Mammedov +--- + hw/acpi/aml-build.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c +index b3b3310df3..65148d5b9d 100644 +--- a/hw/acpi/aml-build.c ++++ b/hw/acpi/aml-build.c +@@ -1724,9 +1724,9 @@ void acpi_table_begin(AcpiTable *desc, GArray *array) + build_append_int_noprefix(array, 0, 4); /* Length */ + build_append_int_noprefix(array, desc->rev, 1); /* Revision */ + build_append_int_noprefix(array, 0, 1); /* Checksum */ +- build_append_padded_str(array, desc->oem_id, 6, ' '); /* OEMID */ ++ build_append_padded_str(array, desc->oem_id, 6, '\0'); /* OEMID */ + /* OEM Table ID */ +- build_append_padded_str(array, desc->oem_table_id, 8, ' '); ++ build_append_padded_str(array, desc->oem_table_id, 8, '\0'); + build_append_int_noprefix(array, 1, 4); /* OEM Revision */ + g_array_append_vals(array, ACPI_BUILD_APPNAME8, 4); /* Creator ID */ + build_append_int_noprefix(array, 1, 4); /* Creator Revision */ +-- +2.31.1 + diff --git a/SOURCES/kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch b/SOURCES/kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch new file mode 100644 index 0000000..763a621 --- /dev/null +++ b/SOURCES/kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch @@ -0,0 +1,100 @@ +From 636a09dbe361517ac2b8d810166676b5006a6ca2 Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Mon, 27 Dec 2021 14:31:17 -0500 +Subject: [PATCH 05/14] acpi: fix QEMU crash when started with SLIC table +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Igor Mammedov +RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table +RH-Commit: [1/10] 67c1d1d2358d0ba746f260dfc3c1cfc165357fd1 +RH-Bugzilla: 2043531 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: MST + +if QEMU is started with used provided SLIC table blob, + + -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null +it will assert with: + + hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen) + +and following backtrace: + + ... + build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61 + acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727 + build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064 + ... + +which happens due to acpi_table_begin() expecting NULL terminated +oem_id and oem_table_id strings, which is normally the case, but +in case of user provided SLIC table, oem_id points to table's blob +directly and as result oem_id became longer than expected. + +Fix issue by handling oem_id consistently and make acpi_get_slic_oem() +return NULL terminated strings. + +PS: +After [1] refactoring, oem_id semantics became inconsistent, where +NULL terminated string was coming from machine and old way pointer +into byte array coming from -acpitable option. That used to work +since build_header() wasn't expecting NULL terminated string and +blindly copied the 1st 6 bytes only. + +However commit [2] broke that by replacing build_header() with +acpi_table_begin(), which was expecting NULL terminated string +and was checking oem_id size. + +1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed") +2) +Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()") +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786 +Signed-off-by: Igor Mammedov +Message-Id: <20211227193120.1084176-2-imammedo@redhat.com> +Reviewed-by: Philippe Mathieu-Daudé +Tested-by: Denis Lisov +Tested-by: Alexander Tsoy +Cc: qemu-stable@nongnu.org +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit 8cdb99af45365727ac17f45239a9b8c1d5155c6d) +Signed-off-by: Igor Mammedov +--- + hw/acpi/core.c | 4 ++-- + hw/i386/acpi-build.c | 2 ++ + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/hw/acpi/core.c b/hw/acpi/core.c +index 1e004d0078..3e811bf03c 100644 +--- a/hw/acpi/core.c ++++ b/hw/acpi/core.c +@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem) + struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length)); + + if (memcmp(hdr->sig, "SLIC", 4) == 0) { +- oem->id = hdr->oem_id; +- oem->table_id = hdr->oem_table_id; ++ oem->id = g_strndup(hdr->oem_id, 6); ++ oem->table_id = g_strndup(hdr->oem_table_id, 8); + return 0; + } + } +diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c +index 8383b83ee3..0234fe7588 100644 +--- a/hw/i386/acpi-build.c ++++ b/hw/i386/acpi-build.c +@@ -2723,6 +2723,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine) + + /* Cleanup memory that's no longer used. */ + g_array_free(table_offsets, true); ++ g_free(slic_oem.id); ++ g_free(slic_oem.table_id); + } + + static void acpi_ram_update(MemoryRegion *mr, GArray *data) +-- +2.31.1 + diff --git a/SOURCES/kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch b/SOURCES/kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch new file mode 100644 index 0000000..02bcda3 --- /dev/null +++ b/SOURCES/kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch @@ -0,0 +1,130 @@ +From a3a4fd1733e71d029e38136366e73ace8e78298b Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Tue, 1 Mar 2022 10:11:59 -0500 +Subject: [PATCH 02/14] acpi: pcihp: pcie: set power on cap on parent slot + +RH-Author: Igor Mammedov +RH-MergeRequest: 124: RHEL-9.0 Fix broken PCIe device after migration +RH-Commit: [2/2] 135602421e5fed803f7d71121380306633d490d8 +RH-Bugzilla: 2053584 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: MST +RH-Acked-by: Gerd Hoffmann + +on creation a PCIDevice has power turned on at the end of pci_qdev_realize() +however later on if PCIe slot isn't populated with any children +it's power is turned off. It's fine if native hotplug is used +as plug callback will power slot on among other things. +However when ACPI hotplug is enabled it replaces native PCIe plug +callbacks with ACPI specific ones (acpi_pcihp_device_*plug_cb) and +as result slot stays powered off. It works fine as ACPI hotplug +on guest side takes care of enumerating/initializing hotplugged +device. But when later guest is migrated, call chain introduced by] +commit d5daff7d312 (pcie: implement slot power control for pcie root ports) + + pcie_cap_slot_post_load() + -> pcie_cap_update_power() + -> pcie_set_power_device() + -> pci_set_power() + -> pci_update_mappings() + +will disable earlier initialized BARs for the hotplugged device +in powered off slot due to commit 23786d13441 (pci: implement power state) +which disables BARs if power is off. + +Fix it by setting PCI_EXP_SLTCTL_PCC to PCI_EXP_SLTCTL_PWR_ON +on slot (root port/downstream port) at the time a device +hotplugged into it. As result PCI_EXP_SLTCTL_PWR_ON is migrated +to target and above call chain keeps device plugged into it +powered on. + +Fixes: d5daff7d312 ("pcie: implement slot power control for pcie root ports") +Fixes: 23786d13441 ("pci: implement power state") +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2053584 +Suggested-by: "Michael S. Tsirkin" +Signed-off-by: Igor Mammedov +Message-Id: <20220301151200.3507298-3-imammedo@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit 6b0969f1ec825984cd74619f0730be421b0c46fb) +Signed-off-by: Igor Mammedov +--- + hw/acpi/pcihp.c | 12 +++++++++++- + hw/pci/pcie.c | 11 +++++++++++ + include/hw/pci/pcie.h | 1 + + 3 files changed, 23 insertions(+), 1 deletion(-) + +diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c +index 30405b5113..3d5610e02d 100644 +--- a/hw/acpi/pcihp.c ++++ b/hw/acpi/pcihp.c +@@ -32,6 +32,7 @@ + #include "hw/pci/pci_bridge.h" + #include "hw/pci/pci_host.h" + #include "hw/pci/pcie_port.h" ++#include "hw/pci-bridge/xio3130_downstream.h" + #include "hw/i386/acpi-build.h" + #include "hw/acpi/acpi.h" + #include "hw/pci/pci_bus.h" +@@ -341,6 +342,8 @@ void acpi_pcihp_device_plug_cb(HotplugHandler *hotplug_dev, AcpiPciHpState *s, + { + PCIDevice *pdev = PCI_DEVICE(dev); + int slot = PCI_SLOT(pdev->devfn); ++ PCIDevice *bridge; ++ PCIBus *bus; + int bsel; + + /* Don't send event when device is enabled during qemu machine creation: +@@ -370,7 +373,14 @@ void acpi_pcihp_device_plug_cb(HotplugHandler *hotplug_dev, AcpiPciHpState *s, + return; + } + +- bsel = acpi_pcihp_get_bsel(pci_get_bus(pdev)); ++ bus = pci_get_bus(pdev); ++ bridge = pci_bridge_get_device(bus); ++ if (object_dynamic_cast(OBJECT(bridge), TYPE_PCIE_ROOT_PORT) || ++ object_dynamic_cast(OBJECT(bridge), TYPE_XIO3130_DOWNSTREAM)) { ++ pcie_cap_slot_enable_power(bridge); ++ } ++ ++ bsel = acpi_pcihp_get_bsel(bus); + g_assert(bsel >= 0); + s->acpi_pcihp_pci_status[bsel].up |= (1U << slot); + acpi_send_event(DEVICE(hotplug_dev), ACPI_PCI_HOTPLUG_STATUS); +diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c +index d7d73a31e4..996f0e24fe 100644 +--- a/hw/pci/pcie.c ++++ b/hw/pci/pcie.c +@@ -366,6 +366,17 @@ static void hotplug_event_clear(PCIDevice *dev) + } + } + ++void pcie_cap_slot_enable_power(PCIDevice *dev) ++{ ++ uint8_t *exp_cap = dev->config + dev->exp.exp_cap; ++ uint32_t sltcap = pci_get_long(exp_cap + PCI_EXP_SLTCAP); ++ ++ if (sltcap & PCI_EXP_SLTCAP_PCP) { ++ pci_set_word_by_mask(exp_cap + PCI_EXP_SLTCTL, ++ PCI_EXP_SLTCTL_PCC, PCI_EXP_SLTCTL_PWR_ON); ++ } ++} ++ + static void pcie_set_power_device(PCIBus *bus, PCIDevice *dev, void *opaque) + { + bool *power = opaque; +diff --git a/include/hw/pci/pcie.h b/include/hw/pci/pcie.h +index 6063bee0ec..c27368d077 100644 +--- a/include/hw/pci/pcie.h ++++ b/include/hw/pci/pcie.h +@@ -112,6 +112,7 @@ void pcie_cap_slot_write_config(PCIDevice *dev, + uint32_t addr, uint32_t val, int len); + int pcie_cap_slot_post_load(void *opaque, int version_id); + void pcie_cap_slot_push_attention_button(PCIDevice *dev); ++void pcie_cap_slot_enable_power(PCIDevice *dev); + + void pcie_cap_root_init(PCIDevice *dev); + void pcie_cap_root_reset(PCIDevice *dev); +-- +2.31.1 + diff --git a/SOURCES/kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch b/SOURCES/kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch new file mode 100644 index 0000000..20401ff --- /dev/null +++ b/SOURCES/kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch @@ -0,0 +1,60 @@ +From 2005e3bb97fba4889829b58331a057b9cb35a65d Mon Sep 17 00:00:00 2001 +From: Laurent Vivier +Date: Fri, 11 Feb 2022 18:02:59 +0100 +Subject: [PATCH 2/5] hw/virtio: vdpa: Fix leak of host-notifier memory-region + +RH-Author: Laurent Vivier +RH-MergeRequest: 123: hw/virtio: vdpa: Fix leak of host-notifier memory-region +RH-Commit: [1/1] ddd64cac5c29786edf652f5fa97767b261ccfcdd +RH-Bugzilla: 2059786 +RH-Acked-by: Jason Wang +RH-Acked-by: Cindy Lu +RH-Acked-by: MST +RH-Acked-by: Stefano Garzarella + +BZ: https://bugzilla.redhat.com/2059786 +BRANCH: rhel-9.0.0 +BREW: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43688388 +UPTREAM: Merged + +If call virtio_queue_set_host_notifier_mr fails, should free +host-notifier memory-region. + +This problem can trigger a coredump with some vDPA drivers (mlx5, +but not with the vdpasim), if we unplug the virtio-net card from +the guest after a stop/start. + +The same fix has been done for vhost-user: + 1f89d3b91e3e ("hw/virtio: Fix leak of host-notifier memory-region") + +Fixes: d0416d487bd5 ("vhost-vdpa: map virtqueue notification area if possible") +Cc: jasowang@redhat.com +Resolves: https://bugzilla.redhat.com/2027208 +Signed-off-by: Laurent Vivier +Message-Id: <20220211170259.1388734-1-lvivier@redhat.com> +Cc: qemu-stable@nongnu.org +Acked-by: Jason Wang +Reviewed-by: Stefano Garzarella +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit 98f7607ecda00dea3cbb2ed7b4427c96846efb83) +Signed-off-by: Laurent Vivier +--- + hw/virtio/vhost-vdpa.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c +index bcaf00e09f..78da48a333 100644 +--- a/hw/virtio/vhost-vdpa.c ++++ b/hw/virtio/vhost-vdpa.c +@@ -415,6 +415,7 @@ static int vhost_vdpa_host_notifier_init(struct vhost_dev *dev, int queue_index) + g_free(name); + + if (virtio_queue_set_host_notifier_mr(vdev, queue_index, &n->mr, true)) { ++ object_unparent(OBJECT(&n->mr)); + munmap(addr, page_size); + goto err; + } +-- +2.31.1 + diff --git a/SOURCES/kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch b/SOURCES/kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch new file mode 100644 index 0000000..2a67791 --- /dev/null +++ b/SOURCES/kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch @@ -0,0 +1,60 @@ +From 575ca409fa21db088c76e57f7285021dd8da1569 Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Wed, 16 Mar 2022 09:36:19 +0100 +Subject: [PATCH 04/14] i386: Add Icelake-Server-v6 CPU model with 5-level EPT + support + +RH-Author: Vitaly Kuznetsov +RH-MergeRequest: 126: i386: Add Icelake-Server-v6 CPU model with 5-level EPT support +RH-Commit: [2/2] a047caa01fafd8ca6a5fa0704b379edab91d4ccc +RH-Bugzilla: 2038051 +RH-Acked-by: Igor Mammedov +RH-Acked-by: Cornelia Huck +RH-Acked-by: Paolo Bonzini + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2038051 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43862630 + +commit 12cab535db6440af41ed8dfefe908a594321b6ce +Author: Vitaly Kuznetsov +Date: Mon Feb 21 15:53:15 2022 +0100 + + i386: Add Icelake-Server-v6 CPU model with 5-level EPT support + + Windows 11 with WSL2 enabled (Hyper-V) fails to boot with Icelake-Server + {-v5} CPU model but boots well with '-cpu host'. Apparently, it expects + 5-level paging and 5-level EPT support to come in pair but QEMU's + Icelake-Server CPU model lacks the later. Introduce 'Icelake-Server-v6' + CPU model with 'vmx-page-walk-5' enabled by default. + + Signed-off-by: Vitaly Kuznetsov + Message-Id: <20220221145316.576138-1-vkuznets@redhat.com> + Signed-off-by: Paolo Bonzini + +Signed-off-by: Vitaly Kuznetsov +--- + target/i386/cpu.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index aa9e636800..6e25d13339 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -3505,6 +3505,14 @@ static const X86CPUDefinition builtin_x86_defs[] = { + { /* end of list */ } + }, + }, ++ { ++ .version = 6, ++ .note = "5-level EPT", ++ .props = (PropValue[]) { ++ { "vmx-page-walk-5", "on" }, ++ { /* end of list */ } ++ }, ++ }, + { /* end of list */ } + } + }, +-- +2.31.1 + diff --git a/SOURCES/kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch b/SOURCES/kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch new file mode 100644 index 0000000..5ff2734 --- /dev/null +++ b/SOURCES/kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch @@ -0,0 +1,97 @@ +From b169059c8fbf15c3ffeec0f68b938cb9febd8db7 Mon Sep 17 00:00:00 2001 +From: Peter Xu +Date: Tue, 30 Nov 2021 16:00:28 +0800 +Subject: [PATCH 5/6] memory: Fix incorrect calls of log_global_start/stop +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Peter Xu +RH-MergeRequest: 77: memory: Fix qemu crash on continuous migrations of stopped VM +RH-Commit: [1/2] 6271ee689266b24d29d4c87f60e5b096ef5f5d63 (peterx/qemu-kvm) +RH-Bugzilla: 2044818 +RH-Acked-by: Paolo Bonzini +RH-Acked-by: David Hildenbrand +RH-Acked-by: quintela1 + +We should only call the log_global_start/stop when the global dirty track +bitmask changes from zero<->non-zero. + +No real issue reported for this yet probably because no immediate user to +enable both dirty rate measurement and migration at the same time. However +it'll be good to be prepared for it. + +Fixes: 63b41db4bc ("memory: make global_dirty_tracking a bitmask") +Cc: qemu-stable@nongnu.org +Cc: Hyman Huang +Cc: Paolo Bonzini +Cc: Dr. David Alan Gilbert +Cc: Juan Quintela +Cc: David Hildenbrand +Signed-off-by: Peter Xu +Reviewed-by: David Hildenbrand +Message-Id: <20211130080028.6474-1-peterx@redhat.com> +Signed-off-by: Philippe Mathieu-Daudé +(cherry picked from commit 7b0538ed3a22ce30817f818449d10701fb0821f9) +Signed-off-by: Peter Xu +--- + softmmu/memory.c | 27 ++++++++++++++------------- + 1 file changed, 14 insertions(+), 13 deletions(-) + +diff --git a/softmmu/memory.c b/softmmu/memory.c +index 7340e19ff5..81d4bf1454 100644 +--- a/softmmu/memory.c ++++ b/softmmu/memory.c +@@ -2773,6 +2773,8 @@ static VMChangeStateEntry *vmstate_change; + + void memory_global_dirty_log_start(unsigned int flags) + { ++ unsigned int old_flags = global_dirty_tracking; ++ + if (vmstate_change) { + qemu_del_vm_change_state_handler(vmstate_change); + vmstate_change = NULL; +@@ -2781,15 +2783,14 @@ void memory_global_dirty_log_start(unsigned int flags) + assert(flags && !(flags & (~GLOBAL_DIRTY_MASK))); + assert(!(global_dirty_tracking & flags)); + global_dirty_tracking |= flags; +- + trace_global_dirty_changed(global_dirty_tracking); + +- MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward); +- +- /* Refresh DIRTY_MEMORY_MIGRATION bit. */ +- memory_region_transaction_begin(); +- memory_region_update_pending = true; +- memory_region_transaction_commit(); ++ if (!old_flags) { ++ MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward); ++ memory_region_transaction_begin(); ++ memory_region_update_pending = true; ++ memory_region_transaction_commit(); ++ } + } + + static void memory_global_dirty_log_do_stop(unsigned int flags) +@@ -2800,12 +2801,12 @@ static void memory_global_dirty_log_do_stop(unsigned int flags) + + trace_global_dirty_changed(global_dirty_tracking); + +- /* Refresh DIRTY_MEMORY_MIGRATION bit. */ +- memory_region_transaction_begin(); +- memory_region_update_pending = true; +- memory_region_transaction_commit(); +- +- MEMORY_LISTENER_CALL_GLOBAL(log_global_stop, Reverse); ++ if (!global_dirty_tracking) { ++ memory_region_transaction_begin(); ++ memory_region_update_pending = true; ++ memory_region_transaction_commit(); ++ MEMORY_LISTENER_CALL_GLOBAL(log_global_stop, Reverse); ++ } + } + + static void memory_vm_change_state_handler(void *opaque, bool running, +-- +2.27.0 + diff --git a/SOURCES/kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch b/SOURCES/kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch new file mode 100644 index 0000000..5ea0007 --- /dev/null +++ b/SOURCES/kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch @@ -0,0 +1,156 @@ +From b3ed8e344c733bc8c2223c1b9e424a9fbcea56d4 Mon Sep 17 00:00:00 2001 +From: Peter Xu +Date: Mon, 7 Feb 2022 20:30:19 +0800 +Subject: [PATCH 6/6] memory: Fix qemu crash on starting dirty log twice with + stopped VM + +RH-Author: Peter Xu +RH-MergeRequest: 77: memory: Fix qemu crash on continuous migrations of stopped VM +RH-Commit: [2/2] 98ed2ef6226ec80a1896ebb554015aded0dc0c18 (peterx/qemu-kvm) +RH-Bugzilla: 2044818 +RH-Acked-by: Paolo Bonzini +RH-Acked-by: David Hildenbrand +RH-Acked-by: quintela1 + +QEMU can now easily crash with two continuous migration carried out: + +(qemu) migrate -d exec:cat>out +(qemu) migrate_cancel +(qemu) migrate -d exec:cat>out +[crash] ../softmmu/memory.c:2782: memory_global_dirty_log_start: Assertion +`!(global_dirty_tracking & flags)' failed. + +It's because memory API provides a way to postpone dirty log stop if the VM is +stopped, and that'll be re-done until the next VM start. It was added in 2017 +with commit 1931076077 ("migration: optimize the downtime", 2017-08-01). + +However the recent work on allowing dirty tracking to be bitmask broke it, +which is commit 63b41db4bc ("memory: make global_dirty_tracking a bitmask", +2021-11-01). + +The fix proposed in this patch contains two things: + + (1) Instead of passing over the flags to postpone stop dirty track, we add a + global variable (along with current vmstate_change variable) to record + what flags to stop dirty tracking. + + (2) When start dirty tracking, instead if remove the vmstate hook directly, + we also execute the postponed stop process so that we make sure all the + starts and stops will be paired. + +This procedure is overlooked in the bitmask-ify work in 2021. + +Cc: Hyman Huang +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2044818 +Fixes: 63b41db4bc ("memory: make global_dirty_tracking a bitmask") +Signed-off-by: Peter Xu +Message-Id: <20220207123019.27223-1-peterx@redhat.com> +Signed-off-by: Paolo Bonzini +(cherry picked from commit a5c90c61a118027b86155cffdf4fe4e2e9de1020) +Signed-off-by: Peter Xu +--- + softmmu/memory.c | 61 +++++++++++++++++++++++++++++++++++------------- + 1 file changed, 45 insertions(+), 16 deletions(-) + +diff --git a/softmmu/memory.c b/softmmu/memory.c +index 81d4bf1454..0311e362ee 100644 +--- a/softmmu/memory.c ++++ b/softmmu/memory.c +@@ -2769,19 +2769,32 @@ void memory_global_after_dirty_log_sync(void) + MEMORY_LISTENER_CALL_GLOBAL(log_global_after_sync, Forward); + } + ++/* ++ * Dirty track stop flags that are postponed due to VM being stopped. Should ++ * only be used within vmstate_change hook. ++ */ ++static unsigned int postponed_stop_flags; + static VMChangeStateEntry *vmstate_change; ++static void memory_global_dirty_log_stop_postponed_run(void); + + void memory_global_dirty_log_start(unsigned int flags) + { +- unsigned int old_flags = global_dirty_tracking; ++ unsigned int old_flags; ++ ++ assert(flags && !(flags & (~GLOBAL_DIRTY_MASK))); + + if (vmstate_change) { +- qemu_del_vm_change_state_handler(vmstate_change); +- vmstate_change = NULL; ++ /* If there is postponed stop(), operate on it first */ ++ postponed_stop_flags &= ~flags; ++ memory_global_dirty_log_stop_postponed_run(); + } + +- assert(flags && !(flags & (~GLOBAL_DIRTY_MASK))); +- assert(!(global_dirty_tracking & flags)); ++ flags &= ~global_dirty_tracking; ++ if (!flags) { ++ return; ++ } ++ ++ old_flags = global_dirty_tracking; + global_dirty_tracking |= flags; + trace_global_dirty_changed(global_dirty_tracking); + +@@ -2809,29 +2822,45 @@ static void memory_global_dirty_log_do_stop(unsigned int flags) + } + } + ++/* ++ * Execute the postponed dirty log stop operations if there is, then reset ++ * everything (including the flags and the vmstate change hook). ++ */ ++static void memory_global_dirty_log_stop_postponed_run(void) ++{ ++ /* This must be called with the vmstate handler registered */ ++ assert(vmstate_change); ++ ++ /* Note: postponed_stop_flags can be cleared in log start routine */ ++ if (postponed_stop_flags) { ++ memory_global_dirty_log_do_stop(postponed_stop_flags); ++ postponed_stop_flags = 0; ++ } ++ ++ qemu_del_vm_change_state_handler(vmstate_change); ++ vmstate_change = NULL; ++} ++ + static void memory_vm_change_state_handler(void *opaque, bool running, + RunState state) + { +- unsigned int flags = (unsigned int)(uintptr_t)opaque; + if (running) { +- memory_global_dirty_log_do_stop(flags); +- +- if (vmstate_change) { +- qemu_del_vm_change_state_handler(vmstate_change); +- vmstate_change = NULL; +- } ++ memory_global_dirty_log_stop_postponed_run(); + } + } + + void memory_global_dirty_log_stop(unsigned int flags) + { + if (!runstate_is_running()) { ++ /* Postpone the dirty log stop, e.g., to when VM starts again */ + if (vmstate_change) { +- return; ++ /* Batch with previous postponed flags */ ++ postponed_stop_flags |= flags; ++ } else { ++ postponed_stop_flags = flags; ++ vmstate_change = qemu_add_vm_change_state_handler( ++ memory_vm_change_state_handler, NULL); + } +- vmstate_change = qemu_add_vm_change_state_handler( +- memory_vm_change_state_handler, +- (void *)(uintptr_t)flags); + return; + } + +-- +2.27.0 + diff --git a/SOURCES/kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch b/SOURCES/kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch new file mode 100644 index 0000000..435d3f2 --- /dev/null +++ b/SOURCES/kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch @@ -0,0 +1,73 @@ +From 0a200d937e63554c38db577961ef4f09c836cb2f Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Tue, 1 Mar 2022 10:11:58 -0500 +Subject: [PATCH 01/14] pci: expose TYPE_XIO3130_DOWNSTREAM name + +RH-Author: Igor Mammedov +RH-MergeRequest: 124: RHEL-9.0 Fix broken PCIe device after migration +RH-Commit: [1/2] 38a5fef15d0b6c231b5ac268aad7d541e5303a7e +RH-Bugzilla: 2053584 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: MST +RH-Acked-by: Gerd Hoffmann + +Type name will be used in followup patch for cast check +in pcihp code. + +Signed-off-by: Igor Mammedov +Message-Id: <20220301151200.3507298-2-imammedo@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit c41481af9a5d0d463607cc45b45c510875570817) +Signed-off-by: Igor Mammedov +--- + hw/pci-bridge/xio3130_downstream.c | 3 ++- + include/hw/pci-bridge/xio3130_downstream.h | 15 +++++++++++++++ + 2 files changed, 17 insertions(+), 1 deletion(-) + create mode 100644 include/hw/pci-bridge/xio3130_downstream.h + +diff --git a/hw/pci-bridge/xio3130_downstream.c b/hw/pci-bridge/xio3130_downstream.c +index 04aae72cd6..b17cafd359 100644 +--- a/hw/pci-bridge/xio3130_downstream.c ++++ b/hw/pci-bridge/xio3130_downstream.c +@@ -28,6 +28,7 @@ + #include "migration/vmstate.h" + #include "qapi/error.h" + #include "qemu/module.h" ++#include "hw/pci-bridge/xio3130_downstream.h" + + #define PCI_DEVICE_ID_TI_XIO3130D 0x8233 /* downstream port */ + #define XIO3130_REVISION 0x1 +@@ -173,7 +174,7 @@ static void xio3130_downstream_class_init(ObjectClass *klass, void *data) + } + + static const TypeInfo xio3130_downstream_info = { +- .name = "xio3130-downstream", ++ .name = TYPE_XIO3130_DOWNSTREAM, + .parent = TYPE_PCIE_SLOT, + .class_init = xio3130_downstream_class_init, + .interfaces = (InterfaceInfo[]) { +diff --git a/include/hw/pci-bridge/xio3130_downstream.h b/include/hw/pci-bridge/xio3130_downstream.h +new file mode 100644 +index 0000000000..1d10139aea +--- /dev/null ++++ b/include/hw/pci-bridge/xio3130_downstream.h +@@ -0,0 +1,15 @@ ++/* ++ * TI X3130 pci express downstream port switch ++ * ++ * Copyright (C) 2022 Igor Mammedov ++ * ++ * SPDX-License-Identifier: GPL-2.0-or-later ++ */ ++ ++#ifndef HW_PCI_BRIDGE_XIO3130_DOWNSTREAM_H ++#define HW_PCI_BRIDGE_XIO3130_DOWNSTREAM_H ++ ++#define TYPE_XIO3130_DOWNSTREAM "xio3130-downstream" ++ ++#endif ++ +-- +2.31.1 + diff --git a/SOURCES/kvm-tests-acpi-SLIC-update-expected-blobs.patch b/SOURCES/kvm-tests-acpi-SLIC-update-expected-blobs.patch new file mode 100644 index 0000000..91c5631 --- /dev/null +++ b/SOURCES/kvm-tests-acpi-SLIC-update-expected-blobs.patch @@ -0,0 +1,36 @@ +From 1dd4518bbf917158c9558dfb9e92be0a3f74b42b Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Mon, 27 Dec 2021 14:31:20 -0500 +Subject: [PATCH 08/14] tests: acpi: SLIC: update expected blobs + +RH-Author: Igor Mammedov +RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table +RH-Commit: [4/10] 9023e98b18b9145ef889eec912b222e039fcc76f +RH-Bugzilla: 2043531 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: MST + +Signed-off-by: Igor Mammedov +Message-Id: <20211227193120.1084176-5-imammedo@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit c8adb4d222c42951a9d0367e5f5d4e1f5e2c9ad7) +Signed-off-by: Igor Mammedov +--- + tests/data/acpi/q35/FACP.slic | Bin 244 -> 244 bytes + tests/data/acpi/q35/SLIC.slic | Bin 0 -> 36 bytes + tests/qtest/bios-tables-test-allowed-diff.h | 2 -- + 3 files changed, 2 deletions(-) + +diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h +index 49dbf8fa3e..dfb8523c8b 100644 +--- a/tests/qtest/bios-tables-test-allowed-diff.h ++++ b/tests/qtest/bios-tables-test-allowed-diff.h +@@ -1,3 +1 @@ + /* List of comma-separated changed AML files to ignore */ +-"tests/data/acpi/q35/FACP.slic", +-"tests/data/acpi/q35/SLIC.slic", +-- +2.31.1 + diff --git a/SOURCES/kvm-tests-acpi-add-SLIC-table-test.patch b/SOURCES/kvm-tests-acpi-add-SLIC-table-test.patch new file mode 100644 index 0000000..9152c34 --- /dev/null +++ b/SOURCES/kvm-tests-acpi-add-SLIC-table-test.patch @@ -0,0 +1,69 @@ +From f897bc3aca1bb98b1907cfd76ba52cfa541b9b5c Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Mon, 27 Dec 2021 14:31:19 -0500 +Subject: [PATCH 07/14] tests: acpi: add SLIC table test + +RH-Author: Igor Mammedov +RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table +RH-Commit: [3/10] b72e6f11e4d86bf39fa440df3902d9259d16d5db +RH-Bugzilla: 2043531 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: MST + +When user uses '-acpitable' to add SLIC table, some ACPI +tables (FADT) will change its 'Oem ID'/'Oem Table ID' fields to +match that of SLIC. Test makes sure thati QEMU handles +those fields correctly when SLIC table is added with +'-acpitable' option. + +Conflicts: + tests/qtest/bios-tables-test.c + due to missing 39d7554b2009 ("tests/acpi: add test case for VIOT") + +Signed-off-by: Igor Mammedov +Message-Id: <20211227193120.1084176-4-imammedo@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit 11edfabee443b149468a82b5efc88c96d1d259ec) +Signed-off-by: Igor Mammedov +--- + tests/qtest/bios-tables-test.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c +index 62745181a8..088609c196 100644 +--- a/tests/qtest/bios-tables-test.c ++++ b/tests/qtest/bios-tables-test.c +@@ -1465,6 +1465,20 @@ static void test_acpi_virt_tcg(void) + free_test_data(&data); + } + ++static void test_acpi_q35_slic(void) ++{ ++ test_data data = { ++ .machine = MACHINE_Q35, ++ .variant = ".slic", ++ }; ++ ++ test_acpi_one("-acpitable sig=SLIC,oem_id='CRASH ',oem_table_id='ME'," ++ "oem_rev=00002210,asl_compiler_id='qemu'," ++ "asl_compiler_rev=00000000,data=/dev/null", ++ &data); ++ free_test_data(&data); ++} ++ + static void test_oem_fields(test_data *data) + { + int i; +@@ -1639,6 +1653,7 @@ int main(int argc, char *argv[]) + qtest_add_func("acpi/q35/kvm/xapic", test_acpi_q35_kvm_xapic); + qtest_add_func("acpi/q35/kvm/dmar", test_acpi_q35_kvm_dmar); + } ++ qtest_add_func("acpi/q35/slic", test_acpi_q35_slic); + } else if (strcmp(arch, "aarch64") == 0) { + if (has_tcg) { + qtest_add_func("acpi/virt", test_acpi_virt_tcg); +-- +2.31.1 + diff --git a/SOURCES/kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch b/SOURCES/kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch new file mode 100644 index 0000000..5f5f300 --- /dev/null +++ b/SOURCES/kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch @@ -0,0 +1,76 @@ +From 80fdb82bab21ab0d094795287ce903d0d48974fc Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Wed, 12 Jan 2022 08:03:29 -0500 +Subject: [PATCH 09/14] tests: acpi: manually pad OEM_ID/OEM_TABLE_ID for + test_oem_fields() test + +RH-Author: Igor Mammedov +RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table +RH-Commit: [5/10] 7d55865be1e1574605734c2663bac233e87b8134 +RH-Bugzilla: 2043531 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: MST + +The next commit will revert OEM fields padding with whitespace to +padding with '\0' as it was before [1]. As result test_oem_fields() will +fail due to unexpectedly smaller ID sizes read from QEMU ACPI tables. + +Pad OEM_ID/OEM_TABLE_ID manually with spaces so that values the test +puts on QEMU CLI and expected values match. + +1) 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed") +Signed-off-by: Igor Mammedov +Message-Id: <20220112130332.1648664-2-imammedo@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit a849522f726767022203ef2b6c395ea19facb866) +Signed-off-by: Igor Mammedov +--- + tests/qtest/bios-tables-test.c | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c +index 088609c196..cfccfd4408 100644 +--- a/tests/qtest/bios-tables-test.c ++++ b/tests/qtest/bios-tables-test.c +@@ -71,9 +71,10 @@ + + #define ACPI_REBUILD_EXPECTED_AML "TEST_ACPI_REBUILD_AML" + +-#define OEM_ID "TEST" +-#define OEM_TABLE_ID "OEM" +-#define OEM_TEST_ARGS "-machine x-oem-id="OEM_ID",x-oem-table-id="OEM_TABLE_ID ++#define OEM_ID "TEST " ++#define OEM_TABLE_ID "OEM " ++#define OEM_TEST_ARGS "-machine x-oem-id='" OEM_ID "',x-oem-table-id='" \ ++ OEM_TABLE_ID "'" + + typedef struct { + bool tcg_only; +@@ -1482,11 +1483,7 @@ static void test_acpi_q35_slic(void) + static void test_oem_fields(test_data *data) + { + int i; +- char oem_id[6]; +- char oem_table_id[8]; + +- strpadcpy(oem_id, sizeof oem_id, OEM_ID, ' '); +- strpadcpy(oem_table_id, sizeof oem_table_id, OEM_TABLE_ID, ' '); + for (i = 0; i < data->tables->len; ++i) { + AcpiSdtTable *sdt; + +@@ -1496,8 +1493,8 @@ static void test_oem_fields(test_data *data) + continue; + } + +- g_assert(memcmp(sdt->aml + 10, oem_id, 6) == 0); +- g_assert(memcmp(sdt->aml + 16, oem_table_id, 8) == 0); ++ g_assert(memcmp(sdt->aml + 10, OEM_ID, 6) == 0); ++ g_assert(memcmp(sdt->aml + 16, OEM_TABLE_ID, 8) == 0); + } + } + +-- +2.31.1 + diff --git a/SOURCES/kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch b/SOURCES/kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch new file mode 100644 index 0000000..b0abe81 --- /dev/null +++ b/SOURCES/kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch @@ -0,0 +1,69 @@ +From d08941e96003ea6bd26d73b4270912670e39e1bc Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Fri, 14 Jan 2022 09:26:41 -0500 +Subject: [PATCH 13/14] tests: acpi: test short OEM_ID/OEM_TABLE_ID values in + test_oem_fields() + +RH-Author: Igor Mammedov +RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table +RH-Commit: [9/10] f1f9991d5d7ef5afb2f98f4fa81aeb3e3cf32d8f +RH-Bugzilla: 2043531 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: MST + +Previous patch [1] added explicit whitespace padding to OEM_ID/OEM_TABLE_ID +values used in test_oem_fields() testcase to avoid false positive and +bisection issues when QEMU is switched to \0' padding. As result +testcase ceased to test values that were shorter than max possible +length values. + +Update testcase to make sure that it's testing shorter IDs like it +used to before [2]. + +1) "tests: acpi: manually pad OEM_ID/OEM_TABLE_ID for test_oem_fields() test" +2) 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed") + +Signed-off-by: Igor Mammedov +Message-Id: <20220114142641.1727679-1-imammedo@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit 408ca92634770de5eac7965ed97c6260e770f2e7) +Signed-off-by: Igor Mammedov +--- + tests/qtest/bios-tables-test.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c +index cfccfd4408..0dd9a0a55b 100644 +--- a/tests/qtest/bios-tables-test.c ++++ b/tests/qtest/bios-tables-test.c +@@ -71,10 +71,10 @@ + + #define ACPI_REBUILD_EXPECTED_AML "TEST_ACPI_REBUILD_AML" + +-#define OEM_ID "TEST " +-#define OEM_TABLE_ID "OEM " +-#define OEM_TEST_ARGS "-machine x-oem-id='" OEM_ID "',x-oem-table-id='" \ +- OEM_TABLE_ID "'" ++#define OEM_ID "TEST" ++#define OEM_TABLE_ID "OEM" ++#define OEM_TEST_ARGS "-machine x-oem-id=" OEM_ID ",x-oem-table-id=" \ ++ OEM_TABLE_ID + + typedef struct { + bool tcg_only; +@@ -1493,8 +1493,8 @@ static void test_oem_fields(test_data *data) + continue; + } + +- g_assert(memcmp(sdt->aml + 10, OEM_ID, 6) == 0); +- g_assert(memcmp(sdt->aml + 16, OEM_TABLE_ID, 8) == 0); ++ g_assert(strncmp((char *)sdt->aml + 10, OEM_ID, 6) == 0); ++ g_assert(strncmp((char *)sdt->aml + 16, OEM_TABLE_ID, 8) == 0); + } + } + +-- +2.31.1 + diff --git a/SOURCES/kvm-tests-acpi-update-expected-blobs.patch b/SOURCES/kvm-tests-acpi-update-expected-blobs.patch new file mode 100644 index 0000000..d629202 --- /dev/null +++ b/SOURCES/kvm-tests-acpi-update-expected-blobs.patch @@ -0,0 +1,50 @@ +From b8831f75d186639385d75a4df9c510c7435fcdaf Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Wed, 12 Jan 2022 08:03:32 -0500 +Subject: [PATCH 12/14] tests: acpi: update expected blobs + +RH-Author: Igor Mammedov +RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table +RH-Commit: [8/10] dddfa6e1b966bf7c5c00a20c98a778b060dc6983 +RH-Bugzilla: 2043531 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: MST + +Expected changes caused by previous commit: + +nvdimm ssdt (q35/pc/virt): + - * OEM Table ID "NVDIMM " + + * OEM Table ID "NVDIMM" + +SLIC test FADT (tests/data/acpi/q35/FACP.slic): + -[010h 0016 8] Oem Table ID : "ME " + +[010h 0016 8] Oem Table ID : "ME" + +Signed-off-by: Igor Mammedov +Message-Id: <20220112130332.1648664-5-imammedo@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit 5adc3aba875416b0e077d8a29ddd0357883746f4) +Signed-off-by: Igor Mammedov +--- + tests/data/acpi/pc/SSDT.dimmpxm | Bin 734 -> 734 bytes + tests/data/acpi/q35/FACP.slic | Bin 244 -> 244 bytes + tests/data/acpi/q35/SSDT.dimmpxm | Bin 734 -> 734 bytes + tests/data/acpi/virt/SSDT.memhp | Bin 736 -> 736 bytes + tests/qtest/bios-tables-test-allowed-diff.h | 4 ---- + 5 files changed, 4 deletions(-) + +diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h +index 7faa8f53be..dfb8523c8b 100644 +--- a/tests/qtest/bios-tables-test-allowed-diff.h ++++ b/tests/qtest/bios-tables-test-allowed-diff.h +@@ -1,5 +1 @@ + /* List of comma-separated changed AML files to ignore */ +-"tests/data/acpi/virt/SSDT.memhp", +-"tests/data/acpi/pc/SSDT.dimmpxm", +-"tests/data/acpi/q35/SSDT.dimmpxm", +-"tests/data/acpi/q35/FACP.slic", +-- +2.31.1 + diff --git a/SOURCES/kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch b/SOURCES/kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch new file mode 100644 index 0000000..ebe3d36 --- /dev/null +++ b/SOURCES/kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch @@ -0,0 +1,42 @@ +From 9d8ab705fb0ffc55e78c22f4dd79c4c57437532e Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Mon, 27 Dec 2021 14:31:18 -0500 +Subject: [PATCH 06/14] tests: acpi: whitelist expected blobs before changing + them + +RH-Author: Igor Mammedov +RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table +RH-Commit: [2/10] 677ac6f62a40479f88cc0d47bfece74bb39ae7a7 +RH-Bugzilla: 2043531 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: MST + +Signed-off-by: Igor Mammedov +Message-Id: <20211227193120.1084176-3-imammedo@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit e71f6ab9d93a7d01e833647e7010c1079c4cef30) +Signed-off-by: Igor Mammedov +--- + tests/data/acpi/q35/FACP.slic | Bin 0 -> 244 bytes + tests/data/acpi/q35/SLIC.slic | 0 + tests/qtest/bios-tables-test-allowed-diff.h | 2 ++ + 3 files changed, 2 insertions(+) + create mode 100644 tests/data/acpi/q35/FACP.slic + create mode 100644 tests/data/acpi/q35/SLIC.slic + +diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic +new file mode 100644 +index 0000000000..e69de29bb2 +diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h +index dfb8523c8b..49dbf8fa3e 100644 +--- a/tests/qtest/bios-tables-test-allowed-diff.h ++++ b/tests/qtest/bios-tables-test-allowed-diff.h +@@ -1 +1,3 @@ + /* List of comma-separated changed AML files to ignore */ ++"tests/data/acpi/q35/FACP.slic", ++"tests/data/acpi/q35/SLIC.slic", +-- +2.31.1 + diff --git a/SOURCES/kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch b/SOURCES/kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch new file mode 100644 index 0000000..6774f18 --- /dev/null +++ b/SOURCES/kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch @@ -0,0 +1,49 @@ +From 667b82b02f7f3a1e5c37e3ff77b146cc3fd9da80 Mon Sep 17 00:00:00 2001 +From: Igor Mammedov +Date: Wed, 12 Jan 2022 08:03:30 -0500 +Subject: [PATCH 10/14] tests: acpi: whitelist nvdimm's SSDT and FACP.slic + expected blobs + +RH-Author: Igor Mammedov +RH-MergeRequest: 130: acpi: fix QEMU crash when started with SLIC table +RH-Commit: [6/10] 9b35b82e26499de3b7bdc0cdd089fda0a8ec031a +RH-Bugzilla: 2043531 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina +RH-Acked-by: MST + +The next commit will revert OEM fields whitespace padding to +padding with '\0' as it was before [1]. That will change OEM +Table ID for: + * SSDT.*: where it was padded from 6 characters to 8 + * FACP.slic: where it was padded from 2 characters to 8 +after reverting whitespace padding, it will be replaced with +'\0' which effectively will shorten OEM table ID to 6 and 2 +characters. + +Whitelist affected tables before introducing the change. + +1) 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed") +Signed-off-by: Igor Mammedov +Message-Id: <20220112130332.1648664-3-imammedo@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +(cherry picked from commit d1e4a4654154925eddf0fc449fa9c92b806b9c8c) +Signed-off-by: Igor Mammedov +--- + tests/qtest/bios-tables-test-allowed-diff.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h +index dfb8523c8b..7faa8f53be 100644 +--- a/tests/qtest/bios-tables-test-allowed-diff.h ++++ b/tests/qtest/bios-tables-test-allowed-diff.h +@@ -1 +1,5 @@ + /* List of comma-separated changed AML files to ignore */ ++"tests/data/acpi/virt/SSDT.memhp", ++"tests/data/acpi/pc/SSDT.dimmpxm", ++"tests/data/acpi/q35/SSDT.dimmpxm", ++"tests/data/acpi/q35/FACP.slic", +-- +2.31.1 + diff --git a/SOURCES/kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch b/SOURCES/kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch new file mode 100644 index 0000000..6b7173e --- /dev/null +++ b/SOURCES/kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch @@ -0,0 +1,63 @@ +From c5ff43026547ea20fbb496c5b6734b7e64362151 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Mon, 14 Feb 2022 12:37:49 +0100 +Subject: [PATCH 2/6] ui: avoid compiler warnings from unused clipboard info + variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Gerd Hoffmann +RH-MergeRequest: 75: fix vnc cut+paste crash +RH-Commit: [2/4] 6a7982a0bab86bf843fd65842e730a61b2fa2cb0 (kraxel/centos-qemu-kvm) +RH-Bugzilla: 2042820 +RH-Acked-by: Marc-André Lureau +RH-Acked-by: Daniel P. Berrangé +RH-Acked-by: Miroslav Rezanina + +With latest clang 13.0.0 we get + +../ui/clipboard.c:47:34: error: variable 'old' set but not used [-Werror,-Wunused-but-set-variable] + g_autoptr(QemuClipboardInfo) old = NULL; + ^ + +The compiler can't tell that we only declared this variable in +order to get the side effect of free'ing it when out of scope. + +This pattern is a little dubious for a use of g_autoptr, so +rewrite the code to avoid it. + +Reviewed-by: Richard Henderson +Reviewed-by: Philippe Mathieu-Daudé +Tested-by: Philippe Mathieu-Daudé +Signed-off-by: Daniel P. Berrangé +[AJB: fix merge conflict] +Signed-off-by: Alex Bennée +Message-Id: <20211215141949.3512719-2-berrange@redhat.com> +Message-Id: <20220105135009.1584676-2-alex.bennee@linaro.org> +(cherry picked from commit 70a54b01693eda3c61814b05d699aba41015ac48) +--- + ui/clipboard.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/ui/clipboard.c b/ui/clipboard.c +index d7b008d62a..7672058e84 100644 +--- a/ui/clipboard.c ++++ b/ui/clipboard.c +@@ -44,12 +44,11 @@ void qemu_clipboard_peer_release(QemuClipboardPeer *peer, + + void qemu_clipboard_update(QemuClipboardInfo *info) + { +- g_autoptr(QemuClipboardInfo) old = NULL; + assert(info->selection < QEMU_CLIPBOARD_SELECTION__COUNT); + + notifier_list_notify(&clipboard_notifiers, info); + +- old = cbinfo[info->selection]; ++ qemu_clipboard_info_unref(cbinfo[info->selection]); + cbinfo[info->selection] = qemu_clipboard_info_ref(info); + } + +-- +2.27.0 + diff --git a/SOURCES/kvm-ui-clipboard-fix-use-after-free-regression.patch b/SOURCES/kvm-ui-clipboard-fix-use-after-free-regression.patch new file mode 100644 index 0000000..e14cb23 --- /dev/null +++ b/SOURCES/kvm-ui-clipboard-fix-use-after-free-regression.patch @@ -0,0 +1,49 @@ +From 965275cd87f8008f129509c6d6fd0096e8ac2d96 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Mon, 14 Feb 2022 15:59:17 +0400 +Subject: [PATCH 3/6] ui/clipboard: fix use-after-free regression +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Gerd Hoffmann +RH-MergeRequest: 75: fix vnc cut+paste crash +RH-Commit: [3/4] d8f68e0eb60d9aaa9a703d969f215816bf35f6f0 (kraxel/centos-qemu-kvm) +RH-Bugzilla: 2042820 +RH-Acked-by: Marc-André Lureau +RH-Acked-by: Daniel P. Berrangé +RH-Acked-by: Miroslav Rezanina + +The same info may be used to update the clipboard, and may be freed +before being ref'ed again. + +Fixes: 70a54b01693ed ("ui: avoid compiler warnings from unused clipboard info variable") + +Signed-off-by: Marc-André Lureau +Reviewed-by: Daniel P. Berrangé +Message-Id: <20220214115917.1679568-1-marcandre.lureau@redhat.com> +Signed-off-by: Gerd Hoffmann +--- + ui/clipboard.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/ui/clipboard.c b/ui/clipboard.c +index 7672058e84..d7dae13760 100644 +--- a/ui/clipboard.c ++++ b/ui/clipboard.c +@@ -48,8 +48,10 @@ void qemu_clipboard_update(QemuClipboardInfo *info) + + notifier_list_notify(&clipboard_notifiers, info); + +- qemu_clipboard_info_unref(cbinfo[info->selection]); +- cbinfo[info->selection] = qemu_clipboard_info_ref(info); ++ if (cbinfo[info->selection] != info) { ++ qemu_clipboard_info_unref(cbinfo[info->selection]); ++ cbinfo[info->selection] = qemu_clipboard_info_ref(info); ++ } + } + + QemuClipboardInfo *qemu_clipboard_info(QemuClipboardSelection selection) +-- +2.27.0 + diff --git a/SOURCES/kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch b/SOURCES/kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch new file mode 100644 index 0000000..6d3802c --- /dev/null +++ b/SOURCES/kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch @@ -0,0 +1,80 @@ +From 14582cfec72e52894f16ed5c3fb14adb2d6d8e25 Mon Sep 17 00:00:00 2001 +From: Rao Lei +Date: Wed, 5 Jan 2022 10:08:08 +0800 +Subject: [PATCH 4/6] ui/vnc.c: Fixed a deadlock bug. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Gerd Hoffmann +RH-MergeRequest: 75: fix vnc cut+paste crash +RH-Commit: [4/4] 5321e447de974d91e9a6c0cf01f4352166ffb7ce (kraxel/centos-qemu-kvm) +RH-Bugzilla: 2042820 +RH-Acked-by: Marc-André Lureau +RH-Acked-by: Daniel P. Berrangé +RH-Acked-by: Miroslav Rezanina + +The GDB statck is as follows: +(gdb) bt +0 __lll_lock_wait (futex=futex@entry=0x56211df20360, private=0) at lowlevellock.c:52 +1 0x00007f263caf20a3 in __GI___pthread_mutex_lock (mutex=0x56211df20360) at ../nptl/pthread_mutex_lock.c:80 +2 0x000056211a757364 in qemu_mutex_lock_impl (mutex=0x56211df20360, file=0x56211a804857 "../ui/vnc-jobs.h", line=60) + at ../util/qemu-thread-posix.c:80 +3 0x000056211a0ef8c7 in vnc_lock_output (vs=0x56211df14200) at ../ui/vnc-jobs.h:60 +4 0x000056211a0efcb7 in vnc_clipboard_send (vs=0x56211df14200, count=1, dwords=0x7ffdf1701338) at ../ui/vnc-clipboard.c:138 +5 0x000056211a0f0129 in vnc_clipboard_notify (notifier=0x56211df244c8, data=0x56211dd1bbf0) at ../ui/vnc-clipboard.c:209 +6 0x000056211a75dde8 in notifier_list_notify (list=0x56211afa17d0 , data=0x56211dd1bbf0) at ../util/notify.c:39 +7 0x000056211a0bf0e6 in qemu_clipboard_update (info=0x56211dd1bbf0) at ../ui/clipboard.c:50 +8 0x000056211a0bf05d in qemu_clipboard_peer_release (peer=0x56211df244c0, selection=QEMU_CLIPBOARD_SELECTION_CLIPBOARD) + at ../ui/clipboard.c:41 +9 0x000056211a0bef9b in qemu_clipboard_peer_unregister (peer=0x56211df244c0) at ../ui/clipboard.c:19 +10 0x000056211a0d45f3 in vnc_disconnect_finish (vs=0x56211df14200) at ../ui/vnc.c:1358 +11 0x000056211a0d4c9d in vnc_client_read (vs=0x56211df14200) at ../ui/vnc.c:1611 +12 0x000056211a0d4df8 in vnc_client_io (ioc=0x56211ce70690, condition=G_IO_IN, opaque=0x56211df14200) at ../ui/vnc.c:1649 +13 0x000056211a5b976c in qio_channel_fd_source_dispatch + (source=0x56211ce50a00, callback=0x56211a0d4d71 , user_data=0x56211df14200) at ../io/channel-watch.c:84 +14 0x00007f263ccede8e in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 +15 0x000056211a77d4a1 in glib_pollfds_poll () at ../util/main-loop.c:232 +16 0x000056211a77d51f in os_host_main_loop_wait (timeout=958545) at ../util/main-loop.c:255 +17 0x000056211a77d630 in main_loop_wait (nonblocking=0) at ../util/main-loop.c:531 +18 0x000056211a45bc8e in qemu_main_loop () at ../softmmu/runstate.c:726 +19 0x000056211a0b45fa in main (argc=69, argv=0x7ffdf1701778, envp=0x7ffdf17019a8) at ../softmmu/main.c:50 + +From the call trace, we can see it is a deadlock bug. +vnc_disconnect_finish will acquire the output_mutex. +But, the output_mutex will be acquired again in vnc_clipboard_send. +Repeated locking will cause deadlock. So, I move +qemu_clipboard_peer_unregister() behind vnc_unlock_output(); + +Fixes: 0bf41cab93e ("ui/vnc: clipboard support") +Signed-off-by: Lei Rao +Reviewed-by: Marc-André Lureau +Message-Id: <20220105020808.597325-1-lei.rao@intel.com> +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 1dbbe6f172810026c51dc84ed927a3cc23017949) +--- + ui/vnc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ui/vnc.c b/ui/vnc.c +index af02522e84..b253e85c65 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -1354,12 +1354,12 @@ void vnc_disconnect_finish(VncState *vs) + /* last client gone */ + vnc_update_server_surface(vs->vd); + } ++ vnc_unlock_output(vs); ++ + if (vs->cbpeer.update.notify) { + qemu_clipboard_peer_unregister(&vs->cbpeer); + } + +- vnc_unlock_output(vs); +- + qemu_mutex_destroy(&vs->output_mutex); + if (vs->bh != NULL) { + qemu_bh_delete(vs->bh); +-- +2.27.0 + diff --git a/SOURCES/kvm-vmxcap-Add-5-level-EPT-bit.patch b/SOURCES/kvm-vmxcap-Add-5-level-EPT-bit.patch new file mode 100644 index 0000000..0701cc0 --- /dev/null +++ b/SOURCES/kvm-vmxcap-Add-5-level-EPT-bit.patch @@ -0,0 +1,49 @@ +From 5d8e4aefe49d4ea5237efc8132e44183b99ebabc Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Wed, 16 Mar 2022 09:35:23 +0100 +Subject: [PATCH 03/14] vmxcap: Add 5-level EPT bit + +RH-Author: Vitaly Kuznetsov +RH-MergeRequest: 126: i386: Add Icelake-Server-v6 CPU model with 5-level EPT support +RH-Commit: [1/2] 3f74e192278b8886de5dbeaf607521e9d3b744eb +RH-Bugzilla: 2038051 +RH-Acked-by: Igor Mammedov +RH-Acked-by: Cornelia Huck +RH-Acked-by: Paolo Bonzini + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2038051 +Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43862630 + +commit d312378e59658473aa91aa15c67ec6200d92e5ff +Author: Vitaly Kuznetsov +Date: Mon Feb 21 15:53:16 2022 +0100 + + vmxcap: Add 5-level EPT bit + + 5-level EPT is present in Icelake Server CPUs and is supported by QEMU + ('vmx-page-walk-5'). + + Signed-off-by: Vitaly Kuznetsov + Message-Id: <20220221145316.576138-2-vkuznets@redhat.com> + Signed-off-by: Paolo Bonzini + +Signed-off-by: Vitaly Kuznetsov +--- + scripts/kvm/vmxcap | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/scripts/kvm/vmxcap b/scripts/kvm/vmxcap +index 6fe66d5f57..f140040104 100755 +--- a/scripts/kvm/vmxcap ++++ b/scripts/kvm/vmxcap +@@ -249,6 +249,7 @@ controls = [ + bits = { + 0: 'Execute-only EPT translations', + 6: 'Page-walk length 4', ++ 7: 'Page-walk length 5', + 8: 'Paging-structure memory type UC', + 14: 'Paging-structure memory type WB', + 16: '2MB EPT pages', +-- +2.31.1 + diff --git a/SOURCES/tests_data_acpi_pc_SSDT.dimmpxm b/SOURCES/tests_data_acpi_pc_SSDT.dimmpxm new file mode 100644 index 0000000..ac55387 Binary files /dev/null and b/SOURCES/tests_data_acpi_pc_SSDT.dimmpxm differ diff --git a/SOURCES/tests_data_acpi_q35_FACP.slic b/SOURCES/tests_data_acpi_q35_FACP.slic new file mode 100644 index 0000000..15986e0 Binary files /dev/null and b/SOURCES/tests_data_acpi_q35_FACP.slic differ diff --git a/SOURCES/tests_data_acpi_q35_SSDT.dimmpxm b/SOURCES/tests_data_acpi_q35_SSDT.dimmpxm new file mode 100644 index 0000000..98e6f0e Binary files /dev/null and b/SOURCES/tests_data_acpi_q35_SSDT.dimmpxm differ diff --git a/SOURCES/tests_data_acpi_virt_SSDT.memhp b/SOURCES/tests_data_acpi_virt_SSDT.memhp new file mode 100644 index 0000000..375d7b6 Binary files /dev/null and b/SOURCES/tests_data_acpi_virt_SSDT.memhp differ diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec index c403f49..da009f8 100644 --- a/SPECS/qemu-kvm.spec +++ b/SPECS/qemu-kvm.spec @@ -135,16 +135,23 @@ Requires: %{name}-audio-pa = %{epoch}:%{version}-%{release} # removes {name}-ui-spice for upgrades from RHEL-8 # The "<= {version}" assumes RHEL-9 version >= RHEL-8 version (in # other words RHEL-9 rebases are done together/before RHEL-8 ones) + +# In addition, we obsolete some block drivers as we are no longer support +# them in default qemu-kvm installation. + +# Note: ssh driver wasn't removed yet just disabled due to late handling + %global obsoletes_some_modules \ -Obsoletes: %{name}-ui-spice <= %{version} \ -Obsoletes: %{name}-block-gluster <= %{version} \ -Obsoletes: %{name}-block-iscsi <= %{version} \ +Obsoletes: %{name}-ui-spice <= %{epoch}:%{version} \ +Obsoletes: %{name}-block-gluster <= %{epoch}:%{version} \ +Obsoletes: %{name}-block-iscsi <= %{epoch}:%{version} \ +Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 6.2.0 -Release: 9%{?rcrel}%{?dist}%{?cc_suffix} +Release: 11%{?rcrel}%{?dist}%{?cc_suffix}.2 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped # Epoch 15 used for RHEL 8 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5) @@ -167,6 +174,10 @@ Source28: 95-kvm-memlock.conf Source30: kvm-s390x.conf Source31: kvm-x86.conf Source36: README.tests +Source37: tests_data_acpi_pc_SSDT.dimmpxm +Source38: tests_data_acpi_q35_FACP.slic +Source39: tests_data_acpi_q35_SSDT.dimmpxm +Source40: tests_data_acpi_virt_SSDT.memhp Patch0001: 0001-ui-clipboard-Don-t-use-g_autoptr-just-to-free-a-vari.patch @@ -267,6 +278,48 @@ Patch61: kvm-iotests-281-Test-lingering-timers.patch Patch62: kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch # For bz#2033626 - Qemu core dump when start guest with nbd node or do block jobs to nbd node Patch63: kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch +# For bz#2042820 - qemu crash when try to copy and paste contents from client to VM +Patch64: kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch +# For bz#2042820 - qemu crash when try to copy and paste contents from client to VM +Patch65: kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch +# For bz#2042820 - qemu crash when try to copy and paste contents from client to VM +Patch66: kvm-ui-clipboard-fix-use-after-free-regression.patch +# For bz#2042820 - qemu crash when try to copy and paste contents from client to VM +Patch67: kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch +# For bz#2044818 - Qemu Core Dumped when migrate -> migrate_cancel -> migrate again during guest is paused +Patch68: kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch +# For bz#2044818 - Qemu Core Dumped when migrate -> migrate_cancel -> migrate again during guest is paused +Patch69: kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch +# For bz#2052050 - Mark all RHEL-8 and earlier machine types as deprecated +Patch70: kvm-RHEL-mark-old-machine-types-as-deprecated.patch +# For bz#2059786 - [virtual network][rhel9][vDPA] qemu crash after hot unplug vdpa device +Patch71: kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch +# For bz#2053584 - watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843] +Patch72: kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch +# For bz#2053584 - watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843] +Patch73: kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch +# For bz#2038051 - Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04' +Patch74: kvm-vmxcap-Add-5-level-EPT-bit.patch +# For bz#2038051 - Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04' +Patch75: kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch +# For bz#2043531 - Guest can not start with SLIC acpi table +Patch76: kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch +# For bz#2043531 - Guest can not start with SLIC acpi table +Patch77: kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch +# For bz#2043531 - Guest can not start with SLIC acpi table +Patch78: kvm-tests-acpi-add-SLIC-table-test.patch +# For bz#2043531 - Guest can not start with SLIC acpi table +Patch79: kvm-tests-acpi-SLIC-update-expected-blobs.patch +# For bz#2043531 - Guest can not start with SLIC acpi table +Patch80: kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch +# For bz#2043531 - Guest can not start with SLIC acpi table +Patch81: kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch +# For bz#2043531 - Guest can not start with SLIC acpi table +Patch82: kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch +# For bz#2043531 - Guest can not start with SLIC acpi table +Patch83: kvm-tests-acpi-update-expected-blobs.patch +# For bz#2043531 - Guest can not start with SLIC acpi table +Patch84: kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch # Source-git patches @@ -431,15 +484,6 @@ This package provides the qemu-pr-helper utility that is required for certain SCSI features. -%package -n qemu-virtiofsd -Summary: QEMU virtio-fs shared file system daemon -Provides: virtiofsd -%description -n qemu-virtiofsd -This package provides virtiofsd daemon. This program is a vhost-user backend -that implements the virtio-fs device that is used for sharing a host directory -tree with a guest. - - %package -n qemu-img Summary: QEMU command line tool for manipulating disk images %description -n qemu-img @@ -591,6 +635,7 @@ Summary: QEMU usbredir support Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release} Requires: usbredir >= 0.7.1 Provides: %{name}-hw-usbredir +Obsoletes: %{name}-hw-usbredir <= %{epoch}:%{version} %description device-usb-redirect This package provides usbredir support. @@ -603,6 +648,10 @@ This package provides usbredir support. %global qemu_kvm_build qemu_kvm_build mkdir -p %{qemu_kvm_build} +cp -f %{SOURCE37} tests/data/acpi/pc/SSDT.dimmpxm +cp -f %{SOURCE38} tests/data/acpi/q35/FACP.slic +cp -f %{SOURCE39} tests/data/acpi/q35/SSDT.dimmpxm +cp -f %{SOURCE40} tests/data/acpi/virt/SSDT.memhp %build %define disable_everything \\\ @@ -1097,6 +1146,10 @@ rm -rf %{buildroot}%{_datadir}/%{name}/vgabios*bin rm -rf %{buildroot}%{_datadir}/%{name}/bios*.bin rm -rf %{buildroot}%{_datadir}/%{name}/sgabios.bin +# Remove virtiofsd (we use separate package for virtiofsd) +rm -rf %{buildroot}%{_mandir}/man1/virtiofsd.1* +rm -rf %{buildroot}%{_libexecdir}/virtiofsd +rm -rf %{buildroot}%{_datadir}/qemu/vhost-user/50-qemu-virtiofsd.json %if %{have_modules_load} install -D -p -m 644 %{_sourcedir}/modules-load.conf %{buildroot}%{_sysconfdir}/modules-load.d/kvm.conf @@ -1210,14 +1263,6 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %{_unitdir}/qemu-pr-helper.socket %{_mandir}/man8/qemu-pr-helper.8* -%files -n qemu-virtiofsd -%{_mandir}/man1/virtiofsd.1* -%{_libexecdir}/virtiofsd -# This is the standard location for vhost-user JSON files defined in the -# vhost-user specification for interoperability with other software. Unlike -# most other paths we use it's "qemu" instead of "qemu-kvm". -%{_datadir}/qemu/vhost-user/50-qemu-virtiofsd.json - %files docs %doc %{qemudocdir} @@ -1325,6 +1370,60 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %endif %changelog +* Tue Mar 22 2022 - 6.2.0-11.el9_0.2 +- kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch [bz#2053584] +- kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch [bz#2053584] +- kvm-vmxcap-Add-5-level-EPT-bit.patch [bz#2038051] +- kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch [bz#2038051] +- kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch [bz#2043531] +- kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch [bz#2043531] +- kvm-tests-acpi-add-SLIC-table-test.patch [bz#2043531] +- kvm-tests-acpi-SLIC-update-expected-blobs.patch [bz#2043531] +- kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch [bz#2043531] +- kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch [bz#2043531] +- kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch [bz#2043531] +- kvm-tests-acpi-update-expected-blobs.patch [bz#2043531] +- kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch [bz#2043531] +- kvm-rhel-workaround-for-lack-of-binary-patches-in-SRPM.patch [bz#2043531] +- Resolves: bz#2053584 + (watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843]) +- Resolves: bz#2038051 + (Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04') +- Resolves: bz#2043531 + (Guest can not start with SLIC acpi table) + +* Tue Mar 15 2022 Miroslav Rezanina - 6.2.0-11.el9_0.1 +- kvm-RHEL-mark-old-machine-types-as-deprecated.patch [bz#2052050] +- kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch [bz#2059786] +- kvm-spec-Fix-obsolete-for-spice-subpackages.patch [bz#2059175 bz#2059146] +- kvm-spec-Obsolete-old-usb-redir-subpackage.patch [bz#2059175 bz#2059146] +- kvm-spec-Obsolete-ssh-driver.patch [bz#2059175 bz#2059146] +- Resolves: bz#2052050 + (Mark all RHEL-8 and earlier machine types as deprecated) +- Resolves: bz#2059786 + ([virtual network][rhel9][vDPA] qemu crash after hot unplug vdpa device) +- Resolves: bz#2059175 + (Broken upgrade path due to qemu-kvm-hw-usbredir rename) +- Resolves: bz#2059146 + (Missing qemu-kvm-block-ssh obsolete breaks upgrade path) + +* Tue Mar 01 2022 Miroslav Rezanina - 6.2.0-11 +- kvm-spec-Remove-qemu-virtiofsd.patch [bz#2055284] +- Resolves: bz#2055284 + (Remove the qemu-virtiofsd subpackage) + +* Thu Feb 24 2022 Miroslav Rezanina - 6.2.0-10 +- kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch [bz#2042820] +- kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch [bz#2042820] +- kvm-ui-clipboard-fix-use-after-free-regression.patch [bz#2042820] +- kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch [bz#2042820] +- kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch [bz#2044818] +- kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch [bz#2044818] +- Resolves: bz#2042820 + (qemu crash when try to copy and paste contents from client to VM) +- Resolves: bz#2044818 + (Qemu Core Dumped when migrate -> migrate_cancel -> migrate again during guest is paused) + * Thu Feb 17 2022 Miroslav Rezanina - 6.2.0-9 - kvm-block-Lock-AioContext-for-drain_end-in-blockdev-reop.patch [bz#2046659] - kvm-iotests-Test-blockdev-reopen-with-iothreads-and-thro.patch [bz#2046659]